WO2022118639A1 - Authentication server, system, authentication server control method, and recording medium - Google Patents

Authentication server, system, authentication server control method, and recording medium Download PDF

Info

Publication number
WO2022118639A1
WO2022118639A1 PCT/JP2021/041832 JP2021041832W WO2022118639A1 WO 2022118639 A1 WO2022118639 A1 WO 2022118639A1 JP 2021041832 W JP2021041832 W JP 2021041832W WO 2022118639 A1 WO2022118639 A1 WO 2022118639A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
authentication
public information
public
Prior art date
Application number
PCT/JP2021/041832
Other languages
French (fr)
Japanese (ja)
Inventor
雅典 小林
昭彦 市川
雄司 山口
翼 荻窪
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to JP2022566819A priority Critical patent/JPWO2022118639A5/en
Publication of WO2022118639A1 publication Critical patent/WO2022118639A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to an authentication server, a system, a control method of the authentication server, and a recording medium.
  • biometric authentication In recent years, various services using biometric information have begun to spread. For example, face recognition is used for various procedures (check-in, baggage check-in, etc.) performed at the airport and hotel check-in. In recent years, various technologies related to biometric authentication have been developed.
  • Patent Document 1 describes that it is possible to unify biometric information used for biometric authentication.
  • the information processing terminal described in Patent Document 1 transmits the identification information to the acquisition unit that acquires the biometric information for biometric authentication and the identification information of the device to which the service is provided, depending on the success of the biometric authentication. It is equipped with a transmitter.
  • Patent Document 2 describes that personal authentication is efficiently performed when a user performs various procedures.
  • the authentication system of Patent Document 2 accesses the management device from the user's mobile terminal and performs initial registration including the user's moving image.
  • a moving image is transmitted to a management device to perform authentication processing according to the usage type, and the authentication result is notified.
  • Patent Document 3 states that shopping at duty-free facilities by foreign tourists will be efficient and comfortable.
  • the payment support server of Patent Document 3 includes a communication device, a storage device, and an arithmetic unit.
  • the communication device communicates with another device.
  • the storage device stores the passport information of the traveler, the information of the means of transportation or the facility used in the trip, and the information for biometric authentication in association with each other.
  • the arithmetic unit uses the traveler's biometric information included in the payment information received from the terminal of the tax exemption facility as the passport information indicating the predetermined validity and the information of the means of transportation or the facility used among the biometric authentication information of the storage device. Match with the associated one. If the biometric authentication information that matches the biometric information is registered, the arithmetic unit returns the payment permission information to the terminal.
  • biometric authentication As mentioned above, in recent years, technological development related to biometric authentication has been promoted, and various services using biometric authentication have been provided to users. More specifically, private businesses such as lodging businesses and public institutions such as local governments are providing services using biometric authentication, or are considering providing services.
  • biometric authentication is realized by comparing the biometric information of the person to be authenticated with the biometric information registered in the database, and even if the certifier (authentication subject; service provider) is a private business operator, it is public.
  • the basic mechanism of certification is the same even if it is a target organization.
  • a system specialized for each business operator is often configured, which raises the hurdle to introduce biometric authentication.
  • the main object of the present invention is to provide an authentication server, a system, a control method for an authentication server, and a recording medium that contribute to the further spread of biometric authentication.
  • the biometric information of the user, the first ID (identifier) that identifies the business operator that provides the service to the user, and the combination of the user and the business operator are unique.
  • the authentication process is executed in response to receiving the authentication request including the biometric information of the person and the first ID of the first business operator, and the second ID of the successful authentication person is used as the first business operator.
  • a public information provision request including the biometric information of the user to whom the second business operator wants to refer to the public information and the type of the public information to be referred to is requested from the authentication means to be transmitted to the second business operator.
  • the public information to be referred to is acquired from the public server holding the public information to be referred to by using the public information specific data, and the acquired public information is transmitted to the second business operator.
  • An authentication server is provided that comprises means of transmitting and providing information.
  • the authentication server includes a connected authentication server, and the authentication server is based on a combination of a user's biometric information, a first ID that identifies a business operator that provides a service to the user, and the user and the business operator. From the database and the first terminal, which are stored in association with the second ID uniquely determined, the public information identification data for specifying the public information licensed by the user, and the public information identification data.
  • the authentication process is executed in response to receiving the authentication request including the biometric information of the certifier and the first ID of the first business operator, and the second ID of the successful authentication person is used as the first terminal.
  • the second business operator From the authentication means and the second terminal, the second business operator requests to provide public information including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to.
  • the public information to be referred to is acquired from the public server holding the public information to be referred to by using the public information specific data, and the acquired public information is transmitted to the second terminal.
  • a system is provided that comprises means of providing information.
  • the biometric information of the user, the first ID that identifies the business operator that provides the service to the user, and the combination of the user and the business operator are uniquely determined.
  • the first business operator receives the data.
  • the authentication process is executed in response to receiving the authentication request including the biometric information of the certifier and the first ID of the first business operator, and the second ID of the successful authentication person is used as the first business.
  • the second business operator When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the second business operator receives the request.
  • the public information to be referred to is acquired from a public server holding the public information to be referred to by using the public information specific data, and the acquired public information is transmitted to the second business operator.
  • a method of controlling the authentication server is provided.
  • the biometric information of the user, the first ID that identifies the business operator that provides the service to the user, and the combination of the user and the business operator are uniquely determined.
  • the first is to the computer mounted on the authentication server provided with the database, which stores the ID of 2 and the public information identification data for specifying the public information licensed by the user in association with each other.
  • the authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the business operator, and the second ID of the successful authentication person is obtained.
  • the public information to be referred to is acquired from the public server holding the public information to be referred to by using the public information specific data, and the acquired public information is referred to as the second.
  • a computer-readable recording medium containing a program for executing a process to be transmitted to a business operator is provided.
  • an authentication server a system, a control method of the authentication server, and a recording medium that contribute to further popularization of biometric authentication are provided.
  • the effect of the present invention is not limited to the above. According to the present invention, other effects may be produced in place of or in combination with the effect.
  • the authentication server 100 includes a database 101, an authentication unit 102, and an information providing unit 103 (see FIG. 1).
  • the database 101 associates the biometric information of the user with the first ID that identifies the business operator that provides the service to the user and the second ID that is uniquely determined by the combination of the user and the business operator.
  • the database 101 stores the biometric information of the user and the like in association with the public information specifying data for specifying the public information licensed by the user.
  • the authentication unit 102 executes the authentication process in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first business operator, and the authentication unit 102 executes the authentication process.
  • the second ID is transmitted to the first business operator.
  • the information providing unit 103 receives from the second business operator a public information provision request including the biometric information of the user who the second business operator wants to refer to and the type of public information to be referred to.
  • the information providing unit 103 acquires the public information to be referred from the public server holding the public information to be referred to by using the public information specific data, and transmits the acquired public information to the second business operator. ..
  • the authentication server 100 When the authentication server 100 receives an authentication request from the first business operator (for example, a private business operator), the authentication server 100 assigns a second ID (service user ID) uniquely determined from the combination of the user and the business operator to the first business operator. Send to.
  • the first business operator stores the service information required when providing the service to the user in association with the second ID, and the required service is based on the second ID acquired from the authentication server 100. Information can be identified.
  • the authentication server 100 is requested to provide public information by a second business operator (for example, a public institution such as a city hall), the user is specified by biometric authentication and the information is requested to be provided. Obtain data for identifying public information (for example, passport number, etc.).
  • the authentication server 100 acquires the corresponding public information (for example, items described in a passport) by transmitting the public information specific data to a public server that holds and manages the public information.
  • the authentication server 100 transmits the acquired public information to the second business operator.
  • the second business operator can provide the service to the user while using the acquired public information.
  • the authentication server 100 processes requests from private businesses and public institutions by executing authentication processing and verification processing using the database 101.
  • neither private businesses nor public institutions need to build their own authentication system, which lowers the hurdles for introducing biometrics. As a result, biometrics becomes even more widespread.
  • FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment.
  • the authentication system includes at least one business operator, an authentication center, and a group of public servers.
  • Each business operator participating in the authentication system provides services using biometric authentication.
  • the business operator (service provider) that provides the service to the user may be a private business operator or a public institution.
  • Examples of private businesses include retail stores, lodging businesses, event companies, medical institutions, etc.
  • a retail store provides a payment service using biometric authentication.
  • the lodging company manages check-in procedures and room entry / exit using biometric authentication.
  • the event company uses biometrics to control entry and exit to and from the event venue.
  • biometric authentication is used when a staff member of a city hall or the like confirms the identity of a user (resident). Alternatively, biometrics may be used to confirm eligibility to receive benefits, etc.
  • the business operator disclosed in the present application may be either a private business operator or a public institution, as long as it can provide an arbitrary service using biometric authentication.
  • each business operator has various internal configurations.
  • a configuration including a management server 20 and an authentication terminal 30 like the business operator S1 is exemplified.
  • the management server 20 is a server that controls and manages the entire business of the business operator. For example, when the business operator is a retail store, the management server 20 performs inventory management of products, payment processing, and the like. Alternatively, if the business operator is an accommodation business operator, the management server 20 manages the reservation information of the guest.
  • the management server 20 has a control function and a management function related to biometric authentication of the user, in addition to the functions related to the above service provision.
  • the authentication terminal 30 is a device (first terminal) that serves as an interface for a user (customer) who has visited the business operator.
  • the user receives various services via the authentication terminal 30. For example, when the business operator is a retail store, the user pays the price using the authentication terminal 30. Alternatively, if the business operator is an accommodation business operator, the user performs a check-in procedure using the authentication terminal 30.
  • the authentication terminal 30 is described as a terminal (self terminal) used by the user himself / herself.
  • the purpose is not to limit the usage pattern of the authentication terminal 30, and the employees, staff, etc. of the business operator may provide the service to the user using the authentication terminal 30, and both the user and the employee may provide the service.
  • the authentication terminal 30 may be used.
  • the staff terminal 31 is a terminal (second terminal) installed at the reception desk of a city hall, a hospital, or the like.
  • the staff of the city hall or the like provides services to the users while operating the staff terminal 31.
  • an employee of a city hall or the like uses the employee terminal 31 to confirm the service eligibility of a user who intends to receive an administrative service.
  • the staff terminal 31 is described as a terminal used by a third party other than the user.
  • the staff terminal 31 may be a terminal used by the user in the same manner as the authentication terminal 30, or may be a terminal used by both the user and the staff.
  • the certification center provides certification services and information provision services.
  • An authentication server 10 is installed in the authentication center.
  • the authentication server 10 operates as a certificate authority for authentication using biometric information.
  • the authentication server 10 may be a server installed on the site of the authentication center or a server installed on the cloud.
  • the biometric information of the user exemplifies data (feature amount) calculated from physical characteristics peculiar to an individual such as a face, a fingerprint, a voice print, a vein, a retina, and an iris pattern (pattern) of the pupil.
  • the biometric information of the user may be image data such as a face image and a fingerprint image.
  • the biometric information of the user may be any information that includes the physical characteristics of the user.
  • the face image or the feature amount generated from the face image is treated and described as biometric information.
  • the authentication server 10 is a server device for realizing a service by biometric authentication.
  • the authentication server 10 provides an authentication service and an information providing service to each business operator.
  • a public server group is a set of servers (public servers) that handle public information.
  • a passport server 41 that stores and manages passport information
  • an insurance certificate server 42 that stores and manages insurance certificate information are included in the public server group.
  • the public server is managed and operated by a government agency such as the Ministry of Foreign Affairs or a business operator entrusted by the government agency.
  • the devices shown in FIG. 2 are connected to each other.
  • the authentication server 10 and the management server 20 are connected by a wired or wireless communication means and are configured to be able to communicate with each other.
  • the authentication center may include two or more authentication servers 10.
  • the functions of the management server 20 and the authentication terminal 30 may be integrated, and the integrated device may provide a service using biometric authentication.
  • each public server included in the public server group may handle two or more public information.
  • the passport server 41 and the insurance card server 42 may be integrated, and the integrated server may handle public information of the passport and the insurance card.
  • the operation of the authentication system includes four phases.
  • the first phase is the phase for registering the user's system (user registration phase).
  • the second phase is the phase (service information registration phase) in which the information necessary for the user to receive the service is registered in the system, in particular, the service information necessary for the user to receive the service from the private business operator. be.
  • the third phase is a phase (public information provision permission phase) in which the user's permission to provide the user's public information from the authentication center to the business operator is registered (given) in the system.
  • the fourth phase is a phase (service provision phase) in which each business operator provides a service using biometric authentication to a user.
  • the service provision phase includes service provision using the service information registered by the user in the system and service provision using the user's own public information.
  • FIG. 3 is a diagram for explaining the operation in the user registration phase of the authentication system according to the first embodiment.
  • biometric information for example, a facial image
  • identification documents shall be documents containing biometric information such as passports and driver's licenses.
  • the user inputs the above two pieces of information (biological information, identity verification document) into the system by any means.
  • the user may mail a document containing the above two information to the authentication center, and an employee of the authentication center may input the above two information into the authentication server 10.
  • the user may mail an external storage device such as USB (Universal Serial Bus) in which the above two pieces of information are stored to the authentication center.
  • USB Universal Serial Bus
  • the user may input the above two pieces of information into the authentication server 10 using the application installed on the terminal 40.
  • the terminal 40 include mobile terminal devices such as smartphones, mobile phones, game machines, and tablets, computers (personal computers, notebook computers), and the like.
  • the user support application is an application that assists a user in inputting information necessary for receiving a service from a business operator.
  • the terminal 40 (support application) transmits a "user registration request" including the user's biometric information (for example, a face image) and identification documents (for example, a copy of a passport) to the authentication server 10.
  • biometric information for example, a face image
  • identification documents for example, a copy of a passport
  • the authentication server 10 performs identity verification using the acquired face image and the face image described in the passport (hereinafter referred to as a passport face image).
  • the authentication server determines that the identity verification has been successful when the two face images are substantially the same person's face images.
  • the authentication server 10 If the identity verification is successful, the authentication server 10 generates a feature amount (feature vector consisting of a plurality of feature amounts) from the acquired face image. After that, the authentication server 10 generates an ID (user ID) for uniquely identifying the user.
  • a feature amount feature vector consisting of a plurality of feature amounts
  • the authentication server 10 stores the generated feature amount (biological information) in association with the user ID in the database. More specifically, the authentication server 10 adds an entry to each of the business information database and the public information database, and stores the generated biometric information and the user ID.
  • the authentication server 10 manages the biometric information of the user by using two databases.
  • the authentication server 10 may manage the biometric information, the authentication information, and the like of the user by using the database in which the above two databases are integrated.
  • the business operator information database is a database required when processing an authentication request from a business operator that uses service information. Details of the database will be described later.
  • Service information is information required for a business operator (particularly a private business operator) to provide a service to a user. For example, reservation information necessary for a hotel operator to provide an accommodation service, ticket information issued by an event organizer, and the like are exemplified as service information.
  • the public information database is a database that stores biometric information and information necessary for providing public information in association with each other. Details of the database will be described later.
  • Public information is information generated, issued, and managed by a public institution. For example, the items described in the passport and the items described in the health insurance card are exemplified as public information.
  • FIG. 4 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service information registration phase.
  • a user who wants to receive a service from a business operator registers service information in the system. More specifically, the user selects a business operator who wants to receive the service by biometric authentication, and registers the selected business operator and the service information used (referenced) by the business operator in the system.
  • the service information required by the business operator S1 and the business operator S1 is registered in the system.
  • the service information is registered in the system.
  • the service information is registered in the system.
  • the user registers the user ID issued in the user registration phase in the system together with the above service information.
  • the service information is defined as information that does not include the biometric information of the user (certified person). That is, the biological information and the feature amount generated from the biological information are excluded from the "service information" disclosed in the present application.
  • the user inputs the above two pieces of information (user ID, service information) to the business operator by any means.
  • the user operates the terminal 40 and inputs the above two information to the management server 20 will be described.
  • the user inputs the above two pieces of information into the management server 20 via the support application installed on the terminal 40.
  • the terminal 40 transmits a "service information registration request" including a user ID and service information of the user to the management server 20.
  • the management server 20 receives a service information registration request including the above two pieces of information (user ID and service information). In response to the reception of the service information registration request, the management server 20 transmits a "business registration request" to the authentication server 10. Specifically, the management server 20 transmits a business registration request including a user ID and a business ID to the authentication server 10.
  • the business ID is identification information for uniquely identifying the business (subject participating in the authentication platform using biometric authentication) included in the authentication system.
  • different business IDs are assigned to each of the business operators S1 and S2.
  • the business ID is an ID assigned to each business, not an ID assigned to each service. For example, in FIG. 2, even if the businesses S1 and S2 are businesses that provide the same type of service (for example, accommodation service), different IDs are assigned to these businesses if the management entity is different.
  • the authentication server 10 and the management server 20 share the business ID by any method.
  • the authentication server 10 may generate a business operator ID and distribute (notify) the generated servicer ID to the business operator.
  • the authentication server 10 Upon receiving the business registration request, the authentication server 10 searches the business information database using the user ID included in the request as a key, and identifies the corresponding user. After that, the authentication server 10 generates a "service user ID".
  • the service user ID is identification information that uniquely defines the correspondence (combination) between the user and the business operator. For example, in the example of FIG. 2, different values are generated for the service user ID determined from the combination of the user U1 and the operator S1 and the service user ID determined from the combination of the user U1 and the operator S2.
  • the authentication server 10 stores the user ID, biometric information (feature amount), the business operator ID, and the service user ID generated above in association with each other in the business operator information database.
  • the authentication server 10 transmits the service user ID generated above to the sender of the business operator registration request.
  • the authentication server 10 sends a response including the service user ID to the management server 20, and issues the service user ID.
  • the management server 20 stores the service user ID acquired from the authentication server 10 in association with the service information acquired from the user.
  • the management server 20 adds a new entry to the user information database and stores the above information (service user ID, service information).
  • FIG. 5 is a diagram for explaining the operation of the authentication system according to the first embodiment in the public information provision permission phase.
  • the user registers the user ID issued in the user registration phase in the system together with the above-mentioned public information specific data.
  • the user inputs the above two pieces of information (user ID, public information specific data) into the authentication server 10 by any means.
  • the user operates the terminal 40 and inputs the above two information to the authentication server 10 will be described.
  • the user inputs the above two pieces of information into the authentication server 10 via the support application installed on the terminal 40.
  • the terminal 40 transmits a public information provision permission including a user ID and public information specific data to the authentication server 10.
  • the authentication server 10 Upon receiving the public information provision permission, the authentication server 10 searches the public information database using the user ID included in the permission as a key, and identifies the corresponding user.
  • the authentication server 10 stores the user ID, biometric information (feature amount), and public information specific data (for example, passport number) in the public information database in association with each other.
  • the authentication server 10 When the information is registered in the public information database, the authentication server 10 sends an acknowledgment indicating that the process is completed normally to the terminal 40. If the information cannot be registered in the public information database, the authentication server 10 sends a negative response indicating that the process has not been completed normally to the terminal 40.
  • the terminal 40 that has received the response from the authentication server 10 outputs a message or the like according to the content.
  • the service provision phase includes the provision of services using service information and the provision of services using public information.
  • FIG. 6 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service provision phase.
  • service information registration phase visits the business operator.
  • the user moves in front of the authentication terminal 30.
  • the authentication terminal 30 acquires biometric information from the user in front of him. Specifically, the authentication terminal 30 takes an image of the user and acquires a face image. The authentication terminal 30 transmits the acquired face image to the management server 20.
  • the management server 20 generates a feature amount from the acquired face image.
  • the management server 20 transmits an authentication request including the generated feature amount (biological information) and a business operator ID to the authentication server 10.
  • the authentication server 10 extracts a feature amount from an authentication request, and performs a collation process (1 to N collation; N is a positive integer, the same applies hereinafter) using the extracted feature amount and the feature amount registered in the business information database. Run.
  • the authentication server 10 identifies a user by collation processing, and specifies a service user ID corresponding to a business operator ID included in an authentication request among a plurality of service user IDs associated with the specified user.
  • the authentication server 10 transmits the specified service user ID to the sender of the authentication request.
  • the authentication server 10 transmits a response (affirmative response to the authentication request) including the specified service user ID to the management server 20.
  • the management server 20 searches the user information database using the acquired service user ID as a key, and identifies the service information corresponding to the service user ID.
  • the business operator (management server 20, authentication terminal 30) provides a service (for example, payment settlement, check-in procedure, etc.) to the user based on the specified service information.
  • FIG. 7 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service provision phase.
  • a user who has completed the public information provision permission visits the business operator.
  • the user moves to the area where the staff terminal 31 is placed (for example, the reception desk of the city hall or the like).
  • the staff terminal 31 There are staff of the business operator in the area, and the service is provided to the user using the staff terminal 31.
  • the staff, etc. who heard the user's story may judge that it is necessary to refer to the public information of the user. For example, it is determined that reference to public information is necessary to confirm the identity of the user and to confirm the qualification to receive administrative services.
  • the staff or the like operates the staff terminal 31 to acquire the biometric information (face image) of the user.
  • the staff terminal 31 generates a feature amount from the face image.
  • the staff, etc. determine the type of public information to be referred to (for example, passport, health insurance card).
  • the staff or the like operates the staff terminal 31 to transmit a "public information provision request" including biometric information (feature amount) and public information type (public document) to the authentication server 10.
  • the authentication server 10 extracts a feature amount from a public information provision request, and executes a collation process (one-to-N collation) using the extracted feature amount and the feature amount registered in the public information database.
  • the authentication server 10 identifies a user by collation processing, and identifies public information identification data that is associated with the specified user and corresponds to the public information type included in the public information provision request. For example, when the staff terminal 31 requests the provision of a passport, the authentication server 10 reads the passport number from the public information database.
  • the authentication server 10 transmits the acquired public information specific data to the public server group. More specifically, the authentication server 10 transmits the public information specific data to the public server corresponding to the specified public information specific data. In the above passport example, the passport number is transmitted to the passport server 41.
  • the public server transmits the public information corresponding to the acquired public information specific data to the authentication server 10.
  • the passport server 41 transmits the description items (name, date of birth, nationality, passport face image, etc.) of the passport corresponding to the acquired passport number to the authentication server 10.
  • the authentication server 10 When the authentication server 10 acquires public information from the public server group, the authentication server 10 transmits a response (affirmative response; response to a public information provision request) including the acquired public information to the staff terminal 31. When the authentication server 10 cannot acquire public information from the public server group, the authentication server 10 transmits a negative response to that effect to the staff terminal 31.
  • the staff terminal 31 that has acquired the public information takes measures such as displaying the acquired public information.
  • Employees, etc. refer to the displayed public information and provide administrative services.
  • FIG. 8 is a diagram showing an example of a processing configuration (processing module) of the authentication server 10 according to the first embodiment.
  • the authentication server 10 includes a communication control unit 201, a user registration unit 202, a business operator registration unit 203, a specific data registration unit 204, an authentication unit 205, and a public information provision unit 206. , And a storage unit 207.
  • the communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the management server 20. Further, the communication control unit 201 transmits data to the management server 20. The communication control unit 201 passes the data received from the other device to the other processing module. The communication control unit 201 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 201.
  • the user registration unit 202 is a means for realizing the above-mentioned user registration (user system registration).
  • the user registration unit 202 acquires biometric information (face image) and identity verification documents of a user (a user who wishes to provide a service using biometric authentication; a system user).
  • the user registration unit 202 acquires the above two pieces of information (biological information and identity verification documents) by any means. For example, the user registration unit 202 acquires the above two pieces of information by receiving the user registration request transmitted by the terminal 40.
  • the user registration unit 202 acquires biometric information (face image), it generates a feature amount (feature vector composed of a plurality of feature amounts) from the face image.
  • the user registration unit 202 extracts eyes, nose, mouth, and the like as feature points from the face image. After that, the user registration unit 202 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.
  • a feature vector vector information that characterizes the face image
  • the user registration unit 202 verifies that the generated feature amount does not overlap with the already registered feature amount.
  • the user registration unit 202 executes a collation process (one-to-N collation) using the generated feature amount and the feature amount registered in the two databases (service information database and public information database). If the collation process fails, the user registration unit 202 determines that the above duplication has not occurred.
  • the user registration unit 202 confirms the identity of the user. Specifically, the user registration unit 202 acquires a face image for identity verification (hereinafter referred to as a verification face image) from the identity confirmation document. The user registration unit 202 extracts a verification face image from a predetermined area of the identification document by using a technique such as template matching.
  • the user registration unit 202 executes one-to-one verification using the biometric information of the user included in the user registration request and the biometric information obtained from the identity verification document. If the collation process is successful, the user registration unit 202 determines that the identity of the user has been confirmed successfully.
  • the user registration unit 202 generates a feature amount from each of the acquired face image and the verified face image. Next, the user registration unit 202 calculates the similarity between the two images. The user registration unit 202 executes threshold processing for the similarity, and determines the success or failure of identity verification according to the result.
  • the user registration unit 202 determines that the identity verification is successful. On the other hand, if the similarity is equal to or less than the threshold value, the user registration unit 202 determines that the identity verification has failed.
  • the user registration unit 202 If the identity verification is successful, the user registration unit 202 generates a user ID to be assigned to the user (distributed to the user). For example, the user registration unit 202 assigns a unique value every time it processes a user registration request and generates a user ID.
  • the user registration unit 202 stores the generated user ID and feature amount in the business information database and the public information database.
  • the user registration unit 202 adds a new entry to the above two databases, and stores the user ID and biometric information (feature amount) in each database. For example, when registering a user for user U1, the user registration unit 202 adds an entry shown at the bottom of FIGS. 9A and 10A. At the user registration stage, since the business operator ID, the service user ID, and the public information specific data are not input to the system, nothing is set in these fields.
  • the user registration unit 202 transmits a response to the user registration request to the terminal 40.
  • the user registration unit 202 transmits an acknowledgment indicating that the user registration is successful to the terminal 40.
  • the user registration unit 202 sends a negative response indicating that the user registration has failed to the terminal 40. For example, when the user is already registered, a negative response is transmitted to the terminal 40 when the identity verification fails.
  • the user registration unit 202 may send a negative response including the above cause of failure of user registration to the terminal 40.
  • the user registration unit 202 when the user registration unit 202 receives the user registration request including the biometric information of the user and the identity verification document of the user, the user registration unit 202 confirms the identity of the user based on the identity verification document.
  • the user registration unit 202 registers the biometric information and the user ID (third ID) of the user who has succeeded in identity verification in the database. Further, when the user registration unit 202 succeeds in confirming the identity of the user, the user registration unit 202 pays out the user ID to the user.
  • the business registration unit 203 is a means for processing the business registration request sent from each business and registering the business in the system.
  • the business operator registration unit 203 receives a business operator registration request including a business operator ID and a user ID from a first business operator (for example, a private business operator)
  • the business operator registration unit 203 generates a service user ID.
  • the business operator registration unit 203 pays out the generated service user ID to the first business operator.
  • the business registration unit 203 searches the business information database using the user ID included in the acquired business registration request as a key.
  • the business registration unit 203 confirms the business ID field of the user specified by the search.
  • the business operator registration unit 203 determines whether or not the business operator ID included in the business operator registration request acquired from the management server 20 is set in the business operator ID field. If the business ID acquired from the management server 20 is already registered in the business information database, the business registration unit 203 notifies the management server 20 to that effect. In this case, since the service (business operator) that the user is trying to register is already registered in the business operator information database, the business operator registration unit 203 sends a "negative response" as a response to the business operator registration request. do.
  • the business registration unit 203 will be the service user corresponding to the user and the business. Generate an ID.
  • the service user ID is identification information uniquely determined from the combination of the user and the business operator.
  • the business operator registration unit 203 calculates a hash value using the user ID and the business operator ID, and uses the calculated hash value as the service user ID.
  • the business operator registration unit 203 calculates the concatenated value of the user ID and the business operator ID, and calculates the hash value of the calculated concatenated value to generate the service user ID.
  • the service user ID may be any information as long as it can uniquely identify the combination of the system user and the business operator.
  • the business operator registration unit 203 may assign a unique value each time it processes a business operator registration request and use it as a service user ID.
  • the business operator registration unit 203 registers two IDs (business operator ID and service user ID) in the business operator information database. For example, when the user U1 registers the service information for the business operator S1, the above two IDs are added to the entry shown at the bottom of FIG. 9B.
  • service information is registered for each business operator, multiple business operator IDs and service user IDs may be set for one user. For example, when the user U1 registers the service information for each of the businesses S1 and S2, the entries in the second and third lines of FIG. 9C are generated. When the user U2 registers the service for the business operator S1, the entry at the bottom of FIG. 9C is generated.
  • the business operator registration unit 203 sends a response to the request to the management server 20. Specifically, when the service user ID is normally generated and stored in the business information database, the business registration unit 203 sends an acknowledgment including the generated service user ID to the management server 20. do.
  • the business operator registration unit 203 sends a negative response to the management server 20.
  • the business registration unit 203 may send a negative response to the management server 20 including the reason why the business registration request is not normally processed (for example, the business registration has already been performed).
  • the specific data registration unit 204 is a means for processing the public information provision permission transmitted from the user (terminal 40 possessed by the system user) and registering the public information specific data in the system. Upon receiving the public information provision permission including the user ID and the public information specific data, the specific data registration unit 204 stores the public information specific data in the entry corresponding to the user ID.
  • the specific data registration unit 204 searches the public information database using the user ID included in the acquired public information provision permission as a key. If the search fails (the user ID is not registered in the public information database), the specific data registration unit 204 determines that the user ID is not registered in the system.
  • the specific data registration unit 204 stores the public information specific data included in the acquired public information provision license in the entry of the specified user. More specifically, the specific data registration unit 204 determines the public information corresponding to the public information based on the public information specific data, and writes the public information specific data in the corresponding field of the public information database. For example, when the user U1 grants permission to provide information regarding the items described in the passport, the acquired passport number is written in the passport number field of the entry shown at the bottom of FIG. 10B.
  • the specific data registration unit 204 sends a response to the permission to the terminal 40. Specifically, when the public information specific data is stored in the public information database, the specific data registration unit 2034 sends an acknowledgment indicating that the above permission has been normally processed to the terminal 40.
  • the specific data registration unit 204 when the public information specific data is not stored in the public information database because the user ID acquired from the terminal 40 is not registered in the public information database, the specific data registration unit 204 , Sends a negative response to the terminal 40. At that time, the specific data registration unit 204 may send a negative response to the terminal 40 including the reason why the public information provision permission is not normally processed (for example, the user is not registered in the system).
  • the business information database and the public information database shown in FIGS. 9A to 9C, FIGS. 10A to 10B, etc. are examples, and do not intend to limit the information stored in these databases.
  • a face image may be registered in each database instead of the feature amount for authentication. That is, each time the authentication is performed, the feature amount may be generated from the face image registered in each database.
  • the authentication unit 205 is a means for processing an authentication request from a business operator.
  • the operation of the authentication unit 205 will be described with reference to the drawings.
  • FIG. 11 is a flowchart showing an example of the operation of the authentication unit 205 according to the first embodiment.
  • the authentication unit 205 retrieves the feature amount and the business ID included in the authentication request.
  • the authentication unit 205 searches the business information database using the extracted feature amount and the business ID as keys, and identifies the corresponding service user ID.
  • the authentication unit 205 sets the feature amount extracted from the authentication request as the feature amount on the collating side and the feature amount stored in the business information database as the feature amount on the registration side, and performs one-to-N matching. Execute (step S101). At that time, the authentication unit 205 calculates the degree of similarity between the matching side and the feature amount of each of the plurality of registered sides. For the similarity, a chi-square distance, an Euclidean distance, or the like can be used. The farther the distance is, the lower the similarity is, and the closer the distance is, the higher the similarity is.
  • the authentication unit 205 determines whether or not there is a feature amount whose similarity with the feature amount to be collated is equal to or higher than a predetermined value among the plurality of feature amounts registered in the business information database (step S102). ). If such a feature amount does not exist (step S102, No branch), the authentication unit 205 sets “authentication failure” in the authentication result (step S103).
  • the authentication unit 205 identifies an entry (user) for the feature with the highest similarity (step S104). The authentication unit 205 determines whether or not there is a business ID that matches the business ID included in the authentication request among at least one business ID associated with the specified user. That is, the authentication unit 205 determines whether the business ID acquired from the business is registered in the specified user (entry) of the business information database (step S105).
  • step S105 Yes branch
  • the authentication unit 205 determines that the user has been successfully authenticated, and sets "authentication successful” in the authentication result (step S106).
  • step S105 No branch
  • the authentication unit 205 sets "authentication failure" in the authentication result (step S103).
  • the authentication unit 205 transmits the result of processing the authentication request to the management server 20 (step S107).
  • the authentication result is "authentication successful”
  • the authentication unit 205 transmits an acknowledgment including the biometric information and the service user ID specified by the business operator ID to the management server 20. If the authentication result is "authentication failure”, the authentication unit 205 sends a negative response to the management server 20.
  • the entry (user) in the second line and the third line is specified by the feature amount FV1.
  • the entry in the second line is specified by the business ID "S1".
  • the authentication unit 205 requests authentication from the first business operator (for example, a private business operator) including the biometric information of the person to be authenticated and the business operator ID (first ID) of the first business operator. Is received, the authentication process is executed, and the service user ID (second ID) of the successful authentication person (the person to be authenticated determined to be successful in authentication) is transmitted to the first business operator. At that time, the authentication unit 205 executes 1-to-N collation using the biometric information stored in the business information database and the biometric information of the person to be authenticated included in the authentication request. The authentication unit 205 determines that the authentication process is successful when the business ID included in the authentication request is stored in the business information database in association with the user specified by the one-to-N collation. do.
  • the public information provision unit 206 is a means for processing a public information provision request from a business operator and providing public information to the business operator.
  • the operation of the public information providing unit 206 will be described with reference to the drawings.
  • FIG. 12 is a flowchart showing an example of the operation of the public information providing unit 206 according to the first embodiment.
  • the public information provision unit 206 extracts the feature amount and the public information type included in the public information provision request.
  • the public information providing unit 206 executes a collation process (1 to N collation process) using the extracted feature amount and the feature amount registered in the public information database (step S201).
  • the public information providing unit 206 determines whether or not there is a feature amount having a similarity between the feature amount registered in the public information database and the feature amount to be collated having a predetermined value or more. (Step S202). If such a feature does not exist (step S202, No branch), the public information providing unit 206 transmits a negative response indicating that the requested public information cannot be provided to the staff terminal 31 (step S203). ).
  • the public information providing unit 206 identifies an entry (user) of the feature quantity having the highest degree of similarity (step S204).
  • the public information providing unit 206 attempts to read the set value from the field corresponding to the public information type of the public information providing request among the public information specific data fields of the specified entry. That is, the public information providing unit 206 determines whether or not the public information specifying data corresponding to the public information type is registered in the specified user (entry) of the public information database (step S205). ..
  • the public information providing unit 206 transmits a negative response indicating that the requested public information cannot be provided to the staff terminal 31 (step S205). S203).
  • the public information providing unit 206 transmits the registered public information specific data to the corresponding public server of the public server group (step S205, Yes branch). Step S206).
  • the public information providing unit 206 acquires public information (for example, items described in a passport) corresponding to public information specific data from a public server (step S207). In response to the acquisition of the information, the public information providing unit 206 transmits an acknowledgment including the requested public information to the staff terminal 31 (step S208).
  • public information for example, items described in a passport
  • the public information providing unit 206 transmits an acknowledgment including the requested public information to the staff terminal 31 (step S208).
  • the feature amount FV1 specifies the entry (user) in the final stage.
  • the public information type included in the public information provision request is "passport”
  • the corresponding public information specific data exists, so that the public information providing unit 206 uses the passport number.
  • the public information providing unit 206 transmits an acknowledgment including the items described in the acquired passport to the staff terminal 31.
  • the entry in the final stage of FIG. 10B is specified by the feature amount.
  • the public information specific data (health insurance card number) corresponding to the insurance card is not set in the entry at the final stage, the public information providing unit 206 gives a negative response indicating that the public information cannot be provided. It is transmitted to the staff terminal 31.
  • the public information providing unit 206 receives the biometric information of the user to whom the second business operator wants to refer to the public information and the public information to be referred to from the second business operator (for example, the city hall). Receive public information requests, including types.
  • the public information providing unit 206 acquires the public information to be referred from the public server holding the public information to be referred to by using the public information specific data.
  • the public information providing unit 206 transmits the acquired public information to the second business operator.
  • the public information providing unit 206 performs a one-to-N collation using the biometric information stored in the public information database and the biometric information included in the public information provision request, so that the second business operator can perform one-to-many matching.
  • the public information providing unit 206 selects the public information specific data corresponding to the public information type included in the public information provision request among the plurality of public information specific data of the specified user as a public server. Send to.
  • the storage unit 207 stores information necessary for the operation of the authentication server 10.
  • a business information database and a public information database are constructed in the storage unit 207.
  • the storage unit 207 uses the two databases to combine the biometric information of the user, the business operator ID (first ID) that identifies the business operator that provides the service to the user, and the user and the business operator.
  • the service user ID (second ID) uniquely determined by the above is stored in association with each other.
  • the storage unit 207 stores the biometric information of the user and the like in association with the public information specifying data for specifying the public information licensed by the user.
  • the public information database can store a plurality of public information specific data for each user. [Management server] FIG.
  • the management server 20 includes a communication control unit 301, a service information acquisition unit 302, a service information registration unit 303, an authentication request unit 304, and a storage unit 305.
  • the communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the authentication server 10 and the authentication terminal 30. Further, the communication control unit 301 transmits data to the authentication server 10 and the authentication terminal 30. The communication control unit 301 passes the data received from the other device to the other processing module. The communication control unit 301 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 301.
  • the service information acquisition unit 302 is a means for acquiring service information required when a business operator provides a service. For example, when the business operator is a "retail store", the service information acquisition unit 302 acquires information related to payment (for example, credit card information, bank account information) in addition to the user's name and the like. do. Alternatively, when the business operator is an "accommodation business operator", the service information acquisition unit 302 acquires reservation information (for example, accommodation date, etc.) related to accommodation in addition to the name and the like.
  • payment for example, credit card information, bank account information
  • reservation information for example, accommodation date, etc.
  • the service information acquisition unit 302 acquires the user ID issued when the user registers the system, in addition to the above name and the like.
  • the service information acquisition unit 302 acquires the user ID and the service information by any means. In the first embodiment, the service information acquisition unit 302 acquires the above two pieces of information from the service information registration request transmitted by the terminal 40.
  • the service information acquisition unit 302 delivers the acquired user ID and service information to the service information registration unit 303.
  • the service information registration unit 303 is a means for registering the acquired service information in the user information database.
  • the service information registration unit 303 transmits a business operator registration request including a user ID and a business operator ID acquired from the service information acquisition unit 302 to the authentication server 10.
  • the service information registration unit 303 acquires a response to the business operator registration request from the authentication server 10. If the acquired response is a "negative response", the service information registration unit 303 notifies the user to that effect. For example, the service information registration unit 303 transmits a negative response (negative response to the service information registration request) including the fact that the service registration has already been performed to the terminal 40.
  • the service information registration unit 303 transmits an affirmative response to the service information registration request to the terminal 40. Further, the service information registration unit 303 registers the service user ID included in the response and the service information acquired from the service information acquisition unit 302 in the user information database. For example, when the management server 20 of the business operator S1 processes the service information registration request from the user U1, the entry shown at the bottom of FIG. 14 is added to the user information database.
  • the authentication request unit 304 is a means for requesting the authentication of the user from the authentication server 10.
  • the authentication request unit 304 When the authentication request unit 304 acquires biometric information (face image) from the authentication terminal 30, it generates a feature amount from the face image. The authentication request unit 304 transmits an authentication request including the generated feature amount and the business operator ID to the authentication server 10.
  • the authentication request unit 304 When the response from the authentication server 10 is a "negative response" (in the case of an authentication failure), the authentication request unit 304 notifies the authentication terminal 30 to that effect.
  • the authentication request unit 304 retrieves the service user ID included in the affirmative response from the authentication server 10.
  • the authentication request unit 304 searches the user information database using the service user ID as a key, and identifies the corresponding entry.
  • the authentication request unit 304 reads the service information set in the service information field of the specified entry and sends it to the authentication terminal 30. For example, in the example of FIG. 14, if the service user ID is "U1S1", the service information "SI01" at the bottom is transmitted to the authentication terminal 30.
  • FIG. 15 is a diagram showing an example of a processing configuration (processing module) of the authentication terminal 30 according to the first embodiment.
  • the authentication terminal 30 includes a communication control unit 401, a biometric information acquisition unit 402, a service providing unit 403, a message output unit 404, and a storage unit 405.
  • the communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the management server 20. Further, the communication control unit 401 transmits data to the management server 20. The communication control unit 401 passes the data received from the other device to the other processing module. The communication control unit 401 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 401.
  • the biometric information acquisition unit 402 is a means for controlling the camera and acquiring the biometric information (face image) of the user.
  • the biological information acquisition unit 402 images the front of the own device at regular intervals or at predetermined timings.
  • the biological information acquisition unit 402 determines whether or not the acquired image includes a human face image, and if the acquired image includes a face image, extracts the face image from the acquired image data.
  • the biological information acquisition unit 402 may extract a face image (face region) from the image data by using a learning model learned by CNN (Convolutional Neural Network).
  • the biological information acquisition unit 402 may extract a face image by using a technique such as template matching.
  • the biometric information acquisition unit 402 delivers the extracted face image to the service provision unit 403.
  • the service providing unit 403 is a means for providing a predetermined service to the user.
  • the service providing unit 403 transmits the face image acquired from the biometric information acquisition unit 402 to the management server 20.
  • the management server 20 returns service information (for example, hotel reservation information including a name and the like) corresponding to the face image.
  • the service providing unit 403 provides a service to the user by using the returned service information.
  • the service providing unit 403 may perform processing according to the content of the service to be provided. For example, if the authentication terminal 30 is a check-in terminal installed in a hotel lobby or the like, the service providing unit 403 may perform a check-in process according to the acquired reservation information (service information).
  • the message output unit 404 is a means for outputting various messages to the user. For example, the message output unit 404 outputs a message regarding the user's authentication result and a message regarding service provision.
  • the message output unit 404 may display a message using a display device such as a liquid crystal monitor, or may reproduce a voice message using an acoustic device such as a speaker.
  • FIG. 16 is a diagram showing an example of a processing configuration (processing module) of the staff terminal 31 according to the first embodiment.
  • the staff terminal 31 includes a communication control unit 501, an information provision request unit 502, a message output unit 503, and a storage unit 504.
  • the communication control unit 501 is a means for controlling communication with other devices. For example, the communication control unit 501 receives data (packet) from the authentication server 10. Further, the communication control unit 501 transmits data to the authentication server 10. The communication control unit 501 passes the data received from the other device to the other processing module. The communication control unit 501 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 501.
  • the information provision request unit 502 is a means for requesting the authentication server 10 to provide information regarding the user's public information.
  • the information provision request unit 502 displays a GUI (Graphical User Interface) for selecting public information acquired from the authentication server 10 in response to an operation by a business operator or the like.
  • the information provision requesting unit 502 displays a GUI as shown in FIG.
  • the information provision requesting unit 502 acquires the type of public information (public information type) required for service provision by using the GUI as shown in FIG.
  • the information provision requesting unit 502 may change the options to be displayed in FIG. 17 according to the place where the own device is installed and the like. For example, if the staff terminal 31 is a terminal installed in a local government such as a city hall, the information provision requesting unit 502 displays as shown in FIG. On the other hand, if the staff terminal 31 is a terminal installed in a private business operator, the documents necessary for the business of the private business operator may be displayed in a selectable manner. For example, if the staff terminal 31 is a terminal installed in a duty-free shop, it may be displayed only for passport-related options. Alternatively, when an employee performs an operation related to a request for providing public information, the information providing request unit 502 may automatically transmit a predetermined public information request.
  • the information provision request unit 502 acquires the biometric information of the user before and after the selection of the public information.
  • the information provision requesting unit 502 acquires the biometric information (face image) of the user by using the GUI as shown in FIG.
  • the camera included in the staff terminal 31 (the camera connected to the staff terminal 31) is installed so that the user who visits the staff can be photographed. Further, when the information provision requesting unit 502 acquires the user's face image, it is desirable to notify the user to that effect.
  • the information provision requesting unit 502 generates a feature amount from the acquired face image.
  • the information provision request unit 502 transmits a public information provision request including the acquired public information type and the generated feature amount to the authentication server 10.
  • the information provision request unit 502 delivers the response (response to the public information provision request) acquired from the authentication server 10 to the message output unit 503.
  • the message output unit 503 is a means for outputting various messages to the staff and the like.
  • the message output unit 503 notifies the staff and the like that the acquisition of public information has failed.
  • the message output unit 503 When an acknowledgment is received from the authentication server 10, the message output unit 503 outputs the public information included in the acknowledgment. For example, the message output unit 503 displays as shown in FIG.
  • FIG. 20 is a diagram showing an example of a processing configuration (processing module) of the terminal 40 according to the first embodiment.
  • the terminal 40 includes a communication control unit 601, a user support unit 602, and a storage unit 603.
  • the communication control unit 601 is a means for controlling communication with other devices. For example, the communication control unit 601 receives data (packet) from the authentication server 10. Further, the communication control unit 601 transmits data to the authentication server 10. The communication control unit 601 passes the data received from the other device to the other processing module. The communication control unit 601 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 601.
  • the user support unit 602 is a means for supporting a user who intends to receive a service by biometric authentication.
  • the user support unit 602 starts operation when the support application installed on the terminal 40 is activated.
  • the user support unit 602 that has started the operation performs a menu display (GUI display) as shown in FIG. 21 and acquires an operation desired by the user.
  • GUI display a menu display
  • the user support unit 602 includes a sub-module consisting of a user registration support unit 611, a service registration support unit 612, and a provision license support unit 613.
  • the user registration support unit 611 is activated in response to the selection of "user registration" shown in FIG.
  • the user registration support unit 611 is a means for supporting (realizing) the system registration of the user.
  • the user registration support unit 611 displays a GUI for acquiring such information.
  • the user registration support unit 611 displays a GUI as shown in FIG. 22.
  • the user presses the "file selection” button shown in FIG. 22 and specifies the image data of the face image to be registered in the system.
  • the designated face image is displayed in the preview area (displayed as a selected face image in FIG. 22).
  • the user presses the "OK" button.
  • the user registration support department 611 acquires the identification document. For example, the user registration support unit 611 displays a GUI as shown in FIG. 23.
  • the user uses the camera of the terminal 40 to take an image of the identification document. The user presses the "File selection” button and specifies the image of the identity verification document taken. After that, the user presses the "OK" button and inputs the identification document.
  • the identity verification documents that can be registered in the system include documents with facial images such as passports and driver's licenses (documents issued by public institutions that contribute to identity verification).
  • the identification documents include not only paper documents but also electronic documents.
  • the user registration support unit 611 sends a user registration request including the acquired biometric information (face image) and identity verification documents to the authentication server 10.
  • the user registration support unit 611 Upon receiving an acknowledgment (a response indicating that the user registration was normally performed) from the authentication server 10, the user registration support unit 611 stores the user ID included in the acknowledgment in the storage unit 603.
  • the user registration support unit 611 outputs a message or the like according to the response (affirmative response, negative response) received from the authentication server 10.
  • the service registration support unit 612 is activated in response to the selection of "service information registration" shown in FIG.
  • the service registration support unit 612 is a means for supporting (realizing) the registration of service information by the user.
  • the service registration support unit 612 enables the user to select the type of industry in which the service is desired by displaying the type of business of the business operator participating in the system. For example, the service registration support unit 612 displays a GUI as shown in FIG. 24 so that the user can select the type of service desired.
  • the service registration support unit 612 displays a GUI that allows the user to select a specific business operator (service provider). For example, in FIG. 24, when the user selects “hotel”, the service registration support unit 612 displays a GUI as shown in FIG. 25.
  • the service registration support unit 612 uses the GUI as shown in FIG. 25 to obtain information on the business operator (the business operator that registers the service information) that the user wants to use among the business operators participating in the authentication infrastructure. get.
  • the service registration support unit 612 acquires service information according to the business operator selected by the user. For example, when the user selects a hotel operator, the service registration support unit 612 displays a GUI for acquiring hotel reservation information (see FIG. 26).
  • the service registration support unit 612 requests the service information registration including the service information acquired by using the GUI as shown in FIG. 26 and the user ID (user ID issued from the authentication server 10) by the user. It is transmitted to the management server 20 of the selected business operator. For example, in the example of FIG. 2, when the user wishes to receive the service from the business operator S1, the service registration support unit 612 requests the service information registration to the management server 20 of the business operator S1. Send.
  • the service registration support unit 612 sends the service information registration request to the destination by referring to the table information or the like in which the business operator selected by the GUI and the address of the management server 20 of the business operator are associated with each other as shown in FIG.
  • the management server 20 to be used is determined.
  • the service registration support unit 612 determines the service information to be acquired by referring to the information or the like that associates the selected business operator with the service information to be acquired. Alternatively, the service registration support unit 612 may inquire the management server 20 of the business operator selected by the user about the items to be acquired, or may acquire an input form or the like for inputting service information. In the above example, after the user selects the business operator S1, the service registration support unit 612 may obtain an acquisition item, an input form, or the like from the management server 20 of the business operator S1.
  • the service registration support unit 612 outputs a message or the like according to the response (affirmative response, negative response) received from the management server 20.
  • the provision permission support unit 613 is activated according to the selection of "permission to provide public information" shown in FIG.
  • the provision permission support unit 613 is a means for supporting (realizing) the provision permission of public information by the user.
  • the provision permission support unit 613 displays a GUI that allows the user to select the public information for which the provision is permitted.
  • the license support unit 613 displays a GUI as shown in FIG. 27.
  • the provision permission support unit 613 displays a GUI for inputting public information specific data corresponding to the public information. For example, the provision permission support unit 613 acquires public information specific data using a GUI as shown in FIG. 28.
  • the provision permission support unit 613 transmits the public information provision permission including the user ID of the user and the public information specific data to the authentication server 10.
  • the provision permission support unit 613 outputs a message or the like according to the response (affirmative response, negative response) received from the authentication server 10.
  • the storage unit 603 is a means for storing information necessary for the operation of the terminal 40.
  • Public server The description of the internal configuration of the public server will be omitted.
  • the public server may include a database that stores public information specific data in association with public information.
  • the public server may search the database using the public information specific data as a key and send the corresponding public information to the authentication server 10.
  • System operation Subsequently, the operation of the authentication system according to the first embodiment will be described. The operation will be described for the service information registration phase, the public information provision permission phase, and the service provision phase, and the description regarding the user registration phase will be omitted.
  • FIG. 29 is a sequence diagram showing an example of the operation related to the service information registration phase of the authentication system according to the first embodiment.
  • the management server 20 acquires service information (information necessary for providing the service) and a user ID from the user (terminal 40) (step S01).
  • the management server 20 transmits a business registration request including the acquired user ID and business ID to the authentication server 10 (step S02).
  • the authentication server 10 generates a service user ID using the acquired user ID and business operator ID (step S03).
  • the authentication server 10 stores the business operator ID and the service user ID in the business operator information database (step S04).
  • the authentication server 10 transmits a response including the service user ID (a positive response to the business operator registration request) to the management server 20 (step S05).
  • the management server 20 associates the service information acquired in step S01 with the service user ID acquired from the authentication server 10 and stores it in the user information database (step S06).
  • FIG. 30 is a sequence diagram showing an example of the operation related to the public information provision permission phase of the authentication system according to the first embodiment.
  • the terminal 40 acquires the public information type and public information specific data that the user permits to provide using a GUI or the like (step S11).
  • the terminal 40 transmits the public information provision permission including the user ID of the user and the public information specific data to the authentication server 10 (step S12).
  • the terminal 40 may transmit a public information provision permission including a public information type to the authentication server 10. That is, the terminal 40 may clearly indicate to the authentication server 10 the type of public information licensed by the user.
  • the authentication server 10 identifies a user who grants information provision permission based on the user ID (step S13).
  • the authentication server 10 stores the public information specific data in the public information specific field of the specified user (step S14).
  • the authentication server 10 transmits an acknowledgment to the public information provision permission to the terminal 40 (step S15).
  • the terminal 40 displays a message or the like according to the acquired response (step S16).
  • FIG. 31 is a sequence diagram showing an example of the operation related to the service provision phase of the authentication system according to the first embodiment. With reference to FIG. 31, the system operation when the service is provided using the service information will be described.
  • the authentication terminal 30 acquires a user's face image (biological information) and transmits the acquired face image to the management server 20 (step S21).
  • the management server 20 generates a feature amount from the acquired face image (step S22).
  • the management server 20 transmits an authentication request including the generated feature amount and the business operator ID to the authentication server 10 (step S23).
  • the authentication server 10 executes an authentication process using the feature amount included in the authentication request and the business operator ID, and identifies the corresponding service user ID (step S24).
  • the authentication server 10 transmits an acknowledgment including the specified service user ID to the management server 20 (sends the service user ID; step S25).
  • the management server 20 searches the user information database using the acquired service user ID, and specifies the corresponding service information (step S26).
  • the management server 20 transmits the specified service information to the authentication terminal 30 (step S27).
  • the authentication terminal 30 provides a service using the acquired service information (step S28).
  • FIG. 32 is a sequence diagram showing an example of the operation related to the service provision phase of the authentication system according to the first embodiment. With reference to FIG. 32, the system operation when the service is provided using public information will be described.
  • the staff terminal 31 acquires the user (user who receives the service) biometric information (face image) and the public information type to be referred to according to the operation of the staff or the like (step S31).
  • the staff terminal 31 generates a feature amount from the face image.
  • the staff terminal 31 transmits a public information provision request including a user's feature amount and a public information type to the authentication server 10 (step S32).
  • the authentication server 10 executes a collation process using the feature amount included in the public information provision request, and identifies the corresponding user (step S33).
  • the authentication server 10 reads out from the public information database the data corresponding to the public information type included in the public information provision request among the public information specific data of the specified user (acquisition of public information specific data; step). S34).
  • the authentication server 10 transmits the acquired public information specific data to the corresponding public server (step S35).
  • the public server reads the public information corresponding to the received public information specific data from the database, and transmits the public information to the authentication server 10 (step S36).
  • the authentication server 10 transmits an acknowledgment to the public information provision request including public information to the staff terminal 31 (transmission of public information; step S37).
  • the staff terminal 31 outputs the received public information (step S38). For example, the staff terminal 31 presents the acquired public information to the staff.
  • the authentication server 10 can process a request from a private business operator and a request from a public institution.
  • both private businesses and public institutions do not need to build their own authentication system and can easily use biometric authentication.
  • a private business operator service provider who uses service information
  • private businesses can easily provide services using biometrics by outsourcing the actual processing of biometrics to a certification center.
  • a public institution a service provider who uses public information
  • the public institution can refer to the user's public information without performing substantial processing of biometric authentication. ..
  • public information public information identification data; for example, passport number
  • official documents identification documents; passport.
  • you can receive administrative services from public institutions even if you do not carry it.
  • the information provision permission can be flexibly performed according to the nature of the public information and the like.
  • the biometric information of the user is stored in the authentication server 10, and each business operator does not have the biometric information.
  • the user's service information personal information such as name
  • the authentication system according to the first embodiment provides a robust authentication platform against information leakage by distributing and arranging information in this way. That is, biological information (particularly, feature amount) that is not associated with service information is merely a list of numerical values and is low value information for criminals and the like. Therefore, even if information leakage occurs from the authentication server 10, its influence is limited. Further, the authentication server 10 does not hold the actual contents of public information about each user.
  • the authentication server 10 acquires information from the corresponding public server each time the public information is required, the possibility that the public information is leaked from the authentication server 10 is low.
  • the participants of the authentication system (users who receive the service, business operators who provide the service) can use the authentication system with peace of mind.
  • FIG. 33 is a diagram showing an example of the hardware configuration of the authentication server 10.
  • the authentication server 10 can be configured by an information processing device (so-called computer), and includes the configuration illustrated in FIG. 33.
  • the authentication server 10 includes a processor 311, a memory 312, an input / output interface 313, a communication interface 314, and the like.
  • the components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
  • the configuration shown in FIG. 33 does not mean to limit the hardware configuration of the authentication server 10.
  • the authentication server 10 may include hardware (not shown) or may not include an input / output interface 313 if necessary.
  • the number of processors 311 and the like included in the authentication server 10 is not limited to the example of FIG. 33, and for example, a plurality of processors 311 may be included in the authentication server 10.
  • the processor 311 is a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), and a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
  • OS operating system
  • the memory 312 is a RAM (RandomAccessMemory), a ROM (ReadOnlyMemory), an HDD (HardDiskDrive), an SSD (SolidStateDrive), or the like.
  • the memory 312 stores an OS program, an application program, and various data.
  • the input / output interface 313 is an interface of a display device or an input device (not shown).
  • the display device is, for example, a liquid crystal display or the like.
  • the input device is, for example, a device that accepts user operations such as a keyboard and a mouse.
  • the communication interface 314 is a circuit, module, etc. that communicates with other devices.
  • the communication interface 314 includes a NIC (Network Interface Card) and the like.
  • the function of the authentication server 10 is realized by various processing modules.
  • the processing module is realized, for example, by the processor 311 executing a program stored in the memory 312.
  • the program can also be recorded on a computer-readable storage medium.
  • the storage medium may be a non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. That is, the present invention can also be embodied as a computer program product. Further, the above program can be downloaded via a network or updated by using a storage medium in which the program is stored. Further, the processing module may be realized by a semiconductor chip.
  • the management server 20, the authentication terminal 30, the staff terminal 31, the terminal 40, and the like can also be configured by the information processing device in the same manner as the authentication server 10, and the basic hardware configuration thereof is not different from the authentication server 10. Therefore, the explanation is omitted.
  • the authentication terminal 30 may be provided with a camera for photographing the user.
  • the authentication server 10 is equipped with a computer, and the function of the authentication server 10 can be realized by causing the computer to execute a program. Further, the authentication server 10 executes the control method of the authentication server by the program.
  • [Modification example] It should be noted that the configuration, operation, and the like of the authentication system described in the above embodiment are examples, and are not intended to limit the system configuration and the like.
  • the authentication server 10 has a business information database and a public information database has been described.
  • these databases may be built on a database server different from the authentication server 10.
  • the authentication system may include various means (authentication unit 205, public information providing unit 206, etc.) described in the above embodiment.
  • the authentication server 10 may manage the biometric information of the user or the like by using a database in which the two databases are integrated.
  • the authentication server 10 may perform biometric authentication and information provision using an authentication information database (corresponding to database 101) as shown in FIG. 34.
  • the reservation information of the hospital may be registered in the hospital as service information, and the reservation information may be specified by the biometric authentication described in the above embodiment.
  • the authentication server 10 generates a user ID at the time of user registration and pays out the generated user ID to the user.
  • the user ID is determined by the user, and the user may input the user ID into the system.
  • an ID, a password, or a combination thereof for the user to log in to the authentication server 10 may be used as the user ID.
  • the user registration phase and the service information registration phase are executed at different timings, but these phases may be executed at substantially the same timing.
  • the authentication terminal 30 installed in the business operator who wants to provide the service may be used, and the above two registration phases may be executed.
  • the user registers as a user (inputs biometric information and identity verification documents) using the authentication terminal 30, and then continuously registers service information (inputs user ID and service information). May be done.
  • the user registration phase and the public information provision permission phase may be executed at substantially the same timing.
  • the user may operate the terminal 40 to input biometric information, identity verification documents, and types of public information for which provision is permitted to the authentication server 10.
  • one business operator ID is assigned to one business operator, but one business operator ID may be assigned to a plurality of business operators.
  • a plurality of businesses may be grouped together and a business ID may be issued for each group. For example, when the businesses S1 and S2 cooperate to provide the same service, a common business ID may be issued to these businesses S1 and S2.
  • the biometric information related to the "feature amount generated from the face image” is transmitted from the management server 20 or the staff terminal 31 to the authentication server 10 has been described.
  • the biometric information related to the "face image” may be transmitted from the management server 20 or the like to the authentication server 10.
  • the authentication server 10 may generate a feature amount from the acquired face image and execute the authentication process (verification process).
  • the authentication terminal 30 acquires the face image and the management server 20 generates the feature amount from the face image has been described.
  • the authentication terminal 30 may generate a feature amount from the face image and transmit the generated feature amount to the management server 20. That is, the management server 20 does not have to generate the feature amount.
  • the authentication server 10 may verify the validity of the public information specific data (even if it verifies whether the public information specific data is correct data or not). good). When a checksum or the like is attached to the public information specific data, the authentication server 10 may verify the validity of the public information specific data by the checksum. Alternatively, the authentication server 10 may send the acquired public information specific data to the corresponding public server and request verification of its validity.
  • the staff terminal 31 may provide information on a plurality of types of public information to the authentication server 10.
  • the staff terminal 31 may send a public information provision request regarding the information described in the passport and the insurance card of the same user to the authentication server 10.
  • the authentication server 10 may transmit the passport number and the insurance card number to the passport server 41 and the insurance card server 42, respectively, and acquire necessary public information.
  • the staff terminal 31 is installed in a drug store.
  • the staff operates the staff terminal 31 to acquire the information of the insurance card when providing the medicine to the patient, or the information of the passport when performing the tax exemption processing of the product purchaser. You may.
  • the staff terminal 31 can be a hybrid terminal that acquires different public information from the authentication server 10 according to the operation of the user (staff) or the like.
  • the authentication terminal 30 transmits a user's authentication request (biological information) to the authentication server 10 via the management server 20.
  • the authentication terminal 30 may send an authentication request directly to the authentication server 10. That is, the authentication terminal 30 may directly or indirectly transmit an authentication request (biological information) to the authentication server 10.
  • the staff terminal 31 may send a public information provision request to the authentication server 10 via a server connected between the authentication server 10 and the staff terminal 31. That is, the staff terminal 31 may directly or indirectly transmit a public information provision request (biological information) to the authentication server 10.
  • One terminal may send a user's authentication request and a public information provision request to the authentication server 10.
  • the authentication terminal 30 shown in FIG. 2 is a terminal installed in a hotel.
  • the authentication terminal 30 can be provided with a function as a check-in terminal responsible for the user's check-in process and a function as a tax exemption terminal for performing the tax exemption process.
  • the authentication terminal 30 directly or indirectly transmits an authentication request including biometric information of a guest who has visited the hotel to the authentication server 10.
  • the authentication terminal 30 proceeds with the check-in procedure based on the service information (reservation information) of the user.
  • the authentication terminal 30 When functioning as a duty-free terminal, the authentication terminal 30 directly or indirectly transmits a request for providing public information regarding the biometric information of the duty-free goods purchaser and the passport to the authentication server 10.
  • the authentication terminal 30 proceeds with tax exemption processing according to the items described in the passport obtained from the authentication server 10.
  • the terminal may transmit the authentication request and the public information provision request to the authentication server 10 according to the function to be realized.
  • the authentication server 10 notifies the terminal of the service user ID or notifies the terminal of public information according to the type of the received request.
  • the user grants permission to provide information in units of public information (for example, passport, health insurance card) has been described.
  • the user may be provided with an interface for inputting whether or not the user permits the provision of each item of public information.
  • a GUI that allows input such as permitting information provision only for the name and nationality of the items described in the passport may be provided to the user.
  • the terminal 40 may notify the user of the advantage of providing the information when obtaining the permission to provide the public information of the user. For example, the terminal 40 may output a message such as "If the passport information is provided, the tax exemption procedure can be easily completed" in the display shown in FIG. 27.
  • the authentication server 10 can also store the identification documents acquired at the time of user registration in a public information database or the like. In this case, the authentication server 10 does not have to acquire the public information specific data from the user when the official document licensed by the user and the identity verification document registered in the database are the same. For example, consider a case where a "passport" is obtained as an identity verification document and the user grants permission to provide the items described in the passport. In this case, the authentication server 10 may read the passport number from the passport (user ID, identity verification document associated with the biometric information) registered in the database.
  • Each device included in the authentication system may be given an electronic signature when transmitting information (authentication request, public information provision request, etc.).
  • the device that has acquired the information (for example, an authentication server or a public server) may verify the digital signature given and process only the information whose identity can be correctly confirmed.
  • each device authentication server 10, management server 20, authentication terminal 30, staff terminal 31
  • the data transmitted / received between these devices may be encrypted.
  • Biometric information is transmitted and received between these devices, and it is desirable that encrypted data be transmitted and received in order to appropriately protect the biometric information.
  • each embodiment may be used alone or in combination. For example, it is possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Further, it is possible to add, delete, or replace a part of the configuration of the embodiment with another configuration.
  • the present invention is suitably applicable to an authentication system for authenticating users of private businesses and public institutions.
  • the authentication unit which sends the ID of the above to the first business operator,
  • the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the public information is specified.
  • An information providing unit that acquires the public information to be referred to from a public server that holds the public information to be referred to using data and transmits the acquired public information to the second business operator.
  • An authentication server. [Appendix 2]
  • the database further stores a third ID for identifying the user. Upon receiving the user registration request including the user's biometric information and the user's identity verification document, the user's identity is confirmed based on the identity verification document, and the user's living body that succeeds in identity verification.
  • the authentication server according to Appendix 1 further comprising a user registration unit that registers information and the third ID in the database.
  • Appendix 3 The authentication server according to Appendix 2, wherein the user registration unit issues the third ID to the user when the user's identity is successfully confirmed.
  • Appendix 4 When the user registration unit succeeds in one-to-one verification using the biometric information of the user included in the user registration request and the biometric information obtained from the identity verification document, the user registration unit confirms the identity of the user.
  • Appendix 5 Upon receiving a business registration request including the first ID and the third ID from the first business, the second ID is generated, and the generated second ID is used as the first ID.
  • the authentication server according to any one of Supplementary note 2 to 4, further comprising a business registration unit, which is paid out to the business.
  • a specific data registration unit for storing the public information specific data in the entry corresponding to the third ID is further provided.
  • the authentication server according to any one of Supplementary note 2 to 5.
  • the authentication unit executes one-to-N (N is a positive integer) collation using the biometric information stored in the database and the biometric information of the person to be authenticated included in the authentication request, any of Supplementary note 1 to 6.
  • the authentication unit succeeded in the authentication process when the first ID included in the authentication request is stored in the database in association with the user specified by the one-to-N collation.
  • the authentication server according to Appendix 7.
  • the information providing unit performs a one-to-N (N is a positive integer) collation using the biometric information stored in the database and the biometric information included in the public information provision request, thereby performing the second method.
  • the authentication server according to any one of Supplementary note 1 to 8, which identifies a user who wants to refer to public information by a business operator.
  • the database stores a plurality of the public information specific data for each user.
  • the information providing unit uses the public information specifying data corresponding to the type of the public information included in the public information providing request among the plurality of public information specifying data of the specified user.
  • Appendix 11 The authentication server according to any one of Supplementary note 1 to 10, wherein the biometric information is a face image or a feature amount generated from the face image.
  • a database that stores in association with public information specific data for specifying licensed public information, The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first terminal, and the second person of the successful authentication person.
  • the authentication unit that sends the ID of
  • the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to from the second terminal
  • the public information identification An information providing unit that acquires the public information to be referred to from a public server that holds the public information to be referred to using data and transmits the acquired public information to the second terminal.
  • the system. [Appendix 13] The biometric information of the user, the first ID that identifies the business operator that provides the service to the user, the second ID that is uniquely determined by the combination of the user and the business operator, and the provision by the user.
  • an authentication server equipped with a database that stores in association with public information identification data for identifying licensed public information.
  • the authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first business operator, and the second of the authentication successful persons. ID is sent to the first business operator,
  • the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the public information is specified.
  • a control method of an authentication server that acquires the public information to be referred to from a public server that holds the public information to be referred to using data and transmits the acquired public information to the second business operator. ..
  • the public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the public information is specified.

Abstract

In order to provide an authentication server that further promulgates biometric authentication, the authentication server of the present invention comprises a database, an authentication means, and an information provision means. The database stores the following in association with each other: biometric information of a user; a first ID for distinguishing an operator that provides a service to the user; and a second ID that is uniquely established by combining the user and the operator. The database also stores the following in association with each other: the biometric information of the user; and public information-specifying data for specifying public information for which provision has been granted by the user. The authentication means executes authentication processing in response to receiving an authentication request, and transmits the second ID, of a person who has been successfully authenticated, to a first operator. The information provision means receives, from a second operator, a public information provision request that includes the type of public information that the second operator desires to reference. The information provision means acquires the public information, that the second operator desires to reference, from a public server that retains said public information, and transmits the acquired public information to the second operator.

Description

認証サーバ、システム、認証サーバの制御方法及び記録媒体Authentication server, system, authentication server control method and recording medium
 本発明は、認証サーバ、システム、認証サーバの制御方法及び記録媒体に関する。 The present invention relates to an authentication server, a system, a control method of the authentication server, and a recording medium.
 近年、生体情報を利用した各種サービスの普及が始まっている。例えば、空港内で行われる各種手続き(チェックイン、手荷物預け入れ等)やホテルのチェックイン等に顔認証が用いられている。近年、生体認証に関する様々な技術開発が行われている。 In recent years, various services using biometric information have begun to spread. For example, face recognition is used for various procedures (check-in, baggage check-in, etc.) performed at the airport and hotel check-in. In recent years, various technologies related to biometric authentication have been developed.
 例えば、特許文献1には、生体認証に用いられる生体情報を一元化することを可能にする、と記載されている。特許文献1に記載された情報処理端末は、生体認証のための生体情報および、サービスが提供される装置の識別情報を取得する取得部と、生体認証の成功に応じて、識別情報を送信する送信部と、を備える。 For example, Patent Document 1 describes that it is possible to unify biometric information used for biometric authentication. The information processing terminal described in Patent Document 1 transmits the identification information to the acquisition unit that acquires the biometric information for biometric authentication and the identification information of the device to which the service is provided, depending on the success of the biometric authentication. It is equipped with a transmitter.
 特許文献2には、利用者が各種手続きを行う場合における本人認証を効率良く行う、と記載されている。特許文献2の認証システムは、利用者の携帯端末から管理装置にアクセスして利用者の動画像を含む初期登録を行う。当該認証システムでは、利用者が金融機関の店舗はコンビニエンスストアでサービスを受ける場合に、管理装置に動画像を送信して利用種別に応じた認証処理を行い、認証結果を通知する。 Patent Document 2 describes that personal authentication is efficiently performed when a user performs various procedures. The authentication system of Patent Document 2 accesses the management device from the user's mobile terminal and performs initial registration including the user's moving image. In the authentication system, when a user receives a service at a convenience store at a financial institution store, a moving image is transmitted to a management device to perform authentication processing according to the usage type, and the authentication result is notified.
 特許文献3には、外国人旅行者による免税施設でのショッピングを効率的で快適なものとする、と記載されている。特許文献3の決済支援サーバは、通信装置と、記憶装置と、演算装置と、を備える。通信装置は、他装置と通信を行う。記憶装置は、旅行者の旅券情報、旅行における移動手段または利用施設の情報、および生体認証用情報を対応付けて保持する。演算装置は、免税施設の端末から受信した決済用情報が含む旅行者の生体情報を、記憶装置の生体認証用情報のうち、所定の有効性を示す旅券情報と移動手段または利用施設の情報と対応付けられたものと照合する。演算装置は、生体情報と一致する生体認証用情報の登録が存在した場合、決済許可の情報を端末に返信する。 Patent Document 3 states that shopping at duty-free facilities by foreign tourists will be efficient and comfortable. The payment support server of Patent Document 3 includes a communication device, a storage device, and an arithmetic unit. The communication device communicates with another device. The storage device stores the passport information of the traveler, the information of the means of transportation or the facility used in the trip, and the information for biometric authentication in association with each other. The arithmetic unit uses the traveler's biometric information included in the payment information received from the terminal of the tax exemption facility as the passport information indicating the predetermined validity and the information of the means of transportation or the facility used among the biometric authentication information of the storage device. Match with the associated one. If the biometric authentication information that matches the biometric information is registered, the arithmetic unit returns the payment permission information to the terminal.
国際公開第2018/096772号International Publication No. 2018/096772 特開2020-113107号公報Japanese Unexamined Patent Publication No. 2020-113107 特開2017-123202号公報Japanese Unexamined Patent Publication No. 2017-123202
 上述のように、近年、生体認証に関する技術開発が進められ、生体認証を用いた様々なサービスが利用者に提供されている。より具体的には、宿泊事業者等の民間事業者や自治体等の公的機関が生体認証を用いたサービスを提供している、あるいは、サービスの提供を検討している。 As mentioned above, in recent years, technological development related to biometric authentication has been promoted, and various services using biometric authentication have been provided to users. More specifically, private businesses such as lodging businesses and public institutions such as local governments are providing services using biometric authentication, or are considering providing services.
 ここで、生体認証は、被認証者の生体情報とデータベースに登録された生体情報の比較により実現されるものであり、認証者(認証主体;サービス提供主体)が民間事業者であっても公的機関であっても、認証の基本的な仕組みは同じである。しかしながら、現状の認証システムでは、各事業者に特化したシステムが構成されることも多く、そのことが生体認証を導入するハードルを高めている。 Here, biometric authentication is realized by comparing the biometric information of the person to be authenticated with the biometric information registered in the database, and even if the certifier (authentication subject; service provider) is a private business operator, it is public. The basic mechanism of certification is the same even if it is a target organization. However, in the current authentication system, a system specialized for each business operator is often configured, which raises the hurdle to introduce biometric authentication.
 本発明は、生体認証をより一層普及させることに寄与する、認証サーバ、システム、認証サーバの制御方法及び記録媒体を提供することを主たる目的とする。 The main object of the present invention is to provide an authentication server, a system, a control method for an authentication server, and a recording medium that contribute to the further spread of biometric authentication.
 本発明の第1の視点によれば、利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のID(identifier)と、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースと、第1の事業者から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の事業者に送信する、認証手段と、第2の事業者から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の事業者に送信する、情報提供手段と、を備える、認証サーバが提供される。 According to the first viewpoint of the present invention, the biometric information of the user, the first ID (identifier) that identifies the business operator that provides the service to the user, and the combination of the user and the business operator are unique. The second ID determined in the above, the public information identification data for specifying the public information licensed by the user, the database stored in association with each other, and the first business operator to be certified. The authentication process is executed in response to receiving the authentication request including the biometric information of the person and the first ID of the first business operator, and the second ID of the successful authentication person is used as the first business operator. A public information provision request including the biometric information of the user to whom the second business operator wants to refer to the public information and the type of the public information to be referred to is requested from the authentication means to be transmitted to the second business operator. Upon receipt, the public information to be referred to is acquired from the public server holding the public information to be referred to by using the public information specific data, and the acquired public information is transmitted to the second business operator. An authentication server is provided that comprises means of transmitting and providing information.
 本発明の第2の視点によれば、第1の事業者に設置された第1の端末と、第2の事業者に設置された第2の端末と、前記第1及び第2の端末と接続された認証サーバと、を含み、前記認証サーバは、利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースと、前記第1の端末から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の端末に送信する、認証手段と、前記第2の端末から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の端末に送信する、情報提供手段と、を備える、システムが提供される。 According to the second viewpoint of the present invention, the first terminal installed in the first business operator, the second terminal installed in the second business operator, and the first and second terminals. The authentication server includes a connected authentication server, and the authentication server is based on a combination of a user's biometric information, a first ID that identifies a business operator that provides a service to the user, and the user and the business operator. From the database and the first terminal, which are stored in association with the second ID uniquely determined, the public information identification data for specifying the public information licensed by the user, and the public information identification data. The authentication process is executed in response to receiving the authentication request including the biometric information of the certifier and the first ID of the first business operator, and the second ID of the successful authentication person is used as the first terminal. From the authentication means and the second terminal, the second business operator requests to provide public information including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to. Upon reception, the public information to be referred to is acquired from the public server holding the public information to be referred to by using the public information specific data, and the acquired public information is transmitted to the second terminal. A system is provided that comprises means of providing information.
 本発明の第3の視点によれば、利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースを備える認証サーバにおいて、第1の事業者から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の事業者に送信し、第2の事業者から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の事業者に送信する、認証サーバの制御方法が提供される。 According to the third viewpoint of the present invention, the biometric information of the user, the first ID that identifies the business operator that provides the service to the user, and the combination of the user and the business operator are uniquely determined. In an authentication server provided with a database that stores the ID of 2 and the public information identification data for specifying the public information licensed by the user in association with each other, the first business operator receives the data. The authentication process is executed in response to receiving the authentication request including the biometric information of the certifier and the first ID of the first business operator, and the second ID of the successful authentication person is used as the first business. When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the second business operator receives the request. The public information to be referred to is acquired from a public server holding the public information to be referred to by using the public information specific data, and the acquired public information is transmitted to the second business operator. A method of controlling the authentication server is provided.
 本発明の第4の視点によれば、利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースを備える認証サーバに搭載されたコンピュータに、第1の事業者から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の事業者に送信する処理と、第2の事業者から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の事業者に送信する処理と、を実行させるためのプログラムを記録したコンピュータ読み取り可能な記録媒体が提供される。 According to the fourth viewpoint of the present invention, the biometric information of the user, the first ID that identifies the business operator that provides the service to the user, and the combination of the user and the business operator are uniquely determined. The first is to the computer mounted on the authentication server provided with the database, which stores the ID of 2 and the public information identification data for specifying the public information licensed by the user in association with each other. The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the business operator, and the second ID of the successful authentication person is obtained. The process of transmitting to the first business operator, and the public information including the biometric information of the user from which the second business operator wants to refer to the public information and the type of public information to be referred to from the second business operator. Upon receiving the information provision request, the public information to be referred to is acquired from the public server holding the public information to be referred to by using the public information specific data, and the acquired public information is referred to as the second. A computer-readable recording medium containing a program for executing a process to be transmitted to a business operator is provided.
 本発明の各視点によれば、生体認証をより一層普及させることに寄与する、認証サーバ、システム、認証サーバの制御方法及び記録媒体が提供される。なお、本発明の効果は上記に限定されない。本発明により、当該効果の代わりに、又は当該効果と共に、他の効果が奏されてもよい。 According to each viewpoint of the present invention, an authentication server, a system, a control method of the authentication server, and a recording medium that contribute to further popularization of biometric authentication are provided. The effect of the present invention is not limited to the above. According to the present invention, other effects may be produced in place of or in combination with the effect.
一実施形態の概要を説明するための図である。It is a figure for demonstrating the outline of one Embodiment. 第1の実施形態に係る認証システムの概略構成の一例を示す図である。It is a figure which shows an example of the schematic structure of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの利用者登録フェーズにおける動作を説明するための図である。It is a figure for demonstrating the operation in the user registration phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス情報登録フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the service information registration phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの公的情報提供許諾フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the public information provision permission phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス提供フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the service provision phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムのサービス提供フェーズにおける動作を説明するための図である。It is a figure for demonstrating operation in the service provision phase of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証サーバの処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the authentication server which concerns on 1st Embodiment. 第1の実施形態に係る事業者情報データベースの一例を示す図である。It is a figure which shows an example of the business operator information database which concerns on 1st Embodiment. 第1の実施形態に係る事業者情報データベースの一例を示す図である。It is a figure which shows an example of the business operator information database which concerns on 1st Embodiment. 第1の実施形態に係る事業者情報データベースの一例を示す図である。It is a figure which shows an example of the business operator information database which concerns on 1st Embodiment. 第1の実施形態に係る公的情報データベースの一例を示す図である。It is a figure which shows an example of the public information database which concerns on 1st Embodiment. 第1の実施形態に係る公的情報データベースの一例を示す図である。It is a figure which shows an example of the public information database which concerns on 1st Embodiment. 第1の実施形態に係る認証部の動作の一例を示すフローチャートである。It is a flowchart which shows an example of the operation of the authentication part which concerns on 1st Embodiment. 第1の実施形態に係る公的情報提供部の動作の一例を示すフローチャートである。It is a flowchart which shows an example of the operation of the public information providing part which concerns on 1st Embodiment. 第1の実施形態に係る管理サーバの処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the management server which concerns on 1st Embodiment. 第1の実施形態に係る利用者情報データベースの一例を示す図である。It is a figure which shows an example of the user information database which concerns on 1st Embodiment. 第1の実施形態に係る認証端末の処理構成の一例を示す図である。It is a figure which shows an example of the processing configuration of the authentication terminal which concerns on 1st Embodiment. 第1の実施形態に係る職員端末の処理構成の一例を示す図である。It is a figure which shows an example of the processing structure of the staff terminal which concerns on 1st Embodiment. 第1の実施形態に係る情報提供要求部の動作を説明するための図である。It is a figure for demonstrating the operation of the information provision request part which concerns on 1st Embodiment. 第1の実施形態に係る情報提供要求部の動作を説明するための図である。It is a figure for demonstrating the operation of the information provision request part which concerns on 1st Embodiment. 第1の実施形態に係るメッセージ出力部の動作を説明するための図である。It is a figure for demonstrating the operation of the message output part which concerns on 1st Embodiment. 第1の実施形態に係る端末の処理構成の一例を示す図である。It is a figure which shows an example of the processing structure of the terminal which concerns on 1st Embodiment. 第1の実施形態に係る利用者支援部の動作を説明するための図である。It is a figure for demonstrating the operation of the user support part which concerns on 1st Embodiment. 第1の実施形態に係る利用者登録支援部の動作を説明するための図である。It is a figure for demonstrating the operation of the user registration support part which concerns on 1st Embodiment. 第1の実施形態に係る利用者登録支援部の動作を説明するための図である。It is a figure for demonstrating the operation of the user registration support part which concerns on 1st Embodiment. 第1の実施形態に係るサービス登録支援部の動作を説明するための図である。It is a figure for demonstrating the operation of the service registration support part which concerns on 1st Embodiment. 第1の実施形態に係るサービス登録支援部の動作を説明するための図である。It is a figure for demonstrating the operation of the service registration support part which concerns on 1st Embodiment. 第1の実施形態に係るサービス登録支援部の動作を説明するための図である。It is a figure for demonstrating the operation of the service registration support part which concerns on 1st Embodiment. 第1の実施形態に係る提供許諾支援部の動作を説明するための図である。It is a figure for demonstrating the operation of the provision license support part which concerns on 1st Embodiment. 第1の実施形態に係る提供許諾支援部の動作を説明するための図である。It is a figure for demonstrating the operation of the provision license support part which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation of the authentication system which concerns on 1st Embodiment. 第1の実施形態に係る認証システムの動作の一例を示すシーケンス図である。It is a sequence diagram which shows an example of the operation of the authentication system which concerns on 1st Embodiment. 本願開示の認証サーバのハードウェア構成の一例を示す図である。It is a figure which shows an example of the hardware configuration of the authentication server disclosed in this application. 本願開示の変形例に係る認証情報データベースの一例を示す図である。It is a figure which shows an example of the authentication information database which concerns on the modification of the present disclosure.
 はじめに、一実施形態の概要について説明する。なお、この概要に付記した図面参照符号は、理解を助けるための一例として各要素に便宜上付記したものであり、この概要の記載はなんらの限定を意図するものではない。また、特段の釈明がない場合には、各図面に記載されたブロックはハードウェア単位の構成ではなく、機能単位の構成を表す。各図におけるブロック間の接続線は、双方向及び単方向の双方を含む。一方向矢印については、主たる信号(データ)の流れを模式的に示すものであり、双方向性を排除するものではない。なお、本明細書及び図面において、同様に説明されることが可能な要素については、同一の符号を付することにより重複説明が省略され得る。 First, the outline of one embodiment will be explained. It should be noted that the drawing reference reference numerals added to this outline are added to each element for convenience as an example for assisting understanding, and the description of this outline is not intended to limit anything. Further, unless otherwise specified, the blocks described in each drawing represent not the configuration of hardware units but the configuration of functional units. The connecting lines between the blocks in each figure include both bidirectional and unidirectional. The one-way arrow schematically shows the flow of the main signal (data), and does not exclude bidirectionality. In the present specification and the drawings, elements that can be similarly described may be designated by the same reference numerals, so that duplicate description may be omitted.
 一実施形態に係る認証サーバ100は、データベース101と、認証部102と、情報提供部103と、を備える(図1参照)。データベース101は、利用者の生体情報と、利用者にサービスを提供する事業者を識別する第1のIDと、利用者と事業者の組み合わせにより一意に定まる第2のIDと、を対応付けて記憶する。さらに、データベース101は、利用者の生体情報等と、利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する。認証部102は、第1の事業者から、被認証者の生体情報と第1の事業者の第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の第2のIDを第1の事業者に送信する。情報提供部103は、第2の事業者から、第2の事業者が公的情報を参照したい利用者の生体情報と参照したい公的情報の種類を含む公的情報提供要求を受信する。情報提供部103は、公的情報特定データを用いて参照したい公的情報を保持する公的サーバから参照したい公的情報を取得し、取得された公的情報を第2の事業者に送信する。 The authentication server 100 according to one embodiment includes a database 101, an authentication unit 102, and an information providing unit 103 (see FIG. 1). The database 101 associates the biometric information of the user with the first ID that identifies the business operator that provides the service to the user and the second ID that is uniquely determined by the combination of the user and the business operator. Remember. Further, the database 101 stores the biometric information of the user and the like in association with the public information specifying data for specifying the public information licensed by the user. The authentication unit 102 executes the authentication process in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first business operator, and the authentication unit 102 executes the authentication process. The second ID is transmitted to the first business operator. The information providing unit 103 receives from the second business operator a public information provision request including the biometric information of the user who the second business operator wants to refer to and the type of public information to be referred to. The information providing unit 103 acquires the public information to be referred from the public server holding the public information to be referred to by using the public information specific data, and transmits the acquired public information to the second business operator. ..
 認証サーバ100は、第1の事業者(例えば、民間事業者)から認証要求を受信すると、利用者と事業者の組み合わせから一意に定まる第2のID(サービスユーザID)を第1の事業者に送信する。第1の事業者は、利用者にサービスを提供する際に必要となるサービス情報と第2のIDを対応付けて記憶することで、認証サーバ100から取得した第2のIDに基づき必要なサービス情報を特定できる。また、認証サーバ100は、第2の事業者(例えば、市役所等の公的機関)から公的情報の提供を要求されると、生体認証により利用者を特定し、情報提供が要望されている公的情報を特定するためのデータ(例えば、パスポート番号等)を取得する。認証サーバ100は、当該公的情報特定データを、公的情報を保持、管理する公的サーバに送信することで、対応する公的情報(例えば、パスポートの記載事項)を取得する。認証サーバ100は、取得した公的情報を第2の事業者に送信する。第2の事業者は、取得した公的情報を用いつつ利用者にサービスを提供できる。このように、認証サーバ100は、民間事業者及び公的機関からの要求に対して、データベース101を利用した認証処理、照合処理を実行することで処理する。換言すれば、民間事業者、公的機関のいずれであっても独自の認証システムを構築する必要はなく、生体認証を導入するハードルが下がる。その結果、生体認証がより一層普及する。 When the authentication server 100 receives an authentication request from the first business operator (for example, a private business operator), the authentication server 100 assigns a second ID (service user ID) uniquely determined from the combination of the user and the business operator to the first business operator. Send to. The first business operator stores the service information required when providing the service to the user in association with the second ID, and the required service is based on the second ID acquired from the authentication server 100. Information can be identified. Further, when the authentication server 100 is requested to provide public information by a second business operator (for example, a public institution such as a city hall), the user is specified by biometric authentication and the information is requested to be provided. Obtain data for identifying public information (for example, passport number, etc.). The authentication server 100 acquires the corresponding public information (for example, items described in a passport) by transmitting the public information specific data to a public server that holds and manages the public information. The authentication server 100 transmits the acquired public information to the second business operator. The second business operator can provide the service to the user while using the acquired public information. In this way, the authentication server 100 processes requests from private businesses and public institutions by executing authentication processing and verification processing using the database 101. In other words, neither private businesses nor public institutions need to build their own authentication system, which lowers the hurdles for introducing biometrics. As a result, biometrics becomes even more widespread.
 以下に具体的な実施形態について、図面を参照してさらに詳しく説明する。
[第1の実施形態]
 第1の実施形態について、図面を用いてより詳細に説明する。
[システムの構成]
 図2は、第1の実施形態に係る認証システムの概略構成の一例を示す図である。図2に示すように、認証システムには、少なくとも1以上の事業者、認証センター、公的サーバ群が含まれる。 Specific embodiments will be described in more detail below with reference to the drawings.
[First Embodiment]
The first embodiment will be described in more detail with reference to the drawings.
[System configuration]
FIG. 2 is a diagram showing an example of a schematic configuration of the authentication system according to the first embodiment. As shown in FIG. 2, the authentication system includes at least one business operator, an authentication center, and a group of public servers.
 認証システムに参加する各事業者は、生体認証を用いてサービスを提供する。 Each business operator participating in the authentication system provides services using biometric authentication.
 利用者にサービスを提供する事業者(サービス提供主体)は、民間事業者であっても公的機関であってもよい。 The business operator (service provider) that provides the service to the user may be a private business operator or a public institution.
 民間事業者として、小売店、宿泊事業者、イベント会社、医療機関等が例示される。例えば、小売店は、生体認証を用いた代金決済サービスを提供する。宿泊事業者は、生体認証を用いてチェックイン手続きや客室の入退室の管理を行う。イベント会社は、生体認証を用いてイベント会場への入退場を管理する。 Examples of private businesses include retail stores, lodging businesses, event companies, medical institutions, etc. For example, a retail store provides a payment service using biometric authentication. The lodging company manages check-in procedures and room entry / exit using biometric authentication. The event company uses biometrics to control entry and exit to and from the event venue.
 公的機関として、市役所、保健所、病院等が例示される。例えば、市役所等の職員が利用者(住民)の身元を確認する際に生体認証が用いられる。あるいは、給付金等の受給資格の有無を確かめるために生体認証が用いられることもある。 Examples of public institutions include city halls, health centers, hospitals, etc. For example, biometric authentication is used when a staff member of a city hall or the like confirms the identity of a user (resident). Alternatively, biometrics may be used to confirm eligibility to receive benefits, etc.
 本願開示の事業者は、民間事業者及び公的機関のいずれでもよく、生体認証を用いて任意のサービスを提供できればよい。 The business operator disclosed in the present application may be either a private business operator or a public institution, as long as it can provide an arbitrary service using biometric authentication.
 図2に示すように、各事業者は、種々の内部構成を有する。例えば、事業者の内部構成として、事業者S1のように、管理サーバ20と認証端末30を備える構成が例示される。 As shown in FIG. 2, each business operator has various internal configurations. For example, as an internal configuration of a business operator, a configuration including a management server 20 and an authentication terminal 30 like the business operator S1 is exemplified.
 管理サーバ20は、事業者の業務全般を制御、管理するサーバである。例えば、事業者が小売店である場合には、管理サーバ20は、商品の在庫管理や代金決済処理等を行う。
あるいは、事業者が宿泊事業者であれば、管理サーバ20は、宿泊客の予約情報の管理等を行う。 The management server 20 is a server that controls and manages the entire business of the business operator. For example, when the business operator is a retail store, the management server 20 performs inventory management of products, payment processing, and the like.
Alternatively, if the business operator is an accommodation business operator, the management server 20 manages the reservation information of the guest.
 管理サーバ20は、上記サービス提供に係る機能に加え、利用者の生体認証に関する制御機能、管理機能を備える。 The management server 20 has a control function and a management function related to biometric authentication of the user, in addition to the functions related to the above service provision.
 認証端末30は、事業者を訪れた利用者(利用客)のインターフェイスとなる装置(第1の端末)である。利用者は、認証端末30を介して種々のサービス提供を受ける。例えば、事業者が小売店である場合には、利用者は、認証端末30を用いて代金の決済を行う。あるいは、事業者が宿泊事業者であれば、利用者は認証端末30を用いてチェックイン手続きを行う。 The authentication terminal 30 is a device (first terminal) that serves as an interface for a user (customer) who has visited the business operator. The user receives various services via the authentication terminal 30. For example, when the business operator is a retail store, the user pays the price using the authentication terminal 30. Alternatively, if the business operator is an accommodation business operator, the user performs a check-in procedure using the authentication terminal 30.
 第1の実施形態では、認証端末30は、利用者自身が使用する端末(セルフ端末)として説明を行う。ただし、認証端末30の使用形態を限定する趣旨ではなく、事業者の従業員、職員等が認証端末30を使って利用者にサービスを提供してもよいし、利用者と従業員の両者が認証端末30を使用してもよい。 In the first embodiment, the authentication terminal 30 is described as a terminal (self terminal) used by the user himself / herself. However, the purpose is not to limit the usage pattern of the authentication terminal 30, and the employees, staff, etc. of the business operator may provide the service to the user using the authentication terminal 30, and both the user and the employee may provide the service. The authentication terminal 30 may be used.
 図2に示す事業者S2のように、サーバを設置せず、職員端末31を備える事業者の内部構成もあり得る。例えば、職員端末31は、市役所や病院等の受付に設置される端末(第2の端末)である。市役所等の職員は、職員端末31を操作しつつ利用者にサービスを提供する。例えば、市役所等の職員は、職員端末31を用いて、行政サービスを受けようとする利用者のサービス受給資格等を確認する。 There may be an internal configuration of a business operator equipped with a staff terminal 31 without installing a server, as in the business operator S2 shown in FIG. For example, the staff terminal 31 is a terminal (second terminal) installed at the reception desk of a city hall, a hospital, or the like. The staff of the city hall or the like provides services to the users while operating the staff terminal 31. For example, an employee of a city hall or the like uses the employee terminal 31 to confirm the service eligibility of a user who intends to receive an administrative service.
 第1の実施形態では、職員端末31は、利用者以外の第三者が使用する端末として説明を行う。しかし、職員端末31は、認証端末30と同様に利用者が使用する端末とすることもできるし、利用者と職員等が共に使用する端末とすることもできる。 In the first embodiment, the staff terminal 31 is described as a terminal used by a third party other than the user. However, the staff terminal 31 may be a terminal used by the user in the same manner as the authentication terminal 30, or may be a terminal used by both the user and the staff.
 認証センターは、認証サービス、情報提供サービスを提供する。認証センターには、認証サーバ10が設置されている。認証サーバ10は、生体情報を用いた認証の認証局として動作する。認証サーバ10は、認証センターの敷地に設置されたサーバであってもよいし、クラウド上に設置されたサーバであってもよい。 The certification center provides certification services and information provision services. An authentication server 10 is installed in the authentication center. The authentication server 10 operates as a certificate authority for authentication using biometric information. The authentication server 10 may be a server installed on the site of the authentication center or a server installed on the cloud.
 なお、利用者の生体情報には、例えば、顔、指紋、声紋、静脈、網膜、瞳の虹彩の模様(パターン)といった個人に固有の身体的特徴から計算されるデータ(特徴量)が例示される。あるいは、利用者の生体情報は、顔画像、指紋画像等の画像データであってもよい。利用者の生体情報は、利用者の身体的特徴を情報として含むものであればよい。第1の実施形態では、顔画像又は顔画像から生成された特徴量を生体情報として扱い説明する。 In addition, the biometric information of the user exemplifies data (feature amount) calculated from physical characteristics peculiar to an individual such as a face, a fingerprint, a voice print, a vein, a retina, and an iris pattern (pattern) of the pupil. To. Alternatively, the biometric information of the user may be image data such as a face image and a fingerprint image. The biometric information of the user may be any information that includes the physical characteristics of the user. In the first embodiment, the face image or the feature amount generated from the face image is treated and described as biometric information.
 認証サーバ10は、生体認証によるサービスを実現するためのサーバ装置である。認証サーバ10は、認証サービス、情報提供サービスを各事業者に提供する。 The authentication server 10 is a server device for realizing a service by biometric authentication. The authentication server 10 provides an authentication service and an information providing service to each business operator.
 公的サーバ群は、公的な情報を取り扱うサーバ(公的サーバ)の集合である。例えば、パスポートの情報を記憶、管理するパスポートサーバ41や保険証の情報を記憶、管理する保険証サーバ42が公的サーバ群に含まれる。公的サーバは、外務省等の官庁や当該官庁から委託を受けた事業者により管理、運営される。 A public server group is a set of servers (public servers) that handle public information. For example, a passport server 41 that stores and manages passport information and an insurance certificate server 42 that stores and manages insurance certificate information are included in the public server group. The public server is managed and operated by a government agency such as the Ministry of Foreign Affairs or a business operator entrusted by the government agency.
 図2に示す各装置は相互に接続されている。例えば、認証サーバ10と管理サーバ20は、有線又は無線の通信手段により接続され、相互に通信が可能となるように構成されている。 The devices shown in FIG. 2 are connected to each other. For example, the authentication server 10 and the management server 20 are connected by a wired or wireless communication means and are configured to be able to communicate with each other.
 図2に示す構成は例示であって、本願開示の認証システムの構成等を限定する趣旨ではない。例えば、認証センターには2台以上の認証サーバ10が含まれていてもよい。あるいは、管理サーバ20と認証端末30の機能が統合され、当該統合された1台の装置により生体認証を用いたサービスが提供されてもよい。また、公的サーバ群に含まれる各公的サーバは、2以上の公的情報を扱ってもよい。例えば、パスポートサーバ41と保険証サーバ42が統合され、当該統合された一台のサーバが、パスポートと保険証の公的情報を扱ってもよい。
[システムの動作概略]
 続いて、第1の実施形態に係る認証システムの概略動作について説明する。 The configuration shown in FIG. 2 is an example, and is not intended to limit the configuration of the authentication system disclosed in the present application. For example, the authentication center may include two or more authentication servers 10. Alternatively, the functions of the management server 20 and the authentication terminal 30 may be integrated, and the integrated device may provide a service using biometric authentication. Further, each public server included in the public server group may handle two or more public information. For example, the passport server 41 and the insurance card server 42 may be integrated, and the integrated server may handle public information of the passport and the insurance card.
[Overview of system operation]
Subsequently, the schematic operation of the authentication system according to the first embodiment will be described.
 認証システムの動作には、4つのフェーズが含まれる。 The operation of the authentication system includes four phases.
 第1のフェーズは、利用者のシステム登録を行うフェーズ(利用者登録フェーズ)である。 The first phase is the phase for registering the user's system (user registration phase).
 第2のフェーズは、利用者がサービスの提供を受けるために必要な情報、とりわけ、民間事業者からサービスの提供を受けるために必要なサービス情報をシステムに登録するフェーズ(サービス情報登録フェーズ)である。 The second phase is the phase (service information registration phase) in which the information necessary for the user to receive the service is registered in the system, in particular, the service information necessary for the user to receive the service from the private business operator. be.
 第3のフェーズは、認証センターから事業者に利用者の公的情報を提供することに対する利用者の許諾をシステムに登録(与える)フェーズ(公的情報提供許諾フェーズ)である。 The third phase is a phase (public information provision permission phase) in which the user's permission to provide the user's public information from the authentication center to the business operator is registered (given) in the system.
 第4のフェーズは、各事業者が生体認証を用いたサービスを利用者に提供するフェーズ(サービス提供フェーズ)である。サービス提供フェーズには、利用者がシステム登録したサービス情報を用いたサービス提供と、利用者自身の公的情報を用いたサービス提供と、が含まれる。
[利用者登録フェーズ]
 図3は、第1の実施形態に係る認証システムの利用者登録フェーズにおける動作を説明するための図である。 The fourth phase is a phase (service provision phase) in which each business operator provides a service using biometric authentication to a user. The service provision phase includes service provision using the service information registered by the user in the system and service provision using the user's own public information.
[User registration phase]
FIG. 3 is a diagram for explaining the operation in the user registration phase of the authentication system according to the first embodiment.
 生体認証を用いたサービスの提供を希望する利用者は、事前に利用者登録を行う。利用者は、自身の生体情報(例えば、顔画像)と身元確認書類をシステムに入力する。なお、本願開示で使用できる身元確認書類は、パスポート、運転免許証のように生体情報が記載された書類とする。 Users who wish to provide services using biometric authentication should register as users in advance. The user inputs his / her biometric information (for example, a facial image) and identification documents into the system. The identification documents that can be used in the disclosure of the present application shall be documents containing biometric information such as passports and driver's licenses.
 利用者は、任意の手段を用いて上記2つの情報(生体情報、身元確認書類)をシステムに入力する。例えば、利用者は、上記2つの情報が記載された書類を認証センターに郵送し、認証センターの従業員が上記2つの情報を認証サーバ10に入力してもよい。あるいは、利用者は、上記2つの情報が格納された、USB(Universal Serial Bus)等の外部記憶装置を認証センターに郵送してもよい。 The user inputs the above two pieces of information (biological information, identity verification document) into the system by any means. For example, the user may mail a document containing the above two information to the authentication center, and an employee of the authentication center may input the above two information into the authentication server 10. Alternatively, the user may mail an external storage device such as USB (Universal Serial Bus) in which the above two pieces of information are stored to the authentication center.
 あるいは、利用者は、端末40にインストールされたアプリケーションを用いて上記2つの情報を認証サーバ10に入力してもよい。端末40には、スマートフォン、携帯電話機、ゲーム機、タブレット等の携帯端末装置やコンピュータ(パーソナルコンピュータ、ノートパソコン)等が例示される。 Alternatively, the user may input the above two pieces of information into the authentication server 10 using the application installed on the terminal 40. Examples of the terminal 40 include mobile terminal devices such as smartphones, mobile phones, game machines, and tablets, computers (personal computers, notebook computers), and the like.
 第1の実施形態では、利用者は、端末40にインストールされたアプリケーションを用いて上記利用者登録等を行う場合について説明する。また、以降の説明では、上記アプリケーションを「利用者支援アプリケーション」又は単に「支援アプリ」と表記する。利用者支援アプリケーションは、利用者が事業者からサービスの提供を受ける際に必要な情報入力等を支援するアプリケーションである。 In the first embodiment, the case where the user performs the above-mentioned user registration or the like by using the application installed on the terminal 40 will be described. Further, in the following description, the above application will be referred to as a "user support application" or simply a "support application". The user support application is an application that assists a user in inputting information necessary for receiving a service from a business operator.
 端末40(支援アプリ)は、利用者の生体情報(例えば、顔画像)と身元確認書類(例えば、パスポートの複製)を含む「利用者登録要求」を認証サーバ10に送信する。 The terminal 40 (support application) transmits a "user registration request" including the user's biometric information (for example, a face image) and identification documents (for example, a copy of a passport) to the authentication server 10.
 例えば、認証サーバ10は、取得した顔画像とパスポートに記載された顔画像(以下、パスポート顔画像と表記する)を用いて本人確認を行う。認証サーバは、上記2つの顔画像が実質的に同一人物の顔画像の場合に、本人確認に成功したと判定する。 For example, the authentication server 10 performs identity verification using the acquired face image and the face image described in the passport (hereinafter referred to as a passport face image). The authentication server determines that the identity verification has been successful when the two face images are substantially the same person's face images.
 本人確認に成功すると、認証サーバ10は、取得した顔画像から特徴量(複数の特徴量からなる特徴ベクトル)を生成する。その後、認証サーバ10は、利用者を一意に識別するためのID(ユーザID)を生成する。 If the identity verification is successful, the authentication server 10 generates a feature amount (feature vector consisting of a plurality of feature amounts) from the acquired face image. After that, the authentication server 10 generates an ID (user ID) for uniquely identifying the user.
 認証サーバ10は、上記生成された特徴量(生体情報)とユーザIDを対応付けてデータベースに記憶する。より具体的には、認証サーバ10は、事業者情報データベースと公的情報データベースのそれぞれにエントリを追加し、上記生成された生体情報とユーザIDを記憶する。なお、第1の実施形態では、認証サーバ10は、2つのデータベースを用いて利用者の生体情報を管理する場合について説明する。しかし、認証サーバ10は、上記2つのデータベースが統合されたデータベースを用いて利用者の生体情報、認証情報等を管理してもよい。 The authentication server 10 stores the generated feature amount (biological information) in association with the user ID in the database. More specifically, the authentication server 10 adds an entry to each of the business information database and the public information database, and stores the generated biometric information and the user ID. In the first embodiment, the case where the authentication server 10 manages the biometric information of the user by using two databases will be described. However, the authentication server 10 may manage the biometric information, the authentication information, and the like of the user by using the database in which the above two databases are integrated.
 事業者情報データベースは、サービス情報を使用する事業者からの認証要求を処理する際に必要なデータベースである。当該データベースの詳細は後述する。サービス情報は、事業者(とりわけ民間事業者)が利用者に対してサービスを提供するために必要となる情報である。例えば、ホテル事業者が宿泊サービスの提供時に必要な予約情報や、イベント主催者が発行するチケット情報等がサービス情報として例示される。 The business operator information database is a database required when processing an authentication request from a business operator that uses service information. Details of the database will be described later. Service information is information required for a business operator (particularly a private business operator) to provide a service to a user. For example, reservation information necessary for a hotel operator to provide an accommodation service, ticket information issued by an event organizer, and the like are exemplified as service information.
 公的情報データベースは、生体情報と公的情報の提供に必要な情報を対応付けて記憶するデータベースである。当該データベースの詳細は後述する。公的情報は、公的機関により生成、発行、管理される情報である。例えば、パスポートの記載事項や保険証の記載事項が公的情報として例示される。 The public information database is a database that stores biometric information and information necessary for providing public information in association with each other. Details of the database will be described later. Public information is information generated, issued, and managed by a public institution. For example, the items described in the passport and the items described in the health insurance card are exemplified as public information.
 また、認証サーバ10は、生成したユーザIDを端末40に払い出す。端末40(支援アプリ)は、取得したユーザIDを記憶する。
[サービス情報登録フェーズ]
 図4は、第1の実施形態に係る認証システムのサービス情報登録フェーズにおける動作を説明するための図である。 Further, the authentication server 10 distributes the generated user ID to the terminal 40. The terminal 40 (support application) stores the acquired user ID.
[Service information registration phase]
FIG. 4 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service information registration phase.
 事業者からサービスの提供を受けたい利用者は、サービス情報をシステムに登録する。
より具体的には、利用者は、生体認証によりサービスを受けたい事業者を選択し、当該選択した事業者と当該事業者が利用(参照)するサービス情報をシステムに登録する。 A user who wants to receive a service from a business operator registers service information in the system.
More specifically, the user selects a business operator who wants to receive the service by biometric authentication, and registers the selected business operator and the service information used (referenced) by the business operator in the system.
 例えば、図2において、利用者が事業者S1からサービスの提供を希望する場合には、事業者S1と事業者S1が必要とするサービス情報をシステムに登録する。例えば、事業者S1が宿泊事業者であれば、利用者は、宿泊事業者(事業者S1)からサービスを受ける事実と宿泊事業者がサービス提供時に必要とするサービス情報(予約情報;氏名、宿泊日等)をシステムに登録する。 For example, in FIG. 2, when the user wishes to provide the service from the business operator S1, the service information required by the business operator S1 and the business operator S1 is registered in the system. For example, if the business operator S1 is an accommodation business operator, the user can receive the service from the accommodation business operator (business operator S1) and the service information (reservation information; name, accommodation) required by the accommodation business operator when providing the service. Date etc.) is registered in the system.
 また、利用者は、上記サービス情報と併せて、利用者登録フェーズにて払い出されたユーザIDをシステムに登録する。 In addition, the user registers the user ID issued in the user registration phase in the system together with the above service information.
 なお、本願開示においてサービス情報は、利用者(被認証者)の生体情報を含まない情報と定義される。即ち、生体情報及び当該生体情報から生成された特徴量は、本願開示の「サービス情報」から除外される。 In the disclosure of the present application, the service information is defined as information that does not include the biometric information of the user (certified person). That is, the biological information and the feature amount generated from the biological information are excluded from the "service information" disclosed in the present application.
 利用者は、上記2つの情報(ユーザID、サービス情報)を任意の手段を用いて事業者に入力する。第1の実施形態では、図4に示すように、利用者は端末40を操作して上記2つの情報を管理サーバ20に入力する場合について説明する。この場合、利用者は、端末40にインストールされた支援アプリを介して、上記2つの情報を管理サーバ20に入力する。具体的には、端末40は、利用者のユーザIDとサービス情報を含む「サービス情報登録要求」を管理サーバ20に送信する。 The user inputs the above two pieces of information (user ID, service information) to the business operator by any means. In the first embodiment, as shown in FIG. 4, a case where the user operates the terminal 40 and inputs the above two information to the management server 20 will be described. In this case, the user inputs the above two pieces of information into the management server 20 via the support application installed on the terminal 40. Specifically, the terminal 40 transmits a "service information registration request" including a user ID and service information of the user to the management server 20.
 管理サーバ20は、上記2つの情報(ユーザID、サービス情報)を含むサービス情報登録要求を受信する。当該サービス情報登録要求の受信に応じて、管理サーバ20は、認証サーバ10に対して「事業者登録要求」を送信する。具体的には、管理サーバ20は、ユーザID及び事業者IDを含む事業者登録要求を認証サーバ10に送信する。 The management server 20 receives a service information registration request including the above two pieces of information (user ID and service information). In response to the reception of the service information registration request, the management server 20 transmits a "business registration request" to the authentication server 10. Specifically, the management server 20 transmits a business registration request including a user ID and a business ID to the authentication server 10.
 事業者IDは、認証システムに含まれる事業者(生体認証を利用する認証基盤に参加している主体)を一意に識別するための識別情報である。図2の例では、事業者S1、S2のそれぞれに異なる事業者IDが割り当てられている。 The business ID is identification information for uniquely identifying the business (subject participating in the authentication platform using biometric authentication) included in the authentication system. In the example of FIG. 2, different business IDs are assigned to each of the business operators S1 and S2.
 なお、事業者IDは、事業者ごとに割り当てられるIDであって、サービスごとに割り当てられるIDではない。例えば、図2において、事業者S1とS2が同じ種類のサービス(例えば、宿泊サービス)を提供する事業者であっても、経営主体が異なればこれらの事業者には異なるIDが割り当てられる。 The business ID is an ID assigned to each business, not an ID assigned to each service. For example, in FIG. 2, even if the businesses S1 and S2 are businesses that provide the same type of service (for example, accommodation service), different IDs are assigned to these businesses if the management entity is different.
 認証サーバ10と管理サーバ20は、任意の方法により事業者IDを共有する。例えば、事業者が認証基盤に参加する際、認証サーバ10が事業者IDを生成し、当該生成したサービサーIDを事業者に配布(通知)すればよい。 The authentication server 10 and the management server 20 share the business ID by any method. For example, when a business operator participates in the authentication infrastructure, the authentication server 10 may generate a business operator ID and distribute (notify) the generated servicer ID to the business operator.
 事業者登録要求を受信すると、認証サーバ10は、当該要求に含まれるユーザIDをキーとして事業者情報データベースを検索し、対応する利用者を特定する。その後、認証サーバ10は、「サービスユーザID」を生成する。 Upon receiving the business registration request, the authentication server 10 searches the business information database using the user ID included in the request as a key, and identifies the corresponding user. After that, the authentication server 10 generates a "service user ID".
 サービスユーザIDは、利用者と事業者の対応関係(組み合わせ)を一意に定める識別情報である。例えば、図2の例では、利用者U1と事業者S1の組み合わせから定まるサービスユーザIDと、利用者U1と事業者S2の組み合わせから定まるサービスユーザIDには、それぞれ異なる値が生成される。 The service user ID is identification information that uniquely defines the correspondence (combination) between the user and the business operator. For example, in the example of FIG. 2, different values are generated for the service user ID determined from the combination of the user U1 and the operator S1 and the service user ID determined from the combination of the user U1 and the operator S2.
 認証サーバ10は、ユーザID、生体情報(特徴量)、事業者ID、上記生成されたサービスユーザIDを対応付けて事業者情報データベースに記憶する。 The authentication server 10 stores the user ID, biometric information (feature amount), the business operator ID, and the service user ID generated above in association with each other in the business operator information database.
 認証サーバ10は、上記生成したサービスユーザIDを、事業者登録要求の送信元に送信する。認証サーバ10は、サービスユーザIDを含む応答を管理サーバ20に送信し、サービスユーザIDの払い出しを行う。 The authentication server 10 transmits the service user ID generated above to the sender of the business operator registration request. The authentication server 10 sends a response including the service user ID to the management server 20, and issues the service user ID.
 管理サーバ20は、認証サーバ10から取得したサービスユーザIDと利用者から取得したサービス情報を対応付けて記憶する。管理サーバ20は、利用者情報データベースに新規なエントリを追加し、上記情報(サービスユーザID、サービス情報)を記憶する。 The management server 20 stores the service user ID acquired from the authentication server 10 in association with the service information acquired from the user. The management server 20 adds a new entry to the user information database and stores the above information (service user ID, service information).
 利用者は、生体認証を用いたサービスの提供を受けたい事業者ごとに上記のような登録動作を繰り返す。換言すれば、利用者は、サービスの提供が不要な事業者についての利用登録を行う必要はない。また、事業者からサービスの提供を受ける予定のない利用者は、サービス情報登録フェーズを実施しなくともよい。
[公的情報提供許諾フェーズ]
 図5は、第1の実施形態に係る認証システムの公的情報提供許諾フェーズにおける動作を説明するための図である。 The user repeats the above registration operation for each business operator who wants to receive the service using biometric authentication. In other words, the user does not need to register the use of the business operator who does not need to provide the service. In addition, users who do not plan to receive services from businesses do not have to carry out the service information registration phase.
[Public information provision permission phase]
FIG. 5 is a diagram for explaining the operation of the authentication system according to the first embodiment in the public information provision permission phase.
 自身の公的情報(例えば、パスポートの記載事項、保険証の記載事項)を事業者に提供することを許諾する利用者は、当該公的情報の提供許諾をシステムに対して行う。より具体的には、利用者は、提供の許諾を行う公的情報(パスポートの記載事項、保険証の記載事項)の種類を選択する。利用者は、自身の選択した公的情報種類(パスポート、保険証)を特定するためのデータ(以下、公的情報特定データと表記する)をシステムに登録する。例えば、パスポートの記載事項を事業者(第三者)に提供することを許諾する場合には、利用者は、パスポート番号を公的情報特定データとしてシステムに登録する。 A user who permits the provision of his / her own public information (for example, the items described in the passport and the items described in the insurance card) to the business operator grants the system permission to provide the public information. More specifically, the user selects the type of public information (passport entry, insurance card entry) for which provision is permitted. The user registers the data for specifying the public information type (passport, health insurance card) selected by himself / herself (hereinafter referred to as public information specific data) in the system. For example, when permitting the business operator (third party) to provide the items described in the passport, the user registers the passport number in the system as public information identification data.
 また、利用者は、上記公的情報特定データと併せて、利用者登録フェーズにて払い出されたユーザIDをシステムに登録する。 In addition, the user registers the user ID issued in the user registration phase in the system together with the above-mentioned public information specific data.
 利用者は、上記2つの情報(ユーザID、公的情報特定データ)を任意の手段を用いて認証サーバ10に入力する。第1の実施形態では、図5に示すように、利用者は端末40を操作して上記2つの情報を認証サーバ10に入力する場合について説明する。この場合、利用者は、端末40にインストールされた支援アプリを介して、上記2つの情報を認証サーバ10に入力する。具体的には、端末40は、ユーザID及び公的情報特定データを含む公的情報提供許諾を認証サーバ10に送信する。 The user inputs the above two pieces of information (user ID, public information specific data) into the authentication server 10 by any means. In the first embodiment, as shown in FIG. 5, a case where the user operates the terminal 40 and inputs the above two information to the authentication server 10 will be described. In this case, the user inputs the above two pieces of information into the authentication server 10 via the support application installed on the terminal 40. Specifically, the terminal 40 transmits a public information provision permission including a user ID and public information specific data to the authentication server 10.
 公的情報提供許諾を受信すると、認証サーバ10は、当該許諾に含まれるユーザIDをキーとして公的情報データベースを検索し、対応する利用者を特定する。 Upon receiving the public information provision permission, the authentication server 10 searches the public information database using the user ID included in the permission as a key, and identifies the corresponding user.
 認証サーバ10は、ユーザID、生体情報(特徴量)、公的情報特定データ(例えば、パスポート番号)を対応付けて公的情報データベースに記憶する。 The authentication server 10 stores the user ID, biometric information (feature amount), and public information specific data (for example, passport number) in the public information database in association with each other.
 公的情報データベースに情報登録を行うと、認証サーバ10は、処理が正常に終了したことを示す肯定応答を端末40に送信する。公的情報データベースに情報登録が行えない場合、認証サーバ10は、処理が正常に終了しなかったことを示す否定応答を端末40に送信する。 When the information is registered in the public information database, the authentication server 10 sends an acknowledgment indicating that the process is completed normally to the terminal 40. If the information cannot be registered in the public information database, the authentication server 10 sends a negative response indicating that the process has not been completed normally to the terminal 40.
 認証サーバ10からの応答を受信した端末40は、その内容に応じたメッセージ等を出力する。 The terminal 40 that has received the response from the authentication server 10 outputs a message or the like according to the content.
 なお、自身の公的情報を事業者に提供することを許諾しない利用者は、公的情報許諾フェーズを実施する必要はない。
[サービス提供フェーズ]
 サービス提供フェーズには、サービス情報を利用したサービスの提供と、公的情報を利用したサービスの提供と、が含まれる。 Users who do not permit the provision of their own public information to businesses do not need to carry out the public information licensing phase.
[Service provision phase]
The service provision phase includes the provision of services using service information and the provision of services using public information.
 はじめに、サービス情報を利用したサービスの提供を説明する。図6は、第1の実施形態に係る認証システムのサービス提供フェーズにおける動作を説明するための図である。 First, we will explain the provision of services using service information. FIG. 6 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service provision phase.
 サービス情報の登録(サービス情報登録フェーズ)を終了した利用者は、事業者を訪問する。利用者は、認証端末30の前に移動する。 The user who has completed the registration of service information (service information registration phase) visits the business operator. The user moves in front of the authentication terminal 30.
 認証端末30は、面前の利用者から生体情報を取得する。具体的には、認証端末30は、利用者を撮像し、顔画像を取得する。認証端末30は、取得した顔画像を管理サーバ20に送信する。 The authentication terminal 30 acquires biometric information from the user in front of him. Specifically, the authentication terminal 30 takes an image of the user and acquires a face image. The authentication terminal 30 transmits the acquired face image to the management server 20.
 管理サーバ20は、取得した顔画像から特徴量を生成する。管理サーバ20は、当該生成した特徴量(生体情報)と事業者IDを含む認証要求を認証サーバ10に送信する。 The management server 20 generates a feature amount from the acquired face image. The management server 20 transmits an authentication request including the generated feature amount (biological information) and a business operator ID to the authentication server 10.
 認証サーバ10は、認証要求から特徴量を取り出し、当該取り出した特徴量と事業者情報データベースに登録された特徴量を用いた照合処理(1対N照合;Nは正の整数、以下同じ)を実行する。 The authentication server 10 extracts a feature amount from an authentication request, and performs a collation process (1 to N collation; N is a positive integer, the same applies hereinafter) using the extracted feature amount and the feature amount registered in the business information database. Run.
 認証サーバ10は、照合処理により利用者を特定し、当該特定した利用者に対応付けられている複数のサービスユーザIDのうち認証要求に含まれる事業者IDに対応するサービスユーザIDを特定する。 The authentication server 10 identifies a user by collation processing, and specifies a service user ID corresponding to a business operator ID included in an authentication request among a plurality of service user IDs associated with the specified user.
 認証サーバ10は、特定したサービスユーザIDを認証要求の送信元に送信する。認証サーバ10は、特定したサービスユーザIDを含む応答(認証要求に対する肯定応答)を管理サーバ20に送信する。 The authentication server 10 transmits the specified service user ID to the sender of the authentication request. The authentication server 10 transmits a response (affirmative response to the authentication request) including the specified service user ID to the management server 20.
 管理サーバ20は、取得したサービスユーザIDをキーとして利用者情報データベースを検索し、サービスユーザIDに対応するサービス情報を特定する。事業者(管理サーバ20、認証端末30)は、特定されたサービス情報に基づきサービス(例えば、代金精算、チェックイン手続き等)を利用者に提供する。 The management server 20 searches the user information database using the acquired service user ID as a key, and identifies the service information corresponding to the service user ID. The business operator (management server 20, authentication terminal 30) provides a service (for example, payment settlement, check-in procedure, etc.) to the user based on the specified service information.
 続いて、公的情報を利用したサービスの提供を説明する。図7は、第1の実施形態に係る認証システムのサービス提供フェーズにおける動作を説明するための図である。 Next, we will explain the provision of services using public information. FIG. 7 is a diagram for explaining the operation of the authentication system according to the first embodiment in the service provision phase.
 公的情報の提供許諾(公的情報提供許諾フェーズ)を終了した利用者は、事業者を訪問する。利用者は、職員端末31が置かれているエリア(例えば、市役所等の受付)に移動する。当該エリアには、事業者の職員等がおり、職員端末31を用いて利用者にサービスの提供を行う。 A user who has completed the public information provision permission (public information provision permission phase) visits the business operator. The user moves to the area where the staff terminal 31 is placed (for example, the reception desk of the city hall or the like). There are staff of the business operator in the area, and the service is provided to the user using the staff terminal 31.
 利用者の話(要望)を聞いた職員等は、当該利用者の公的情報の参照が必要と判断することがある。例えば、当該利用者の身元確認や行政サービスを受けるための資格確認のために、公的情報の参照が必要と判断される。この場合、職員等は、職員端末31を操作して、利用者の生体情報(顔画像)を取得する。職員端末31は、顔画像から特徴量を生成する。 The staff, etc. who heard the user's story (request) may judge that it is necessary to refer to the public information of the user. For example, it is determined that reference to public information is necessary to confirm the identity of the user and to confirm the qualification to receive administrative services. In this case, the staff or the like operates the staff terminal 31 to acquire the biometric information (face image) of the user. The staff terminal 31 generates a feature amount from the face image.
 また、職員等は、参照する公的情報の種類(例えば、パスポート、保険証)を決定する。職員等は、職員端末31を操作して、生体情報(特徴量)及び公的情報種類(公的書類)を含む「公的情報提供要求」を認証サーバ10に送信する。 In addition, the staff, etc. determine the type of public information to be referred to (for example, passport, health insurance card). The staff or the like operates the staff terminal 31 to transmit a "public information provision request" including biometric information (feature amount) and public information type (public document) to the authentication server 10.
 認証サーバ10は、公的情報提供要求から特徴量を取り出し、当該取り出した特徴量と公的情報データベースに登録された特徴量を用いた照合処理(1対N照合)を実行する。 The authentication server 10 extracts a feature amount from a public information provision request, and executes a collation process (one-to-N collation) using the extracted feature amount and the feature amount registered in the public information database.
 認証サーバ10は、照合処理により利用者を特定し、当該特定した利用者に対応付けられ、且つ、公的情報提供要求に含まれる公的情報種類に対応する公的情報特定データを特定する。例えば、職員端末31からパスポートの提供を求められた場合には、認証サーバ10は、パスポート番号を公的情報データベースから読み出す。 The authentication server 10 identifies a user by collation processing, and identifies public information identification data that is associated with the specified user and corresponds to the public information type included in the public information provision request. For example, when the staff terminal 31 requests the provision of a passport, the authentication server 10 reads the passport number from the public information database.
 認証サーバ10は、取得した公的情報特定データを公的サーバ群に送信する。より具体的には、認証サーバ10は、特定した公的情報特定データに対応する公的サーバに向けて当該公的情報特定データを送信する。上記パスポートの例では、パスポートサーバ41にパスポート番号が送信される。 The authentication server 10 transmits the acquired public information specific data to the public server group. More specifically, the authentication server 10 transmits the public information specific data to the public server corresponding to the specified public information specific data. In the above passport example, the passport number is transmitted to the passport server 41.
 公的サーバは、取得した公的情報特定データに対応する公的情報を認証サーバ10に送信する。上記パスポートの例では、パスポートサーバ41が、取得したパスポート番号に対応するパスポートの記載事項(氏名、生年月日、国籍、パスポート顔画像等)を認証サーバ10に送信する。 The public server transmits the public information corresponding to the acquired public information specific data to the authentication server 10. In the above passport example, the passport server 41 transmits the description items (name, date of birth, nationality, passport face image, etc.) of the passport corresponding to the acquired passport number to the authentication server 10.
 認証サーバ10は、公的サーバ群から公的情報を取得した場合には、当該取得した公的情報を含む応答(肯定応答;公的情報提供要求に対する応答)を職員端末31に送信する。認証サーバ10は、公的サーバ群から公的情報を取得できない場合等には、その旨を示す否定応答を職員端末31に送信する。 When the authentication server 10 acquires public information from the public server group, the authentication server 10 transmits a response (affirmative response; response to a public information provision request) including the acquired public information to the staff terminal 31. When the authentication server 10 cannot acquire public information from the public server group, the authentication server 10 transmits a negative response to that effect to the staff terminal 31.
 公的情報を取得した職員端末31は、当該取得した公的情報を表示する等の対応を行う。職員等は、表示された公的情報を参照し、行政サービスを提供する。 The staff terminal 31 that has acquired the public information takes measures such as displaying the acquired public information. Employees, etc. refer to the displayed public information and provide administrative services.
 続いて、第1の実施形態に係る認証システムに含まれる各装置の詳細について説明する。
[認証サーバ]
 図8は、第1の実施形態に係る認証サーバ10の処理構成(処理モジュール)の一例を示す図である。図8を参照すると、認証サーバ10は、通信制御部201と、利用者登録部202と、事業者登録部203と、特定データ登録部204と、認証部205と、公的情報提供部206と、記憶部207と、を備える。 Subsequently, the details of each device included in the authentication system according to the first embodiment will be described.
[Authentication server]
FIG. 8 is a diagram showing an example of a processing configuration (processing module) of the authentication server 10 according to the first embodiment. Referring to FIG. 8, the authentication server 10 includes a communication control unit 201, a user registration unit 202, a business operator registration unit 203, a specific data registration unit 204, an authentication unit 205, and a public information provision unit 206. , And a storage unit 207.
 通信制御部201は、他の装置との間の通信を制御する手段である。例えば、通信制御部201は、管理サーバ20からデータ(パケット)を受信する。また、通信制御部201は、管理サーバ20に向けてデータを送信する。通信制御部201は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部201は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部201を介して他の装置とデータの送受信を行う。 The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the management server 20. Further, the communication control unit 201 transmits data to the management server 20. The communication control unit 201 passes the data received from the other device to the other processing module. The communication control unit 201 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 201.
 利用者登録部202は、上述の利用者登録(利用者のシステム登録)を実現する手段である。利用者登録部202は、利用者(生体認証を用いたサービスの提供を希望する利用者;システム利用者)の生体情報(顔画像)及び身元確認書類を取得する。 The user registration unit 202 is a means for realizing the above-mentioned user registration (user system registration). The user registration unit 202 acquires biometric information (face image) and identity verification documents of a user (a user who wishes to provide a service using biometric authentication; a system user).
 利用者登録部202は、任意の手段を用いて上記2つの情報(生体情報、身元確認書類)を取得する。例えば、利用者登録部202は、端末40が送信する利用者登録要求を受信することで上記2つの情報を取得する。 The user registration unit 202 acquires the above two pieces of information (biological information and identity verification documents) by any means. For example, the user registration unit 202 acquires the above two pieces of information by receiving the user registration request transmitted by the terminal 40.
 利用者登録部202は、生体情報(顔画像)を取得すると、顔画像から特徴量(複数の特徴量からなる特徴ベクトル)を生成する。 When the user registration unit 202 acquires biometric information (face image), it generates a feature amount (feature vector composed of a plurality of feature amounts) from the face image.
 特徴量の生成処理に関しては既存の技術を用いることができるのでその詳細な説明を省略する。例えば、利用者登録部202は、顔画像から目、鼻、口等を特徴点として抽出する。その後、利用者登録部202は、特徴点それぞれの位置や各特徴点間の距離を特徴量として計算し、複数の特徴量からなる特徴ベクトル(顔画像を特徴づけるベクトル情報)を生成する。 Since existing techniques can be used for the feature quantity generation process, detailed explanations will be omitted. For example, the user registration unit 202 extracts eyes, nose, mouth, and the like as feature points from the face image. After that, the user registration unit 202 calculates the position of each feature point and the distance between each feature point as a feature amount, and generates a feature vector (vector information that characterizes the face image) composed of a plurality of feature amounts.
 利用者登録部202は、上記生成した特徴量が既に登録されている特徴量と重複していないことを検証する。利用者登録部202は、生成した特徴量と2つのデータベース(サービス情報データベース、公的情報データベース)に登録された特徴量を用いた照合処理(1対N照合)を実行する。照合処理に失敗すれば、利用者登録部202は、上記重複は発生していないと判定する。 The user registration unit 202 verifies that the generated feature amount does not overlap with the already registered feature amount. The user registration unit 202 executes a collation process (one-to-N collation) using the generated feature amount and the feature amount registered in the two databases (service information database and public information database). If the collation process fails, the user registration unit 202 determines that the above duplication has not occurred.
 当該重複が発生していなければ、利用者登録部202は、利用者の本人確認を行う。具体的には、利用者登録部202は、身元確認書類から身元検証用の顔画像(以下、検証顔画像と表記する)を取得する。利用者登録部202は、テンプレートマッチング等の技術を用いて身元確認書類の所定領域から検証顔画像を抽出する。 If the duplication does not occur, the user registration unit 202 confirms the identity of the user. Specifically, the user registration unit 202 acquires a face image for identity verification (hereinafter referred to as a verification face image) from the identity confirmation document. The user registration unit 202 extracts a verification face image from a predetermined area of the identification document by using a technique such as template matching.
 本人確認の際、利用者登録部202は、利用者登録要求に含まれる利用者の生体情報と身元確認書類から得られる生体情報を用いた1対1照合を実行する。当該照合処理に成功した場合に、利用者登録部202は、利用者の本人確認に成功したと判定する。 At the time of identity verification, the user registration unit 202 executes one-to-one verification using the biometric information of the user included in the user registration request and the biometric information obtained from the identity verification document. If the collation process is successful, the user registration unit 202 determines that the identity of the user has been confirmed successfully.
 具体的には、利用者登録部202は、取得した顔画像及び検証顔画像のそれぞれから特徴量を生成する。次に、利用者登録部202は、2枚の画像の類似度を計算する。利用者登録部202は、当該類似度に対して閾値処理を実行し、その結果に応じて本人確認の成否を決定する。 Specifically, the user registration unit 202 generates a feature amount from each of the acquired face image and the verified face image. Next, the user registration unit 202 calculates the similarity between the two images. The user registration unit 202 executes threshold processing for the similarity, and determines the success or failure of identity verification according to the result.
 類似度が閾値よりも高ければ、利用者登録部202は本人確認成功と判断する。対して、類似度が閾値以下であれば、利用者登録部202は、本人確認失敗と判断する。 If the degree of similarity is higher than the threshold value, the user registration unit 202 determines that the identity verification is successful. On the other hand, if the similarity is equal to or less than the threshold value, the user registration unit 202 determines that the identity verification has failed.
 本人確認に成功すると、利用者登録部202は、利用者に割り当てる(利用者に払い出す)ユーザIDを生成する。例えば、利用者登録部202は、利用者登録要求を処理するたびに一意な値を採番しユーザIDを生成する。 If the identity verification is successful, the user registration unit 202 generates a user ID to be assigned to the user (distributed to the user). For example, the user registration unit 202 assigns a unique value every time it processes a user registration request and generates a user ID.
 利用者登録部202は、上記生成したユーザID及び特徴量を事業者情報データベース、公的情報データベースに記憶する。 The user registration unit 202 stores the generated user ID and feature amount in the business information database and the public information database.
 より具体的には、利用者登録部202は、上記2つのデータベースに新たなエントリを追加し、ユーザID及び生体情報(特徴量)をそれぞれのデータベースに記憶する。例えば、利用者U1に関する利用者登録を行う場合には、利用者登録部202は、図9A、図10Aの最下段に示されるエントリを追加する。なお、利用者登録の段階では、事業者ID、サービスユーザID、公的情報特定データはシステムに入力されていないのでこれらのフィールドには何も設定されない。 More specifically, the user registration unit 202 adds a new entry to the above two databases, and stores the user ID and biometric information (feature amount) in each database. For example, when registering a user for user U1, the user registration unit 202 adds an entry shown at the bottom of FIGS. 9A and 10A. At the user registration stage, since the business operator ID, the service user ID, and the public information specific data are not input to the system, nothing is set in these fields.
 利用者登録部202は、利用者登録要求に対する応答を端末40に送信する。利用者登録部202は、ユーザID及び生体情報を事業者情報データベース、公的情報データベースに記憶した場合には、利用者登録に成功した旨を示す肯定応答を端末40に送信する。
ユーザID及び生体情報を上記2つのデータベースに記憶できなかった場合には、利用者登録部202は、利用者登録に失敗した旨を示す否定応答を端末40に送信する。例えば、既に利用者登録されている場合、本人確認に失敗した場合等に否定応答が端末40に送信される。利用者登録部202は、利用者登録に失敗した上記原因を含む否定応答を端末40に送信してもよい。 The user registration unit 202 transmits a response to the user registration request to the terminal 40. When the user ID and the biometric information are stored in the business information database and the public information database, the user registration unit 202 transmits an acknowledgment indicating that the user registration is successful to the terminal 40.
If the user ID and biometric information cannot be stored in the above two databases, the user registration unit 202 sends a negative response indicating that the user registration has failed to the terminal 40. For example, when the user is already registered, a negative response is transmitted to the terminal 40 when the identity verification fails. The user registration unit 202 may send a negative response including the above cause of failure of user registration to the terminal 40.
 このように、利用者登録部202は、利用者の生体情報と利用者の身元確認書類を含む利用者登録要求を受信すると、身元確認書類に基づいて利用者の本人確認を行う。利用者登録部202は、本人確認に成功した利用者の生体情報とユーザID(第3のID)をデータベースに登録する。また、利用者登録部202は、利用者の本人確認に成功すると、ユーザIDを利用者に払い出す。 In this way, when the user registration unit 202 receives the user registration request including the biometric information of the user and the identity verification document of the user, the user registration unit 202 confirms the identity of the user based on the identity verification document. The user registration unit 202 registers the biometric information and the user ID (third ID) of the user who has succeeded in identity verification in the database. Further, when the user registration unit 202 succeeds in confirming the identity of the user, the user registration unit 202 pays out the user ID to the user.
 事業者登録部203は、各事業者から送信される事業者登録要求を処理して事業者をシステムに登録する手段である。事業者登録部203は、第1の事業者(例えば、民間事業者)から事業者IDとユーザIDを含む事業者登録要求を受信すると、サービスユーザIDを生成する。事業者登録部203は、当該生成されたサービスユーザIDを第1の事業者に払い出す。 The business registration unit 203 is a means for processing the business registration request sent from each business and registering the business in the system. When the business operator registration unit 203 receives a business operator registration request including a business operator ID and a user ID from a first business operator (for example, a private business operator), the business operator registration unit 203 generates a service user ID. The business operator registration unit 203 pays out the generated service user ID to the first business operator.
 事業者登録部203は、取得した事業者登録要求に含まれるユーザIDをキーとして事業者情報データベースを検索する。事業者登録部203は、検索によって特定した利用者の事業者IDフィールドを確認する。 The business registration unit 203 searches the business information database using the user ID included in the acquired business registration request as a key. The business registration unit 203 confirms the business ID field of the user specified by the search.
 事業者登録部203は、事業者IDフィールドに、管理サーバ20から取得した事業者登録要求に含まれる事業者IDが設定されているか否かを判定する。管理サーバ20から取得した事業者IDが既に事業者情報データベースに登録されていれば、事業者登録部203は、その旨を管理サーバ20に通知する。この場合、事業者情報データベースには、利用者が登録しようとしているサービス(事業者)は既に登録されているので、事業者登録部203は、事業者登録要求に対する応答として「否定応答」を送信する。 The business operator registration unit 203 determines whether or not the business operator ID included in the business operator registration request acquired from the management server 20 is set in the business operator ID field. If the business ID acquired from the management server 20 is already registered in the business information database, the business registration unit 203 notifies the management server 20 to that effect. In this case, since the service (business operator) that the user is trying to register is already registered in the business operator information database, the business operator registration unit 203 sends a "negative response" as a response to the business operator registration request. do.
 対して、特定された利用者の事業者IDフィールドに、事業者登録要求に含まれる事業者IDが設定されていなければ、事業者登録部203は、当該利用者と事業者に対応するサービスユーザIDを生成する。 On the other hand, if the business ID included in the business registration request is not set in the business ID field of the specified user, the business registration unit 203 will be the service user corresponding to the user and the business. Generate an ID.
 上述のように、サービスユーザIDは、利用者と事業者の組み合わせから一意に定まる識別情報である。例えば、事業者登録部203は、ユーザID及び事業者IDを用いてハッシュ値を計算し、当該計算されたハッシュ値をサービスユーザIDとする。具体的には、事業者登録部203は、ユーザID及び事業者IDの連結値を計算し、当該計算された連結値のハッシュ値を計算することで、サービスユーザIDを生成する。 As described above, the service user ID is identification information uniquely determined from the combination of the user and the business operator. For example, the business operator registration unit 203 calculates a hash value using the user ID and the business operator ID, and uses the calculated hash value as the service user ID. Specifically, the business operator registration unit 203 calculates the concatenated value of the user ID and the business operator ID, and calculates the hash value of the calculated concatenated value to generate the service user ID.
 なお、上記ハッシュ値を用いたサービスユーザIDの生成は例示であって、サービスユーザIDの生成方法を限定する趣旨ではない。サービスユーザIDは、システム利用者と事業者の組み合わせを一意に識別できる情報であればどのような情報であってもよい。例えば、事業者登録部203は、事業者登録要求を処理するたびに一意な値を採番しサービスユーザIDとしてもよい。 Note that the generation of the service user ID using the above hash value is an example, and does not mean that the method of generating the service user ID is limited. The service user ID may be any information as long as it can uniquely identify the combination of the system user and the business operator. For example, the business operator registration unit 203 may assign a unique value each time it processes a business operator registration request and use it as a service user ID.
 サービスユーザIDを生成すると、事業者登録部203は、2つのID(事業者ID、サービスユーザID)を事業者情報データベースに登録する。例えば、利用者U1が事業者S1についてサービス情報の登録を行うと、図9Bの最下段に示されるエントリに上記2つのIDが追加される。 When the service user ID is generated, the business operator registration unit 203 registers two IDs (business operator ID and service user ID) in the business operator information database. For example, when the user U1 registers the service information for the business operator S1, the above two IDs are added to the entry shown at the bottom of FIG. 9B.
 サービス情報の登録は事業者ごとに行われるため、1人の利用者に複数の事業者ID、サービスユーザIDが設定されることがある。例えば、利用者U1が事業者S1、S2のそれぞれに関してサービス情報登録を行った場合には、図9Cの2行目、3行目のエントリが生成される。なお、利用者U2が事業者S1に関してサービス登録を行った場合には、図9Cの最下段のエントリが生成される。 Since service information is registered for each business operator, multiple business operator IDs and service user IDs may be set for one user. For example, when the user U1 registers the service information for each of the businesses S1 and S2, the entries in the second and third lines of FIG. 9C are generated. When the user U2 registers the service for the business operator S1, the entry at the bottom of FIG. 9C is generated.
 事業者登録要求を処理すると、事業者登録部203は、当該要求に対する応答を管理サーバ20に送信する。具体的には、サービスユーザIDが正常に生成され、事業者情報データベースに記憶された場合には、事業者登録部203は、当該生成されたサービスユーザIDを含む肯定応答を管理サーバ20に送信する。 When the business operator registration request is processed, the business operator registration unit 203 sends a response to the request to the management server 20. Specifically, when the service user ID is normally generated and stored in the business information database, the business registration unit 203 sends an acknowledgment including the generated service user ID to the management server 20. do.
 対して、サービスユーザIDが生成されない場合には、事業者登録部203は、否定応答を管理サーバ20に送信する。その際、事業者登録部203は、事業者登録要求が正常に処理されない原因(例えば、事業者登録は既に行われている等)を含む否定応答を管理サーバ20に送信してもよい。 On the other hand, if the service user ID is not generated, the business operator registration unit 203 sends a negative response to the management server 20. At that time, the business registration unit 203 may send a negative response to the management server 20 including the reason why the business registration request is not normally processed (for example, the business registration has already been performed).
 特定データ登録部204は、利用者(システム利用者が所持する端末40)から送信される公的情報提供許諾を処理して公的情報特定データをシステム登録する手段である。特定データ登録部204は、ユーザIDと公的情報特定データを含む公的情報提供許諾を受信すると、ユーザIDに対応するエントリに公的情報特定データを記憶する。 The specific data registration unit 204 is a means for processing the public information provision permission transmitted from the user (terminal 40 possessed by the system user) and registering the public information specific data in the system. Upon receiving the public information provision permission including the user ID and the public information specific data, the specific data registration unit 204 stores the public information specific data in the entry corresponding to the user ID.
 特定データ登録部204は、取得した公的情報提供許諾に含まれるユーザIDをキーとして公的情報データベースを検索する。検索に失敗すると(ユーザIDが公的情報データベースに登録されていないと)、特定データ登録部204は、当該ユーザIDはシステム登録されていないと判断する。 The specific data registration unit 204 searches the public information database using the user ID included in the acquired public information provision permission as a key. If the search fails (the user ID is not registered in the public information database), the specific data registration unit 204 determines that the user ID is not registered in the system.
 検索に成功すると、特定データ登録部204は、取得した公的情報提供許諾に含まれる公的情報特定データを上記特定した利用者のエントリに記憶する。より具体的には、特定データ登録部204は、公的情報特定データに基づいて当該データに対応する公的情報を判別し、公的情報データベースの対応するフィールドに公的情報特定データを書き込む。
例えば、利用者U1が、パスポートの記載事項に関する情報提供許諾を行うと、図10Bの最下段に示されるエントリのパスポート番号フィールドに取得したパスポート番号が書き込まれる。 If the search is successful, the specific data registration unit 204 stores the public information specific data included in the acquired public information provision license in the entry of the specified user. More specifically, the specific data registration unit 204 determines the public information corresponding to the public information based on the public information specific data, and writes the public information specific data in the corresponding field of the public information database.
For example, when the user U1 grants permission to provide information regarding the items described in the passport, the acquired passport number is written in the passport number field of the entry shown at the bottom of FIG. 10B.
 公的情報提供許諾を処理すると、特定データ登録部204は、当該許諾に対する応答を端末40に送信する。具体的には、公的情報特定データが公的情報データベースに記憶された場合には、特定データ登録部2034、上記許諾は正常に処理された旨を示す肯定応答を端末40に送信する。 When the public information provision permission is processed, the specific data registration unit 204 sends a response to the permission to the terminal 40. Specifically, when the public information specific data is stored in the public information database, the specific data registration unit 2034 sends an acknowledgment indicating that the above permission has been normally processed to the terminal 40.
 対して、端末40から取得したユーザIDが公的情報データベースに登録されていない等の理由により、公的情報特定データが公的情報データベースに記憶されなかった場合には、特定データ登録部204は、否定応答を端末40に送信する。その際、特定データ登録部204は、公的情報提供許諾が正常に処理されない原因(例えば、利用者はシステム登録されていない等)を含む否定応答を端末40に送信してもよい。 On the other hand, when the public information specific data is not stored in the public information database because the user ID acquired from the terminal 40 is not registered in the public information database, the specific data registration unit 204 , Sends a negative response to the terminal 40. At that time, the specific data registration unit 204 may send a negative response to the terminal 40 including the reason why the public information provision permission is not normally processed (for example, the user is not registered in the system).
 図9A~図9C、図10A~図10B等に示す事業者情報データベース、公的情報データベースは例示であって、これらのデータベースが記憶する情報を制限する趣旨ではない。例えば、認証用の特徴量に替えて顔画像が各データベースに登録されていてもよい。即ち、認証の都度、各データベースに登録された顔画像から特徴量が生成されてもよい。 The business information database and the public information database shown in FIGS. 9A to 9C, FIGS. 10A to 10B, etc. are examples, and do not intend to limit the information stored in these databases. For example, a face image may be registered in each database instead of the feature amount for authentication. That is, each time the authentication is performed, the feature amount may be generated from the face image registered in each database.
 認証部205は、事業者からの認証要求を処理する手段である。以下、図面を参照しつつ、認証部205の動作を説明する。図11は、第1の実施形態に係る認証部205の動作の一例を示すフローチャートである。 The authentication unit 205 is a means for processing an authentication request from a business operator. Hereinafter, the operation of the authentication unit 205 will be described with reference to the drawings. FIG. 11 is a flowchart showing an example of the operation of the authentication unit 205 according to the first embodiment.
 認証部205は、認証要求に含まれる特徴量と事業者IDを取り出す。認証部205は、取り出した特徴量と事業者IDをキーとして事業者情報データベースを検索し、対応するサービスユーザIDを特定する。 The authentication unit 205 retrieves the feature amount and the business ID included in the authentication request. The authentication unit 205 searches the business information database using the extracted feature amount and the business ID as keys, and identifies the corresponding service user ID.
 具体的には、認証部205は、認証要求から取り出した特徴量を照合側の特徴量、事業者情報データベースに格納された特徴量を登録側の特徴量にそれぞれ設定し、1対N照合を実行する(ステップS101)。その際、認証部205は、照合側と複数の登録側それぞれの特徴量との間の類似度を計算する。当該類似度には、カイ二乗距離やユークリッド距離等を用いることができる。なお、距離が離れているほど類似度は低く、距離が近いほど類似度が高い。 Specifically, the authentication unit 205 sets the feature amount extracted from the authentication request as the feature amount on the collating side and the feature amount stored in the business information database as the feature amount on the registration side, and performs one-to-N matching. Execute (step S101). At that time, the authentication unit 205 calculates the degree of similarity between the matching side and the feature amount of each of the plurality of registered sides. For the similarity, a chi-square distance, an Euclidean distance, or the like can be used. The farther the distance is, the lower the similarity is, and the closer the distance is, the higher the similarity is.
 認証部205は、事業者情報データベースに登録された複数の特徴量のうち、照合対象の特徴量との間の類似度が所定の値以上の特徴量が存在するか否か判定する(ステップS102)。そのような特徴量が存在しなければ(ステップS102、No分岐)、認証部205は、認証結果に「認証失敗」を設定する(ステップS103)。 The authentication unit 205 determines whether or not there is a feature amount whose similarity with the feature amount to be collated is equal to or higher than a predetermined value among the plurality of feature amounts registered in the business information database (step S102). ). If such a feature amount does not exist (step S102, No branch), the authentication unit 205 sets “authentication failure” in the authentication result (step S103).
 そのような特徴量が存在すれば(ステップS102、Yes分岐)、認証部205は、最も類似度が高い特徴量のエントリ(利用者)を特定する(ステップS104)。認証部205は、当該特定した利用者に対応付けられている少なくとも1以上の事業者IDのうち、認証要求に含まれる事業者IDに一致する事業者IDが存在するか否かを判定する。
即ち、認証部205は、事業者から取得した事業者IDが事業者情報データベースの上記特定された利用者(エントリ)に登録されているか判定する(ステップS105)。 If such a feature is present (step S102, Yes branch), the authentication unit 205 identifies an entry (user) for the feature with the highest similarity (step S104). The authentication unit 205 determines whether or not there is a business ID that matches the business ID included in the authentication request among at least one business ID associated with the specified user.
That is, the authentication unit 205 determines whether the business ID acquired from the business is registered in the specified user (entry) of the business information database (step S105).
 事業者IDが登録されている場合(ステップS105、Yes分岐)、認証部205は、利用者の認証に成功したと判断し、認証結果に「認証成功」を設定する(ステップS106)。対して、事業者IDが登録されていない場合(ステップS105、No分岐)、認証部205は、認証結果に「認証失敗」を設定する(ステップS103)。 When the business ID is registered (step S105, Yes branch), the authentication unit 205 determines that the user has been successfully authenticated, and sets "authentication successful" in the authentication result (step S106). On the other hand, when the business ID is not registered (step S105, No branch), the authentication unit 205 sets "authentication failure" in the authentication result (step S103).
 認証部205は、認証要求を処理した結果を管理サーバ20に送信する(ステップS107)。認証結果が「認証成功」である場合には、認証部205は、生体情報と事業者IDにより特定されたサービスユーザIDを含む肯定応答を管理サーバ20に送信する。認証結果が「認証失敗」である場合には、認証部205は、否定応答を管理サーバ20に送信する。 The authentication unit 205 transmits the result of processing the authentication request to the management server 20 (step S107). When the authentication result is "authentication successful", the authentication unit 205 transmits an acknowledgment including the biometric information and the service user ID specified by the business operator ID to the management server 20. If the authentication result is "authentication failure", the authentication unit 205 sends a negative response to the management server 20.
 例えば、図9Cの例では、「FV1」の特徴量と「S1」の事業者IDが認証要求に含まれる場合、特徴量FV1により2行目、3行目のエントリ(利用者)が特定され、事業者ID「S1」により2行目のエントリが特定される。その結果、上記認証要求は正常に処理され、「U1S1」というサービスユーザIDを含む肯定応答が、管理サーバ20に送信される。 For example, in the example of FIG. 9C, when the feature amount of "FV1" and the business ID of "S1" are included in the authentication request, the entry (user) in the second line and the third line is specified by the feature amount FV1. , The entry in the second line is specified by the business ID "S1". As a result, the authentication request is processed normally, and an acknowledgment including the service user ID "U1S1" is transmitted to the management server 20.
 対して、「FV2」の特徴量と「S2」の事業者IDが認証要求に含まれる場合、特徴量により最下段のエントリが特定されるが、当該エントリの事業者IDは「S2」ではなく「S1」であるので、上記認証要求は正常に処理されない。その結果、管理サーバ20には否定応答が送信される。 On the other hand, when the feature amount of "FV2" and the business ID of "S2" are included in the authentication request, the entry at the bottom is specified by the feature amount, but the business ID of the entry is not "S2". Since it is "S1", the above authentication request is not processed normally. As a result, a negative response is transmitted to the management server 20.
 このように、認証部205は、第1の事業者(例えば、民間事業者)から、被認証者の生体情報と当該第1の事業者の事業者ID(第1のID)を含む認証要求を受信したことに応じて認証処理を実行し、認証成功者(認証成功と判定された被認証者)のサービスユーザID(第2のID)を第1の事業者に送信する。その際、認証部205は、事業者情報データベースに記憶された生体情報と認証要求に含まれる被認証者の生体情報を用いた1対N照合を実行する。認証部205は、認証要求に含まれる事業者IDが、当該1対N照合により特定された利用者と対応付けられて事業者情報データベースに記憶されている場合に、認証処理に成功したと判定する。 In this way, the authentication unit 205 requests authentication from the first business operator (for example, a private business operator) including the biometric information of the person to be authenticated and the business operator ID (first ID) of the first business operator. Is received, the authentication process is executed, and the service user ID (second ID) of the successful authentication person (the person to be authenticated determined to be successful in authentication) is transmitted to the first business operator. At that time, the authentication unit 205 executes 1-to-N collation using the biometric information stored in the business information database and the biometric information of the person to be authenticated included in the authentication request. The authentication unit 205 determines that the authentication process is successful when the business ID included in the authentication request is stored in the business information database in association with the user specified by the one-to-N collation. do.
 公的情報提供部206は、事業者からの公的情報提供要求を処理して公的情報を事業者に提供する手段である。以下、図面を参照しつつ、公的情報提供部206の動作を説明する。図12は、第1の実施形態に係る公的情報提供部206の動作の一例を示すフローチャートである。 The public information provision unit 206 is a means for processing a public information provision request from a business operator and providing public information to the business operator. Hereinafter, the operation of the public information providing unit 206 will be described with reference to the drawings. FIG. 12 is a flowchart showing an example of the operation of the public information providing unit 206 according to the first embodiment.
 公的情報提供部206は、公的情報提供要求に含まれる特徴量と公的情報種類を取り出す。公的情報提供部206は、取り出した特徴量と公的情報データベースに登録された特徴量を用いた照合処理(1対N照合処理)を実行する(ステップS201)。 The public information provision unit 206 extracts the feature amount and the public information type included in the public information provision request. The public information providing unit 206 executes a collation process (1 to N collation process) using the extracted feature amount and the feature amount registered in the public information database (step S201).
 公的情報提供部206は、公的情報データベースに登録された複数の特徴量のうち、照合対象の特徴量との間の類似度が所定の値以上の特徴量が存在するか否か判定する(ステップS202)。そのような特徴量が存在しなければ(ステップS202、No分岐)、公的情報提供部206は、要求された公的情報を提供できない旨を示す否定応答を職員端末31に送信する(ステップS203)。 The public information providing unit 206 determines whether or not there is a feature amount having a similarity between the feature amount registered in the public information database and the feature amount to be collated having a predetermined value or more. (Step S202). If such a feature does not exist (step S202, No branch), the public information providing unit 206 transmits a negative response indicating that the requested public information cannot be provided to the staff terminal 31 (step S203). ).
 そのような特徴量が存在すれば(ステップS202、Yes分岐)、公的情報提供部206は、最も類似度が高い特徴量のエントリ(利用者)を特定する(ステップS204)。公的情報提供部206は、特定したエントリの公的情報特定データフィールドのうち公的情報提供要求の公的情報種類に対応するフィールドから設定値の読み出しを試みる。即ち、公的情報提供部206は、公的情報種類に対応する公的情報特定データが公的情報データベースの上記特定された利用者(エントリ)に登録されているか否か判定する(ステップS205)。 If such a feature quantity exists (step S202, Yes branch), the public information providing unit 206 identifies an entry (user) of the feature quantity having the highest degree of similarity (step S204). The public information providing unit 206 attempts to read the set value from the field corresponding to the public information type of the public information providing request among the public information specific data fields of the specified entry. That is, the public information providing unit 206 determines whether or not the public information specifying data corresponding to the public information type is registered in the specified user (entry) of the public information database (step S205). ..
 公的情報特定データが登録されていない場合(ステップS205、No分岐)、公的情報提供部206は、要求された公的情報を提供できない旨を示す否定応答を職員端末31に送信する(ステップS203)。 When the public information specific data is not registered (step S205, No branch), the public information providing unit 206 transmits a negative response indicating that the requested public information cannot be provided to the staff terminal 31 (step S205). S203).
 公的情報特定データが登録されている場合(ステップS205、Yes分岐)、公的情報提供部206は、登録された公的情報特定データを公的サーバ群の対応する公的サーバに送信する(ステップS206)。 When the public information specific data is registered (step S205, Yes branch), the public information providing unit 206 transmits the registered public information specific data to the corresponding public server of the public server group (step S205, Yes branch). Step S206).
 公的情報提供部206は、公的サーバから公的情報特定データに対応する公的情報(例えば、パスポートの記載事項)を取得する(ステップS207)。当該情報取得に応じて、公的情報提供部206は、要求された公的情報を含む肯定応答を職員端末31に送信する(ステップS208)。 The public information providing unit 206 acquires public information (for example, items described in a passport) corresponding to public information specific data from a public server (step S207). In response to the acquisition of the information, the public information providing unit 206 transmits an acknowledgment including the requested public information to the staff terminal 31 (step S208).
 例えば、図10Bの例では、「FV1」の特徴量が公的情報提供要求に含まれる場合、特徴量FV1により最終段のエントリ(利用者)が特定される。また、公的情報提供要求に含まれる公的情報種別が「パスポート」であれば、対応する公的情報特定データ(パスポート番号)が存在するので、公的情報提供部206は、当該パスポート番号をパスポートサーバ41に送信することで、対応するパスポートの記載事項を取得できる。公的情報提供部206は、取得したパスポートの記載事項を含む肯定応答を職員端末31に送信する。 For example, in the example of FIG. 10B, when the feature amount of "FV1" is included in the public information provision request, the feature amount FV1 specifies the entry (user) in the final stage. Further, if the public information type included in the public information provision request is "passport", the corresponding public information specific data (passport number) exists, so that the public information providing unit 206 uses the passport number. By transmitting to the passport server 41, the description items of the corresponding passport can be obtained. The public information providing unit 206 transmits an acknowledgment including the items described in the acquired passport to the staff terminal 31.
 対して、特徴量が「F1V」、公的情報種別が「保険証」である公的情報提供要求を受信した場合、特徴量により図10Bの最終段のエントリが特定される。しかし、保険証に対応する公的情報特定データ(保険証番号)が当該最終段のエントリに設定されていないので、公的情報提供部206は、公的情報を提供できない旨を示す否定応答を職員端末31に送信する。 On the other hand, when a public information provision request with the feature amount of "F1V" and the public information type of "health insurance card" is received, the entry in the final stage of FIG. 10B is specified by the feature amount. However, since the public information specific data (health insurance card number) corresponding to the insurance card is not set in the entry at the final stage, the public information providing unit 206 gives a negative response indicating that the public information cannot be provided. It is transmitted to the staff terminal 31.
 このように、公的情報提供部206は、第2の事業者(例えば、市役所)から、当該第2の事業者が公的情報を参照したい利用者の生体情報と、参照したい公的情報の種類を含む公的情報提供要求を受信する。公的情報提供部206は、公的情報特定データを用いて、参照したい公的情報を保持する公的サーバから参照したい公的情報を取得する。公的情報提供部206は、取得した公的情報を第2の事業者に送信する。また、公的情報提供部206は、公的情報データベースに記憶された生体情報と公的情報提供要求に含まれる生体情報を用いた1対N照合を実行することで、第2の事業者が公的情報を参照したい利用者(市役所等を訪れた利用者)を特定する。その際、公的情報提供部206は、特定された利用者の複数の公的情報特定データのうち公的情報提供要求に含まれる公的情報種類に対応する公的情報特定データを公的サーバに送信する。 In this way, the public information providing unit 206 receives the biometric information of the user to whom the second business operator wants to refer to the public information and the public information to be referred to from the second business operator (for example, the city hall). Receive public information requests, including types. The public information providing unit 206 acquires the public information to be referred from the public server holding the public information to be referred to by using the public information specific data. The public information providing unit 206 transmits the acquired public information to the second business operator. In addition, the public information providing unit 206 performs a one-to-N collation using the biometric information stored in the public information database and the biometric information included in the public information provision request, so that the second business operator can perform one-to-many matching. Identify the users (users who visited the city hall, etc.) who want to refer to public information. At that time, the public information providing unit 206 selects the public information specific data corresponding to the public information type included in the public information provision request among the plurality of public information specific data of the specified user as a public server. Send to.
 記憶部207は、認証サーバ10の動作に必要な情報を記憶する。記憶部207には、事業者情報データベース、公的情報データベースが構築される。記憶部207は、当該2つのデータベースを使って、利用者の生体情報と、利用者にサービスを提供する事業者を識別する事業者ID(第1のID)と、利用者と事業者の組み合わせにより一意に定まるサービスユーザID(第2のID)と、を対応付けて記憶する。さらに、記憶部207は、当該利用者の生体情報等と、利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する。公的情報データベースは、各利用者に関して複数の公的情報特定データを記憶することができる。
[管理サーバ]
 図13は、第1の実施形態に係る管理サーバ20の処理構成(処理モジュール)の一例を示す図である。図13を参照すると、管理サーバ20は、通信制御部301と、サービス情報取得部302と、サービス情報登録部303と、認証要求部304と、記憶部305と、を備える。 The storage unit 207 stores information necessary for the operation of the authentication server 10. A business information database and a public information database are constructed in the storage unit 207. The storage unit 207 uses the two databases to combine the biometric information of the user, the business operator ID (first ID) that identifies the business operator that provides the service to the user, and the user and the business operator. The service user ID (second ID) uniquely determined by the above is stored in association with each other. Further, the storage unit 207 stores the biometric information of the user and the like in association with the public information specifying data for specifying the public information licensed by the user. The public information database can store a plurality of public information specific data for each user.
[Management server]
FIG. 13 is a diagram showing an example of a processing configuration (processing module) of the management server 20 according to the first embodiment. Referring to FIG. 13, the management server 20 includes a communication control unit 301, a service information acquisition unit 302, a service information registration unit 303, an authentication request unit 304, and a storage unit 305.
 通信制御部301は、他の装置との間の通信を制御する手段である。例えば、通信制御部301は、認証サーバ10、認証端末30からデータ(パケット)を受信する。また、通信制御部301は、認証サーバ10、認証端末30に向けてデータを送信する。通信制御部301は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部301は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部301を介して他の装置とデータの送受信を行う。 The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the authentication server 10 and the authentication terminal 30. Further, the communication control unit 301 transmits data to the authentication server 10 and the authentication terminal 30. The communication control unit 301 passes the data received from the other device to the other processing module. The communication control unit 301 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 301.
 サービス情報取得部302は、事業者がサービスを提供する際に必要となるサービス情報を取得する手段である。例えば、事業者が「小売店」である場合には、サービス情報取得部302は、利用者の氏名等に加えて、代金決済に関する情報(例えば、クレジットカードの情報、銀行口座の情報)を取得する。あるいは、事業者が「宿泊事業者」である場合には、サービス情報取得部302は、氏名等に加え、宿泊に関する予約情報(例えば、宿泊日等)を取得する。 The service information acquisition unit 302 is a means for acquiring service information required when a business operator provides a service. For example, when the business operator is a "retail store", the service information acquisition unit 302 acquires information related to payment (for example, credit card information, bank account information) in addition to the user's name and the like. do. Alternatively, when the business operator is an "accommodation business operator", the service information acquisition unit 302 acquires reservation information (for example, accommodation date, etc.) related to accommodation in addition to the name and the like.
 サービス情報取得部302は、上記氏名等に加え、利用者がシステム登録する際に払い出されたユーザIDを取得する。 The service information acquisition unit 302 acquires the user ID issued when the user registers the system, in addition to the above name and the like.
 サービス情報取得部302は、ユーザID及びサービス情報を任意の手段を用いて取得する。第1の実施形態では、サービス情報取得部302は、端末40が送信するサービス情報登録要求から上記2つの情報を取得する。 The service information acquisition unit 302 acquires the user ID and the service information by any means. In the first embodiment, the service information acquisition unit 302 acquires the above two pieces of information from the service information registration request transmitted by the terminal 40.
 サービス情報取得部302は、取得したユーザID及びサービス情報をサービス情報登録部303に引き渡す。 The service information acquisition unit 302 delivers the acquired user ID and service information to the service information registration unit 303.
 サービス情報登録部303は、取得したサービス情報を利用者情報データベースに登録する手段である。 The service information registration unit 303 is a means for registering the acquired service information in the user information database.
 サービス情報登録部303は、サービス情報取得部302から取得したユーザIDと事業者IDを含む事業者登録要求を認証サーバ10に送信する。 The service information registration unit 303 transmits a business operator registration request including a user ID and a business operator ID acquired from the service information acquisition unit 302 to the authentication server 10.
 サービス情報登録部303は、認証サーバ10から事業者登録要求に対する応答を取得する。取得した応答が「否定応答」である場合には、サービス情報登録部303は、その旨を利用者に通知する。例えば、サービス情報登録部303は、サービス登録は既に行われている旨を含む否定応答(サービス情報登録要求に対する否定応答)を端末40に送信する。 The service information registration unit 303 acquires a response to the business operator registration request from the authentication server 10. If the acquired response is a "negative response", the service information registration unit 303 notifies the user to that effect. For example, the service information registration unit 303 transmits a negative response (negative response to the service information registration request) including the fact that the service registration has already been performed to the terminal 40.
 取得した応答が「肯定応答」である場合には、サービス情報登録部303は、サービス情報登録要求に対する肯定応答を端末40に送信する。また、サービス情報登録部303は、上記応答に含まれるサービスユーザIDとサービス情報取得部302から取得したサービス情報を利用者情報データベースに登録する。例えば、事業者S1の管理サーバ20が、利用者U1からのサービス情報登録要求を処理した場合には、図14の最下段に示されるエントリが利用者情報データベースに追加される。 When the acquired response is an "affirmative response", the service information registration unit 303 transmits an affirmative response to the service information registration request to the terminal 40. Further, the service information registration unit 303 registers the service user ID included in the response and the service information acquired from the service information acquisition unit 302 in the user information database. For example, when the management server 20 of the business operator S1 processes the service information registration request from the user U1, the entry shown at the bottom of FIG. 14 is added to the user information database.
 認証要求部304は、認証サーバ10に対して利用者の認証を要求する手段である。 The authentication request unit 304 is a means for requesting the authentication of the user from the authentication server 10.
 認証要求部304は、認証端末30から生体情報(顔画像)を取得すると、当該顔画像から特徴量を生成する。認証要求部304は、生成した特徴量と事業者IDを含む認証要求を認証サーバ10に送信する。 When the authentication request unit 304 acquires biometric information (face image) from the authentication terminal 30, it generates a feature amount from the face image. The authentication request unit 304 transmits an authentication request including the generated feature amount and the business operator ID to the authentication server 10.
 認証サーバ10からの応答が「否定応答」の場合(認証失敗の場合)には、認証要求部304は、その旨を認証端末30に通知する。 When the response from the authentication server 10 is a "negative response" (in the case of an authentication failure), the authentication request unit 304 notifies the authentication terminal 30 to that effect.
 認証サーバ10からの応答が「肯定応答」の場合(認証成功の場合)には、認証要求部304は、認証サーバ10からの肯定応答に含まれるサービスユーザIDを取り出す。認証要求部304は、当該サービスユーザIDをキーとして利用者情報データベースを検索し、対応するエントリを特定する。 When the response from the authentication server 10 is an "affirmative response" (when the authentication is successful), the authentication request unit 304 retrieves the service user ID included in the affirmative response from the authentication server 10. The authentication request unit 304 searches the user information database using the service user ID as a key, and identifies the corresponding entry.
 認証要求部304は、当該特定したエントリのサービス情報フィールドに設定されたサービス情報を読み出し、認証端末30に送信する。例えば、図14の例では、サービスユーザIDが「U1S1」であれば、最下段のサービス情報「SI01」が認証端末30に送信される。 The authentication request unit 304 reads the service information set in the service information field of the specified entry and sends it to the authentication terminal 30. For example, in the example of FIG. 14, if the service user ID is "U1S1", the service information "SI01" at the bottom is transmitted to the authentication terminal 30.
 記憶部305は、管理サーバ20の動作に必要な情報を記憶する。利用者情報データベースは記憶部305に構築される。
[認証端末]
 図15は、第1の実施形態に係る認証端末30の処理構成(処理モジュール)の一例を示す図である。図15を参照すると、認証端末30は、通信制御部401と、生体情報取得部402と、サービス提供部403と、メッセージ出力部404と、記憶部405と、を備える。 The storage unit 305 stores information necessary for the operation of the management server 20. The user information database is constructed in the storage unit 305.
[Authentication terminal]
FIG. 15 is a diagram showing an example of a processing configuration (processing module) of the authentication terminal 30 according to the first embodiment. Referring to FIG. 15, the authentication terminal 30 includes a communication control unit 401, a biometric information acquisition unit 402, a service providing unit 403, a message output unit 404, and a storage unit 405.
 通信制御部401は、他の装置との間の通信を制御する手段である。例えば、通信制御部401は、管理サーバ20からデータ(パケット)を受信する。また、通信制御部401は、管理サーバ20に向けてデータを送信する。通信制御部401は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部401は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部401を介して他の装置とデータの送受信を行う。 The communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the management server 20. Further, the communication control unit 401 transmits data to the management server 20. The communication control unit 401 passes the data received from the other device to the other processing module. The communication control unit 401 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from other devices via the communication control unit 401.
 生体情報取得部402は、カメラを制御し、利用者の生体情報(顔画像)を取得する手段である。生体情報取得部402は、定期的又は所定のタイミングにおいて自装置の前方を撮像する。生体情報取得部402は、取得した画像に人の顔画像が含まれるか否かを判定し、顔画像が含まれる場合には取得した画像データから顔画像を抽出する。 The biometric information acquisition unit 402 is a means for controlling the camera and acquiring the biometric information (face image) of the user. The biological information acquisition unit 402 images the front of the own device at regular intervals or at predetermined timings. The biological information acquisition unit 402 determines whether or not the acquired image includes a human face image, and if the acquired image includes a face image, extracts the face image from the acquired image data.
 生体情報取得部402による顔画像の検出処理や顔画像の抽出処理には、既存の技術を用いることができるので詳細な説明を省略する。例えば、生体情報取得部402は、CNN(Convolutional Neural Network)により学習された学習モデルを用いて、画像データの中から顔画像(顔領域)を抽出してもよい。あるいは、生体情報取得部402は、テンプレートマッチング等の手法を用いて顔画像を抽出してもよい。 Since the existing technique can be used for the face image detection process and the face image extraction process by the biological information acquisition unit 402, detailed description thereof will be omitted. For example, the biological information acquisition unit 402 may extract a face image (face region) from the image data by using a learning model learned by CNN (Convolutional Neural Network). Alternatively, the biological information acquisition unit 402 may extract a face image by using a technique such as template matching.
 生体情報取得部402は、抽出した顔画像をサービス提供部403に引き渡す。 The biometric information acquisition unit 402 delivers the extracted face image to the service provision unit 403.
 サービス提供部403は、所定のサービスを利用者に提供する手段である。サービス提供部403は、生体情報取得部402から取得した顔画像を管理サーバ20に送信する。
管理サーバ20は、当該顔画像に対応するサービス情報(例えば、氏名等を含むホテルの予約情報)を返信する。サービス提供部403は、当該返信されたサービス情報を用いて、利用者にサービスを提供する。 The service providing unit 403 is a means for providing a predetermined service to the user. The service providing unit 403 transmits the face image acquired from the biometric information acquisition unit 402 to the management server 20.
The management server 20 returns service information (for example, hotel reservation information including a name and the like) corresponding to the face image. The service providing unit 403 provides a service to the user by using the returned service information.
 サービス情報を用いたサービス提供部403の詳細な説明は省略する。サービス提供部403は、提供するサービスの内容に応じた処理を行えばよい。例えば、認証端末30がホテルのロビー等に設置されたチェックイン端末であれば、サービス提供部403は、取得した予約情報(サービス情報)に応じてチェックイン処理を行えばよい。 Detailed explanation of the service providing unit 403 using the service information will be omitted. The service providing unit 403 may perform processing according to the content of the service to be provided. For example, if the authentication terminal 30 is a check-in terminal installed in a hotel lobby or the like, the service providing unit 403 may perform a check-in process according to the acquired reservation information (service information).
 メッセージ出力部404は、利用者に対して種々のメッセージを出力する手段である。
例えば、メッセージ出力部404は、利用者の認証結果に関するメッセージや、サービス提供に関するメッセージを出力する。メッセージ出力部404は、液晶モニタ等の表示デバイスを用いてメッセージを表示してもよいし、スピーカー等の音響機器を用いて音声メッセージを再生してもよい。 The message output unit 404 is a means for outputting various messages to the user.
For example, the message output unit 404 outputs a message regarding the user's authentication result and a message regarding service provision. The message output unit 404 may display a message using a display device such as a liquid crystal monitor, or may reproduce a voice message using an acoustic device such as a speaker.
 記憶部405は、認証端末30の動作に必要な情報を記憶する。
[職員端末]
 図16は、第1の実施形態に係る職員端末31の処理構成(処理モジュール)の一例を示す図である。図16を参照すると、職員端末31は、通信制御部501と、情報提供要求部502と、メッセージ出力部503と、記憶部504と、を備える。 The storage unit 405 stores information necessary for the operation of the authentication terminal 30.
[Staff terminal]
FIG. 16 is a diagram showing an example of a processing configuration (processing module) of the staff terminal 31 according to the first embodiment. Referring to FIG. 16, the staff terminal 31 includes a communication control unit 501, an information provision request unit 502, a message output unit 503, and a storage unit 504.
 通信制御部501は、他の装置との間の通信を制御する手段である。例えば、通信制御部501は、認証サーバ10からデータ(パケット)を受信する。また、通信制御部501は、認証サーバ10に向けてデータを送信する。通信制御部501は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部501は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部501を介して他の装置とデータの送受信を行う。 The communication control unit 501 is a means for controlling communication with other devices. For example, the communication control unit 501 receives data (packet) from the authentication server 10. Further, the communication control unit 501 transmits data to the authentication server 10. The communication control unit 501 passes the data received from the other device to the other processing module. The communication control unit 501 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 501.
 情報提供要求部502は、利用者の公的情報に関する情報提供を認証サーバ10に要求する手段である。情報提供要求部502は、事業者の職員等の操作に応じて、認証サーバ10から取得する公的情報を選択するためのGUI(Graphical User Interface)を表示する。例えば、情報提供要求部502は、図17に示すようなGUIを表示する。情報提供要求部502は、図17に示すようなGUIを用いてサービス提供の際に必要となる公的情報の種類(公的情報種類)を取得する。 The information provision request unit 502 is a means for requesting the authentication server 10 to provide information regarding the user's public information. The information provision request unit 502 displays a GUI (Graphical User Interface) for selecting public information acquired from the authentication server 10 in response to an operation by a business operator or the like. For example, the information provision requesting unit 502 displays a GUI as shown in FIG. The information provision requesting unit 502 acquires the type of public information (public information type) required for service provision by using the GUI as shown in FIG.
 なお、情報提供要求部502は、自装置の設置された場所等に応じて図17に表示する選択肢を変更してもよい。例えば、職員端末31が市役所等の自治体に設置された端末であれば、情報提供要求部502は、図17に示すような表示を行う。対して、職員端末31が民間事業者に設置された端末であれば、当該民間事業者の業務に必要な書類を選択可能な表示を行えばよい。例えば、職員端末31が免税店に設置された端末であれば、パスポートに関する選択肢に限り表示されてもよい。あるいは、職員が公的情報の提供要求に関する操作を行った場合には、情報提供要求部502は、予め定められた公的情報の提供要求を自動的に送信してもよい。 The information provision requesting unit 502 may change the options to be displayed in FIG. 17 according to the place where the own device is installed and the like. For example, if the staff terminal 31 is a terminal installed in a local government such as a city hall, the information provision requesting unit 502 displays as shown in FIG. On the other hand, if the staff terminal 31 is a terminal installed in a private business operator, the documents necessary for the business of the private business operator may be displayed in a selectable manner. For example, if the staff terminal 31 is a terminal installed in a duty-free shop, it may be displayed only for passport-related options. Alternatively, when an employee performs an operation related to a request for providing public information, the information providing request unit 502 may automatically transmit a predetermined public information request.
 また、情報提供要求部502は、上記公的情報の選択に前後して、利用者の生体情報を取得する。例えば、情報提供要求部502は、図18に示すようなGUIを用いて利用者の生体情報(顔画像)を取得する。なお、職員端末31が備えるカメラ(職員端末31に接続されたカメラ)は、職員のもとを訪れた利用者を撮影可能に設置されている。また、情報提供要求部502は、利用者の顔画像を取得する際には、その旨を利用者に通知するのが望ましい。情報提供要求部502は、取得した顔画像から特徴量を生成する。 In addition, the information provision request unit 502 acquires the biometric information of the user before and after the selection of the public information. For example, the information provision requesting unit 502 acquires the biometric information (face image) of the user by using the GUI as shown in FIG. The camera included in the staff terminal 31 (the camera connected to the staff terminal 31) is installed so that the user who visits the staff can be photographed. Further, when the information provision requesting unit 502 acquires the user's face image, it is desirable to notify the user to that effect. The information provision requesting unit 502 generates a feature amount from the acquired face image.
 情報提供要求部502は、取得した公的情報種類と生成した特徴量を含む公的情報提供要求を認証サーバ10に送信する。 The information provision request unit 502 transmits a public information provision request including the acquired public information type and the generated feature amount to the authentication server 10.
 情報提供要求部502は、認証サーバ10から取得した応答(公的情報提供要求に対する応答)をメッセージ出力部503に引き渡す。 The information provision request unit 502 delivers the response (response to the public information provision request) acquired from the authentication server 10 to the message output unit 503.
 メッセージ出力部503は、職員等に対して種々のメッセージを出力する手段である。
 認証サーバ10から否定応答を受信した場合には、メッセージ出力部503は、公的情報の取得に失敗した旨を職員等に通知する。 The message output unit 503 is a means for outputting various messages to the staff and the like.
When a negative response is received from the authentication server 10, the message output unit 503 notifies the staff and the like that the acquisition of public information has failed.
 認証サーバ10から肯定応答を受信した場合には、メッセージ出力部503は、当該肯定応答に含まれる公的情報を出力する。例えば、メッセージ出力部503は、図19に示すような表示を行う。 When an acknowledgment is received from the authentication server 10, the message output unit 503 outputs the public information included in the acknowledgment. For example, the message output unit 503 displays as shown in FIG.
 記憶部504、職員端末31の動作に必要な情報を記憶する。
[端末]
 図20は、第1の実施形態に係る端末40の処理構成(処理モジュール)の一例を示す図である。図20を参照すると、端末40は、通信制御部601と、利用者支援部602と、記憶部603と、を備える。 Information necessary for the operation of the storage unit 504 and the staff terminal 31 is stored.
[Terminal]
FIG. 20 is a diagram showing an example of a processing configuration (processing module) of the terminal 40 according to the first embodiment. Referring to FIG. 20, the terminal 40 includes a communication control unit 601, a user support unit 602, and a storage unit 603.
 通信制御部601は、他の装置との間の通信を制御する手段である。例えば、通信制御部601は、認証サーバ10からデータ(パケット)を受信する。また、通信制御部601は、認証サーバ10に向けてデータを送信する。通信制御部601は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部601は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部601を介して他の装置とデータの送受信を行う。 The communication control unit 601 is a means for controlling communication with other devices. For example, the communication control unit 601 receives data (packet) from the authentication server 10. Further, the communication control unit 601 transmits data to the authentication server 10. The communication control unit 601 passes the data received from the other device to the other processing module. The communication control unit 601 transmits the data acquired from the other processing module to the other device. In this way, the other processing module transmits / receives data to / from the other device via the communication control unit 601.
 利用者支援部602は、生体認証によりサービスの提供を受けようとする利用者を支援する手段である。 The user support unit 602 is a means for supporting a user who intends to receive a service by biometric authentication.
 利用者支援部602は、端末40にインストールされた支援アプリが起動すると動作を開始する。動作を開始した利用者支援部602は、図21に示すようなメニュー表示(GUI表示)を行い、利用者の希望する操作を取得する。 The user support unit 602 starts operation when the support application installed on the terminal 40 is activated. The user support unit 602 that has started the operation performs a menu display (GUI display) as shown in FIG. 21 and acquires an operation desired by the user.
 利用者支援部602は、利用者登録支援部611と、サービス登録支援部612と、提供許諾支援部613とからなるサブモジュールを備える。 The user support unit 602 includes a sub-module consisting of a user registration support unit 611, a service registration support unit 612, and a provision license support unit 613.
 利用者登録支援部611は、図21に示す「利用者登録」の選択に応じて起動する。利用者登録支援部611は、利用者のシステム登録を支援(実現)する手段である。 The user registration support unit 611 is activated in response to the selection of "user registration" shown in FIG. The user registration support unit 611 is a means for supporting (realizing) the system registration of the user.
 利用者登録では、利用者の生体情報と身元確認書類をシステムに入力する必要がある。
利用者登録支援部611は、これらの情報を取得するためのGUIを表示する。 For user registration, it is necessary to enter the user's biometric information and identity verification documents into the system.
The user registration support unit 611 displays a GUI for acquiring such information.
 例えば、利用者登録支援部611は、図22に示すようなGUIを表示する。例えば、利用者は、図22に示す「ファイル選択」ボタンを押下し、システムに登録する顔画像の画像データを指定する。指定された顔画像は、プレビュー領域に表示される(図22では選択顔画像として表示されている)。プレビューされた顔画像を登録する際には、利用者は「決定」ボタンを押下する。 For example, the user registration support unit 611 displays a GUI as shown in FIG. 22. For example, the user presses the "file selection" button shown in FIG. 22 and specifies the image data of the face image to be registered in the system. The designated face image is displayed in the preview area (displayed as a selected face image in FIG. 22). When registering the previewed face image, the user presses the "OK" button.
 顔画像の取得に続いて、利用者登録支援部611は、身元確認書類を取得する。例えば、利用者登録支援部611は、図23に示すようなGUIを表示する。例えば、利用者は、端末40のカメラを用いて身元確認書類を撮像する。利用者は、「ファイル選択」ボタンを押下し、撮影した身元確認書類の画像を指定する。その後、利用者は「決定」ボタンを押下し、身元確認書類を入力する。 Following the acquisition of the face image, the user registration support department 611 acquires the identification document. For example, the user registration support unit 611 displays a GUI as shown in FIG. 23. For example, the user uses the camera of the terminal 40 to take an image of the identification document. The user presses the "File selection" button and specifies the image of the identity verification document taken. After that, the user presses the "OK" button and inputs the identification document.
 なお、システムに登録が可能な身元確認書類には、パスポート、運転免許証等の顔画像が記載された書類(公的機関が発行した書類であって身元確認に資する書類)が例示される。また、身元確認書類には、紙媒体による書類だけでなく電子媒体による書類も含まれる。 The identity verification documents that can be registered in the system include documents with facial images such as passports and driver's licenses (documents issued by public institutions that contribute to identity verification). In addition, the identification documents include not only paper documents but also electronic documents.
 利用者登録支援部611は、取得した生体情報(顔画像)及び身元確認書類を含む利用者登録要求を認証サーバ10に送信する。 The user registration support unit 611 sends a user registration request including the acquired biometric information (face image) and identity verification documents to the authentication server 10.
 認証サーバ10から肯定応答(利用者登録が正常に行われた旨を示す応答)を受信すると、利用者登録支援部611は、当該肯定応答に含まれるユーザIDを記憶部603に記憶する。 Upon receiving an acknowledgment (a response indicating that the user registration was normally performed) from the authentication server 10, the user registration support unit 611 stores the user ID included in the acknowledgment in the storage unit 603.
 また、利用者登録支援部611は、認証サーバ10から受信した応答(肯定応答、否定応答)に応じたメッセージ等を出力する。 Further, the user registration support unit 611 outputs a message or the like according to the response (affirmative response, negative response) received from the authentication server 10.
 サービス登録支援部612は、図21に示す「サービス情報登録」の選択に応じて起動する。サービス登録支援部612は、利用者によるサービス情報の登録を支援(実現)する手段である。 The service registration support unit 612 is activated in response to the selection of "service information registration" shown in FIG. The service registration support unit 612 is a means for supporting (realizing) the registration of service information by the user.
 サービス登録支援部612は、システムに参加している事業者の業種を表示することで、利用者がサービスの提供を希望する業種の選択を可能とする。例えば、サービス登録支援部612は、図24に示すようなGUIを表示し、利用者が希望するサービスの種類を選択可能とする。 The service registration support unit 612 enables the user to select the type of industry in which the service is desired by displaying the type of business of the business operator participating in the system. For example, the service registration support unit 612 displays a GUI as shown in FIG. 24 so that the user can select the type of service desired.
 その後、サービス登録支援部612は、利用者が具体的な事業者(サービス提供者)を選択可能とするようなGUIを表示する。例えば、図24において、利用者が「ホテル」を選択した場合には、サービス登録支援部612は、図25に示すようなGUIを表示する。サービス登録支援部612は、図25に示すようなGUIを使って、認証基盤に参加している事業者のうち利用者が利用を希望する事業者(サービス情報を登録する事業者)の情報を取得する。 After that, the service registration support unit 612 displays a GUI that allows the user to select a specific business operator (service provider). For example, in FIG. 24, when the user selects “hotel”, the service registration support unit 612 displays a GUI as shown in FIG. 25. The service registration support unit 612 uses the GUI as shown in FIG. 25 to obtain information on the business operator (the business operator that registers the service information) that the user wants to use among the business operators participating in the authentication infrastructure. get.
 サービス登録支援部612は、利用者が選択した事業者に応じたサービス情報を取得する。例えば、利用者がホテル事業者を選択した場合には、サービス登録支援部612は、ホテルの予約情報を取得するためのGUIを表示する(図26参照)。 The service registration support unit 612 acquires service information according to the business operator selected by the user. For example, when the user selects a hotel operator, the service registration support unit 612 displays a GUI for acquiring hotel reservation information (see FIG. 26).
 サービス登録支援部612は、図26に示すようなGUIを用いて取得したサービス情報と利用者のユーザID(認証サーバ10から払い出されたユーザID)を含むサービス情報登録要求を、利用者により選択された事業者の管理サーバ20に送信する。例えば、図2の例では、利用者が事業者S1からサービスの提供を受けたいと希望した場合には、サービス登録支援部612は、事業者S1の管理サーバ20に向けてサービス情報登録要求を送信する。サービス登録支援部612は、図25に示すようなGUIにより選択された事業者と当該事業者の管理サーバ20のアドレスを対応付けたテーブル情報等を参照することで、サービス情報登録要求の送信先となる管理サーバ20を決定する。 The service registration support unit 612 requests the service information registration including the service information acquired by using the GUI as shown in FIG. 26 and the user ID (user ID issued from the authentication server 10) by the user. It is transmitted to the management server 20 of the selected business operator. For example, in the example of FIG. 2, when the user wishes to receive the service from the business operator S1, the service registration support unit 612 requests the service information registration to the management server 20 of the business operator S1. Send. The service registration support unit 612 sends the service information registration request to the destination by referring to the table information or the like in which the business operator selected by the GUI and the address of the management server 20 of the business operator are associated with each other as shown in FIG. The management server 20 to be used is determined.
 なお、サービス登録支援部612は、選択された事業者と取得するサービス情報を対応付けた情報等を参照するとことで、取得するサービス情報を決定する。あるいは、サービス登録支援部612は、利用者が選択した事業者の管理サーバ20に取得する項目を問い合わせてもよいし、サービス情報を入力するための入力フォーム等を取得してもよい。上記の例では、利用者が事業者S1を選択した後、サービス登録支援部612は、事業者S1の管理サーバ20から取得項目や入力フォーム等を入手してもよい。 The service registration support unit 612 determines the service information to be acquired by referring to the information or the like that associates the selected business operator with the service information to be acquired. Alternatively, the service registration support unit 612 may inquire the management server 20 of the business operator selected by the user about the items to be acquired, or may acquire an input form or the like for inputting service information. In the above example, after the user selects the business operator S1, the service registration support unit 612 may obtain an acquisition item, an input form, or the like from the management server 20 of the business operator S1.
 また、サービス登録支援部612は、管理サーバ20から受信した応答(肯定応答、否定応答)に応じたメッセージ等を出力する。 Further, the service registration support unit 612 outputs a message or the like according to the response (affirmative response, negative response) received from the management server 20.
 提供許諾支援部613は、図21に示す「公的情報の提供許諾」の選択に応じて起動する。提供許諾支援部613は、利用者による公的情報の提供許諾を支援(実現)する手段である。 The provision permission support unit 613 is activated according to the selection of "permission to provide public information" shown in FIG. The provision permission support unit 613 is a means for supporting (realizing) the provision permission of public information by the user.
 提供許諾支援部613は、利用者が提供を許諾する公的情報を選択可能とするようなGUIを表示する。例えば、提供許諾支援部613は、図27に示すようなGUIを表示する。 The provision permission support unit 613 displays a GUI that allows the user to select the public information for which the provision is permitted. For example, the license support unit 613 displays a GUI as shown in FIG. 27.
 提供を許諾する公的情報(公的情報種類)が選択されると、提供許諾支援部613は、当該公的情報に対応する公的情報特定データを入力するためのGUIを表示する。例えば、提供許諾支援部613は、図28に示すようなGUIを用いて公的情報特定データを取得する。 When the public information (public information type) for which provision is permitted is selected, the provision permission support unit 613 displays a GUI for inputting public information specific data corresponding to the public information. For example, the provision permission support unit 613 acquires public information specific data using a GUI as shown in FIG. 28.
 提供許諾支援部613は、利用者のユーザIDと公的情報特定データを含む公的情報提供許諾を認証サーバ10に送信する。 The provision permission support unit 613 transmits the public information provision permission including the user ID of the user and the public information specific data to the authentication server 10.
 提供許諾支援部613は、認証サーバ10から受信した応答(肯定応答、否定応答)に応じたメッセージ等を出力する。 The provision permission support unit 613 outputs a message or the like according to the response (affirmative response, negative response) received from the authentication server 10.
 記憶部603は、端末40の動作に必要な情報を記憶する手段である。
[公的サーバ]
 公的サーバの内部構成等に関する説明は省略する。公的サーバは、公的情報特定データと公的情報を対応付けて記憶するデータベースを備えていればよい。公的サーバは、公的情報特定データをキーとして当該データベースを検索し、対応する公的情報を認証サーバ10に送信すればよい。
[システムの動作]
 続いて、第1の実施形態に係る認証システムの動作について説明する。なお、動作の説明は、サービス情報登録フェーズ、公的情報提供許諾フェーズ、サービス提供フェーズについて行い、利用者登録フェーズに関する説明を省略する。 The storage unit 603 is a means for storing information necessary for the operation of the terminal 40.
[Public server]
The description of the internal configuration of the public server will be omitted. The public server may include a database that stores public information specific data in association with public information. The public server may search the database using the public information specific data as a key and send the corresponding public information to the authentication server 10.
[System operation]
Subsequently, the operation of the authentication system according to the first embodiment will be described. The operation will be described for the service information registration phase, the public information provision permission phase, and the service provision phase, and the description regarding the user registration phase will be omitted.
 図29は、第1の実施形態に係る認証システムのサービス情報登録フェーズに関する動作の一例を示すシーケンス図である。 FIG. 29 is a sequence diagram showing an example of the operation related to the service information registration phase of the authentication system according to the first embodiment.
 管理サーバ20は、利用者(端末40)からサービス情報(サービスを提供するために必要な情報)、ユーザIDを取得する(ステップS01)。 The management server 20 acquires service information (information necessary for providing the service) and a user ID from the user (terminal 40) (step S01).
 管理サーバ20は、取得したユーザID及び事業者IDを含む事業者登録要求を認証サーバ10に送信する(ステップS02)。 The management server 20 transmits a business registration request including the acquired user ID and business ID to the authentication server 10 (step S02).
 認証サーバ10は、取得したユーザID及び事業者IDを用いてサービスユーザIDを生成する(ステップS03)。 The authentication server 10 generates a service user ID using the acquired user ID and business operator ID (step S03).
 認証サーバ10は、事業者IDとサービスユーザIDを事業者情報データベースに記憶する(ステップS04)。 The authentication server 10 stores the business operator ID and the service user ID in the business operator information database (step S04).
 認証サーバ10は、サービスユーザIDを含む応答(事業者登録要求に対する肯定応答)を管理サーバ20に送信する(ステップS05)。 The authentication server 10 transmits a response including the service user ID (a positive response to the business operator registration request) to the management server 20 (step S05).
 管理サーバ20は、ステップS01にて取得したサービス情報と、認証サーバ10から取得したサービスユーザIDを対応付けて、利用者情報データベースに記憶する(ステップS06)。 The management server 20 associates the service information acquired in step S01 with the service user ID acquired from the authentication server 10 and stores it in the user information database (step S06).
 図30は、第1の実施形態に係る認証システムの公的情報提供許諾フェーズに関する動作の一例を示すシーケンス図である。 FIG. 30 is a sequence diagram showing an example of the operation related to the public information provision permission phase of the authentication system according to the first embodiment.
 端末40は、GUI等を用いて利用者が提供を許諾する公的情報種類、公的情報特定データを取得する(ステップS11)。 The terminal 40 acquires the public information type and public information specific data that the user permits to provide using a GUI or the like (step S11).
 端末40は、利用者のユーザIDと公的情報特定データを含む公的情報提供許諾を認証サーバ10に送信する(ステップS12)。なお、端末40は、公的情報種類を含む公的情報提供許諾を認証サーバ10に送信してもよい。即ち、端末40は、利用者により提供が許諾された公的情報の種類を認証サーバ10に明示してもよい。 The terminal 40 transmits the public information provision permission including the user ID of the user and the public information specific data to the authentication server 10 (step S12). The terminal 40 may transmit a public information provision permission including a public information type to the authentication server 10. That is, the terminal 40 may clearly indicate to the authentication server 10 the type of public information licensed by the user.
 認証サーバ10は、ユーザIDに基づいて情報提供許諾をする利用者を特定する(ステップS13)。 The authentication server 10 identifies a user who grants information provision permission based on the user ID (step S13).
 認証サーバ10は、特定された利用者の公的情報特定フィールドに公的情報特定データを記憶する(ステップS14)。 The authentication server 10 stores the public information specific data in the public information specific field of the specified user (step S14).
 認証サーバ10は、公的情報提供許諾に対する肯定応答を端末40に送信する(ステップS15)。 The authentication server 10 transmits an acknowledgment to the public information provision permission to the terminal 40 (step S15).
 端末40は、取得した応答に応じたメッセージ等を表示する(ステップS16)。 The terminal 40 displays a message or the like according to the acquired response (step S16).
 図31は、第1の実施形態に係る認証システムのサービス提供フェーズに関する動作の一例を示すシーケンス図である。図31を参照しつつ、サービス情報を用いてサービスが提供される際のシステム動作を説明する。 FIG. 31 is a sequence diagram showing an example of the operation related to the service provision phase of the authentication system according to the first embodiment. With reference to FIG. 31, the system operation when the service is provided using the service information will be described.
 認証端末30は、利用者の顔画像(生体情報)を取得し、当該取得した顔画像を管理サーバ20に送信する(ステップS21)。 The authentication terminal 30 acquires a user's face image (biological information) and transmits the acquired face image to the management server 20 (step S21).
 管理サーバ20は、取得した顔画像から特徴量を生成する(ステップS22)。 The management server 20 generates a feature amount from the acquired face image (step S22).
 管理サーバ20は、当該生成された特徴量と事業者IDを含む認証要求を認証サーバ10に送信する(ステップS23)。 The management server 20 transmits an authentication request including the generated feature amount and the business operator ID to the authentication server 10 (step S23).
 認証サーバ10は、認証要求に含まれる特徴量と事業者IDを用いた認証処理を実行し、対応するサービスユーザIDを特定する(ステップS24)。 The authentication server 10 executes an authentication process using the feature amount included in the authentication request and the business operator ID, and identifies the corresponding service user ID (step S24).
 認証サーバ10は、特定したサービスユーザIDを含む肯定応答を管理サーバ20に送信する(サービスユーザIDを送信;ステップS25)。 The authentication server 10 transmits an acknowledgment including the specified service user ID to the management server 20 (sends the service user ID; step S25).
 管理サーバ20は、取得したサービスユーザIDを用いて利用者情報データベースを検索し、対応するサービス情報を特定する(ステップS26)。 The management server 20 searches the user information database using the acquired service user ID, and specifies the corresponding service information (step S26).
 管理サーバ20は、特定したサービス情報を認証端末30に送信する(ステップS27)。 The management server 20 transmits the specified service information to the authentication terminal 30 (step S27).
 認証端末30は、取得したサービス情報を用いてサービスを提供する(ステップS28)。 The authentication terminal 30 provides a service using the acquired service information (step S28).
 図32は、第1の実施形態に係る認証システムのサービス提供フェーズに関する動作の一例を示すシーケンス図である。図32を参照しつつ、公的情報を用いてサービスが提供される際のシステム動作を説明する。 FIG. 32 is a sequence diagram showing an example of the operation related to the service provision phase of the authentication system according to the first embodiment. With reference to FIG. 32, the system operation when the service is provided using public information will be described.
 職員端末31は、職員等の操作に応じて、利用者(サービスの提供を受ける利用者)生体情報(顔画像)と参照する公的情報種類を取得する(ステップS31)。職員端末31は、顔画像から特徴量を生成する。 The staff terminal 31 acquires the user (user who receives the service) biometric information (face image) and the public information type to be referred to according to the operation of the staff or the like (step S31). The staff terminal 31 generates a feature amount from the face image.
 職員端末31は、利用者の特徴量と公的情報種類を含む公的情報提供要求を認証サーバ10に送信する(ステップS32)。 The staff terminal 31 transmits a public information provision request including a user's feature amount and a public information type to the authentication server 10 (step S32).
 認証サーバ10は、公的情報提供要求に含まれる特徴量を用いた照合処理を実行し、対応する利用者を特定する(ステップS33)。 The authentication server 10 executes a collation process using the feature amount included in the public information provision request, and identifies the corresponding user (step S33).
 認証サーバ10は、特定した利用者の公的情報特定データのうち公的情報提供要求に含まれる公的情報種類に対応するデータを公的情報データベースから読み出す(公的情報特定データの取得;ステップS34)。 The authentication server 10 reads out from the public information database the data corresponding to the public information type included in the public information provision request among the public information specific data of the specified user (acquisition of public information specific data; step). S34).
 認証サーバ10は、取得した公的情報特定データを対応する公的サーバに送信する(ステップS35)。 The authentication server 10 transmits the acquired public information specific data to the corresponding public server (step S35).
 公的サーバは、受信した公的情報特定データに対応する公的情報をデータベースから読み出し、当該公的情報を認証サーバ10に送信する(ステップS36)。 The public server reads the public information corresponding to the received public information specific data from the database, and transmits the public information to the authentication server 10 (step S36).
 認証サーバ10は、公的情報を含む公的情報提供要求に対する肯定応答を職員端末31に送信する(公的情報の送信;ステップS37)。 The authentication server 10 transmits an acknowledgment to the public information provision request including public information to the staff terminal 31 (transmission of public information; step S37).
 職員端末31は、受信した公的情報を出力する(ステップS38)。例えば、職員端末31は、取得した公的情報を職員に提示する。 The staff terminal 31 outputs the received public information (step S38). For example, the staff terminal 31 presents the acquired public information to the staff.
 以上のように、第1の実施形態に係る認証システムでは、認証サーバ10は、民間事業者からの要求及び公的機関からの要求を処理することができる。換言すれば、民間事業者であっても公的機関であっても、独自の認証システムを構築する必要はなく、容易に生体認証を利用できる。具体的には、民間事業者(サービス情報を利用するサービス提供者)は、サービスの提供にあたり利用者のユーザIDとサービス情報を取得し、事業者の登録を認証サーバ10に要求すれば足りる。民間事業者は、生体認証の実質的な処理を認証センターに委託することで、生体認証を用いたサービス提供を容易に実現できる。同様に、公的機関(公的情報を利用するサービス提供者)は、サービスの提供にあたり、利用者に対して、事前に公的情報の提供許諾を要望しておけば足りる。公的機関は、利用者の生体情報と必要な公的情報を認証サーバ10に通知することで、生体認証の実質的な処理を行うことなく、利用者の公的情報を参照することができる。また、利用者に関しても、事前に情報提供を許諾する公的情報の情報(公的情報特定データ;例えば、パスポート番号)をシステムに登録しておくことで、公的書類(身元確認書類;パスポート等)を携帯していなくとも公的機関から行政サービスを受けることができる。さらに、利用者は、情報提供を許諾する公的情報を選択できるので、公的情報の性質等に応じた柔軟な情報提供許諾が行える。 As described above, in the authentication system according to the first embodiment, the authentication server 10 can process a request from a private business operator and a request from a public institution. In other words, both private businesses and public institutions do not need to build their own authentication system and can easily use biometric authentication. Specifically, it is sufficient for a private business operator (service provider who uses service information) to acquire the user ID and service information of the user and request the authentication server 10 to register the business operator when providing the service. Private businesses can easily provide services using biometrics by outsourcing the actual processing of biometrics to a certification center. Similarly, a public institution (a service provider who uses public information) need only request the user for permission to provide public information in advance when providing the service. By notifying the authentication server 10 of the user's biometric information and necessary public information, the public institution can refer to the user's public information without performing substantial processing of biometric authentication. .. In addition, for users, by registering the information of public information (public information identification data; for example, passport number) that permits the provision of information in the system in advance, official documents (identification documents; passport). Etc.), you can receive administrative services from public institutions even if you do not carry it. Further, since the user can select the public information for which the information provision is permitted, the information provision permission can be flexibly performed according to the nature of the public information and the like.
 また、利用者の生体情報は認証サーバ10に格納され、各事業者は当該生体情報を有していない。利用者のサービス情報(氏名等の個人情報)は事業者が管理、運営する管理サーバ20に格納され、認証サーバ10は当該サービス情報を有していない。第1の実施形態に係る認証システムは、このように情報を分散配置することで、情報漏洩に対してロバストな認証基盤を提供する。即ち、サービス情報と紐づけられていない生体情報(特に、特徴量)は単なる数値の羅列であり犯罪者等にとって価値の低い情報である。したがって、万一、認証サーバ10から情報漏洩が発生してもその影響は限定的である。また、認証サーバ10は、各利用者に関する公的情報の実質的な内容を保持していない。認証サーバ10は、公的情報が必要となるたびに、対応する公的サーバから情報を取得するので、認証サーバ10から公的情報が漏洩する可能性は低い。第1の実施形態に係る認証システムの構成により、認証システムの参加者(サービスの提供を受ける利用者、サービスを提供する事業者)は安心して認証システムを利用できる。 Further, the biometric information of the user is stored in the authentication server 10, and each business operator does not have the biometric information. The user's service information (personal information such as name) is stored in the management server 20 managed and operated by the business operator, and the authentication server 10 does not have the service information. The authentication system according to the first embodiment provides a robust authentication platform against information leakage by distributing and arranging information in this way. That is, biological information (particularly, feature amount) that is not associated with service information is merely a list of numerical values and is low value information for criminals and the like. Therefore, even if information leakage occurs from the authentication server 10, its influence is limited. Further, the authentication server 10 does not hold the actual contents of public information about each user. Since the authentication server 10 acquires information from the corresponding public server each time the public information is required, the possibility that the public information is leaked from the authentication server 10 is low. With the configuration of the authentication system according to the first embodiment, the participants of the authentication system (users who receive the service, business operators who provide the service) can use the authentication system with peace of mind.
 続いて、認証システムを構成する各装置のハードウェアについて説明する。図33は、認証サーバ10のハードウェア構成の一例を示す図である。 Next, the hardware of each device that constitutes the authentication system will be described. FIG. 33 is a diagram showing an example of the hardware configuration of the authentication server 10.
 認証サーバ10は、情報処理装置(所謂、コンピュータ)により構成可能であり、図33に例示する構成を備える。例えば、認証サーバ10は、プロセッサ311、メモリ312、入出力インターフェイス313及び通信インターフェイス314等を備える。上記プロセッサ311等の構成要素は内部バス等により接続され、相互に通信可能に構成されている。 The authentication server 10 can be configured by an information processing device (so-called computer), and includes the configuration illustrated in FIG. 33. For example, the authentication server 10 includes a processor 311, a memory 312, an input / output interface 313, a communication interface 314, and the like. The components such as the processor 311 are connected by an internal bus or the like and are configured to be able to communicate with each other.
 但し、図33に示す構成は、認証サーバ10のハードウェア構成を限定する趣旨ではない。認証サーバ10は、図示しないハードウェアを含んでもよいし、必要に応じて入出力インターフェイス313を備えていなくともよい。また、認証サーバ10に含まれるプロセッサ311等の数も図33の例示に限定する趣旨ではなく、例えば、複数のプロセッサ311が認証サーバ10に含まれていてもよい。 However, the configuration shown in FIG. 33 does not mean to limit the hardware configuration of the authentication server 10. The authentication server 10 may include hardware (not shown) or may not include an input / output interface 313 if necessary. Further, the number of processors 311 and the like included in the authentication server 10 is not limited to the example of FIG. 33, and for example, a plurality of processors 311 may be included in the authentication server 10.
 プロセッサ311は、例えば、CPU(Central Processing Unit)、MPU(Micro Processing Unit)、DSP(Digital Signal Processor)等のプログラマブルなデバイスである。あるいは、プロセッサ311は、FPGA(Field Programmable Gate Array)、ASIC(Application Specific Integrated Circuit)等のデバイスであってもよい。プロセッサ311は、オペレーティングシステム(OS;Operating System)を含む各種プログラムを実行する。 The processor 311 is a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), and a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
 メモリ312は、RAM(Random Access Memory)、ROM(Read Only Memory)、HDD(Hard Disk Drive)、SSD(Solid State Drive)等である。メモリ312は、OSプログラム、アプリケーションプログラム、各種データを格納する。 The memory 312 is a RAM (RandomAccessMemory), a ROM (ReadOnlyMemory), an HDD (HardDiskDrive), an SSD (SolidStateDrive), or the like. The memory 312 stores an OS program, an application program, and various data.
 入出力インターフェイス313は、図示しない表示装置や入力装置のインターフェイスである。表示装置は、例えば、液晶ディスプレイ等である。入力装置は、例えば、キーボードやマウス等のユーザ操作を受け付ける装置である。 The input / output interface 313 is an interface of a display device or an input device (not shown). The display device is, for example, a liquid crystal display or the like. The input device is, for example, a device that accepts user operations such as a keyboard and a mouse.
 通信インターフェイス314は、他の装置と通信を行う回路、モジュール等である。例えば、通信インターフェイス314は、NIC(Network Interface Card)等を備える。 The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card) and the like.
 認証サーバ10の機能は、各種処理モジュールにより実現される。当該処理モジュールは、例えば、メモリ312に格納されたプログラムをプロセッサ311が実行することで実現される。また、当該プログラムは、コンピュータが読み取り可能な記憶媒体に記録することができる。記憶媒体は、半導体メモリ、ハードディスク、磁気記録媒体、光記録媒体等の非トランジェント(non-transitory)なものとすることができる。即ち、本発明は、コンピュータプログラム製品として具現することも可能である。また、上記プログラムは、ネットワークを介してダウンロードするか、あるいは、プログラムを記憶した記憶媒体を用いて、更新することができる。さらに、上記処理モジュールは、半導体チップにより実現されてもよい。 The function of the authentication server 10 is realized by various processing modules. The processing module is realized, for example, by the processor 311 executing a program stored in the memory 312. The program can also be recorded on a computer-readable storage medium. The storage medium may be a non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. That is, the present invention can also be embodied as a computer program product. Further, the above program can be downloaded via a network or updated by using a storage medium in which the program is stored. Further, the processing module may be realized by a semiconductor chip.
 なお、管理サーバ20、認証端末30、職員端末31、端末40等も認証サーバ10と同様に情報処理装置により構成可能であり、その基本的なハードウェア構成は認証サーバ10と相違する点はないので説明を省略する。例えば、認証端末30は、利用者を撮像するためのカメラを備えていればよい。 The management server 20, the authentication terminal 30, the staff terminal 31, the terminal 40, and the like can also be configured by the information processing device in the same manner as the authentication server 10, and the basic hardware configuration thereof is not different from the authentication server 10. Therefore, the explanation is omitted. For example, the authentication terminal 30 may be provided with a camera for photographing the user.
 認証サーバ10は、コンピュータを搭載し、当該コンピュータにプログラムを実行させることで認証サーバ10の機能が実現できる。また、認証サーバ10は、当該プログラムにより認証サーバの制御方法を実行する。
[変形例]
 なお、上記実施形態にて説明した認証システムの構成、動作等は例示であって、システムの構成等を限定する趣旨ではない。 The authentication server 10 is equipped with a computer, and the function of the authentication server 10 can be realized by causing the computer to execute a program. Further, the authentication server 10 executes the control method of the authentication server by the program.
[Modification example]
It should be noted that the configuration, operation, and the like of the authentication system described in the above embodiment are examples, and are not intended to limit the system configuration and the like.
 上記実施形態では、認証サーバ10が事業者情報データベース、公的情報データベースを有する場合について説明した。しかし、これらのデータベースは、認証サーバ10とは異なるデータベースサーバに構築されていてもよい。また、認証システムには、上記実施形態にて説明した各種手段(認証部205、公的情報提供部206等)が含まれていればよい。 In the above embodiment, the case where the authentication server 10 has a business information database and a public information database has been described. However, these databases may be built on a database server different from the authentication server 10. Further, the authentication system may include various means (authentication unit 205, public information providing unit 206, etc.) described in the above embodiment.
 上記実施形態では、2つのデータベースを用いて利用者の生体情報等を記憶、管理する場合に説明した。しかし、認証サーバ10は、当該2つのデータベースが統合されたデータベースを用いて利用者の生体情報等を管理してもよい。例えば、認証サーバ10は、図34に示すような認証情報データベース(データベース101に相当)を用いて生体認証や情報提供を行ってもよい。 In the above embodiment, the case where the biometric information of the user and the like are stored and managed using the two databases has been described. However, the authentication server 10 may manage the biometric information of the user or the like by using a database in which the two databases are integrated. For example, the authentication server 10 may perform biometric authentication and information provision using an authentication information database (corresponding to database 101) as shown in FIG. 34.
 上記実施形態では、国内で発行される公的書類(パスポート、保険証)を情報提供の対象とすることを説明したが、情報提供の対象は国内の公的機関が発行した書類に限定されない。即ち、外国の公的機関が発行した公的書類に関する公的情報が認証システムから提供されてもよい。この場合であっても、外国の公的情報に対応する公的情報特定データが認証システムに登録されていればよい。また、同様の観点で、本願開示の利用者は、日本人だけでなく外国人とすることもできる。 
 上記実施形態では、公的情報の提供を要求するのは主体として公的機関を例にとり、認証システムの動作等を説明した。しかし、公的情報の提供を要求するのは民間事業者の場合もある。例えば、免税店が、利用者のパスポートを確認する際に、上記実施形態で説明した公的情報提供要求が免税店の端末(職員端末31に相当する端末)から認証サーバ10に送信されてもよい。 In the above embodiment, it has been explained that public documents (passports, health insurance cards) issued in Japan are targeted for information provision, but the target of information provision is not limited to documents issued by domestic public institutions. That is, public information regarding public documents issued by a foreign public institution may be provided by the certification system. Even in this case, it is sufficient that the public information specific data corresponding to the foreign public information is registered in the authentication system. From the same viewpoint, the users disclosed in the present application may be foreigners as well as Japanese.
In the above embodiment, the operation of the authentication system and the like have been described by taking a public institution as an example of requesting the provision of public information. However, it may be a private business that requires the provision of public information. For example, when the duty-free shop confirms the passport of the user, even if the public information provision request described in the above embodiment is transmitted from the duty-free shop terminal (terminal corresponding to the staff terminal 31) to the authentication server 10. good.
 また、サービス情報を用いてサービスの提供を行うのは公的機関であってもよい。例えば、病院の予約情報がサービス情報として病院に登録され、上記実施形態で説明した生体認証により予約情報が特定されてもよい。 Also, it may be a public institution that provides services using service information. For example, the reservation information of the hospital may be registered in the hospital as service information, and the reservation information may be specified by the biometric authentication described in the above embodiment.
 上記実施形態では、利用者登録の際、認証サーバ10がユーザIDを生成し、当該生成したユーザIDを利用者に払い出すことを説明した。しかし、ユーザIDは利用者により決められ、利用者がユーザIDをシステムに入力してもよい。例えば、利用者が認証サーバ10にログインするためのID、パスワード又はこれらの組み合わせがユーザIDとして使用されてもよい。 In the above embodiment, it has been described that the authentication server 10 generates a user ID at the time of user registration and pays out the generated user ID to the user. However, the user ID is determined by the user, and the user may input the user ID into the system. For example, an ID, a password, or a combination thereof for the user to log in to the authentication server 10 may be used as the user ID.
 上記実施形態では、利用者登録フェーズとサービス情報登録フェーズが異なるタイミングで実行されることを説明したが、これらのフェーズは実質的に同タイミングにて実行されてもよい。例えば、利用者がサービスの提供を希望する事業者に設置された認証端末30が用いられ、上記2つの登録フェーズが実行されてもよい。具体的には、利用者は、認証端末30を用いて利用者登録(生体情報、身元確認書類の入力)を行い、その後、連続して、サービス情報の登録(ユーザID、サービス情報の入力)を行ってもよい。 In the above embodiment, it has been explained that the user registration phase and the service information registration phase are executed at different timings, but these phases may be executed at substantially the same timing. For example, the authentication terminal 30 installed in the business operator who wants to provide the service may be used, and the above two registration phases may be executed. Specifically, the user registers as a user (inputs biometric information and identity verification documents) using the authentication terminal 30, and then continuously registers service information (inputs user ID and service information). May be done.
 同様に、利用者登録フェーズと公的情報提供許諾フェーズが実質的に同じタイミングで実行されてもよい。利用者は、端末40を操作して、生体情報、身元確認書類、提供を許諾する公的情報の種類を認証サーバ10に入力してもよい。 Similarly, the user registration phase and the public information provision permission phase may be executed at substantially the same timing. The user may operate the terminal 40 to input biometric information, identity verification documents, and types of public information for which provision is permitted to the authentication server 10.
 上記実施形態では、1つの事業者に1つの事業者IDを割り当てることを説明したが、複数の事業者に対して1つの事業者IDが割り当てられてもよい。複数の事業者をグループとしてまとめ、グループごとに事業者IDが発行されてもよい。例えば、事業者S1とS2が連携し、同じサービスを提供するような場合には、これらの事業者S1、S2に対して共通の事業者IDが発行されてもよい。 In the above embodiment, it has been described that one business operator ID is assigned to one business operator, but one business operator ID may be assigned to a plurality of business operators. A plurality of businesses may be grouped together and a business ID may be issued for each group. For example, when the businesses S1 and S2 cooperate to provide the same service, a common business ID may be issued to these businesses S1 and S2.
 上記実施形態では、管理サーバ20や職員端末31から認証サーバ10に「顔画像から生成された特徴量」に係る生体情報が送信される場合について説明した。しかし、管理サーバ20等から認証サーバ10に「顔画像」に係る生体情報が送信されてもよい。この場合、認証サーバ10は、取得した顔画像から特徴量を生成し、認証処理(照合処理)を実行すればよい。 In the above embodiment, the case where the biometric information related to the "feature amount generated from the face image" is transmitted from the management server 20 or the staff terminal 31 to the authentication server 10 has been described. However, the biometric information related to the "face image" may be transmitted from the management server 20 or the like to the authentication server 10. In this case, the authentication server 10 may generate a feature amount from the acquired face image and execute the authentication process (verification process).
 上記実施形態では、認証端末30が顔画像を取得し、管理サーバ20が当該顔画像から特徴量を生成する場合について説明した。しかし、認証端末30が顔画像から特徴量を生成し、当該生成した特徴量を管理サーバ20に送信してもよい。即ち、管理サーバ20が特徴量の生成を行わなくてもよい。 In the above embodiment, the case where the authentication terminal 30 acquires the face image and the management server 20 generates the feature amount from the face image has been described. However, the authentication terminal 30 may generate a feature amount from the face image and transmit the generated feature amount to the management server 20. That is, the management server 20 does not have to generate the feature amount.
 端末40からの公的情報提供許諾を処理する際、認証サーバ10は、公的情報特定データの有効性を検証してもよい(公的情報特定データが正しいデータか否かを検証してもよい)。公的情報特定データにチェックサム等が付与されている場合には、認証サーバ10は、当該チェックサムにより公的情報特定データの有効性を検証してもよい。あるいは、認証サーバ10は、取得した公的情報特定データを対応する公的サーバに送信し、その有効性に関する検証を依頼してもよい。 When processing the public information provision permission from the terminal 40, the authentication server 10 may verify the validity of the public information specific data (even if it verifies whether the public information specific data is correct data or not). good). When a checksum or the like is attached to the public information specific data, the authentication server 10 may verify the validity of the public information specific data by the checksum. Alternatively, the authentication server 10 may send the acquired public information specific data to the corresponding public server and request verification of its validity.
 職員端末31は、複数種類の公的情報に関する情報提供を認証サーバ10に行ってもよい。例えば、職員端末31は、同じ利用者のパスポートと保険証の記載情報に関する公的情報提供要求を認証サーバ10に送信してもよい。この場合、認証サーバ10は、パスポートサーバ41、保険証サーバ42のそれぞれにパスポート番号、保険証番号を送信し、必要な公的情報を取得すればよい。例えば、職員端末31がドラッグストアに設置されている場合を考える。この場合、職員(薬剤師)は職員端末31を操作して、患者に薬を提供する際に保険証の情報を取得したり、商品購入者の免税処理を行う際にパスポートの情報を取得したりしてもよい。このように、職員端末31は、利用者(職員)の操作等に応じて認証サーバ10から異なる公的情報を取得するハイブリッド端末とすることができる。 The staff terminal 31 may provide information on a plurality of types of public information to the authentication server 10. For example, the staff terminal 31 may send a public information provision request regarding the information described in the passport and the insurance card of the same user to the authentication server 10. In this case, the authentication server 10 may transmit the passport number and the insurance card number to the passport server 41 and the insurance card server 42, respectively, and acquire necessary public information. For example, consider the case where the staff terminal 31 is installed in a drug store. In this case, the staff (pharmacist) operates the staff terminal 31 to acquire the information of the insurance card when providing the medicine to the patient, or the information of the passport when performing the tax exemption processing of the product purchaser. You may. In this way, the staff terminal 31 can be a hybrid terminal that acquires different public information from the authentication server 10 according to the operation of the user (staff) or the like.
 上記実施形態では、認証端末30は、管理サーバ20を介して利用者の認証要求(生体情報)を認証サーバ10に送信することを説明した。しかし、認証端末30は、認証サーバ10に対して直接、認証要求を送信してもよい。即ち、認証端末30は、直接又は間接的に認証要求(生体情報)を認証サーバ10に送信してもよい。 In the above embodiment, it has been described that the authentication terminal 30 transmits a user's authentication request (biological information) to the authentication server 10 via the management server 20. However, the authentication terminal 30 may send an authentication request directly to the authentication server 10. That is, the authentication terminal 30 may directly or indirectly transmit an authentication request (biological information) to the authentication server 10.
 また、上記実施形態では、職員端末31が、認証サーバ10に対して直接、公的情報提供要求を送信する場合について説明した。しかし、職員端末31は、認証サーバ10と職員端末31の間に接続されたサーバを介して、公的情報提供要求を認証サーバ10に送信してもよい。即ち、職員端末31は、直接又は間接的に公的情報提供要求(生体情報)を認証サーバ10に送信してもよい。 Further, in the above embodiment, the case where the staff terminal 31 directly transmits the public information provision request to the authentication server 10 has been described. However, the staff terminal 31 may send a public information provision request to the authentication server 10 via a server connected between the authentication server 10 and the staff terminal 31. That is, the staff terminal 31 may directly or indirectly transmit a public information provision request (biological information) to the authentication server 10.
 一台の端末(認証端末30、職員端末31)が、利用者の認証要求と公的情報提供要求を認証サーバ10に送信してもよい。例えば、図2に示す認証端末30は、ホテルに設置された端末である場合を考える。この場合、認証端末30は、利用者のチェックイン処理を担うチェックイン端末としての機能と、免税処理を行う免税端末としての機能と、を備えることができる。チェックイン端末として機能する場合には、認証端末30は、ホテルを訪れた宿泊客の生体情報を含む認証要求を直接又は間接的に認証サーバ10に送信する。認証端末30は、利用者のサービス情報(予約情報)に基づきチェックイン手続きを進める。免税端末として機能する場合には、認証端末30は、免税品購入者の生体情報とパスポートに関する公的情報提供要求を直接又は間接的に認証サーバ10に送信する。認証端末30は、認証サーバ10から取得したパスポートの記載事項に従い免税処理を進める。このように、端末は、実現しようとする機能に応じて認証要求と公的情報提供要求を使い分けて認証サーバ10に送信してもよい。また、認証サーバ10は、受信した要求の種類に応じてサービスユーザIDを端末に通知したり、公的情報を端末に通知したりする。 One terminal (authentication terminal 30, staff terminal 31) may send a user's authentication request and a public information provision request to the authentication server 10. For example, consider the case where the authentication terminal 30 shown in FIG. 2 is a terminal installed in a hotel. In this case, the authentication terminal 30 can be provided with a function as a check-in terminal responsible for the user's check-in process and a function as a tax exemption terminal for performing the tax exemption process. When functioning as a check-in terminal, the authentication terminal 30 directly or indirectly transmits an authentication request including biometric information of a guest who has visited the hotel to the authentication server 10. The authentication terminal 30 proceeds with the check-in procedure based on the service information (reservation information) of the user. When functioning as a duty-free terminal, the authentication terminal 30 directly or indirectly transmits a request for providing public information regarding the biometric information of the duty-free goods purchaser and the passport to the authentication server 10. The authentication terminal 30 proceeds with tax exemption processing according to the items described in the passport obtained from the authentication server 10. In this way, the terminal may transmit the authentication request and the public information provision request to the authentication server 10 according to the function to be realized. Further, the authentication server 10 notifies the terminal of the service user ID or notifies the terminal of public information according to the type of the received request.
 上記実施形態では、例えば、図27に示すように、利用者は公的情報(例えば、パスポート、保険証)を単位として情報提供の許諾を行う場合について説明した。しかし、利用者が公的情報の項目ごとに提供を許諾するか否かを入力するインターフェイスが利用者に提供されてもよい。例えば、パスポートを記載事項のうち氏名、国籍に限り情報提供を許諾するといった入力が可能なGUIが利用者に提供されてもよい。 In the above embodiment, for example, as shown in FIG. 27, a case where the user grants permission to provide information in units of public information (for example, passport, health insurance card) has been described. However, the user may be provided with an interface for inputting whether or not the user permits the provision of each item of public information. For example, a GUI that allows input such as permitting information provision only for the name and nationality of the items described in the passport may be provided to the user.
 端末40は、利用者の公的情報の提供許諾を取得する際、当該情報提供の利点を利用者に通知してもよい。例えば、端末40は、図27に示す表示において、「パスポートの情報提供をすれば免税手続きが簡単に終了します。」といったメッセージを出力してもよい。 The terminal 40 may notify the user of the advantage of providing the information when obtaining the permission to provide the public information of the user. For example, the terminal 40 may output a message such as "If the passport information is provided, the tax exemption procedure can be easily completed" in the display shown in FIG. 27.
 認証サーバ10は、利用者登録時に取得した身元確認書類を公的情報データベース等に記憶しておくことも可能である。この場合、認証サーバ10は、利用者から提供許諾された公的書類とデータベースに登録された身元確認書類が同じ場合には、利用者から公的情報特定データを取得しなくともよい。例えば、身元確認書類として「パスポート」が取得され、利用者がパスポートの記載事項に関する提供許諾を行った場合を考える。この場合、認証サーバ10は、データベースに登録されたパスポート(ユーザID、生体情報と対応付けられた身元確認書類)からパスポート番号を読み出してもよい。 The authentication server 10 can also store the identification documents acquired at the time of user registration in a public information database or the like. In this case, the authentication server 10 does not have to acquire the public information specific data from the user when the official document licensed by the user and the identity verification document registered in the database are the same. For example, consider a case where a "passport" is obtained as an identity verification document and the user grants permission to provide the items described in the passport. In this case, the authentication server 10 may read the passport number from the passport (user ID, identity verification document associated with the biometric information) registered in the database.
 認証システムに含まれる各装置は、情報送信(認証要求、公的情報提供要求等)の際に電子署名を付与してもよい。情報を取得した装置(例えば、認証サーバ、公的サーバ)は、付与された電子署名を検証し、身元が正しく確認できた情報に限り処理してもよい。 Each device included in the authentication system may be given an electronic signature when transmitting information (authentication request, public information provision request, etc.). The device that has acquired the information (for example, an authentication server or a public server) may verify the digital signature given and process only the information whose identity can be correctly confirmed.
 各装置(認証サーバ10、管理サーバ20、認証端末30、職員端末31)間のデータ送受信の形態は特に限定されないが、これら装置間で送受信されるデータは暗号化されていてもよい。これらの装置間では、生体情報が送受信され、当該生体情報を適切に保護するためには、暗号化されたデータが送受信されることが望ましい。 The form of data transmission / reception between each device (authentication server 10, management server 20, authentication terminal 30, staff terminal 31) is not particularly limited, but the data transmitted / received between these devices may be encrypted. Biometric information is transmitted and received between these devices, and it is desirable that encrypted data be transmitted and received in order to appropriately protect the biometric information.
 上記説明で用いた流れ図(フローチャート、シーケンス図)では、複数の工程(処理)が順番に記載されているが、実施形態で実行される工程の実行順序は、その記載の順番に制限されない。実施形態では、例えば各処理を並行して実行する等、図示される工程の順番を内容的に支障のない範囲で変更することができる。 In the flow chart (flow chart, sequence diagram) used in the above description, a plurality of processes (processes) are described in order, but the execution order of the processes executed in the embodiment is not limited to the order of description. In the embodiment, the order of the illustrated processes can be changed within a range that does not hinder the contents, for example, each process is executed in parallel.
 上記の実施形態は本願開示の理解を容易にするために詳細に説明したものであり、上記説明したすべての構成が必要であることを意図したものではない。また、複数の実施形態について説明した場合には、各実施形態は単独で用いてもよいし、組み合わせて用いてもよい。例えば、実施形態の構成の一部を他の実施形態の構成に置き換えることや、実施形態の構成に他の実施形態の構成を加えることも可能である。さらに、実施形態の構成の一部について他の構成の追加、削除、置換が可能である。 The above embodiment has been described in detail in order to facilitate understanding of the disclosure of the present application, and is not intended to require all the configurations described above. Moreover, when a plurality of embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace a part of the configuration of the embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of the embodiment. Further, it is possible to add, delete, or replace a part of the configuration of the embodiment with another configuration.
 上記の説明により、本発明の産業上の利用可能性は明らかであるが、本発明は、民間事業者や公的機関の利用者を認証する認証システムなどに好適に適用可能である。 Although the industrial applicability of the present invention is clear from the above description, the present invention is suitably applicable to an authentication system for authenticating users of private businesses and public institutions.
 上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。
[付記1]
 利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースと、
 第1の事業者から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の事業者に送信する、認証部と、
 第2の事業者から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の事業者に送信する、情報提供部と、
 を備える、認証サーバ。
[付記2]
 前記データベースは、前記利用者を識別するための第3のIDをさらに記憶し、
 前記利用者の生体情報と前記利用者の身元確認書類を含む利用者登録要求を受信すると、前記身元確認書類に基づいて前記利用者の本人確認を行い、本人確認に成功した前記利用者の生体情報と前記第3のIDを前記データベースに登録する、利用者登録部をさらに備える、付記1に記載の認証サーバ。
[付記3]
 前記利用者登録部は、前記利用者の本人確認に成功すると、前記第3のIDを前記利用者に払い出す、付記2に記載の認証サーバ。
[付記4]
 前記利用者登録部は、前記利用者登録要求に含まれる前記利用者の生体情報と前記身元確認書類から得られる生体情報を用いた1対1照合に成功した場合に、前記利用者の本人確認に成功したと判定する、付記2又は3に記載の認証サーバ。
[付記5]
 前記第1の事業者から前記第1のIDと前記第3のIDを含む事業者登録要求を受信すると、前記第2のIDを生成し、前記生成された第2のIDを前記第1の事業者に払い出す、事業者登録部をさらに備える、付記2乃至4のいずれか一に記載の認証サーバ。
[付記6]
 前記第3のIDと前記公的情報特定データを含む公的情報提供許諾を受信すると、前記第3のIDに対応するエントリに前記公的情報特定データを記憶する、特定データ登録部をさらに備える、付記2乃至5のいずれか一に記載の認証サーバ。
[付記7]
 前記認証部は、前記データベースに記憶された生体情報と前記認証要求に含まれる被認証者の生体情報を用いた1対N(Nは正の整数)照合を実行する、付記1乃至6のいずれか一に記載の認証サーバ。
[付記8]
 前記認証部は、前記認証要求に含まれる前記第1のIDが、前記1対N照合により特定された利用者と対応付けられて前記データベースに記憶されている場合に、前記認証処理に成功したと判定する、付記7に記載の認証サーバ。
[付記9]
 前記情報提供部は、前記データベースに記憶された生体情報と前記公的情報提供要求に含まれる生体情報を用いた1対N(Nは正の整数)照合を実行することで、前記第2の事業者が公的情報を参照したい利用者を特定する、付記1乃至8のいずれか一に記載の認証サーバ。
[付記10]
 前記データベースは、各利用者に関して複数の前記公的情報特定データを記憶し、
 前記情報提供部は、前記特定された利用者の前記複数の公的情報特定データのうち前記公的情報提供要求に含まれる前記公的情報の種類に対応する公的情報特定データを前記公的サーバに送信する、付記9に記載の認証サーバ。
[付記11]
 前記生体情報は、顔画像又は前記顔画像から生成された特徴量である、付記1乃至10のいずれか一に記載の認証サーバ。
[付記12]
 第1の事業者に設置された第1の端末と、
 第2の事業者に設置された第2の端末と、
 前記第1及び第2の端末と接続された認証サーバと、
 を含み、
 前記認証サーバは、
 利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースと、
 前記第1の端末から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の端末に送信する、認証部と、
 前記第2の端末から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の端末に送信する、情報提供部と、
 を備える、システム。
[付記13]
 利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースを備える認証サーバにおいて、
 第1の事業者から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の事業者に送信し、
 第2の事業者から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の事業者に送信する、認証サーバの制御方法。
[付記14]
 利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースを備える認証サーバに搭載されたコンピュータに、
 第1の事業者から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の事業者に送信する処理と、
 第2の事業者から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の事業者に送信する処理と、
 を実行させるためのプログラム。 Some or all of the above embodiments may also be described, but not limited to:
[Appendix 1]
The biometric information of the user, the first ID that identifies the business operator that provides the service to the user, the second ID that is uniquely determined by the combination of the user and the business operator, and the provision by the user. A database that stores in association with public information specific data for specifying licensed public information,
The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first business operator, and the second of the authentication successful persons. The authentication unit, which sends the ID of the above to the first business operator,
When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the public information is specified. An information providing unit that acquires the public information to be referred to from a public server that holds the public information to be referred to using data and transmits the acquired public information to the second business operator.
An authentication server.
[Appendix 2]
The database further stores a third ID for identifying the user.
Upon receiving the user registration request including the user's biometric information and the user's identity verification document, the user's identity is confirmed based on the identity verification document, and the user's living body that succeeds in identity verification. The authentication server according to Appendix 1, further comprising a user registration unit that registers information and the third ID in the database.
[Appendix 3]
The authentication server according to Appendix 2, wherein the user registration unit issues the third ID to the user when the user's identity is successfully confirmed.
[Appendix 4]
When the user registration unit succeeds in one-to-one verification using the biometric information of the user included in the user registration request and the biometric information obtained from the identity verification document, the user registration unit confirms the identity of the user. The authentication server according to Appendix 2 or 3, which is determined to be successful.
[Appendix 5]
Upon receiving a business registration request including the first ID and the third ID from the first business, the second ID is generated, and the generated second ID is used as the first ID. The authentication server according to any one of Supplementary note 2 to 4, further comprising a business registration unit, which is paid out to the business.
[Appendix 6]
Upon receiving the public information provision permission including the third ID and the public information specific data, a specific data registration unit for storing the public information specific data in the entry corresponding to the third ID is further provided. , The authentication server according to any one of Supplementary note 2 to 5.
[Appendix 7]
The authentication unit executes one-to-N (N is a positive integer) collation using the biometric information stored in the database and the biometric information of the person to be authenticated included in the authentication request, any of Supplementary note 1 to 6. The authentication server described in Kaichi.
[Appendix 8]
The authentication unit succeeded in the authentication process when the first ID included in the authentication request is stored in the database in association with the user specified by the one-to-N collation. The authentication server according to Appendix 7.
[Appendix 9]
The information providing unit performs a one-to-N (N is a positive integer) collation using the biometric information stored in the database and the biometric information included in the public information provision request, thereby performing the second method. The authentication server according to any one of Supplementary note 1 to 8, which identifies a user who wants to refer to public information by a business operator.
[Appendix 10]
The database stores a plurality of the public information specific data for each user.
The information providing unit uses the public information specifying data corresponding to the type of the public information included in the public information providing request among the plurality of public information specifying data of the specified user. The authentication server according to Appendix 9 to be transmitted to the server.
[Appendix 11]
The authentication server according to any one of Supplementary note 1 to 10, wherein the biometric information is a face image or a feature amount generated from the face image.
[Appendix 12]
The first terminal installed in the first operator and
The second terminal installed in the second operator,
An authentication server connected to the first and second terminals,
Including
The authentication server is
The biometric information of the user, the first ID that identifies the business operator that provides the service to the user, the second ID that is uniquely determined by the combination of the user and the business operator, and the provision by the user. A database that stores in association with public information specific data for specifying licensed public information,
The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first terminal, and the second person of the successful authentication person. And the authentication unit that sends the ID of
When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to from the second terminal, the public information identification An information providing unit that acquires the public information to be referred to from a public server that holds the public information to be referred to using data and transmits the acquired public information to the second terminal.
The system.
[Appendix 13]
The biometric information of the user, the first ID that identifies the business operator that provides the service to the user, the second ID that is uniquely determined by the combination of the user and the business operator, and the provision by the user. In an authentication server equipped with a database that stores in association with public information identification data for identifying licensed public information.
The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first business operator, and the second of the authentication successful persons. ID is sent to the first business operator,
When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the public information is specified. A control method of an authentication server that acquires the public information to be referred to from a public server that holds the public information to be referred to using data and transmits the acquired public information to the second business operator. ..
[Appendix 14]
The biometric information of the user, the first ID that identifies the business operator that provides the service to the user, the second ID that is uniquely determined by the combination of the user and the business operator, and the provision by the user. A computer installed in an authentication server equipped with a database that stores the public information identification data for specifying the licensed public information in association with it.
The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first business operator, and the second of the authentication successful persons. And the process of transmitting the ID of
When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the public information is specified. A process of acquiring the public information to be referred to from a public server holding the public information to be referred to using data and transmitting the acquired public information to the second business operator.
A program to execute.
 なお、引用した上記の先行技術文献の各開示は、本書に引用をもって繰り込むものとする。以上、本発明の実施形態を説明したが、本発明はこれらの実施形態に限定されるものではない。これらの実施形態は例示にすぎないということ、及び、本発明のスコープ及び精神から逸脱することなく様々な変形が可能であるということは、当業者に理解されるであろう。即ち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得る各種変形、修正を含むことは勿論である。 The disclosures of the above-mentioned prior art documents cited shall be incorporated into this document by citation. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. It will be appreciated by those skilled in the art that these embodiments are merely exemplary and that various modifications are possible without departing from the scope and spirit of the invention. That is, it goes without saying that the present invention includes all disclosure including claims, various modifications and modifications that can be made by those skilled in the art in accordance with the technical idea.
 この出願は、2020年12月3日に出願された日本出願特願2020-201061号を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority on the basis of Japanese Application Japanese Patent Application No. 2020-201061 filed on December 3, 2020, and incorporates all of its disclosures herein.
10、100 認証サーバ
20 管理サーバ
30 認証端末
31 職員端末
40 端末
41 パスポートサーバ
42 保険証サーバ
101 データベース
102、205 認証部
103 情報提供部
201、301、401、501、601 通信制御部
202 利用者登録部
203 事業者登録部
204 特定データ登録部
206 公的情報提供部
207、305、405、504、603 記憶部
302 サービス情報取得部
303 サービス情報登録部
304 認証要求部
311 プロセッサ
312 メモリ
313 入出力インターフェイス
314 通信インターフェイス
402 生体情報取得部
403 サービス提供部
404、503 メッセージ出力部
502 情報提供要求部
602 利用者支援部
611 利用者登録支援部
612 サービス登録支援部
613 提供許諾支援部 10, 100 Authentication server 20 Management server 30 Authentication terminal 31 Staff terminal 40 Terminal 41 Passport server 42 Insurance certificate server 101 Database 102, 205 Authentication unit 103 Information provision unit 201, 301, 401, 501, 601 Communication control unit 202 User registration Department 203 Business Registration Department 204 Specific Data Registration Department 206 Public Information Providing Department 207, 305, 405, 504, 603 Storage Unit 302 Service Information Acquisition Department 303 Service Information Registration Department 304 Authentication Request Department 311 Processor 312 Memory 313 Input / Output Interface 314 Communication interface 402 Biometric information acquisition unit 403 Service provision unit 404, 503 Message output unit 502 Information provision request unit 602 User support unit 611 User registration support unit 612 Service registration support unit 613 Provision permission support unit

Claims (14)

  1.  利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースと、
     第1の事業者から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の事業者に送信する、認証手段と、
     第2の事業者から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の事業者に送信する、情報提供手段と、
     を備える、認証サーバ。     The biometric information of the user, the first ID that identifies the business operator that provides the service to the user, the second ID that is uniquely determined by the combination of the user and the business operator, and the provision by the user. A database that stores in association with public information specific data for specifying licensed public information,
    The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first business operator, and the second of the authentication successful persons. An authentication means for transmitting the ID of the above to the first business operator,
    When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the public information is specified. An information providing means for acquiring the public information to be referred to from a public server holding the public information to be referred to using data and transmitting the acquired public information to the second business operator.
    An authentication server.
  2.  前記データベースは、前記利用者を識別するための第3のIDをさらに記憶し、
     前記利用者の生体情報と前記利用者の身元確認書類を含む利用者登録要求を受信すると、前記身元確認書類に基づいて前記利用者の本人確認を行い、本人確認に成功した前記利用者の生体情報と前記第3のIDを前記データベースに登録する、利用者登録手段をさらに備える、請求項1に記載の認証サーバ。     The database further stores a third ID for identifying the user.
    Upon receiving the user registration request including the user's biometric information and the user's identity verification document, the user's identity is confirmed based on the identity verification document, and the user's living body that succeeds in identity verification. The authentication server according to claim 1, further comprising a user registration means for registering information and the third ID in the database.
  3.  前記利用者登録手段は、前記利用者の本人確認に成功すると、前記第3のIDを前記利用者に払い出す、請求項2に記載の認証サーバ。 The authentication server according to claim 2, wherein the user registration means issues the third ID to the user when the identity of the user is successfully confirmed.
  4.  前記利用者登録手段は、前記利用者登録要求に含まれる前記利用者の生体情報と前記身元確認書類から得られる生体情報を用いた1対1照合に成功した場合に、前記利用者の本人確認に成功したと判定する、請求項2又は3に記載の認証サーバ。 When the user registration means succeeds in one-to-one verification using the biometric information of the user included in the user registration request and the biometric information obtained from the identity verification document, the identity verification of the user is confirmed. The authentication server according to claim 2 or 3, which is determined to have succeeded.
  5.  前記第1の事業者から前記第1のIDと前記第3のIDを含む事業者登録要求を受信すると、前記第2のIDを生成し、前記生成された第2のIDを前記第1の事業者に払い出す、事業者登録手段をさらに備える、請求項2乃至4のいずれか一項に記載の認証サーバ。 Upon receiving a business registration request including the first ID and the third ID from the first business, the second ID is generated, and the generated second ID is used as the first ID. The authentication server according to any one of claims 2 to 4, further comprising a business registration means for paying out to a business.
  6.  前記第3のIDと前記公的情報特定データを含む公的情報提供許諾を受信すると、前記第3のIDに対応するエントリに前記公的情報特定データを記憶する、特定データ登録手段をさらに備える、請求項2乃至5のいずれか一項に記載の認証サーバ。 Upon receiving the public information provision permission including the third ID and the public information specific data, the specific data registration means for storing the public information specific data in the entry corresponding to the third ID is further provided. , The authentication server according to any one of claims 2 to 5.
  7.  前記認証手段は、前記データベースに記憶された生体情報と前記認証要求に含まれる被認証者の生体情報を用いた1対N(Nは正の整数)照合を実行する、請求項1乃至6のいずれか一項に記載の認証サーバ。 The authentication means according to claims 1 to 6, wherein the authentication means executes one-to-N (N is a positive integer) collation using the biometric information stored in the database and the biometric information of the person to be authenticated included in the authentication request. The authentication server described in any one of the items.
  8.  前記認証手段は、前記認証要求に含まれる前記第1のIDが、前記1対N照合により特定された利用者と対応付けられて前記データベースに記憶されている場合に、前記認証処理に成功したと判定する、請求項7に記載の認証サーバ。 The authentication means succeeds in the authentication process when the first ID included in the authentication request is stored in the database in association with the user specified by the one-to-N collation. The authentication server according to claim 7.
  9.  前記情報提供手段は、前記データベースに記憶された生体情報と前記公的情報提供要求に含まれる生体情報を用いた1対N(Nは正の整数)照合を実行することで、前記第2の事業者が公的情報を参照したい利用者を特定する、請求項1乃至8のいずれか一項に記載の認証サーバ。 The information providing means performs a one-to-N (N is a positive integer) collation using the biological information stored in the database and the biological information included in the public information provision request, thereby performing the second method. The authentication server according to any one of claims 1 to 8, wherein the business operator identifies a user who wants to refer to public information.
  10.  前記データベースは、各利用者に関して複数の前記公的情報特定データを記憶し、
     前記情報提供手段は、前記特定された利用者の前記複数の公的情報特定データのうち前記公的情報提供要求に含まれる前記公的情報の種類に対応する公的情報特定データを前記公的サーバに送信する、請求項9に記載の認証サーバ。     The database stores a plurality of the public information specific data for each user.
    The information providing means obtains the public information specifying data corresponding to the type of the public information included in the public information providing request among the plurality of public information specifying data of the specified user. The authentication server according to claim 9, which is transmitted to the server.
  11.  前記生体情報は、顔画像又は前記顔画像から生成された特徴量である、請求項1乃至10のいずれか一項に記載の認証サーバ。 The authentication server according to any one of claims 1 to 10, wherein the biometric information is a face image or a feature amount generated from the face image.
  12.  第1の事業者に設置された第1の端末と、
     第2の事業者に設置された第2の端末と、
     前記第1及び第2の端末と接続された認証サーバと、
     を含み、
     前記認証サーバは、
     利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースと、
     前記第1の端末から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の端末に送信する、認証手段と、
     前記第2の端末から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の端末に送信する、情報提供手段と、
     を備える、システム。     The first terminal installed in the first operator and
    The second terminal installed in the second operator,
    An authentication server connected to the first and second terminals,
    Including
    The authentication server is
    The biometric information of the user, the first ID that identifies the business operator that provides the service to the user, the second ID that is uniquely determined by the combination of the user and the business operator, and the provision by the user. A database that stores in association with public information specific data for specifying licensed public information,
    The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first terminal, and the second person of the successful authentication person. An authentication means for transmitting the ID of the above to the first terminal, and
    When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to from the second terminal, the public information identification An information providing means for acquiring the public information to be referred to from a public server holding the public information to be referred to using data and transmitting the acquired public information to the second terminal.
    The system.
  13.  利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースを備える認証サーバにおいて、
     第1の事業者から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の事業者に送信し、
     第2の事業者から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の事業者に送信する、認証サーバの制御方法。     The biometric information of the user, the first ID that identifies the business operator that provides the service to the user, the second ID that is uniquely determined by the combination of the user and the business operator, and the provision by the user. In an authentication server equipped with a database that stores in association with public information identification data for identifying licensed public information.
    The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first business operator, and the second of the authentication successful persons. ID is sent to the first business operator,
    When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the public information is specified. A control method of an authentication server that acquires the public information to be referred to from a public server that holds the public information to be referred to using data and transmits the acquired public information to the second business operator. ..
  14.  利用者の生体情報と、前記利用者にサービスを提供する事業者を識別する第1のIDと、前記利用者と事業者の組み合わせにより一意に定まる第2のIDと、前記利用者により提供が許諾された公的情報を特定するための公的情報特定データと、対応付けて記憶する、データベースを備える認証サーバに搭載されたコンピュータに、
     第1の事業者から、被認証者の生体情報と前記第1の事業者の前記第1のIDを含む認証要求を受信したことに応じて認証処理を実行し、認証成功者の前記第2のIDを前記第1の事業者に送信する処理と、
     第2の事業者から、前記第2の事業者が公的情報を参照したい利用者の生体情報と前記参照したい公的情報の種類を含む公的情報提供要求を受信すると、前記公的情報特定データを用いて前記参照したい公的情報を保持する公的サーバから前記参照したい公的情報を取得し、前記取得された公的情報を前記第2の事業者に送信する処理と、
     を実行させるためのプログラムを記録したコンピュータ読み取り可能な記録媒体。     The biometric information of the user, the first ID that identifies the business operator that provides the service to the user, the second ID that is uniquely determined by the combination of the user and the business operator, and the provision by the user. A computer installed in an authentication server equipped with a database that stores the public information identification data for specifying the licensed public information in association with it.
    The authentication process is executed in response to receiving the authentication request including the biometric information of the person to be authenticated and the first ID of the first business operator from the first business operator, and the second of the authentication successful persons. And the process of transmitting the ID of
    When the second business operator receives a public information provision request including the biometric information of the user who wants to refer to the public information and the type of the public information to be referred to, the public information is specified. A process of acquiring the public information to be referred to from a public server holding the public information to be referred to using data and transmitting the acquired public information to the second business operator.
    A computer-readable recording medium that contains a program for running the program.
PCT/JP2021/041832 2020-12-03 2021-11-15 Authentication server, system, authentication server control method, and recording medium WO2022118639A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2022566819A JPWO2022118639A5 (en) 2021-11-15 AUTHENTICATION SERVER, SYSTEM, AUTHENTICATION SERVER CONTROL METHOD AND PROGRAM

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2020201061 2020-12-03
JP2020-201061 2020-12-03

Publications (1)

Publication Number Publication Date
WO2022118639A1 true WO2022118639A1 (en) 2022-06-09

Family

ID=81853711

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/041832 WO2022118639A1 (en) 2020-12-03 2021-11-15 Authentication server, system, authentication server control method, and recording medium

Country Status (1)

Country Link
WO (1) WO2022118639A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115134173A (en) * 2022-08-31 2022-09-30 中航信移动科技有限公司 Request response method for determining user authority

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015215767A (en) * 2014-05-12 2015-12-03 株式会社ディー・ディー・エス Output device, output system, output method, and output program
WO2016118304A1 (en) * 2014-12-31 2016-07-28 Imageware Systems, Inc. Cloud-based biometric enrollment, identification and verification through identity providers
WO2020149136A1 (en) * 2019-01-15 2020-07-23 グローリー株式会社 Authentication system, management device, and authentication method
CN111539833A (en) * 2020-04-10 2020-08-14 支付宝(杭州)信息技术有限公司 Medical expense payment method, device and system
WO2021205660A1 (en) * 2020-04-10 2021-10-14 日本電気株式会社 Authentication server, authentication system, authentication server control method, and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015215767A (en) * 2014-05-12 2015-12-03 株式会社ディー・ディー・エス Output device, output system, output method, and output program
WO2016118304A1 (en) * 2014-12-31 2016-07-28 Imageware Systems, Inc. Cloud-based biometric enrollment, identification and verification through identity providers
WO2020149136A1 (en) * 2019-01-15 2020-07-23 グローリー株式会社 Authentication system, management device, and authentication method
CN111539833A (en) * 2020-04-10 2020-08-14 支付宝(杭州)信息技术有限公司 Medical expense payment method, device and system
WO2021205660A1 (en) * 2020-04-10 2021-10-14 日本電気株式会社 Authentication server, authentication system, authentication server control method, and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115134173A (en) * 2022-08-31 2022-09-30 中航信移动科技有限公司 Request response method for determining user authority
CN115134173B (en) * 2022-08-31 2022-11-04 中航信移动科技有限公司 Request response method for determining user permission

Also Published As

Publication number Publication date
JPWO2022118639A1 (en) 2022-06-09

Similar Documents

Publication Publication Date Title
US10885170B1 (en) Methods, systems, and storage media for managing patient information using a blockchain network
RU2017134723A (en) SYSTEMS AND METHODS OF PERSONAL IDENTIFICATION AND VERIFICATION
US11843599B2 (en) Systems, methods, and non-transitory computer-readable media for secure biometrically-enhanced data exchanges and data storage
WO2021042086A1 (en) A method and a system to locally store and authenticate a data of a user
WO2022118639A1 (en) Authentication server, system, authentication server control method, and recording medium
WO2021214970A1 (en) Information processing device, system, facial image updating method, and storage medium
WO2021205660A1 (en) Authentication server, authentication system, authentication server control method, and storage medium
JP7151928B2 (en) AUTHENTICATION SERVER, AUTHENTICATION SERVER CONTROL METHOD AND PROGRAM
WO2021260856A1 (en) Authentication system, authentication server, registration method, and storage medium
WO2022024281A1 (en) Authentication server, authentication system, authentication request processing method, and storage medium
WO2022137954A1 (en) Authentication server, authentication system, and authentication server control method and storage medium
WO2021205661A1 (en) Authentication server, authentication system, authentication server control method, and storage medium
WO2021255821A1 (en) Authentication server, facial image update recommendation method and storage medium
KR102488139B1 (en) Method and system for certificating vaccinaion and offering follow-up management after the vaccination
WO2021205659A1 (en) Authentication server, authentication system, method for controlling authentication server, and storage medium
WO2021214969A1 (en) Authentication system, terminal, control method for terminal, and storage medium
JP2016149082A (en) Biometric authentication platform system, biometric authentication information management apparatus, biometric authentication information management method, and biometric authentication information management program
WO2022044205A1 (en) Authentication system, terminal, management server, personal information providing method, and storage medium
KR102478963B1 (en) A system and method for issuing and verifying digital vaccination certificates
WO2021214968A1 (en) Authentication server, authentication system, and authentication server control method and storage medium
WO2022190344A1 (en) System and proxy payment method
JP7248184B2 (en) Server, system, method and program
JP6332946B2 (en) Information processing apparatus, information processing method, and program
KR102490640B1 (en) Electronic device and method for proving private information between individuals based on blockchain technology
WO2022190345A1 (en) System and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21900394

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022566819

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21900394

Country of ref document: EP

Kind code of ref document: A1