WO2022269669A1 - Information processing system, server, terminal, information processing method, and program - Google Patents

Information processing system, server, terminal, information processing method, and program Download PDF

Info

Publication number
WO2022269669A1
WO2022269669A1 PCT/JP2021/023347 JP2021023347W WO2022269669A1 WO 2022269669 A1 WO2022269669 A1 WO 2022269669A1 JP 2021023347 W JP2021023347 W JP 2021023347W WO 2022269669 A1 WO2022269669 A1 WO 2022269669A1
Authority
WO
WIPO (PCT)
Prior art keywords
biometric information
biometric
information
subject
storage device
Prior art date
Application number
PCT/JP2021/023347
Other languages
French (fr)
Japanese (ja)
Inventor
由佳 榮
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2021/023347 priority Critical patent/WO2022269669A1/en
Priority to JP2023529200A priority patent/JPWO2022269669A1/ja
Publication of WO2022269669A1 publication Critical patent/WO2022269669A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06TIMAGE DATA PROCESSING OR GENERATION, IN GENERAL
    • G06T7/00Image analysis

Definitions

  • the present invention relates to an information processing system, a server, a terminal, an information processing method and a program.
  • Patent Literature 1 discloses a technique of reading personal information including a face image from an IC card, and using imaging data showing the face of the subject and the face image included in the personal information to verify the identity of the subject. is described. Such a technique is used, for example, for identity verification of a target person when applying for use of a service.
  • the device described in Patent Document 2 acquires the first biometric information of the user stored in the biometric information server based on the user ID input by the user.
  • the technology compares the acquired first biometric information with the second biometric information acquired via the input device, and registers the second biometric information in the own device when the matching is successful. Execute the registration process.
  • Such technology is used, for example, to perform biometric authentication using the second biometric information when using a service.
  • Cited Document 2 when registering biometric information for authentication when using a service, the technique described in Cited Document 2 cannot be used if the first biometric information is not stored in advance in the biometric information server. Moreover, even if the first biometric information is stored in the biometric information server, the user must enter the user ID into the terminal device in order to refer to the first biometric information. There is a problem that the convenience of the In addition, there is room for improvement in the certainty of preventing spoofing, considering the case where the user ID is known by another person.
  • One aspect of the present invention has been made in view of the above problems, and an example of its purpose is to prevent spoofing that a service applicant is different from a service user without impairing user convenience. It is to provide a technology that improves certainty.
  • An information processing system includes: a first acquisition unit for acquiring first biometric information of a subject who applies for use of a service; and identity verification of the subject using the first biometric information.
  • a first storage control means for storing the first biometric information in a first storage device if the authentication is successful; a second acquisition means for acquiring second biometric information different from the first biometric information as biometric information for performing the above; the second biometric information; and the biometric information stored in the first storage device.
  • collation means for collating first biometric information; and second storage for storing said second biometric information in a second storage device referred to in said biometric authentication when said collation means succeeds in said collation. and a control means.
  • a server includes first receiving means for receiving, from a terminal, first biometric information of a subject who applies for use of a service, and identity verification of the subject using the first biometric information.
  • a first storage control means for storing the first biometric information in a first storage device if the authentication is successful; second receiving means for receiving second biometric information different from the first biometric information as biometric information for performing the above; the second biometric information; and the biometric information stored in the first storage device Verification means for verifying against first biometric information; and second storage for storing the second biometric information in a second storage device referred to in the biometric authentication when the verification means succeeds in the verification.
  • collation result transmission means for transmitting information based on the collation result by the collation means to a terminal having control means.
  • a terminal is configured to transmit first biometric information of a target person who applies for use of a service to the first biometric information when identity verification of the target person using the first biometric information is successful.
  • a first transmission means for transmitting information to a server having a first storage control means for storing information in a first storage device; and when the identity verification is successful, the subject person can use biometric authentication in the service.
  • second transmitting means for transmitting second biological information different from the first biological information to the server as biological information for and second storage control means for storing the second biometric information in a second storage device when the matching with the biometric information is successful.
  • An information processing method comprises acquiring first biometric information of a subject who applies for use of a service, and when the identity of the subject is successfully verified using the first biometric information, Storing the first biometric information in a first storage device, and storing the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful. Acquiring second biometric information that is different from biometric information, matching the second biometric information with the first biometric information stored in the first storage device, and succeeding in the matching case, storing the second biometric information in a second storage device referred to in the biometric authentication.
  • An information processing method comprises receiving first biometric information of a subject who applies for use of a service, and when the identity of the subject is successfully verified using the first biometric information, Storing the first biometric information in a first storage device, and storing the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful.
  • An information processing method provides a method of transmitting first biometric information of a target person who applies for use of a service to the first biometric information when identity verification of the target person using the first biometric information is successful. to a server that stores the biometric information in the first storage device, and if the identity verification is successful, the biometric information for enabling the subject person to use biometric authentication in the service, transmitting to the server second biometric information different from the biometric information of the second biometric information when the server succeeds in matching the first biometric information and the second biometric information; storing in a second storage device.
  • a program for causing a computer to function as an information processing device comprising: first receiving means for receiving first biological information of a subject applying for use of a service; a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject who has been successfully completed; a second receiving means for receiving second biometric information different from the first biometric information as biometric information for enabling use of biometric authentication; the second biometric information; collation means for collating the first biometric information stored in a storage device; and the second biometric information stored in a second storage device referred to in the biometric authentication when the collation is successful by the collation means.
  • collation result transmission means for transmitting information based on the collation result by the collation means to a terminal having a second storage control means for storing the .
  • a program according to one aspect of the present invention is a program for causing a computer to function as an information processing device, wherein the computer receives first biometric information of a subject who applies for use of a service, the first biometric information.
  • a first transmission means for transmitting the first biometric information to a server having a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject is successful using the said person; second biometric information different from the first biometric information is transmitted to the server as biometric information for enabling the use of biometric authentication by the subject in the service if the confirmation is successful; transmitting means; and second storage control means for storing the second biometric information in a second storage device when the server succeeds in matching the first biometric information and the second biometric information.
  • FIG. 1 is a block diagram showing the configuration of an information processing system according to exemplary Embodiment 1 of the present invention
  • FIG. FIG. 3 is a flow diagram showing the flow of an information processing method according to exemplary embodiment 1 of the present invention
  • 2 is a block diagram showing a schematic configuration of an information processing system 2 according to exemplary Embodiment 2 of the present invention
  • FIG. 4 is a block diagram showing the configuration of a terminal according to exemplary embodiment 2 of the present invention
  • FIG. 10 is a block diagram showing the configuration of a server according to exemplary embodiment 2 of the present invention
  • FIG. 7 is a flow diagram showing the flow of an information processing method according to exemplary embodiment 2 of the present invention
  • FIG. 3 is a flow diagram showing the flow of an information processing method according to exemplary embodiment 1 of the present invention
  • 2 is a block diagram showing a schematic configuration of an information processing system 2 according to exemplary Embodiment 2 of the present invention
  • FIG. 4 is a block diagram showing the configuration of a terminal according to exemplary
  • FIG. 10 is a block diagram showing the configuration of an information processing system according to exemplary Embodiment 3 of the present invention
  • FIG. 10 is a block diagram showing the configuration of a terminal and a server according to exemplary Embodiment 3 of the present invention
  • FIG. 8 is a flow diagram illustrating a method flow for performing an identity verification phase according to illustrative embodiment 3 of the present invention
  • FIG. 8 is a flow diagram illustrating a method flow for performing a usage registration phase of online authentication according to exemplary embodiment 3 of the present invention
  • FIG. 10 is a diagram showing an example of a screen displayed on a terminal according to exemplary embodiment 3 of the present invention
  • FIG. 10 is a diagram showing an example of a screen displayed on a terminal according to exemplary embodiment 3 of the present invention
  • FIG. 10 is a diagram showing an example of a screen displayed on a terminal according to exemplary embodiment 3 of the present invention
  • FIG. 10 is a diagram showing an example of a screen displayed on a terminal according to exemplary embodiment 3
  • FIG. 10 is a diagram showing an example of a screen displayed on a terminal according to exemplary embodiment 3 of the present invention
  • FIG. 8 is a diagram showing storage states of a first storage device and storage states of a second storage device according to exemplary embodiment 3 of the present invention
  • 1 is a block diagram showing the configuration of a computer functioning as an information processing system, terminal, server, or service providing server according to illustrative embodiments 1 to 3 of the present invention
  • FIG. 1 is a block diagram showing the configuration of an information processing system 1.
  • the information processing system 1 includes a first acquisition unit 11, a first storage control unit 12, a second acquisition unit 13, a collation unit 14, and a second storage control unit 15. and
  • the information processing system 1 is composed of one or more information processing devices.
  • these functional blocks are distributed and arranged in the plurality of devices.
  • the first acquisition unit 11 is an example of a configuration that implements the first acquisition means described in the claims.
  • the first storage control unit 12 is an example of a configuration that implements the first storage control means described in the claims.
  • the second acquisition unit 13 is an example of a configuration that implements the second acquisition means recited in the claims.
  • the collation unit 14 is an example of a configuration that implements collation means described in the claims.
  • the second storage control unit 15 is an example of a configuration that implements the second storage control means described in the claims.
  • the first acquisition unit 11 acquires the first biometric information of the target person who applies to use the service.
  • the first storage control unit 12 stores the first biometric information in the first storage device when the identity verification of the subject using the first biometric information is successful.
  • the second acquisition unit 13 acquires second biometric information different from the first biometric information as biometric information for enabling the use of biometric authentication by the target person in the service when the identity verification is successful.
  • the collation unit 14 collates the second biometric information with the first biometric information stored in the first storage device.
  • the second storage control unit 15 stores the second biometric information in the second storage device referred to in biometric authentication when the collation unit 14 succeeds in collation.
  • the first biometric information includes biometric information representing biological characteristics of the subject.
  • the subject's biometric information is, for example, information representing the subject's face image, fingerprint, voiceprint, vein, palmprint, or iris.
  • the first biometric information is information used for identity verification of the subject, and represents, for example, a read image or a photographed image of an official document such as a driver's license or passport to which the subject's face image is attached. Data.
  • the second biometric information includes biometric information representing the biological characteristics of the subject.
  • the second biometric information is, for example, registered as information for verification in online authentication.
  • the second biological information is, for example, data representing an image of the subject's face.
  • Biometric authentication is authentication using a subject's biometric information.
  • biometric authentication for example, a template matching method for an image representing a fingerprint or a face image, a feature point extraction method, a frequency analysis method, and the like are used.
  • biometric authentication may discriminate a subject using a machine-learned model.
  • the biometric authentication according to this exemplary embodiment is not limited to those using these methods, and may be biometric authentication using other methods.
  • FIG. 2 is a flow diagram showing the flow of the information processing method S1.
  • first acquisition step S11 In a first acquisition step S11 (first acquisition process), the first acquisition unit 11 acquires first biometric information of a subject who applies for use of the service. For example, the first acquisition unit 11 may acquire the first biometric information from a device connected via a network, or may acquire the first biometric information by reading it from a memory. For example, if the first biometric information is a photographed image of a driver's license of a subject, the first acquisition unit 11, for example, acquires the image data representing the image of the driver's license photographed by the camera as the first biometric information. to get as Further, when the first biometric information is a facial image, the first acquiring unit 11 acquires image data representing the facial image captured by the camera as the first biometric information, for example.
  • the first acquisition unit 11 may be, for example, an optical sensor, a capacitance sensor, an electric field sensor, a thermal sensor, a pressure sensor, or the like. to obtain data representing an image read by the sensor of .
  • First memory control step S12 In the first storage control step S12 (first storage control process), the first storage control unit 12 stores the first biometric information when the identity verification of the subject using the first biometric information is successful. Store in the first storage device.
  • the information processing system 1 may perform the identity verification of the subject using the first biometric information, or another device may perform the identity verification. Alternatively, an administrator or the like of the information processing system 1 may verify the identity of the subject and input the verification result to the information processing system 1 . In this case, the first storage control unit 12 determines whether or not the personal identification has succeeded based on the information indicating the input result.
  • the second acquisition unit 13 collects the biometric information for enabling the subject to use biometric authentication in the service.
  • second biometric information different from the first biometric information is acquired.
  • the second acquisition unit 13 may acquire the second biometric information from a device connected via a network, or may acquire the second biometric information by reading it from a memory.
  • the second acquiring unit 13 acquires image data representing the facial image captured by the camera as the second biometric information, for example.
  • the second acquisition unit 13 may be, for example, an optical sensor, a capacitance sensor, an electric field sensor, a thermal sensor, a pressure sensor, or the like. to obtain data representing an image read by the sensor of .
  • the collation unit 14 collates the second biometric information with the first biometric information stored in the first storage device.
  • the matching unit 14 performs matching using an image representing a fingerprint or a face image template matching method, a feature point extraction method, a frequency analysis method, or the like.
  • the matching unit 14 may determine the matching result using a learned model learned by machine learning.
  • the second storage control unit 15 stores the second biometric information in the second storage device referred to in biometric authentication when the matching unit 14 succeeds in matching.
  • the second storage control unit 15 may store the second biological information in a second storage device connected via a network.
  • the first biometric information of the subject who applies for the use of the service is acquired, and the identification of the subject is performed using the first biometric information. If successful, the first biometric information is stored in the first storage device, and if the identity verification is successful, the first biometric information is stored as biometric information for enabling the subject person to use biometric authentication in the service. acquire second biometric information different from the first biometric information, compare the second biometric information with the first biometric information stored in the first storage device, and refer to biometric authentication if the collation is successful A configuration is adopted in which the second biometric information is stored in the second storage device.
  • the user ID and the link are used. It does not require a server in which the attached first biometric information is stored in advance. As a result, it is possible to obtain the effect of improving the certainty of preventing spoofing that the applicant of the service and the user of the service are different without impairing the user's convenience.
  • FIG. 3 is a block diagram showing a schematic configuration of the information processing system 2.
  • the information processing system 2 includes a terminal 20 and a server 30 .
  • Terminal 20 and server 30 are communicably connected to each other via a network.
  • the network is composed of, for example, a wireless LAN, a wired LAN, a mobile data communication network, the Internet, or a combination of some or all of these.
  • FIG. 4 is a block diagram showing the configuration of the terminal 20.
  • Terminal 20 includes first transmission section 201 , second transmission section 202 , and second storage control section 203 .
  • the first transmission unit 201 is an example of a configuration that implements the first transmission means recited in the claims.
  • the second transmission unit 202 is an example of a configuration that implements the second transmission means described in the claims.
  • the second storage control unit 203 is an example of a configuration that implements the second storage control means described in the claims.
  • the first transmission unit 201 transmits to the server 30 the first biometric information of the target person who applies for the service.
  • the server 30 has a first storage control unit 302 that stores the first biometric information in the first storage device when the identification of the subject using the first biometric information is successful.
  • the second transmission unit 202 uses the biometric information different from the first biometric information as the biometric information for enabling the use of biometric authentication by the target person in the service.
  • the second biometric information is transmitted to the server 30 .
  • the second storage control unit 203 stores the second biometric information in the second storage device when the server 30 successfully matches the first biometric information and the second biometric information.
  • FIG. 5 is a block diagram showing the configuration of the server 30.
  • the server 30 includes a first reception section 301 , a first storage control section 302 , a second reception section 303 , a collation section 304 and a collation result transmission section 305 .
  • the first receiving section 301 is an example of a configuration that implements the first receiving means described in the claims.
  • the first storage control unit 302 is an example of a configuration that implements the first storage control means described in the claims.
  • the second receiving section 303 is an example of a configuration that implements the second receiving means described in the claims.
  • the collation unit 304 is an example of a configuration that implements collation means described in the claims.
  • the collation result transmission unit 305 is an example of a configuration that implements the collation result transmission unit described in the claims.
  • the first receiving unit 301 receives from the terminal 20 the first biometric information of the target person who applies for the use of the service.
  • the first storage control unit 302 stores the first biometric information in the first storage device when the identity verification of the subject using the first biometric information is successful.
  • the second receiving unit 303 receives second biometric information different from the first biometric information as biometric information for enabling the use of biometric authentication by the target person in the service.
  • a collation unit 304 collates the second biometric information with the first biometric information stored in the first storage device.
  • the matching result transmission unit 305 transmits information based on the matching result by the matching unit 304 to the terminal 20 .
  • the terminal 20 has the second storage control unit 203 that stores the second biometric information in the second storage device that is referred to in biometric authentication when the matching unit 304 succeeds in matching.
  • Information based on the matching result is, for example, information indicating that the matching was successful or information indicating that the matching was unsuccessful.
  • FIG. 6 is a flowchart showing the flow of the information processing method S2.
  • First transmission step S201/first reception step S202 In a first transmission step S ⁇ b>201 (first transmission processing), the first transmission unit 201 transmits to the server 30 first biometric information of a subject who applies for use of the service. In a first receiving step S ⁇ b>202 (first receiving process), the first receiving unit 301 receives first biological information from the terminal 20 .
  • First memory control step S203 In the first storage control step S203 (first storage control process), the first storage control unit 302 stores the first biometric information when the identity verification of the subject using the first biometric information is successful. Store in the first storage device.
  • the second transmission unit 202 If the identity verification using the first biometric information is successful, in the second transmission step S204 (second transmission processing), the second transmission unit 202 enables the subject person to use biometric authentication in the service. Second biometric information, which is different from the first biometric information, is transmitted to the server 30 as the biometric information for performing this. In the second receiving step S ⁇ b>205 , the second receiving unit 303 receives second biological information from the terminal 20 .
  • the matching unit 304 matches the second biometric information received by the second receiving unit 303 with the first biometric information stored in the first storage device.
  • the matching result transmission step S ⁇ b>207 matching result transmission process
  • the matching result transmitting unit 305 transmits information based on the matching result by the matching unit 304 to the terminal 20 .
  • the second storage control unit 203 stores the second biometric information when the server 30 succeeds in matching the first biometric information and the second biometric information. is stored in the second storage device.
  • the first biometric information of the subject who applies for the service is received from the terminal, and the identification of the subject is performed using the first biometric information. If successful, the first biometric information is stored in the first storage device, and if the identity verification is successful, the first biometric information is stored as the biometric information for enabling the subject person to use biometric authentication in the service. receives second biometric information different from the biometric information of the terminal 20, compares the second biometric information with the first biometric information stored in the first storage device, and if the matching is successful, the terminal 20 A configuration is adopted in which information based on the collation result is transmitted to.
  • the first biometric information of the target person applying for the service is transmitted to the server 30, and if the target person's identity is successfully verified, the service uses the biometric information of the target person.
  • Second biometric information different from the first biometric information is transmitted to the server 30 as biometric information for enabling the use of authentication, and the server 30 compares the first biometric information and the second biometric information.
  • a configuration is adopted in which the second biometric information is stored in the second storage device when the collation is successful.
  • the terminal only needs to transmit the first biometric information when applying for a service, and transmit the second biometric information to enable the use of biometric authentication in the service. No need to fetch and send to the server. As a result, it is possible to obtain the effect of improving the certainty of preventing spoofing that the applicant of the service and the user of the service are different without impairing the user's convenience.
  • FIG. 7 is a block diagram showing the configuration of an information processing system 2A according to this exemplary embodiment.
  • the information processing system 2A is a system that performs identity verification of end users who use services provided by service providers and online authentication using biometric authentication.
  • services provided by service providers include internet banking, car sharing services, and voice call services using mobile phone terminals using SIM cards (Subscriber Identity Module Cards).
  • SIM cards Subscriber Identity Module Cards
  • Personal identification is performed, for example, when a target person opens an Internet banking account, applies for car sharing, or purchases a SIM card.
  • Online authentication is performed, for example, when a target person uses services such as online money transfer, use of a car in car sharing, voice communication using a SIM card, and the like.
  • the information processing system 2A performs identity verification of the end user by eKYC (electronic Know Your Consumer), and performs authentication according to the FIDO (Fast IDentity Online) protocol as online authentication for using the above service (hereinafter referred to as "FIDO authentication).
  • eKYC is a technology for non-face-to-face identity verification such as online.
  • FIDO is an authentication technology that performs end-user biometric authentication on the terminal side.
  • the end user of the information processing system 2A is also called "subject".
  • Identity confirmation is to confirm that the person to be declared is the person himself/herself, and includes identification of the person to be identified and authentication of the person himself/herself. Identity confirmation is confirmation of the existence of a subject, and for example, confirmation through official documents that attribute information such as declared name and address is correct. Identity authentication means confirming that the subject person is the person who declared it by means of authentication factors (knowledge, possession, biometrics, etc.).
  • the information processing system 2A includes a terminal 20A, a server 30A, a biometric information storage device 40A, and a service providing server 80.
  • the terminal 20A, the server 30A and the service providing server 80 are communicably connected to each other via a network.
  • the network is composed of, for example, a wireless LAN, a wired LAN, a mobile data communication network, the Internet, or a combination of some or all of these.
  • a wireless LAN for example, a wireless LAN, a wired LAN, a mobile data communication network, the Internet, or a combination of some or all of these.
  • the terminal 20A is a terminal used by the subject, such as a laptop computer, desktop computer, tablet terminal, or smart phone.
  • the server 30A is a device that performs identity verification and online authentication of a subject. Server 30A may be a single device, or may be implemented by a plurality of devices working together.
  • the biometric information storage device 40A is a device that stores first biometric information.
  • the biological information storage device 40A may be built in the server 30A, or may be a separate device connected to the server 30A via an input/output interface or a communication interface.
  • the service providing server 80 is a server for providing customer services.
  • FIG. 8 is a block diagram showing configurations of the terminal 20A and the server 30A.
  • the terminal 20A includes a first transmission section 201A, a second transmission section 202A, a second memory control section 203A, a biometric information storage section 206A, an authentication section 207A, and an imaging section 208A.
  • the first transmission unit 201A transmits the first biological information of the subject to the server 30A.
  • the second transmission unit 202A transmits to the server 30A the second biometric information, which serves as verification data referred to in online authentication.
  • the second storage control unit 203A stores the second biometric information in the biometric information storage unit 206A.
  • the biometric information storage unit 206A is a storage device that stores second biometric information, and is an example of a configuration that implements the second storage device described in the claims.
  • the authentication unit 207A performs authentication using the second biometric information stored in the biometric information storage unit 206A.
  • the authentication performed by the authentication unit 207A is, for example, authentication according to the FIDO protocol.
  • the photographing unit 208A is a photographing device that photographs a subject.
  • the first biometric information is image data obtained by photographing an official document to which the subject's facial photograph is attached, or image data obtained by reading the official document. That is, the first biometric information includes biometric information of the subject and information used for identification of the subject.
  • the official document to which the target person's face photo is attached is also referred to as "confirmation document”. Confirmation documents are, for example, a driver's license, passport, residence card, and my number card.
  • Information used for identification of the subject includes, for example, information representing the subject's address, name, telephone number, or date of birth.
  • the second biometric information is image data obtained by photographing the subject's face.
  • the server 30A includes a first receiving section 301A, a first storage control section 302A, a second receiving section 303A, a matching section 304A, a biometric authentication management section 305A, and a confirmation section 306A.
  • 305 A of biometrics management parts are an example of the structure which implement
  • 306 A of confirmation parts are an example of the structure which implement
  • the first receiving unit 301A receives the first biological information and the third biological information of the subject from the terminal 20A.
  • the first storage control unit 302A stores the first biometric information in the biometric information storage device 40A.
  • the second receiver 303A receives the second biological information.
  • 304 A of collation parts collate the 1st biometric information memorize
  • 305 A of biometrics management parts transmit the information based on the collation result by the collation part 304 to the terminal 20.
  • FIG. Confirmation unit 306A performs identity verification of the subject using the first biometric information and the third biometric information.
  • the flow of the information processing method executed by the information processing system 2A configured as described above will be described with reference to the drawings.
  • the information processing method performed by the information processing system 2A includes (i) a phase of identity verification and (ii) a phase of online authentication usage registration.
  • FIG. 9 is a flowchart showing the flow of the execution method S3 of the personal identification phase performed by the information processing system 2A.
  • the information processing system 2A performs identity verification using an image representing the confirmation document photographed by the subject and a face image obtained by photographing the subject's face.
  • a general-purpose application (WEB browser, etc.) for exchanging data with the service providing server 80 and the server 30A, and a dedicated application for using services using FIDO authentication are pre-installed in the terminal 20A.
  • the target person uses the terminal 20A to perform an operation to apply for the use of the service provided by the service provider.
  • the target person uses the terminal 20A to enter information indicating the SIM plan to be contracted, information indicating agreement to the contract, personal identification information, etc. in the application reception system provided by the service provider.
  • an operation to apply for use of the service is performed.
  • the personal identification information includes, for example, information representing the address, name, telephone number, or date of birth of the target person.
  • step S301 the terminal 20A transmits a request to start applying for a service to the service providing server 80 based on the operation details of the subject.
  • This request includes, by way of example, the subject's identification information.
  • step S302 When the service providing server 80 receives the request from the terminal 20A, in step S302, the service providing server 80 transmits a request for personal identification processing to the server 30A. Specifically, for example, the request transmitted from the service providing server 80 is redirected by the WEB browser of the terminal 20A, and the request is transmitted to the server 30A.
  • the server 30A When the server 30A receives a request for identity verification processing from the service providing server 80, the server 30A transmits a request for the verification document of the subject and the face image of the subject to the terminal 20A.
  • the data representing the confirmation document is an example of the first biometric information described in the claims
  • the data representing the face image of the subject is an example of the third biometric information described in the claims.
  • the server 30A transmits, for example, screen data for photographing the confirmation document and screen data for photographing the subject's face to the terminal 20A.
  • the terminal 20A displays a screen for photographing an official document for personal identification based on the screen data received from the server 30A.
  • FIG. 11 is a diagram showing an example of the screen displayed on the terminal 20A in step S305.
  • the screen G1 includes a guide message for photographing the confirmation document, a photographing button, and the like.
  • the subject photographs an official document for personal identification on the screen G1.
  • the terminal 20A displays a screen for photographing the subject's face.
  • FIG. 12 is a diagram showing an example of a screen for photographing a subject's face.
  • the screen G2 includes a guide message for photographing the subject's face, a photographing button, and the like.
  • the subject photographs the subject's face on the screen G2.
  • the terminal 20A analyzes the image data generated by shooting and determines whether there is any problem with the image data. For example, if the subject wears a hat, mask, sunglasses, or the like, facial feature points cannot be acquired. Therefore, when the terminal 20A determines that the feature points of the face cannot be acquired, the terminal 20A requests the subject to re-photograph.
  • step S305 the terminal 20A transmits image data of the photographed confirmation document and image data of the subject's face to the server 30A.
  • the image data obtained by photographing the confirmation document and the image data obtained by photographing the face of the subject are also referred to as "confirmation document image” and "face image", respectively.
  • the terminal 20A may collectively transmit the confirmation document image and the face image to the server 30A, or may transmit the confirmation document image and the face image individually.
  • step S306 the first receiving unit 301A receives the confirmation document image and the face image from the terminal 20A. That is, the first receiver 301A acquires the first biological information and the third biological information.
  • step S307 the confirmation unit 306A performs identity verification using the confirmation document image and face image received in step S306.
  • the confirmation unit 306A performs identification by, for example, collating the target person's attribute information included in the confirmation document image with the target person's identification information included in the request received in step S301. Further, the confirmation unit 306A performs person authentication by comparing the face image of the subject included in the confirmation document image received in step S306 with the face image received in step S306.
  • the confirmation unit 306A performs matching of face images by, for example, template matching of face images, or acquiring output data output from a machine-learned model.
  • step S308 the first storage control unit 302A determines whether the identity verification of the subject has succeeded. If the personal identification is successful (YES in step S308), the first storage control unit 302A proceeds to the process of step S309. On the other hand, if the identity verification fails (NO in step S308), the first storage control unit 302A skips the processing of steps S309 to S311. When the personal identification fails, the first storage control unit 302A transmits a response to the effect that the personal identification has failed to the service providing server 80 .
  • step S309 the first storage control unit 302A generates a first biometric template representing an image obtained by cutting out the facial photograph portion of the confirmation document image.
  • the first storage control unit 302A stores the generated first template in the first storage device (biological information storage device 40A).
  • step S311 the biometric authentication management unit 305A notifies the service providing server 80 that the personal identification has succeeded.
  • the service providing server 80 transmits a notification indicating completion of the application to the terminal 20A.
  • the terminal 20A After the terminal 20A receives the service application completion notification from the service providing server 80, in order to use FIDO authentication as authentication for using the service, FIDO registration is performed and biometric information for reference is sent to the terminal 20A. It is necessary to register the second biometric information.
  • the service providing server 80 After transmitting the application completion notification to the terminal 20A, the service providing server 80 transmits "information for requesting start of biometric authentication usage registration" to the terminal 20A.
  • the information is, for example, the address of the "biometric authentication use registration page" described in the e-mail.
  • the service provider will confirm whether there are any defects in the application content in order to make the service available to the target person, and after confirmation, the service providing server 80 is used to transmit the above information to the terminal 20A. Since this confirmation may require a period of time, it may take several days to several weeks from the completion of the identity confirmation phase to the start of the use registration phase of authentication.
  • the terminal 20A starts the authentication use registration phase by referring to the “information for requesting start of use registration of biometric authentication” transmitted from the service providing server 80 .
  • FIG. 10 is a flowchart showing the flow of the execution method S4 of the use registration phase of online authentication performed by the information processing system 2A.
  • the target person uses the terminal 20A to perform an operation for requesting the start of registration for use of FIDO authentication.
  • step S ⁇ b>401 the terminal 20 ⁇ /b>A transmits a request to start registration for use of biometric authentication to the service providing server 80 .
  • service providing server 80 Upon receiving the request from terminal 20A, service providing server 80 transmits a request for a face image to terminal 20A in step S402.
  • step S403 the terminal 20A displays a screen for photographing the subject's face.
  • FIG. 13 is a diagram illustrating the screen displayed in step S403.
  • the screen of FIG. 13 includes a guide message for photographing the subject's face, a photographing button, and the like.
  • the subject photographs the subject's face on the screen of FIG.
  • the terminal 20A analyzes the image data generated by shooting and determines whether there is any problem with the image data. For example, if the subject wears a hat, mask, sunglasses, or the like, facial feature points cannot be obtained. Therefore, when the terminal 20A determines that the feature points of the face cannot be acquired, the terminal 20A requests the subject to re-photograph.
  • step S404 the terminal 20A stores the captured face image (second biometric information) in a predetermined memory and transmits the face image to the server 30A.
  • step S406 server 30A receives the face image from terminal 20A.
  • step S407 the matching unit 304A acquires the first biometric information from the biometric information storage device 40A.
  • step S408 the collation unit 304A collates face images. That is, the collation unit 304A collates each of the N (N is a natural number) first biometric information stored in the biometric information storage device 40A with the second biometric information received in step S406.
  • N is a natural number
  • the first biometric information is generated from the facial photograph of the personal identification document, it is verified whether the service applicant and the service user are the same person by matching the facial images. It is possible.
  • step S409 the collation unit 304A determines whether the collation is successful. If the matching is successful (YES in step S409), the matching unit 304A proceeds to the process of step S410. On the other hand, if the collation fails (NO in step S409), collation unit 304A skips steps S410 to S420. Also, when the verification fails, the biometrics management unit 305A transmits a response indicating that the verification has failed to the service providing server 80 .
  • step S410 the first storage control unit 302A deletes the successfully matched first biometric template from the biometric information storage device 40A. That is, when the collation unit 304A succeeds in collation (YES in step S409), the first storage control unit 302A deletes the successfully collated first biometric information from the first storage device.
  • step S411 the biometric authentication management unit 305A transmits to the service providing server 80 a matching result indicating that the matching unit 304 has successfully performed matching.
  • step S412 the service providing server 80 requests registration for use of biometric authentication. That is, the service providing server 80 that has received the collation result transmits a registration request for FIDO authentication to the server 30A, and carries out communication by the challenge-response method.
  • step S413 the server 30A transmits a use registration request (challenge) for FIDO authentication to the terminal 20A via the service providing server 80.
  • the server 30A may directly transmit the registration request to the terminal 20A without going through the service providing server 80.
  • step S414 when the terminal 20A receives the registration request from the server 30A, the terminal 20A generates a second biological template from the second biological information, which is the face image stored in the predetermined memory in step S404.
  • step S415 the terminal 20A stores the second biometric template generated in step S414 in the biometric information storage unit 206A (second storage unit).
  • step S416 the terminal 20A generates a private key and a public key required for FIDO authentication in accordance with the FIDO standard specifications, and stores the private key within the terminal 20A.
  • step S417 the terminal 20A transmits the generated public key to the server 30A via the service providing server 80.
  • the terminal 20A may transmit the public key directly to the server 30A without going through the service providing server 80.
  • step S4108 upon receiving the public key from terminal 20A, server 30A stores the received public key in a predetermined storage device.
  • step S419 the server 30A notifies the terminal 20A via the service providing server 80 of completion of registration.
  • the server 30A may directly transmit the registration completion notification to the terminal 20A without going through the service providing server 80.
  • the terminal 20A performs FIDO authentication in the service provided by the service providing server 80 using the second biometric information stored in the biometric information storage unit 206A.
  • FIG. 14 is a diagram for explaining the retention period of the first biological template.
  • the subject's first biometric template is stored in the first storage device (biometric information storage device 40A). No.
  • the first biometric template is stored in the first storage device when the application for use is completed and when the subject is registered for use of biometric authentication. Further, when the use registration is completed, the first biological template is deleted from the first storage device, and in exchange, the second biological template is stored in the second storage device (biological information storage unit 206A). ing.
  • the storage period of the first biometric template is, at the longest, from when the application for use is completed until immediately before the registration for use of biometric authentication is completed.
  • the number of first biological templates stored in the first storage device does not increase excessively. Therefore, in step S408, the number of first biometric templates to be matched with face images by the matching unit 304A does not increase excessively, which contributes to shortening the matching time of the matching unit 304A.
  • the information processing system 2A temporarily holds the face image (first biometric information) included in the confirmation document used for identity verification of the subject. , when the target person starts using online authentication, the person is authenticated using the first biometric information held. This prevents biometric information of a subject different from the subject whose identity has been verified from being registered as information for online authentication verification.
  • the collation unit 304A succeeds in collation, the successfully collated first biometric information is deleted from the biometric information storage device 40A.
  • the number of pieces of first biometric information stored in the biometric information storage device 40A can be minimized, and the time required for collation can be shortened.
  • the biometric information of the target person is not held on the server side, and the risk of information leakage is reduced.
  • Modification 1 Modification 1
  • the online authentication performed by the information processing system 2A is not limited to that shown in the above-described embodiment, and may be authentication according to other protocols using biometric information.
  • online authentication may be authentication based on server-type biometric authentication in which the second biometric template is stored on the server side.
  • the server 30A instead of the terminal 20A including the biometric information storage unit 206A, the server 30A includes the biometric information storage unit 206A.
  • the second biometric template is stored on the terminal side.
  • Modification 2 In the exemplary embodiment described above, the information processing system 2A performs identity verification and person authentication of the subject in the identity verification phase, but the information processing system 2A performs only identity verification in the identity verification phase, You don't have to authenticate yourself. In this case, the information processing system 2A stores the first biometric information in the biometric information storage device 40A without performing identity verification in the identity verification phase when the identity verification is successful.
  • the information processing system 2A confirmed the identity of the subject by comparing the subject's attribute information included in the confirmation document with the content of the service application. Methods of identification are not limited to those shown in the exemplary embodiments described above.
  • the information processing system 2A may perform identity verification based on documents other than official documents, or may perform identity verification by inquiring other services using information about the subject.
  • the first biometric information is image data representing a confirmation document, but the first biometric information is not limited to that shown in the exemplary embodiment described above.
  • the first biometric information includes the subject's biometric information and information used for identifying the subject, and the subject's biometric information includes, for example, the subject's fingerprint, voiceprint, vein, palmprint, or iris It may contain information representing
  • the second biological information and the third biological information are image data obtained by photographing the face of the subject.
  • the information is not limited to that shown in the exemplary embodiments described above.
  • the second biometric information and the third biometric information may include, for example, information representing the subject's fingerprint, voiceprint, vein, palmprint, or iris.
  • the first biometric information, the second biometric information, and the third biometric information may include information representing at least one of an image of a person's face, a fingerprint, and a voiceprint.
  • the verification unit 306A of the server 30A performs identity verification using the confirmation document image and face image received from the terminal 20A.
  • an administrator or the like of the information processing system 1 may verify the identity of the target person and input the verification result to the information processing system 1 .
  • the first storage control unit 302A determines whether or not the personal identification has succeeded based on the input information indicating the result.
  • Some or all of the functions of the information processing system 1, the terminals 20 and 20A, the servers 30 and 30A, and the service providing server 80 may be realized by hardware such as integrated circuits (IC chips), or by software. You may
  • the information processing system 1, the terminals 20 and 20A, the servers 30 and 30A, and the service providing server 80 are implemented, for example, by computers that execute program instructions that are software that implements each function.
  • An example of such a computer (hereinafter referred to as computer C) is shown in FIG.
  • Computer C comprises at least one processor C1 and at least one memory C2.
  • a program P for operating the computer C as the information processing system 1, the terminals 20 and 20A, the servers 30 and 30A, and the service providing server 80 is recorded in the memory C2.
  • the processor C1 reads the program P from the memory C2 and executes it, thereby implementing the functions of the information processing system 1, the terminals 20 and 20A, the servers 30 and 30A, and the service providing server 80.
  • processor C1 for example, CPU (Central Processing Unit), GPU (Graphic Processing Unit), DSP (Digital Signal Processor), MPU (Micro Processing Unit), FPU (Floating point number Processing Unit), PPU (Physics Processing Unit) , a microcontroller, or a combination thereof.
  • memory C2 for example, a flash memory, HDD (Hard Disk Drive), SSD (Solid State Drive), or a combination thereof can be used.
  • the computer C may further include a RAM (Random Access Memory) for expanding the program P during execution and temporarily storing various data.
  • Computer C may further include a communication interface for sending and receiving data to and from other devices.
  • Computer C may further include an input/output interface for connecting input/output devices such as a keyboard, mouse, display, and printer.
  • the program P can be recorded on a non-temporary tangible recording medium M that is readable by the computer C.
  • a recording medium M for example, a tape, disk, card, semiconductor memory, programmable logic circuit, or the like can be used.
  • the computer C can acquire the program P via such a recording medium M.
  • the program P can be transmitted via a transmission medium.
  • a transmission medium for example, a communication network or broadcast waves can be used.
  • Computer C can also obtain program P via such a transmission medium.
  • (Appendix 1) a first acquisition means for acquiring first biometric information of a subject applying for use of the service; a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject using the first biometric information is successful; a second acquisition of acquiring second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; means and collation means for collating the second biometric information with the first biometric information stored in the first storage device; a second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the collation means succeeds in the collation;
  • An information processing system comprising
  • the first storage control means deletes the successfully verified first biometric information from the first storage device when the verification means succeeds in the verification.
  • the information processing system according to appendix 1.
  • the number of pieces of first biometric information stored in the first storage device can be minimized, and the time required for verification can be shortened.
  • the biometric information of the target person is not held on the server side, and the risk of information leakage is reduced.
  • the first acquisition means acquires the first biological information and the third biological information, Further comprising confirmation means for confirming the identity of the subject using the first biometric information and the third biometric information, The information processing system according to appendix 1 or 2.
  • identity verification using the first biometric information can be more reliably performed using the third biometric information.
  • the biometric authentication is authentication according to the FIDO (fast identity online) protocol,
  • the information processing system according to any one of Appendices 1 to 3.
  • the first biometric information and the second biometric information include information representing at least one of an image of a person's face, a fingerprint, and a voiceprint, 5.
  • the information processing system according to any one of Appendices 1 to 4.
  • (Appendix 6) a first receiving means for receiving, from a terminal, first biometric information of a target person applying for use of the service; a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject using the first biometric information is successful; a second reception for receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; means and collation means for collating the second biometric information with the first biometric information stored in the first storage device; for a terminal having second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the collation means succeeds in the collation; matching result transmission means for transmitting information based on the matching result;
  • a server with
  • Appendix 8 The terminal according to appendix 7, further comprising authentication means for performing biometric authentication of the subject in the service using the second biometric information stored in the second storage device.
  • (Appendix 9) Acquiring first biometric information of a subject applying for use of the service; Storing the first biometric information in a first storage device when identity verification of the subject using the first biometric information is successful; Acquiring second biometric information different from the first biometric information as biometric information for enabling the use of biometric authentication by the subject in the service when the identity verification is successful; collating the second biometric information with the first biometric information stored in the first storage device; storing the second biometric information in a second storage device referred to in the biometric authentication when the verification is successful; Information processing method including.
  • (Appendix 11) Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information to the server; transmitting second biometric information different from the first biometric information to the server as biometric information for enabling the use of biometric authentication by the subject in the service when the identity verification is successful; , storing the second biometric information in a second storage device when the server successfully matches the first biometric information and the second biometric information; Information processing method including.
  • a program for causing a computer to function as an information processing device comprising: a first receiving means for receiving first biometric information of a subject applying for use of the service; a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject using the first biometric information is successful; a second reception for receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; means and collation means for collating the second biometric information with the first biometric information stored in the first storage device; for a terminal having second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the collation means succeeds in the collation; matching result transmission means for transmitting information based on the matching result;
  • a program for causing a computer to function as an information processing device comprising: Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information a first transmission means for transmitting to a server having a first storage control means; transmitting second biometric information different from the first biometric information to the server as biometric information for enabling the use of biometric authentication by the subject in the service when the identity verification is successful; 2 transmitting means; second storage control means for storing the second biometric information in a second storage device when the server succeeds in matching the first biometric information and the second biometric information;
  • processor comprising: a first acquisition process for acquiring first biometric information of a subject applying for use of the service; a first storage control process of storing the first biometric information in a first storage device when identity verification of the subject using the first biometric information is successful; a second acquisition of acquiring second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; processing; a matching process of matching the second biometric information with the first biometric information stored in the first storage device; a second storage control process of storing the second biometric information in a second storage device referred to in the biometric authentication when the matching is successful in the matching process;
  • An information processing system that executes
  • At least one processor said processor comprising: a first reception process for receiving, from a terminal, first biometric information of a target person applying for use of the service; a first storage control process of storing the first biometric information in a first storage device when identity verification of the subject using the first biometric information is successful; a second reception for receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; processing; a matching process of matching the second biometric information with the first biometric information stored in the first storage device; for a terminal having a second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the matching in the matching process is successful; A server that executes matching result transmission processing for transmitting information based on the matching result.
  • the server may further include a memory, in which the first reception processing, the first storage control processing, the second reception processing, the collation processing, A program may be stored for causing the processor to execute the matching result transmission process. Also, this program may be recorded in a computer-readable non-temporary tangible recording medium.
  • At least one processor said processor comprising: Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information a first transmission process of transmitting to a server having a first storage control means; When the identity verification is successful, second biometric information different from the first biometric information is transmitted to the server as biometric information for enabling the subject person to use biometric authentication in the service. a second transmission process; and executing a second storage control process of storing the second biometric information in a second storage device when the server succeeds in matching the first biometric information and the second biometric information. terminal.
  • the terminal may further include a memory, and the memory causes the processor to execute the first transmission process, the second transmission process, and the second storage control process.
  • a program for this may be stored. Also, this program may be recorded in a computer-readable non-temporary tangible recording medium.

Abstract

In order to improve the certainty of preventing an identity fraud that a service applicant and a service user are different, this information processing system (1) comprises: a first acquisition unit (11) for acquiring the first biological information of a subject who applies for the use of a service; a first storage control unit (12) for storing the first biological information in a first storage device when identity confirmation of the subject using the first biological information was successful; a second acquisition unit (13) which, when identity confirmation was successful, acquires second biological information different from the first biological information, as biological information for enabling the use by the subject of biometric authentication in a service; a verification unit (14) for verifying the second biological information against the first biological information stored in the first storage device; and a second storage control unit (15) for storing the second biological information in a second storage unit which is referenced in biometric authentication, when verification by the verification unit (14) was successful.

Description

情報処理システム、サーバ、端末、情報処理方法およびプログラムInformation processing system, server, terminal, information processing method and program
 本発明は、情報処理システム、サーバ、端末、情報処理方法およびプログラムに関する。 The present invention relates to an information processing system, a server, a terminal, an information processing method and a program.
 生体情報を用いて対象者の認証を行う技術が知られている。例えば、特許文献1には、ICカードから顔画像を含む個人情報を読み取り、対象者の顔が写る撮像データと、個人情報に含まれる顔画像とを用いて、対象者の本人確認を行う技術が記載されている。このような技術は、例えば、サービスの利用申し込み時における対象者の本人確認において用いられる。 A technology that uses biometric information to authenticate a subject is known. For example, Patent Literature 1 discloses a technique of reading personal information including a face image from an IC card, and using imaging data showing the face of the subject and the face image included in the personal information to verify the identity of the subject. is described. Such a technique is used, for example, for identity verification of a target person when applying for use of a service.
 特許文献2に記載の装置は、ユーザにより入力されたユーザIDに基づき、生体情報サーバに記憶されているユーザの第1の生体情報を取得する。また、当該技術は、取得した第1の生体情報と、入力装置を介して取得した第2の生体情報とを照合し、照合に成功した場合に、第2の生体情報を、自装置に登録する登録処理を実行する。このような技術は、例えば、サービスの利用時における生体認証を、第2の生体情報を用いて行うために用いられる。 The device described in Patent Document 2 acquires the first biometric information of the user stored in the biometric information server based on the user ID input by the user. In addition, the technology compares the acquired first biometric information with the second biometric information acquired via the input device, and registers the second biometric information in the own device when the matching is successful. Execute the registration process. Such technology is used, for example, to perform biometric authentication using the second biometric information when using a service.
日本国特開2019-050014号公報Japanese Patent Application Laid-Open No. 2019-050014 国際公開第2020/031429号公報International Publication No. 2020/031429
 ここで、特許文献1に記載された技術を用いて本人確認を行ってサービスの利用申し込みを受け付けた場合、その後、サービスの申込者とサービスの利用者とが異なってしまうというなりすましの問題が発生する場合がある。 Here, when an application for use of a service is accepted after personal identification is performed using the technology described in Patent Document 1, a problem of spoofing occurs in that the applicant for the service and the user of the service are different. sometimes.
 また、サービスの利用時における認証用の生体情報を登録する場合、生体情報サーバにあらかじめ第1の生体情報が記憶されていない場合には、引用文献2に記載の技術を用いることができない。また、生体情報サーバに第1の生体情報が記憶されていたとしても、当該第1の生体情報を参照するためにユーザがユーザIDを端末装置に入力するという煩雑な作業が必要であり、ユーザの利便性が損なわれるという問題があった。また、他者がユーザIDを知り得た場合等を考慮すると、なりすましを防止する確実性に改善の余地がある。 Also, when registering biometric information for authentication when using a service, the technique described in Cited Document 2 cannot be used if the first biometric information is not stored in advance in the biometric information server. Moreover, even if the first biometric information is stored in the biometric information server, the user must enter the user ID into the terminal device in order to refer to the first biometric information. There is a problem that the convenience of the In addition, there is room for improvement in the certainty of preventing spoofing, considering the case where the user ID is known by another person.
 本発明の一態様は、上記の問題に鑑みてなされたものであり、その目的の一例は、サービスの申込者とサービスの利用者が異なるというなりすましを、ユーザの利便性を損なうことなく防止する確実性が向上する技術を提供することである。 One aspect of the present invention has been made in view of the above problems, and an example of its purpose is to prevent spoofing that a service applicant is different from a service user without impairing user convenience. It is to provide a technology that improves certainty.
 本発明の一側面に係る情報処理システムは、サービスの利用を申し込む対象者の第1の生体情報を取得する第1の取得手段と、前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段と、前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を取得する第2の取得手段と、前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合手段と、前記照合手段が前記照合に成功した場合、前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段と、を備える。 An information processing system according to one aspect of the present invention includes: a first acquisition unit for acquiring first biometric information of a subject who applies for use of a service; and identity verification of the subject using the first biometric information. a first storage control means for storing the first biometric information in a first storage device if the authentication is successful; a second acquisition means for acquiring second biometric information different from the first biometric information as biometric information for performing the above; the second biometric information; and the biometric information stored in the first storage device. collation means for collating first biometric information; and second storage for storing said second biometric information in a second storage device referred to in said biometric authentication when said collation means succeeds in said collation. and a control means.
 本発明の一側面に係るサーバは、サービスの利用を申し込む対象者の第1の生体情報を端末から受信する第1の受信手段と、前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段と、前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用
を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信する第2の受信手段と、前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合手段と、前記照合手段が前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合手段による照合結果に基づく情報を送信する照合結果送信手段と、を備える。 A server according to one aspect of the present invention includes first receiving means for receiving, from a terminal, first biometric information of a subject who applies for use of a service, and identity verification of the subject using the first biometric information. a first storage control means for storing the first biometric information in a first storage device if the authentication is successful; second receiving means for receiving second biometric information different from the first biometric information as biometric information for performing the above; the second biometric information; and the biometric information stored in the first storage device Verification means for verifying against first biometric information; and second storage for storing the second biometric information in a second storage device referred to in the biometric authentication when the verification means succeeds in the verification. collation result transmission means for transmitting information based on the collation result by the collation means to a terminal having control means.
 本発明の一側面に係る端末は、サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段を有するサーバに送信する第1の送信手段と、前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を、前記サーバに送信する第2の送信手段と、前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶する第2の記憶制御手段と、を備える。 A terminal according to one aspect of the present invention is configured to transmit first biometric information of a target person who applies for use of a service to the first biometric information when identity verification of the target person using the first biometric information is successful. a first transmission means for transmitting information to a server having a first storage control means for storing information in a first storage device; and when the identity verification is successful, the subject person can use biometric authentication in the service. second transmitting means for transmitting second biological information different from the first biological information to the server as biological information for and second storage control means for storing the second biometric information in a second storage device when the matching with the biometric information is successful.
 本発明の一側面に係る情報処理方法は、サービスの利用を申し込む対象者の第1の生体情報を取得すること、前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶すること、前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を取得すること、前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合すること、前記照合に成功した場合、前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶すること、を含む。 An information processing method according to one aspect of the present invention comprises acquiring first biometric information of a subject who applies for use of a service, and when the identity of the subject is successfully verified using the first biometric information, Storing the first biometric information in a first storage device, and storing the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful. Acquiring second biometric information that is different from biometric information, matching the second biometric information with the first biometric information stored in the first storage device, and succeeding in the matching case, storing the second biometric information in a second storage device referred to in the biometric authentication.
 本発明の一側面に係る情報処理方法は、サービスの利用を申し込む対象者の第1の生体情報を受信すること、前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶すること、前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信すること、前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合すること、前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合の結果に基づく情報を送信すること、を含む。 An information processing method according to one aspect of the present invention comprises receiving first biometric information of a subject who applies for use of a service, and when the identity of the subject is successfully verified using the first biometric information, Storing the first biometric information in a first storage device, and storing the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful. receiving second biometric information different from the biometric information, matching the second biometric information with the first biometric information stored in the first storage device, and succeeding in the matching transmitting information based on the result of the verification to a terminal having a second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication in the case of include.
 本発明の一側面に係る情報処理方法は、サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶するサーバに送信すること、前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を前記サーバに送信すること、前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶すること、を含む。 An information processing method according to an aspect of the present invention provides a method of transmitting first biometric information of a target person who applies for use of a service to the first biometric information when identity verification of the target person using the first biometric information is successful. to a server that stores the biometric information in the first storage device, and if the identity verification is successful, the biometric information for enabling the subject person to use biometric authentication in the service, transmitting to the server second biometric information different from the biometric information of the second biometric information when the server succeeds in matching the first biometric information and the second biometric information; storing in a second storage device.
 コンピュータを情報処理装置として機能させるためのプログラムであって、前記コンピュータを、サービスの利用を申し込む対象者の第1の生体情報を受信する第1の受信手段と、前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段と、前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信する第2の受信手段と、前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合手段と、前記照合手段が前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合手段による照合結果に基づく情報を送信する照合結果送信手段と、として機能させることを特徴とする。 A program for causing a computer to function as an information processing device, the computer comprising: first receiving means for receiving first biological information of a subject applying for use of a service; a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject who has been successfully completed; a second receiving means for receiving second biometric information different from the first biometric information as biometric information for enabling use of biometric authentication; the second biometric information; collation means for collating the first biometric information stored in a storage device; and the second biometric information stored in a second storage device referred to in the biometric authentication when the collation is successful by the collation means. collation result transmission means for transmitting information based on the collation result by the collation means to a terminal having a second storage control means for storing the .
 本発明の一側面に係るプログラムは、コンピュータを情報処理装置として機能させるためのプログラムであって、前記コンピュータを、サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段を有するサーバに送信する第1の送信手段と、前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を前記サーバに送信する第2の送信手段と、前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶する第2の記憶制御手段と、として機能させる。 A program according to one aspect of the present invention is a program for causing a computer to function as an information processing device, wherein the computer receives first biometric information of a subject who applies for use of a service, the first biometric information. a first transmission means for transmitting the first biometric information to a server having a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject is successful using the said person; second biometric information different from the first biometric information is transmitted to the server as biometric information for enabling the use of biometric authentication by the subject in the service if the confirmation is successful; transmitting means; and second storage control means for storing the second biometric information in a second storage device when the server succeeds in matching the first biometric information and the second biometric information. , to function as
 本発明の一態様によれば、サービスの申込者とサービスの利用者が異なるというなりすましを、ユーザの利便性を損なうことなく防止する確実性を向上させることができる。 According to one aspect of the present invention, it is possible to improve the certainty of preventing spoofing that the service applicant is different from the service user without impairing the user's convenience.
本発明の例示的実施形態1に係る情報処理システムの構成を示すブロック図である。1 is a block diagram showing the configuration of an information processing system according to exemplary Embodiment 1 of the present invention; FIG. 本発明の例示的実施形態1に係る情報処理方法の流れを示すフロー図である。FIG. 3 is a flow diagram showing the flow of an information processing method according to exemplary embodiment 1 of the present invention; 本発明の例示的実施形態2に係る情報処理システム2の概略的な構成を示すブロック図である。2 is a block diagram showing a schematic configuration of an information processing system 2 according to exemplary Embodiment 2 of the present invention; FIG. 本発明の例示的実施形態2に係る端末の構成を示すブロック図である。FIG. 4 is a block diagram showing the configuration of a terminal according to exemplary embodiment 2 of the present invention; 本発明の例示的実施形態2に係るサーバの構成を示すブロック図である。FIG. 10 is a block diagram showing the configuration of a server according to exemplary embodiment 2 of the present invention; 本発明の例示的実施形態2に係る情報処理方法の流れを示すフロー図である。FIG. 7 is a flow diagram showing the flow of an information processing method according to exemplary embodiment 2 of the present invention; 本発明の例示的実施形態3に係る情報処理システムの構成を示すブロック図である。FIG. 10 is a block diagram showing the configuration of an information processing system according to exemplary Embodiment 3 of the present invention; 本発明の例示的実施形態3に係る端末およびサーバの構成を示すブロック図である。FIG. 10 is a block diagram showing the configuration of a terminal and a server according to exemplary Embodiment 3 of the present invention; 本発明の例示的実施形態3に係る本人確認フェーズの実行方法の流れを示すフロー図である。FIG. 8 is a flow diagram illustrating a method flow for performing an identity verification phase according to illustrative embodiment 3 of the present invention; 本発明の例示的実施形態3に係るオンライン認証の利用登録フェーズの実行方法の流れを示すフロー図である。FIG. 8 is a flow diagram illustrating a method flow for performing a usage registration phase of online authentication according to exemplary embodiment 3 of the present invention; 本発明の例示的実施形態3に係る端末に表示される画面例を示す図である。FIG. 10 is a diagram showing an example of a screen displayed on a terminal according to exemplary embodiment 3 of the present invention; 本発明の例示的実施形態3に係る端末に表示される画面例を示す図である。FIG. 10 is a diagram showing an example of a screen displayed on a terminal according to exemplary embodiment 3 of the present invention; 本発明の例示的実施形態3に係る端末に表示される画面例を示す図である。FIG. 10 is a diagram showing an example of a screen displayed on a terminal according to exemplary embodiment 3 of the present invention; 本発明の例示的実施形態3に係る第1の記憶装置の記憶状態と第2の記憶装置の記憶状態とを示す図である。FIG. 8 is a diagram showing storage states of a first storage device and storage states of a second storage device according to exemplary embodiment 3 of the present invention; 本発明の例示的実施形態1~3に係る情報処理システム、端末、サーバ、またはサービス提供サーバとして機能するコンピュータの構成を示すブロック図である。1 is a block diagram showing the configuration of a computer functioning as an information processing system, terminal, server, or service providing server according to illustrative embodiments 1 to 3 of the present invention; FIG.
 〔例示的実施形態1〕
 本発明の第1の例示的実施形態について、図面を参照して詳細に説明する。本例示的実施形態は、後述する例示的実施形態の基本となる形態である。 [Exemplary embodiment 1]
A first exemplary embodiment of the invention will now be described in detail with reference to the drawings. This exemplary embodiment is the basis for the exemplary embodiments described later.
 <情報処理システムの構成>
 本例示的実施形態に係る情報処理システム1の構成について、図1を参照して説明する。図1は、情報処理システム1の構成を示すブロック図である。図1に示すように、情報処理システム1は、第1の取得部11と、第1の記憶制御部12と、第2の取得部13と、照合部14と、第2の記憶制御部15とを備える。情報処理システム1は、1又は複数の情報処理装置によって構成される。情報処理システム1が複数の装置によって構成される場合、これらの機能ブロックは、複数の装置に分散して配置される。 <Configuration of information processing system>
A configuration of an information processing system 1 according to this exemplary embodiment will be described with reference to FIG. FIG. 1 is a block diagram showing the configuration of an information processing system 1. As shown in FIG. As shown in FIG. 1, the information processing system 1 includes a first acquisition unit 11, a first storage control unit 12, a second acquisition unit 13, a collation unit 14, and a second storage control unit 15. and The information processing system 1 is composed of one or more information processing devices. When the information processing system 1 is composed of a plurality of devices, these functional blocks are distributed and arranged in the plurality of devices.
 第1の取得部11は、請求の範囲に記載した第1の取得手段を実現する構成の一例である。第1の記憶制御部12は、請求の範囲に記載した第1の記憶制御手段を実現する構成の一例である。第2の取得部13は、請求の範囲に記載した第2の取得手段を実現する構成の一例である。照合部14は、請求の範囲に記載した照合手段を実現する構成の一例である。第2の記憶制御部15は、請求の範囲に記載した第2の記憶制御手段を実現する構成の一例である。 The first acquisition unit 11 is an example of a configuration that implements the first acquisition means described in the claims. The first storage control unit 12 is an example of a configuration that implements the first storage control means described in the claims. The second acquisition unit 13 is an example of a configuration that implements the second acquisition means recited in the claims. The collation unit 14 is an example of a configuration that implements collation means described in the claims. The second storage control unit 15 is an example of a configuration that implements the second storage control means described in the claims.
 第1の取得部11は、サービスの利用を申し込む対象者の第1の生体情報を取得する。第1の記憶制御部12は、第1の生体情報を用いた対象者の本人確認に成功した場合、第1の生体情報を第1の記憶装置に記憶する。第2の取得部13は、本人確認に成功した場合、サービスにおいて対象者による生体認証の利用を可能とするための生体情報として、第1の生体情報とは異なる第2の生体情報を取得する。照合部14は、第2の生体情報と、第1の記憶装置に記憶された第1の生体情報とを照合する。第2の記憶制御部15は、照合部14が照合に成功した場合、生体認証において参照される第2の記憶装置に第2の生体情報を記憶する。 The first acquisition unit 11 acquires the first biometric information of the target person who applies to use the service. The first storage control unit 12 stores the first biometric information in the first storage device when the identity verification of the subject using the first biometric information is successful. The second acquisition unit 13 acquires second biometric information different from the first biometric information as biometric information for enabling the use of biometric authentication by the target person in the service when the identity verification is successful. . The collation unit 14 collates the second biometric information with the first biometric information stored in the first storage device. The second storage control unit 15 stores the second biometric information in the second storage device referred to in biometric authentication when the collation unit 14 succeeds in collation.
 (第1の生体情報)
 第1の生体情報は、対象者の生物学的な特徴を表す生体情報を含む。対象者の生体情報は、一例として、対象者の顔画像、指紋、声紋、静脈、掌紋、または虹彩を表す情報である。第1の生体情報は、対象者の本人確認のために用いられる情報であり、一例として、対象者の顔画像が添付された運転免許証またはパスポート等の公文書の読取画像または撮影画像を表すデータである。 (First biological information)
The first biometric information includes biometric information representing biological characteristics of the subject. The subject's biometric information is, for example, information representing the subject's face image, fingerprint, voiceprint, vein, palmprint, or iris. The first biometric information is information used for identity verification of the subject, and represents, for example, a read image or a photographed image of an official document such as a driver's license or passport to which the subject's face image is attached. Data.
 (第2の生体情報)
 第2の生体情報は、対象者の生物学的な特徴を表す生体情報を含む。第2の生体情報は、一例として、オンライン認証における照合用の情報として登録される。第2の生体情報は、一例として、対象者の顔を撮影した画像を表すデータである。 (Second biological information)
The second biometric information includes biometric information representing the biological characteristics of the subject. The second biometric information is, for example, registered as information for verification in online authentication. The second biological information is, for example, data representing an image of the subject's face.
 (生体認証)
 生体認証は、対象者の生体情報を用いた認証である。生体認証には、一例として、指紋を表す画像または顔画像に対するテンプレートマッチング法、特徴点抽出法、周波数解析法、等が用いられる。また、生体認証は、機械学習された学習済モデルにより対象者を判別するものであってもよい。なお、本例示的実施形態に係る生体認証は、これらの手法を用いるものに限られず、他の手法を用いる生体認証であってもよい。 (biometric authentication)
Biometric authentication is authentication using a subject's biometric information. For biometric authentication, for example, a template matching method for an image representing a fingerprint or a face image, a feature point extraction method, a frequency analysis method, and the like are used. In addition, biometric authentication may discriminate a subject using a machine-learned model. The biometric authentication according to this exemplary embodiment is not limited to those using these methods, and may be biometric authentication using other methods.
 <情報処理方法の流れ>
 以上のように構成された情報処理システム1が実行する情報処理方法S1の流れについて、図2を参照して説明する。図2は、情報処理方法S1の流れを示すフロー図である。 <Flow of information processing method>
The flow of the information processing method S1 executed by the information processing system 1 configured as described above will be described with reference to FIG. FIG. 2 is a flow diagram showing the flow of the information processing method S1.
 (第1の取得工程S11)
 第1の取得工程S11(第1の取得処理)において、第1の取得部11は、サービスの利用を申し込む対象者の第1の生体情報を取得する。第1の取得部11は、一例として、第1の生体情報を、ネットワークを介して接続された装置から取得してもよく、また、メモリから読み込むことにより取得してもよい。例えば第1の生体情報が対象者の運転免許証の撮影画像である場合、第1の取得部11は、一例として、カメラが撮影した運転免許証の画像を表す画像データを第1の生体情報として取得する。また、第1の生体情報が顔画像である場合、第1の取得部11は、一例として、カメラが撮影した顔画像を表す画像データを第1の生体情報として取得する。また、第1の生体情報が指紋を表す情報である場合、第1の取得部11は、一例として、光学式センサ、静電容量式センサ、電界式センサ、感熱式センサ、感圧式センサ、等のセンサにより読み取られた画像を表すデータを取得する。 (First acquisition step S11)
In a first acquisition step S11 (first acquisition process), the first acquisition unit 11 acquires first biometric information of a subject who applies for use of the service. For example, the first acquisition unit 11 may acquire the first biometric information from a device connected via a network, or may acquire the first biometric information by reading it from a memory. For example, if the first biometric information is a photographed image of a driver's license of a subject, the first acquisition unit 11, for example, acquires the image data representing the image of the driver's license photographed by the camera as the first biometric information. to get as Further, when the first biometric information is a facial image, the first acquiring unit 11 acquires image data representing the facial image captured by the camera as the first biometric information, for example. Further, when the first biometric information is information representing a fingerprint, the first acquisition unit 11 may be, for example, an optical sensor, a capacitance sensor, an electric field sensor, a thermal sensor, a pressure sensor, or the like. to obtain data representing an image read by the sensor of .
 (第1の記憶制御工程S12)
 第1の記憶制御工程S12(第1の記憶制御処理)において、第1の記憶制御部12は、第1の生体情報を用いた対象者の本人確認に成功した場合、第1の生体情報を第1の記憶装置に記憶する。情報処理システム1が第1の生体情報を用いた対象者の本人確認を行ってもよく、また、他の装置が本人確認を行ってもよい。また、情報処理システム1の管理者等が対象者の本人確認を行い、確認の結果を情報処理システム1に入力してもよい。この場合、第1の記憶制御部12は、入力された結果を示す情報に基づき、本人確認に成功したか否かを判別する。 (First memory control step S12)
In the first storage control step S12 (first storage control process), the first storage control unit 12 stores the first biometric information when the identity verification of the subject using the first biometric information is successful. Store in the first storage device. The information processing system 1 may perform the identity verification of the subject using the first biometric information, or another device may perform the identity verification. Alternatively, an administrator or the like of the information processing system 1 may verify the identity of the subject and input the verification result to the information processing system 1 . In this case, the first storage control unit 12 determines whether or not the personal identification has succeeded based on the information indicating the input result.
 (第2の取得工程S13)
 第1の生体情報を用いた対象者の本人確認に成功した場合、第2の取得工程S13において、第2の取得部13は、サービスにおいて対象者による生体認証の利用を可能とするための生体情報として、第1の生体情報とは異なる第2の生体情報を取得する。第2の取得部13は、一例として、第2の生体情報を、ネットワークを介して接続された装置から取得してもよく、また、メモリから読み込むことにより取得してもよい。第2の生体情報が顔画像である場合、第2の取得部13は、一例として、カメラが撮影した顔画像を表す画像データを第2の生体情報として取得する。また、第2の生体情報が指紋を表す情報である場合、第2の取得部13は、一例として、光学式センサ、静電容量式センサ、電界式センサ、感熱式センサ、感圧式センサ、等のセンサにより読み取られた画像を表すデータを取得する。 (Second acquisition step S13)
If the subject's identity verification using the first biometric information is successful, in the second acquisition step S13, the second acquisition unit 13 collects the biometric information for enabling the subject to use biometric authentication in the service. As information, second biometric information different from the first biometric information is acquired. For example, the second acquisition unit 13 may acquire the second biometric information from a device connected via a network, or may acquire the second biometric information by reading it from a memory. When the second biometric information is a facial image, the second acquiring unit 13 acquires image data representing the facial image captured by the camera as the second biometric information, for example. Further, when the second biometric information is information representing a fingerprint, the second acquisition unit 13 may be, for example, an optical sensor, a capacitance sensor, an electric field sensor, a thermal sensor, a pressure sensor, or the like. to obtain data representing an image read by the sensor of .
 (照合工程S14)
 照合工程S14において、照合部14は、第2の生体情報と、第1の記憶装置に記憶された第1の生体情報とを照合する。照合部14は、一例として、指紋を表す画像または顔画像のテンプレートマッチング法、特徴点抽出法、周波数解析法、等により照合する。また、照合部14は、一例として、機械学習により学習された学習済モデルにより照合結果を判別してもよい。 (Collation step S14)
In the collation step S14, the collation unit 14 collates the second biometric information with the first biometric information stored in the first storage device. For example, the matching unit 14 performs matching using an image representing a fingerprint or a face image template matching method, a feature point extraction method, a frequency analysis method, or the like. In addition, as an example, the matching unit 14 may determine the matching result using a learned model learned by machine learning.
 (第2の記憶制御工程S15)
 第2の記憶制御工程S15において、第2の記憶制御部15は、照合部14が照合に成功した場合、生体認証において参照される第2の記憶装置に第2の生体情報を記憶する。第2の記憶制御部15は、一例として、ネットワークを介して接続された第2の記憶装置に第2の生体情報を記憶してもよい。 (Second memory control step S15)
In the second storage control step S15, the second storage control unit 15 stores the second biometric information in the second storage device referred to in biometric authentication when the matching unit 14 succeeds in matching. As an example, the second storage control unit 15 may store the second biological information in a second storage device connected via a network.
 <本例示的実施形態の効果>
 以上のように、本例示的実施形態に係る情報処理システム1においては、サービスの利用を申し込む対象者の第1の生体情報を取得し、第1の生体情報を用いた対象者の本人確認に成功した場合、第1の生体情報を第1の記憶装置に記憶し、本人確認に成功した場合、サービスにおいて対象者による生体認証の利用を可能とするための生体情報として、第1の生体情報とは異なる第2の生体情報を取得し、第2の生体情報と、第1の記憶装置に記憶された第1の生体情報とを照合し、照合に成功した場合、生体認証において参照される第2の記憶装置に第2の生体情報を記憶する構成が採用されている。上記構成によれば、サービスの申込において得た第1の生体情報と、当該サービスにおける生体認証の利用を可能とするために得た第2の生体情報とを用いるだけでよく、ユーザIDと紐付けられた第1の生体情報が事前に記憶されたサーバを必要としない。その結果、サービスの申込者とサービスの利用者が異なるというなりすましを、ユーザの利便性を損なうことなく防止する確実性が向上するという効果が得られる。 <Effects of this exemplary embodiment>
As described above, in the information processing system 1 according to the present exemplary embodiment, the first biometric information of the subject who applies for the use of the service is acquired, and the identification of the subject is performed using the first biometric information. If successful, the first biometric information is stored in the first storage device, and if the identity verification is successful, the first biometric information is stored as biometric information for enabling the subject person to use biometric authentication in the service. acquire second biometric information different from the first biometric information, compare the second biometric information with the first biometric information stored in the first storage device, and refer to biometric authentication if the collation is successful A configuration is adopted in which the second biometric information is stored in the second storage device. According to the above configuration, it is only necessary to use the first biometric information obtained when applying for the service and the second biometric information obtained to enable the use of biometric authentication in the service, and the user ID and the link are used. It does not require a server in which the attached first biometric information is stored in advance. As a result, it is possible to obtain the effect of improving the certainty of preventing spoofing that the applicant of the service and the user of the service are different without impairing the user's convenience.
 〔例示的実施形態2〕
 本発明の例示的実施形態2について、図面を参照して詳細に説明する。なお、例示的実施形態1にて説明した構成要素と同じ機能を有する構成要素については、同じ符号を付し、その説明を適宜省略する。本例示的実施形態は、例示的実施形態1に係る情報処理システム1を複数の装置で構成した形態である。 [Exemplary embodiment 2]
Exemplary embodiment 2 of the present invention will be described in detail with reference to the drawings. Components having the same functions as the components described in the exemplary embodiment 1 are denoted by the same reference numerals, and descriptions thereof are omitted as appropriate. This exemplary embodiment is a form in which the information processing system 1 according to exemplary embodiment 1 is configured with a plurality of devices.
 <情報処理システムの構成>
 本例示的実施形態に係る情報処理システム2の構成について、図3を参照して説明する。図3は、情報処理システム2の概略的な構成を示すブロック図である。図3に示すように、情報処理システム2は、端末20と、サーバ30とを含む。端末20およびサーバ30は、ネットワークを介して互いに通信可能に接続される。ネットワークは、例えば、無線LAN、有線LAN、モバイルデータ通信ネットワーク、インターネット、又はこれらの一部又は全部の組み合わせによって構成される。 <Configuration of information processing system>
The configuration of the information processing system 2 according to this exemplary embodiment will be described with reference to FIG. FIG. 3 is a block diagram showing a schematic configuration of the information processing system 2. As shown in FIG. As shown in FIG. 3 , the information processing system 2 includes a terminal 20 and a server 30 . Terminal 20 and server 30 are communicably connected to each other via a network. The network is composed of, for example, a wireless LAN, a wired LAN, a mobile data communication network, the Internet, or a combination of some or all of these.
 <端末の構成>
 端末20の構成について、図4を参照して説明する。図4は、端末20の構成を示すブロック図である。端末20は、第1の送信部201、第2の送信部202、および第2の記憶制御部203を備える。第1の送信部201は、請求の範囲に記載した第1の送信手段を実現する構成の一例である。第2の送信部202は、請求の範囲に記載した第2の送信手段を実現する構成の一例である。第2の記憶制御部203は、請求の範囲に記載した第2の記憶制御手段を実現する構成の一例である。 <Device configuration>
A configuration of the terminal 20 will be described with reference to FIG. FIG. 4 is a block diagram showing the configuration of the terminal 20. As shown in FIG. Terminal 20 includes first transmission section 201 , second transmission section 202 , and second storage control section 203 . The first transmission unit 201 is an example of a configuration that implements the first transmission means recited in the claims. The second transmission unit 202 is an example of a configuration that implements the second transmission means described in the claims. The second storage control unit 203 is an example of a configuration that implements the second storage control means described in the claims.
 第1の送信部201は、サービスの利用を申し込む対象者の第1の生体情報をサーバ30に送信する。サーバ30は、後述するとおり、第1の生体情報を用いた対象者の本人確認に成功した場合に第1の生体情報を第1の記憶装置に記憶する第1の記憶制御部302を有する。第2の送信部202は、第1の生体情報を用いた本人確認に成功した場合、サービスにおいて対象者による生体認証の利用を可能とするための生体情報として、第1の生体情報とは異なる第2の生体情報を、サーバ30に送信する。第2の記憶制御部203は、サーバ30が第1の生体情報と第2の生体情報との照合に成功した場合、第2の生体情報を第2の記憶装置に記憶する。 The first transmission unit 201 transmits to the server 30 the first biometric information of the target person who applies for the service. As will be described later, the server 30 has a first storage control unit 302 that stores the first biometric information in the first storage device when the identification of the subject using the first biometric information is successful. When the identity verification using the first biometric information is successful, the second transmission unit 202 uses the biometric information different from the first biometric information as the biometric information for enabling the use of biometric authentication by the target person in the service. The second biometric information is transmitted to the server 30 . The second storage control unit 203 stores the second biometric information in the second storage device when the server 30 successfully matches the first biometric information and the second biometric information.
 <サーバの構成>
 サーバ30の構成について、図5を参照して説明する。図5は、サーバ30の構成を示すブロック図である。サーバ30は、第1の受信部301、第1の記憶制御部302、第2の受信部303、照合部304、および照合結果送信部305を備える。第1の受信部301は、請求の範囲に記載した第1の受信手段を実現する構成の一例である。第1の記憶制御部302は、請求の範囲に記載した第1の記憶制御手段を実現する構成の一例である。第2の受信部303は、請求の範囲に記載した第2の受信手段を実現する構成の一例である。照合部304は、請求の範囲に記載した照合手段を実現する構成の一例である。照合結果送信部305は、請求の範囲に記載した照合結果送信手段を実現する構成の一例である。 <Server configuration>
A configuration of the server 30 will be described with reference to FIG. FIG. 5 is a block diagram showing the configuration of the server 30. As shown in FIG. The server 30 includes a first reception section 301 , a first storage control section 302 , a second reception section 303 , a collation section 304 and a collation result transmission section 305 . The first receiving section 301 is an example of a configuration that implements the first receiving means described in the claims. The first storage control unit 302 is an example of a configuration that implements the first storage control means described in the claims. The second receiving section 303 is an example of a configuration that implements the second receiving means described in the claims. The collation unit 304 is an example of a configuration that implements collation means described in the claims. The collation result transmission unit 305 is an example of a configuration that implements the collation result transmission unit described in the claims.
 第1の受信部301は、サービスの利用を申し込む対象者の第1の生体情報を端末20から受信する。第1の記憶制御部302は、第1の生体情報を用いた対象者の本人確認に成功した場合、第1の生体情報を第1の記憶装置に記憶する。第2の受信部303は、本人確認に成功した場合、サービスにおいて対象者による生体認証の利用を可能とするための生体情報として、第1の生体情報とは異なる第2の生体情報を受信する。照合部304は、第2の生体情報と、第1の記憶装置に記憶された第1の生体情報とを照合する。照合結果送信部305は、端末20に対して、照合部304による照合結果に基づく情報を送信する。端末20は、上述のとおり、照合部304が照合に成功した場合に生体認証において参照される第2の記憶装置に第2の生体情報を記憶する第2の記憶制御部203を有する。照合結果に基づく情報は、一例として、照合が成功した旨を示す情報、または、照合に失敗した旨を示す情報である。 The first receiving unit 301 receives from the terminal 20 the first biometric information of the target person who applies for the use of the service. The first storage control unit 302 stores the first biometric information in the first storage device when the identity verification of the subject using the first biometric information is successful. When the identity verification is successful, the second receiving unit 303 receives second biometric information different from the first biometric information as biometric information for enabling the use of biometric authentication by the target person in the service. . A collation unit 304 collates the second biometric information with the first biometric information stored in the first storage device. The matching result transmission unit 305 transmits information based on the matching result by the matching unit 304 to the terminal 20 . As described above, the terminal 20 has the second storage control unit 203 that stores the second biometric information in the second storage device that is referred to in biometric authentication when the matching unit 304 succeeds in matching. Information based on the matching result is, for example, information indicating that the matching was successful or information indicating that the matching was unsuccessful.
 <情報処理方法の流れ>
 以上のようにして構成された情報処理システム2が実行する情報処理方法S2の流れについて、図6を参照して説明する。図6は、情報処理方法S2の流れを示すフロー図である。 <Flow of information processing method>
The flow of the information processing method S2 executed by the information processing system 2 configured as described above will be described with reference to FIG. FIG. 6 is a flowchart showing the flow of the information processing method S2.
 (第1の送信工程S201・第1の受信工程S202)
 第1の送信工程S201(第1の送信処理)において、第1の送信部201は、サービスの利用を申し込む対象者の第1の生体情報をサーバ30に送信する。第1の受信工程S202(第1の受信処理)において、第1の受信部301は、第1の生体情報を端末20から受信する。 (First transmission step S201/first reception step S202)
In a first transmission step S<b>201 (first transmission processing), the first transmission unit 201 transmits to the server 30 first biometric information of a subject who applies for use of the service. In a first receiving step S<b>202 (first receiving process), the first receiving unit 301 receives first biological information from the terminal 20 .
 (第1の記憶制御工程S203)
 第1の記憶制御工程S203(第1の記憶制御処理)において、第1の記憶制御部302は、第1の生体情報を用いた対象者の本人確認に成功した場合、第1の生体情報を第1の記憶装置に記憶する。 (First memory control step S203)
In the first storage control step S203 (first storage control process), the first storage control unit 302 stores the first biometric information when the identity verification of the subject using the first biometric information is successful. Store in the first storage device.
 (第2の送信工程S204・第2の受信工程S205)
 第1の生体情報を用いた本人確認に成功した場合、第2の送信工程S204(第2の送信処理)において、第2の送信部202は、サービスにおいて対象者による生体認証の利用を可能とするための生体情報として、第1の生体情報とは異なる第2の生体情報を、サーバ30に送信する。第2の受信工程S205において、第2の受信部303は、端末20から第2の生体情報を受信する。 (Second transmission step S204/second reception step S205)
If the identity verification using the first biometric information is successful, in the second transmission step S204 (second transmission processing), the second transmission unit 202 enables the subject person to use biometric authentication in the service. Second biometric information, which is different from the first biometric information, is transmitted to the server 30 as the biometric information for performing this. In the second receiving step S<b>205 , the second receiving unit 303 receives second biological information from the terminal 20 .
 (照合工程S206・照合結果送信工程S207)
 照合工程S206(照合処理)において、照合部304は、第2の受信部303が受信した第2の生体情報と、第1の記憶装置に記憶された第1の生体情報とを照合する。照合結果送信工程S207(照合結果送信処理)において、照合結果送信部305は、端末20に対して、照合部304による照合結果に基づく情報を送信する。 (Verification step S206/Verification result transmission step S207)
In the matching step S206 (matching process), the matching unit 304 matches the second biometric information received by the second receiving unit 303 with the first biometric information stored in the first storage device. In the matching result transmission step S<b>207 (matching result transmission process), the matching result transmitting unit 305 transmits information based on the matching result by the matching unit 304 to the terminal 20 .
 (第2の記憶制御工程S208)
 第2の記憶制御工程S208(記憶制御処理)において、第2の記憶制御部203は、サーバ30が第1の生体情報と第2の生体情報との照合に成功した場合、第2の生体情報を第2の記憶装置に記憶する。 (Second storage control step S208)
In the second storage control step S208 (storage control processing), the second storage control unit 203 stores the second biometric information when the server 30 succeeds in matching the first biometric information and the second biometric information. is stored in the second storage device.
 <本例示的実施形態の効果>
 以上のように、本例示的実施形態に係るサーバ30においては、サービスの利用を申し込む対象者の第1の生体情報を端末から受信し、第1の生体情報を用いた対象者の本人確認に成功した場合、第1の生体情報を第1の記憶装置に記憶し、本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信し、第2の生体情報と、第1の記憶装置に記憶された前記第1の生体情報とを照合し、照合に成功した場合に端末20に対して照合結果に基づく情報を送信する構成が採用されている。上記構成によれば、サービスの申込において端末から得た第1の生体情報と、当該サービスにおける生体認証の利用を可能とするために端末から得た第2の生体情報とを用いるだけでよく、ユーザIDと紐付けられた第1の生体情報が事前に記憶されたサーバを必要としない。その結果、サービスの申込者とサービスの利用者が異なるというなりすましを、ユーザの利便性を損なうことなく防止する確実性が向上するという効果が得られる。 <Effects of this exemplary embodiment>
As described above, in the server 30 according to the present exemplary embodiment, the first biometric information of the subject who applies for the service is received from the terminal, and the identification of the subject is performed using the first biometric information. If successful, the first biometric information is stored in the first storage device, and if the identity verification is successful, the first biometric information is stored as the biometric information for enabling the subject person to use biometric authentication in the service. receives second biometric information different from the biometric information of the terminal 20, compares the second biometric information with the first biometric information stored in the first storage device, and if the matching is successful, the terminal 20 A configuration is adopted in which information based on the collation result is transmitted to. According to the above configuration, it is only necessary to use the first biometric information obtained from the terminal when applying for the service and the second biometric information obtained from the terminal to enable the use of biometric authentication in the service, A server in which the first biometric information associated with the user ID is stored in advance is not required. As a result, it is possible to obtain the effect of improving the certainty of preventing spoofing that the applicant of the service and the user of the service are different without impairing the user's convenience.
 また、本例示的実施形態に係る端末20においては、サービスの利用を申し込む対象者の第1の生体情報をサーバ30に送信し、対象者の本人確認に成功した場合、サービスにおいて対象者による生体認証の利用を可能とするための生体情報として、第1の生体情報とは異なる第2の生体情報を、サーバ30に送信し、サーバ30が第1の生体情報と第2の生体情報との照合に成功した場合、第2の生体情報を第2の記憶装置に記憶する構成が採用されている。上記構成によれば、端末は、サービスの申込において第1の生体情報を送信し、当該サービスにおける生体認証の利用を可能とするために第2の生体情報を送信するだけでよく、ユーザIDを取得してサーバに送信する必要がない。その結果、サービスの申込者とサービスの利用者が異なるというなりすましを、ユーザの利便性を損なうことなく防止する確実性が向上するという効果が得られる。 In addition, in the terminal 20 according to the present exemplary embodiment, the first biometric information of the target person applying for the service is transmitted to the server 30, and if the target person's identity is successfully verified, the service uses the biometric information of the target person. Second biometric information different from the first biometric information is transmitted to the server 30 as biometric information for enabling the use of authentication, and the server 30 compares the first biometric information and the second biometric information. A configuration is adopted in which the second biometric information is stored in the second storage device when the collation is successful. According to the above configuration, the terminal only needs to transmit the first biometric information when applying for a service, and transmit the second biometric information to enable the use of biometric authentication in the service. No need to fetch and send to the server. As a result, it is possible to obtain the effect of improving the certainty of preventing spoofing that the applicant of the service and the user of the service are different without impairing the user's convenience.
 〔例示的実施形態3〕
 本発明の例示的実施形態3について、図面を参照して詳細に説明する。なお、例示的実施形態1~2にて説明した構成要素と同じ機能を有する構成要素については、同じ符号を付記し、その説明を繰り返さない。 [Exemplary embodiment 3]
Exemplary embodiment 3 of the present invention will be described in detail with reference to the drawings. Components having the same functions as those described in exemplary embodiments 1 and 2 are denoted by the same reference numerals, and description thereof will not be repeated.
 図7は、本例示的実施形態に係る情報処理システム2Aの構成を示すブロック図である。情報処理システム2Aは、サービス事業者が提供するサービスを利用するエンドユーザの本人確認、および、生体認証を用いたオンライン認証を行うシステムである。サービス事業者が提供するサービスは、一例として、インターネットにより振込等を行うインターネットバンキング、カーシェアリングサービス、SIMカード(Subscriber Identity Module Card)を用いた携帯電話端末による音声通話サービスである。本人確認は、一例として、対象者がインターネットバンキングの口座の開設、カーシェアリングの利用申し込み、または、SIMカードの購入を行う際に行われる。オンライン認証は、一例として、オンラインによる振込、カーシェアリングにおける車の利用、SIMカードを用いた音声通話、等のサービスを対象者が利用する際に行われる。 FIG. 7 is a block diagram showing the configuration of an information processing system 2A according to this exemplary embodiment. The information processing system 2A is a system that performs identity verification of end users who use services provided by service providers and online authentication using biometric authentication. Examples of services provided by service providers include internet banking, car sharing services, and voice call services using mobile phone terminals using SIM cards (Subscriber Identity Module Cards). Personal identification is performed, for example, when a target person opens an Internet banking account, applies for car sharing, or purchases a SIM card. Online authentication is performed, for example, when a target person uses services such as online money transfer, use of a car in car sharing, voice communication using a SIM card, and the like.
 情報処理システム2Aは、エンドユーザの本人確認をeKYC(electronic Know Your Costomer)で行うとともに、上記サービスを利用するためのオンライン認証としてFIDO(Fast IDentity Online)のプロトコルに従った認証(以下、「FIDO認証」という)を行う。eKYCはオンラインなどの非対面で本人確認を行う技術である。FIDOは、エンドユーザの生体認証を端末側で行う認証技術である。以下の説明では、情報処理システム2Aのエンドユーザを「対象者」ともいう。 The information processing system 2A performs identity verification of the end user by eKYC (electronic Know Your Consumer), and performs authentication according to the FIDO (Fast IDentity Online) protocol as online authentication for using the above service (hereinafter referred to as "FIDO authentication). eKYC is a technology for non-face-to-face identity verification such as online. FIDO is an authentication technology that performs end-user biometric authentication on the terminal side. In the following description, the end user of the information processing system 2A is also called "subject".
 (本人確認)
 本人確認は、申告する対象者が本人であることを確認することであり、対象者の身元確認、および当人認証を含む。身元確認は、対象者の実在性の確認であり、一例として、申告された氏名、住所等の属性情報が正しいことを公文書等により確認することである。当人認証は、対象者が申告した本人であることを認証要素(知識、所持、生体、等)により確認することをいう。 (Identification)
Identity confirmation is to confirm that the person to be declared is the person himself/herself, and includes identification of the person to be identified and authentication of the person himself/herself. Identity confirmation is confirmation of the existence of a subject, and for example, confirmation through official documents that attribute information such as declared name and address is correct. Identity authentication means confirming that the subject person is the person who declared it by means of authentication factors (knowledge, possession, biometrics, etc.).
 情報処理システム2Aは、端末20A、サーバ30A、生体情報記憶装置40A、およびサービス提供サーバ80を含む。端末20A、サーバ30Aおよびサービス提供サーバ80は、ネットワークを介して互いに通信可能に接続される。ネットワークは、例えば、無線LAN、有線LAN、モバイルデータ通信ネットワーク、インターネット、又はこれらの一部又は全部の組み合わせによって構成される。なお、図6には、1つの端末20Aを図示しているが、端末20Aの数は1に限定されない。 The information processing system 2A includes a terminal 20A, a server 30A, a biometric information storage device 40A, and a service providing server 80. The terminal 20A, the server 30A and the service providing server 80 are communicably connected to each other via a network. The network is composed of, for example, a wireless LAN, a wired LAN, a mobile data communication network, the Internet, or a combination of some or all of these. Although one terminal 20A is illustrated in FIG. 6, the number of terminals 20A is not limited to one.
 端末20Aは、対象者が利用する端末であり、例えばラップトップコンピュータ、テスクトップコンピュータ、タブレット端末、またはスマートフォンである。サーバ30Aは、対象者の本人確認およびオンライン認証を行う装置である。サーバ30Aは、1台の装置であってもよく、また、複数の装置が協働することにより実現されてもよい。 The terminal 20A is a terminal used by the subject, such as a laptop computer, desktop computer, tablet terminal, or smart phone. The server 30A is a device that performs identity verification and online authentication of a subject. Server 30A may be a single device, or may be implemented by a plurality of devices working together.
 生体情報記憶装置40Aは、第1の生体情報を記憶する装置である。生体情報記憶装置40Aは、サーバ30Aに内蔵されていてもよく、また、サーバ30Aと入出力インタフェースまたは通信インタフェースにより接続された別体の装置であってもよい。サービス提供サーバ80は、顧客のサービスを提供するためのサーバである。 The biometric information storage device 40A is a device that stores first biometric information. The biological information storage device 40A may be built in the server 30A, or may be a separate device connected to the server 30A via an input/output interface or a communication interface. The service providing server 80 is a server for providing customer services.
 <端末の構成>
 図8は、端末20Aおよびサーバ30Aの構成を示すブロック図である。端末20Aは、第1の送信部201A、第2の送信部202A、第2の記憶制御部203A、生体情報記憶部206A、認証部207A、および撮影部208Aを備える。 <Device configuration>
FIG. 8 is a block diagram showing configurations of the terminal 20A and the server 30A. The terminal 20A includes a first transmission section 201A, a second transmission section 202A, a second memory control section 203A, a biometric information storage section 206A, an authentication section 207A, and an imaging section 208A.
 第1の送信部201Aは、対象者の第1の生体情報をサーバ30Aに送信する。第2の送信部202Aは、サーバ30Aが対象者の本人確認に成功した場合、オンライン認証において参照される照合用データとなる第2の生体情報をサーバ30Aに送信する。第2の記憶制御部203Aは、第2の生体情報を生体情報記憶部206Aに記憶する。生体情報記憶部206Aは、第2の生体情報を記憶する記憶装置であり、請求の範囲に記載した第2の記憶装置を実現する構成の一例である。 The first transmission unit 201A transmits the first biological information of the subject to the server 30A. When the server 30A successfully verifies the identity of the target person, the second transmission unit 202A transmits to the server 30A the second biometric information, which serves as verification data referred to in online authentication. The second storage control unit 203A stores the second biometric information in the biometric information storage unit 206A. The biometric information storage unit 206A is a storage device that stores second biometric information, and is an example of a configuration that implements the second storage device described in the claims.
 認証部207Aは、生体情報記憶部206Aに記憶された第2の生体情報を用いた認証を行う。認証部207Aが行う認証は、一例として、FIDOのプロトコルに従った認証である。撮影部208Aは、対象者を撮影する撮影装置である。 The authentication unit 207A performs authentication using the second biometric information stored in the biometric information storage unit 206A. The authentication performed by the authentication unit 207A is, for example, authentication according to the FIDO protocol. The photographing unit 208A is a photographing device that photographs a subject.
 本例示的実施形態において、第1の生体情報は、対象者の顔写真が付された公文書を撮影した画像データ、または公文書を読み取った画像データである。すなわち、第1の生体情報は、対象者の生体情報を含むとともに、対象者の身元確認に用いる情報を含む。以下では、対象者の顔写真が付された公文書を「確認書類」ともいう。確認書類は、例えば、運転免許証、パスポート、在留カード、マイナンバーカードである。対象者の身元確認に用いる情報は、一例として、対象者の住所、氏名、電話番号、または生年月日を表す情報を含む。また、本例示的実施形態において、第2の生体情報は、対象者の顔を撮影した画像データである。 In this exemplary embodiment, the first biometric information is image data obtained by photographing an official document to which the subject's facial photograph is attached, or image data obtained by reading the official document. That is, the first biometric information includes biometric information of the subject and information used for identification of the subject. Below, the official document to which the target person's face photo is attached is also referred to as "confirmation document". Confirmation documents are, for example, a driver's license, passport, residence card, and my number card. Information used for identification of the subject includes, for example, information representing the subject's address, name, telephone number, or date of birth. Also, in this exemplary embodiment, the second biometric information is image data obtained by photographing the subject's face.
 <サーバの構成>
 サーバ30Aは、第1の受信部301A、第1の記憶制御部302A、第2の受信部303A、照合部304A、生体認証管理部305A、および確認部306Aを備える。生体認証管理部305Aは、請求の範囲に記載した照合結果送信手段を実現する構成の一例である。確認部306Aは、請求の範囲に記載した確認手段を実現する構成の一例である。 <Server configuration>
The server 30A includes a first receiving section 301A, a first storage control section 302A, a second receiving section 303A, a matching section 304A, a biometric authentication management section 305A, and a confirmation section 306A. 305 A of biometrics management parts are an example of the structure which implement|achieves the collation result transmission means described in the claim. 306 A of confirmation parts are an example of the structure which implement|achieves the confirmation means described in the claim.
 第1の受信部301Aは、対象者の第1の生体情報と第3の生体情報とを端末20Aから受信する。第1の記憶制御部302Aは、第1の生体情報を生体情報記憶装置40Aに記憶する。第2の受信部303Aは、第2の生体情報を受信する。照合部304Aは、生体情報記憶装置40Aに記憶された第1の生体情報と、第2の受信部303Aが受信した第2の生体情報とを照合する。生体認証管理部305Aは、照合部304による照合結果に基づく情報を端末20に送信する。確認部306Aは、第1の生体情報および第3の生体情報を用いて対象者の本人確認を行う。 The first receiving unit 301A receives the first biological information and the third biological information of the subject from the terminal 20A. The first storage control unit 302A stores the first biometric information in the biometric information storage device 40A. The second receiver 303A receives the second biological information. 304 A of collation parts collate the 1st biometric information memorize|stored in 40 A of biometric information storages, and the 2nd biometric information which 303 A of 2nd receiving parts received. 305 A of biometrics management parts transmit the information based on the collation result by the collation part 304 to the terminal 20. FIG. Confirmation unit 306A performs identity verification of the subject using the first biometric information and the third biometric information.
 <情報処理方法の流れ>
 以上のように構成された情報処理システム2Aが実行する情報処理方法の流れについて、図面を参照しつつ説明する。情報処理システム2Aが行う情報処理方法は、(i)本人確認を行うフェーズ、および、(ii)オンライン認証の利用登録を行うフェーズ、を含む。 <Flow of information processing method>
The flow of the information processing method executed by the information processing system 2A configured as described above will be described with reference to the drawings. The information processing method performed by the information processing system 2A includes (i) a phase of identity verification and (ii) a phase of online authentication usage registration.
 (本人確認フェーズ)
 図9は、情報処理システム2Aが行う本人確認フェーズの実行方法S3の流れを示すフロー図である。情報処理システム2Aは、対象者が撮影した確認書類を表す画像と、対象者の顔を撮影した顔画像とを用いて本人確認を行う。端末20Aにはサービス提供サーバ80およびサーバ30Aとデータを遣り取りするための汎用アプリケーション(WEBブラウザ、等)、および、FIDO認証を用いたサービスの利用のための専用アプリケーションが予めインストールされている。 (Identification phase)
FIG. 9 is a flowchart showing the flow of the execution method S3 of the personal identification phase performed by the information processing system 2A. The information processing system 2A performs identity verification using an image representing the confirmation document photographed by the subject and a face image obtained by photographing the subject's face. A general-purpose application (WEB browser, etc.) for exchanging data with the service providing server 80 and the server 30A, and a dedicated application for using services using FIDO authentication are pre-installed in the terminal 20A.
 対象者は、端末20Aを用いて、サービス事業者が提供するサービスの利用を申し込むための操作を行う。一例として、対象者は、端末20Aを用いて、サービス事業者が提供する申込受付システムにて、契約するSIMのプランを示す情報、契約への同意を示す情報、本人特定情報、等を入力するとともに、サービスの利用を申し込む旨の操作を行う。本人特定情報は、一例として、対象者の住所、氏名、電話番号、または生年月日を表す情報を含む。 The target person uses the terminal 20A to perform an operation to apply for the use of the service provided by the service provider. As an example, the target person uses the terminal 20A to enter information indicating the SIM plan to be contracted, information indicating agreement to the contract, personal identification information, etc. in the application reception system provided by the service provider. At the same time, an operation to apply for use of the service is performed. The personal identification information includes, for example, information representing the address, name, telephone number, or date of birth of the target person.
 (S301)
 ステップS301において、端末20Aは、対象者の操作内容に基づき、サービスの申し込み開始の要求をサービス提供サーバ80へ送信する。この要求は、一例として、対象者の本人特定情報を含む。 (S301)
In step S301, the terminal 20A transmits a request to start applying for a service to the service providing server 80 based on the operation details of the subject. This request includes, by way of example, the subject's identification information.
 (S302)
 サービス提供サーバ80は、端末20Aから上記要求を受信すると、ステップS302において、本人確認処理の依頼をサーバ30Aに送信する。具体的には例えば、サービス提供サーバ80から送信された要求が端末20AのWEBブラウザでリダイレクトされ、サーバ30Aへ要求が送信される。 (S302)
When the service providing server 80 receives the request from the terminal 20A, in step S302, the service providing server 80 transmits a request for personal identification processing to the server 30A. Specifically, for example, the request transmitted from the service providing server 80 is redirected by the WEB browser of the terminal 20A, and the request is transmitted to the server 30A.
 (S303)
 サーバ30Aは、サービス提供サーバ80から本人確認処理の依頼を受信すると、対象者の確認書類と対象者の顔画像との要求を、端末20Aに送信する。確認書類を表すデータは、請求の範囲に記載した第1の生体情報の一例であり、対象者の顔画像を表すデータは、請求の範囲に記載した第3の生体情報の一例である。サーバ30Aは、例えば、確認書類を撮影するための画面データ、および対象者の顔を撮影するための画面データを端末20Aに送信する。 (S303)
When the server 30A receives a request for identity verification processing from the service providing server 80, the server 30A transmits a request for the verification document of the subject and the face image of the subject to the terminal 20A. The data representing the confirmation document is an example of the first biometric information described in the claims, and the data representing the face image of the subject is an example of the third biometric information described in the claims. The server 30A transmits, for example, screen data for photographing the confirmation document and screen data for photographing the subject's face to the terminal 20A.
 (S304)
 端末20Aは、サーバ30Aから受信した画面データに基づき、本人確認のための公文書を撮影するための画面を表示する。 (S304)
The terminal 20A displays a screen for photographing an official document for personal identification based on the screen data received from the server 30A.
 図11は、ステップS305において端末20Aに表示される画面例を表す図である。画面G1は、確認書類を撮影するためのガイドメッセージ、および、撮影ボタン等を含む。対象者は、画面G1において本人確認のための公文書を撮影する。確認書類を撮影すると、端末20Aは、対象者の顔を撮影するための画面を表示する。 FIG. 11 is a diagram showing an example of the screen displayed on the terminal 20A in step S305. The screen G1 includes a guide message for photographing the confirmation document, a photographing button, and the like. The subject photographs an official document for personal identification on the screen G1. After photographing the confirmation document, the terminal 20A displays a screen for photographing the subject's face.
 図12は、対象者の顔を撮影するための画面例を表す図である。画面G2は、対象者の顔を撮影するためのガイドメッセージ、および、撮影ボタン等を含む。対象者は、画面G2において対象者の顔を撮影する。 FIG. 12 is a diagram showing an example of a screen for photographing a subject's face. The screen G2 includes a guide message for photographing the subject's face, a photographing button, and the like. The subject photographs the subject's face on the screen G2.
 端末20Aは、撮影により生成した画像データを解析し、画像データに問題がないかを判別する。例えば、対象者が帽子、マスク、サングラス等を着用している場合、顔の特徴点を取得することができない。そのため、端末20Aは、顔の特徴点を取得できないと判別した場合、対象者に再撮影を要求する。 The terminal 20A analyzes the image data generated by shooting and determines whether there is any problem with the image data. For example, if the subject wears a hat, mask, sunglasses, or the like, facial feature points cannot be acquired. Therefore, when the terminal 20A determines that the feature points of the face cannot be acquired, the terminal 20A requests the subject to re-photograph.
 (S305)
 ステップS305において、端末20Aは、確認書類を撮影した画像データ、および、対象者の顔を撮影した画像データを、サーバ30Aに送信する。以下では、確認書類を撮影した画像データ、対象者の顔を撮影した画像データをそれぞれ、「確認書類画像」、「顔画像」ともいう。端末20Aは、確認書類画像と顔画像とをまとめてサーバ30Aに送信してもよく、また、確認書類画像と顔画像とを個別に送信してもよい。 (S305)
In step S305, the terminal 20A transmits image data of the photographed confirmation document and image data of the subject's face to the server 30A. Hereinafter, the image data obtained by photographing the confirmation document and the image data obtained by photographing the face of the subject are also referred to as "confirmation document image" and "face image", respectively. The terminal 20A may collectively transmit the confirmation document image and the face image to the server 30A, or may transmit the confirmation document image and the face image individually.
 (S306)
 ステップS306において、第1の受信部301Aは、端末20Aから確認書類画像と顔画像とを受信する。すなわち、第1の受信部301Aは、第1の生体情報と、第3の生体情報とを取得する。 (S306)
In step S306, the first receiving unit 301A receives the confirmation document image and the face image from the terminal 20A. That is, the first receiver 301A acquires the first biological information and the third biological information.
 (S307)
 ステップS307において、確認部306Aは、ステップS306で受信した確認書類画像と顔画像とを用いて本人確認を行う。確認部306Aは、例えば、確認書類画像に含まれる対象者の属性情報と、ステップS301で受信した要求に含まれる対象者の本人特定情報と照合することにより身元確認を行う。また、確認部306Aは、ステップS306で受信した確認書類画像に含まれる対象者の顔画像と、ステップS306で受信した顔画像とを照合することにより当人認証を行う。確認部306Aは、顔画像の照合を例えば、顔画像のテンプレートマッチング、または、機械学習された学習済モデルから出力される出力データを取得することにより行う。 (S307)
In step S307, the confirmation unit 306A performs identity verification using the confirmation document image and face image received in step S306. The confirmation unit 306A performs identification by, for example, collating the target person's attribute information included in the confirmation document image with the target person's identification information included in the request received in step S301. Further, the confirmation unit 306A performs person authentication by comparing the face image of the subject included in the confirmation document image received in step S306 with the face image received in step S306. The confirmation unit 306A performs matching of face images by, for example, template matching of face images, or acquiring output data output from a machine-learned model.
 (S308)
 ステップS308において、第1の記憶制御部302Aは、対象者の本人確認に成功したかを判別する。本人確認に成功した場合(ステップS308にてYES)、第1の記憶制御部302AはステップS309の処理に進む。一方、本人確認に失敗した場合(ステップS308にてNO)、第1の記憶制御部302AはステップS309~S311の処理をスキップする。本人確認に失敗した場合、第1の記憶制御部302Aは、本人確認に失敗した旨を示す応答をサービス提供サーバ80に送信する。 (S308)
In step S308, the first storage control unit 302A determines whether the identity verification of the subject has succeeded. If the personal identification is successful (YES in step S308), the first storage control unit 302A proceeds to the process of step S309. On the other hand, if the identity verification fails (NO in step S308), the first storage control unit 302A skips the processing of steps S309 to S311. When the personal identification fails, the first storage control unit 302A transmits a response to the effect that the personal identification has failed to the service providing server 80 .
 (S309・S310)
 ステップS309において、第1の記憶制御部302Aは、確認書類画像の顔写真部分を切り出した画像を表す第1の生体テンプレートを生成する。第1の記憶制御部302Aは、生成した第1のテンプレートを第1の記憶装置(生体情報記憶装置40A)に記憶する。 (S309/S310)
In step S309, the first storage control unit 302A generates a first biometric template representing an image obtained by cutting out the facial photograph portion of the confirmation document image. The first storage control unit 302A stores the generated first template in the first storage device (biological information storage device 40A).
 (S311・S312)
 ステップS311において、生体認証管理部305Aは、本人確認が成功した旨をサービス提供サーバ80に通知する。サービス提供サーバ80は、申込みの完了を示す通知を端末20Aに送信する。 (S311/S312)
In step S311, the biometric authentication management unit 305A notifies the service providing server 80 that the personal identification has succeeded. The service providing server 80 transmits a notification indicating completion of the application to the terminal 20A.
 (認証の利用登録フェーズ)
 端末20Aがサービスの申し込み完了通知をサービス提供サーバ80から受信した後、サービスを利用するための認証としてFIDO認証を利用するために、FIDO登録を実施して端末20Aに参照用の生体情報である第2の生体情報を登録しておく必要がある。なお、サービス提供サーバ80は、申し込み完了通知を端末20Aに送信後、端末20Aに対して、「生体認証の利用登録開始を要求するための情報」を送信する。当該情報は、例えば、メールに記載された「生体認証の利用登録ページ」のアドレス等である。なお、サービス提供者は、対象者によるサービスの申し込み完了後、当該対象者に対してサービスを利用可能とするために、申込内容に不備が無いかなどの確認を行い、確認後、サービス提供サーバ80を用いて上述した情報を端末20Aに対して送信する。この確認に期間を要することがあるため、本人確認フェーズの完了から認証の利用登録フェーズの開始まで、例えば、数日から数週間といった期間があく場合がある。端末20Aは、サービス提供サーバ80から送信された「生体認証の利用登録開始を要求するための情報」を参照することにより、認証の利用登録フェーズを開始する。 (Use registration phase of authentication)
After the terminal 20A receives the service application completion notification from the service providing server 80, in order to use FIDO authentication as authentication for using the service, FIDO registration is performed and biometric information for reference is sent to the terminal 20A. It is necessary to register the second biometric information. After transmitting the application completion notification to the terminal 20A, the service providing server 80 transmits "information for requesting start of biometric authentication usage registration" to the terminal 20A. The information is, for example, the address of the "biometric authentication use registration page" described in the e-mail. In addition, after completing the application for the service by the target person, the service provider will confirm whether there are any defects in the application content in order to make the service available to the target person, and after confirmation, the service providing server 80 is used to transmit the above information to the terminal 20A. Since this confirmation may require a period of time, it may take several days to several weeks from the completion of the identity confirmation phase to the start of the use registration phase of authentication. The terminal 20A starts the authentication use registration phase by referring to the “information for requesting start of use registration of biometric authentication” transmitted from the service providing server 80 .
 図10は、情報処理システム2Aが行う、オンライン認証の利用登録フェーズの実行方法S4の流れを示すフロー図である。対象者は、端末20Aを用いて、FIDO認証の利用登録開始を要求するための操作を行う。 FIG. 10 is a flowchart showing the flow of the execution method S4 of the use registration phase of online authentication performed by the information processing system 2A. The target person uses the terminal 20A to perform an operation for requesting the start of registration for use of FIDO authentication.
 (S401~S403)
 ステップS401において、端末20Aは、生体認証の利用登録開始の要求を、サービス提供サーバ80に送信する。端末20Aから要求を受信すると、ステップS402において、サービス提供サーバ80は、顔画像の要求を端末20Aに送信する。ステップS403において、端末20Aは、対象者の顔を撮影するための画面を表示する。 (S401-S403)
In step S<b>401 , the terminal 20</b>A transmits a request to start registration for use of biometric authentication to the service providing server 80 . Upon receiving the request from terminal 20A, service providing server 80 transmits a request for a face image to terminal 20A in step S402. In step S403, the terminal 20A displays a screen for photographing the subject's face.
 図13は、ステップS403で表示される画面を例示する図である。図13の画面は、対象者の顔を撮影するためのガイドメッセージ、および、撮影ボタン、等を含む。対象者は図13の画面において対象者の顔を撮影する。端末20Aは、撮影により生成した画像データを解析し、画像データに問題がないかを判別する。例えば、対象者が帽子、マスク、サングラス等を着用している場合、顔の特徴点を取得することができない。そのため、端末20Aは、顔の特徴点を取得できないと判別した場合、対象者に再撮影を要求する。 FIG. 13 is a diagram illustrating the screen displayed in step S403. The screen of FIG. 13 includes a guide message for photographing the subject's face, a photographing button, and the like. The subject photographs the subject's face on the screen of FIG. The terminal 20A analyzes the image data generated by shooting and determines whether there is any problem with the image data. For example, if the subject wears a hat, mask, sunglasses, or the like, facial feature points cannot be obtained. Therefore, when the terminal 20A determines that the feature points of the face cannot be acquired, the terminal 20A requests the subject to re-photograph.
 (S404)
 ステップS404において、端末20Aは、撮影した顔画像(第2の生体情報)を所定のメモリに記憶するとともに、顔画像をサーバ30Aに送信する。 (S404)
In step S404, the terminal 20A stores the captured face image (second biometric information) in a predetermined memory and transmits the face image to the server 30A.
 (S406・S407)
 ステップS406において、サーバ30Aは、端末20Aから顔画像を受信する。ステップS407において、照合部304Aは、生体情報記憶装置40Aから第1の生体情報を取得する。 (S406/S407)
In step S406, server 30A receives the face image from terminal 20A. In step S407, the matching unit 304A acquires the first biometric information from the biometric information storage device 40A.
 (S408)
 ステップS408において、照合部304Aは顔画像を照合する。すなわち、照合部304Aは、生体情報記憶装置40Aに記憶されているN個(Nは自然数)の第1の生体情報のそれぞれと、ステップS406で受信した第2の生体情報とを照合する。本動作例において、第1の生体情報は本人確認書類の顔写真から生成されているため、顔画像を照合することでサービスの申込者とサービスの利用者とが同一人物であるかを検証することが可能である。 (S408)
In step S408, the collation unit 304A collates face images. That is, the collation unit 304A collates each of the N (N is a natural number) first biometric information stored in the biometric information storage device 40A with the second biometric information received in step S406. In this operation example, since the first biometric information is generated from the facial photograph of the personal identification document, it is verified whether the service applicant and the service user are the same person by matching the facial images. It is possible.
 (S409)
 ステップS409において、照合部304Aは、照合部304Aが照合に成功したかを判別する。照合に成功した場合(ステップS409にてYES)、照合部304AはステップS410の処理に進む。一方、照合に失敗した場合(ステップS409にてNO)、照合部304AはステップS410~S420の処理をスキップする。また、照合に失敗した場合、生体認証管理部305Aは、照合に失敗した旨を示す応答をサービス提供サーバ80に送信する。 (S409)
In step S409, the collation unit 304A determines whether the collation is successful. If the matching is successful (YES in step S409), the matching unit 304A proceeds to the process of step S410. On the other hand, if the collation fails (NO in step S409), collation unit 304A skips steps S410 to S420. Also, when the verification fails, the biometrics management unit 305A transmits a response indicating that the verification has failed to the service providing server 80 .
 (S410)
 ステップS410において、第1の記憶制御部302Aは、照合に成功した第1の生体テンプレートを生体情報記憶装置40Aから削除する。すなわち、第1の記憶制御部302Aは、照合部304Aが照合に成功した場合(ステップS409にてYES)、照合に成功した第1の生体情報を第1の記憶装置から削除する。 (S410)
In step S410, the first storage control unit 302A deletes the successfully matched first biometric template from the biometric information storage device 40A. That is, when the collation unit 304A succeeds in collation (YES in step S409), the first storage control unit 302A deletes the successfully collated first biometric information from the first storage device.
 (S411・S412)
 ステップS411において、生体認証管理部305Aは、照合部304が照合に成功した旨を示す照合結果をサービス提供サーバ80に送信する。ステップS412において、サービス提供サーバ80は、生体認証の利用登録を依頼する。すなわち、照合結果を受信したサービス提供サーバ80は、サーバ30AへFIDO認証の登録依頼を送信し、チャレンジ・レスポンス方式での通信を実施する。 (S411/S412)
In step S411, the biometric authentication management unit 305A transmits to the service providing server 80 a matching result indicating that the matching unit 304 has successfully performed matching. In step S412, the service providing server 80 requests registration for use of biometric authentication. That is, the service providing server 80 that has received the collation result transmits a registration request for FIDO authentication to the server 30A, and carries out communication by the challenge-response method.
 (S413)
 ステップS413において、サーバ30AはFIDO認証の利用登録要求(チャレンジ)を、サービス提供サーバ80を経由して端末20Aに送信する。なお、サーバ30Aは登録要求を、サービス提供サーバ80を経由することなく端末20Aに直接送信してもよい。 (S413)
In step S413, the server 30A transmits a use registration request (challenge) for FIDO authentication to the terminal 20A via the service providing server 80. FIG. Note that the server 30A may directly transmit the registration request to the terminal 20A without going through the service providing server 80. FIG.
 (S414・S415)
 ステップS414において、端末20Aは、サーバ30Aから登録要求を受信すると、ステップS404で所定のメモリに記憶した顔画像である第2の生体情報から第2の生体テンプレートを生成する。ステップS415において、端末20Aは、ステップS414で生成した第2の生体テンプレートを生体情報記憶部206A(第2の記憶部)に記憶する。 (S414/S415)
In step S414, when the terminal 20A receives the registration request from the server 30A, the terminal 20A generates a second biological template from the second biological information, which is the face image stored in the predetermined memory in step S404. In step S415, the terminal 20A stores the second biometric template generated in step S414 in the biometric information storage unit 206A (second storage unit).
 (S416・S417)
 ステップS416において、端末20Aは、FIDOの標準仕様に則り、FIDO認証に必要な秘密鍵および公開鍵を生成し、秘密鍵を端末20A内で保管する。ステップS417において、端末20Aは、生成した公開鍵を、サーバ30Aにサービス提供サーバ80を経由して送信する。なお、端末20Aは、サービス提供サーバ80を経由することなく公開鍵を直接サーバ30Aに送信してもよい。 (S416/S417)
In step S416, the terminal 20A generates a private key and a public key required for FIDO authentication in accordance with the FIDO standard specifications, and stores the private key within the terminal 20A. In step S417, the terminal 20A transmits the generated public key to the server 30A via the service providing server 80. FIG. Note that the terminal 20A may transmit the public key directly to the server 30A without going through the service providing server 80. FIG.
 (S418・S419)
 ステップS418において、サーバ30Aは、端末20Aから公開鍵を受信すると、受信した公開鍵を所定の記憶装置に記憶する。ステップS419において、サーバ30Aは、登録の完了を、サービス提供サーバ80を経由して端末20Aに通知する。サーバ30Aは、登録の完了通知を、サービス提供サーバ80を経由することなく直接端末20Aに送信してもよい。 (S418/S419)
In step S418, upon receiving the public key from terminal 20A, server 30A stores the received public key in a predetermined storage device. In step S419, the server 30A notifies the terminal 20A via the service providing server 80 of completion of registration. The server 30A may directly transmit the registration completion notification to the terminal 20A without going through the service providing server 80. FIG.
 端末20Aは、生体情報記憶部206Aに記憶された第2の生体情報を用いて、サービス提供サーバ80が提供するサービスにおいてFIDO認証を行う。 The terminal 20A performs FIDO authentication in the service provided by the service providing server 80 using the second biometric information stored in the biometric information storage unit 206A.
 このように、本例示的実施形態では、なりすましを防止するための第1の生体テンプレートの保存期間は必要最低限に抑えられている。第1の生体テンプレートの保存期間について、図14を参照して説明する。図14は、第1の生体テンプレートの保存期間を説明する図である。図14に示すように、本例示的実施形態では、対象者によるサービスの利用申し込み時では、対象者の第1の生体テンプレートは、第1の記憶装置(生体情報記憶装置40A)に記憶されていない。第1の生体テンプレートは、利用申し込みの完了時、及び当該対象者としての生体認証の利用登録時では、第1の記憶装置に記憶される。また、当該利用登録の完了時には、第1の生体テンプレートは第1の記憶装置から削除され、これと引き換えに、第2の生体テンプレートが第2の記憶装置(生体情報記憶部206A)に記憶されている。したがって、第1の生体テンプレートの保存期間は、長くても利用申し込みの完了時から生体認証の利用登録の完了直前までである。これにより、第1の記憶装置に保存される第1の生体テンプレートの個数が増えすぎることがない。したがって、ステップS408において、照合部304Aが顔画像と照合する対象となる第1の生体テンプレートの個数が増えすぎることがなく、照合部304Aの照合時間の短縮に寄与する。 Thus, in this exemplary embodiment, the storage period of the first biometric template to prevent spoofing is minimized. The retention period of the first biological template will be described with reference to FIG. 14 . FIG. 14 is a diagram for explaining the retention period of the first biological template. As shown in FIG. 14, in this exemplary embodiment, when the subject applies for the service, the subject's first biometric template is stored in the first storage device (biometric information storage device 40A). No. The first biometric template is stored in the first storage device when the application for use is completed and when the subject is registered for use of biometric authentication. Further, when the use registration is completed, the first biological template is deleted from the first storage device, and in exchange, the second biological template is stored in the second storage device (biological information storage unit 206A). ing. Therefore, the storage period of the first biometric template is, at the longest, from when the application for use is completed until immediately before the registration for use of biometric authentication is completed. As a result, the number of first biological templates stored in the first storage device does not increase excessively. Therefore, in step S408, the number of first biometric templates to be matched with face images by the matching unit 304A does not increase excessively, which contributes to shortening the matching time of the matching unit 304A.
 以上説明したように本例示的実施形態によれば、情報処理システム2Aは、対象者の本人確認で用いた確認書類に含まれる顔画像(第1の生体情報)を一時的に保持しておき、対象者がオンライン認証の利用を開始する際に、保持していた第1の生体情報を用いて当人認証を行う。これにより、本人確認された対象者と異なる対象者の生体情報がオンライン認証の照合用の情報として登録されてしまうことが防止される。 As described above, according to this exemplary embodiment, the information processing system 2A temporarily holds the face image (first biometric information) included in the confirmation document used for identity verification of the subject. , when the target person starts using online authentication, the person is authenticated using the first biometric information held. This prevents biometric information of a subject different from the subject whose identity has been verified from being registered as information for online authentication verification.
 また、本例示的実施形態によれば、照合部304Aが照合に成功した場合、照合に成功した第1の生体情報を生体情報記憶装置40Aから削除する。これにより、生体情報記憶装置40Aに記憶する第1の生体情報の個数を必要最低限にすることができ、照合に要する時間を短縮することができる。また、照合に成功した対象者の第1の生体情報を削除することにより、対象者の生体情報をサーバ側で保持することがなく、情報漏洩のリスクが軽減される。 Further, according to this exemplary embodiment, when the collation unit 304A succeeds in collation, the successfully collated first biometric information is deleted from the biometric information storage device 40A. As a result, the number of pieces of first biometric information stored in the biometric information storage device 40A can be minimized, and the time required for collation can be shortened. In addition, by deleting the first biometric information of the target person whose collation has succeeded, the biometric information of the target person is not held on the server side, and the risk of information leakage is reduced.
 <変形例>
 (変形例1)
 上述の例示的実施形態では、情報処理システム2Aがオンライン認証としてFIDO認証を行う場合について説明した。情報処理システム2Aが行うオンライン認証は上述した実施形態で示したものに限られず、生体情報を用いる他のプロトコルに従った認証であってもよい。 <Modification>
(Modification 1)
In the exemplary embodiment described above, the case where the information processing system 2A performs FIDO authentication as online authentication has been described. The online authentication performed by the information processing system 2A is not limited to that shown in the above-described embodiment, and may be authentication according to other protocols using biometric information.
 また、例えば、オンライ認証は、第2の生体テンプレートがサーバ側で保存されるサーバ型生体認証に基づく認証であってもよい。この場合、端末20Aが生体情報記憶部206Aを含む代わりに、サーバ30Aが生体情報記憶部206Aを含む。ただし、通信時間の削減と、サーバに登録された複数の第2の生体テンプレートとの照合時間の削減との観点からは、第2の生体テンプレートは、端末側に記憶されることが望ましい。 Also, for example, online authentication may be authentication based on server-type biometric authentication in which the second biometric template is stored on the server side. In this case, instead of the terminal 20A including the biometric information storage unit 206A, the server 30A includes the biometric information storage unit 206A. However, from the viewpoint of reducing communication time and collating time with a plurality of second biometric templates registered in the server, it is desirable that the second biometric template is stored on the terminal side.
 (変形例2)
 上述の例示的実施形態では、情報処理システム2Aは、本人確認フェーズにおいて、対象者の身元確認および当人認証を行ったが、情報処理システム2Aは、本人確認フェーズにおいて、身元確認のみを行い、当人認証を行わなくてもよい。この場合、情報処理システム2Aは、本人確認フェーズにおいて、身元確認が成功した場合に、当人確認を行うことなく、第1の生体情報を生体情報記憶装置40Aに記憶する。 (Modification 2)
In the exemplary embodiment described above, the information processing system 2A performs identity verification and person authentication of the subject in the identity verification phase, but the information processing system 2A performs only identity verification in the identity verification phase, You don't have to authenticate yourself. In this case, the information processing system 2A stores the first biometric information in the biometric information storage device 40A without performing identity verification in the identity verification phase when the identity verification is successful.
 また、上述の例示的実施形態では、情報処理システム2Aは、確認書類に含まれる対象者の属性情報とサービスの申し込み内容とを照合することにより、対象者の身元確認を行った。身元確認の方法は上述した例示的実施形態で示したものに限られない。情報処理システム2Aは例えば、公文書以外の書類に基づき身元確認を行ってもよく、また、他のサービスに対象者に関する情報を用いて問い合わせることにより身元確認を行ってもよい。 In addition, in the exemplary embodiment described above, the information processing system 2A confirmed the identity of the subject by comparing the subject's attribute information included in the confirmation document with the content of the service application. Methods of identification are not limited to those shown in the exemplary embodiments described above. For example, the information processing system 2A may perform identity verification based on documents other than official documents, or may perform identity verification by inquiring other services using information about the subject.
 (変形例3)
 上述の例示的実施形態では、第1の生体情報が、確認書類を表す画像データである場合を説明したが、第1の生体情報は上述した例示的実施形態で示したものに限られない。第1の生体情報は、対象者の生体情報と、対象者の身元確認に用いる情報とを含み、対象者の生体情報は、一例として、対象者の指紋、声紋、静脈、掌紋、または虹彩を表す情報を含んでいてもよい。 (Modification 3)
In the exemplary embodiment described above, the first biometric information is image data representing a confirmation document, but the first biometric information is not limited to that shown in the exemplary embodiment described above. The first biometric information includes the subject's biometric information and information used for identifying the subject, and the subject's biometric information includes, for example, the subject's fingerprint, voiceprint, vein, palmprint, or iris It may contain information representing
 また、上述の例示的実施形態では、第2の生体情報および第3の生体情報が、対象者の顔を撮影した画像データである場合を説明したが、第2の生体情報および第3の生体情報は上述した例示的実施形態で示したものに限られない。第2の生体情報および第3の生体情報は、一例として、対象者の指紋、声紋、静脈、掌紋、または虹彩を表す情報を含んでいてもよい。換言すると、第1の生体情報、第2の生体情報、および第3の生体情報は、人の顔を撮影した画像、指紋、および声紋の少なくともいずれかを表す情報を含んでもよい。 Further, in the above-described exemplary embodiments, the case where the second biological information and the third biological information are image data obtained by photographing the face of the subject has been described. The information is not limited to that shown in the exemplary embodiments described above. The second biometric information and the third biometric information may include, for example, information representing the subject's fingerprint, voiceprint, vein, palmprint, or iris. In other words, the first biometric information, the second biometric information, and the third biometric information may include information representing at least one of an image of a person's face, a fingerprint, and a voiceprint.
 (変形例4)
 上述の例示的実施形態では、サーバ30Aの確認部306Aが、端末20Aから受信した確認書類画像と顔画像とを用いて本人確認を行ったが、サーバ30A以外の装置が本人確認を行ってもよく、また、情報処理システム1の管理者等が対象者の本人確認を行い、確認の結果を情報処理システム1に入力してもよい。この場合、第1の記憶制御部302Aは、入力された結果を示す情報に基づき、本人確認に成功したか否かを判別する。 (Modification 4)
In the exemplary embodiment described above, the verification unit 306A of the server 30A performs identity verification using the confirmation document image and face image received from the terminal 20A. Alternatively, an administrator or the like of the information processing system 1 may verify the identity of the target person and input the verification result to the information processing system 1 . In this case, the first storage control unit 302A determines whether or not the personal identification has succeeded based on the input information indicating the result.
 〔ソフトウェアによる実現例〕
 情報処理システム1、端末20、20A、サーバ30、30A、およびサービス提供サーバ80の一部又は全部の機能は、集積回路(ICチップ)等のハードウェアによって実現してもよいし、ソフトウェアによって実現してもよい。 [Example of realization by software]
Some or all of the functions of the information processing system 1, the terminals 20 and 20A, the servers 30 and 30A, and the service providing server 80 may be realized by hardware such as integrated circuits (IC chips), or by software. You may
 後者の場合、情報処理システム1、端末20、20A、サーバ30、30A、およびサービス提供サーバ80は、例えば、各機能を実現するソフトウェアであるプログラムの命令を実行するコンピュータによって実現される。このようなコンピュータの一例(以下、コンピュータCと記載する)を図15に示す。コンピュータCは、少なくとも1つのプロセッサC1と、少なくとも1つのメモリC2と、を備えている。メモリC2には、コンピュータCを情報処理システム1、端末20、20A、サーバ30、30A、およびサービス提供サーバ80として動作させるためのプログラムPが記録されている。コンピュータCにおいて、プロセッサC1は、プログラムPをメモリC2から読み取って実行することにより、情報処理システム1、端末20、20A、サーバ30、30A、およびサービス提供サーバ80の各機能が実現される。 In the latter case, the information processing system 1, the terminals 20 and 20A, the servers 30 and 30A, and the service providing server 80 are implemented, for example, by computers that execute program instructions that are software that implements each function. An example of such a computer (hereinafter referred to as computer C) is shown in FIG. Computer C comprises at least one processor C1 and at least one memory C2. A program P for operating the computer C as the information processing system 1, the terminals 20 and 20A, the servers 30 and 30A, and the service providing server 80 is recorded in the memory C2. In the computer C, the processor C1 reads the program P from the memory C2 and executes it, thereby implementing the functions of the information processing system 1, the terminals 20 and 20A, the servers 30 and 30A, and the service providing server 80.
 プロセッサC1としては、例えば、CPU(Central Processing Unit)、GPU(Graphic Processing Unit)、DSP(Digital Signal Processor)、MPU(Micro Processing Unit)、FPU(Floating point number Processing Unit)、PPU(Physics Processing Unit)、マイクロコントローラ、又は、これらの組み合わせなどを用いることができる。メモリC2としては、例えば、フラッシュメモリ、HDD(Hard Disk Drive)、SSD(Solid State Drive)、又は、これらの組み合わせなどを用いることができる。 As the processor C1, for example, CPU (Central Processing Unit), GPU (Graphic Processing Unit), DSP (Digital Signal Processor), MPU (Micro Processing Unit), FPU (Floating point number Processing Unit), PPU (Physics Processing Unit) , a microcontroller, or a combination thereof. As the memory C2, for example, a flash memory, HDD (Hard Disk Drive), SSD (Solid State Drive), or a combination thereof can be used.
 なお、コンピュータCは、プログラムPを実行時に展開したり、各種データを一時的に記憶したりするためのRAM(Random Access Memory)を更に備えていてもよい。また、コンピュータCは、他の装置との間でデータを送受信するための通信インタフェースを更に備えていてもよい。また、コンピュータCは、キーボードやマウス、ディスプレイやプリンタなどの入出力機器を接続するための入出力インタフェースを更に備えていてもよい。 Note that the computer C may further include a RAM (Random Access Memory) for expanding the program P during execution and temporarily storing various data. Computer C may further include a communication interface for sending and receiving data to and from other devices. Computer C may further include an input/output interface for connecting input/output devices such as a keyboard, mouse, display, and printer.
 また、プログラムPは、コンピュータCが読み取り可能な、一時的でない有形の記録媒体Mに記録することができる。このような記録媒体Mとしては、例えば、テープ、ディスク、カード、半導体メモリ、又はプログラマブルな論理回路などを用いることができる。コンピュータCは、このような記録媒体Mを介してプログラムPを取得することができる。また、プログラムPは、伝送媒体を介して伝送することができる。このような伝送媒体としては、例えば、通信ネットワーク、又は放送波などを用いることができる。コンピュータCは、このような伝送媒体を介してプログラムPを取得することもできる。 In addition, the program P can be recorded on a non-temporary tangible recording medium M that is readable by the computer C. As such a recording medium M, for example, a tape, disk, card, semiconductor memory, programmable logic circuit, or the like can be used. The computer C can acquire the program P via such a recording medium M. Also, the program P can be transmitted via a transmission medium. As such a transmission medium, for example, a communication network or broadcast waves can be used. Computer C can also obtain program P via such a transmission medium.
 〔付記事項1〕
 本発明は、上述した実施形態に限定されるものでなく、請求項に示した範囲で種々の変更が可能である。例えば、上述した実施形態に開示された技術的手段を適宜組み合わせて得られる実施形態についても、本発明の技術的範囲に含まれる。 [Appendix 1]
The present invention is not limited to the above-described embodiments, and various modifications are possible within the scope of the claims. For example, embodiments obtained by appropriately combining the technical means disclosed in the embodiments described above are also included in the technical scope of the present invention.
 〔付記事項2〕
 上述した実施形態の一部又は全部は、以下のようにも記載され得る。ただし、本発明は、以下に記載する態様に限定されるものではない。 [Appendix 2]
Some or all of the above-described embodiments may also be described as follows. However, the present invention is not limited to the embodiments described below.
 (付記1)
 サービスの利用を申し込む対象者の第1の生体情報を取得する第1の取得手段と、
 前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段と、
 前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を取得する第2の取得手段と、
 前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合手段と、
 前記照合手段が前記照合に成功した場合、前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段と、
を備える情報処理システム。 (Appendix 1)
a first acquisition means for acquiring first biometric information of a subject applying for use of the service;
a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject using the first biometric information is successful;
a second acquisition of acquiring second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; means and
collation means for collating the second biometric information with the first biometric information stored in the first storage device;
a second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the collation means succeeds in the collation;
An information processing system comprising
 上記の構成によれば、サービスの申込時に得た第1の生体情報と、当該サービスにおける生体認証の利用を可能とするために得た第2の生体情報とを用いるだけでよく、ユーザIDと紐付けられた第1の生体情報が事前に記憶されたサーバを必要としない。その結果、サービスの申込者とサービスの利用者が異なるというなりすましを、ユーザの利便性を損なうことなく防止する確実性が向上するという効果が得られる。 According to the above configuration, it is only necessary to use the first biometric information obtained when applying for the service and the second biometric information obtained to enable the use of biometric authentication in the service. A server in which the associated first biometric information is stored in advance is not required. As a result, it is possible to obtain the effect of improving the certainty of preventing spoofing that the applicant of the service and the user of the service are different without impairing the user's convenience.
 (付記2)
 前記第1の記憶制御手段は、前記照合手段が前記照合に成功した場合、前記照合に成功した第1の生体情報を前記第1の記憶装置から削除する、
付記1に記載の情報処理システム。 (Appendix 2)
The first storage control means deletes the successfully verified first biometric information from the first storage device when the verification means succeeds in the verification.
The information processing system according to appendix 1.
 上記の構成によれば、第1の記憶装置に記憶する第1の生体情報の個数を必要最低限にすることができ、照合に要する時間を短縮することができる。また、照合に成功した対象者の第1の生体情報を削除することにより、対象者の生体情報をサーバ側で保持することがなく、情報漏洩のリスクが軽減される。 According to the above configuration, the number of pieces of first biometric information stored in the first storage device can be minimized, and the time required for verification can be shortened. In addition, by deleting the first biometric information of the target person whose collation has succeeded, the biometric information of the target person is not held on the server side, and the risk of information leakage is reduced.
 (付記3)
 前記第1の取得手段は、前記第1の生体情報と、第3の生体情報とを取得し、
 前記第1の生体情報および前記第3の生体情報を用いて前記対象者の前記本人確認を行う確認手段をさらに備える、
付記1または2に記載の情報処理システム。 (Appendix 3)
The first acquisition means acquires the first biological information and the third biological information,
Further comprising confirmation means for confirming the identity of the subject using the first biometric information and the third biometric information,
The information processing system according to appendix 1 or 2.
 上記の構成によれば、第1の生体情報を用いた本人確認を、第3の生体情報を用いてより確実に行うことができる。 According to the above configuration, identity verification using the first biometric information can be more reliably performed using the third biometric information.
 (付記4)
 前記生体認証は、FIDO(fast identity online)のプロトコルに従った認証である、
付記1から3のいずれか1つに記載の情報処理システム。 (Appendix 4)
The biometric authentication is authentication according to the FIDO (fast identity online) protocol,
The information processing system according to any one of Appendices 1 to 3.
 上記の構成によれば、FIDOのプロトコルに従った生体認証において、上述したなりすましを、ユーザの利便性を損なうことなく防止する確実性が向上する。 According to the above configuration, in biometric authentication according to the FIDO protocol, the above-described spoofing is more reliably prevented without impairing user convenience.
 (付記5)
 前記第1の生体情報および前記第2の生体情報は、人の顔を撮影した画像、指紋、および声紋の少なくともいずれかを表す情報を含む、
付記1から4のいずれか1つに記載の情報処理システム。 (Appendix 5)
The first biometric information and the second biometric information include information representing at least one of an image of a person's face, a fingerprint, and a voiceprint,
5. The information processing system according to any one of Appendices 1 to 4.
 上記の構成によれば、人の顔、指紋、および声紋の少なくとも何れかを生体認証において用いたい対象者に対して、上述したなりすましを、ユーザの利便性を損なうことなく防止する確実性が向上する。 According to the above configuration, it is possible to improve the certainty of preventing the above-described spoofing without impairing the user's convenience for a target person who wishes to use at least one of a person's face, fingerprint, and voiceprint for biometric authentication. do.
 (付記6)
 サービスの利用を申し込む対象者の第1の生体情報を端末から受信する第1の受信手段と、
 前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段と、
 前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信する第2の受信手段と、
 前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合手段と、
 前記照合手段が前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合手段による照合結果に基づく情報を送信する照合結果送信手段と、
を備えるサーバ。 (Appendix 6)
a first receiving means for receiving, from a terminal, first biometric information of a target person applying for use of the service;
a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject using the first biometric information is successful;
a second reception for receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; means and
collation means for collating the second biometric information with the first biometric information stored in the first storage device;
for a terminal having second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the collation means succeeds in the collation; matching result transmission means for transmitting information based on the matching result;
A server with
 上記の構成によれば、上述した付記1と同様の効果を奏するサーバを実現することができる。 According to the above configuration, it is possible to realize a server that has the same effects as those of Supplementary Note 1 described above.
 (付記7)
 サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段を有するサーバに送信する第1の送信手段と、
 前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を、前記サーバに送信する第2の送信手段と、
 前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶する第2の記憶制御手段と、
を備える端末。 (Appendix 7)
Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information a first transmission means for transmitting to a server having a first storage control means;
When the identity verification is successful, second biometric information different from the first biometric information is transmitted to the server as biometric information for enabling the subject person to use biometric authentication in the service. a second transmission means;
second storage control means for storing the second biometric information in a second storage device when the server succeeds in matching the first biometric information and the second biometric information;
terminal with
 上記の構成によれば、上述した付記1と同様の効果を奏する端末を実現することができる。 According to the above configuration, it is possible to realize a terminal that has the same effects as those of Appendix 1 described above.
 (付記8)
 前記第2の記憶装置に記憶された第2の生体情報を用いて、前記サービスにおいて前記対象者の生体認証を行う認証手段、をさらに備える付記7に記載の端末。 (Appendix 8)
8. The terminal according to appendix 7, further comprising authentication means for performing biometric authentication of the subject in the service using the second biometric information stored in the second storage device.
 上記の構成によれば、当該端末を用いて生体認証によりサービスを利用する対象者が、サービスの利用申し込み者とは異なるなりすましではないことの確実性を向上させる。 According to the above configuration, it is possible to improve the certainty that the target person who uses the terminal to use the service through biometric authentication is not an impersonator who is different from the person who applied for the service.
 (付記9)
 サービスの利用を申し込む対象者の第1の生体情報を取得すること、
 前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶すること、
 前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を取得すること、
 前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合すること、
 前記照合に成功した場合、前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶すること、
を含む情報処理方法。 (Appendix 9)
Acquiring first biometric information of a subject applying for use of the service;
Storing the first biometric information in a first storage device when identity verification of the subject using the first biometric information is successful;
Acquiring second biometric information different from the first biometric information as biometric information for enabling the use of biometric authentication by the subject in the service when the identity verification is successful;
collating the second biometric information with the first biometric information stored in the first storage device;
storing the second biometric information in a second storage device referred to in the biometric authentication when the verification is successful;
Information processing method including.
 上記の構成によれば、付記1と同様の効果を奏する。 According to the above configuration, the same effect as Appendix 1 can be obtained.
 (付記10)
 サービスの利用を申し込む対象者の第1の生体情報を受信すること、
 前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶すること、
 前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信すること、
 前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合すること、
 前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合の結果に基づく情報を送信すること、
を含む情報処理方法。 (Appendix 10)
receiving first biometric information of a subject applying for use of the service;
Storing the first biometric information in a first storage device when identity verification of the subject using the first biometric information is successful;
Receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful;
collating the second biometric information with the first biometric information stored in the first storage device;
information based on the result of the verification to a terminal having a second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the verification is successful; to send
Information processing method including.
 上記の構成によれば、付記1と同様の効果を奏する。 According to the above configuration, the same effect as Appendix 1 can be obtained.
 (付記11)
 サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶するサーバに送信すること、
 前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を前記サーバに送信すること、
 前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶すること、
を含む情報処理方法。 (Appendix 11)
Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information to the server;
transmitting second biometric information different from the first biometric information to the server as biometric information for enabling the use of biometric authentication by the subject in the service when the identity verification is successful; ,
storing the second biometric information in a second storage device when the server successfully matches the first biometric information and the second biometric information;
Information processing method including.
 上記の構成によれば、付記1と同様の効果を奏する。 According to the above configuration, the same effect as Appendix 1 can be obtained.
 (付記12)
 コンピュータを情報処理装置として機能させるためのプログラムであって、前記コンピュータを、
 サービスの利用を申し込む対象者の第1の生体情報を受信する第1の受信手段と、
 前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段と、
 前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信する第2の受信手段と、
 前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合手段と、
 前記照合手段が前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合手段による照合結果に基づく情報を送信する照合結果送信手段と、
として機能させることを特徴とするプログラム。 (Appendix 12)
A program for causing a computer to function as an information processing device, the computer comprising:
a first receiving means for receiving first biometric information of a subject applying for use of the service;
a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject using the first biometric information is successful;
a second reception for receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; means and
collation means for collating the second biometric information with the first biometric information stored in the first storage device;
for a terminal having second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the collation means succeeds in the collation; matching result transmission means for transmitting information based on the matching result;
A program characterized by functioning as
 上記の構成によれば、付記1と同様の効果を奏する。 According to the above configuration, the same effect as Appendix 1 can be obtained.
 (付記13)
 コンピュータを情報処理装置として機能させるためのプログラムであって、前記コンピュータを、
 サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段を有するサーバに送信する第1の送信手段と、
 前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を前記サーバに送信する第2の送信手段と、
 前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶する第2の記憶制御手段と、
として機能させることを特徴とするプログラム。 (Appendix 13)
A program for causing a computer to function as an information processing device, the computer comprising:
Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information a first transmission means for transmitting to a server having a first storage control means;
transmitting second biometric information different from the first biometric information to the server as biometric information for enabling the use of biometric authentication by the subject in the service when the identity verification is successful; 2 transmitting means;
second storage control means for storing the second biometric information in a second storage device when the server succeeds in matching the first biometric information and the second biometric information;
A program characterized by functioning as
 上記の構成によれば、付記1と同様の効果を奏する。 According to the above configuration, the same effect as Appendix 1 can be obtained.
 〔付記事項3〕
 上述した実施形態の一部又は全部は、更に、以下のように表現することもできる。 [Appendix 3]
Some or all of the embodiments described above can also be expressed as follows.
 少なくとも1つのプロセッサを備え、前記プロセッサは、
 サービスの利用を申し込む対象者の第1の生体情報を取得する第1の取得処理と、
前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御処理と、
前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を取得する第2の取得処理と、
前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合処理と、
前記照合処理において前記照合に成功した場合、前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御処理と、
を実行する情報処理システム。 at least one processor, said processor comprising:
a first acquisition process for acquiring first biometric information of a subject applying for use of the service;
a first storage control process of storing the first biometric information in a first storage device when identity verification of the subject using the first biometric information is successful;
a second acquisition of acquiring second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; processing;
a matching process of matching the second biometric information with the first biometric information stored in the first storage device;
a second storage control process of storing the second biometric information in a second storage device referred to in the biometric authentication when the matching is successful in the matching process;
An information processing system that executes
 少なくとも1つのプロセッサを備え、前記プロセッサは、
 サービスの利用を申し込む対象者の第1の生体情報を端末から受信する第1の受信処理と、
前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御処理と、
前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信する第2の受信処理と、
前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合処理と、
前記照合処理における前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合処理における照合結果に基づく情報を送信する照合結果送信処理と、を実行するサーバ。 at least one processor, said processor comprising:
a first reception process for receiving, from a terminal, first biometric information of a target person applying for use of the service;
a first storage control process of storing the first biometric information in a first storage device when identity verification of the subject using the first biometric information is successful;
a second reception for receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; processing;
a matching process of matching the second biometric information with the first biometric information stored in the first storage device;
for a terminal having a second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the matching in the matching process is successful; A server that executes matching result transmission processing for transmitting information based on the matching result.
 なお、このサーバは、更にメモリを備えていてもよく、このメモリには、前記第1の受信処理と、前記第1の記憶制御処理と、前記第2の受信処理と、前記照合処理と、前記照合結果送信処理とを前記プロセッサに実行させるためのプログラムが記憶されていてもよい。また、このプログラムは、コンピュータ読み取り可能な一時的でない有形の記録媒体に記録されていてもよい。 The server may further include a memory, in which the first reception processing, the first storage control processing, the second reception processing, the collation processing, A program may be stored for causing the processor to execute the matching result transmission process. Also, this program may be recorded in a computer-readable non-temporary tangible recording medium.
 少なくとも1つのプロセッサを備え、前記プロセッサは、
 サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段を有するサーバに送信する第1の送信処理と、
前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を、前記サーバに送信する第2の送信処理と、
前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶する第2の記憶制御処理と、を実行する端末。 at least one processor, said processor comprising:
Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information a first transmission process of transmitting to a server having a first storage control means;
When the identity verification is successful, second biometric information different from the first biometric information is transmitted to the server as biometric information for enabling the subject person to use biometric authentication in the service. a second transmission process;
and executing a second storage control process of storing the second biometric information in a second storage device when the server succeeds in matching the first biometric information and the second biometric information. terminal.
 なお、この端末は、更にメモリを備えていてもよく、このメモリには、前記第1の送信処理と、前記第2の送信処理と、前記第2の記憶制御処理とを前記プロセッサに実行させるためのプログラムが記憶されていてもよい。また、このプログラムは、コンピュータ読み取り可能な一時的でない有形の記録媒体に記録されていてもよい。 The terminal may further include a memory, and the memory causes the processor to execute the first transmission process, the second transmission process, and the second storage control process. A program for this may be stored. Also, this program may be recorded in a computer-readable non-temporary tangible recording medium.
1、2、2A 情報処理システム
11 第1の取得部
12、302、302A 第1の記憶制御部
13 第2の取得部
14、304、304A 照合部
15、203、203A 第2の記憶制御部
20、20A 端末
30、30A サーバ
40A 生体情報記憶装置
80 サービス提供サーバ
201、201A 第1の送信部
301、301A 第1の受信部
202、202A 第2の送信部
206A 生体情報記憶部
207A 認証部
208A 撮影部
302A 第1の記憶制御部
303、303A 第2の受信部
305 照合結果送信部
305A 生体認証管理部
306A 確認部
C1 プロセッサ
C2 メモリ

  1, 2, 2A Information processing system 11 First acquisition units 12, 302, 302A First storage control unit 13 Second acquisition units 14, 304, 304A Verification units 15, 203, 203A Second storage control unit 20 , 20A terminal 30, 30A server 40A biometric information storage device 80 service providing server 201, 201A first transmission unit 301, 301A first reception unit 202, 202A second transmission unit 206A biometric information storage unit 207A authentication unit 208A photographing Unit 302A First memory control units 303, 303A Second receiving unit 305 Verification result transmitting unit 305A Biometrics management unit 306A Verification unit C1 Processor C2 Memory

Claims (13)

  1.  サービスの利用を申し込む対象者の第1の生体情報を取得する第1の取得手段と、
     前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段と、
     前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を取得する第2の取得手段と、
     前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合手段と、
     前記照合手段が前記照合に成功した場合、前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段と、
    を備える情報処理システム。     a first acquisition means for acquiring first biometric information of a subject applying for use of the service;
    a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject using the first biometric information is successful;
    a second acquisition of acquiring second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; means and
    collation means for collating the second biometric information with the first biometric information stored in the first storage device;
    a second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the collation means succeeds in the collation;
    An information processing system comprising
  2.  前記第1の記憶制御手段は、前記照合手段が前記照合に成功した場合、前記照合に成功した第1の生体情報を前記第1の記憶装置から削除する、
    請求項1に記載の情報処理システム。     The first storage control means deletes the successfully verified first biometric information from the first storage device when the verification means succeeds in the verification.
    The information processing system according to claim 1.
  3.  前記第1の取得手段は、前記第1の生体情報と、第3の生体情報とを取得し、
     前記第1の生体情報および前記第3の生体情報を用いて前記対象者の前記本人確認を行う確認手段をさらに備える、
    請求項1または2に記載の情報処理システム。     The first acquisition means acquires the first biological information and the third biological information,
    Further comprising confirmation means for confirming the identity of the subject using the first biometric information and the third biometric information,
    The information processing system according to claim 1 or 2.
  4.  前記生体認証は、FIDO(fast identity online)のプロトコルに従った認証である、
    請求項1から3のいずれか1項に記載の情報処理システム。     The biometric authentication is authentication according to the FIDO (fast identity online) protocol,
    The information processing system according to any one of claims 1 to 3.
  5.  前記第1の生体情報および前記第2の生体情報は、人の顔を撮影した画像、指紋、および声紋の少なくともいずれかを表す情報を含む、
    請求項1から4のいずれか1項に記載の情報処理システム。     The first biometric information and the second biometric information include information representing at least one of an image of a person's face, a fingerprint, and a voiceprint,
    The information processing system according to any one of claims 1 to 4.
  6.  サービスの利用を申し込む対象者の第1の生体情報を端末から受信する第1の受信手段と、
     前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段と、
     前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信する第2の受信手段と、
     前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合手段と、
     前記照合手段が前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合手段による照合結果に基づく情報を送信する照合結果送信手段と、
    を備えるサーバ。     a first receiving means for receiving, from a terminal, first biometric information of a target person applying for use of the service;
    a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject using the first biometric information is successful;
    a second reception for receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; means and
    collation means for collating the second biometric information with the first biometric information stored in the first storage device;
    for a terminal having second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the collation means succeeds in the collation; matching result transmission means for transmitting information based on the matching result;
    A server with
  7.  サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段を有するサーバに送信する第1の送信手段と、
     前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を、前記サーバに送信する第2の送信手段と、
     前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶する第2の記憶制御手段と、
    を備える端末。     Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information a first transmission means for transmitting to a server having a first storage control means;
    When the identity verification is successful, second biometric information different from the first biometric information is transmitted to the server as biometric information for enabling the subject person to use biometric authentication in the service. a second transmission means;
    second storage control means for storing the second biometric information in a second storage device when the server succeeds in matching the first biometric information and the second biometric information;
    terminal with
  8.  前記第2の記憶装置に記憶された第2の生体情報を用いて、前記サービスにおいて前記対象者の生体認証を行う認証手段、をさらに備える請求項7に記載の端末。 The terminal according to claim 7, further comprising authentication means for performing biometric authentication of the subject in the service using the second biometric information stored in the second storage device.
  9.  サービスの利用を申し込む対象者の第1の生体情報を取得すること、
     前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶すること、
     前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を取得すること、
     前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合すること、
     前記照合に成功した場合、前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶すること、
    を含む情報処理方法。     Acquiring first biometric information of a subject applying for use of the service;
    Storing the first biometric information in a first storage device when identity verification of the subject using the first biometric information is successful;
    Acquiring second biometric information different from the first biometric information as biometric information for enabling the use of biometric authentication by the subject in the service when the identity verification is successful;
    collating the second biometric information with the first biometric information stored in the first storage device;
    storing the second biometric information in a second storage device referred to in the biometric authentication when the verification is successful;
    Information processing method including.
  10.  サービスの利用を申し込む対象者の第1の生体情報を受信すること、
     前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶すること、
     前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信すること、
     前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合すること、
     前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合の結果に基づく情報を送信すること、
    を含む情報処理方法。     receiving first biometric information of a subject applying for use of the service;
    Storing the first biometric information in a first storage device when identity verification of the subject using the first biometric information is successful;
    Receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful;
    collating the second biometric information with the first biometric information stored in the first storage device;
    information based on the result of the verification to a terminal having a second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the verification is successful; to send
    Information processing method including.
  11.  サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶するサーバに送信すること、
     前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を前記サーバに送信すること、
     前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶すること、
    を含む情報処理方法。     Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information to the server;
    transmitting second biometric information different from the first biometric information to the server as biometric information for enabling the use of biometric authentication by the subject in the service when the identity verification is successful; ,
    storing the second biometric information in a second storage device when the server successfully matches the first biometric information and the second biometric information;
    Information processing method including.
  12.  コンピュータを情報処理装置として機能させるためのプログラムであって、前記コンピュータを、
     サービスの利用を申し込む対象者の第1の生体情報を受信する第1の受信手段と、
     前記第1の生体情報を用いた前記対象者の本人確認に成功した場合、前記第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段と、
     前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を受信する第2の受信手段と、
     前記第2の生体情報と、前記第1の記憶装置に記憶された前記第1の生体情報とを照合する照合手段と、
     前記照合手段が前記照合に成功した場合に前記生体認証において参照される第2の記憶装置に前記第2の生体情報を記憶する第2の記憶制御手段を有する端末に対して、前記照合手段による照合結果に基づく情報を送信する照合結果送信手段と、
    として機能させることを特徴とするプログラム。     A program for causing a computer to function as an information processing device, the computer comprising:
    a first receiving means for receiving first biometric information of a subject applying for use of the service;
    a first storage control means for storing the first biometric information in a first storage device when the identity verification of the subject using the first biometric information is successful;
    a second reception for receiving second biometric information different from the first biometric information as biometric information for enabling the subject person to use biometric authentication in the service when the identity verification is successful; means and
    collation means for collating the second biometric information with the first biometric information stored in the first storage device;
    for a terminal having second storage control means for storing the second biometric information in a second storage device referred to in the biometric authentication when the collation means succeeds in the collation; matching result transmission means for transmitting information based on the matching result;
    A program characterized by functioning as
  13.  コンピュータを情報処理装置として機能させるためのプログラムであって、前記コンピュータを、
     サービスの利用を申し込む対象者の第1の生体情報を、当該第1の生体情報を用いた当該対象者の本人確認に成功した場合に当該第1の生体情報を第1の記憶装置に記憶する第1の記憶制御手段を有するサーバに送信する第1の送信手段と、
     前記本人確認に成功した場合、前記サービスにおいて前記対象者による生体認証の利用を可能とするための生体情報として、前記第1の生体情報とは異なる第2の生体情報を前記サーバに送信する第2の送信手段と、
     前記サーバが前記第1の生体情報と前記第2の生体情報との照合に成功した場合、前記第2の生体情報を第2の記憶装置に記憶する第2の記憶制御手段と、
    として機能させることを特徴とするプログラム。

          A program for causing a computer to function as an information processing device, the computer comprising:
    Storing first biometric information of a subject who applies for use of a service in a first storage device when identity verification of the subject is successful using the first biometric information a first transmission means for transmitting to a server having a first storage control means;
    transmitting second biometric information different from the first biometric information to the server as biometric information for enabling the use of biometric authentication by the subject in the service when the identity verification is successful; 2 transmitting means;
    second storage control means for storing the second biometric information in a second storage device when the server succeeds in matching the first biometric information and the second biometric information;
    A program characterized by functioning as
PCT/JP2021/023347 2021-06-21 2021-06-21 Information processing system, server, terminal, information processing method, and program WO2022269669A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2021/023347 WO2022269669A1 (en) 2021-06-21 2021-06-21 Information processing system, server, terminal, information processing method, and program
JP2023529200A JPWO2022269669A1 (en) 2021-06-21 2021-06-21

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/023347 WO2022269669A1 (en) 2021-06-21 2021-06-21 Information processing system, server, terminal, information processing method, and program

Publications (1)

Publication Number Publication Date
WO2022269669A1 true WO2022269669A1 (en) 2022-12-29

Family

ID=84544302

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/023347 WO2022269669A1 (en) 2021-06-21 2021-06-21 Information processing system, server, terminal, information processing method, and program

Country Status (2)

Country Link
JP (1) JPWO2022269669A1 (en)
WO (1) WO2022269669A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007287123A (en) * 2006-03-20 2007-11-01 Fujitsu Ltd Attendance management program, system and method
WO2020031429A1 (en) * 2018-08-07 2020-02-13 日本電気株式会社 Terminal device, authentication server, control method for terminal device, authentication method, and program
JP2020064483A (en) * 2018-10-18 2020-04-23 株式会社日立製作所 Individual identification assisting device and individual identification assisting method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007287123A (en) * 2006-03-20 2007-11-01 Fujitsu Ltd Attendance management program, system and method
WO2020031429A1 (en) * 2018-08-07 2020-02-13 日本電気株式会社 Terminal device, authentication server, control method for terminal device, authentication method, and program
JP2020064483A (en) * 2018-10-18 2020-04-23 株式会社日立製作所 Individual identification assisting device and individual identification assisting method

Also Published As

Publication number Publication date
JPWO2022269669A1 (en) 2022-12-29

Similar Documents

Publication Publication Date Title
CN109146679B (en) Intelligent contract calling method and device based on block chain and electronic equipment
US20200162457A1 (en) System for electronic authentication with live user determination
AU2016247162B2 (en) Methods and systems for improving the accuracy performance of authentication systems
US9262615B2 (en) Methods and systems for improving the security of secret authentication data during authentication transactions
JP7006584B2 (en) Biometric data processing device, biometric data processing system, biometric data processing method, biometric data processing program, storage medium for storing biometric data processing program
US11159314B2 (en) IC card system and information registering method
US11663308B2 (en) Biological data registration support device, biological data registration support system, biological data registration support method, biological data registration support program, recording medium for strong biological data registration support program
JP7090008B2 (en) Identity verification support device and identity verification support method
JP2018124622A (en) Admission reception terminal, admission reception method, admission reception program, and admission reception system
CN114556356B (en) User authentication framework
CN101394409A (en) Biological information storing apparatus, biological authentication apparatus, and biological authentication method
WO2022269669A1 (en) Information processing system, server, terminal, information processing method, and program
JP7062249B1 (en) Information processing equipment, information processing methods, and programs
JP2007193463A (en) Personal authentication device
JP2003186846A (en) Customer registration system
JP7332079B1 (en) Terminal, system, terminal control method and program
KR100554171B1 (en) Biometric authentication method and its system
JP2006331355A (en) Authentication apparatus
WO2018168826A1 (en) Image processing device, image processing system, image processing method and program
US20220124090A1 (en) Identity verification through a centralized biometric database
JP6913309B2 (en) Computer programs, information processing methods, and information processing equipment
JP7073440B2 (en) Authentication system, communication terminal, authentication terminal, communication terminal control method, authentication terminal control method, and program.
JP7238617B2 (en) Service providing device, service providing system, program, and service providing method
EP4075360A1 (en) Method for controlling a smart card
JP2011002927A (en) Biometric authentication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21946960

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023529200

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE