WO2022269683A1 - 認証システム、認証方法、及びプログラム - Google Patents

認証システム、認証方法、及びプログラム Download PDF

Info

Publication number
WO2022269683A1
WO2022269683A1 PCT/JP2021/023396 JP2021023396W WO2022269683A1 WO 2022269683 A1 WO2022269683 A1 WO 2022269683A1 JP 2021023396 W JP2021023396 W JP 2021023396W WO 2022269683 A1 WO2022269683 A1 WO 2022269683A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
authentication
location
check
scheduled date
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2021/023396
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
祥子 福島
永男 蔡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Rakuten Group Inc
Original Assignee
Rakuten Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rakuten Group Inc filed Critical Rakuten Group Inc
Priority to PCT/JP2021/023396 priority Critical patent/WO2022269683A1/ja
Priority to US17/911,768 priority patent/US20240211562A1/en
Priority to JP2022549974A priority patent/JP7335456B2/ja
Priority to TW111120000A priority patent/TWI841971B/zh
Publication of WO2022269683A1 publication Critical patent/WO2022269683A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • This disclosure relates to an authentication system, an authentication method, and a program.
  • Patent Document 1 biometric information of a user input from a terminal in a facility is stored in a storage unit, and when the user uses a service in the facility, biometric authentication is performed using the biometric information. It describes a system that For example, Patent Literature 2 describes a system that enables biometric authentication using the user's biometric information within the facility when the user checks in to the facility using his/her own terminal.
  • Patent Documents 1 and 2 spoofing becomes possible when multiple users with similar biometric information (for example, multiple users with similar faces) are in the same facility. For example, if user A's biometric information is similar to user B's biometric information and user A and user B are in the same facility, user A may be authenticated as user B. Conversely, user B may be authenticated as user A. Therefore, the techniques disclosed in Patent Documents 1 and 2 allow spoofing by a malicious third party, and security is not sufficient. This point is the same when the techniques of Patent Document 1 and Patent Document 2 are applied to authentication other than biometric authentication. Conventional technologies do not provide sufficient security.
  • One of the purposes of this disclosure is to enhance security.
  • An authentication system includes, when a first user is at or comes to a first location, first authentication means capable of performing first authentication regarding the first user; Based on the schedule information about the visit schedule, there is a possibility that the first user is authenticated as the first user by the first authentication on the first scheduled date or the first scheduled date and time when the first user is at or will come to the first place. schedule determination means for determining whether or not the second user is at or will come to the first place; a process executing means for executing a first process relating to the first user based on the first authentication if not determined.
  • FIG. 3 is a functional block diagram showing an example of functions implemented by the authentication system of the first embodiment;
  • FIG. It is a figure which shows the data storage example of a user database.
  • FIG. It is a figure which shows the data storage example of a check-in database.
  • 4 is a flow chart showing an example of processing executed in the authentication system of the first embodiment;
  • FIG. It is a figure which shows an example of the authentication system of 2nd Embodiment.
  • FIG. 11 is a flow diagram showing an example of processing executed by the authentication system of the third embodiment; It is an example of a functional block diagram in the modification concerning a 1st embodiment.
  • FIG. 10 is a diagram showing an example of an authentication system of modification 1-1;
  • FIG. 10 is a diagram showing an example of an authentication system of modification 1-1;
  • FIG. 13 is a diagram showing an example of an authentication system of modified example 1-5; It is an example of the functional block diagram in the modification which concerns on 2nd Embodiment.
  • FIG. 11 is a diagram showing an example of an authentication system of modified example 2-1;
  • FIG. 13 is a diagram showing an example of an authentication system of modification 2-2; It is an example of the functional block diagram in the modification which concerns on 3rd Embodiment.
  • FIG. 13 is a diagram illustrating an example of an authentication system of modification 3-2;
  • FIG. 12 is a diagram illustrating an example of an authentication system of modification 3-3;
  • FIG. 1 is a diagram showing an example of the overall configuration of an authentication system.
  • the authentication system S includes a server 10, a user terminal 20, a check-in terminal 30, and an authentication terminal 40.
  • Each of the server 10, the user terminal 20, the check-in terminal 30, and the authentication terminal 40 can be connected to a network N such as the Internet.
  • Authentication system S may include at least one computer. Computers included in the authentication system S are not limited to the example in FIG.
  • each of the server 10, the user terminal 20, the check-in terminal 30, and the authentication terminal 40 may be plural.
  • the server 10 is a server computer.
  • the server 10 includes a control section 11 , a storage section 12 and a communication section 13 .
  • Control unit 11 includes at least one processor.
  • the storage unit 12 includes a volatile memory such as RAM and a nonvolatile memory such as a hard disk.
  • the communication unit 13 includes at least one of a communication interface for wired communication and a communication interface for wireless communication.
  • the user terminal 20 is a computer operated by a user.
  • the user terminal 20 is a smartphone, tablet terminal, wearable terminal, or personal computer.
  • the user terminal 20 includes a control section 21 , a storage section 22 , a communication section 23 , an operation section 24 , a display section 25 , an imaging section 26 , an IC chip 27 and a GPS reception section 28 .
  • Physical configurations of the control unit 21, the storage unit 22, and the communication unit 23 are the same as those of the control unit 11, the storage unit 12, and the communication unit 13, respectively.
  • the operation unit 24 is an input device such as a touch panel.
  • the display unit 25 is a liquid crystal display or an organic EL display.
  • the imaging unit 26 includes at least one camera.
  • the IC chip 27 may be a chip of any standard, for example, a FeliCa (registered trademark) chip, or a so-called Type A or Type B chip in the contactless standard.
  • GPS receiver 28 includes a receiver that receives signals from satellites. The GPS receiver 28 is used to acquire the current position or current date and time. Note that the user terminal 20 can use any GNSS other than GPS.
  • the user terminal 20 may include a receiver corresponding to the GNSS to be used.
  • the check-in terminal 30 is a computer located at a predetermined location.
  • the check-in terminal 30 is a personal computer, tablet terminal, or smart phone.
  • the check-in terminal 30 includes a control section 31 , a storage section 32 , a communication section 33 , an operation section 34 , a display section 35 , an imaging section 36 and a reading section 37 .
  • the physical configurations of the control unit 31, the storage unit 32, the communication unit 33, the operation unit 34, the display unit 35, and the photographing unit 36 are the control unit 11, the storage unit 12, the communication unit 13, the operation unit 24, the display unit 25, respectively. , and the imaging unit 26 .
  • the reading unit 37 includes a code reader or reader/writer. The photographing unit 36 and the reading unit 37 may be connected to the outside of the check-in terminal 30 .
  • the authentication terminal 40 is a computer placed at a predetermined location.
  • the authentication terminal 40 is a personal computer, tablet terminal, or smart phone.
  • Authentication terminal 40 includes control unit 41 , storage unit 42 , communication unit 43 , operation unit 44 , display unit 45 , photographing unit 46 and reading unit 47 .
  • the physical configurations of the control unit 41, the storage unit 42, the communication unit 43, the operation unit 44, the display unit 45, the photographing unit 46, and the reading unit 47 are the same as those of the control unit 11, the storage unit 12, the communication unit 13, and the operation unit 24, respectively.
  • the display unit 25 , the photographing unit 26 and the reading unit 37 The photographing unit 46 and the reading unit 47 may be connected to the outside of the authentication terminal 40 .
  • At least one of the programs and data stored in each of the server 10, the user terminal 20, the check-in terminal 30, and the authentication terminal 40 may be supplied via the network N.
  • each of the server 10, the user terminal 20, the check-in terminal 30, and the authentication terminal 40 has a reading unit (for example, an optical disk drive or a memory card slot) that reads a computer-readable information storage medium, and an external device and data and/or an input/output unit (for example, a USB port) for input/output.
  • a reading unit for example, an optical disk drive or a memory card slot
  • an input/output unit for example, a USB port
  • the authentication system S is applied to a check-in service that detects that a user is at or has arrived at a predetermined place.
  • the authentication system S is applicable to various services. Examples of application to other services will be described in modified examples below.
  • a user checks in at an office building in which the company where he or she works resides. After checking in at this location, the user enters the room of the company where he/she works.
  • this location will be referred to as the first location.
  • check-in application An application for using the check-in service (hereinafter referred to as check-in application) is installed on the user terminal 20 of user U.
  • the code C for check-in is displayed on the display unit 25 .
  • a two-dimensional code is shown as an example of the code C in the example of FIG.
  • Code C is available in various types.
  • code C may be a barcode or a code that changes over time.
  • Code C includes a code ID that can identify user U.
  • Code ID is authentication information used in code authentication.
  • a code ID is issued by the server 10 .
  • a code ID issued by the server 10 is recorded in the user terminal 20 .
  • An expiration date is set for the code ID.
  • User U can check in using code C before the expiration date of the code ID.
  • the server 10 updates the code ID.
  • the updated code ID is recorded in the user terminal 20 .
  • An expiration date is also set for the updated code ID.
  • the user U holds the code C over the reading unit 37 of the check-in terminal 30 .
  • the check-in terminal 30 transmits the code ID included in the code C to the server 10 .
  • the server 10 transmits the confirmation result to the check-in terminal 30 .
  • the check-in terminal 30 opens the security gate G when it receives confirmation that the code ID is valid.
  • the check-in terminal 30 cannot open the security gate G when it receives confirmation that the code ID is not valid. In this case, user U updates the code ID and attempts authentication again. User U may attempt other authentications if there are alternative authentications when authentication using Code C is unsuccessful.
  • the company where user U works has contracted rooms X to Z in an office building at first location P1.
  • the doors of rooms X to Z are locked so that outsiders cannot enter.
  • An authentication terminal 40 is arranged at the entrance of the rooms X to Z.
  • FIG. In order to enter the rooms X to Z, the user U must successfully perform face authentication with the authentication terminal 40 .
  • the case where the user U enters the room Y is shown.
  • the user U causes the photographing unit 46 of the authentication terminal 40 arranged at the entrance of the room Y to photograph his face.
  • User U can also unlock the doors of other rooms X and Z by facial recognition. However, if there are other users U whose faces are similar to each other, face authentication may not be able to distinguish them from each other. A certain user U may be authenticated as another user U. Therefore, in the first embodiment, when a plurality of users U with similar faces check in at the first location P1 and pass through the security gate G, not only face authentication but also passcode authentication are performed. It's becoming Hereinafter, a first user U1 and a second user U2 will be described as an example of a plurality of users U whose faces resemble each other, but three or more users U may have faces similar to each other.
  • FIG. 3 is a diagram showing an example when each of the first user U1 and the second user U2 checks in at the first location P1.
  • the first user U1 has already checked in at the first place P1 according to the flow described in FIG.
  • a second user U2 whose face resembles that of the first user U1 also checks in at the first place P1 in a similar flow.
  • the second user U2 works for the same company as the first user U1, but the second user U2 may work for another company located in the same office building.
  • the second user U2 may be an outsider who is somehow able to check-in at the first location P1.
  • both the first user U1 and the second user U2 who look alike are at the first location P1.
  • the server 10 cannot distinguish whether the person in front of the authentication terminal 40 in the room Y is the first user U1 or the second user U2.
  • the first user U1 may be authenticated as the second user U2.
  • the second user U2 attempts face authentication with the authentication terminal 40, there is a possibility that he/she will be authenticated as the first user U1.
  • each of the first user U1 and the second user U2 is requested not only for face authentication but also for passcode authentication when entering rooms X to Z.
  • the passcode of the first user U1 and the passcode of the second user U2 are different.
  • a third user U3, whose face is not similar to the first user U1 and second user U2, can enter rooms X to Z only by facial recognition if no person who looks similar to him/herself has checked in at the first place P1. I can enter.
  • FIG. 3 shows the case where the first user U1 enters the room Y.
  • the server 10 uses the authentication terminal 40 placed at the entrance of the room Y to perform face authentication and passcode authentication of the first user U1. Face authentication is performed in a flow similar to that described with reference to FIG.
  • Passcode authentication is executed by having the first user U1 enter a passcode from the operation unit 34 of the authentication terminal 40 arranged at the entrance of the room Y.
  • the authentication terminal 40 unlocks the door of the room Y when receiving from the server 10 the execution result indicating that the face authentication and the passcode authentication are successful.
  • the authentication terminal 40 does not unlock the door of the room Y when receiving an execution result indicating that at least one of face authentication and passcode authentication has failed.
  • the second user U2 When the second user U2 enters any of the rooms X to Z, face authentication and passcode authentication are performed in the same flow as the first user U1.
  • the first user U1 checks out of the office building, the second user U2 can enter the rooms X to Z only by facial recognition.
  • check-out is performed in the same flow as check-in. For example, the first user U1 checks out from the office building by holding the code C displayed on his user terminal 20 over the check-in terminal 30 . Similarly, when the second user U2 checks out of the office building, the first user U1 can again enter the rooms X to Z only by facial recognition.
  • the authentication system S of the first embodiment performs face authentication if the first user U1 has checked in at the first place P1 and the second user U2 has not checked in at the first place P1. Permission to enter rooms X to Z only with After the second user U2 checks in at the first place P1, the authentication system S permits the first user U1 to enter the rooms X to Z when the face authentication and passcode authentication are successful. This prevents spoofing and enhances security.
  • the authentication system S of the first embodiment performs face authentication if the first user U1 has checked in at the first place P1 and the second user U2 has not checked in at the first place P1. Permission to enter rooms X to Z only with After the second user U2 checks in at the first place P1, the authentication system S permits the first user U1 to enter the rooms X to Z when the face authentication and passcode authentication are successful. This prevents spoofing and enhances security.
  • details of the technology of the authentication system S of the first embodiment will be described.
  • FIG. 4 is a functional block diagram showing an example of functions realized by the authentication system S of the first embodiment.
  • user U When the first user U1 and the second user U2 are not distinguished from each other, they are simply referred to as user U. Even when a person other than the first user U1 and the second user U2 is assumed, the term "user U" is simply used.
  • the server 10 implements a data storage unit 100 , a check-in unit 101 , a first authentication unit 102 , a second authentication unit 103 , a second user determination unit 104 and a process execution unit 105 .
  • the data storage unit 100 is realized mainly by the storage unit 12 .
  • Other functions are realized mainly by the control unit 11 .
  • the data storage unit 100 stores data necessary for processing in the authentication system S.
  • FIG. the data storage unit 100 stores a user database DB1 and a check-in database DB2.
  • FIG. 5 is a diagram showing an example of data storage in the user database DB1.
  • the user database DB1 is a database that stores information about users U who have registered to use the check-in service.
  • the user database DB1 stores the user ID, password, code ID, expiration date of the code ID, name, face photograph, face feature amount, passcode, and other user U with a similar face.
  • a user ID is stored.
  • a record corresponding to this user U is created in the user database DB1, and information such as the user ID of this user U is stored.
  • a user ID is information that can identify a user U.
  • the user U may be identified by information referred to by other names instead of the user ID.
  • user U may be identified by a user account or other information such as an email address.
  • the password is authentication information for logging into the check-in service.
  • the user U can log in to the check-in service from the user terminal 20 and update his/her face photo and passcode.
  • a code ID is issued at an arbitrary timing and stored in the user database DB1.
  • a known rule can be applied to the code ID issuance rule itself.
  • the server 10 issues the code ID so as not to duplicate the code ID of another user U within the expiration date.
  • the code ID is updated when an application for displaying the code C is activated on the user terminal 20, when a certain period of time has passed since the code C was displayed, or when the user U performs a predetermined operation. be.
  • the validity period of the code ID is set to the time after a predetermined time (for example, about 5 to 30 minutes) after the code ID is generated. The code ID does not have to have an expiration date.
  • a facial photograph is an image of the user U's face.
  • the user U takes an image of his or her own face with the imaging unit 26 of the user terminal 20 and uploads the photograph of the face to the server 10 .
  • the facial photograph may be pre-stored in the user terminal 20 or another computer.
  • the facial feature amount is information obtained by digitizing facial features.
  • the face feature amount indicates features such as the relative position, size, or shape of facial parts.
  • the feature amount of the face indicated by the photograph of the face is calculated in advance, but the feature amount of the face may be calculated on the spot at the time of authentication.
  • the feature amount of the face registered in the user database DB1 is authentication information that is correct in face authentication.
  • face authentication can use methods such as principal component analysis, linear discriminant analysis, elastic matching, or hidden Markov models.
  • the facial feature amount may be calculated by a formula corresponding to these methods.
  • facial features are represented by multidimensional vectors.
  • the format of face feature amounts is not limited to vectors.
  • Facial features may be represented in other forms such as arrays or single numerical values.
  • face authentication facial feature amounts of each of a plurality of face photographs may be used.
  • so-called 3D face authentication may be used.
  • the passcode registered in the user database DB1 is the correct information for passcode authentication.
  • the number of digits of the passcode may be the same for all users U, or may be arbitrarily specified by the user U. For example, the passcode may be about 2 to 8 digits.
  • the passcode may be specified by the user U, or may be automatically generated by the authentication system S. It is assumed that passcodes are restricted so that users U with similar faces do not have the same passcode. For example, when a certain user A designates a passcode at the time of use registration or at any time thereafter, the server 10 refers to the user database DB1 and registers the same passcode for a user B who looks similar to the user A. determine whether or not
  • “Faces are similar” means that the difference in facial features is less than the threshold.
  • similarity of facial features corresponds to similarity of faces.
  • distances in the vector space correspond to differences in facial features.
  • an index indicating similarity between facial feature amounts being less than a threshold corresponds to similarity of faces.
  • the server Register the passcode in the user database DB1.
  • the server 10 does not register the passcode specified by the user A in the user database DB1 when the passcode specified by the user A and the registered passcode of the user B match. In this case, the server 10 prompts the user A to specify another passcode.
  • the user IDs of other users U with similar faces are also stored in each user U record.
  • the server 10 based on the facial feature amount of each user U and the facial feature amounts of other users U, at an arbitrary timing such as when the user U is registered for use or when the face photo is updated. identify a combination of users U similar to each other. Based on this identification result, the server 10 stores the user IDs of other users U with similar faces in the user database DB1.
  • the user U with the user ID "taro.yamada123” and the user U with the user ID “yoshida111jiro” have similar faces. Therefore, the record with the user ID “taro.yamada123” stores “yoshida111jiro” as the user ID of another user U with a similar face. The record with the user ID “yoshida111jiro” stores "taro.yamada123” as the user ID of another user U with a similar face. The user U with the user ID “hanako999” does not have another user U whose face is similar.
  • FIG. 6 is a diagram showing an example of data storage in the check-in database DB2.
  • the check-in database DB2 is a database that stores information about users U who have checked in at the first location P1.
  • the check-in database DB2 stores user IDs of users U who have already checked in, check-in dates and times, passcode authentication flags, facial features, and passcodes.
  • a new record corresponding to the user U is added to the check-in database DB2.
  • the user ID, facial features, and passcode stored in this record are the same as those stored in the user database DB1.
  • the check-in date and time stores the current date and time when the check-in was executed. These processes are executed by the check-in unit 101, which will be described later.
  • the passcode authentication flag is a flag that indicates whether passcode authentication is required.
  • passcode authentication is required for user U whose passcode authentication flag is "1".
  • a user U whose passcode authentication flag is "0" does not require passcode authentication.
  • the passcode authentication flag becomes "1". If this user ID does not exist, or if another user U indicated by this user ID has not checked in, the passcode authentication flag becomes "0".
  • the first place P1 is not limited to the place where the office building is located as described in FIGS. 2 and 3, and may be any place.
  • the first place P1 may be a place with facilities such as accommodation facilities, tourist facilities, public facilities, event venues, department stores, shopping malls, stadiums, airports, or train stations.
  • the first place P1 may be a place without special facilities such as an outdoor space or a bus stop.
  • the data stored in the data storage unit 100 is not limited to the above example.
  • the data storage unit 100 can store arbitrary data.
  • the data storage unit 100 may store terminal IDs that can identify each of the check-in terminal 30 and the authentication terminal 40 .
  • terminal IDs that can identify each of the check-in terminal 30 and the authentication terminal 40 .
  • the check-in section 101 allows each of the users U to check-in at the first location P1.
  • the check-in unit 101 allows the first user U1 to check in to the first place P1 when the first user U1 is at or comes to the first place P1.
  • the check-in unit 101 allows the second user U2 to check in to the first place P1 when the second user U2 is at or comes to the first place P1.
  • Being at the first place P1 means that a certain amount of time has passed since coming to the first place P1.
  • Being at the first place P1 and staying at the first place P1 have the same meaning.
  • Arriving at the first place P1 means moving from another place to the first place P1. Coming to the first place P1 and visiting the first place P1 have the same meaning.
  • Check-in means detecting that the user U is at or has arrived at the first place P1. Identifying the user U who is at or has come to the first place P1 corresponds to check-in. Identifying the first place P1 where the user U is or came corresponds to check-in. For example, storing information about the user U who is at or has come to the first place P1 in the check-in database DB2 corresponds to check-in. For example, sending information about the user U to the check-in terminal 30 or the authentication terminal 40 at the first place P1 where the user U came from corresponds to check-in.
  • the check-in terminal 30 transmits its own terminal ID and the code ID included in the code C to the server 10.
  • the check-in section 101 allows the user U identified by this code ID to check in at the first place P1.
  • the check-in unit 101 refers to the user database DB1, acquires a combination of the user ID associated with the code ID, the face feature amount, and the passcode, and stores the combination in the check-in database DB2, thereby allowing the user Have U checked into the first location P1.
  • the check-in unit 101 sets the passcode authentication flag to "1" if another user U with a similar face has already checked in.
  • the check-in unit 101 sets the passcode authentication flag to "0" if there is no other user U with a similar face or if no other user U with a similar face has checked in.
  • checkout may be performed in a similar flow.
  • the check-in terminal 30 transmits its own terminal ID and the code ID included in the code C to the server 10 .
  • the check-in unit 101 checks out the user U identified by this code ID from the office building.
  • the check-in unit 101 refers to the user database DB1 and acquires the user ID associated with this code ID.
  • the check-in section 101 causes the user U to check out from the first location P1 by deleting the record storing the acquired user ID from the check-in database DB2.
  • the check-in unit 101 sets the passcode authentication flag of another user U whose face resembles that of the user U to "0". However, if there is another user U whose face is similar to that of the other user U and they are checking in, the passcode authentication flag does not become "0".
  • the first authentication unit 102 can perform face authentication for the first user U1 when the first user U1 is at or comes to the first place P1. Face authentication for the first user U1 is face authentication for identity verification of the first user U1. In the first embodiment, check-in to the first location P1 occurs, so being checked in to the first location P1 corresponds to being at the first location P1. Checking in at the first place P1 corresponds to coming to the first place P1.
  • the data storage unit 300 stores data necessary for check-in.
  • the data storage unit 300 stores a terminal ID with which the check-in terminal 30 can be identified and information with which the server 10 can be identified.
  • the data storage unit 300 may store information that enables identification of the place where the check-in terminal 30 is arranged.
  • FIG.8 and FIG.9 is a figure which shows an example of the authentication system S of 2nd Embodiment.
  • This company resides in each of a first office building located at a first location P1 and a second office building located at a second location P2.
  • a security gate G similar to that of the first embodiment is arranged at each of the first location P1 and the second location P2.
  • the second user U2 performs face authentication and passcode authentication from the check-in terminal 30 at the second location P2. If the face authentication and passcode authentication of the second user U2 are successful, the second user U2 checks in at the second location P2. A second user U2 passes through a security gate G at a second location P2. The flow when entering a room in the office building at the second location P2 may be the same as in the first embodiment, but this flow is omitted in the second embodiment.
  • the data storage unit 100 stores substantially the same data as in the first embodiment, but the contents of the check-in database DB2 are different from those in the first embodiment.
  • the data storage unit 100 may store a database regarding the first location P1 and the second location P2. It is assumed that this database stores first location information about the first location P1 and second location information about the second location P2. These positions can be specified by arbitrary information, for example, latitude and longitude information, addresses, postal codes, coordinate information, or combinations thereof.
  • the first location information is latitude and longitude information of the first location P1 and the second location information is latitude and longitude information of the second location P2.
  • the first user U1 can also check in at the second location P2 without checking in at the first location P1.
  • the second user U2 may check in at the first location P1 without checking in at the second location P2. Therefore, in FIG. 12, the first user U1 and the second user U2 are simply referred to as user U without distinction.
  • This user U is a person who is going to check in at either the first location P1 or the second location P2.
  • the first location P1 and the second location P2 are simply referred to as location P without distinguishing between them.
  • This place P is the place where the user U is going to check-in.
  • first user U1 has made a reservation for a seminar on June 10, 2021 at 14:00.
  • second user U2 has also made a reservation for the seminar on June 10, 2021 at 14:00.
  • each of the first user U1 and the second user U2 visits the first place P1 on the same or substantially the same date and time, they are not allowed to check in only by face authentication, and passcode authentication is also requested.
  • the flow of check-in using face authentication and passcode authentication is as described in the second embodiment.
  • the authentication system S of the third embodiment performs face authentication when it is not determined that each of the first user U1 and the second user U2 is at or will be at the first location P1 at the same or substantially the same date and time. check-in at the first location P1 only by This enhances convenience for the first user U1 while enhancing security.
  • details of the third embodiment will be described.
  • FIG. 14 is a functional block diagram showing an example of functions realized by the authentication system S of the third embodiment.
  • the server 10 implements a data storage unit 100 , a first authentication unit 102 , a second authentication unit 103 , a process execution unit 105 , an extraction unit 108 and a schedule determination unit 109 .
  • Each of the extraction unit 108 and the schedule determination unit 109 is realized mainly by the control unit 11 .
  • the server 10 When the server 10 accepts the reservation for the seminar by the user U, it adds a new record to the schedule information database DB3.
  • the user U designates the scheduled date or scheduled date and time of the seminar in which the user U participates.
  • the server 10 stores the scheduled date or scheduled date and time of the seminar designated by the user U, the user ID, name, passcode authentication flag, facial features, and passcode of the user U.
  • the passcode authentication flag becomes "1" including the passcode authentication flag of the other user U if another user U with a similar face has reserved a seminar on the same scheduled date or scheduled date and time. Note that the passcode does not have to be stored in the schedule information database DB3 for the user U whose passcode authentication flag is "0".
  • the first authentication unit 102 and the second authentication unit 103 are generally similar to those of the first and second embodiments. However, in the second embodiment, the first authentication unit 102 performs face authentication for each of the multiple users U based on the authentication information of each of the multiple users U extracted from the user database DB1.
  • the first authentication unit 102 may refer to the user database when performing face authentication. Run. Since the schedule information database DB3 stores only the feature amount of the face of the user U who is scheduled to be or will be on the scheduled date or time of the seminar, the feature amount of the face to be compared at the time of face authentication is reduced. can be done.
  • the schedule determination unit 109 refers to the schedule information database DB3 when the second user U2 reserves the seminar, and determines whether the second user U2 has a similar face. It is determined whether or not the second user U2 has designated the first scheduled date or the first scheduled date and time reserved by the second user U2. The schedule determination unit 109 determines the value of the passcode authentication flag in the schedule information database DB3 based on these determination results. When it is determined that the second user U2 is at or will come to the first place P1 on the first scheduled date or the first scheduled date and time, the passcode authentication flag becomes "1". If it is not determined that the second user U2 is at or will come to the first location P1 on the first scheduled date or the first scheduled date and time, the passcode authentication flag becomes "0".
  • the process execution unit 105 checks in at the first place P1 based on face authentication.
  • the process for checking in at the first location P1 is an example of the first process for the first user U1. Therefore, the description of the process for checking in at the first location P1 can be read as the first process.
  • the check-in process itself is as described in the first and second embodiments.
  • a record corresponding to the checked-in user U is created in the check-in database DB2.
  • Information indicating whether check-in has been completed may be stored in the schedule information database DB3. In this case, check-in is performed by updating this information.
  • the user terminal 20 transmits a reservation application for the seminar to the server 10. (S300).
  • the user U designates the date or date of the seminar in which the user U will participate as the first scheduled date or the first scheduled date and time, from among a plurality of candidate dates or candidate dates and times.
  • the reservation application includes the first scheduled date or the first scheduled date and time designated by the user U.
  • the server 10 When the server 10 receives the reservation application, it determines whether or not another user U with a similar face has reserved the seminar on the first scheduled date or the first scheduled date and time based on the schedule information database DB3 ( S301). When it is determined that another user U with a similar face has already reserved a seminar on the first scheduled date or the first scheduled date and time (S301; Y), the server 10 performs passcode authentication based on the user database DB1. The schedule information database is updated so that the flag is turned on (S302). In S302, the server 10 acquires the facial feature values and passcodes of the user U who made the reservation and the other user U who has a similar face. The server 10 stores the facial feature amount and the passcode in the record corresponding to these users U, and turns on the passcode authentication flag.
  • the server 10 based on the user database DB1, sets the passcode authentication flag to The schedule information database is updated so that it is turned off (S303).
  • the server 10 acquires the facial features of the user U who applied for the reservation.
  • the server 10 stores the face feature amount in the record corresponding to this user U, and turns off the passcode authentication flag.
  • the server 10 refers to the passcode authentication flag of the record in which face authentication was successful based on the schedule information database DB3 (S307 ). If the passcode authentication flag is ON (S307; ON), the subsequent processing of S308 to S314 is the same as the processing of S204 to S210. . If the passcode authentication flag is off (S307; off), the process proceeds to S312. In this case, passcode authentication is not executed, and you can check in only with face authentication.
  • the first user U1 can check in only by facial recognition, which increases convenience for the first user U1. Also, in this case, since there is no need to perform passcode authentication, the processing load on the authentication system S can be reduced.
  • the authentication system S preliminarily extracts the facial feature amount of each of the plurality of users U from the user database DB1, and extracts from the user database DB1. Face authentication for each of the plurality of users U is performed based on the face feature amounts of each of the plurality of users U obtained. As a result, the number of facial feature amounts to be compared during face authentication is reduced, so the processing load on the server 10 can be reduced. Furthermore, face authentication can be completed quickly.
  • the authentication system S can be applied to any service.
  • a case where the authentication system S is applied to an electronic payment service will be taken as an example. This point is the same for the modification according to the second embodiment.
  • the electronic payment service is a service that provides electronic payment using user U's payment means. Payment methods available to user U may be of any type, for example, credit cards, debit cards, electronic money, electronic cash, points, bank accounts, wallets, virtual currencies, or combinations thereof. good.
  • the user database DB1 has registered payment information related to the payment method of the user U, and electronic payment is executed based on the payment information associated with the code ID.
  • the payment information may include information corresponding to the payment method, such as credit card number, debit card number, electronic money ID, electronic cash ID, point ID, bank account information, wallet information, or virtual currency ID. .
  • Payments using barcodes or two-dimensional codes are sometimes called barcode payments or two-dimensional code payments, and these codes are also one of the means of payment.
  • a check-in terminal 30 is arranged at the entrance of the stadium.
  • the first user U1 holds the code C displayed on the user terminal 20 over the check-in terminal 30 to check-in to the stadium.
  • the server 10 can recognize that the first user U1 has checked in, not the second user U2.
  • the server 10 updates the check-in database DB2 so that information such as the first user U1's facial features and passcode is stored.
  • An authentication terminal 40 is arranged at a shop in the stadium.
  • the first user U1 uses electronic payment by face authentication
  • the first user U1 causes the photographing unit 46 of the authentication terminal 40 to photograph his/her own face.
  • the authentication terminal 40 transmits the captured image to the server 10 .
  • the server 10 performs face authentication in the same manner as in the first embodiment. That is, this face authentication refers to the check-in database DB2 instead of the user database DB1.
  • the second user U2 has not checked in to the stadium, so there is no possibility that the first user U1 and the second user U2 cannot be distinguished from each other.
  • the terminal ID or the like may be used to determine whether or not the payment processing is from a shop in the stadium.
  • the server 10 executes payment processing based on the payment information of the first user U1 stored in the user database DB1.
  • the settlement process using the settlement information of the first user U1 corresponds to the first process.
  • a known process can be used for the settlement process itself. For example, when a credit card is used as a means of payment, credit processing and the like are executed. When electronic money is used as a means of payment, a process of reducing the balance of electronic money is executed. If another payment method is used, the processing corresponding to that payment method may be executed.
  • the first user U1 cannot use the electronic payment service with face recognition at stores outside the stadium.
  • the first user U1 can use the electronic payment service by facial recognition within the premises of the stadium where he has checked in using the user terminal 20 .
  • the first user U1 may use the electronic payment service by using the code C displayed on the user terminal 20 instead of facial recognition in the stadium.
  • the first user U1 may use the IC chip 27 of the user terminal 20 to use an electronic payment service.
  • the second user U2 displays Code C on his user terminal 20 and holds it over the check-in terminal 30 to check in to the stadium.
  • both the first user U1 and the second user U2 are in the stadium, so the server 10 cannot distinguish between the first user U1 and the second user U2. Therefore, the processing execution unit 105 executes payment processing based on face authentication and passcode authentication. The flow of processing when these two authentications are executed is as described in the first embodiment.
  • the processing execution unit 105 executes payment processing based on the payment information of the first user U1. .
  • the processing execution unit 105 executes payment processing based on the payment information of the second user U2. do.
  • the first user U1 When the second user U2 checks out of the stadium, the first user U1 will be able to use the electronic payment service again only by facial recognition.
  • the flow of checkout is the same as in the first embodiment, and checkout is executed by holding the code C over the check-in terminal 30 at the entrance of the stadium.
  • the second user U2 can use the electronic payment service only by facial recognition.
  • the authentication system S can be applied to electronic payment services at arbitrary facilities other than stadiums.
  • the authentication system S can be applied to electronic payment services at facilities such as shopping malls, accommodation facilities, amusement parks, tourist facilities, supermarkets, convenience stores, restaurants, hot spring facilities for day trips, event venues, and department stores.
  • the authentication system S can also be applied to electronic payment services in places without special facilities, such as outdoor event venues. For example, payment processing by face authentication is not permitted only at one specific first place P1, but payment processing by face authentication is permitted at any first place P1 among a plurality of first places P1. You may do so.
  • FIG. 19 is a diagram showing an example of the authentication system S of modification 1-1.
  • each of the plurality of first locations P1 has a restaurant, and the authentication system S can also be applied to an event held jointly by these restaurants.
  • this event is an event of beer and cherry blossom viewing, and prior reservation is required to participate in this event.
  • This reservation may be made in the same manner as the reservation described in the third embodiment.
  • the server 10 stores a schedule information database DB3 that stores information about users U who have made reservations for events.
  • at least one of the check-in terminal 30 and the authentication terminal 40 is arranged in each shop at the first place P1. These may be the POS terminals of the store.
  • the server 10 refers to the schedule information database DB3 and determines whether or not each of the first user U1 and the second user U2 has reserved an event. For example, assume that the first user U1 has booked the event and the second user U2 has not booked the event. In this case, since it is predicted that the second user U2 will not come to the first place P1, the first user U1 can use the electronic payment service only by facial recognition at each store in the first place P1. Even in this case, the first user U1 may use the user terminal 20 to check in to the event when using the electronic payment service for the first time after coming to the event. This check-in may be performed by holding the code C over the check-in terminal 30 or the authentication terminal 40 located at the store at the first place P1 visited by the first user U1, or by another method. may
  • the first user U1 has reserved an event and the second user U2 has also reserved an event.
  • each of the first user U1 and the second user U2 can use the electronic payment service by face authentication and passcode authentication at each store at the first place P1. Available.
  • the electronic payment service may be available only by facial recognition.
  • modification 1-1 security is enhanced when payment processing is executed using face authentication. For example, even if each of the first user U1 and the second user U2 checks in at a stadium or at an event, they can be distinguished from each other by passcode authentication, thereby preventing fraudulent payment processing by spoofing. can.
  • the processing execution unit 105 may execute payment processing based on passcode authentication instead of face authentication. .
  • face authentication may not be performed, or face authentication itself may be performed, but the result of face authentication may not be a condition for whether or not payment processing is to be performed.
  • the processing execution unit 105 performs settlement based on passcode authentication using the user ID and passcode, not based on face authentication. Execute the process.
  • the authentication terminal 40 inside the stadium accepts input of the user ID and passcode.
  • the authentication terminal 40 transmits the entered user ID and passcode to the server 10 .
  • the server 10 determines whether or not the combination of the received user ID and passcode exists in the user database DB1. If this combination exists, passcode authentication succeeds. If this combination does not exist, passcode authentication will fail.
  • face authentication is an example of first authentication.
  • Passcode authentication is an example of second authentication. Any combination of the first authentication and the second authentication may be used.
  • the first authentication may be face authentication, and the second authentication may be fingerprint authentication or iris authentication.
  • the first authentication may be face authentication, and the second authentication may be authentication using the code C of the user terminal 20 as described in the first embodiment.
  • the authentication system S may perform the second A schedule determination unit 109 that determines whether or not the user U2 is scheduled to check in at the first location P1 may be further included.
  • the processing of the schedule determination unit 109 is as described in the third embodiment.
  • each of the first user U1 and the second user U2 makes a reservation in advance before coming to the first place P1, such as the stadium match described in FIG. 18 and the event described in FIG. shall be
  • the schedule information database DB3 stores schedule information indicating whether each of the first user U1 and the second user U2 will come to the first place P1.
  • the scheduled date or the scheduled date and time is also included in the schedule information.
  • the check-in unit 101 checks the first user U1 for the first time based on face recognition. 1 Check in at location P1.
  • the processing of the check-in unit 101 is the same as that of the processing execution unit 105 described in the third embodiment. This process may be executed as the process of the process execution unit 105 in the modification 1-3 as well. In other words, the processing execution unit 105 may include the function of the check-in unit 101 . For example, in the example of FIG.
  • the first user U1 checks only by facial recognition at the check-in terminal 30 at the entrance of the stadium.
  • the check-in can be done only by facial recognition.
  • the modification 1-2 when it is not determined that the second user U2 is scheduled to check in at the first location P1 on the first scheduled date or the first scheduled date and time, the first user U2 Have U1 checked into the first location P1.
  • the first user U1 can check in only by facial recognition, which increases convenience for the first user U1. Also, in this case, since there is no need to perform passcode authentication, the processing load on the authentication system S can be reduced.
  • the server 10 cannot detect that the first user U1 has entered the stadium. Therefore, the first user U1 cannot use the electronic payment service only with face recognition.
  • the server 10 can detect that the first user U1 is in the stadium. In this case, the first user U1 may be able to use the electronic payment service by facial recognition within the stadium.
  • the server 10 confirms that the first user U1 is at the store. can be detected.
  • the first user U1 may be able to use the electronic payment service with facial recognition at each store where the event is held.
  • the authentication system S of Modification 1-4 further includes a third authentication unit 110 capable of performing third authentication on the first user U1 when the first user U1 is at or comes to the first place P1.
  • Code authentication using the code C of the user terminal 20 corresponds to the third authentication. Therefore, code authentication can be read as third authentication.
  • the third authentication is authentication different from the first authentication and the second authentication.
  • the third authentication may be any authentication, but unlike face authentication, which cannot distinguish between the first user U1 and the second user U2, it can distinguish between the first user U1 and the second user U2.
  • the third authentication may be fingerprint authentication, iris authentication, password authentication, or secret word authentication.
  • the processing execution unit 105 of modification 1-4 executes payment processing based on code authentication.
  • the processing execution unit 105 executes settlement processing when the code authentication is successful.
  • the process executing unit 105 does not execute the payment process when the code authentication fails.
  • the first authentication unit 102 can perform face authentication after the payment processing based on code authentication is performed.
  • the second user determination unit 104 determines whether or not the second user U2 is at or has come to the first place P1 after the settlement process based on code authentication is executed.
  • the processing execution unit 105 executes payment processing based on face authentication after the payment processing based on code authentication is executed. As shown in FIG. 18, when it is detected that the first user U1 is in the stadium by code authentication payment processing, the processing execution unit 105 executes payment processing based on face authentication. When the check-in of the second user U2 is detected, or when the second user U2 executes payment processing based on code authentication in the stadium, the payment processing is not executed only by face authentication, and passcode authentication is also required. requested. The same applies to the example of FIG. 19. When it is detected that the second user U2 has come to the event, the settlement process is not executed only by face authentication, and passcode authentication is also requested.
  • the user terminal 20 may acquire first location information regarding a first location of the first user U1.
  • the first location is the current location of the first user U1.
  • the method itself for acquiring the first position information may be any method.
  • a method using GNSS such as the GPS receiver 28, a method using a wireless LAN access point, or a method using a communication base station can be used.
  • the first location information like the first location information, may be in any format.
  • the first location information may be latitude/longitude information, address information, or coordinate information.
  • FIG. 20 is a diagram showing an example of the authentication system S of modification 1-5.
  • a range within a certain distance from the first position of the first user U1 is denoted by A1.
  • the first places P1 included in the range A1 are capable of settlement processing only by face recognition.
  • the server 10 can detect that the first user U1 is at the first location P1. That is, it can be detected that the first user U1 is not present at another first place P1.
  • the first authentication unit 102 can execute face authentication. good. That is, the first place P1 at the first position or the first place P1 near the first position becomes a place where payment processing can be executed only by face recognition.
  • the first position is the first place P1 means that the first position is included in the area of the first place P1.
  • the inclusion of the first location within the premises of the store located at the first location P1 corresponds to the first location being the first location P1. That the first location is near the first location P1 means that the distance between the first location and the location of the first location is less than a threshold.
  • the range A1 includes the store at the first location P1.
  • the second user determination unit 104 determines whether or not the second user U2 is at or has come to the first place P1 when the first position indicated by the first position information is at or near the first place P1. This determination method may be determined by code authentication, and as in Modification 1-7 described later, the second user U2 also obtains a second code obtained using the user terminal 20 of the second user U2. It may be determined based on location information.
  • the processing execution unit 105 executes payment processing based on face authentication when the first location indicated by the first location information is the first location P1 or its vicinity. At the other first location P1, the settlement process is not executed only by face authentication. Therefore, even if someone whose face resembles that of the first user U1 or the second user U2 attempts payment processing by face authentication at another first location P1, the payment processing by face authentication is not permitted, so the payment cannot be made. Processing fails. Ultimately, the settlement process based on face authentication succeeds only at the first location indicated by the first location information or at the first location P1 in the vicinity thereof.
  • the first location indicated by the first location information is the first location P1 or its vicinity
  • payment processing is executed based on face recognition.
  • face authentication only at the first place P1 where the first user U1 is certainly present, preventing spoofing at other first places P1 and enhancing security.
  • the first user U1 can execute payment processing by face authentication at the first location P1 where he/she is, which increases convenience.
  • the processing execution unit 105 may execute settlement processing for the second user U2 when the second user U2 is at or comes to the first place P1.
  • the settlement process is an example of the second process. Therefore, the part describing the payment process can be read as the second process.
  • the second treatment may be any treatment.
  • the second process may be the unlock process or check-in described in the first embodiment.
  • the second user determination unit 104 may determine whether or not the second user U2 is at or has come to the first place P1 by determining whether or not payment processing has been executed. For example, in the example of FIG. 18, even if the second user U2 enters the stadium with a paper ticket, when the second user U2 executes the payment processing by code authentication in the stadium, the server 10 It can be detected that the second user U2 is in the stadium.
  • the server 10 when the second user U2 executes payment processing by code authentication at one of the plurality of first locations P1, the server 10 sends the second user U2 to the first location P1. It can detect the presence of U2.
  • the settlement process may be executed by any method other than code authentication.
  • the settlement process may be executed by the IC chip 27 of the user terminal 20 or the IC card owned by the second user U2.
  • Modified Example 1-6 it is determined whether the second user U2 is at or has arrived at the first place P1 by determining whether the settlement process by the second user U2 has been executed. As a result, it is possible to reliably detect that the second user U2 is at or has come to the first place P1, and the identification of the first user U1 is reliably performed, thereby enhancing security.
  • the second user determination unit 104 determines whether or not the second position indicated by the second position information regarding the second position of the second user U2 is at or near the first place P1. It may be determined whether the user U2 is at or has come to the first location P1. As in the case of the first position information, any method may be used to acquire the second position information.
  • the second location is the current location of the second user U2. As shown in FIG. 20, if the location information of the second user U2 can be acquired using the user terminal 20, it can be determined whether or not the second user U2 is at or near the first location P1. It is possible to prevent indistinguishability from two users U2.
  • the second user U2 by determining whether the second position indicated by the second position information regarding the second position of the second user U2 is at or near the first place P1, the second user U2 Determine whether U2 is or has arrived at the first location P1. As a result, it is possible to reliably detect that the second user U2 is at or has come to the first place P1, and the identification of the first user U1 is reliably performed, thereby enhancing security.
  • FIG. 23 is a diagram showing an example of an authentication system S of modification 2-2.
  • the prediction unit 106 predicts based on at least one of second time information corresponding to each of the plurality of second users U2 and second location information corresponding to each of the plurality of second users U2. You can predict the period.
  • the prediction period is predicted based on both the second time information and the second location information will be described. Time may be predicted.
  • the second user U2 made a payment at another second place P2 at 11:35. It is assumed that it takes 30 minutes to move between the second place P2 and the first place P1.
  • the prediction period during which the first second user U2 is not expected to come to the first place P1 is up to 12:30.
  • the prediction period during which the second user U2 is predicted not to come to the first location P1 is until 12:05.
  • the first user U1 can execute the payment process at the first location P1 only by face authentication until 12:05, which is the earliest prediction period.
  • the settlement process may be executed based on the face authentication executed during the prediction period. That is, the first place P1 may be the place where the first user U1 has checked in. For example, assume that there is a stadium as shown in FIG. 18 described in modified example 1-1 at the first place P1 in FIG. 22 or 23 . In this case, the check-in unit 101 allows the first user U1 to check-in in the same manner as in the modified example 1-1.
  • the first authentication unit 102 may be able to perform face authentication when the first user U1 has checked in and is at the first location P1.
  • the process executing unit 105 executes the settlement process when the first user U1 has checked in to the first place P1 and is at the first place P1. Also in this case, the prediction period is predicted when the second user U2 performs check-in or payment processing at the second place P2 different from the first place P1 where the stadium is located.
  • the processing execution unit 105 executes payment processing based on the face authentication performed during the prediction period. As shown in FIG. 18 described in modification 1-1, when the second user U2 checks in at the stadium at the first place P1, the first user U1 and the second user U2 are at the same place. One user U1 cannot execute payment processing only by face authentication.
  • the settlement process is executed when the first user U1 has checked in to the first place P1 and is at the first place P1. Accordingly, the first place P1 where the first user U1 is located can be reliably specified by the check-in by the first user U1. Therefore, it is possible to prevent the settlement processing by face authentication from being permitted at a place where the first user U1 does not visit, and to prevent the settlement processing from being executed by someone with a similar face visiting during the prediction period. is executed reliably to increase security.
  • the payment process may be executed based on the face authentication executed during the prediction period. That is, even if the first user U1 succeeds in the passcode authentication and is in a state where it is known with certainty that he/she is in the first place P1, the settlement process is executed based on the face authentication executed during the prediction period. good.
  • the second authentication unit 103 can perform passcode authentication when the first user U1 is at or comes to the first place P1.
  • This passcode authentication is authentication for inputting a user ID and a passcode.
  • the second authentication may be authentication other than passcode authentication.
  • code authentication using a code C displayed on the user terminal 20 may be used.
  • the processing execution unit 105 executes payment processing based on passcode authentication.
  • the first authentication unit 102 can perform face authentication after the settlement process based on passcode authentication is performed.
  • the prediction unit 106 predicts the prediction period after the settlement process based on passcode authentication is executed.
  • the processing execution unit 105 executes payment processing based on face authentication performed during the prediction period after execution of payment processing based on passcode authentication.
  • the payment process is executed based on the face authentication executed during the prediction period. Accordingly, the first place P1 where the first user U1 is located can be reliably specified by the settlement processing based on the passcode authentication by the first user U1. Therefore, it is possible to prevent the settlement processing by face authentication from being permitted at a place where the first user U1 does not visit, and to prevent the settlement processing from being executed by someone with a similar face visiting during the prediction period. is executed reliably to increase security.
  • the user terminal 20 may acquire first location information regarding the first location of the first user U1.
  • the first authentication unit 102 may be capable of performing face authentication when the first location indicated by the first location information about the first location of the first user U1 is at or near the first location P1.
  • payment processing based on face authentication performed during the prediction period is permitted only at the first location P1 within the range A1 including the first location of the first user U1. may be
  • the prediction unit 106 predicts the prediction period when the first location indicated by the first location information is at or near the first location P1. That is, even if there are a plurality of first places P1 that the first user U1 can visit, the prediction unit 106 predicts the prediction period only for the first places P1 within the range A1.
  • the processing execution unit 105 executes payment processing based on the face authentication performed during the prediction period. Even if the other first place P1 exists, the prediction period is not predicted, so the settlement process cannot be executed for the other first place P1 only by face recognition.
  • the settlement process is executed based on the first authentication executed during the prediction period.
  • the first user U1 can execute payment processing by face authentication at the first location P1 where he/she is, which increases convenience.
  • the prediction period is predicted only for the first location P1 where the first user U1 is, there is no need to calculate an extra prediction period, so the processing load of the authentication system S can be reduced.
  • the process execution unit 105 may perform check-in for the second user U2 when the second user U2 is at or comes to the second place P2.
  • This check-in is a check-in to the second location P2.
  • check-in corresponds to the second process.
  • the second process may be any process other than check-in. The second process only needs to be able to somehow detect the presence of the second user U2, and may be a payment process.
  • the prediction unit 106 may predict the prediction period when check-in for the second user is performed.
  • the authentication system S may further include a second user determination unit 104 that determines whether or not the second user U2 is at or has come to the first location P1.
  • the second user determination unit 104 is as described in the first embodiment. For example, it is detected that the second user U2 is at or has arrived at the first place P1 by checking in. Alternatively, for example, it may be determined that the second user U2 is at or has come to the first place P1 when the second user U2 executes payment processing by face authentication and passcode authentication at the first place P1. .
  • the processing execution unit 105 executes payment processing based on face recognition performed during the prediction period when it is not determined that the second user U2 is at or has arrived at the first location P1. For example, when it is determined that the second user U2 is at or has come to the first place P1, the processing execution unit 105 performs the payment processing based on the passcode authentication as well as the face authentication performed during the prediction period. Run. In this case, face authentication does not have to be performed, as in modification 1-2.
  • the payment process is executed based on the face recognition performed during the prediction period. Since it is more certain that the second user U2 is not at the first location P1 or has not been at the first location P1 during the prediction period, the second user U2 is not at the first location P1 in this case. By executing settlement processing, personal identification is surely executed and security is enhanced.
  • FIG. 24 is an example of a functional block diagram in a modification according to the third embodiment. As shown in FIG. 24, in the modification according to the third embodiment, in addition to the functions of FIG. A unit 112, a first transmitter 113, and a second transmitter 114 are implemented. Each of these functions is realized mainly by the control unit 11 .
  • the processing execution unit 105 performs passcode authentication without face authentication.
  • Check-in may be performed based on In this case, face authentication may not be performed, or face authentication itself may be performed, but the result of face authentication may not be a condition for whether or not check-in is to be performed.
  • the passcode authentication of this modified example also uses the user ID. That is, when it is determined that the second user U2 is at or has come to the first place P1, the processing execution unit 105 performs passcode authentication using a user ID and a passcode, not based on face authentication. , perform check-in.
  • This passcode authentication is as described in modification 1-1. As described in modification 1-1, any combination of the first authentication and the second authentication may be used.
  • passcode authentication is performed without face authentication. Perform check-in based on As a result, even if each of the first user U1 and the second user U2 is at or is scheduled to come to the first place P1 at the same time and the first user U1 and the second user U2 cannot be distinguished from each other, the pass Security is enhanced by reliably performing identity verification through code authentication.
  • FIG. 25 shows a case where each of the first user U1 and the second user U2 has reserved a seminar for June 10, 2021 at 14:00.
  • face authentication and passcode authentication are required in principle.
  • the second user determination unit 104 determines that the second user U2 is at or has come to the first place P1 when the second user U2 checks in. In this case, since it is known that the second user U2 is already at the first place P1, as shown in FIG. good too.
  • passcode authentication includes Perform check-in based on facial recognition instead of based on.
  • the first user U1 can check-in at the first place P1 only by facial recognition, which increases convenience for the first user U1.
  • the authentication system S does not perform passcode authentication of the first user U1, the processing load of the authentication system S can be reduced.
  • FIG. 26 is a diagram showing an example of an authentication system S of modification 3-3.
  • the first user U1 operates the user terminal 20 to apply for a seminar reservation.
  • a list of dates and times of seminars is displayed on the user terminal 20 .
  • the user U can reserve a seminar by selecting an arbitrary holding date and time.
  • the authentication system S designates the second scheduled date or the second scheduled date and time when the second user U2 is or will be at the first location P1 as the first scheduled date or the first scheduled date and time.
  • a second restricting unit 111 may be further included.
  • the second restriction unit 111 restricts the user terminal 20 from selecting this date and time.
  • Methods of this limitation include not displaying the input form for selecting this date and time, invalidating this input form, or not displaying this date and time.
  • the second scheduled date or second scheduled date and time when the second user U2 is or will be at the first location P1 is designated as the first scheduled date or first scheduled date and time based on the schedule information. limit This prevents the first user U1 and the second user U2 from coming to the same seminar and making them indistinguishable from each other only by face recognition, and ensures the execution of identity verification to improve security.
  • the authentication system S confirms that the second scheduled date or the second scheduled date and time is designated as the first scheduled date or the first scheduled date and time.
  • a permitting unit 112 for permitting may be further included.
  • the first user U1 selects check-in by other authentication method such as passcode authentication or code authentication using the user terminal 20 instead of face authentication
  • the seminar on the same date and time as the second user U2 can be specified.
  • the first user U1 reserves a seminar on a screen such as that shown in FIG. 26, it is assumed that the authentication method for that day can be specified. It is assumed that the authentication method specified by the first user U1 is stored in the schedule information database DB3. On the day of the seminar, the first user U1 checks in using the authentication method specified by him/herself. Various known methods can be used for this authentication itself.
  • the second scheduled date or the second scheduled date and time is the first scheduled date or the first scheduled date and time Allow to be specified. This prevents the first user U1 and the second user U2 from being indistinguishable from each other, and ensures the execution of identity verification, thereby enhancing security.
  • the authentication system S further includes a first transmission unit 113 that transmits a notification prompting the first user U1 not to perform face authentication at the first location P1 when the first user U1 designates another authentication. It's okay.
  • This notification can be sent in any way, for example by email, SNS, SMS, or a messaging app. It is assumed that the format of this notification is stored in the data storage unit 100 . This notification will not be sent if the first user U1 has booked a seminar on a date and time different from that of the second user U2. This notification includes a message indicating that face authentication will not be performed at the first location P1.
  • the first user U1 uses other authentication methods such as passcode authentication or code authentication.
  • modification 3-5 when the first user U1 designates another authentication, a notification is sent to the first user U1 urging not to perform the first authentication at the first location P1. This prevents the first user U1 and the second user U2 from becoming indistinguishable from each other, and ensures the execution of identity verification, thereby enhancing security.
  • the second user U2 may be at or will be at the first location P1 at a second scheduled date and time on the same day as the first scheduled date and time. That is, the first user U1 and the second user U2 are scheduled to come to the first place P1 on the same day, but at slightly different times. For example, the time when the first user U1 comes to the first place P1 and the time when the second user U2 comes to the first place P2 are different by several minutes to half a day.
  • the first user U1 is asked to perform face authentication at the first location P1 on the first scheduled date and time, and to be at the first location P1 at another time on the same day as the first scheduled date and time. Or send a notification prompting to use other authentication if it comes. This prevents the first user U1 and the second user U2 from being indistinguishable from each other, and ensures the execution of identity verification, thereby enhancing security.
  • the processing execution unit 105 When it is determined that the second user U2 is at or will come to the first place P1 on the first scheduled date or the first scheduled date and time, the processing execution unit 105 performs a check based on face authentication performed during the prediction period. run in. In the second embodiment, whether or not the second user U2 is present or will come to the first location P1 on the first scheduled date or the first scheduled date and time is a condition for whether or not to perform check-in. different from Other points of the processing execution unit 105 are as described in the second embodiment.
  • the modification 3-7 when it is determined that the second user U2 is at or will come to the first place P1 on the first scheduled date or the first scheduled date and time, based on the face authentication performed during the prediction period to execute the first process.
  • This prevents the first user U1 and the second user U2 from being indistinguishable from each other, and ensures the execution of identity verification, thereby enhancing security.
  • it is possible to prevent the second user U2 from impersonating the first user U1 and checking in. Since the first user U1 can check in only by facial recognition within the prediction period, the convenience of the first user U1 is enhanced. Also, in this case, since there is no need to perform passcode authentication, the processing load on the authentication system S can be reduced.
  • the authentication system S acquires the distance between the first location P1 and the second location P2 based on the first location information and the second location information regarding the first location P1, and obtains the second time information, By predicting the prediction period based on the travel time according to the distance, the prediction period can be accurately predicted. By predicting an accurate prediction period, it is possible to more reliably prevent the first user U1 and the second user U2 from being indistinguishable from each other, and to ensure identity verification to increase security.
  • the second location information described in Modification 3-7 may be location information acquired using an application other than the application for accepting reservations for the first location P1.
  • the application for accepting reservations is an application for displaying the screen of FIG.
  • Another application is an application that can acquire location information using the GPS receiver 28 when activated.
  • it is an application such as an electronic payment application.
  • a known method can be used as a method itself for acquiring location information when an application is started. Assume that multiple applications are linked and information can be exchanged.
  • the second location information is location information acquired using an application different from the application for accepting reservations for the first location P1. Acquiring information accurately increases security.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
PCT/JP2021/023396 2021-06-21 2021-06-21 認証システム、認証方法、及びプログラム Ceased WO2022269683A1 (ja)

Priority Applications (4)

Application Number Priority Date Filing Date Title
PCT/JP2021/023396 WO2022269683A1 (ja) 2021-06-21 2021-06-21 認証システム、認証方法、及びプログラム
US17/911,768 US20240211562A1 (en) 2021-06-21 2021-06-21 Authentication system, authentication method and program
JP2022549974A JP7335456B2 (ja) 2021-06-21 2021-06-21 認証システム、認証方法、及びプログラム
TW111120000A TWI841971B (zh) 2021-06-21 2022-05-30 認證系統、認證方法及程式產品

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/023396 WO2022269683A1 (ja) 2021-06-21 2021-06-21 認証システム、認証方法、及びプログラム

Publications (1)

Publication Number Publication Date
WO2022269683A1 true WO2022269683A1 (ja) 2022-12-29

Family

ID=84544283

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/023396 Ceased WO2022269683A1 (ja) 2021-06-21 2021-06-21 認証システム、認証方法、及びプログラム

Country Status (4)

Country Link
US (1) US20240211562A1 (https=)
JP (1) JP7335456B2 (https=)
TW (1) TWI841971B (https=)
WO (1) WO2022269683A1 (https=)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009093512A (ja) * 2007-10-11 2009-04-30 Nec Corp ログイン情報処理システムおよびログイン情報処理方法
WO2010103736A1 (ja) * 2009-03-13 2010-09-16 オムロン株式会社 顔認証装置、人物画像検索システム、顔認証装置制御プログラム、コンピュータ読み取り可能な記録媒体、および顔認証装置の制御方法
JP6409929B1 (ja) * 2017-09-19 2018-10-24 日本電気株式会社 照合システム
WO2020208745A1 (ja) * 2019-04-10 2020-10-15 楽天株式会社 認証システム、認証端末、ユーザ端末、認証方法、及びプログラム

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008176493A (ja) * 2007-01-17 2008-07-31 Dainippon Printing Co Ltd 機器アクセス管理システム
EP3750272A4 (en) * 2018-02-06 2021-12-15 Nb Research Llc SYSTEM AND PROCEDURE FOR SECURING A RESOURCE
US10452828B1 (en) * 2018-12-11 2019-10-22 block.one Systems and methods for creating a verified digital association

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009093512A (ja) * 2007-10-11 2009-04-30 Nec Corp ログイン情報処理システムおよびログイン情報処理方法
WO2010103736A1 (ja) * 2009-03-13 2010-09-16 オムロン株式会社 顔認証装置、人物画像検索システム、顔認証装置制御プログラム、コンピュータ読み取り可能な記録媒体、および顔認証装置の制御方法
JP6409929B1 (ja) * 2017-09-19 2018-10-24 日本電気株式会社 照合システム
WO2020208745A1 (ja) * 2019-04-10 2020-10-15 楽天株式会社 認証システム、認証端末、ユーザ端末、認証方法、及びプログラム

Also Published As

Publication number Publication date
JP7335456B2 (ja) 2023-08-29
JPWO2022269683A1 (https=) 2022-12-29
TWI841971B (zh) 2024-05-11
US20240211562A1 (en) 2024-06-27
TW202316297A (zh) 2023-04-16

Similar Documents

Publication Publication Date Title
US12174930B2 (en) Biometric ticketing
JP7215566B2 (ja) 情報処理装置、サーバ装置、情報処理方法及びプログラム
JP2017182326A (ja) モバイル端末を用いた資格認証システム、資格認証用ツール、及び、資格認証方法
TWI745891B (zh) 認證系統、認證終端、使用者終端、認證方法、及程式產品
CN109711847A (zh) 近场信息认证的方法、装置、电子设备和计算机存储介质
TWI795822B (zh) 認證系統、認證方法、及程式產品
US12536538B2 (en) Method and system for payment device-based access
TWI837556B (zh) 不正檢測系統、不正檢測裝置、不正檢測方法及程式產品
JP7794420B2 (ja) 処理管理システム、処理管理装置、処理管理方法、及びコンピュータプログラム
JP7345067B2 (ja) 認証システム、認証方法、及びプログラム
JP7335456B2 (ja) 認証システム、認証方法、及びプログラム
JP7190082B1 (ja) 認証システム、認証方法、及びプログラム
JP2022157339A (ja) 電子決済システム、電子決済方法、及びプログラム
US12579241B2 (en) Server-based biometric authentication system for partner businesses, server device, authentication terminal, control method of server device, and storage medium
JP2021047672A (ja) 利用者通行許可システム、自動改札システム、自動改札装置、および利用者通行許可方法
JP2020038684A (ja) モバイル端末を用いた資格認証システム、資格認証用ツール、及び、資格認証方法
US12493832B2 (en) Check-in system, check-in method and program
JP7622752B2 (ja) 施設利用管理システム、施設利用管理方法及びプログラム
JP2024038977A (ja) 宿泊支援装置、システム及び方法、並びに、コンピュータ可読媒体
JP2024000712A (ja) 認証用データ作成装置、認証用データ作成方法、および認証用データ作成プログラム

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2022549974

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 17911768

Country of ref document: US

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21946974

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21946974

Country of ref document: EP

Kind code of ref document: A1