WO2024075173A1 - System and method - Google Patents

System and method Download PDF

Info

Publication number
WO2024075173A1
WO2024075173A1 PCT/JP2022/037037 JP2022037037W WO2024075173A1 WO 2024075173 A1 WO2024075173 A1 WO 2024075173A1 JP 2022037037 W JP2022037037 W JP 2022037037W WO 2024075173 A1 WO2024075173 A1 WO 2024075173A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
person
casino
server
enter
Prior art date
Application number
PCT/JP2022/037037
Other languages
French (fr)
Japanese (ja)
Inventor
裕之 岡田
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2022/037037 priority Critical patent/WO2024075173A1/en
Publication of WO2024075173A1 publication Critical patent/WO2024075173A1/en

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition

Definitions

  • the present invention relates to a system and a method.
  • Patent Document 1 states that the objective of the invention is to provide a gaming system, gaming facility management device, and usage restriction method that can efficiently prevent players from becoming addicted to casino games when multiple domestic casinos that offer casino games using cash are established in Japan.
  • Patent Document 2 describes how it is possible to improve the throughput of passing through a gate by eliminating the need for tickets, etc.
  • Identification is required when entering facilities such as casinos. Specifically, identity verification using a medium such as a My Number card is required.
  • a card medium unique to the system is issued to the casino user (see paragraph [0021]). The card medium is used to identify the user when the user enters the casino (paragraphs [0024]-[0025]).
  • Patent Document 1 in order to enter a casino, a user must carry an ID card for identity verification and a card medium for entering the casino. However, carrying multiple media places a large burden on the user in terms of management, etc.
  • the main objective of the present invention is to provide a system and method that contributes to reducing the burden on users of facilities such as casinos.
  • a system includes a reception terminal, an entrance terminal that restricts the entrance of an authenticated person who is attempting to enter a specified facility, and a server device, in which the reception terminal, in response to an operation by an authenticated person who wishes to enter the specified facility, writes an ID that identifies the authenticated person to a medium storing an electronic certificate of the authenticated person, and transmits an authorized person notification including the ID and facial information of the authenticated person to the server device, the server device stores the ID and facial information included in the authorized person notification in an authorized person list, the entrance terminal reads the ID from the medium held by the authenticated person on which the ID is written, photographs the authenticated person to obtain facial information, and transmits an authentication request including the ID and the facial information to the server device, the server device identifies the authenticated person using the ID included in the authentication request and the ID included in the authorized person list, performs one-to-one authentication using the facial information of the identified authenticated person included in the authorized person list and the facial information included
  • a system including a reception terminal, an entrance terminal that restricts the entrance of an authenticated person who is attempting to enter a specified facility, and a server device, provides a method for writing an ID that identifies the authenticated person to a medium storing an electronic certificate of the authenticated person in response to an operation of the authenticated person who wishes to enter the specified facility, transmitting an authorized person notification including the ID and facial information of the authenticated person to the server device, storing the ID and facial information included in the authorized person notification in an authorized person list, reading the ID from the medium held by the authenticated person on which the ID is written, photographing the authenticated person to obtain facial information, transmitting an authentication request including the ID and the facial information to the server device, identifying the authenticated person using the ID included in the authentication request and the ID included in the authorized person list, performing one-to-one authentication using the facial information of the identified authenticated person included in the authorized person list and the facial information included in the authentication request, and notifying the entrance terminal that the authenticated
  • a system and method are provided that contribute to reducing the burden on users of facilities such as casinos.
  • the effects of the present invention are not limited to those described above.
  • the present invention may achieve other effects instead of or in addition to the effects described above.
  • FIG. 1 is a diagram for explaining an overview of an embodiment.
  • FIG. 2 is a flowchart for explaining the operation of one embodiment.
  • FIG. 3 is a diagram showing an example of a schematic configuration of the entrance management system according to the first embodiment.
  • FIG. 4 is a diagram for explaining the operation of the entrance management system according to the first embodiment.
  • FIG. 5 is a diagram for explaining the operation of the entrance management system according to the first embodiment.
  • FIG. 6 is a diagram for explaining the operation of the entrance management system according to the first embodiment.
  • FIG. 7 is a diagram for explaining the operation of the entrance management system according to the first embodiment.
  • FIG. 8 is a diagram illustrating an example of a processing configuration of the reception terminal according to the first embodiment.
  • FIG. 9 is a diagram illustrating an example of a display of the reception terminal according to the first embodiment.
  • FIG. 10 is a flowchart illustrating an example of the operation of the admission confirmation control unit according to the first embodiment.
  • FIG. 11 is a diagram illustrating an example of a display of the reception terminal according to the first embodiment.
  • FIG. 12 is a diagram illustrating an example of a display of the reception terminal according to the first embodiment.
  • FIG. 13 is a flowchart illustrating an example of the operation of the admission confirmation control unit according to the first embodiment.
  • FIG. 14 is a diagram illustrating an example of a display of the reception terminal according to the first embodiment.
  • FIG. 15 is a diagram illustrating an example of a processing configuration of an entrance terminal according to the first embodiment.
  • FIG. 16 is a flowchart illustrating an example of the operation of the authentication control unit according to the first embodiment.
  • FIG. 17 is a diagram illustrating an example of a processing configuration of the casino server according to the first embodiment.
  • FIG. 18 is a diagram illustrating an example of a user information database according to the first embodiment.
  • FIG. 19 is a flowchart illustrating an example of the operation of the admission confirmation processing unit according to the first embodiment.
  • FIG. 20 is a diagram illustrating an example of a processing configuration of the first PF server according to the first embodiment.
  • FIG. 21 is a diagram illustrating an example of a user management database according to the first embodiment.
  • FIG. 22 is a diagram illustrating an example of a processing configuration of the management server according to the first embodiment.
  • FIG. 23 is a diagram showing an example of the visitor information database according to the first embodiment.
  • FIG. 24 is a diagram illustrating an example of a processing configuration of the second PF server according to the first embodiment.
  • FIG. 25 is a diagram showing an example of the attendee management database according to the first embodiment.
  • FIG. 26 is a diagram illustrating an example of a processing configuration of the certificate authority server according to the first embodiment.
  • FIG. 27 is a diagram illustrating an example of a processing configuration of the admission control server according to the first embodiment.
  • FIG. 28 is a diagram showing an example of the admission permitted person list according to the first embodiment.
  • FIG. 29 is a sequence diagram showing an example of the operation of the entrance management system according to the first embodiment.
  • FIG. 30 is a sequence diagram showing an example of the operation of the entrance management system according to the first embodiment.
  • FIG. 31 is a diagram illustrating an example of a hardware configuration of a reception terminal according to the present disclosure.
  • a system includes a reception terminal 101, an entrance terminal 102 that restricts the entrance of an authenticated person who is attempting to enter a specified facility, and a server device 103 (see FIG. 1).
  • the reception terminal 101 writes an ID that identifies the applicant to a medium storing the applicant's electronic certificate (step S1 in FIG. 2).
  • the reception terminal 101 transmits an admission permission notice including the ID and facial information of the applicant to the server device 103 (step S2).
  • the server device 103 stores the ID and facial information included in the admission permission notice in a list of admitted persons (step S3).
  • the entrance terminal 102 reads the ID held by the person to be authenticated from the medium on which the ID is written, photographs the person to be authenticated to obtain facial information, and transmits an authentication request including the ID and facial information to the server device 103 (step S4).
  • the server device 103 identifies the person to be authenticated using the ID included in the authentication request and the ID included in the admission permission list (step S5).
  • the server device 103 performs one-to-one authentication using the facial information included in the list of people allowed to enter the identified person to be authenticated and the facial information included in the authentication request (step S6). If the one-to-one authentication is successful, the server device 103 notifies the entrance terminal 102 that the person to be authenticated is allowed to enter the specified facility (notification of admission; step S7).
  • the reception terminal 101 writes an ID that identifies the person who wishes to enter the facility into a medium (e.g., a My Number card) in which the electronic certificate is stored, in response to an operation by the person who wishes to enter the facility (e.g., an operation related to identity verification or number of visits verification).
  • the person who wishes to enter the facility presents the medium in which the ID is written to the entrance terminal 102.
  • the entrance terminal 102 transmits an authentication request to the server device 103, including the ID acquired from the presented medium and face information of the person to be authenticated.
  • the server device 103 identifies the person to be authenticated using the ID and verifies by one-to-one authentication that the person to be authenticated is not using the medium (My Number card) fraudulently.
  • the server device 103 identifies the person to be authenticated who arrives at the entrance terminal 102 by authentication using the ID rather than one-to-N authentication (N is a positive integer), thereby realizing more accurate authentication.
  • FIG. 3 is a diagram showing an example of a schematic configuration of an admission management system (information processing system) according to the first embodiment.
  • the admission management system according to the first embodiment performs admission management for facilities in an integrated resort (IR).
  • IR integrated resort
  • the admission management system includes multiple server devices.
  • Integrated resorts include international conference centers, exhibition facilities, hotels, commercial facilities, restaurants, theaters, movie theaters, amusement parks, sports facilities, hot springs, casino areas, etc.
  • the facility that users enter will be described as a "casino area.”
  • the facility that users enter may be another facility.
  • casino facility Users entering a casino activity area (hereinafter simply referred to as casino facility or casino) for the first time must undergo identity verification in advance. Specifically, users (those wishing to enter) undergo identity verification using a reception terminal 10 (kiosk terminal) installed in a corner of the integrated resort facility. Note that the initial identity verification must be completed before entering the casino facility.
  • reception terminal 10 Kiosk terminal
  • Identity verification is performed using an identification card issued by a public institution.
  • an IC (Integrated Circuit) card that stores an electronic certificate is used for identity verification.
  • an explanation will be given using the My Number Card as an example of an IC card (identification card) that stores an electronic certificate.
  • the user performs the initial identity verification procedure by operating the reception terminal 10 or a smartphone or other device that the user possesses. Note that the following explanation assumes that identity verification is performed at the reception terminal 10. Once the initial identity verification is complete, the user can enter the casino facility by passing through the entrance terminal 20.
  • the entrance terminal 20 is a terminal (device) that restricts the entry of authenticated persons attempting to enter a designated facility such as a casino.
  • the user When entering the casino for the second or subsequent time, the user must also have their identity verified at the reception terminal 10. In addition, when entering the casino for the second or subsequent time, the user must have the number of visits verified at the reception terminal 10. However, foreigners who do not have a residence in Japan are not required to have their identity verified or the number of visits verified.
  • the number of times check is to check whether the entry limit to a casino facility set by law, etc. has been exceeded.
  • a short-term limit such as "entry is limited to three times in seven consecutive days” or a long-term limit such as “entry is limited to ten times in 28 consecutive days” is a number of times check to check whether the entry limit has been exceeded.
  • the admission management system includes multiple server devices. Specifically, the admission management system includes a casino server 30, a first platform (PF; Platform) server 40, a management server 50, a second platform server 60, an authentication authority server 70, and an admission control server 80.
  • PF Platform
  • the admission management system includes a casino server 30, a first platform (PF; Platform) server 40, a management server 50, a second platform server 60, an authentication authority server 70, and an admission control server 80.
  • the casino server 30 is a server device managed by a casino operator or the like.
  • the casino server 30 manages casino users, etc.
  • the casino server 30 controls users' entry into the casino facility.
  • the first PF server 40 is a server device managed by an authentication business that performs electronic certificate authentication operations.
  • the first PF server 40 performs authentication procedures using the electronic certificate stored in the identification card. More specifically, the first PF server 40 is a device that performs electronic certificate authentication operations requested by the casino operator.
  • the management server 50 is a server device managed by the Casino Management Committee (an administrative body that creates rules regarding casino use and manages casino business activities by casino operators).
  • the management server 50 manages the usage status of casino facilities. More specifically, the management server 50 checks the number of times casino users visit and manages (stores) the identities of casino users. Note that the management server 50 does not manage the usage status of a single casino facility, but rather manages the usage status of each casino facility (multiple casino facilities) that conducts business activities within the country. In other words, the management server 50 checks the number of times not only for the casino facility that the user is about to enter, but also for other casino facilities existing within the country (performing the short-term and long-term number checks described above).
  • the second PF server 60 is a server device managed by an authentication business that performs electronic certificate authentication operations.
  • the second PF server 60 performs authentication procedures using the electronic certificate stored in the identification card. More specifically, the second PF server 60 is a device that performs electronic certificate authentication operations requested by the Casino Management Committee.
  • the certification authority server 70 is a server device managed by a corporation jointly operated by the national and local governments called J-LIS (Japan Agency for Local Authority Information Systems).
  • J-LIS Joint Agency for Local Authority Information Systems
  • the certification authority server 70 verifies the validity of electronic certificates. More specifically, the certification authority server 70 is a device that provides personal authentication services using electronic certificates.
  • the entrance control server 80 is a server device that controls users' entrance into the casino facility.
  • the entrance control server 80 authenticates users (authenticated persons) who attempt to enter the casino facility through the entrance terminal 20.
  • a user entering a casino facility for the first time undergoes initial identity verification at the reception terminal 10.
  • the reception terminal 10 obtains a signature electronic certificate from the My Number card held by the user.
  • the reception terminal 10 obtains from the user a password for reading the signature electronic certificate, and obtains the electronic certificate from the My Number card.
  • the reception terminal 10 sends an identity verification request including the obtained signature electronic certificate to the casino server 30 (step S01).
  • the reception terminal 10 requests the casino server 30 to verify the user's identity using the electronic certificate.
  • the electronic signature certificate is an electronic certificate used to sign documents to be submitted to public institutions, etc., and contains the personal information of the user (a resident who has been issued a My Number card) (the so-called four basic pieces of information: name, date of birth, gender, and address).
  • the casino server 30 requests the first PF server 40 to verify the identity of the user. Specifically, the casino server 30 sends an identity verification request including the signature electronic certificate acquired from the reception terminal 10 to the first PF server 40 (step S02).
  • the first PF server 40 In response to receiving the identity verification request, the first PF server 40 requests the certificate authority server 70 to verify the validity of the signature electronic certificate. Specifically, the first PF server 40 sends a verification request including the issue number of the signature electronic certificate to the certificate authority server 70 (step S03).
  • the certificate authority server 70 verifies the signature electronic certificate.
  • the certificate authority server 70 transmits the verification result of the signature electronic certificate (signature electronic certificate is valid, signature electronic certificate is invalid) to the first PF server 40 (step S04).
  • the certificate authority server 70 also transmits the issue number of the user authentication electronic certificate linked to the signature electronic certificate to the first PF server 40.
  • the first PF server 40 creates an account for the user (a user entering a casino facility for the first time).
  • the first PF server 40 stores an ID that identifies the user (hereinafter referred to as a user ID), the issue number of the signature electronic certificate, the issue number of the user authentication electronic certificate, and personal identification information in association with each other.
  • personal identification information is information consisting of at least one of name, date of birth, gender, and address, or a combination of these.
  • a name or a combination of a name and date of birth corresponds to personal identification information.
  • a combination of a name, date of birth, gender, and address may also be personal identification information.
  • the first PF server 40 transmits the result of the identity verification request (identity verification successful, identity verification failed) to the casino server 30 (step S05). If identity verification is successful, the first PF server 40 also transmits the user ID and identity information to the casino server 30.
  • the casino server 30 sends a response to the identity confirmation request (identity confirmation successful, identity confirmation failed) to the reception terminal 10 (step S06). If identity confirmation is successful, the casino server 30 notifies the reception terminal 10 and the management server 50 of the user ID and identity specification information. The casino server 30 also stores the user ID etc. received from the first PF server 40.
  • the reception terminal 10 performs identity verification using facial information. Specifically, the reception terminal 10 performs identity verification using the facial information printed on the face of the My Number card and facial information obtained by photographing the user in front of the user.
  • face information is not limited to face images, and the face information may be a feature generated from a face image.
  • reception terminal 10 determines that the two facial images are facial images of the same person, it determines that identity verification has been successful. If the reception terminal 10 determines that the two facial images are not facial images of the same person, it determines that identity verification has failed.
  • the reception terminal 10 notifies the user that they can enter the casino.
  • the reception terminal 10 (kiosk terminal) issues a casino user ID to a user who has completed the initial identity verification (a user who is eligible to enter the casino facility). If the reception terminal 10 is successful in identity verification using an electronic certificate and a facial image, it issues a casino user ID for that user. For example, the reception terminal 10 issues the user ID received from the casino server 30 as the casino user ID.
  • the reception terminal 10 stores (records) the casino user ID (user ID) in the My Number card presented by the user. Specifically, the reception terminal 10 writes the casino user ID in the app installation area of the My Number card.
  • the reception terminal 10 transmits an "admission permitted person notification" including the face image and casino user ID of the user whose identity has been verified to the admission control server 80 (step S07).
  • the admission control server 80 manages the users who have completed identity verification and are permitted to enter the casino facility in an admission permitted person list.
  • the admission control server 80 stores the casino user ID and face image acquired from the reception terminal 10 in the admission permitted person list.
  • the reception terminal 10 obtains the casino user ID and user authentication electronic certificate from the My Number card held by the user. Specifically, the reception terminal 10 obtains a password for reading the user certificate electronic certificate from the user, and obtains the electronic certificate from the My Number card. The reception terminal 10 sends an entry confirmation request including the obtained casino user ID and user authentication electronic certificate to the casino server 30 (step S11 in FIG. 5). The reception terminal 10 requests the casino server 30 to verify the user's identity and number of visits using the electronic certificate.
  • the user electronic certificate is an electronic certificate used as a means of authenticating a person's identity, and does not include personal information (the so-called four basic pieces of information: name, date of birth, gender, and address) of the user (a resident who has been issued a My Number card).
  • the admission control system performs identity verification and count verification. These identity verification and count verification are performed in parallel, but for convenience, they will be explained separately.
  • the casino server 30 When the casino server 30 obtains the user authentication electronic certificate from the reception terminal 10, it requests the first PF server 40 to verify the identity of the person wishing to enter. Specifically, the casino server 30 sends an identity verification request including the user authentication electronic certificate obtained from the reception terminal 10 to the first PF server 40 (step S21).
  • the first PF server 40 determines whether or not the initial identity verification has been completed for a person who wishes to enter a casino facility. Specifically, the first PF server 40 uses the issue number of the user authentication electronic certificate to determine whether or not an account has been created for the person who wishes to enter.
  • the first PF server 40 requests the certification authority server 70 to verify the validity of the signature electronic certificate and the user authentication electronic certificate. Specifically, the first PF server 40 sends a verification request including the issue number of the signature electronic certificate and the issue number of the user authentication electronic certificate to the certification authority server 70 (step S22).
  • the certificate authority server 70 verifies the signature electronic certificate and the user authentication electronic certificate.
  • the certificate authority server 70 sends the verification results of the signature electronic certificate and the user authentication electronic certificate (certificate is valid, certificate is invalid) to the first PF server 40 (step S23).
  • the first PF server 40 transmits the verification result (identity verification successful, identity verification failed) for the identity verification request received from the casino server 30 to the casino server 30 (step S24). If identity verification is successful, the first PF server 40 notifies the casino server 30 of the user ID and identity specification information of the person wishing to enter.
  • the casino server 30 stores the verification result (identity verification successful, identity verification failed) for those who wish to enter the casino facility.
  • the casino server 30 When the casino server 30 obtains the user authentication electronic certificate from the reception terminal 10, it requests the management server 50 to confirm the number of times the person wishing to enter has visited. Specifically, the casino server 30 sends a number confirmation request to the management server 50, which includes the user authentication electronic certificate and the user ID read from the My Number card (step S31).
  • the management server 50 requests the second PF server 60 to identify the spectator. Specifically, the management server 50 sends a spectator identification request, including the user authentication electronic certificate acquired from the casino server 30, to the second PF server 60 (step S32).
  • the second PF server 60 requests the certification authority server 70 to verify the validity of the user-certified electronic certificate. Specifically, the second PF server 60 sends a verification request including the issue number of the user-certified electronic certificate to the certification authority server 70 (step S33).
  • the certificate authority server 70 verifies the user-certificate electronic certificate.
  • the certificate authority server 70 transmits the result of the verification of the user-certificate electronic certificate (the user-certificate electronic certificate is valid, the user-certificate electronic certificate is invalid) to the second PF server 60 (step S34).
  • the second PF server 60 creates an account for the visitor.
  • the second PF server 60 stores an ID that identifies the visitor (hereinafter referred to as a visitor ID) in association with the issue number of the visitor's user authentication electronic certificate.
  • the second PF server 60 transmits a response (attendee identified, attendee unidentified) to the attendance request received from the management server 50 to the management server 50 (step S35). If an attendee is identified, the second PF server 60 also transmits the attendee ID of the identified attendee (scheduled attendee) to the management server 50.
  • the management server 50 checks the number of times the identified user has used the casino facilities.
  • the management server 50 transmits the result of the check (user may use the casino facilities, user may not use the casino facilities) to the casino server 30 (step S36).
  • the casino server 30 stores the result of the count confirmation.
  • the casino server 30 determines whether the user is permitted to enter the casino facility.
  • the casino server 30 sends a response to the request for confirmation of entry (permitted to enter the casino facility, not permitted to enter the casino facility) to the reception terminal 10 (step S12 in FIG. 5).
  • the reception terminal 10 performs identity verification using the facial image printed on the face of the My Number card and a facial image obtained by photographing the user in front of the card.
  • reception terminal 10 determines that the two facial images are facial images of the same person, it determines that identity verification has been successful. If the reception terminal 10 determines that the two facial images are not facial images of the same person, it determines that identity verification has failed.
  • the reception terminal 10 notifies the user that he or she may enter the casino.
  • the reception terminal 10 transmits to the admission control server 80 the face image and casino user ID of the user who has completed the second or subsequent identity verification and number verification, just as it did during the initial identity verification.
  • the admission control server 80 stores the casino user ID and face image acquired from the reception terminal 10 in the admission permitted person list.
  • ⁇ Entry to casino facilities> When a user who has completed identity verification and the like enters a casino facility, the user presents a medium (such as a My Number Card; MNC) on which a casino user ID is stored to an entrance terminal 20 (see FIG. 7).
  • MNC My Number Card
  • the admission terminal 20 reads out the casino user ID from the My Number card presented by the user (a person wishing to enter a casino facility; a person to be authenticated). The admission terminal 20 also photographs the user to obtain a facial image of the person wishing to enter.
  • the admission terminal 20 sends an authentication request including the acquired face image and casino user ID to the admission control server 80.
  • the admission control server 80 searches the list of admitted users using the casino user ID as a key, and identifies the corresponding user (a user who has completed identity verification and number of visits verification).
  • the admission control server 80 performs one-to-one authentication (one-to-one matching) using the face image of the identified user and the face image acquired from the admission terminal 20. If the one-to-one authentication is successful, the admission control server 80 allows the person wishing to enter the casino (the person to be authenticated) to pass through the gate.
  • the admission control server 80 sends a positive response to the admission terminal 20 indicating that the user is permitted to enter the casino. If the casino user ID is not on the list of permitted visitors or if the one-to-one authentication fails, the admission control server 80 sends a negative response to the admission terminal 20 indicating that the user is not permitted to enter the casino.
  • the admission terminal 20 opens the gate and allows the user to enter the casino. If a negative response is received, the admission terminal 20 closes the gate and denies the user entry to the casino.
  • the reception terminal 10 controls the identity verification using the electronic certificate of an entry applicant who wishes to enter a specified facility (casino).
  • the reception terminal 10 succeeds in identity verification using the electronic certificate, it writes an ID (casino user ID) that identifies the entry applicant whose identity has been successfully verified to the medium (My Number card) in which the entry applicant's electronic certificate is stored.
  • the reception terminal 10 transmits an entry permitted person notification including the ID and face information of the entry applicant whose identity has been successfully verified using the electronic certificate to the server device (entrance control server 80).
  • the server device stores the ID and face information included in the entry permitted person notification in an entry permitted person list.
  • the entry terminal 20 reads the ID held by the person to be authenticated from the medium (My Number card) in which the ID is written, and photographs the person to be authenticated to obtain face information.
  • the entry terminal 20 transmits an authentication request including the ID and face information to the server device.
  • the server device identifies the person to be authenticated using the ID included in the authentication request and the ID included in the entry permitted person list. Furthermore, the server device performs one-to-one authentication using the face information included in the entry permitted person list of the identified person to be authenticated and the face information included in the authentication request. If the one-to-one authentication is successful, the server device notifies the admission terminal 20 that the person being authenticated can enter the casino.
  • the admission control server 80 performs one-to-one authentication to prevent a user who has completed identity verification and number of times from handing over a medium (e.g., a My Number card) on which the casino user ID is stored to another person, thereby preventing that other person from illegally entering the casino.
  • a medium e.g., a My Number card
  • FIG. 8 is a diagram showing an example of a processing configuration (processing module) of the reception terminal 10 according to the first embodiment.
  • the reception terminal 10 includes a communication control unit 201, an admission confirmation control unit 202, and a storage unit 203.
  • the communication control unit 201 is a means for controlling communication with other devices.
  • the communication control unit 201 receives data (packets) from the casino server 30.
  • the communication control unit 201 also transmits data to the casino server 30.
  • the communication control unit 201 passes data received from other devices to other processing modules.
  • the communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data with other devices via the communication control unit 201.
  • the communication control unit 201 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
  • the admission verification control unit 202 is a means for controlling identity verification and number of admission verification for those who wish to enter a casino facility.
  • the entry confirmation control unit 202 When the entry confirmation control unit 202 acquires the user's intention to enter the casino using a GUI (Graphical User Interface) or the like, it requests the user to present his/her My Number card. For example, the entry confirmation control unit 202 displays a GUI such as that shown in FIG. 9 and recognizes that the My Number card has been inserted into an IC (Integrated Circuit) card reader/writer.
  • GUI Graphic User Interface
  • the admission verification control unit 202 controls the IC card reader/writer and attempts to read the casino user ID from the My Number card.
  • the entry confirmation control unit 202 determines that the user has never entered the casino (a user who requires initial identity verification).
  • the entry verification control unit 202 determines that the user has already entered the casino (a user who requires identity verification from the second time onwards).
  • the entry verification control unit 202 obtains a signature electronic certificate from the My Number card held by the user (step S101).
  • the entrance verification control unit 202 displays a GUI like that shown in FIG. 11 and obtains the PIN (a string of 6 to 16 alphanumeric characters).
  • the entrance confirmation control unit 202 attempts to read the signature electronic certificate from the My Number card using the acquired PIN. If the correct PIN is entered, the entrance confirmation control unit 202 can read the signature electronic certificate.
  • the entry verification control unit 202 sends an identity verification request including the read signature electronic certificate to the casino server 30 (step S102).
  • the entry confirmation control unit 202 receives a response (positive or negative response) to the identity verification request from the casino server 30.
  • the admission confirmation control unit 202 determines that the user cannot enter the casino (casino entry not permitted; step S104).
  • the admission confirmation control unit 202 performs identity verification using a facial image (step S105). Specifically, the admission confirmation control unit 202 performs identity verification using a facial image obtained by photographing the face of the My Number card and the user in front of the user.
  • the admission confirmation control unit 202 controls the scanner to obtain the facial image printed on the face of the My Number card.
  • the admission confirmation control unit 202 also controls the camera to photograph the user in front of the admission confirmation control unit 202 and obtains the facial image.
  • the admission confirmation control unit 202 calculates feature amounts from each of the two facial images.
  • the entrance confirmation control unit 202 extracts the eyes, nose, mouth, etc. from the face image as feature points. The entrance confirmation control unit 202 then calculates the position of each feature point and the distance between each feature point as feature amounts (generating a feature vector consisting of multiple feature amounts).
  • the entrance confirmation control unit 202 executes a matching process (one-to-one matching) using the two generated feature amounts. Specifically, the entrance confirmation control unit 202 calculates the similarity between corresponding face images using the two feature amounts. Based on the result of threshold processing on the calculated similarity, the entrance confirmation control unit 202 determines whether the two images are face images of the same person. Note that the similarity can be calculated using chi-square distance, Euclidean distance, or the like. The greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.
  • the admission confirmation control unit 202 determines that identity verification was successful. If the similarity is equal to or less than the predetermined value, the admission confirmation control unit 202 determines that identity verification was unsuccessful.
  • step S106 If identity verification using a facial image fails (step S106, No branch), the admission verification control unit 202 determines that the user cannot enter the casino (casino admission not permitted; step S104).
  • step S106 If identity verification using a facial image is successful (step S106, Yes branch), the admission verification control unit 202 determines that the user is allowed to enter the casino (casino admission permitted; step S107).
  • the admission confirmation control unit 202 issues a casino user ID for the user who has completed the initial identity verification. For example, the admission confirmation control unit 202 treats the user ID received from the casino server 30 as the casino user ID.
  • the admission confirmation control unit 202 stores (records) the casino user ID in the My Number card presented by the user (step S108). Specifically, the admission confirmation control unit 202 writes the casino user ID in the app installation area of the My Number card.
  • the admission confirmation control unit 202 sends an "admission permitted person notification" including a facial image of the user who has completed the initial identity confirmation (the facial image printed on the face of the My Number card or a facial image obtained by photographing) and the casino user ID to the admission control server 80 (step S109).
  • the admission confirmation control unit 202 notifies the user of the result of the initial identity verification.
  • the admission confirmation control unit 202 notifies the user whether or not he or she is allowed to enter the casino (step S110).
  • the entry confirmation control unit 202 displays a message as shown in FIG. 12.
  • the entry verification control unit 202 obtains a user authentication electronic certificate from the My Number card held by the user (step S201).
  • the entrance confirmation control unit 202 displays a GUI such as that shown in FIG. 14 and obtains the PIN number (a four-digit number sequence) or the facial image.
  • the admission confirmation control unit 202 controls a camera (not shown) to capture a facial image of the person wishing to enter.
  • the entrance confirmation control unit 202 attempts to read the user authentication electronic certificate from the My Number card using the acquired PIN. If the correct PIN has been entered, the entrance confirmation control unit 202 can read the user authentication electronic certificate.
  • the entry confirmation control unit 202 can read out the electronic certificate for user authentication.
  • the entry confirmation control unit 202 sends an entry confirmation request including the read user electronic certificate and casino user ID (user ID) to the casino server 30 (step S202).
  • the entry confirmation control unit 202 receives a response (positive or negative response) to the entry confirmation request from the casino server 30.
  • step S203 If a negative response is received in response to the entry confirmation request (step S203, No branch), the entry confirmation control unit 202 determines that the user cannot enter the casino (casino entry not permitted; step S204).
  • step S203 If a positive response is received in response to the entrance confirmation request (step S203, Yes branch), the entrance confirmation control unit 202 performs identity verification using a facial image (step S205).
  • step S206 If identity verification using a facial image fails (step S206, No branch), the admission verification control unit 202 determines that the user cannot enter the casino (casino admission not permitted; step S204).
  • step S206 If identity verification using a facial image is successful (step S206, Yes branch), the admission verification control unit 202 determines that the user is allowed to enter the casino (casino entry permitted; step S207).
  • the admission confirmation control unit 202 sends an "admission permitted person notification" including the face image and casino user ID of the user who has completed the second or subsequent identity and number confirmations to the admission control server 80 (step S208).
  • the admission confirmation control unit 202 notifies the user of the results of the identity confirmation and number confirmation from the second time onwards.
  • the admission confirmation control unit 202 notifies the user whether or not he or she is allowed to enter the casino (step S209).
  • the entry confirmation control unit 202 performs identity confirmation using at least an electronic certificate. Furthermore, when a person wishing to enter the casino wishes to enter for the second or subsequent time, the entry confirmation control unit 202 performs control related to identity confirmation using at least an electronic certificate and confirmation of the number of times the person has entered the casino. More specifically, when the entry confirmation control unit 202 cannot read out a casino user ID from a My Number card in which an electronic certificate is stored, it determines that the person wishing to enter is a user who is attempting to enter the casino for the first time. When the entry confirmation control unit 202 can read out a casino user ID from a My Number card in which an electronic certificate is stored, it determines that the person wishing to enter is a user who wishes to enter the casino for the second or subsequent time.
  • the memory unit 203 is a means for storing information necessary for the operation of the reception terminal 10.
  • [Admission terminal] 15 is a diagram showing an example of a processing configuration (processing module) of the entrance terminal 20 according to the first embodiment.
  • the entrance terminal 20 includes a communication control unit 301, an authentication control unit 302, a gate control unit 303, and a storage unit 304.
  • the communication control unit 301 is a means for controlling communication with other devices.
  • the communication control unit 301 receives data (packets) from the casino server 30.
  • the communication control unit 301 also transmits data to the casino server 30.
  • the communication control unit 301 passes data received from other devices to other processing modules.
  • the communication control unit 301 transmits data obtained from other processing modules to other devices. In this way, the other processing modules transmit and receive data with other devices via the communication control unit 301.
  • the communication control unit 301 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
  • the authentication control unit 302 is a means for controlling the authentication of persons (persons to be authenticated) who wish to enter the casino facility.
  • FIG. 16 is a flowchart showing an example of the operation of the authentication control unit 302 according to the first embodiment.
  • the authentication control unit 302 When the authentication control unit 302 detects a user in front of its device (in front of the entrance terminal 20) using a human presence sensor or the like, it asks the user to present their My Number card.
  • the authentication control unit 302 prompts the user to touch the My Number card to an IC card reader.
  • the authentication control unit 302 attempts to read the casino user ID from the My Number card (step S301).
  • step S302 If reading of the casino user ID fails (step S302, No branch), the authentication control unit 302 determines that the user cannot enter the casino (casino entry not permitted; step S303).
  • step S302 If the casino user ID is successfully read (step S302, Yes branch), the authentication control unit 302 controls the camera to obtain a facial image of the user (step S304).
  • the authentication control unit 302 sends an authentication request including the acquired face image and casino user ID to the admission control server 80 (step S305).
  • the authentication control unit 302 receives the authentication result (authentication successful, authentication failed) from the entrance control server 80.
  • step S306, No branch the authentication control unit 302 determines that the user cannot enter the casino (casino entry not permitted; step S303).
  • step S306, Yes branch the authentication control unit 302 determines that the user can enter the casino (casino entry permitted; step S307).
  • the authentication control unit 302 notifies the user whether or not he or she is permitted to enter the casino (step S308).
  • the authentication control unit 302 also notifies the gate control unit 303 whether or not the user (person to be authenticated) is permitted to enter the casino.
  • the gate control unit 303 is a means for controlling the gate.
  • the gate control unit 303 closes the gate to deny the user passage.
  • the gate control unit 303 opens the gate to allow the user to pass through. At that time, the gate control unit 303 detects the user's passage through the gate using a human presence sensor or the like installed on the admission terminal 20.
  • the gate control unit 303 If the gate control unit 303 detects a user passing through the gate within a predetermined period of time after the gate is opened, the gate control unit 303 notifies the casino server 30 of this fact. Specifically, the gate control unit 303 sends a "casino entry notification" including the casino user ID (user ID) to the casino server 30.
  • the gate control unit 303 If the gate control unit 303 does not detect a user passing through the gate within a specified period of time after the gate is opened, the gate control unit 303 closes the gate.
  • the memory unit 304 is a means for storing information necessary for the operation of the entrance terminal 20.
  • [Casino Server] 17 is a diagram showing an example of a processing configuration (processing module) of the casino server 30 according to the first embodiment.
  • the casino server 30 includes a communication control unit 401, an identity verification processing unit 402, an entry verification processing unit 403, an entry notification unit 404, and a storage unit 405.
  • the communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the reception terminal 10. The communication control unit 401 also transmits data to the reception terminal 10. The communication control unit 401 passes the data received from other devices to other processing modules. The communication control unit 401 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 401.
  • the communication control unit 401 has a function as a receiving unit that receives data from other devices, and a function as a transmitting unit that transmits data to other devices.
  • the identity verification processing unit 402 is a means for processing identity verification requests received from the reception terminal 10.
  • the identity verification processing unit 402 requests the first PF server 40 to verify the identity of a person wishing to enter the casino facility. Specifically, the identity verification processing unit 402 extracts the signature electronic certificate included in the identity verification request, and transmits an identity verification request including the signature electronic certificate to the first PF server 40.
  • the identity verification processing unit 402 receives a response (positive or negative response) to the identity verification request from the first PF server 40.
  • the identity verification processing unit 402 If identity verification fails (if a negative response is received), the identity verification processing unit 402 notifies the reception terminal 10 that identity verification has failed. Specifically, the identity verification processing unit 402 sends a negative response to the identity verification request to the reception terminal 10.
  • the identity verification processing unit 402 If identity verification is successful (if a positive response is received), the identity verification processing unit 402 notifies the reception terminal 10 that identity verification was successful. Specifically, the identity verification processing unit 402 sends a positive response to the identity verification request (positive response including the user ID) to the reception terminal 10. Note that, as described above, the user ID and the casino user ID are the same value.
  • the positive response sent by the first PF server 40 (the response sent when the verification of the digital certificate for signature is successful) includes the user ID and personal identification information.
  • the personal identification processing unit 402 sends the acquired user ID and personal identification information to the management server 50.
  • the identity verification processing unit 402 associates the user ID and identity information included in the positive response and stores them in a user information database (see FIG. 18).
  • a user information database see FIG. 18
  • the user information database shown in FIG. 18 is an example and is not intended to limit the items to be stored.
  • the date and time of processing the identity verification request may be registered in the user information database.
  • the entry confirmation processing unit 403 is a means for processing the entry confirmation request received from the reception terminal 10.
  • the entry confirmation processing unit 403 receives the entry confirmation request including the electronic certificate for user authentication and the casino user ID (user ID) of the person wishing to enter the casino.
  • the entry confirmation processing unit 403 executes processes related to identity verification and number of visits of a person wishing to enter the casino in parallel in response to receiving an entry confirmation request. The operation of the entry confirmation processing unit 403 will be explained with reference to FIG. 19.
  • the admission confirmation processing unit 403 When an admission confirmation request is received, the admission confirmation processing unit 403 generates identification information for managing (identifying) the inquiry corresponding to the admission confirmation request (step S401). Specifically, the admission confirmation processing unit 403 generates an inquiry ID in response to receiving the admission confirmation request. For example, the admission confirmation processing unit 403 generates an inquiry ID (inquiry number) by calculating a hash value of the date and time of receipt of the admission confirmation request, etc.
  • the admission confirmation processing unit 403 requests the first PF server 40 to confirm the identity of the person who wishes to enter.
  • the admission confirmation processing unit 403 also requests the management server 50 to confirm the number of times the person wishes to enter.
  • the entrance verification processing unit 403 sends an identity verification request including the electronic certificate for user authentication acquired from the entrance terminal 20 to the first PF server 40 (step S402).
  • the admission confirmation processing unit 403 receives a response (positive or negative response) to the identity confirmation request from the first PF server 40.
  • the positive response includes the user ID and identity information of the person wishing to enter.
  • the admission confirmation processing unit 403 stores the fact that identity verification of the person wishing to enter has failed. Specifically, the admission confirmation processing unit 403 stores (manages) the inquiry ID and the fact that identity verification has failed in association with each other.
  • the admission confirmation processing unit 403 stores the fact that identity verification of the person wishing to enter was successful. Specifically, the admission confirmation processing unit 403 stores (manages) the inquiry ID, the fact that identity verification was successful, the user ID, and identity specification information in association with each other.
  • the admission confirmation processing unit 403 stores the result of identity confirmation in association with the inquiry ID (step S403).
  • the entry confirmation processing unit 403 sends a number of times confirmation request to the management server 50, which request includes the inquiry ID, the electronic certificate for user authentication acquired from the reception terminal 10, and the user ID (casino user ID) (step S404).
  • the admission confirmation processing unit 403 receives a response (positive response, negative response) to the number confirmation request from the management server 50.
  • the response (positive response, negative response) received from the management server 50 includes an inquiry ID.
  • the positive response includes the visitor ID of the person wishing to enter.
  • the admission confirmation processing unit 403 stores the fact that the number of times confirmation for the person wishing to enter has failed. Specifically, the admission confirmation processing unit 403 stores (manages) the inquiry ID and the fact that the number of times confirmation has failed in association with each other.
  • the admission confirmation processing unit 403 stores the fact that the number of visits confirmation for the person wishing to enter was successful. Specifically, the admission confirmation processing unit 403 stores (manages) the inquiry ID, visitor ID, and the fact that the number of visits confirmation was successful in association with each other.
  • the admission confirmation processing unit 403 stores the result of the number confirmation in association with the inquiry ID (step S405).
  • the entry verification processing unit 403 determines whether or not the person wishing to enter is permitted to enter the casino facility (entry permission determination; step S406).
  • the admission confirmation processing unit 403 determines that the person wishing to enter the casino facility can enter the casino facility.
  • the entry verification processing unit 403 determines that the user cannot enter the casino facility.
  • the admission confirmation processing unit 403 sends a response (confirmation result) to the admission confirmation request to the reception terminal 10 (step S407).
  • the entry confirmation processing unit 403 sends a positive response indicating that to the reception terminal 10.
  • the entry confirmation processing unit 403 sends a negative response indicating that to the reception terminal 10.
  • the entry notification unit 404 is a means for notifying the management server 50 of the fact that a user (a person wishing to enter the casino facility) has entered the casino facility.
  • the entry notification unit 404 processes the "casino entry notification" sent by the entry terminal 20.
  • the entry notification unit 404 searches the user information database using the casino user ID (user ID) as a key to identify the corresponding entry.
  • the entry notification unit 404 sends a "user entry notification" to the management server 50, which includes the date and time the user passed through the gate, the personal information of the identified entry, and the user ID.
  • a user entry notification including the name “NM01” and the gender “female” is sent to the management server 50.
  • the date and time when the user passed through the gate can be the date and time when the casino entry notification was received.
  • the memory unit 405 is a means for storing information necessary for the operation of the casino server 30.
  • the first PF server 40 is a server that processes an identity verification request sent from the casino server 30.
  • the first PF server 40 requests the certificate authority server 70 to verify electronic certificates (digital signature certificate, electronic user certificate) resulting from the first identity verification and the second and subsequent identity verifications. Furthermore, the first PF server 40 controls the ID (user ID) of the user who is the subject of identity verification.
  • FIG. 20 is a diagram showing an example of a processing configuration (processing module) of the first PF server 40 according to the first embodiment.
  • the first PF server 40 includes a communication control unit 501, a verification control unit 502, and a storage unit 503.
  • the communication control unit 501 is a means for controlling communication with other devices.
  • the communication control unit 501 receives data (packets) from the casino server 30.
  • the communication control unit 501 also transmits data to the casino server 30.
  • the communication control unit 501 passes data received from other devices to other processing modules.
  • the communication control unit 501 transmits data obtained from other processing modules to other devices. In this way, the other processing modules transmit and receive data with other devices via the communication control unit 501.
  • the communication control unit 501 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
  • the verification control unit 502 is a means for controlling the verification of the validity of electronic certificates.
  • the verification control unit 502 processes identity verification requests received from the casino server 30.
  • the identity verification request for the initial identity verification includes the signature electronic certificate.
  • the verification control unit 502 extracts the issue number from the signature electronic certificate and sends a verification request including the extracted issue number to the certification authority server 70.
  • the verification control unit 502 receives a response (positive or negative response) to the verification request from the certification authority server 70.
  • the verification control unit 502 If a negative response (the signature electronic certificate is invalid) is received, the verification control unit 502 notifies the casino server 30 that identity verification has failed. The verification control unit 502 sends a negative response indicating that to the casino server 30.
  • the verification control unit 502 creates an account for the corresponding user.
  • the verification control unit 502 generates a user ID for the person who wishes to enter and is the subject of the process.
  • the verification control unit 502 also extracts the issue number of the electronic certificate for user authentication from the positive response received from the certification authority server 70.
  • the verification control unit 502 obtains personal identification information from the electronic signature certificate that has been determined to be valid.
  • the verification control unit 502 stores the generated user ID, personal identification information, the issue number of the electronic certificate for signature, and the issue number of the electronic certificate for user authentication in the user management database (see FIG. 21).
  • the user management database shown in FIG. 21 is an example, and is not intended to limit the items to be stored.
  • the verification control unit 502 notifies the casino server 30 that identity verification has been successful. At that time, the verification control unit 502 notifies the casino server 30 of the generated user ID and the corresponding identity identification information. Specifically, the verification control unit 502 sends an affirmative response including the user ID and identity identification information to the casino server 30.
  • the user identification request (the second or subsequent identity verification request) when the user enters a casino facility includes the user identification electronic certificate.
  • the verification control unit 502 extracts the issue number from the user identification electronic certificate.
  • the verification control unit 502 searches the user management database using the issue number extracted from the user authentication electronic certificate included in the identity verification request resulting from the second or subsequent identity verification performed at the entrance terminal 20 as a key, and attempts to identify the corresponding entry.
  • the verification control unit 502 determines that the person seeking admission has not completed the "initial identity verification (validation of the signature electronic certificate)," and sets the identity verification for that user to failed.
  • the verification control unit 502 sends a verification request to the certification authority server 70, including the issue number of the user authentication electronic certificate and the issue number of the signature electronic certificate stored in the identified entry.
  • the verification control unit 502 receives a response (positive or negative response) to the verification request from the certification authority server 70.
  • the verification control unit 502 sets the user identity verification to failure.
  • the verification control unit 502 sets the user identity verification to successful.
  • the verification control unit 502 notifies the casino server 30 of the result of identity verification (identity verification successful, identity verification failed).
  • the verification control unit 502 sends an affirmative response indicating that to the casino server 30. At that time, the verification control unit 502 sends an affirmative response including the user ID and identity specification information for the user (person subject to identity verification) to the casino server 30.
  • the verification control unit 502 sends a negative response to that effect to the casino server 30.
  • the memory unit 503 is a means for storing information necessary for the operation of the first PF server 40.
  • Fig. 22 is a diagram showing an example of a processing configuration (processing module) of the management server 50 according to the first embodiment.
  • the management server 50 includes a communication control unit 601, a count confirmation control unit 602, an entry/exit control unit 603, and a storage unit 604.
  • the communication control unit 601 is a means for controlling communication with other devices.
  • the communication control unit 601 receives data (packets) from the casino server 30.
  • the communication control unit 601 also transmits data to the casino server 30.
  • the communication control unit 601 passes data received from other devices to other processing modules.
  • the communication control unit 601 transmits data obtained from other processing modules to other devices. In this way, the other processing modules transmit and receive data with other devices via the communication control unit 601.
  • the communication control unit 601 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
  • the number of times confirmation control unit 602 is a means for controlling the confirmation of the number of times a user uses a casino. Note that the number of times confirmation control unit 602 does not manage the usage status of a single casino facility, but rather manages the usage status of each casino facility (multiple casino facilities) conducting business activities within the country. In other words, the number of times confirmation control unit 602 performs the number of times confirmation, etc., not only for the casino facility that the user is about to enter, but also for other casino facilities existing within the country. Note that the Casino Management Committee performs the number of times confirmation using the electronic certificate for user authentication on the My Number card.
  • the number of times confirmation control unit 602 When the number of times confirmation control unit 602 receives the user ID and personal identification information from the casino server 30, it adds an entry to the visitor information database described below and stores the user ID and personal identification information. The number of times confirmation control unit 602 also processes the number of times confirmation request received from the casino server 30. The number of times confirmation control unit 602 requests the second PF server 60 to identify the visitor (a person wishing to enter the casino facility).
  • the number of times confirmation request includes an inquiry ID, an electronic certificate for user authentication, and a user ID.
  • the number of times confirmation control unit 602 uses the user ID to identify the user (entry) stored in the visitor information database.
  • the number of times confirmation control unit 602 also sends a visitor identification request including the electronic certificate for user authentication included in the number of times confirmation request to the second PF server 60.
  • the number confirmation control unit 602 receives a response (positive response, negative response) to the visitor identification request from the second PF server 60.
  • the number of times confirmation control unit 602 notifies the casino server 30 that the number of times confirmation has failed. Specifically, the number of times confirmation control unit 602 sends a negative response (casino facilities cannot be used) to the casino server 30 in response to the number of times confirmation request. At that time, the number of times confirmation control unit 602 sends a negative response including the inquiry ID acquired from the casino server 30 to the casino server 30.
  • the number of visits confirmation control unit 602 When an attendee has been identified (when a positive response has been received), the number of visits confirmation control unit 602 performs a number of visits confirmation for the person wishing to enter.
  • the positive response sent by the second PF server 60 includes the attendee ID of the person wishing to enter.
  • the number of visits confirmation control unit 602 writes the acquired attendee ID into the corresponding entry in the attendee information database.
  • FIG. 23 is a diagram showing an example of a visitor information database according to the first embodiment. As shown in FIG. 23, the visitor information database stores user IDs, visitor IDs, personal identification information, and casino usage history (entry history, exit history) in association with each other.
  • casino usage history entity history, exit history
  • the number of visits confirmation control unit 602 searches the visitor information database using the visitor ID obtained from the second PF server 60 as a key, and identifies the corresponding entry.
  • the number of visits confirmation control unit 602 performs the number of visits confirmation using the casino usage history of the corresponding entry (visitor wishing to enter). Specifically, the number of visits confirmation control unit 602 determines whether the casino usage history of the visitor wishes to enter violates the short-term number of visits limit (up to three visits in seven consecutive days) or the long-term number of visits limit (up to ten visits in 28 consecutive days).
  • the number of times confirmation control unit 602 determines that the casino facility usage history of the person wishing to enter violates the number of times limit, it sets the result of the number of times confirmation to "casino facility usage not permitted.”
  • the number of visits confirmation control unit 602 determines that the casino facility usage history of the person wishing to enter does not violate the number of visits limit, it sets the result of the number of visits confirmation to "Casino facility usage permitted.”
  • the number of times confirmation control unit 602 notifies the casino server 30 of the result of the number of times confirmation.
  • the count confirmation control unit 602 sends a negative response indicating that to the casino server 30. At that time, the count confirmation control unit 602 sends a negative response to the casino server 30 that includes the inquiry ID acquired from the casino server 30.
  • the number of times confirmation control unit 602 sends an affirmative response indicating that to the casino server 30. At that time, the number of times confirmation control unit 602 sends an affirmative response to the casino server 30 that includes the inquiry ID acquired from the casino server 30 and the visitor ID of the person wishing to enter.
  • the entry/exit control unit 603 is a means for controlling the entry and exit of users of the casino facility.
  • the entry/exit control unit 603 searches the visitor information database using the user ID included in the notification as a key to identify the corresponding entry.
  • the entry/exit control unit 603 updates the user identification information field and the entry history field of the identified entry using the user identification information and gate passing date and time included in the user entry notification.
  • the entry/exit control unit 603 may or may not update that field.
  • the entry/exit control unit 603 also controls when a casino user leaves the casino facility. Control regarding exit from the casino facility is different from the spirit of this disclosure, so a detailed explanation will be omitted.
  • the entry/exit control unit 603 receives a user ID and exit history from an exit terminal (not shown in FIG. 3, etc.) installed at the exit of the casino facility, and reflects the exit history in the visitor information database.
  • the memory unit 604 is a means for storing information necessary for the operation of the management server 50.
  • the second PF server 60 is a server that processes a visitor identification request sent from the management server 50.
  • the second PF server 60 requests the certificate authority server 70 to verify a user authentication electronic certificate resulting from the user's number of times confirmation. Furthermore, the second PF server 60 controls the ID (visitor ID) of the user who is the subject of the number of times confirmation.
  • FIG. 24 is a diagram showing an example of a processing configuration (processing module) of the second PF server 60 according to the first embodiment.
  • the second PF server 60 includes a communication control unit 701, a verification control unit 702, and a storage unit 703.
  • the communication control unit 701 is a means for controlling communication with other devices. For example, the communication control unit 701 receives data (packets) from the management server 50. The communication control unit 701 also transmits data to the management server 50. The communication control unit 701 passes data received from other devices to other processing modules. The communication control unit 701 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 701.
  • the communication control unit 701 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
  • the verification control unit 702 is a means for controlling the verification of the validity of electronic certificates.
  • the verification control unit 702 processes visitor identification requests received from the management server 50.
  • the visitor identification request sent from the management server 50 includes an electronic certificate for user authentication.
  • the verification control unit 702 extracts the issue number from the electronic certificate for user authentication and sends a verification request including the extracted issue number to the certification authority server 70.
  • the verification control unit 702 receives a response (positive or negative response) to the verification request from the certification authority server 70.
  • the verification control unit 702 If a negative response is received (the user authentication electronic certificate is invalid), the verification control unit 702 notifies the management server 50 that the person wishing to enter cannot be identified. Specifically, the verification control unit 702 sends a negative response indicating this to the management server 50.
  • the verification control unit 702 If a positive response is received (the user authentication electronic certificate is valid), the verification control unit 702 creates an account for the person wishing to enter. Upon receiving a positive response, the verification control unit 702 searches the visitor management database using the issue number of the user authentication electronic certificate that was determined to be valid as a key.
  • the visitor management database is a database that stores visitor IDs and the issue numbers of electronic certificates for user authentication in association with each other (see FIG. 25). Note that the visitor management database shown in FIG. 25 is an example, and is not intended to limit the items to be stored.
  • the verification control unit 702 does not take any special action.
  • the verification control unit 702 If there is no entry corresponding to the issue number of the electronic certificate for user authentication, the verification control unit 702 generates a visitor ID for the person wishing to enter. Furthermore, the verification control unit 702 stores the generated visitor ID and the issue number of the electronic certificate for user authentication in the visitor management database.
  • the verification control unit 702 notifies the management server 50 that the person wishing to enter has been identified. Specifically, the verification control unit 702 sends a positive response indicating this to the management server 50. At that time, the verification control unit 702 sends the positive response including the visitor ID of the person wishing to enter to the management server 50.
  • the memory unit 703 is a means for storing information necessary for the operation of the second PF server 60.
  • [Certification Authority Server] 26 is a diagram showing an example of a processing configuration (processing module) of the certificate authority server 70 according to the first embodiment.
  • the certificate authority server 70 includes a communication control unit 801, a verification unit 802, and a storage unit 803.
  • the communication control unit 801 is a means for controlling communication with other devices. For example, the communication control unit 801 receives data (packets) from the first PF server 40. The communication control unit 801 also transmits data to the first PF server 40. The communication control unit 801 passes data received from other devices to other processing modules. The communication control unit 801 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 801.
  • the communication control unit 801 has a function as a receiver that receives data from other devices and a function as a transmitter that transmits data to other devices.
  • the verification unit 802 is a means for verifying the validity of the electronic certificate.
  • the verification unit 802 processes verification requests received from the first PF server 40 and the second PF server 60.
  • the verification unit 802 refers to a database that stores the issue number of the signature electronic certificate, the issue number of the user authentication electronic certificate, the validity period of each certificate, etc., and verifies the validity of the signature electronic certificate and the user authentication electronic certificate.
  • the verification unit 802 uses the issue number to verify the validity of the electronic signature certificate.
  • the verification unit 802 notifies the first PF server 40 of the verification result. If the signature electronic certificate is valid, the verification unit 802 sends an affirmative response to that effect to the first PF server 40. At that time, the verification unit 802 sends an affirmative response to the first PF server 40 that includes the issue number of the user authentication electronic certificate that is stored in correspondence with the issue number of the signature electronic certificate.
  • the verification unit 802 sends a negative response to that effect to the first PF server 40.
  • the verification unit 802 uses these issue numbers to verify the validity of the two electronic certificates.
  • the verification unit 802 If both electronic certificates (electronic signature certificate and electronic user authentication certificate) are valid, the verification unit 802 notifies the first PF server 40 that the two electronic certificates are valid. Specifically, the verification unit 802 sends an affirmative response to the first PF server 40 indicating that the two electronic certificates are valid.
  • the verification unit 802 If at least one of the two electronic certificates (electronic signature certificate, electronic user authentication certificate) is invalid, the verification unit 802 notifies the first PF server 40 that the electronic certificate is invalid. Specifically, the verification unit 802 sends a negative response to the first PF server 40 indicating that the electronic certificate is invalid.
  • the verification unit 802 verifies the validity of the user-certificate electronic certificate using the issue number of the user-certificate electronic certificate included in the verification request.
  • the verification unit 802 notifies the second PF server 60 of the verification result. If the user authentication electronic certificate is valid, the verification unit 802 sends a positive response indicating that to the second PF server 60.
  • the verification unit 802 sends a negative response indicating that to the second PF server 60.
  • the memory unit 803 is a means for storing information necessary for the operation of the certification authority server 70.
  • Fig. 27 is a diagram showing an example of a processing configuration (processing module) of the admission control server 80 according to the first embodiment.
  • the admission control server 80 includes a communication control unit 901, an admission permitted user notification processing unit 902, an authentication request processing unit 903, and a storage unit 904.
  • the communication control unit 901 is a means for controlling communication with other devices. For example, the communication control unit 901 receives data (packets) from the reception terminal 10. The communication control unit 901 also transmits data to the reception terminal 10. The communication control unit 901 passes data received from other devices to other processing modules. The communication control unit 901 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 901.
  • the communication control unit 901 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
  • the admission permitted person notification processing unit 902 is a means for processing the admission permitted person notification received from the reception terminal 10.
  • the admission permitted person notification processing unit 902 stores the face image and casino user ID contained in the notification in the admission permitted person list (see FIG. 28).
  • the authentication request processing unit 903 is a means for processing the authentication request received from the entrance terminal 20.
  • the authentication request processing unit 903 searches the list of permitted entry users using the casino user ID included in the authentication request as a key, and identifies the corresponding user (entry). The authentication request processing unit 903 performs one-to-one authentication using the face image of the identified user and the face image acquired from the admission terminal 20.
  • the authentication request processing unit 903 generates features from each of the two facial images, and calculates the similarity between the two generated features.
  • the authentication request processing unit 903 performs threshold processing on the calculated similarity, and determines whether the two facial images are of the same person.
  • the authentication request processing unit 903 sends a positive response to the admission terminal 20 indicating that the user is permitted to enter the casino.
  • the authentication request processing unit 903 sends a negative response to the admission terminal 20 indicating that the user is not permitted to enter the casino.
  • the admission control server 80 maintains and manages the admission permitted person list as necessary. Specifically, the admission control server 80 deletes entries that have been registered in the list for a predetermined period of time. Alternatively, the admission control server 80 deletes entries that have been registered for a predetermined period of time since they were determined to have been authenticated successfully.
  • FIG. 29 is a flowchart showing an example of the operation of the admission management system according to the first embodiment.
  • the system operation related to the identity verification of the user will be described with reference to Fig. 29.
  • the reception terminal 10 performs the first identity verification or the second or subsequent identity verification (step S41).
  • the reception terminal 10 sends an admission permission notification, including the user's facial image and casino user ID, to the admission control server 80 (step S42).
  • the admission control server 80 adds the facial image and casino user ID contained in the admission permission notification to the admission permission list (step S43).
  • the reception terminal 10 if the reception terminal 10 is successful in verifying the identity of the person using the electronic certificate, it performs identity verification using facial information obtained from the My Number card in which the electronic certificate is stored and facial information obtained by photographing the person wishing to enter. Furthermore, if the reception terminal 10 is successful in verifying the identity of the person using the electronic certificate and the facial information, it writes the casino user ID to the My Number card in which the electronic certificate is stored.
  • FIG. 30 is a flowchart showing an example of the operation of the admission management system according to the first embodiment. The system operation related to user authentication will be described with reference to FIG. 30.
  • the admission terminal 20 acquires the casino user ID from the My Number card presented by the user (step S51).
  • the entrance terminal 20 photographs the user and acquires a facial image (step S52).
  • the admission terminal 20 sends an authentication request including the face image and casino user ID of the user (person to be authenticated) to the admission control server 80 (step S53).
  • the admission control server 80 identifies the person to be authenticated using the casino user ID included in the authentication request and the casino user ID listed in the admission permitted person list (step S54).
  • the admission control server 80 performs one-to-one authentication using the face image of the identified person to be authenticated and the face image included in the authentication request (step S55).
  • the admission control server 80 determines that the authentication is successful. If the casino user ID is not on the admission permitted person list or if the one-to-one authentication fails, the admission control server 80 determines that the authentication is unsuccessful. The admission control server 80 transmits the authentication result to the admission terminal 20 (step S56).
  • the entrance terminal 20 controls the gate according to the authentication result (step S57).
  • the reception terminal 10 issues a casino user ID to a user whose identity has been verified, and writes the issued casino user ID to the My Number card (the My Number card used for identity verification).
  • the casino user ID and face image of the user whose identity has been verified are stored in the admission control server 80's admission permitted person list.
  • a user entering the casino presents the My Number card with the casino user ID written to it to the admission terminal 20.
  • the admission terminal 20 reads out the casino user ID from the presented My Number card, and transmits an authentication request including the face image of the person to be authenticated and the casino user ID to the admission control server 80.
  • the admission control server 80 identifies the person to be authenticated using the casino user ID, and performs one-to-one authentication using the face image of the identified person to be authenticated and the face image captured by the admission terminal 20. If the one-to-one authentication is successful, the person to be authenticated is permitted to enter the casino. Since the casino user ID is written to the My Number card required for admission to the casino, a person wishing to enter the casino does not need to carry multiple media.
  • the entrance control server 80 performs one-to-one authentication instead of one-to-N authentication for the many users listed on the entrance permitted list. As a result, the system disclosed in the present application can prevent deterioration in authentication accuracy, which can be a problem due to one-to-N authentication.
  • Figure 31 is a diagram showing an example of the hardware configuration of the reception terminal 10.
  • the reception terminal 10 can be configured by an information processing device (so-called a computer), and has the configuration shown in FIG. 31.
  • the reception terminal 10 has a processor 311, a memory 312, an input/output interface 313, and a communication interface 314.
  • the components such as the processor 311 are connected by an internal bus or the like, and are configured to be able to communicate with each other.
  • the configuration shown in FIG. 31 is not intended to limit the hardware configuration of the reception terminal 10.
  • the reception terminal 10 may include hardware not shown, and may not include an input/output interface 313 as necessary.
  • the number of processors 311 and the like included in the reception terminal 10 is not intended to be limited to the example shown in FIG. 31, and for example, the reception terminal 10 may include multiple processors 311.
  • the processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
  • OS operating system
  • Memory 312 may be a RAM (Random Access Memory), a ROM (Read Only Memory), a HDD (Hard Disk Drive), a SSD (Solid State Drive), etc. Memory 312 stores the OS program, application programs, and various data.
  • RAM Random Access Memory
  • ROM Read Only Memory
  • HDD Hard Disk Drive
  • SSD Solid State Drive
  • the input/output interface 313 is an interface for a display device and an input device (not shown).
  • the display device is, for example, a liquid crystal display.
  • the input device is, for example, a device that accepts user operations such as a keyboard or a mouse.
  • the communication interface 314 is a circuit, module, etc. that communicates with other devices.
  • the communication interface 314 includes a NIC (Network Interface Card), etc.
  • the functions of the reception terminal 10 are realized by various processing modules.
  • the processing modules are realized, for example, by the processor 311 executing a program stored in the memory 312.
  • the program can be recorded on a computer-readable storage medium.
  • the storage medium can be a non-transitory medium such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium.
  • the present invention can also be embodied as a computer program product.
  • the program can be downloaded via a network, or updated using a storage medium that stores the program.
  • the processing modules may also be realized by a semiconductor chip.
  • the entrance terminal 20, casino server 30, etc. can also be configured using information processing devices, just like the reception terminal 10, and their basic hardware configuration is no different from that of the reception terminal 10, so a description of them will be omitted.
  • the reception terminal 10 which is an information processing device, is equipped with a computer, and the functions of the reception terminal 10 can be realized by having the computer execute a program. In addition, the reception terminal 10 executes a control method for the reception terminal 10 by the program.
  • the initial identity verification may also be performed by a terminal such as a smartphone carried by the user.
  • the user's terminal may read the signature electronic certificate from the My Number card and send an identity verification request including the read signature electronic certificate to the casino server 30.
  • the user's terminal may write the casino user ID to the My Number card.
  • a user ID (an ID generated by the first PF server 40 on the casino operator side) is used as the casino user ID.
  • the casino user ID may be a different ID linked to the user ID (for example, an ID issued by the casino operator).
  • the reception terminal 10 performs identity verification using an electronic certificate and identity verification using a facial image.
  • the reception terminal 10 may omit either of the identity verifications. In other words, in a situation where it is determined that one identity verification is sufficient, it is sufficient to perform either of the two identity verifications.
  • the casino user ID is written to the My Number card.
  • the casino user ID may be written to other media.
  • the electronic certificates digital signature certificate, electronic user certificate
  • the casino user ID may be written to the smartphone.
  • the initial identity verification is performed at the reception terminal 10.
  • the initial identity verification may be performed at a terminal carried by the user (e.g., a smartphone).
  • the reception terminal 10 since the reception terminal 10 cannot register the user's face image to the admission control server 80 from the terminal, the reception terminal 10 may register the face image to the admission control server 80 when confirming the number of times. That is, in response to the operation of the person who wishes to enter the casino facility, the reception terminal 10 writes an ID that identifies the person who wishes to enter into a medium (My Number card) in which the electronic certificate of the person who wishes to enter is stored.
  • the reception terminal 10 may transmit an admission permitted person notification including the ID and the face information of the person who wishes to enter to the admission control server 80.
  • each server various databases are configured within each server, but the databases may be configured in an external database server or the like. In other words, some functions of each server may be implemented in another server. More specifically, the above-described "personal identification processing unit (personal identification processing means)", “entrance confirmation processing unit (entrance confirmation processing means)”, etc. may be implemented in any of the devices included in the system.
  • each device (reception terminal 10, admission terminal 20, casino server 30, etc.) is not particularly limited, but data transmitted and received between these devices may be encrypted.
  • Electronic certificates and the like are transmitted and received between these devices, and in order to properly protect the information in the electronic certificates, it is desirable to transmit and receive encrypted data.
  • each embodiment may be used alone or in combination.
  • a reception terminal An entrance terminal for restricting the entrance of an authenticated person who is attempting to enter a predetermined facility;
  • a server device Including, the reception terminal, in response to an operation of an entry applicant who wishes to enter the predetermined facility, writes an ID for identifying the entry applicant into a medium in which an electronic certificate of the entry applicant is stored, and transmits an entry permitted person notification including the ID and face information of the entry applicant to the server device;
  • the server device stores the ID and face information included in the admission permitted person notice in an admission permitted person list;
  • the entrance terminal reads the ID from a medium in which the ID is written and which is held by the person to be authenticated, photographs the person to be authenticated to obtain face information, and transmits an authentication request including the ID and the face information to the server device;
  • the server device identifies the person to be authenticated using an ID included in the authentication request and an ID included in the entry permitted person list, perform
  • Appendix 2 The system described in Appendix 1, wherein the reception terminal controls identity verification using an electronic certificate of an entry applicant wishing to enter the specified facility, and when identity verification using the electronic certificate is successful, writes the ID to a medium on which the electronic certificate of the entry applicant is stored, and transmits the entry permitted notification to the server device, the notification including the ID and facial information of the entry applicant whose identity verification using the electronic certificate was successful.
  • Appendix 3 The system described in Appendix 2, wherein, if the reception terminal is successful in identity verification using the electronic certificate, it performs identity verification using facial information obtained from the medium in which the electronic certificate is stored and facial information obtained by photographing the person wishing to enter.
  • Appendix 4 The system described in Appendix 3, wherein the reception terminal, upon successful identity verification using the electronic certificate and identity verification using the facial information, writes the ID to a medium on which the electronic certificate is stored.
  • Appendix 5 the reception terminal performs identity verification using at least the electronic certificate when the admission applicant is attempting to enter the predetermined facility for the first time;
  • the system described in Appendix 4 which, if the person wishing to enter the specified facility wishes to enter the facility for a second or subsequent time, executes control over identity verification using at least the electronic certificate and confirmation of the number of times the person wishes to enter the specified facility.
  • the reception terminal includes: If the ID cannot be read from the medium in which the electronic certificate is stored, the entrance applicant is determined to be a user attempting to enter the specified facility for the first time; The system described in Appendix 5, wherein if the ID can be read from the medium on which the electronic certificate is stored, the person wishing to enter is determined to be a user wishing to enter the specified facility for the second or subsequent time.
  • Appendix 7 The system according to any one of appendix 1 to 6, wherein the medium on which the electronic certificate is stored is a My Number Card.
  • the facial information is a facial image.
  • a system comprising: writing an ID for identifying the entry applicant to a medium storing an electronic certificate of the entry applicant in response to an operation of the entry applicant who wishes to enter the specified facility, and transmitting an entry permitted person notice including the ID and face information of the entry applicant to the server device; storing the ID and face information included in the admission permitted person notification in an admission permitted person list; reading out the ID from a medium in which the ID is written and held by the person to be authenticated, photographing the person to be authenticated to obtain face information, and transmitting an authentication request including the ID and the face information to the server device;
  • the method includes identifying the person to be authenticated using an ID included in the authentication request and an ID included in the entry permitted person list, performing one-to-one authentication using facial information included in the entry permitted person list of the identified person to be authenticated and facial information included in the authentication request, and, if the one-

Landscapes

  • Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Alarm Systems (AREA)

Abstract

Provided is a system that reduces the burden on a user of a facility such as a casino. This system includes a reception terminal, an admission terminal, and a server device. The reception terminal, in response to an operation by an applicant for admission who desires to enter a given facility, writes an ID identifying the applicant for admission to a medium in which is stored an electronic certificate of the applicant for admission. The reception terminal transmits an admission permit holder notification, including the ID and face information, to the server device. The server device stores the ID and face information in an admission permit holder list. The admission terminal transmits an authentication request, including an ID and face information for a person to be authenticated, to the server device. The server device uses the ID to identify the person to be authenticated and performs one-to-one authentication using the face information for the identified person to be authenticated, which is included in the admission permit holder list, and the face information included in the authentication request. If one-to-one authentication is successful, the server device permits entry by the authenticated person.

Description

システム及び方法Systems and methods
 本発明は、システム及び方法に関する。 The present invention relates to a system and a method.
 カジノのような遊戯施設への入退場を管理する入場管理システムが存在する。 There are admission control systems that manage the entry and exit to entertainment facilities such as casinos.
 特許文献1には、現金を用いたカジノ遊技を提供する複数の国内カジノが日本国内に設けられた場合に、効率良くカジノ遊技へののめり込みを防止することができる遊技システム、遊技場管理装置及び利用制限方法を提供することを課題とする、と記載されている。 Patent Document 1 states that the objective of the invention is to provide a gaming system, gaming facility management device, and usage restriction method that can efficiently prevent players from becoming addicted to casino games when multiple domestic casinos that offer casino games using cash are established in Japan.
 また、施設の出入口等に設置されるゲート装置のスループット改善に関する技術が存在する。例えば、特許文献2には、着券等を不要とし、ゲート通過のスループットを向上可能とする、と記載されている。 There is also technology that improves the throughput of gate devices installed at facility entrances and exits. For example, Patent Document 2 describes how it is possible to improve the throughput of passing through a gate by eliminating the need for tickets, etc.
特開2017-184866号公報JP 2017-184866 A 国際公開第2018/181968号International Publication No. 2018/181968
 カジノ等の施設に入場する際には本人確認が必要である。具体的には、マイナンバーカードのような媒体を用いた本人確認が必要である。特許文献1では、氏名や身分証明書をシステムに登録したのちに、システム独自のカード媒体をカジノ利用者に発行している(段落[0021]参照)。当該カード媒体は、利用者がカジノに入場する際、当該利用者を特定するために使用される(段落[0024]~[0025])。 Identification is required when entering facilities such as casinos. Specifically, identity verification using a medium such as a My Number card is required. In Patent Document 1, after registering a user's name and identification in the system, a card medium unique to the system is issued to the casino user (see paragraph [0021]). The card medium is used to identify the user when the user enters the casino (paragraphs [0024]-[0025]).
 ここで、特許文献1では、カジノに入場するため、利用者は本人確認のための身分証明書とカジノに入場するためのカード媒体を携帯していることが必要である。しかし、複数の媒体を携帯することは利用者の管理負担等が大きい。 In Patent Document 1, in order to enter a casino, a user must carry an ID card for identity verification and a card medium for entering the casino. However, carrying multiple media places a large burden on the user in terms of management, etc.
 本発明は、カジノ等の施設利用者の負担を軽減することに寄与する、システム及び方法を提供することを主たる目的とする。 The main objective of the present invention is to provide a system and method that contributes to reducing the burden on users of facilities such as casinos.
 本発明の第1の視点によれば、受付端末と、所定の施設に入場しようとする被認証者の入場を制限する、入場端末と、サーバ装置と、を含み、前記受付端末は、前記所定の施設に入場を希望する入場希望者の操作に応じて、前記入場希望者の電子証明書が格納された媒体に、前記入場希望者を識別するIDを書き込み、前記IDと前記入場希望者の顔情報を含む入場許可者通知を前記サーバ装置に送信し、前記サーバ装置は、前記入場許可者通知に含まれる前記IDと顔情報を入場許可者リストに記憶し、前記入場端末は、前記被認証者が所持する前記IDが書き込まれた媒体から前記IDを読み出すと共に、前記被認証者を撮影して顔情報を取得し、前記IDと前記顔情報を含む認証要求を前記サーバ装置に送信し、前記サーバ装置は、前記認証要求に含まれるIDと前記入場許可者リストに含まれるIDを用いて前記被認証者を特定し、前記特定された被認証者の前記入場許可者リストに含まれる顔情報と前記認証要求に含まれる顔情報を用いた1対1認証を実行し、前記1対1認証に成功すると、前記被認証者は前記所定の施設に入場できることを前記入場端末に通知する、システムが提供される。 According to a first aspect of the present invention, a system is provided that includes a reception terminal, an entrance terminal that restricts the entrance of an authenticated person who is attempting to enter a specified facility, and a server device, in which the reception terminal, in response to an operation by an authenticated person who wishes to enter the specified facility, writes an ID that identifies the authenticated person to a medium storing an electronic certificate of the authenticated person, and transmits an authorized person notification including the ID and facial information of the authenticated person to the server device, the server device stores the ID and facial information included in the authorized person notification in an authorized person list, the entrance terminal reads the ID from the medium held by the authenticated person on which the ID is written, photographs the authenticated person to obtain facial information, and transmits an authentication request including the ID and the facial information to the server device, the server device identifies the authenticated person using the ID included in the authentication request and the ID included in the authorized person list, performs one-to-one authentication using the facial information of the identified authenticated person included in the authorized person list and the facial information included in the authentication request, and if the one-to-one authentication is successful, notifies the entrance terminal that the authenticated person is allowed to enter the specified facility.
 本発明の第2の視点によれば、受付端末と、所定の施設に入場しようとする被認証者の入場を制限する、入場端末と、サーバ装置と、を含むシステムにおいて、前記所定の施設に入場を希望する入場希望者の操作に応じて、前記入場希望者の電子証明書が格納された媒体に、前記入場希望者を識別するIDを書き込み、前記IDと前記入場希望者の顔情報を含む入場許可者通知を前記サーバ装置に送信し、前記入場許可者通知に含まれる前記IDと顔情報を入場許可者リストに記憶し、前記被認証者が所持する前記IDが書き込まれた媒体から前記IDを読み出すと共に、前記被認証者を撮影して顔情報を取得し、前記IDと前記顔情報を含む認証要求を前記サーバ装置に送信し、前記認証要求に含まれるIDと前記入場許可者リストに含まれるIDを用いて前記被認証者を特定し、前記特定された被認証者の前記入場許可者リストに含まれる顔情報と前記認証要求に含まれる顔情報を用いた1対1認証を実行し、前記1対1認証に成功すると、前記被認証者は前記所定の施設に入場できることを前記入場端末に通知する、方法が提供される。 In accordance with a second aspect of the present invention, a system including a reception terminal, an entrance terminal that restricts the entrance of an authenticated person who is attempting to enter a specified facility, and a server device, provides a method for writing an ID that identifies the authenticated person to a medium storing an electronic certificate of the authenticated person in response to an operation of the authenticated person who wishes to enter the specified facility, transmitting an authorized person notification including the ID and facial information of the authenticated person to the server device, storing the ID and facial information included in the authorized person notification in an authorized person list, reading the ID from the medium held by the authenticated person on which the ID is written, photographing the authenticated person to obtain facial information, transmitting an authentication request including the ID and the facial information to the server device, identifying the authenticated person using the ID included in the authentication request and the ID included in the authorized person list, performing one-to-one authentication using the facial information of the identified authenticated person included in the authorized person list and the facial information included in the authentication request, and notifying the entrance terminal that the authenticated person is allowed to enter the specified facility if the one-to-one authentication is successful.
 本発明の各視点によれば、カジノ等の施設利用者の負担を軽減することに寄与する、システム及び方法が提供される。なお、本発明の効果は上記に限定されない。本発明により、当該効果の代わりに、又は当該効果と共に、他の効果が奏されてもよい。 In accordance with each aspect of the present invention, a system and method are provided that contribute to reducing the burden on users of facilities such as casinos. Note that the effects of the present invention are not limited to those described above. The present invention may achieve other effects instead of or in addition to the effects described above.
図1は、一実施形態の概要を説明するための図である。FIG. 1 is a diagram for explaining an overview of an embodiment. 図2は、一実施形態の動作を説明するためのフローチャートである。FIG. 2 is a flowchart for explaining the operation of one embodiment. 図3は、第1の実施形態に係る入場管理システムの概略構成の一例を示す図である。FIG. 3 is a diagram showing an example of a schematic configuration of the entrance management system according to the first embodiment. 図4は、第1の実施形態に係る入場管理システムの動作を説明するための図である。FIG. 4 is a diagram for explaining the operation of the entrance management system according to the first embodiment. 図5は、第1の実施形態に係る入場管理システムの動作を説明するための図である。FIG. 5 is a diagram for explaining the operation of the entrance management system according to the first embodiment. 図6は、第1の実施形態に係る入場管理システムの動作を説明するための図である。FIG. 6 is a diagram for explaining the operation of the entrance management system according to the first embodiment. 図7は、第1の実施形態に係る入場管理システムの動作を説明するための図である。FIG. 7 is a diagram for explaining the operation of the entrance management system according to the first embodiment. 図8は、第1の実施形態に係る受付端末の処理構成の一例を示す図である。FIG. 8 is a diagram illustrating an example of a processing configuration of the reception terminal according to the first embodiment. 図9は、第1の実施形態に係る受付端末の表示の一例を示す図である。FIG. 9 is a diagram illustrating an example of a display of the reception terminal according to the first embodiment. 図10は、第1の実施形態に係る入場確認制御部の動作の一例を示すフローチャートである。FIG. 10 is a flowchart illustrating an example of the operation of the admission confirmation control unit according to the first embodiment. 図11は、第1の実施形態に係る受付端末の表示の一例を示す図である。FIG. 11 is a diagram illustrating an example of a display of the reception terminal according to the first embodiment. 図12は、第1の実施形態に係る受付端末の表示の一例を示す図である。FIG. 12 is a diagram illustrating an example of a display of the reception terminal according to the first embodiment. 図13は、第1の実施形態に係る入場確認制御部の動作の一例を示すフローチャートである。FIG. 13 is a flowchart illustrating an example of the operation of the admission confirmation control unit according to the first embodiment. 図14は、第1の実施形態に係る受付端末の表示の一例を示す図である。FIG. 14 is a diagram illustrating an example of a display of the reception terminal according to the first embodiment. 図15は、第1の実施形態に係る入場端末の処理構成の一例を示す図である。FIG. 15 is a diagram illustrating an example of a processing configuration of an entrance terminal according to the first embodiment. 図16は、第1の実施形態に係る認証制御部の動作の一例を示すフローチャートである。FIG. 16 is a flowchart illustrating an example of the operation of the authentication control unit according to the first embodiment. 図17は、第1の実施形態に係るカジノサーバの処理構成の一例を示す図である。FIG. 17 is a diagram illustrating an example of a processing configuration of the casino server according to the first embodiment. 図18は、第1の実施形態に係る利用者情報データベースの一例を示す図である。FIG. 18 is a diagram illustrating an example of a user information database according to the first embodiment. 図19は、第1の実施形態に係る入場確認処理部の動作の一例を示すフローチャートである。FIG. 19 is a flowchart illustrating an example of the operation of the admission confirmation processing unit according to the first embodiment. 図20は、第1の実施形態に係る第1のPFサーバの処理構成の一例を示す図である。FIG. 20 is a diagram illustrating an example of a processing configuration of the first PF server according to the first embodiment. 図21は、第1の実施形態に係る利用者管理データベースの一例を示す図である。FIG. 21 is a diagram illustrating an example of a user management database according to the first embodiment. 図22は、第1の実施形態に係る管理サーバの処理構成の一例を示す図である。FIG. 22 is a diagram illustrating an example of a processing configuration of the management server according to the first embodiment. 図23は、第1の実施形態に係る入場者情報データベースの一例を示す図である。FIG. 23 is a diagram showing an example of the visitor information database according to the first embodiment. 図24は、第1の実施形態に係る第2のPFサーバの処理構成の一例を示す図である。FIG. 24 is a diagram illustrating an example of a processing configuration of the second PF server according to the first embodiment. 図25は、第1の実施形態に係る入場者管理データベースの一例を示す図である。FIG. 25 is a diagram showing an example of the attendee management database according to the first embodiment. 図26は、第1の実施形態に係る認証局サーバの処理構成の一例を示す図である。FIG. 26 is a diagram illustrating an example of a processing configuration of the certificate authority server according to the first embodiment. 図27は、第1の実施形態に係る入場制御サーバの処理構成の一例を示す図である。FIG. 27 is a diagram illustrating an example of a processing configuration of the admission control server according to the first embodiment. 図28は、第1の実施形態に係る入場許可者リストの一例を示す図である。FIG. 28 is a diagram showing an example of the admission permitted person list according to the first embodiment. 図29は、第1の実施形態に係る入場管理システムの動作の一例を示すシーケンス図である。FIG. 29 is a sequence diagram showing an example of the operation of the entrance management system according to the first embodiment. 図30は、第1の実施形態に係る入場管理システムの動作の一例を示すシーケンス図である。FIG. 30 is a sequence diagram showing an example of the operation of the entrance management system according to the first embodiment. 図31は、本願開示に係る受付端末のハードウェア構成の一例を示す図である。FIG. 31 is a diagram illustrating an example of a hardware configuration of a reception terminal according to the present disclosure.
 はじめに、一実施形態の概要について説明する。なお、この概要に付記した図面参照符号は、理解を助けるための一例として各要素に便宜上付記したものであり、この概要の記載はなんらの限定を意図するものではない。また、特段の釈明がない場合には、各図面に記載されたブロックはハードウェア単位の構成ではなく、機能単位の構成を表す。各図におけるブロック間の接続線は、双方向及び単方向の双方を含む。一方向矢印については、主たる信号(データ)の流れを模式的に示すものであり、双方向性を排除するものではない。なお、本明細書及び図面において、同様に説明されることが可能な要素については、同一の符号を付することにより重複説明が省略され得る。 First, an overview of one embodiment will be described. Note that the reference numerals in the drawings attached to this overview are added to each element for convenience as an example to aid understanding, and the description of this overview is not intended to be limiting in any way. Furthermore, unless otherwise specified, the blocks illustrated in each drawing represent a functional configuration, not a hardware configuration. The connection lines between blocks in each drawing include both bidirectional and unidirectional. Unidirectional arrows are used to diagrammatically indicate the flow of the main signal (data), and do not exclude bidirectionality. Note that in this specification and drawings, elements that can be described in the same way may be labeled with the same numerals to avoid duplicated explanations.
 一実施形態に係るシステムは、受付端末101と、所定の施設に入場しようとする被認証者の入場を制限する、入場端末102と、サーバ装置103と、を含む(図1参照)。受付端末101は、所定の施設に入場を希望する入場希望者の操作に応じて、入場希望者の電子証明書が格納された媒体に、入場希望者を識別するIDを書き込む(図2のステップS1)。受付端末101は、当該IDと入場希望者の顔情報を含む入場許可者通知をサーバ装置103に送信する(ステップS2)。サーバ装置103は、入場許可者通知に含まれるIDと顔情報を入場許可者リストに記憶する(ステップS3)。入場端末102は、被認証者が所持するIDが書き込まれた媒体からIDを読み出すと共に、被認証者を撮影して顔情報を取得し、IDと顔情報を含む認証要求をサーバ装置103に送信する(ステップS4)。サーバ装置103は、認証要求に含まれるIDと入場許可者リストに含まれるIDを用いて被認証者を特定する(ステップS5)。サーバ装置103は、特定された被認証者の入場許可者リストに含まれる顔情報と認証要求に含まれる顔情報を用いた1対1認証を実行(ステップS6)。サーバ装置103は、1対1認証に成功すると、被認証者は所定の施設に入場できることを入場端末102に通知する(入場可を通知;ステップS7)。 A system according to one embodiment includes a reception terminal 101, an entrance terminal 102 that restricts the entrance of an authenticated person who is attempting to enter a specified facility, and a server device 103 (see FIG. 1). In response to an operation by an applicant who wishes to enter a specified facility, the reception terminal 101 writes an ID that identifies the applicant to a medium storing the applicant's electronic certificate (step S1 in FIG. 2). The reception terminal 101 transmits an admission permission notice including the ID and facial information of the applicant to the server device 103 (step S2). The server device 103 stores the ID and facial information included in the admission permission notice in a list of admitted persons (step S3). The entrance terminal 102 reads the ID held by the person to be authenticated from the medium on which the ID is written, photographs the person to be authenticated to obtain facial information, and transmits an authentication request including the ID and facial information to the server device 103 (step S4). The server device 103 identifies the person to be authenticated using the ID included in the authentication request and the ID included in the admission permission list (step S5). The server device 103 performs one-to-one authentication using the facial information included in the list of people allowed to enter the identified person to be authenticated and the facial information included in the authentication request (step S6). If the one-to-one authentication is successful, the server device 103 notifies the entrance terminal 102 that the person to be authenticated is allowed to enter the specified facility (notification of admission; step S7).
 受付端末101は、施設への入場希望者による操作(例えば、本人確認又は回数確認に関する操作)に応じて、当該希望者を識別するIDを、上記電子証明書が格納された媒体(例えば、マイナンバーカード)に書き込む。施設への入場希望者は、IDが書き込まれた媒体を入場端末102に提示する。入場端末102は、提示された媒体から取得したIDと被認証者の顔情報を含む認証要求をサーバ装置103に送信する。サーバ装置103は、IDを使って被認証者を特定すると共に、当該被認証者が媒体(マイナンバーカード)を不正に利用していないことを1対1認証により確認する。このようなシステムの構成により、利用者は、電子証明書が記憶された媒体とIDを格納する媒体を管理する必要がなく、当該利用者の管理負担が軽減する。また、サーバ装置103は、入場端末102に到着した被認証者を1対N認証(Nは正の整数)ではなくIDを使った認証により特定するので、より精度のよい認証を実現できる。 The reception terminal 101 writes an ID that identifies the person who wishes to enter the facility into a medium (e.g., a My Number card) in which the electronic certificate is stored, in response to an operation by the person who wishes to enter the facility (e.g., an operation related to identity verification or number of visits verification). The person who wishes to enter the facility presents the medium in which the ID is written to the entrance terminal 102. The entrance terminal 102 transmits an authentication request to the server device 103, including the ID acquired from the presented medium and face information of the person to be authenticated. The server device 103 identifies the person to be authenticated using the ID and verifies by one-to-one authentication that the person to be authenticated is not using the medium (My Number card) fraudulently. With this system configuration, the user does not need to manage the medium in which the electronic certificate is stored and the medium in which the ID is stored, reducing the management burden on the user. In addition, the server device 103 identifies the person to be authenticated who arrives at the entrance terminal 102 by authentication using the ID rather than one-to-N authentication (N is a positive integer), thereby realizing more accurate authentication.
 以下に具体的な実施形態について、図面を参照してさらに詳しく説明する。 Specific embodiments are described in more detail below with reference to the drawings.
[第1の実施形態]
 第1の実施形態について、図面を用いてより詳細に説明する。 [First embodiment]
The first embodiment will be described in more detail with reference to the drawings.
[システムの構成]
 図3は、第1の実施形態に係る入場管理システム(情報処理システム)の概略構成の一例を示す図である。第1の実施形態に係る入場管理システムは、統合型リゾート(IR;Integrated Resort)内の施設を対象として入場管理を行う。また、図3に示すように、入場管理システムには、複数のサーバ装置が含まれる。 [System Configuration]
Fig. 3 is a diagram showing an example of a schematic configuration of an admission management system (information processing system) according to the first embodiment. The admission management system according to the first embodiment performs admission management for facilities in an integrated resort (IR). As shown in Fig. 3, the admission management system includes multiple server devices.
 統合型リゾートには、国際会議場、展示施設、ホテル、商業施設、レストラン、劇場、映画館、アミューズメントパーク、スポーツ施設、温浴施設、カジノ行為区域等が含まれる。 Integrated resorts include international conference centers, exhibition facilities, hotels, commercial facilities, restaurants, theaters, movie theaters, amusement parks, sports facilities, hot springs, casino areas, etc.
 第1の実施形態では、利用者が入場する施設として「カジノ行為区画」を例にとり説明を行う。ただし、利用者が入場する施設は他の施設であってもよいことは勿論である。 In the first embodiment, the facility that users enter will be described as a "casino area." However, it goes without saying that the facility that users enter may be another facility.
 カジノ行為区域(以下、単にカジノ施設又はカジノと表記する)に初めて入場する利用者は、事前に、本人確認を受ける必要がある。具体的には、利用者(入場希望者)は、統合型リゾート施設の一角に設置された受付端末10(キオスク端末)を用いて、本人確認を受ける。なお、最初の本人確認は、カジノ施設に入場する前に完了している必要がある。  Users entering a casino activity area (hereinafter simply referred to as casino facility or casino) for the first time must undergo identity verification in advance. Specifically, users (those wishing to enter) undergo identity verification using a reception terminal 10 (kiosk terminal) installed in a corner of the integrated resort facility. Note that the initial identity verification must be completed before entering the casino facility.
 本人確認は、公的機関から発行された身分証明書を用いて行われる。具体的には、電子証明書が格納されたIC(Integrated Circuit)カードが本人確認に使用される。本願開示では、電子証明書が格納されたICカード(身分証明書)としてマイナンバーカードを例にとり説明を行う。 Identity verification is performed using an identification card issued by a public institution. Specifically, an IC (Integrated Circuit) card that stores an electronic certificate is used for identity verification. In this disclosure, an explanation will be given using the My Number Card as an example of an IC card (identification card) that stores an electronic certificate.
 利用者は、受付端末10又は所持するスマートフォン等の操作により、初回の本人確認に関する手続きを行う。なお、以下、本人確認は受付端末10にて行われる場合を想定し説明を行う。初回の本人確認が終了すると、利用者は、入場端末20を通過してカジノ施設に入場できる。入場端末20は、カジノ等の所定の施設に入場しようとする被認証者の入場を制限する端末(デバイス)である。 The user performs the initial identity verification procedure by operating the reception terminal 10 or a smartphone or other device that the user possesses. Note that the following explanation assumes that identity verification is performed at the reception terminal 10. Once the initial identity verification is complete, the user can enter the casino facility by passing through the entrance terminal 20. The entrance terminal 20 is a terminal (device) that restricts the entry of authenticated persons attempting to enter a designated facility such as a casino.
 2回目以降のカジノ入場の際にも、利用者は受付端末10において本人確認を受ける必要がある。また、2回目以降のカジノ入場の際には、利用者は、受付端末10において、回数確認を受ける必要がある。ただし、日本国内に住居を有しない外国人は、当該本人確認と回数確認は不要である。 When entering the casino for the second or subsequent time, the user must also have their identity verified at the reception terminal 10. In addition, when entering the casino for the second or subsequent time, the user must have the number of visits verified at the reception terminal 10. However, foreigners who do not have a residence in Japan are not required to have their identity verified or the number of visits verified.
 回数確認は、法律等で設定された、カジノ施設への入場制限を超えているか否かに関する確認である。例えば、短期の回数制限として「連続する7日間における入場回数は3回までとする」といった制限や、長期の回数制限として「連続する28日間での入場回数は10回までとする」といった制限に抵触するか否かに関する確認が回数確認である。 The number of times check is to check whether the entry limit to a casino facility set by law, etc. has been exceeded. For example, a short-term limit such as "entry is limited to three times in seven consecutive days" or a long-term limit such as "entry is limited to ten times in 28 consecutive days" is a number of times check to check whether the entry limit has been exceeded.
 本人確認及び回数確認に成功した利用者は、入場端末20を通過してカジノ施設内に入場できる。なお、カジノ施設に入場するためには、上記本人確認と回数確認に加え、「誓約」及び「入場料支払い」が必要となるが、誓約及び入場料支払いは本願開示の趣旨とは異なるのでこれらの手続きに関する説明は省略する。  Users who have successfully passed the identity verification and number of visits verification can enter the casino facility through the entrance terminal 20. In order to enter the casino facility, in addition to the identity verification and number of visits verification, a "pledge" and "payment of the entrance fee" are required. However, as the pledge and payment of the entrance fee are outside the scope of the present disclosure, an explanation of these procedures will be omitted.
 図3に示すように、入場管理システムには、複数のサーバ装置が含まれる。具体的には、入場管理システムには、カジノサーバ30と、第1のプラットフォーム(PF;Plat Form)サーバ40と、管理サーバ50と、第2のプラットフォームサーバ60と、認証局サーバ70と、入場制御サーバ80と、が含まれる。 As shown in FIG. 3, the admission management system includes multiple server devices. Specifically, the admission management system includes a casino server 30, a first platform (PF; Platform) server 40, a management server 50, a second platform server 60, an authentication authority server 70, and an admission control server 80.
 カジノサーバ30は、カジノ事業者等により管理されるサーバ装置である。カジノサーバ30は、カジノ利用者の管理等を行う。カジノサーバ30は、利用者がカジノ施設に入場するための制御を行う。 The casino server 30 is a server device managed by a casino operator or the like. The casino server 30 manages casino users, etc. The casino server 30 controls users' entry into the casino facility.
 第1のPFサーバ40は、電子証明書の認証業務を行う認証事業者により管理されるサーバ装置である。第1のPFサーバ40は、身分証明書に格納された電子証明書を用いた認証手続きを行う。より具体的には、第1のPFサーバ40は、カジノ事業者から依頼された電子証明書の認証業務を執り行う装置である。 The first PF server 40 is a server device managed by an authentication business that performs electronic certificate authentication operations. The first PF server 40 performs authentication procedures using the electronic certificate stored in the identification card. More specifically, the first PF server 40 is a device that performs electronic certificate authentication operations requested by the casino operator.
 管理サーバ50は、カジノ管理委員会(カジノ利用に関する規則の作成やカジノ事業者によるカジノ事業活動の管理等を行う行政機関)により管理されるサーバ装置である。管理サーバ50は、カジノ施設の利用状況を管理する。より具体的には、管理サーバ50は、カジノ利用者の回数確認を行ったりカジノ利用者の身元を管理(記憶)したりする。なお、管理サーバ50は、1つのカジノ施設に関する利用状況の管理ではなく、国内で事業活動を行う各カジノ施設(複数のカジノ施設)に関する利用状況を管理する。即ち、管理サーバ50は、利用者が入場しようとしているカジノ施設だけでなく、国内に存在する他のカジノ施設に関する回数確認等を行う(上記説明した短期、長期の回数確認を行う)。 The management server 50 is a server device managed by the Casino Management Committee (an administrative body that creates rules regarding casino use and manages casino business activities by casino operators). The management server 50 manages the usage status of casino facilities. More specifically, the management server 50 checks the number of times casino users visit and manages (stores) the identities of casino users. Note that the management server 50 does not manage the usage status of a single casino facility, but rather manages the usage status of each casino facility (multiple casino facilities) that conducts business activities within the country. In other words, the management server 50 checks the number of times not only for the casino facility that the user is about to enter, but also for other casino facilities existing within the country (performing the short-term and long-term number checks described above).
 第2のPFサーバ60は、電子証明書の認証業務を行う認証事業者により管理されるサーバ装置である。第2のPFサーバ60は、身分証明書に格納された電子証明書を用いた認証手続きを行う。より具体的には、第2のPFサーバ60は、カジノ管理委員会から依頼された電子証明書の認証業務を執り行う装置である。 The second PF server 60 is a server device managed by an authentication business that performs electronic certificate authentication operations. The second PF server 60 performs authentication procedures using the electronic certificate stored in the identification card. More specifically, the second PF server 60 is a device that performs electronic certificate authentication operations requested by the Casino Management Committee.
 認証局サーバ70は、J-LIS(Japan Agency for Local Authority Information Systems)と称される国及び地方公共団体が共同して運営する法人により管理されるサーバ装置である。認証局サーバ70は、電子証明書の有効性を検証する。より具体的には、認証局サーバ70は、電子証明書を用いた個人認証サービスを提供する装置である。 The certification authority server 70 is a server device managed by a corporation jointly operated by the national and local governments called J-LIS (Japan Agency for Local Authority Information Systems). The certification authority server 70 verifies the validity of electronic certificates. More specifically, the certification authority server 70 is a device that provides personal authentication services using electronic certificates.
 入場制御サーバ80は、利用者によるカジノ施設入場に関する制御を行うサーバ装置である。入場制御サーバ80は、入場端末20を通過してカジノ施設に入場しようとする利用者(被認証者)を認証する。 The entrance control server 80 is a server device that controls users' entrance into the casino facility. The entrance control server 80 authenticates users (authenticated persons) who attempt to enter the casino facility through the entrance terminal 20.
[概略動作]
 続いて、第1の実施形態に係る入場管理システムの概略動作について説明する。 [Outline of operation]
Next, the general operation of the entrance management system according to the first embodiment will be described.
<初回の本人確認>
 図4を参照して、初回の本人確認に関する入場管理システムの概略動作を説明する。 <First identity verification>
The outline of the operation of the admission control system for initial identity verification will be described with reference to FIG.
 カジノ施設に初めて入場する利用者は、受付端末10で初回の本人確認を受ける。この場合、受付端末10は、利用者が所持するマイナンバーカードから署名用電子証明書を取得する。具体的には、受付端末10は、署名用電子証明書を読み出すためのパスワードを利用者から取得し、マイナンバーカードから当該電子証明書を取得する。受付端末10は、取得した署名用電子証明書を含む本人確認依頼をカジノサーバ30に送信する(ステップS01)。受付端末10は、電子証明書を用いた本人確認をカジノサーバ30に依頼する。 A user entering a casino facility for the first time undergoes initial identity verification at the reception terminal 10. In this case, the reception terminal 10 obtains a signature electronic certificate from the My Number card held by the user. Specifically, the reception terminal 10 obtains from the user a password for reading the signature electronic certificate, and obtains the electronic certificate from the My Number card. The reception terminal 10 sends an identity verification request including the obtained signature electronic certificate to the casino server 30 (step S01). The reception terminal 10 requests the casino server 30 to verify the user's identity using the electronic certificate.
 なお、署名用電子証明書は、公的機関等に提出する文書に署名するための電子証明書であり、利用者(マイナンバーカードが交付された住民)の個人情報(所謂、基本4情報;氏名、生年月日、性別、住所)を含む証明書である。 The electronic signature certificate is an electronic certificate used to sign documents to be submitted to public institutions, etc., and contains the personal information of the user (a resident who has been issued a My Number card) (the so-called four basic pieces of information: name, date of birth, gender, and address).
 カジノサーバ30は、利用者の本人確認を第1のPFサーバ40に要求する。具体的には、カジノサーバ30は、受付端末10から取得した署名用電子証明書を含む本人確認要求を第1のPFサーバ40に送信する(ステップS02)。 The casino server 30 requests the first PF server 40 to verify the identity of the user. Specifically, the casino server 30 sends an identity verification request including the signature electronic certificate acquired from the reception terminal 10 to the first PF server 40 (step S02).
 本人確認要求の受信に応じて、第1のPFサーバ40は、署名用電子証明書の有効性検証を認証局サーバ70に要求する。具体的には、第1のPFサーバ40は、署名用電子証明書の発行番号を含む検証要求を認証局サーバ70に送信する(ステップS03)。 In response to receiving the identity verification request, the first PF server 40 requests the certificate authority server 70 to verify the validity of the signature electronic certificate. Specifically, the first PF server 40 sends a verification request including the issue number of the signature electronic certificate to the certificate authority server 70 (step S03).
 認証局サーバ70は、署名用電子証明書の検証を行う。認証局サーバ70は、署名用電子証明書の検証結果(署名用電子証明書は有効、署名用電子証明書は無効)を第1のPFサーバ40に送信する(ステップS04)。その際、署名用電子証明書の検証に成功していれば、認証局サーバ70は、署名用電子証明書に紐づけられた利用者証明用電子証明書の発行番号も併せて第1のPFサーバ40に送信する。 The certificate authority server 70 verifies the signature electronic certificate. The certificate authority server 70 transmits the verification result of the signature electronic certificate (signature electronic certificate is valid, signature electronic certificate is invalid) to the first PF server 40 (step S04). At that time, if the verification of the signature electronic certificate is successful, the certificate authority server 70 also transmits the issue number of the user authentication electronic certificate linked to the signature electronic certificate to the first PF server 40.
 署名用電子証明書が有効な場合、第1のPFサーバ40は、利用者(初めてカジノ施設に入場する利用者)のアカウントを生成する。第1のPFサーバ40は、当該アカウントにおいて、利用者を識別するID(以下、利用者IDと表記する)、署名用電子証明書の発行番号、利用者証明用電子証明書の発行番号及び本人特定事項を対応付けて記憶する。 If the signature electronic certificate is valid, the first PF server 40 creates an account for the user (a user entering a casino facility for the first time). In the account, the first PF server 40 stores an ID that identifies the user (hereinafter referred to as a user ID), the issue number of the signature electronic certificate, the issue number of the user authentication electronic certificate, and personal identification information in association with each other.
 なお、本人特定事項は、氏名、生年月日、性別及び住所のうち少なくとも1つ又はその組み合わせからなる情報である。例えば、氏名や氏名と生年月日の組み合わせが本人特定事項に該当する。勿論、氏名、生年月日、性別及び住所の組み合わせが本人特定事項であってもよい。 Note that personal identification information is information consisting of at least one of name, date of birth, gender, and address, or a combination of these. For example, a name or a combination of a name and date of birth corresponds to personal identification information. Of course, a combination of a name, date of birth, gender, and address may also be personal identification information.
 その後、第1のPFサーバ40は、本人確認要求に対する確認結果(本人確認成功、本人確認失敗)をカジノサーバ30に送信する(ステップS05)。本人確認が成功の場合、第1のPFサーバ40は、利用者ID及び本人特定事項もカジノサーバ30に送信する。 Then, the first PF server 40 transmits the result of the identity verification request (identity verification successful, identity verification failed) to the casino server 30 (step S05). If identity verification is successful, the first PF server 40 also transmits the user ID and identity information to the casino server 30.
 第1のPFサーバ40から受信した確認結果に応じて、カジノサーバ30は、本人確認依頼に対する応答(本人確認成功、本人確認失敗)を受付端末10に送信する(ステップS06)。本人確認成功の際には、カジノサーバ30は、利用者IDと本人特定事項を受付端末10及び管理サーバ50に通知する。また、カジノサーバ30は、第1のPFサーバ40から受信した利用者ID等を記憶する。 Depending on the confirmation result received from the first PF server 40, the casino server 30 sends a response to the identity confirmation request (identity confirmation successful, identity confirmation failed) to the reception terminal 10 (step S06). If identity confirmation is successful, the casino server 30 notifies the reception terminal 10 and the management server 50 of the user ID and identity specification information. The casino server 30 also stores the user ID etc. received from the first PF server 40.
 電子証明書(署名用電子証明書)による本人確認が終了すると、受付端末10は、顔情報を用いた本人確認を実行する。具体的には、受付端末10は、マイナンバーカードの券面に記載された顔情報と面前の利用者を撮影することで得られる顔情報を用いた本人確認を実行する。 Once identity verification using the electronic certificate (digital signature certificate) is complete, the reception terminal 10 performs identity verification using facial information. Specifically, the reception terminal 10 performs identity verification using the facial information printed on the face of the My Number card and facial information obtained by photographing the user in front of the user.
 なお、以降の説明において、顔情報として「顔画像」を例にとりシステムの動作等に関する説明を行う。ただし、顔情報を顔画像に限定する趣旨ではなく顔情報は顔画像から生成された特徴量であってもよい。 In the following explanation, the operation of the system will be explained using a "face image" as an example of face information. However, the face information is not limited to face images, and the face information may be a feature generated from a face image.
 受付端末10は、2つの顔画像が同一人物の顔画像であると判定した場合には、本人確認成功と判定する。受付端末10は、2つの顔画像が同一人物の顔画像ではないと判定した場合には、本人確認失敗と判定する。 If the reception terminal 10 determines that the two facial images are facial images of the same person, it determines that identity verification has been successful. If the reception terminal 10 determines that the two facial images are not facial images of the same person, it determines that identity verification has failed.
 2つの本人確認に成功すると、受付端末10は、カジノに入場できる旨を利用者に通知する。 If both identity verifications are successful, the reception terminal 10 notifies the user that they can enter the casino.
 さらに、受付端末10(キオスク端末)は、最初の本人確認が終了した利用者(カジノ施設に入場する資格を持つ利用者)にカジノユーザIDを発行する。受付端末10は、電子証明書と顔画像を用いた本人確認に成功すると、当該利用者に関するカジノユーザIDを発行する。例えば、受付端末10は、カジノサーバ30から受信した利用者IDをカジノユーザIDとして発行する。 Furthermore, the reception terminal 10 (kiosk terminal) issues a casino user ID to a user who has completed the initial identity verification (a user who is eligible to enter the casino facility). If the reception terminal 10 is successful in identity verification using an electronic certificate and a facial image, it issues a casino user ID for that user. For example, the reception terminal 10 issues the user ID received from the casino server 30 as the casino user ID.
 受付端末10は、カジノユーザID(利用者ID)を利用者から提示されたマイナンバーカードに格納(記録)する。具体的には、受付端末10は、マイナンバーカードのアプリ搭載エリアにカジノユーザIDを書き込む。 The reception terminal 10 stores (records) the casino user ID (user ID) in the My Number card presented by the user. Specifically, the reception terminal 10 writes the casino user ID in the app installation area of the My Number card.
 さらにまた、受付端末10は、本人確認が終了した利用者の顔画像とカジノユーザIDを含む「入場許可者通知」を入場制御サーバ80に送信する(ステップS07)。入場制御サーバ80は、本人確認が終了してカジノ施設に入場可能となった利用者を入場許可者リストで管理する。入場制御サーバ80は、入場許可者リストに上記受付端末10から取得したカジノユーザIDと顔画像を記憶する。 Furthermore, the reception terminal 10 transmits an "admission permitted person notification" including the face image and casino user ID of the user whose identity has been verified to the admission control server 80 (step S07). The admission control server 80 manages the users who have completed identity verification and are permitted to enter the casino facility in an admission permitted person list. The admission control server 80 stores the casino user ID and face image acquired from the reception terminal 10 in the admission permitted person list.
<カジノ施設入場時の2回目以降の本人確認及び回数確認>
 上述のように、2回目以降にカジノ施設に入場するためには、利用者の本人確認と回数確認が必要である。本人確認及び回数確認は、受付端末10を介して行われる。 <Identity verification and number of times verification will be performed from the second time onwards when entering casino facilities>
As described above, in order to enter the casino facility for the second or subsequent time, the user's identity and the number of times of entry are required to be verified. The identity and number of times of entry are verified via the reception terminal 10.
 この場合、受付端末10は、利用者が所持するマイナンバーカードからカジノユーザID及び利用者証明用電子証明書を取得する。具体的には、受付端末10は、利用者証明書電子証明書を読み出すためのパスワードを利用者から取得し、マイナンバーカードから当該電子証明書を取得する。受付端末10は、取得したカジノユーザID及び利用者証明用電子証明書を含む入場確認依頼をカジノサーバ30に送信する(図5のステップS11)。受付端末10は、電子証明書を用いた本人確認及び回数確認をカジノサーバ30に依頼する。 In this case, the reception terminal 10 obtains the casino user ID and user authentication electronic certificate from the My Number card held by the user. Specifically, the reception terminal 10 obtains a password for reading the user certificate electronic certificate from the user, and obtains the electronic certificate from the My Number card. The reception terminal 10 sends an entry confirmation request including the obtained casino user ID and user authentication electronic certificate to the casino server 30 (step S11 in FIG. 5). The reception terminal 10 requests the casino server 30 to verify the user's identity and number of visits using the electronic certificate.
 なお、利用者証明用電子証明書は、本人であることの認証手段として利用される電子証明書であり、利用者(マイナンバーカードが交付された住民)の個人情報(所謂、基本4情報;氏名、生年月日、性別、住所)を含まない証明書である。 The user electronic certificate is an electronic certificate used as a means of authenticating a person's identity, and does not include personal information (the so-called four basic pieces of information: name, date of birth, gender, and address) of the user (a resident who has been issued a My Number card).
 入場管理システムは、本人確認と回数確認を実行する。当該本人確認と回数確認は並行して実行されるが、便宜上、本人確認と回数確認を分けて説明する。 The admission control system performs identity verification and count verification. These identity verification and count verification are performed in parallel, but for convenience, they will be explained separately.
 はじめに、図6の下段に示される本人確認フローを参照して、カジノ施設入場時の本人確認に関する入場管理システムの概略動作を説明する。 First, we will explain the general operation of the admission management system regarding identity verification when entering a casino facility, with reference to the identity verification flow shown in the lower part of Figure 6.
 受付端末10から利用者証明用電子証明書を取得すると、カジノサーバ30は、入場希望者の本人確認を第1のPFサーバ40に要求する。具体的には、カジノサーバ30は、受付端末10から取得した利用者証明用電子証明書を含む本人確認要求を第1のPFサーバ40に送信する(ステップS21)。 When the casino server 30 obtains the user authentication electronic certificate from the reception terminal 10, it requests the first PF server 40 to verify the identity of the person wishing to enter. Specifically, the casino server 30 sends an identity verification request including the user authentication electronic certificate obtained from the reception terminal 10 to the first PF server 40 (step S21).
 第1のPFサーバ40は、カジノ施設への入場希望者に関し、初回の本人確認が完了しているか否か判定する。具体的には、第1のPFサーバ40は、利用者証明用電子証明書の発行番号を用いて入場希望者のアカウントが生成済か否か判定する。 The first PF server 40 determines whether or not the initial identity verification has been completed for a person who wishes to enter a casino facility. Specifically, the first PF server 40 uses the issue number of the user authentication electronic certificate to determine whether or not an account has been created for the person who wishes to enter.
 アカウントが生成されていれば、第1のPFサーバ40は、署名用電子証明書及び利用者証明用電子証明書の有効性検証を認証局サーバ70に要求する。具体的には、第1のPFサーバ40は、署名用電子証明書の発行番号と利用者証明用電子証明書の発行番号を含む検証要求を認証局サーバ70に送信する(ステップS22)。 If an account has been created, the first PF server 40 requests the certification authority server 70 to verify the validity of the signature electronic certificate and the user authentication electronic certificate. Specifically, the first PF server 40 sends a verification request including the issue number of the signature electronic certificate and the issue number of the user authentication electronic certificate to the certification authority server 70 (step S22).
 認証局サーバ70は、署名用電子証明書及び利用者証明用電子証明書の検証を行う。認証局サーバ70は、署名用電子証明書及び利用者証明用電子証明書の検証結果(証明書は有効、証明書は無効)を第1のPFサーバ40に送信する(ステップS23)。 The certificate authority server 70 verifies the signature electronic certificate and the user authentication electronic certificate. The certificate authority server 70 sends the verification results of the signature electronic certificate and the user authentication electronic certificate (certificate is valid, certificate is invalid) to the first PF server 40 (step S23).
 認証局サーバ70から取得した検証結果に応じて、第1のPFサーバ40は、カジノサーバ30から受信した本人確認要求に対する確認結果(本人確認成功、本人確認失敗)をカジノサーバ30に送信する(ステップS24)。本人確認が成功の場合には、第1のPFサーバ40は、入場希望者の利用者ID及び本人特定事項を併せてカジノサーバ30に通知する。 Depending on the verification result obtained from the authentication authority server 70, the first PF server 40 transmits the verification result (identity verification successful, identity verification failed) for the identity verification request received from the casino server 30 to the casino server 30 (step S24). If identity verification is successful, the first PF server 40 notifies the casino server 30 of the user ID and identity specification information of the person wishing to enter.
 カジノサーバ30は、カジノ施設への入場希望者に関し、確認結果(本人確認成功、本人確認失敗)を記憶する。 The casino server 30 stores the verification result (identity verification successful, identity verification failed) for those who wish to enter the casino facility.
 続いて、図6の上段に示される回数確認フローを参照して、カジノ施設入場時の回数確認に関する入場管理システムの概略動作を説明する。 Next, we will explain the general operation of the admission management system regarding the number of times confirmation when entering a casino facility, by referring to the number of times confirmation flow shown in the upper part of Figure 6.
 受付端末10から利用者証明用電子証明書を取得すると、カジノサーバ30は、入場希望者の回数確認を管理サーバ50に要求する。具体的には、カジノサーバ30は、マイナンバーカードから読み出された利用者証明用電子証明書及び利用者IDを含む回数確認要求を管理サーバ50に送信する(ステップS31)。 When the casino server 30 obtains the user authentication electronic certificate from the reception terminal 10, it requests the management server 50 to confirm the number of times the person wishing to enter has visited. Specifically, the casino server 30 sends a number confirmation request to the management server 50, which includes the user authentication electronic certificate and the user ID read from the My Number card (step S31).
 管理サーバ50は、入場者の特定を第2のPFサーバ60に要求する。具体的には、管理サーバ50は、カジノサーバ30から取得した利用者証明用電子証明書を含む入場者特定要求を第2のPFサーバ60に送信する(ステップS32)。 The management server 50 requests the second PF server 60 to identify the spectator. Specifically, the management server 50 sends a spectator identification request, including the user authentication electronic certificate acquired from the casino server 30, to the second PF server 60 (step S32).
 入場者特定要求の受信に応じて、第2のPFサーバ60は、利用者証明用電子証明書の有効性検証を認証局サーバ70に要求する。具体的には、第2のPFサーバ60は、利用者証明用電子証明書の発行番号を含む検証要求を認証局サーバ70に送信する(ステップS33) In response to receiving the visitor identification request, the second PF server 60 requests the certification authority server 70 to verify the validity of the user-certified electronic certificate. Specifically, the second PF server 60 sends a verification request including the issue number of the user-certified electronic certificate to the certification authority server 70 (step S33).
 認証局サーバ70は、利用者証明用電子証明書の検証を行う。認証局サーバ70は、利用者証明用電子証明書の検証結果(利用者証明用電子証明書は有効、利用者証明用電子証明書は無効)を第2のPFサーバ60に送信する(ステップS34)。 The certificate authority server 70 verifies the user-certificate electronic certificate. The certificate authority server 70 transmits the result of the verification of the user-certificate electronic certificate (the user-certificate electronic certificate is valid, the user-certificate electronic certificate is invalid) to the second PF server 60 (step S34).
 利用者証明用電子証明書が有効な場合、第2のPFサーバ60は、入場者のアカウントを作成する。第2のPFサーバ60は、入場者を識別するID(以下、入場者IDと表記する)と当該入場者の利用者証明用電子証明書の発行番号を対応付けて記憶する。 If the user authentication electronic certificate is valid, the second PF server 60 creates an account for the visitor. The second PF server 60 stores an ID that identifies the visitor (hereinafter referred to as a visitor ID) in association with the issue number of the visitor's user authentication electronic certificate.
 第2のPFサーバ60は、管理サーバ50から受信した入場者特定要求に対する応答(入場者は特定、入場者は非特定)を管理サーバ50に送信する(ステップS35)。入場者が特定された場合には、第2のPFサーバ60は、当該特定された入場者(入場予定者)の入場者IDも併せて管理サーバ50に送信する。 The second PF server 60 transmits a response (attendee identified, attendee unidentified) to the attendance request received from the management server 50 to the management server 50 (step S35). If an attendee is identified, the second PF server 60 also transmits the attendee ID of the identified attendee (scheduled attendee) to the management server 50.
 管理サーバ50は、特定された利用者のカジノ施設利用に関する回数確認を行う。管理サーバ50は、回数確認の結果(利用者はカジノ施設利用可、利用者はカジノ施設利用不可)をカジノサーバ30に送信する(ステップS36)。 The management server 50 checks the number of times the identified user has used the casino facilities. The management server 50 transmits the result of the check (user may use the casino facilities, user may not use the casino facilities) to the casino server 30 (step S36).
 カジノサーバ30は、回数確認の結果を記憶する。 The casino server 30 stores the result of the count confirmation.
 カジノサーバ30は、本人確認の結果と回数確認の結果が揃ったタイミングで、利用者がカジノ施設に入場できるか否か判定する。カジノサーバ30は、入場確認依頼に対する応答(カジノ施設に入場可、カジノ施設に入場不可)を受付端末10に送信する(図5のステップS12)。 Once the results of the identity verification and the number of times verification are received, the casino server 30 determines whether the user is permitted to enter the casino facility. The casino server 30 sends a response to the request for confirmation of entry (permitted to enter the casino facility, not permitted to enter the casino facility) to the reception terminal 10 (step S12 in FIG. 5).
 本人確認(利用者証明証電子証明書を使った本人確認)及び回数確認が成功すると、受付端末10は、マイナンバーカードの券面に記載された顔画像と面前の利用者を撮影することで得られる顔画像を用いた本人確認を実行する。 If identity verification (identity verification using the user certificate electronic certificate) and number of attempts verification are successful, the reception terminal 10 performs identity verification using the facial image printed on the face of the My Number card and a facial image obtained by photographing the user in front of the card.
 受付端末10は、2つの顔画像が同一人物の顔画像であると判定した場合には、本人確認成功と判定する。受付端末10は、2つの顔画像が同一人物の顔画像ではないと判定した場合には、本人確認失敗と判定する。 If the reception terminal 10 determines that the two facial images are facial images of the same person, it determines that identity verification has been successful. If the reception terminal 10 determines that the two facial images are not facial images of the same person, it determines that identity verification has failed.
 本人確認及び回数確認に成功すると、受付端末10は、カジノに入場できる旨を利用者に通知する。 If the user's identity and number of visits are successfully verified, the reception terminal 10 notifies the user that he or she may enter the casino.
 受付端末10は、最初の本人確認時と同様に、2回目以降の本人確認及び回数確認が終了した利用者の顔画像とカジノユーザIDを入場制御サーバ80に送信する。入場制御サーバ80は、入場許可者リストに上記受付端末10から取得したカジノユーザIDと顔画像を記憶する。 The reception terminal 10 transmits to the admission control server 80 the face image and casino user ID of the user who has completed the second or subsequent identity verification and number verification, just as it did during the initial identity verification. The admission control server 80 stores the casino user ID and face image acquired from the reception terminal 10 in the admission permitted person list.
<カジノ施設への入場>
 本人確認等が終了した利用者はカジノ施設に入場する際、カジノユーザIDが格納された媒体(例えば、マイナンバーカード;MNC)を入場端末20に提示する(図7参照)。 <Entry to casino facilities>
When a user who has completed identity verification and the like enters a casino facility, the user presents a medium (such as a My Number Card; MNC) on which a casino user ID is stored to an entrance terminal 20 (see FIG. 7).
 入場端末20は、利用者(カジノ施設への入場希望者;被認証者)が提示するマイナンバーカードからカジノユーザIDを読み出す。また、入場端末20は、利用者を撮影することで、当該入場希望者の顔画像を取得する。 The admission terminal 20 reads out the casino user ID from the My Number card presented by the user (a person wishing to enter a casino facility; a person to be authenticated). The admission terminal 20 also photographs the user to obtain a facial image of the person wishing to enter.
 入場端末20は、上記取得した顔画像とカジノユーザIDを含む認証要求を入場制御サーバ80に送信する。 The admission terminal 20 sends an authentication request including the acquired face image and casino user ID to the admission control server 80.
 入場制御サーバ80は、カジノユーザIDをキーとして入場許可者リストを検索し、対応する利用者(本人確認、回数確認が完了している利用者)を特定する。 The admission control server 80 searches the list of admitted users using the casino user ID as a key, and identifies the corresponding user (a user who has completed identity verification and number of visits verification).
 入場制御サーバ80は、特定された利用者の顔画像と入場端末20から取得した顔画像を用いて1対1認証(1対1照合)を行う。1対1認証に成功すると、入場制御サーバ80は、カジノ入場希望者(被認証者)のゲート通過を許可する。 The admission control server 80 performs one-to-one authentication (one-to-one matching) using the face image of the identified user and the face image acquired from the admission terminal 20. If the one-to-one authentication is successful, the admission control server 80 allows the person wishing to enter the casino (the person to be authenticated) to pass through the gate.
 入場制御サーバ80は、1対1認証に成功すると、利用者のカジノ入場許可を示す肯定応答を入場端末20に送信する。カジノユーザIDが入場可能者リストに掲載されていない、又は、1対1認証に失敗した場合には、入場制御サーバ80は、利用者のカジノ入場不許可を示す否定応答を入場端末20に送信する。 If the one-to-one authentication is successful, the admission control server 80 sends a positive response to the admission terminal 20 indicating that the user is permitted to enter the casino. If the casino user ID is not on the list of permitted visitors or if the one-to-one authentication fails, the admission control server 80 sends a negative response to the admission terminal 20 indicating that the user is not permitted to enter the casino.
 肯定応答を受信した場合、入場端末20は、ゲートを開き利用者のカジノ入場を許可する。否定応答を受信した場合、入場端末20は、ゲートを閉じ利用者のカジノ入場を拒否する。 If a positive response is received, the admission terminal 20 opens the gate and allows the user to enter the casino. If a negative response is received, the admission terminal 20 closes the gate and denies the user entry to the casino.
 このように、受付端末10は、所定の施設(カジノ)に入場を希望する入場希望者の電子証明書を用いた本人確認に関する制御を行う。受付端末10は、当該電子証明書を用いた本人確認に成功すると、入場希望者の電子証明書が格納された媒体(マイナンバーカード)に、本人確認に成功した入場希望者を識別するID(カジノユーザID)を書き込む。受付端末10は、当該IDと電子証明書を用いた本人確認に成功した入場希望者の顔情報を含む入場許可者通知をサーバ装置(入場制御サーバ80)に送信する。サーバ装置は、入場許可者通知に含まれるIDと顔情報を入場許可者リストに記憶する。入場端末20は、被認証者が所持するIDが書き込まれた媒体(マイナンバーカード)からIDを読み出すと共に、被認証者を撮影して顔情報を取得する。入場端末20は、当該IDと顔情報を含む認証要求をサーバ装置に送信する。サーバ装置は、認証要求に含まれるIDと入場許可者リストに含まれるIDを用いて被認証者を特定する。さらに、サーバ装置は、特定された被認証者の入場許可者リストに含まれる顔情報と認証要求に含まれる顔情報を用いた1対1認証を実行する。サーバ装置は、1対1認証に成功すると、被認証者はカジノに入場できることを入場端末20に通知する。 In this way, the reception terminal 10 controls the identity verification using the electronic certificate of an entry applicant who wishes to enter a specified facility (casino). When the reception terminal 10 succeeds in identity verification using the electronic certificate, it writes an ID (casino user ID) that identifies the entry applicant whose identity has been successfully verified to the medium (My Number card) in which the entry applicant's electronic certificate is stored. The reception terminal 10 transmits an entry permitted person notification including the ID and face information of the entry applicant whose identity has been successfully verified using the electronic certificate to the server device (entrance control server 80). The server device stores the ID and face information included in the entry permitted person notification in an entry permitted person list. The entry terminal 20 reads the ID held by the person to be authenticated from the medium (My Number card) in which the ID is written, and photographs the person to be authenticated to obtain face information. The entry terminal 20 transmits an authentication request including the ID and face information to the server device. The server device identifies the person to be authenticated using the ID included in the authentication request and the ID included in the entry permitted person list. Furthermore, the server device performs one-to-one authentication using the face information included in the entry permitted person list of the identified person to be authenticated and the face information included in the authentication request. If the one-to-one authentication is successful, the server device notifies the admission terminal 20 that the person being authenticated can enter the casino.
 入場制御サーバ80は、1対1認証を実行することで、本人確認、回数確認が終了した利用者が、カジノユーザIDが格納された媒体(例えば、マイナンバーカード)を他人に渡し、当該他人がカジノに不正入場することを防止する。 The admission control server 80 performs one-to-one authentication to prevent a user who has completed identity verification and number of times from handing over a medium (e.g., a My Number card) on which the casino user ID is stored to another person, thereby preventing that other person from illegally entering the casino.
 続いて、第1の実施形態に係る入場管理システムに含まれる各装置の詳細について説明する。 Next, we will explain the details of each device included in the admission management system according to the first embodiment.
[受付端末]
 図8は、第1の実施形態に係る受付端末10の処理構成(処理モジュール)の一例を示す図である。図8を参照すると、受付端末10は、通信制御部201と、入場確認制御部202と、記憶部203と、を備える。 [Reception terminal]
Fig. 8 is a diagram showing an example of a processing configuration (processing module) of the reception terminal 10 according to the first embodiment. Referring to Fig. 8, the reception terminal 10 includes a communication control unit 201, an admission confirmation control unit 202, and a storage unit 203.
 通信制御部201は、他の装置との間の通信を制御する手段である。例えば、通信制御部201は、カジノサーバ30からデータ(パケット)を受信する。また、通信制御部201は、カジノサーバ30に向けてデータを送信する。通信制御部201は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部201は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部201を介して他の装置とデータの送受信を行う。通信制御部201は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the casino server 30. The communication control unit 201 also transmits data to the casino server 30. The communication control unit 201 passes data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data with other devices via the communication control unit 201. The communication control unit 201 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
 入場確認制御部202は、カジノ施設への入場希望者に関する本人確認及び回数確認を制御する手段である。 The admission verification control unit 202 is a means for controlling identity verification and number of admission verification for those who wish to enter a casino facility.
 入場確認制御部202は、GUI(Graphical User Interface)等を用いて利用者によるカジノ入場の意思を取得すると、当該利用者にマイナンバーカードの提示を求める。例えば、入場確認制御部202は、図9に示すようなGUIを表示し、IC(Integrated Circuit)カードリーダライタにマイナンバーカードが挿入されたことを認識する。 When the entry confirmation control unit 202 acquires the user's intention to enter the casino using a GUI (Graphical User Interface) or the like, it requests the user to present his/her My Number card. For example, the entry confirmation control unit 202 displays a GUI such as that shown in FIG. 9 and recognizes that the My Number card has been inserted into an IC (Integrated Circuit) card reader/writer.
 入場確認制御部202は、ICカードリーダライタを制御し、マイナンバーカードからカジノユーザIDの読み出しを試みる。 The admission verification control unit 202 controls the IC card reader/writer and attempts to read the casino user ID from the My Number card.
 入場確認制御部202は、カジノユーザIDが読み出せない場合、当該利用者は一度もカジノに入場していない利用者(最初の本人確認が必要な利用者)と判定する。 If the entry confirmation control unit 202 cannot read the casino user ID, it determines that the user has never entered the casino (a user who requires initial identity verification).
 入場確認制御部202は、カジノユーザIDが読み出せた場合、当該利用者は既にカジノに入場したことがある利用者(2回目以降の本人確認が必要な利用者)と判定する。 If the entry verification control unit 202 is able to read the casino user ID, it determines that the user has already entered the casino (a user who requires identity verification from the second time onwards).
 はじめに、図10を参照し、最初の本人確認が必要な利用者に関する入場確認制御部202の動作を説明する。 First, with reference to FIG. 10, the operation of the admission confirmation control unit 202 for a user who requires initial identity verification will be described.
 最初の本人確認が必要な利用者に関し、入場確認制御部202は、当該利用者が所持するマイナンバーカードから署名用電子証明書を取得する(ステップS101)。 For a user who requires initial identity verification, the entry verification control unit 202 obtains a signature electronic certificate from the My Number card held by the user (step S101).
 その際、署名用電子証明書に対応した暗証番号(パスワード)の入力が必要になるので、入場確認制御部202は、図11に示すようなGUIを表示し、暗証番号(6桁から16桁の英数字が混在した文字列)を取得する。 At this time, it is necessary to enter a PIN (password) corresponding to the digital signature certificate, so the entrance verification control unit 202 displays a GUI like that shown in FIG. 11 and obtains the PIN (a string of 6 to 16 alphanumeric characters).
 入場確認制御部202は、取得した暗証番号を用いてマイナンバーカードから署名用電子証明書の読み出しを試みる。正しい暗証番号が入力されていれば、入場確認制御部202は、署名用電子証明書を読み出すことができる。 The entrance confirmation control unit 202 attempts to read the signature electronic certificate from the My Number card using the acquired PIN. If the correct PIN is entered, the entrance confirmation control unit 202 can read the signature electronic certificate.
 入場確認制御部202は、読み出した署名用電子証明書を含む本人確認依頼をカジノサーバ30に送信する(ステップS102)。 The entry verification control unit 202 sends an identity verification request including the read signature electronic certificate to the casino server 30 (step S102).
 入場確認制御部202は、本人確認依頼に対する応答(肯定応答、否定応答)をカジノサーバ30から受信する。 The entry confirmation control unit 202 receives a response (positive or negative response) to the identity verification request from the casino server 30.
 本人確認依頼に対する応答として否定応答(本人確認失敗)を受信した場合(ステップS103、No分岐)、入場確認制御部202は、利用者はカジノに入場できないと決定する(カジノ入場不可;ステップS104)。 If a negative response (identity verification failed) is received in response to the identity verification request (step S103, No branch), the admission confirmation control unit 202 determines that the user cannot enter the casino (casino entry not permitted; step S104).
 本人確認依頼に対する応答として肯定応答(本人確認成功)を受信した場合(ステップS103、Yes分岐)、入場確認制御部202は、顔画像を用いた本人確認を実行する(ステップS105)。具体的には、入場確認制御部202は、マイナンバーカードの券面に記載された顔画像と面前の利用者を撮影することで得られる顔画像を用いた本人確認を実行する。 If a positive response (identity verification successful) is received in response to the identity verification request (step S103, Yes branch), the admission confirmation control unit 202 performs identity verification using a facial image (step S105). Specifically, the admission confirmation control unit 202 performs identity verification using a facial image obtained by photographing the face of the My Number card and the user in front of the user.
 入場確認制御部202は、スキャナーを制御してマイナンバーカードの券面に記載された顔画像を取得する。また、入場確認制御部202は、カメラを制御して面前の利用者を撮影し、顔画像を取得する。入場確認制御部202は、2つの顔画像それぞれから特徴量を計算する。 The admission confirmation control unit 202 controls the scanner to obtain the facial image printed on the face of the My Number card. The admission confirmation control unit 202 also controls the camera to photograph the user in front of the admission confirmation control unit 202 and obtains the facial image. The admission confirmation control unit 202 calculates feature amounts from each of the two facial images.
 なお、特徴量の生成処理に関しては既存の技術を用いることができるので、その詳細な説明を省略する。例えば、入場確認制御部202は、顔画像から目、鼻、口等を特徴点として抽出する。その後、入場確認制御部202は、特徴点それぞれの位置や各特徴点間の距離を特徴量として計算する(複数の特徴量からなる特徴ベクトルを生成する)。 Note that existing technology can be used for the process of generating features, so a detailed description of this will be omitted. For example, the entrance confirmation control unit 202 extracts the eyes, nose, mouth, etc. from the face image as feature points. The entrance confirmation control unit 202 then calculates the position of each feature point and the distance between each feature point as feature amounts (generating a feature vector consisting of multiple feature amounts).
 次に、入場確認制御部202は、当該生成された2つの特徴量を用いた照合処理(1対1照合)を実行する。具体的には、入場確認制御部202は、2つの特徴量を用いて対応する顔画像間の類似度を算出する。入場確認制御部202は、当該算出した類似度に対する閾値処理の結果に基づき、2つの画像が同一人物の顔画像か否かを判定する。なお、当該類似度には、カイ二乗距離やユークリッド距離等を用いることができる。距離が離れているほど類似度は低く、距離が近いほど類似度が高い。 Next, the entrance confirmation control unit 202 executes a matching process (one-to-one matching) using the two generated feature amounts. Specifically, the entrance confirmation control unit 202 calculates the similarity between corresponding face images using the two feature amounts. Based on the result of threshold processing on the calculated similarity, the entrance confirmation control unit 202 determines whether the two images are face images of the same person. Note that the similarity can be calculated using chi-square distance, Euclidean distance, or the like. The greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.
 類似度が所定の値よりも大きければ(距離が所定の値よりも短ければ)、入場確認制御部202は、本人確認成功と判定する。類似度が所定の値以下であれば、入場確認制御部202は、本人確認失敗と判定する。 If the similarity is greater than a predetermined value (if the distance is shorter than a predetermined value), the admission confirmation control unit 202 determines that identity verification was successful. If the similarity is equal to or less than the predetermined value, the admission confirmation control unit 202 determines that identity verification was unsuccessful.
 顔画像を用いた本人確認に失敗すると(ステップS106、No分岐)、入場確認制御部202は、利用者はカジノに入場できないと決定する(カジノ入場不可;ステップS104)。 If identity verification using a facial image fails (step S106, No branch), the admission verification control unit 202 determines that the user cannot enter the casino (casino admission not permitted; step S104).
 顔画像を用いた本人確認に成功すると(ステップS106、Yes分岐)、入場確認制御部202は、利用者はカジノに入場できると決定する(カジノ入場可;ステップS107)。 If identity verification using a facial image is successful (step S106, Yes branch), the admission verification control unit 202 determines that the user is allowed to enter the casino (casino admission permitted; step S107).
 入場確認制御部202は、初回の本人確認が終了した利用者のカジノユーザIDを発行する。例えば、入場確認制御部202は、カジノサーバ30から受信した利用者IDをカジノユーザIDとして扱う。入場確認制御部202は、カジノユーザIDを利用者から提示されたマイナンバーカードに格納(記録)する(ステップS108)。具体的には、入場確認制御部202は、マイナンバーカードのアプリ搭載エリアにカジノユーザIDを書き込む。 The admission confirmation control unit 202 issues a casino user ID for the user who has completed the initial identity verification. For example, the admission confirmation control unit 202 treats the user ID received from the casino server 30 as the casino user ID. The admission confirmation control unit 202 stores (records) the casino user ID in the My Number card presented by the user (step S108). Specifically, the admission confirmation control unit 202 writes the casino user ID in the app installation area of the My Number card.
 その後、入場確認制御部202は、初回の本人確認が終了した利用者の顔画像(マイナンバーカードの券面に記載された顔画像又は撮影により得られた顔画像)とカジノユーザIDを含む「入場許可者通知」を入場制御サーバ80に送信する(ステップS109)。 Then, the admission confirmation control unit 202 sends an "admission permitted person notification" including a facial image of the user who has completed the initial identity confirmation (the facial image printed on the face of the My Number card or a facial image obtained by photographing) and the casino user ID to the admission control server 80 (step S109).
 入場確認制御部202は、初回の本人確認の結果を利用者に通知する。入場確認制御部202は、利用者がカジノに入場できるか否か通知する(ステップS110)。 The admission confirmation control unit 202 notifies the user of the result of the initial identity verification. The admission confirmation control unit 202 notifies the user whether or not he or she is allowed to enter the casino (step S110).
 例えば、カジノに入場できる利用者に対し、入場確認制御部202は、図12に示すような表示を行う。 For example, for a user who is allowed to enter the casino, the entry confirmation control unit 202 displays a message as shown in FIG. 12.
 続いて、図13を参照し、2回目以降の本人確認及び回数確認が必要な利用者に関する入場確認制御部202の動作を説明する。 Next, referring to FIG. 13, the operation of the admission confirmation control unit 202 for users who require identity confirmation and number of attempts from the second time onwards will be explained.
 2回目以降の本人確認が必要な利用者に関し、入場確認制御部202は、当該利用者が所持するマイナンバーカードから利用者証明用電子証明書を取得する(ステップS201)。 For users who require identity verification for the second or subsequent times, the entry verification control unit 202 obtains a user authentication electronic certificate from the My Number card held by the user (step S201).
 その際、利用者証明用電子証明書に対応した暗証番号、又は、利用者(入場希望者)の顔画像が必要になるので、入場確認制御部202は、図14に示すようなGUIを表示し、暗証番号(4桁の数列)又は顔画像を取得する。 At that time, a PIN number corresponding to the electronic certificate for user authentication or a facial image of the user (person wishing to enter) is required, so the entrance confirmation control unit 202 displays a GUI such as that shown in FIG. 14 and obtains the PIN number (a four-digit number sequence) or the facial image.
 なお、入場確認制御部202は、図14に示す「撮影ボタン」が押下されると、カメラ(図示せず)を制御して、入場希望者の顔画像を取得する。 When the "photograph button" shown in FIG. 14 is pressed, the admission confirmation control unit 202 controls a camera (not shown) to capture a facial image of the person wishing to enter.
 入場確認制御部202は、取得した暗証番号を用いてマイナンバーカードから利用者証明用電子証明書の読み出しを試みる。正しい暗証番号が入力されていれば、入場確認制御部202は、利用者証明用電子証明書を読み出すことができる。 The entrance confirmation control unit 202 attempts to read the user authentication electronic certificate from the My Number card using the acquired PIN. If the correct PIN has been entered, the entrance confirmation control unit 202 can read the user authentication electronic certificate.
 あるいは、マイナンバーカードに記載された顔画像(顔情報)と利用者を撮影することで得られる顔画像(顔情報)が実質的に一致すると、入場確認制御部202は、利用者証明用電子証明書を読み出すことができる。 Alternatively, if the facial image (facial information) printed on the My Number card substantially matches the facial image (facial information) obtained by photographing the user, the entry confirmation control unit 202 can read out the electronic certificate for user authentication.
 入場確認制御部202は、読み出した利用者証明用電子証明書及びカジノユーザID(利用者ID)を含む入場確認依頼をカジノサーバ30に送信する(ステップS202)。 The entry confirmation control unit 202 sends an entry confirmation request including the read user electronic certificate and casino user ID (user ID) to the casino server 30 (step S202).
 入場確認制御部202は、入場確認依頼に対する応答(肯定応答、否定応答)をカジノサーバ30から受信する。 The entry confirmation control unit 202 receives a response (positive or negative response) to the entry confirmation request from the casino server 30.
 入場確認依頼に対する応答として否定応答を受信した場合(ステップS203、No分岐)、入場確認制御部202は、利用者はカジノに入場できないと決定する(カジノ入場不可;ステップS204)。 If a negative response is received in response to the entry confirmation request (step S203, No branch), the entry confirmation control unit 202 determines that the user cannot enter the casino (casino entry not permitted; step S204).
 入場確認依頼に対する応答として肯定応答を受信した場合(ステップS203、Yes分岐)、入場確認制御部202は、顔画像を用いた本人確認を実行する(ステップS205)。 If a positive response is received in response to the entrance confirmation request (step S203, Yes branch), the entrance confirmation control unit 202 performs identity verification using a facial image (step S205).
 顔画像を用いた本人確認に失敗すると(ステップS206、No分岐)、入場確認制御部202は、利用者はカジノに入場できないと決定する(カジノ入場不可;ステップS204)。 If identity verification using a facial image fails (step S206, No branch), the admission verification control unit 202 determines that the user cannot enter the casino (casino admission not permitted; step S204).
 顔画像を用いた本人確認に成功すると(ステップS206、Yes分岐)、入場確認制御部202は、利用者はカジノに入場できると決定する(カジノ入場可;ステップS207)。 If identity verification using a facial image is successful (step S206, Yes branch), the admission verification control unit 202 determines that the user is allowed to enter the casino (casino entry permitted; step S207).
 入場確認制御部202は、2回目以降の本人確認及び回数確認が終了した利用者の顔画像とカジノユーザIDを含む「入場許可者通知」を入場制御サーバ80に送信する(ステップS208)。 The admission confirmation control unit 202 sends an "admission permitted person notification" including the face image and casino user ID of the user who has completed the second or subsequent identity and number confirmations to the admission control server 80 (step S208).
 入場確認制御部202は、2回目以降の本人確認及び回数確認の結果を利用者に通知する。入場確認制御部202は、利用者がカジノに入場できるか否か通知する(ステップS209)。 The admission confirmation control unit 202 notifies the user of the results of the identity confirmation and number confirmation from the second time onwards. The admission confirmation control unit 202 notifies the user whether or not he or she is allowed to enter the casino (step S209).
 このように、入場確認制御部202は、入場希望者がカジノに初めて入場しようとする場合には、少なくとも電子証明書を用いた本人確認を実行する。また、入場確認制御部202は、入場希望者がカジノに2回目以降の入場を希望している場合には、少なくとも電子証明書を用いた本人確認とカジノに入場することの回数確認に関する制御を実行する。より具体的には、入場確認制御部202は、電子証明書が格納されたマイナンバーカードからカジノユーザIDを読み出せない場合には、入場希望者はカジノに初めて入場しようとする利用者と判定する。入場確認制御部202は、電子証明書が格納されたマイナンバーカードからカジノユーザIDを読み出せた場合には、入場希望者はカジノに2回目以降の入場を希望する利用者と判定する。 In this way, when a person wishing to enter the casino for the first time, the entry confirmation control unit 202 performs identity confirmation using at least an electronic certificate. Furthermore, when a person wishing to enter the casino wishes to enter for the second or subsequent time, the entry confirmation control unit 202 performs control related to identity confirmation using at least an electronic certificate and confirmation of the number of times the person has entered the casino. More specifically, when the entry confirmation control unit 202 cannot read out a casino user ID from a My Number card in which an electronic certificate is stored, it determines that the person wishing to enter is a user who is attempting to enter the casino for the first time. When the entry confirmation control unit 202 can read out a casino user ID from a My Number card in which an electronic certificate is stored, it determines that the person wishing to enter is a user who wishes to enter the casino for the second or subsequent time.
 記憶部203は、受付端末10の動作に必要な情報を記憶する手段である。 The memory unit 203 is a means for storing information necessary for the operation of the reception terminal 10.
[入場端末]
 図15は、第1の実施形態に係る入場端末20の処理構成(処理モジュール)の一例を示す図である。図15を参照すると、入場端末20は、通信制御部301と、認証制御部302と、ゲート制御部303と、記憶部304と、を備える。 [Admission terminal]
15 is a diagram showing an example of a processing configuration (processing module) of the entrance terminal 20 according to the first embodiment. Referring to FIG. 15, the entrance terminal 20 includes a communication control unit 301, an authentication control unit 302, a gate control unit 303, and a storage unit 304.
 通信制御部301は、他の装置との間の通信を制御する手段である。例えば、通信制御部301は、カジノサーバ30からデータ(パケット)を受信する。また、通信制御部301は、カジノサーバ30に向けてデータを送信する。通信制御部301は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部301は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部301を介して他の装置とデータの送受信を行う。通信制御部301は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the casino server 30. The communication control unit 301 also transmits data to the casino server 30. The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data obtained from other processing modules to other devices. In this way, the other processing modules transmit and receive data with other devices via the communication control unit 301. The communication control unit 301 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
 認証制御部302は、カジノ施設への入場希望者(被認証者)の認証に関する制御を行う手段である。 The authentication control unit 302 is a means for controlling the authentication of persons (persons to be authenticated) who wish to enter the casino facility.
 図16は、第1の実施形態に係る認証制御部302の動作の一例を示すフローチャートである。 FIG. 16 is a flowchart showing an example of the operation of the authentication control unit 302 according to the first embodiment.
 認証制御部302は、人感センサ等を用いて自装置の面前(入場端末20の面前)に利用者を検出すると、当該利用者に対して所持するマイナンバーカードを提示するように求める。 When the authentication control unit 302 detects a user in front of its device (in front of the entrance terminal 20) using a human presence sensor or the like, it asks the user to present their My Number card.
 例えば、認証制御部302は、ICカードリーダにマイナンバーカードを接触させることを利用者に促す。認証制御部302は、マイナンバーカードからカジノユーザIDの読み取りを試みる(ステップS301)。 For example, the authentication control unit 302 prompts the user to touch the My Number card to an IC card reader. The authentication control unit 302 attempts to read the casino user ID from the My Number card (step S301).
 カジノユーザIDの読み取りに失敗した場合(ステップS302、No分岐)、認証制御部302は、利用者はカジノに入場できないと決定する(カジノ入場不可;ステップS303)。 If reading of the casino user ID fails (step S302, No branch), the authentication control unit 302 determines that the user cannot enter the casino (casino entry not permitted; step S303).
 カジノユーザIDの読み取りに成功した場合(ステップS302、Yes分岐)、認証制御部302は、カメラを制御して利用者の顔画像を取得する(ステップS304)。 If the casino user ID is successfully read (step S302, Yes branch), the authentication control unit 302 controls the camera to obtain a facial image of the user (step S304).
 認証制御部302は、取得した顔画像とカジノユーザIDを含む認証要求を入場制御サーバ80に送信する(ステップS305)。 The authentication control unit 302 sends an authentication request including the acquired face image and casino user ID to the admission control server 80 (step S305).
 認証制御部302は、入場制御サーバ80から認証結果(認証成功、認証失敗)を受信する。 The authentication control unit 302 receives the authentication result (authentication successful, authentication failed) from the entrance control server 80.
 認証失敗(否定応答)を受信した場合(ステップS306、No分岐)、認証制御部302は、利用者はカジノに入場できないと決定する(カジノ入場不可;ステップS303)。 If authentication fails (negative response) (step S306, No branch), the authentication control unit 302 determines that the user cannot enter the casino (casino entry not permitted; step S303).
 認証成功(肯定応答)を受信した場合(ステップS306、Yes分岐)、認証制御部302は、利用者はカジノに入場できると決定する(カジノ入場可;ステップS307)。 If authentication is successful (positive response) (step S306, Yes branch), the authentication control unit 302 determines that the user can enter the casino (casino entry permitted; step S307).
 認証制御部302は、利用者に対し、カジノに入場できるか否かを通知する(ステップS308)。また、認証制御部302は、ゲート制御部303に対して利用者(被認証者)がカジノに入場できるか否かを通知する。 The authentication control unit 302 notifies the user whether or not he or she is permitted to enter the casino (step S308). The authentication control unit 302 also notifies the gate control unit 303 whether or not the user (person to be authenticated) is permitted to enter the casino.
 ゲート制御部303は、ゲートを制御する手段である。 The gate control unit 303 is a means for controlling the gate.
 利用者がカジノ施設への入場不可の場合、ゲート制御部303は、ゲートを閉じて利用者の通行を拒否する。 If the user is not permitted to enter the casino facility, the gate control unit 303 closes the gate to deny the user passage.
 利用者がカジノ施設への入場可の場合、ゲート制御部303は、ゲートを開いて利用者の通行を許可する。その際、ゲート制御部303は、入場端末20に設置された人感センサ等を用いて、利用者のゲート通過を検出する。 If the user is permitted to enter the casino facility, the gate control unit 303 opens the gate to allow the user to pass through. At that time, the gate control unit 303 detects the user's passage through the gate using a human presence sensor or the like installed on the admission terminal 20.
 ゲートを開いてから所定期間内に利用者のゲート通過を検出した場合、ゲート制御部303は、その旨をカジノサーバ30に通知する。具体的には、ゲート制御部303は、カジノユーザID(利用者ID)を含む「カジノ入場通知」をカジノサーバ30に送信する。 If the gate control unit 303 detects a user passing through the gate within a predetermined period of time after the gate is opened, the gate control unit 303 notifies the casino server 30 of this fact. Specifically, the gate control unit 303 sends a "casino entry notification" including the casino user ID (user ID) to the casino server 30.
 ゲートを開いてから所定期間内に利用者のゲート通過を検出できない場合、ゲート制御部303は、ゲートを閉じる。 If the gate control unit 303 does not detect a user passing through the gate within a specified period of time after the gate is opened, the gate control unit 303 closes the gate.
 記憶部304は、入場端末20の動作に必要な情報を記憶する手段である。 The memory unit 304 is a means for storing information necessary for the operation of the entrance terminal 20.
[カジノサーバ]
 図17は、第1の実施形態に係るカジノサーバ30の処理構成(処理モジュール)の一例を示す図である。図17を参照すると、カジノサーバ30は、通信制御部401と、本人確認処理部402と、入場確認処理部403と、入場通知部404と、記憶部405と、を備える。 [Casino Server]
17 is a diagram showing an example of a processing configuration (processing module) of the casino server 30 according to the first embodiment. Referring to FIG. 17, the casino server 30 includes a communication control unit 401, an identity verification processing unit 402, an entry verification processing unit 403, an entry notification unit 404, and a storage unit 405.
 通信制御部401は、他の装置との間の通信を制御する手段である。例えば、通信制御部401は、受付端末10からデータ(パケット)を受信する。また、通信制御部401は、受付端末10に向けてデータを送信する。通信制御部401は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部401は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部401を介して他の装置とデータの送受信を行う。通信制御部401は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the reception terminal 10. The communication control unit 401 also transmits data to the reception terminal 10. The communication control unit 401 passes the data received from other devices to other processing modules. The communication control unit 401 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 401. The communication control unit 401 has a function as a receiving unit that receives data from other devices, and a function as a transmitting unit that transmits data to other devices.
 本人確認処理部402は、受付端末10から受信する本人確認依頼を処理する手段である。本人確認処理部402は、カジノ施設への入場希望者に関する本人確認を第1のPFサーバ40に要求する。具体的には、本人確認処理部402は、本人確認依頼に含まれる署名用電子証明書を取り出し、当該署名用電子証明書を含む本人確認要求を第1のPFサーバ40に送信する。 The identity verification processing unit 402 is a means for processing identity verification requests received from the reception terminal 10. The identity verification processing unit 402 requests the first PF server 40 to verify the identity of a person wishing to enter the casino facility. Specifically, the identity verification processing unit 402 extracts the signature electronic certificate included in the identity verification request, and transmits an identity verification request including the signature electronic certificate to the first PF server 40.
 本人確認処理部402は、第1のPFサーバ40から本人確認要求に対する応答(肯定応答、否定応答)を受信する。 The identity verification processing unit 402 receives a response (positive or negative response) to the identity verification request from the first PF server 40.
 本人確認が失敗の場合(否定応答を受信した場合)、本人確認処理部402は、本人確認に失敗した旨を受付端末10に通知する。具体的には、本人確認処理部402は、本人確認依頼に対する否定応答を受付端末10に送信する。 If identity verification fails (if a negative response is received), the identity verification processing unit 402 notifies the reception terminal 10 that identity verification has failed. Specifically, the identity verification processing unit 402 sends a negative response to the identity verification request to the reception terminal 10.
 本人確認が成功の場合(肯定応答を受信した場合)、本人確認処理部402は、本人確認に成功した旨を受付端末10に通知する。具体的には、本人確認処理部402は、本人確認依頼に対する肯定応答(利用者IDを含む肯定応答)を受付端末10に送信する。なお、上述のように、利用者IDとカジノユーザIDは同じ値である。 If identity verification is successful (if a positive response is received), the identity verification processing unit 402 notifies the reception terminal 10 that identity verification was successful. Specifically, the identity verification processing unit 402 sends a positive response to the identity verification request (positive response including the user ID) to the reception terminal 10. Note that, as described above, the user ID and the casino user ID are the same value.
 ここで、第1のPFサーバ40が送信する肯定応答(署名用電子証明書の検証成功時に送信される応答)には、利用者ID及び本人特定事項が含まれる。本人確認処理部402は、取得した利用者IDと本人特定事項を管理サーバ50に送信する。 Here, the positive response sent by the first PF server 40 (the response sent when the verification of the digital certificate for signature is successful) includes the user ID and personal identification information. The personal identification processing unit 402 sends the acquired user ID and personal identification information to the management server 50.
 本人確認処理部402は、当該肯定応答に含まれる利用者ID及び本人特定事項を対応付けて利用者情報データベースに記憶する(図18参照)。なお、図18に示す利用者情報データベースは例示であって、記憶する項目等を限定する趣旨ではない。例えば、本人確認依頼の処理日時が利用者情報データベースに登録されていてもよい。 The identity verification processing unit 402 associates the user ID and identity information included in the positive response and stores them in a user information database (see FIG. 18). Note that the user information database shown in FIG. 18 is an example and is not intended to limit the items to be stored. For example, the date and time of processing the identity verification request may be registered in the user information database.
 入場確認処理部403は、受付端末10から受信する入場確認依頼を処理する手段である。入場確認処理部403は、カジノ入場希望者の利用者証明用電子証明書及びカジノユーザID(利用者ID)を含む入場確認依頼を受信する。 The entry confirmation processing unit 403 is a means for processing the entry confirmation request received from the reception terminal 10. The entry confirmation processing unit 403 receives the entry confirmation request including the electronic certificate for user authentication and the casino user ID (user ID) of the person wishing to enter the casino.
 入場確認処理部403は、入場確認依頼の受信に応じてカジノ入場希望者の本人確認と回数確認に関する処理を並行して実行する。図19を参照しつつ、入場確認処理部403の動作を説明する。 The entry confirmation processing unit 403 executes processes related to identity verification and number of visits of a person wishing to enter the casino in parallel in response to receiving an entry confirmation request. The operation of the entry confirmation processing unit 403 will be explained with reference to FIG. 19.
 入場確認依頼を受信すると、入場確認処理部403は、当該入場確認依頼に対応する問合せを管理(識別)するための識別情報を生成する(ステップS401)。具体的には、入場確認処理部403は、入場確認依頼の受信に応じて、問合せIDを生成する。例えば、入場確認処理部403は、入場確認依頼の受信日時等のハッシュ値を計算することで問合せID(問合せ番号)を生成する。 When an admission confirmation request is received, the admission confirmation processing unit 403 generates identification information for managing (identifying) the inquiry corresponding to the admission confirmation request (step S401). Specifically, the admission confirmation processing unit 403 generates an inquiry ID in response to receiving the admission confirmation request. For example, the admission confirmation processing unit 403 generates an inquiry ID (inquiry number) by calculating a hash value of the date and time of receipt of the admission confirmation request, etc.
 入場確認処理部403は、第1のPFサーバ40に対し、入場希望者の本人確認を要求する。また、入場確認処理部403は、管理サーバ50に対し、入場希望者の回数確認を要求する。 The admission confirmation processing unit 403 requests the first PF server 40 to confirm the identity of the person who wishes to enter. The admission confirmation processing unit 403 also requests the management server 50 to confirm the number of times the person wishes to enter.
 入場希望者の本人確認に関し、入場確認処理部403は、入場端末20から取得した利用者証明用電子証明書を含む本人確認要求を第1のPFサーバ40に送信する(ステップS402)。 To verify the identity of the person wishing to enter, the entrance verification processing unit 403 sends an identity verification request including the electronic certificate for user authentication acquired from the entrance terminal 20 to the first PF server 40 (step S402).
 入場確認処理部403は、第1のPFサーバ40から本人確認要求に対する応答(肯定応答、否定応答)を受信する。なお、肯定応答には、入場希望者の利用者ID及び本人特定事項が含まれる。 The admission confirmation processing unit 403 receives a response (positive or negative response) to the identity confirmation request from the first PF server 40. The positive response includes the user ID and identity information of the person wishing to enter.
 本人確認が失敗の場合(否定応答を受信した場合)、入場確認処理部403は、入場希望者に関する本人確認が失敗したことを記憶する。具体的には、入場確認処理部403は、問合せIDと本人確認が失敗した事実を対応付けて記憶(管理)する。 If identity verification fails (if a negative response is received), the admission confirmation processing unit 403 stores the fact that identity verification of the person wishing to enter has failed. Specifically, the admission confirmation processing unit 403 stores (manages) the inquiry ID and the fact that identity verification has failed in association with each other.
 本人確認が成功の場合(肯定応答を受信した場合)、入場確認処理部403は、入場希望者に関する本人確認が成功したことを記憶する。具体的には、入場確認処理部403は、問合せID、本人確認が成功した事実、利用者ID及び本人特定事項を対応付けて記憶(管理)する。 If identity verification is successful (if a positive response is received), the admission confirmation processing unit 403 stores the fact that identity verification of the person wishing to enter was successful. Specifically, the admission confirmation processing unit 403 stores (manages) the inquiry ID, the fact that identity verification was successful, the user ID, and identity specification information in association with each other.
 このように、入場確認処理部403は、問合せIDと対応付けて本人確認の結果を記憶する(ステップS403)。 In this way, the admission confirmation processing unit 403 stores the result of identity confirmation in association with the inquiry ID (step S403).
 入場希望者の回数確認に関し、入場確認処理部403は、問合せIDと受付端末10から取得した利用者証明用電子証明書及び利用者ID(カジノユーザID)を含む回数確認要求を管理サーバ50に送信する(ステップS404)。 To confirm the number of times that a person wishing to enter has attempted to enter, the entry confirmation processing unit 403 sends a number of times confirmation request to the management server 50, which request includes the inquiry ID, the electronic certificate for user authentication acquired from the reception terminal 10, and the user ID (casino user ID) (step S404).
 入場確認処理部403は、管理サーバ50から回数確認要求に対する応答(肯定応答、否定応答)を受信する。管理サーバ50から受信する応答(肯定応答、否定応答)には問合せIDが含まれる。さらに、肯定応答には、入場希望者の入場者IDが含まれる。 The admission confirmation processing unit 403 receives a response (positive response, negative response) to the number confirmation request from the management server 50. The response (positive response, negative response) received from the management server 50 includes an inquiry ID. Furthermore, the positive response includes the visitor ID of the person wishing to enter.
 利用者がカジノ施設を利用できない場合(否定応答を受信した場合)、入場確認処理部403は、入場希望者に関する回数確認が失敗したことを記憶する。具体的には、入場確認処理部403は、問合せIDと回数確認が失敗した事実を対応付けて記憶(管理)する。 If the user is unable to use the casino facilities (if a negative response is received), the admission confirmation processing unit 403 stores the fact that the number of times confirmation for the person wishing to enter has failed. Specifically, the admission confirmation processing unit 403 stores (manages) the inquiry ID and the fact that the number of times confirmation has failed in association with each other.
 利用者がカジノ施設を利用できる場合(肯定応答を受信した場合)、入場確認処理部403は、入場希望者に関する回数確認が成功したことを記憶する。具体的には、入場確認処理部403は、問合せID、入場者ID及び回数確認が成功した事実を対応付けて記憶(管理)する。 If the user is allowed to use the casino facilities (if a positive response is received), the admission confirmation processing unit 403 stores the fact that the number of visits confirmation for the person wishing to enter was successful. Specifically, the admission confirmation processing unit 403 stores (manages) the inquiry ID, visitor ID, and the fact that the number of visits confirmation was successful in association with each other.
 このように、入場確認処理部403は、問合せIDと対応付けて回数確認の結果を記憶する(ステップS405)。 In this way, the admission confirmation processing unit 403 stores the result of the number confirmation in association with the inquiry ID (step S405).
 入場確認処理部403は、入場希望者の本人確認と回数確認の結果が揃うと、当該入場希望者がカジノ施設に入場可能か否かを判定する(入場可否判定;ステップS406)。 Once the results of identity verification and number of visits of the person wishing to enter have been received, the entry verification processing unit 403 determines whether or not the person wishing to enter is permitted to enter the casino facility (entry permission determination; step S406).
 入場確認処理部403は、本人確認に成功し、且つ、カジノ施設が利用可である場合に、カジノ施設への入場希望者はカジノ施設に入場できると判定する。 If identity verification is successful and the casino facility is available for use, the admission confirmation processing unit 403 determines that the person wishing to enter the casino facility can enter the casino facility.
 入場確認処理部403は、本人確認に失敗、又は、カジノ施設が利用不可である場合に、当該利用者はカジノ施設に入場できないと判定する。 If identity verification fails or the casino facility is not available, the entry verification processing unit 403 determines that the user cannot enter the casino facility.
 入場確認処理部403は、入場確認依頼に対する応答(確認結果)を受付端末10に送信する(ステップS407)。 The admission confirmation processing unit 403 sends a response (confirmation result) to the admission confirmation request to the reception terminal 10 (step S407).
 具体的には、入場希望者がカジノ施設に入場可と判定された場合には、入場確認処理部403は、その旨を示す肯定応答を受付端末10に送信する。 Specifically, if it is determined that the person wishing to enter is permitted to enter the casino facility, the entry confirmation processing unit 403 sends a positive response indicating that to the reception terminal 10.
 入場希望者がカジノ施設に入場不可と判定された場合には、入場確認処理部403は、その旨を示す否定応答を受付端末10に送信する。 If it is determined that the person wishing to enter the casino facility is not allowed to enter, the entry confirmation processing unit 403 sends a negative response indicating that to the reception terminal 10.
 入場通知部404は、利用者(カジノ施設への入場希望者)がカジノ施設に入場した事実を管理サーバ50に通知する手段である。入場通知部404は、入場端末20が送信する「カジノ入場通知」を処理する。 The entry notification unit 404 is a means for notifying the management server 50 of the fact that a user (a person wishing to enter the casino facility) has entered the casino facility. The entry notification unit 404 processes the "casino entry notification" sent by the entry terminal 20.
 入場端末20からカジノ入場通知を受信すると、入場通知部404は、カジノユーザID(利用者ID)をキーとして利用者情報データベースを検索し、対応するエントリを特定する。入場通知部404は、利用者のゲート通過日時、特定されたエントリの本人特定事項及び利用者IDを含む「利用者入場通知」を管理サーバ50に送信する。 When a casino entry notification is received from the entry terminal 20, the entry notification unit 404 searches the user information database using the casino user ID (user ID) as a key to identify the corresponding entry. The entry notification unit 404 sends a "user entry notification" to the management server 50, which includes the date and time the user passed through the gate, the personal information of the identified entry, and the user ID.
 図18に示す例では、利用者IDが「uID01」の場合、氏名として「NM01」、性別として「女」を含む利用者入場通知が管理サーバ50に送信される。なお、利用者のゲート通過日時は、カジノ入場通知を受信した日時とすることができる。 In the example shown in FIG. 18, when the user ID is "uID01", a user entry notification including the name "NM01" and the gender "female" is sent to the management server 50. The date and time when the user passed through the gate can be the date and time when the casino entry notification was received.
 記憶部405は、カジノサーバ30の動作に必要な情報を記憶する手段である。 The memory unit 405 is a means for storing information necessary for the operation of the casino server 30.
[第1のPFサーバ]
 第1のPFサーバ40は、カジノサーバ30から送信される本人確認要求を処理するサーバである。第1のPFサーバ40は、最初の本人確認及び2回目以降の本人確認に起因する電子証明書(署名用電子証明書、利用者証明用電子証明書)の検証を認証局サーバ70に要求する。さらに、第1のPFサーバ40は、本人確認の対象となる利用者のID(利用者ID)に関する制御を行う。 [First PF Server]
The first PF server 40 is a server that processes an identity verification request sent from the casino server 30. The first PF server 40 requests the certificate authority server 70 to verify electronic certificates (digital signature certificate, electronic user certificate) resulting from the first identity verification and the second and subsequent identity verifications. Furthermore, the first PF server 40 controls the ID (user ID) of the user who is the subject of identity verification.
 図20は、第1の実施形態に係る第1のPFサーバ40の処理構成(処理モジュール)の一例を示す図である。図20を参照すると、第1のPFサーバ40は、通信制御部501と、検証制御部502と、記憶部503と、を備える。 FIG. 20 is a diagram showing an example of a processing configuration (processing module) of the first PF server 40 according to the first embodiment. Referring to FIG. 20, the first PF server 40 includes a communication control unit 501, a verification control unit 502, and a storage unit 503.
 通信制御部501は、他の装置との間の通信を制御する手段である。例えば、通信制御部501は、カジノサーバ30からデータ(パケット)を受信する。また、通信制御部501は、カジノサーバ30に向けてデータを送信する。通信制御部501は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部501は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部501を介して他の装置とデータの送受信を行う。通信制御部501は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 501 is a means for controlling communication with other devices. For example, the communication control unit 501 receives data (packets) from the casino server 30. The communication control unit 501 also transmits data to the casino server 30. The communication control unit 501 passes data received from other devices to other processing modules. The communication control unit 501 transmits data obtained from other processing modules to other devices. In this way, the other processing modules transmit and receive data with other devices via the communication control unit 501. The communication control unit 501 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
 検証制御部502は、電子証明書の有効性検証に関する制御を行う手段である。検証制御部502は、カジノサーバ30から受信する本人確認要求を処理する。 The verification control unit 502 is a means for controlling the verification of the validity of electronic certificates. The verification control unit 502 processes identity verification requests received from the casino server 30.
 初回の本人確認に関する本人確認要求には署名用電子証明書が含まれている。検証制御部502は、当該署名用電子証明書から発行番号を抽出し、当該抽出した発行番号を含む検証要求を認証局サーバ70に送信する。 The identity verification request for the initial identity verification includes the signature electronic certificate. The verification control unit 502 extracts the issue number from the signature electronic certificate and sends a verification request including the extracted issue number to the certification authority server 70.
 検証制御部502は、認証局サーバ70から検証要求に対する応答(肯定応答、否定応答)を受信する。 The verification control unit 502 receives a response (positive or negative response) to the verification request from the certification authority server 70.
 否定応答(署名用電子証明書は無効)を受信した場合、検証制御部502は、カジノサーバ30に対して本人確認に失敗した旨を通知する。検証制御部502は、その旨を示す否定応答をカジノサーバ30に送信する。 If a negative response (the signature electronic certificate is invalid) is received, the verification control unit 502 notifies the casino server 30 that identity verification has failed. The verification control unit 502 sends a negative response indicating that to the casino server 30.
 肯定応答(署名用電子証明書は有効)を受信した場合、検証制御部502は、対応する利用者のアカウントを生成する。 If a positive response is received (the digital signature certificate is valid), the verification control unit 502 creates an account for the corresponding user.
 具体的には、検証制御部502は、処理の対象となっている入場希望者の利用者IDを生成する。また、検証制御部502は、認証局サーバ70から受信した肯定応答から利用者証明用電子証明書の発行番号を取り出す。さらに、検証制御部502は、有効と判定された署名用電子証明書から本人特定事項を取得する。 Specifically, the verification control unit 502 generates a user ID for the person who wishes to enter and is the subject of the process. The verification control unit 502 also extracts the issue number of the electronic certificate for user authentication from the positive response received from the certification authority server 70. Furthermore, the verification control unit 502 obtains personal identification information from the electronic signature certificate that has been determined to be valid.
 検証制御部502は、生成した利用者IDと、本人特定事項、署名用電子証明書の発行番号、利用者証明用電子証明書の発行番号を利用者管理データベースに記憶する(図21参照)。なお、図21に示す利用者管理データベースは例示であって、記憶する項目等を限定する趣旨ではない。 The verification control unit 502 stores the generated user ID, personal identification information, the issue number of the electronic certificate for signature, and the issue number of the electronic certificate for user authentication in the user management database (see FIG. 21). Note that the user management database shown in FIG. 21 is an example, and is not intended to limit the items to be stored.
 処理対象者のアカウントを生成すると、検証制御部502は、本人確認に成功した旨をカジノサーバ30に通知する。その際、検証制御部502は、上記生成した利用者IDと対応する本人特定情報を併せてカジノサーバ30に通知する。具体的には、検証制御部502は、利用者ID及び本人特定事項を含む肯定応答をカジノサーバ30に送信する。 Once the account for the person being processed is generated, the verification control unit 502 notifies the casino server 30 that identity verification has been successful. At that time, the verification control unit 502 notifies the casino server 30 of the generated user ID and the corresponding identity identification information. Specifically, the verification control unit 502 sends an affirmative response including the user ID and identity identification information to the casino server 30.
 利用者がカジノ施設に入場する際の本人確認に関する本人確認要求(2回目以降の本人確認時の本人確認要求)には利用者証明用電子証明書が含まれている。検証制御部502は、当該利用者証明用電子証明書から発行番号を抽出する。 The user identification request (the second or subsequent identity verification request) when the user enters a casino facility includes the user identification electronic certificate. The verification control unit 502 extracts the issue number from the user identification electronic certificate.
 検証制御部502は、入場端末20で行われる2回目以降の本人確認に起因する本人確認要求に含まれる利用者証明用電子証明書から抽出された発行番号をキーとして利用者管理データベースを検索し、対応するエントリの特定を試みる。 The verification control unit 502 searches the user management database using the issue number extracted from the user authentication electronic certificate included in the identity verification request resulting from the second or subsequent identity verification performed at the entrance terminal 20 as a key, and attempts to identify the corresponding entry.
 該当するエントリ(発行番号)が利用者管理データベースに存在しなければ、検証制御部502は、入場希望者は「初回の本人確認(署名用電子証明書の有効性検証)」が完了していないと判断し、当該利用者に関する本人確認を失敗に設定する。 If the corresponding entry (issue number) does not exist in the user management database, the verification control unit 502 determines that the person seeking admission has not completed the "initial identity verification (validation of the signature electronic certificate)," and sets the identity verification for that user to failed.
 該当するエントリ(発行番号)が利用者管理データベースに存在すれば、検証制御部502は、特定されたエントリに記憶された利用者証明用電子証明書の発行番号及び署名用電子証明書の発行番号を含む検証要求を認証局サーバ70に送信する。 If a corresponding entry (issue number) exists in the user management database, the verification control unit 502 sends a verification request to the certification authority server 70, including the issue number of the user authentication electronic certificate and the issue number of the signature electronic certificate stored in the identified entry.
 検証制御部502は、認証局サーバ70から検証要求に対する応答(肯定応答、否定応答)を受信する。 The verification control unit 502 receives a response (positive or negative response) to the verification request from the certification authority server 70.
 否定応答(署名用電子証明書及び利用者証明用電子証明書の少なくとも1つが無効)を受信した場合、検証制御部502は、利用者の本人確認を失敗に設定する。 If a negative response is received (at least one of the signature electronic certificate and the user authentication electronic certificate is invalid), the verification control unit 502 sets the user identity verification to failure.
 肯定応答(署名用電子証明書及び利用者証明用電子証明書が有効)を受信した場合、検証制御部502は、利用者の本人確認を成功に設定する。 If a positive response is received (the signature electronic certificate and user authentication electronic certificate are valid), the verification control unit 502 sets the user identity verification to successful.
 検証制御部502は、本人確認の結果(本人確認成功、本人確認失敗)をカジノサーバ30に通知する。 The verification control unit 502 notifies the casino server 30 of the result of identity verification (identity verification successful, identity verification failed).
 本人確認が成功の場合には、検証制御部502は、その旨を示す肯定応答をカジノサーバ30に送信する。その際、検証制御部502は、利用者(本人確認対象者)に関する利用者IDと本人特定事項を含む肯定応答をカジノサーバ30に送信する。 If identity verification is successful, the verification control unit 502 sends an affirmative response indicating that to the casino server 30. At that time, the verification control unit 502 sends an affirmative response including the user ID and identity specification information for the user (person subject to identity verification) to the casino server 30.
 本人確認が失敗の場合には、検証制御部502は、その旨を示す否定応答をカジノサーバ30に送信する。 If identity verification fails, the verification control unit 502 sends a negative response to that effect to the casino server 30.
 記憶部503は、第1のPFサーバ40の動作に必要な情報を記憶する手段である。 The memory unit 503 is a means for storing information necessary for the operation of the first PF server 40.
[管理サーバ]
 図22は、第1の実施形態に係る管理サーバ50の処理構成(処理モジュール)の一例を示す図である。図22を参照すると、管理サーバ50は、通信制御部601と、回数確認制御部602と、入退制御部603と、記憶部604と、を備える。 [Administration Server]
Fig. 22 is a diagram showing an example of a processing configuration (processing module) of the management server 50 according to the first embodiment. Referring to Fig. 22, the management server 50 includes a communication control unit 601, a count confirmation control unit 602, an entry/exit control unit 603, and a storage unit 604.
 通信制御部601は、他の装置との間の通信を制御する手段である。例えば、通信制御部601は、カジノサーバ30からデータ(パケット)を受信する。また、通信制御部601は、カジノサーバ30に向けてデータを送信する。通信制御部601は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部601は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部601を介して他の装置とデータの送受信を行う。通信制御部601は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 601 is a means for controlling communication with other devices. For example, the communication control unit 601 receives data (packets) from the casino server 30. The communication control unit 601 also transmits data to the casino server 30. The communication control unit 601 passes data received from other devices to other processing modules. The communication control unit 601 transmits data obtained from other processing modules to other devices. In this way, the other processing modules transmit and receive data with other devices via the communication control unit 601. The communication control unit 601 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
 回数確認制御部602は、利用者のカジノ利用に関する回数確認を制御する手段である。なお、回数確認制御部602は、1つのカジノ施設に関する利用状況の管理ではなく、国内で事業活動を行う各カジノ施設(複数のカジノ施設)に関する利用状況を管理する。即ち、回数確認制御部602は、利用者が入場しようとしているカジノ施設だけでなく、国内に存在する他のカジノ施設に関する回数確認等を行う。なお、カジノ管理委員会は、マイナンバーカードの利用者証明用電子証明書を利用して回数確認を行う。 The number of times confirmation control unit 602 is a means for controlling the confirmation of the number of times a user uses a casino. Note that the number of times confirmation control unit 602 does not manage the usage status of a single casino facility, but rather manages the usage status of each casino facility (multiple casino facilities) conducting business activities within the country. In other words, the number of times confirmation control unit 602 performs the number of times confirmation, etc., not only for the casino facility that the user is about to enter, but also for other casino facilities existing within the country. Note that the Casino Management Committee performs the number of times confirmation using the electronic certificate for user authentication on the My Number card.
 回数確認制御部602は、カジノサーバ30から利用者IDと本人特定事項を受信すると、後述する入場者情報データベースにエントリを追加し、利用者IDと本人特定事項を記憶する。また、回数確認制御部602は、カジノサーバ30から受信する回数確認要求を処理する。回数確認制御部602は、入場者(カジノ施設への入場希望者)に関する特定を第2のPFサーバ60に要求する。 When the number of times confirmation control unit 602 receives the user ID and personal identification information from the casino server 30, it adds an entry to the visitor information database described below and stores the user ID and personal identification information. The number of times confirmation control unit 602 also processes the number of times confirmation request received from the casino server 30. The number of times confirmation control unit 602 requests the second PF server 60 to identify the visitor (a person wishing to enter the casino facility).
 回数確認要求には、問合せID、利用者証明用電子証明書及び利用者IDが含まれる。回数確認制御部602は、利用者IDを用いて入場者情報データベースに記憶された利用者(エントリ)を特定する。また、回数確認制御部602は、回数確認要求に含まれる利用者証明用電子証明書を含む入場者特定要求を第2のPFサーバ60に送信する。 The number of times confirmation request includes an inquiry ID, an electronic certificate for user authentication, and a user ID. The number of times confirmation control unit 602 uses the user ID to identify the user (entry) stored in the visitor information database. The number of times confirmation control unit 602 also sends a visitor identification request including the electronic certificate for user authentication included in the number of times confirmation request to the second PF server 60.
 回数確認制御部602は、第2のPFサーバ60から入場者特定要求に対する応答(肯定応答、否定応答)を受信する。 The number confirmation control unit 602 receives a response (positive response, negative response) to the visitor identification request from the second PF server 60.
 入場者が特定されない場合(否定応答を受信した場合)、回数確認制御部602は、回数確認に失敗した旨をカジノサーバ30に通知する。具体的には、回数確認制御部602は、回数確認要求に対する否定応答(カジノ施設利用不可)をカジノサーバ30に送信する。その際、回数確認制御部602は、カジノサーバ30から取得した問合せIDを含む否定応答をカジノサーバ30に送信する。 If the visitor cannot be identified (if a negative response is received), the number of times confirmation control unit 602 notifies the casino server 30 that the number of times confirmation has failed. Specifically, the number of times confirmation control unit 602 sends a negative response (casino facilities cannot be used) to the casino server 30 in response to the number of times confirmation request. At that time, the number of times confirmation control unit 602 sends a negative response including the inquiry ID acquired from the casino server 30 to the casino server 30.
 入場者が特定された場合(肯定応答を受信した場合)、回数確認制御部602は、入場希望者に関する回数確認を行う。第2のPFサーバ60が送信する肯定応答には、入場希望者の入場者IDが含まれる。回数確認制御部602は、取得した入場者IDを入場者情報データベースの対応するエントリに書き込む。 When an attendee has been identified (when a positive response has been received), the number of visits confirmation control unit 602 performs a number of visits confirmation for the person wishing to enter. The positive response sent by the second PF server 60 includes the attendee ID of the person wishing to enter. The number of visits confirmation control unit 602 writes the acquired attendee ID into the corresponding entry in the attendee information database.
 回数確認は、入場者情報データベースを用いて行われる。図23は、第1の実施形態に係る入場者情報データベースの一例を示す図である。図23に示すように、入場者情報データベースは、利用者ID、入場者ID、本人特定事項及びカジノ利用履歴(入場履歴、退場履歴)を対応付けて記憶する。 The number of visits is confirmed using a visitor information database. FIG. 23 is a diagram showing an example of a visitor information database according to the first embodiment. As shown in FIG. 23, the visitor information database stores user IDs, visitor IDs, personal identification information, and casino usage history (entry history, exit history) in association with each other.
 回数確認制御部602は、第2のPFサーバ60から取得した入場者IDをキーとして入場者情報データベースを検索し、対応するエントリを特定する。回数確認制御部602は、対応するエントリ(入場希望者)のカジノ利用履歴を用いて回数確認を行う。具体的には、回数確認制御部602は、入場希望者のカジノ利用履歴が上記短期の回数制限(連続する7日間における入場回数は3回まで)や、長期の回数制限(連続する28日間での入場回数は10回まで)に抵触するか否か判定する。 The number of visits confirmation control unit 602 searches the visitor information database using the visitor ID obtained from the second PF server 60 as a key, and identifies the corresponding entry. The number of visits confirmation control unit 602 performs the number of visits confirmation using the casino usage history of the corresponding entry (visitor wishing to enter). Specifically, the number of visits confirmation control unit 602 determines whether the casino usage history of the visitor wishes to enter violates the short-term number of visits limit (up to three visits in seven consecutive days) or the long-term number of visits limit (up to ten visits in 28 consecutive days).
 回数確認制御部602は、入場希望者のカジノ施設利用履歴は回数制限に抵触すると判定した場合には、回数確認の結果に「カジノ施設利用不可」を設定する。 If the number of times confirmation control unit 602 determines that the casino facility usage history of the person wishing to enter violates the number of times limit, it sets the result of the number of times confirmation to "casino facility usage not permitted."
 回数確認制御部602は、入場希望者のカジノ施設利用履歴は回数制限に抵触しないと判定した場合には、回数確認の結果に「カジノ施設利用可」を設定する。 If the number of visits confirmation control unit 602 determines that the casino facility usage history of the person wishing to enter does not violate the number of visits limit, it sets the result of the number of visits confirmation to "Casino facility usage permitted."
 回数確認制御部602は、回数確認の結果をカジノサーバ30に通知する。 The number of times confirmation control unit 602 notifies the casino server 30 of the result of the number of times confirmation.
 回数確認の結果が「カジノ施設利用不可」であれば、回数確認制御部602は、その旨を示す否定応答をカジノサーバ30に送信する。その際、回数確認制御部602は、カジノサーバ30から取得した問合せIDを含む否定応答をカジノサーバ30に送信する。 If the result of the count confirmation is "casino facilities cannot be used," the count confirmation control unit 602 sends a negative response indicating that to the casino server 30. At that time, the count confirmation control unit 602 sends a negative response to the casino server 30 that includes the inquiry ID acquired from the casino server 30.
 回数確認の結果が「カジノ施設利用可」であれば、回数確認制御部602は、その旨を示す肯定応答をカジノサーバ30に送信する。その際、回数確認制御部602は、カジノサーバ30から取得した問合せID及び入場希望者の入場者IDを含む肯定応答をカジノサーバ30に送信する。 If the result of the number of times confirmation is "casino facilities can be used," the number of times confirmation control unit 602 sends an affirmative response indicating that to the casino server 30. At that time, the number of times confirmation control unit 602 sends an affirmative response to the casino server 30 that includes the inquiry ID acquired from the casino server 30 and the visitor ID of the person wishing to enter.
 入退制御部603は、カジノ施設利用者の入退場を制御する手段である。 The entry/exit control unit 603 is a means for controlling the entry and exit of users of the casino facility.
 カジノサーバ30から「利用者入場通知」を受信すると、入退制御部603は、当該通知に含まれる利用者IDをキーとして入場者情報データベースを検索し、対応するエントリを特定する。入退制御部603は、利用者入場通知に含まれる本人特定事項及びゲート通過日時を用いて、特定したエントリの本人特定事項フィールド及び入場履歴フィールドを更新する。 When a "user entry notification" is received from the casino server 30, the entry/exit control unit 603 searches the visitor information database using the user ID included in the notification as a key to identify the corresponding entry. The entry/exit control unit 603 updates the user identification information field and the entry history field of the identified entry using the user identification information and gate passing date and time included in the user entry notification.
 入場者情報データベースの本人特定事項フィールドに情報が既に設定されている場合には、入退制御部603は、当該フィールドを更新してもよいし更新しなくてもよい。 If information has already been set in the personal identification information field of the visitor information database, the entry/exit control unit 603 may or may not update that field.
 なお、入退制御部603は、カジノ利用者がカジノ施設から退場する際の制御も行う。カジノ施設からの退場に関する制御は本願開示の趣旨とは異なるので詳細な説明を省略する。入退制御部603は、カジノ施設の出口に設置された出口端末(図3等に図示せず)等から利用者IDと退場履歴を受け取り、当該退場履歴を入場者情報データベースに反映すればよい。 The entry/exit control unit 603 also controls when a casino user leaves the casino facility. Control regarding exit from the casino facility is different from the spirit of this disclosure, so a detailed explanation will be omitted. The entry/exit control unit 603 receives a user ID and exit history from an exit terminal (not shown in FIG. 3, etc.) installed at the exit of the casino facility, and reflects the exit history in the visitor information database.
 記憶部604は、管理サーバ50の動作に必要な情報を記憶する手段である。 The memory unit 604 is a means for storing information necessary for the operation of the management server 50.
[第2のPFサーバ]
 第2のPFサーバ60は、管理サーバ50から送信される入場者特定要求を処理するサーバである。第2のPFサーバ60は、利用者の回数確認に起因する利用者証明用電子証明書の検証を認証局サーバ70に要求する。さらに、第2のPFサーバ60は、回数確認の対象となる利用者のID(入場者ID)に関する制御を行う。 [Second PF Server]
The second PF server 60 is a server that processes a visitor identification request sent from the management server 50. The second PF server 60 requests the certificate authority server 70 to verify a user authentication electronic certificate resulting from the user's number of times confirmation. Furthermore, the second PF server 60 controls the ID (visitor ID) of the user who is the subject of the number of times confirmation.
 図24は、第1の実施形態に係る第2のPFサーバ60の処理構成(処理モジュール)の一例を示す図である。図24を参照すると、第2のPFサーバ60は、通信制御部701と、検証制御部702と、記憶部703と、を備える。 FIG. 24 is a diagram showing an example of a processing configuration (processing module) of the second PF server 60 according to the first embodiment. Referring to FIG. 24, the second PF server 60 includes a communication control unit 701, a verification control unit 702, and a storage unit 703.
 通信制御部701は、他の装置との間の通信を制御する手段である。例えば、通信制御部701は、管理サーバ50からデータ(パケット)を受信する。また、通信制御部701は、管理サーバ50に向けてデータを送信する。通信制御部701は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部701は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部701を介して他の装置とデータの送受信を行う。通信制御部701は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 701 is a means for controlling communication with other devices. For example, the communication control unit 701 receives data (packets) from the management server 50. The communication control unit 701 also transmits data to the management server 50. The communication control unit 701 passes data received from other devices to other processing modules. The communication control unit 701 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 701. The communication control unit 701 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
 検証制御部702は、電子証明書の有効性検証に関する制御を行う手段である。検証制御部702は、管理サーバ50から受信する入場者特定要求を処理する。 The verification control unit 702 is a means for controlling the verification of the validity of electronic certificates. The verification control unit 702 processes visitor identification requests received from the management server 50.
 管理サーバ50から送信された入場者特定要求には利用者証明用電子証明書が含まれている。検証制御部702は、当該利用者証明用電子証明書から発行番号を抽出し、当該抽出した発行番号を含む検証要求を認証局サーバ70に送信する。 The visitor identification request sent from the management server 50 includes an electronic certificate for user authentication. The verification control unit 702 extracts the issue number from the electronic certificate for user authentication and sends a verification request including the extracted issue number to the certification authority server 70.
 検証制御部702は、認証局サーバ70から検証要求に対する応答(肯定応答、否定応答)を受信する。 The verification control unit 702 receives a response (positive or negative response) to the verification request from the certification authority server 70.
 否定応答(利用者証明用電子証明書は無効)を受信した場合、検証制御部702は、管理サーバ50に対して入場希望者を特定できない旨を通知する。具体的には、検証制御部702は、その旨を示す否定応答を管理サーバ50に送信する。 If a negative response is received (the user authentication electronic certificate is invalid), the verification control unit 702 notifies the management server 50 that the person wishing to enter cannot be identified. Specifically, the verification control unit 702 sends a negative response indicating this to the management server 50.
 肯定応答(利用者証明用電子証明書は有効)を受信した場合、検証制御部702は、入場希望者のアカウントを生成する。肯定応答を受信すると、検証制御部702は、有効と判定された利用者証明用電子証明書の発行番号をキーとして、入場者管理データベースを検索する。 If a positive response is received (the user authentication electronic certificate is valid), the verification control unit 702 creates an account for the person wishing to enter. Upon receiving a positive response, the verification control unit 702 searches the visitor management database using the issue number of the user authentication electronic certificate that was determined to be valid as a key.
 入場者管理データベースは、入場者IDと利用者証明用電子証明書の発行番号を対応付けて記憶するデータベースである(図25参照)。なお、図25に示す入場者管理データベースは例示であって、記憶する項目等を限定する趣旨ではない。 The visitor management database is a database that stores visitor IDs and the issue numbers of electronic certificates for user authentication in association with each other (see FIG. 25). Note that the visitor management database shown in FIG. 25 is an example, and is not intended to limit the items to be stored.
 利用者証明用電子証明書の発行番号に対応するエントリが存在すれば、検証制御部702は、特段の動作をしない。 If an entry exists that corresponds to the issue number of the user authentication electronic certificate, the verification control unit 702 does not take any special action.
 利用者証明用電子証明書の発行番号に対応するエントリが存在しなければ、検証制御部702は、入場希望者の入場者IDを生成する。さらに、検証制御部702は、生成した入場者IDと利用者証明用電子証明書の発行番号を入場者管理データベースに記憶する。 If there is no entry corresponding to the issue number of the electronic certificate for user authentication, the verification control unit 702 generates a visitor ID for the person wishing to enter. Furthermore, the verification control unit 702 stores the generated visitor ID and the issue number of the electronic certificate for user authentication in the visitor management database.
 さらに、肯定応答を受信した場合、検証制御部702は、入場希望者が特定された旨を管理サーバ50に通知する。具体的には、検証制御部702は、その旨を示す肯定応答を管理サーバ50に送信する。その際、検証制御部702は、入場希望者の入場者IDを含む肯定応答を管理サーバ50に送信する。 Furthermore, if a positive response is received, the verification control unit 702 notifies the management server 50 that the person wishing to enter has been identified. Specifically, the verification control unit 702 sends a positive response indicating this to the management server 50. At that time, the verification control unit 702 sends the positive response including the visitor ID of the person wishing to enter to the management server 50.
 記憶部703は、第2のPFサーバ60の動作に必要な情報を記憶する手段である。 The memory unit 703 is a means for storing information necessary for the operation of the second PF server 60.
[認証局サーバ]
 図26は、第1の実施形態に係る認証局サーバ70の処理構成(処理モジュール)の一例を示す図である。図26を参照すると、認証局サーバ70は、通信制御部801と、検証部802と、記憶部803と、を備える。 [Certification Authority Server]
26 is a diagram showing an example of a processing configuration (processing module) of the certificate authority server 70 according to the first embodiment. Referring to FIG. 26, the certificate authority server 70 includes a communication control unit 801, a verification unit 802, and a storage unit 803.
 通信制御部801は、他の装置との間の通信を制御する手段である。例えば、通信制御部801は、第1のPFサーバ40からデータ(パケット)を受信する。また、通信制御部801は、第1のPFサーバ40に向けてデータを送信する。通信制御部801は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部801は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部801を介して他の装置とデータの送受信を行う。通信制御部801は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 801 is a means for controlling communication with other devices. For example, the communication control unit 801 receives data (packets) from the first PF server 40. The communication control unit 801 also transmits data to the first PF server 40. The communication control unit 801 passes data received from other devices to other processing modules. The communication control unit 801 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 801. The communication control unit 801 has a function as a receiver that receives data from other devices and a function as a transmitter that transmits data to other devices.
 検証部802は、電子証明書の有効性検証を行う手段である。検証部802は、第1のPFサーバ40、第2のPFサーバ60から受信する検証要求を処理する。 The verification unit 802 is a means for verifying the validity of the electronic certificate. The verification unit 802 processes verification requests received from the first PF server 40 and the second PF server 60.
 検証部802は、署名用電子証明書の発行番号、利用者証明用電子証明書の発行番号、各証明書の有効期間等を記憶するデータベースを参照し、署名用電子証明書、利用者証明用電子証明書の有効性検証を行う。 The verification unit 802 refers to a database that stores the issue number of the signature electronic certificate, the issue number of the user authentication electronic certificate, the validity period of each certificate, etc., and verifies the validity of the signature electronic certificate and the user authentication electronic certificate.
 第1のPFサーバ40から検証要求を受信した場合であって、当該検証要求に署名用電子証明書の発行番号が含まれる場合、検証部802は、当該発行番号を用いて署名用電子証明書の有効性検証を行う。 When a verification request is received from the first PF server 40, and the verification request includes the issue number of the electronic signature certificate, the verification unit 802 uses the issue number to verify the validity of the electronic signature certificate.
 検証部802は、検証結果を第1のPFサーバ40に通知する。署名用電子証明書が有効な場合、検証部802は、その旨を示す肯定応答を第1のPFサーバ40に送信する。その際、検証部802は、署名用電子証明書の発行番号と対応付けて記憶されている利用者証明用電子証明書の発行番号を含む肯定応答を第1のPFサーバ40に送信する。 The verification unit 802 notifies the first PF server 40 of the verification result. If the signature electronic certificate is valid, the verification unit 802 sends an affirmative response to that effect to the first PF server 40. At that time, the verification unit 802 sends an affirmative response to the first PF server 40 that includes the issue number of the user authentication electronic certificate that is stored in correspondence with the issue number of the signature electronic certificate.
 署名用電子証明書が無効な場合、検証部802は、その旨を示す否定応答を第1のPFサーバ40に送信する。 If the signing electronic certificate is invalid, the verification unit 802 sends a negative response to that effect to the first PF server 40.
 第1のPFサーバ40から検証要求を受信した場合であって、当該検証要求に署名用電子証明書の発行番号と利用者証明用電子証明書の発行番号が含まれる場合、検証部802は、これらの発行番号を用いて2つの電子証明書の有効性検証を行う。 When a verification request is received from the first PF server 40, and the verification request includes the issue number of the signature electronic certificate and the issue number of the user authentication electronic certificate, the verification unit 802 uses these issue numbers to verify the validity of the two electronic certificates.
 2つの電子証明書(署名用電子証明書、利用者証明用電子証明書)が共に有効な場合、検証部802は、2つの電子証明書は有効である旨を第1のPFサーバ40に通知する。具体的には、検証部802は、2つの電子証明書は有効である旨を示す肯定応答を第1のPFサーバ40に送信する。 If both electronic certificates (electronic signature certificate and electronic user authentication certificate) are valid, the verification unit 802 notifies the first PF server 40 that the two electronic certificates are valid. Specifically, the verification unit 802 sends an affirmative response to the first PF server 40 indicating that the two electronic certificates are valid.
 2つの電子証明書(署名用電子証明書、利用者証明用電子証明書)の少なくとも1つが無効な場合、検証部802は、電子証明書は無効である旨を第1のPFサーバ40に通知する。具体的には、検証部802は、電子証明書は無効である旨を示す否定応答を第1のPFサーバ40に送信する。 If at least one of the two electronic certificates (electronic signature certificate, electronic user authentication certificate) is invalid, the verification unit 802 notifies the first PF server 40 that the electronic certificate is invalid. Specifically, the verification unit 802 sends a negative response to the first PF server 40 indicating that the electronic certificate is invalid.
 第2のPFサーバ60から検証要求を受信した場合、検証部802は、当該検証要求に含まれる利用者証明用電子証明書の発行番号を用いて利用者証明用電子証明書の有効性検証を行う。 When a verification request is received from the second PF server 60, the verification unit 802 verifies the validity of the user-certificate electronic certificate using the issue number of the user-certificate electronic certificate included in the verification request.
 検証部802は、検証結果を第2のPFサーバ60に通知する。利用者証明用電子証明書が有効な場合、検証部802は、その旨を示す肯定応答を第2のPFサーバ60に送信する。 The verification unit 802 notifies the second PF server 60 of the verification result. If the user authentication electronic certificate is valid, the verification unit 802 sends a positive response indicating that to the second PF server 60.
 利用者証明用電子証明書が無効な場合、検証部802は、その旨を示す否定応答を第2のPFサーバ60に送信する。 If the user authentication electronic certificate is invalid, the verification unit 802 sends a negative response indicating that to the second PF server 60.
 記憶部803は、認証局サーバ70の動作に必要な情報を記憶する手段である。 The memory unit 803 is a means for storing information necessary for the operation of the certification authority server 70.
[入場制御サーバ]
 図27は、第1の実施形態に係る入場制御サーバ80の処理構成(処理モジュール)の一例を示す図である。図27を参照すると、入場制御サーバ80は、通信制御部901と、入場許可者通知処理部902と、認証要求処理部903と、記憶部904と、を備える。 [Admission control server]
Fig. 27 is a diagram showing an example of a processing configuration (processing module) of the admission control server 80 according to the first embodiment. Referring to Fig. 27, the admission control server 80 includes a communication control unit 901, an admission permitted user notification processing unit 902, an authentication request processing unit 903, and a storage unit 904.
 通信制御部901は、他の装置との間の通信を制御する手段である。例えば、通信制御部901は、受付端末10からデータ(パケット)を受信する。また、通信制御部901は、受付端末10に向けてデータを送信する。通信制御部901は、他の装置から受信したデータを他の処理モジュールに引き渡す。通信制御部901は、他の処理モジュールから取得したデータを他の装置に向けて送信する。このように、他の処理モジュールは、通信制御部901を介して他の装置とデータの送受信を行う。通信制御部901は、他の装置からデータを受信する受信部としての機能と、他の装置に向けてデータを送信する送信部としての機能と、を備える。 The communication control unit 901 is a means for controlling communication with other devices. For example, the communication control unit 901 receives data (packets) from the reception terminal 10. The communication control unit 901 also transmits data to the reception terminal 10. The communication control unit 901 passes data received from other devices to other processing modules. The communication control unit 901 transmits data acquired from other processing modules to other devices. In this way, the other processing modules transmit and receive data to and from other devices via the communication control unit 901. The communication control unit 901 has a function as a receiving unit that receives data from other devices and a function as a transmitting unit that transmits data to other devices.
 入場許可者通知処理部902は、受付端末10から受信する入場許可者通知を処理する手段である。 The admission permitted person notification processing unit 902 is a means for processing the admission permitted person notification received from the reception terminal 10.
 入場許可者通知を受信すると、入場許可者通知処理部902は、当該通知に含まれる顔画像とカジノユーザIDを入場許可者リストに記憶する(図28参照)。 When an admission permitted person notification is received, the admission permitted person notification processing unit 902 stores the face image and casino user ID contained in the notification in the admission permitted person list (see FIG. 28).
 認証要求処理部903は、入場端末20から受信する認証要求を処理する手段である。 The authentication request processing unit 903 is a means for processing the authentication request received from the entrance terminal 20.
 認証要求処理部903は、認証要求に含まれるカジノユーザIDをキーとして入場許可者リストを検索し、対応する利用者(エントリ)を特定する。認証要求処理部903は、特定された利用者の顔画像と入場端末20から取得した顔画像を用いて1対1認証を行う。 The authentication request processing unit 903 searches the list of permitted entry users using the casino user ID included in the authentication request as a key, and identifies the corresponding user (entry). The authentication request processing unit 903 performs one-to-one authentication using the face image of the identified user and the face image acquired from the admission terminal 20.
 認証要求処理部903は、2つの顔画像それぞれから特徴量を生成し、当該生成された2つの特徴量の間の類似度を計算する。認証要求処理部903は、計算された類似度に対して閾値処理を実行し、2つの顔画像が同一人物の顔画像か否か判定する。 The authentication request processing unit 903 generates features from each of the two facial images, and calculates the similarity between the two generated features. The authentication request processing unit 903 performs threshold processing on the calculated similarity, and determines whether the two facial images are of the same person.
 1対1認証に成功すると(類似度が所定値以上であると)、認証要求処理部903は、利用者のカジノ入場許可を示す肯定応答を入場端末20に送信する。 If the one-to-one authentication is successful (if the similarity is equal to or greater than a predetermined value), the authentication request processing unit 903 sends a positive response to the admission terminal 20 indicating that the user is permitted to enter the casino.
 カジノユーザIDが入場可能者リストに掲載されていない、又は、1対1認証に失敗した場合には、認証要求処理部903は、利用者のカジノ入場不許可を示す否定応答を入場端末20に送信する。 If the casino user ID is not on the list of permitted visitors or if one-to-one authentication fails, the authentication request processing unit 903 sends a negative response to the admission terminal 20 indicating that the user is not permitted to enter the casino.
 なお、入場制御サーバ80は、必要に応じて入場許可者リストの保守、管理を行う。具体的には、入場制御サーバ80は、リストに登録されてから所定期間経過したエントリを削除する。あるいは、入場制御サーバ80は、認証成功と判定されてから所定期間経過したエントリを削除する。 The admission control server 80 maintains and manages the admission permitted person list as necessary. Specifically, the admission control server 80 deletes entries that have been registered in the list for a predetermined period of time. Alternatively, the admission control server 80 deletes entries that have been registered for a predetermined period of time since they were determined to have been authenticated successfully.
[システムの動作]
 続いて、第1の実施形態に係る入場管理システムの動作について説明する。図29は、第1の実施形態に係る入場管理システムの動作の一例を示すフローチャートである。図29を参照し、利用者の本人確認に関するシステム動作を説明する。 [System Operation]
Next, the operation of the admission management system according to the first embodiment will be described. Fig. 29 is a flowchart showing an example of the operation of the admission management system according to the first embodiment. The system operation related to the identity verification of the user will be described with reference to Fig. 29.
 受付端末10は、初回の本人確認、又は、2回目以降の本人確認を実施する(ステップS41)。 The reception terminal 10 performs the first identity verification or the second or subsequent identity verification (step S41).
 本人確認に成功すると、受付端末10は、利用者の顔画像とカジノユーザIDを含む入場許可者通知を入場制御サーバ80に送信する(ステップS42)。 If identity verification is successful, the reception terminal 10 sends an admission permission notification, including the user's facial image and casino user ID, to the admission control server 80 (step S42).
 入場制御サーバ80は、入場許可通知に含まれる顔画像とカジノユーザIDを入場許可者リストに追記する(ステップS43)。 The admission control server 80 adds the facial image and casino user ID contained in the admission permission notification to the admission permission list (step S43).
 このように、受付端末10は、電子証明書を用いた本人確認に成功すると、当該電子証明書が格納されたマイナンバーカードから得られる顔情報と、入場希望者を撮影することで得られる顔情報と、を用いた本人確認を実行する。さらに、受付端末10は、電子証明書を用いた本人確認と顔情報を用いた本人確認に成功すると、カジノユーザIDを電子証明書が格納されたマイナンバーカードに書き込む。 In this way, if the reception terminal 10 is successful in verifying the identity of the person using the electronic certificate, it performs identity verification using facial information obtained from the My Number card in which the electronic certificate is stored and facial information obtained by photographing the person wishing to enter. Furthermore, if the reception terminal 10 is successful in verifying the identity of the person using the electronic certificate and the facial information, it writes the casino user ID to the My Number card in which the electronic certificate is stored.
 図30は、第1の実施形態に係る入場管理システムの動作の一例を示すフローチャートである。図30を参照し、利用者の認証に関するシステム動作を説明する。 FIG. 30 is a flowchart showing an example of the operation of the admission management system according to the first embodiment. The system operation related to user authentication will be described with reference to FIG. 30.
 入場端末20は、利用者が提示するマイナンバーカードからカジノユーザIDを取得する(ステップS51)。 The admission terminal 20 acquires the casino user ID from the My Number card presented by the user (step S51).
 入場端末20は、利用者を撮影し顔画像を取得する(ステップS52)。 The entrance terminal 20 photographs the user and acquires a facial image (step S52).
 入場端末20は、利用者(被認証者)の顔画像とカジノユーザIDを含む認証要求を入場制御サーバ80に送信する(ステップS53)。 The admission terminal 20 sends an authentication request including the face image and casino user ID of the user (person to be authenticated) to the admission control server 80 (step S53).
 入場制御サーバ80は、認証要求に含まれるカジノユーザIDと入場許可者リストに記載されたカジノユーザIDを用いて被認証者を特定する(ステップS54)。 The admission control server 80 identifies the person to be authenticated using the casino user ID included in the authentication request and the casino user ID listed in the admission permitted person list (step S54).
 入場制御サーバ80は、特定された被認証者の顔画像と認証要求に含まれる顔画像を用いた1対1認証を実行する(ステップS55)。 The admission control server 80 performs one-to-one authentication using the face image of the identified person to be authenticated and the face image included in the authentication request (step S55).
 1対1認証に成功すると、入場制御サーバ80は、認証成功と判定する。カジノユーザIDが入場許可者リストに記載されていない、又は、1対1認証に失敗すると、入場制御サーバ80は、認証失敗と判定する。入場制御サーバ80は、認証結果を入場端末20に送信する(ステップS56)。 If the one-to-one authentication is successful, the admission control server 80 determines that the authentication is successful. If the casino user ID is not on the admission permitted person list or if the one-to-one authentication fails, the admission control server 80 determines that the authentication is unsuccessful. The admission control server 80 transmits the authentication result to the admission terminal 20 (step S56).
 入場端末20は、認証結果に応じてゲートを制御する(ステップS57)。 The entrance terminal 20 controls the gate according to the authentication result (step S57).
 以上のように、第1の実施形態に係る入場管理システムにおいて、受付端末10は、本人確認が終了した利用者にカジノユーザIDを発行し、当該発行したカジノユーザIDをマイナンバーカード(本人確認に用いたマイナンバーカード)に書き込む。本人確認が終了した利用者のカジノユーザIDと顔画像は、入場制御サーバ80の入場許可者リストに記憶される。カジノに入場する利用者は、当該カジノユーザIDが書き込まれたマイナンバーカードを入場端末20に提示する。入場端末20は、提示されたマイナンバーカードからカジノユーザIDを読み出し、被認証者の顔画像と当該カジノユーザIDを含む認証要求を入場制御サーバ80に送信する。入場制御サーバ80は、カジノユーザIDを用いて被認証者を特定し、当該特定した被認証者の顔画像と入場端末20が撮影した顔画像を用いた1対1認証を実行する。1対1認証に成功すると、被認証者は、カジノに入場することが許可される。カジノユーザIDは、カジノに入場する際に必要なマイナンバーカードに書き込まれるため、カジノ入場希望者は、複数の媒体を持ち歩く必要がない。また、入場制御サーバ80は、入場許可者リストに記載された多数の利用者を対象とした1対N認証に代えて1対1認証を実行する。その結果、本願開示のシステムは、1対N認証により問題となる可能性がある認証精度の悪化を防止できる。 As described above, in the admission management system according to the first embodiment, the reception terminal 10 issues a casino user ID to a user whose identity has been verified, and writes the issued casino user ID to the My Number card (the My Number card used for identity verification). The casino user ID and face image of the user whose identity has been verified are stored in the admission control server 80's admission permitted person list. A user entering the casino presents the My Number card with the casino user ID written to it to the admission terminal 20. The admission terminal 20 reads out the casino user ID from the presented My Number card, and transmits an authentication request including the face image of the person to be authenticated and the casino user ID to the admission control server 80. The admission control server 80 identifies the person to be authenticated using the casino user ID, and performs one-to-one authentication using the face image of the identified person to be authenticated and the face image captured by the admission terminal 20. If the one-to-one authentication is successful, the person to be authenticated is permitted to enter the casino. Since the casino user ID is written to the My Number card required for admission to the casino, a person wishing to enter the casino does not need to carry multiple media. In addition, the entrance control server 80 performs one-to-one authentication instead of one-to-N authentication for the many users listed on the entrance permitted list. As a result, the system disclosed in the present application can prevent deterioration in authentication accuracy, which can be a problem due to one-to-N authentication.
 続いて、入場管理システムを構成する各装置のハードウェアについて説明する。図31は、受付端末10のハードウェア構成の一例を示す図である。 Next, we will explain the hardware of each device that makes up the admission management system. Figure 31 is a diagram showing an example of the hardware configuration of the reception terminal 10.
 受付端末10は、情報処理装置(所謂、コンピュータ)により構成可能であり、図31に例示する構成を備える。例えば、受付端末10は、プロセッサ311、メモリ312、入出力インターフェイス313及び通信インターフェイス314等を備える。上記プロセッサ311等の構成要素は内部バス等により接続され、相互に通信可能に構成されている。 The reception terminal 10 can be configured by an information processing device (so-called a computer), and has the configuration shown in FIG. 31. For example, the reception terminal 10 has a processor 311, a memory 312, an input/output interface 313, and a communication interface 314. The components such as the processor 311 are connected by an internal bus or the like, and are configured to be able to communicate with each other.
 但し、図31に示す構成は、受付端末10のハードウェア構成を限定する趣旨ではない。受付端末10は、図示しないハードウェアを含んでもよいし、必要に応じて入出力インターフェイス313を備えていなくともよい。また、受付端末10に含まれるプロセッサ311等の数も図31の例示に限定する趣旨ではなく、例えば、複数のプロセッサ311が受付端末10に含まれていてもよい。 However, the configuration shown in FIG. 31 is not intended to limit the hardware configuration of the reception terminal 10. The reception terminal 10 may include hardware not shown, and may not include an input/output interface 313 as necessary. Furthermore, the number of processors 311 and the like included in the reception terminal 10 is not intended to be limited to the example shown in FIG. 31, and for example, the reception terminal 10 may include multiple processors 311.
 プロセッサ311は、例えば、CPU(Central Processing Unit)、MPU(Micro Processing Unit)、DSP(Digital Signal Processor)等のプログラマブルなデバイスである。あるいは、プロセッサ311は、FPGA(Field Programmable Gate Array)、ASIC(Application Specific Integrated Circuit)等のデバイスであってもよい。プロセッサ311は、オペレーティングシステム(OS;Operating System)を含む各種プログラムを実行する。 The processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).
 メモリ312は、RAM(Random Access Memory)、ROM(Read Only Memory)、HDD(Hard Disk Drive)、SSD(Solid State Drive)等である。メモリ312は、OSプログラム、アプリケーションプログラム、各種データを格納する。 Memory 312 may be a RAM (Random Access Memory), a ROM (Read Only Memory), a HDD (Hard Disk Drive), a SSD (Solid State Drive), etc. Memory 312 stores the OS program, application programs, and various data.
 入出力インターフェイス313は、図示しない表示装置や入力装置のインターフェイスである。表示装置は、例えば、液晶ディスプレイ等である。入力装置は、例えば、キーボードやマウス等のユーザ操作を受け付ける装置である。 The input/output interface 313 is an interface for a display device and an input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a device that accepts user operations such as a keyboard or a mouse.
 通信インターフェイス314は、他の装置と通信を行う回路、モジュール等である。例えば、通信インターフェイス314は、NIC(Network Interface Card)等を備える。 The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card), etc.
 受付端末10の機能は、各種処理モジュールにより実現される。当該処理モジュールは、例えば、メモリ312に格納されたプログラムをプロセッサ311が実行することで実現される。また、当該プログラムは、コンピュータが読み取り可能な記憶媒体に記録することができる。記憶媒体は、半導体メモリ、ハードディスク、磁気記録媒体、光記録媒体等の非トランジェント(non-transitory)なものとすることができる。即ち、本発明は、コンピュータプログラム製品として具現することも可能である。また、上記プログラムは、ネットワークを介してダウンロードするか、あるいは、プログラムを記憶した記憶媒体を用いて、更新することができる。さらに、上記処理モジュールは、半導体チップにより実現されてもよい。 The functions of the reception terminal 10 are realized by various processing modules. The processing modules are realized, for example, by the processor 311 executing a program stored in the memory 312. The program can be recorded on a computer-readable storage medium. The storage medium can be a non-transitory medium such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. In other words, the present invention can also be embodied as a computer program product. The program can be downloaded via a network, or updated using a storage medium that stores the program. The processing modules may also be realized by a semiconductor chip.
 なお、入場端末20、カジノサーバ30等も受付端末10と同様に情報処理装置により構成可能であり、その基本的なハードウェア構成は受付端末10と相違する点はないので説明を省略する。 In addition, the entrance terminal 20, casino server 30, etc. can also be configured using information processing devices, just like the reception terminal 10, and their basic hardware configuration is no different from that of the reception terminal 10, so a description of them will be omitted.
 情報処理装置である受付端末10は、コンピュータを搭載し、当該コンピュータにプログラムを実行させることで受付端末10の機能が実現できる。また、受付端末10は、当該プログラムにより受付端末10の制御方法を実行する。 The reception terminal 10, which is an information processing device, is equipped with a computer, and the functions of the reception terminal 10 can be realized by having the computer execute a program. In addition, the reception terminal 10 executes a control method for the reception terminal 10 by the program.
[変形例]
 なお、上記実施形態にて説明した入場管理システムの構成、動作等は例示であって、システムの構成等を限定する趣旨ではない。 [Modification]
It should be noted that the configuration, operation, etc. of the admission management system described in the above embodiment are merely examples and are not intended to limit the system configuration, etc.
 上記実施形態では、利用者は、受付端末10を用いて初回の本人確認を受けることを説明した。しかし、当該初回の本人確認は、利用者が所持するスマートフォン等の端末によって行われてもよい。利用者の端末は、マイナンバーカードから署名用電子証明書を読み出し、当該読み出した署名用電子証明書を含む本人確認依頼をカジノサーバ30に送信してもよい。利用者の端末は、カジノユーザIDをマイナンバーカードに書き込んでもよい。 In the above embodiment, it has been described that the user undergoes initial identity verification using the reception terminal 10. However, the initial identity verification may also be performed by a terminal such as a smartphone carried by the user. The user's terminal may read the signature electronic certificate from the My Number card and send an identity verification request including the read signature electronic certificate to the casino server 30. The user's terminal may write the casino user ID to the My Number card.
 上記実施形態では、カジノユーザIDとして利用者ID(カジノ事業者側の第1のPFサーバ40が生成したID)を使用する場合について説明した。しかし、カジノユーザIDは、利用者IDと紐づいた別のID(例えば、カジノ事業者が発行するID)であってもよい。 In the above embodiment, a case was described in which a user ID (an ID generated by the first PF server 40 on the casino operator side) is used as the casino user ID. However, the casino user ID may be a different ID linked to the user ID (for example, an ID issued by the casino operator).
 上記実施形態では、受付端末10は、電子証明書を用いた本人確認と顔画像を用いた本人確認を実行する場合について説明した。しかし、受付端末10は、いずれかの本人確認を省略してもよい。即ち、1つの本人確認で十分であると判断される状況では、2つの本人確認のうちいずれか一方が実行されればよい。 In the above embodiment, the reception terminal 10 performs identity verification using an electronic certificate and identity verification using a facial image. However, the reception terminal 10 may omit either of the identity verifications. In other words, in a situation where it is determined that one identity verification is sufficient, it is sufficient to perform either of the two identity verifications.
 上記実施形態では、マイナンバーカードにカジノユーザIDが書き込まれる場合について説明した。しかし、カジノユーザIDは他の媒体に書き込まれてもよい。例えば、利用者の本人確認に用いられる電子証明書(署名用電子証明書、利用者証明用電子証明書)がスマートフォン等の端末に格納されている場合には、当該スマートフォン等にカジノユーザIDが書き込まれてもよい。 In the above embodiment, a case has been described in which the casino user ID is written to the My Number card. However, the casino user ID may be written to other media. For example, if the electronic certificates (digital signature certificate, electronic user certificate) used to verify the identity of the user are stored in a terminal such as a smartphone, the casino user ID may be written to the smartphone.
 上記実施形態では、初回の本人確認は受付端末10にて行われる場合を想定し、説明を行った。しかし、上述のように、初回の本人確認は、利用者が所持する端末(例えば、スマートフォン)にて行われてもよい。この場合、受付端末10は、当該端末から利用者の顔画像を入場制御サーバ80に登録することはできないので、受付端末10は、回数確認の際に顔画像を入場制御サーバ80に登録してもよい。即ち、受付端末10は、カジノ施設に入場を希望する入場希望者の操作に応じて、入場希望者の電子証明書が格納された媒体(マイナンバーカード)に、入場希望者を識別するIDを書き込む。受付端末10は、当該IDと入場希望者の顔情報を含む入場許可者通知を入場制御サーバ80に送信すればよい。 In the above embodiment, the initial identity verification is performed at the reception terminal 10. However, as described above, the initial identity verification may be performed at a terminal carried by the user (e.g., a smartphone). In this case, since the reception terminal 10 cannot register the user's face image to the admission control server 80 from the terminal, the reception terminal 10 may register the face image to the admission control server 80 when confirming the number of times. That is, in response to the operation of the person who wishes to enter the casino facility, the reception terminal 10 writes an ID that identifies the person who wishes to enter into a medium (My Number card) in which the electronic certificate of the person who wishes to enter is stored. The reception terminal 10 may transmit an admission permitted person notification including the ID and the face information of the person who wishes to enter to the admission control server 80.
 上記実施形態では、各サーバの内部に各種データベースが構成される場合について説明したが、当該データベースは外部のデータベースサーバ等に構築されてもよい。即ち、各サーバ等の一部の機能は別のサーバに実装されていてもよい。より具体的には、上記説明した「本人確認処理部(本人確認処理手段)」、「入場確認処理部(入場確認処理手段)」等がシステムに含まれるいずれかの装置に実装されていればよい。 In the above embodiment, various databases are configured within each server, but the databases may be configured in an external database server or the like. In other words, some functions of each server may be implemented in another server. More specifically, the above-described "personal identification processing unit (personal identification processing means)", "entrance confirmation processing unit (entrance confirmation processing means)", etc. may be implemented in any of the devices included in the system.
 各装置(受付端末10、入場端末20、カジノサーバ30等)間のデータ送受信の形態は特に限定されないが、これら装置間で送受信されるデータは暗号化されていてもよい。これらの装置間では、電子証明書等が送受信され、当該電子証明書の情報を適切に保護するためには、暗号化されたデータが送受信されることが望ましい。 The form of data transmission and reception between each device (reception terminal 10, admission terminal 20, casino server 30, etc.) is not particularly limited, but data transmitted and received between these devices may be encrypted. Electronic certificates and the like are transmitted and received between these devices, and in order to properly protect the information in the electronic certificates, it is desirable to transmit and receive encrypted data.
 上記説明で用いた流れ図(フローチャート、シーケンス図)では、複数の工程(処理)が順番に記載されているが、実施形態で実行される工程の実行順序は、その記載の順番に制限されない。実施形態では、例えば各処理を並行して実行する等、図示される工程の順番を内容的に支障のない範囲で変更することができる。 In the flow diagrams (flowcharts, sequence diagrams) used in the above explanation, multiple steps (processes) are listed in order, but the order in which the steps are executed in the embodiments is not limited to the order listed. In the embodiments, the order of the steps shown in the diagrams can be changed to the extent that does not interfere with the content, for example by executing each process in parallel.
 上記の実施形態は本願開示の理解を容易にするために詳細に説明したものであり、上記説明したすべての構成が必要であることを意図したものではない。また、複数の実施形態について説明した場合には、各実施形態は単独で用いてもよいし、組み合わせて用いてもよい。例えば、実施形態の構成の一部を他の実施形態の構成に置き換えることや、実施形態の構成に他の実施形態の構成を加えることも可能である。さらに、実施形態の構成の一部について他の構成の追加、削除、置換が可能である。 The above embodiments have been described in detail to facilitate understanding of the present disclosure, and it is not intended that all of the configurations described above are necessary. Furthermore, when multiple embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace part of the configuration of an embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of an embodiment. Furthermore, it is possible to add, delete, or replace part of the configuration of an embodiment with other configurations.
 上記の説明により、本発明の産業上の利用可能性は明らかであるが、本発明は、カジノ施設の入退場を管理する入場管理システムなどに好適に適用可能である。 The above explanation makes it clear that the present invention has industrial applicability, and it is particularly suitable for use in admission management systems that manage entrance and exit to casino facilities.
 上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。
[付記1]
 受付端末と、
 所定の施設に入場しようとする被認証者の入場を制限する、入場端末と、
 サーバ装置と、
 を含み、
 前記受付端末は、前記所定の施設に入場を希望する入場希望者の操作に応じて、前記入場希望者の電子証明書が格納された媒体に、前記入場希望者を識別するIDを書き込み、前記IDと前記入場希望者の顔情報を含む入場許可者通知を前記サーバ装置に送信し、
 前記サーバ装置は、前記入場許可者通知に含まれる前記IDと顔情報を入場許可者リストに記憶し、
 前記入場端末は、前記被認証者が所持する前記IDが書き込まれた媒体から前記IDを読み出すと共に、前記被認証者を撮影して顔情報を取得し、前記IDと前記顔情報を含む認証要求を前記サーバ装置に送信し、
 前記サーバ装置は、前記認証要求に含まれるIDと前記入場許可者リストに含まれるIDを用いて前記被認証者を特定し、前記特定された被認証者の前記入場許可者リストに含まれる顔情報と前記認証要求に含まれる顔情報を用いた1対1認証を実行し、前記1対1認証に成功すると、前記被認証者は前記所定の施設に入場できることを前記入場端末に通知する、システム。
[付記2]
 前記受付端末は、前記所定の施設に入場を希望する入場希望者の電子証明書を用いた本人確認に関する制御を行い、前記電子証明書を用いた本人確認に成功すると、前記入場希望者の電子証明書が格納された媒体に、前記IDを書き込み、前記IDと前記電子証明書を用いた本人確認に成功した入場希望者の顔情報を含む前記入場許可者通知を前記サーバ装置に送信する、付記1に記載のシステム。
[付記3]
 前記受付端末は、前記電子証明書を用いた本人確認に成功すると、前記電子証明書が格納された媒体から得られる顔情報と、前記入場希望者を撮影することで得られる顔情報と、を用いた本人確認を実行する、付記2に記載のシステム。
[付記4]
 前記受付端末は、前記電子証明書を用いた本人確認と前記顔情報を用いた本人確認に成功すると、前記IDを前記電子証明書が格納された媒体に書き込む、付記3に記載のシステム。
[付記5]
 前記受付端末は、前記入場希望者が前記所定の施設に初めて入場しようとする場合には、少なくとも前記電子証明書を用いた本人確認を実行し、
 前記入場希望者が前記所定の施設に2回目以降の入場を希望している場合には、少なくとも前記電子証明書を用いた本人確認と前記所定の施設に入場することの回数確認に関する制御を実行する、付記4に記載のシステム。
[付記6]
 前記受付端末は、
 前記電子証明書が格納された媒体から前記IDを読み出せない場合には、前記入場希望者は前記所定の施設に初めて入場しようとする利用者と判定し、
 前記電子証明書が格納された媒体から前記IDを読み出せた場合には、前記入場希望者は前記所定の施設に2回目以降の入場を希望する利用者と判定する、付記5に記載のシステム。
[付記7]
 前記電子証明書が格納された媒体は、マイナンバーカードである、付記1乃至6のいずれか一項に記載のシステム。
[付記8]
 前記顔情報は、顔画像である、付記7に記載のシステム。
[付記9]
 受付端末と、
 所定の施設に入場しようとする被認証者の入場を制限する、入場端末と、
 サーバ装置と、
 を含むシステムにおいて、
 前記所定の施設に入場を希望する入場希望者の操作に応じて、前記入場希望者の電子証明書が格納された媒体に、前記入場希望者を識別するIDを書き込み、前記IDと前記入場希望者の顔情報を含む入場許可者通知を前記サーバ装置に送信し、
 前記入場許可者通知に含まれる前記IDと顔情報を入場許可者リストに記憶し、
 前記被認証者が所持する前記IDが書き込まれた媒体から前記IDを読み出すと共に、前記被認証者を撮影して顔情報を取得し、前記IDと前記顔情報を含む認証要求を前記サーバ装置に送信し、
 前記認証要求に含まれるIDと前記入場許可者リストに含まれるIDを用いて前記被認証者を特定し、前記特定された被認証者の前記入場許可者リストに含まれる顔情報と前記認証要求に含まれる顔情報を用いた1対1認証を実行し、前記1対1認証に成功すると、前記被認証者は前記所定の施設に入場できることを前記入場端末に通知する、方法。 A part or all of the above-described embodiments can be described as, but is not limited to, the following supplementary notes.
[Appendix 1]
A reception terminal;
an entrance terminal for restricting the entrance of an authenticated person who is attempting to enter a predetermined facility;
A server device;
Including,
the reception terminal, in response to an operation of an entry applicant who wishes to enter the predetermined facility, writes an ID for identifying the entry applicant into a medium in which an electronic certificate of the entry applicant is stored, and transmits an entry permitted person notification including the ID and face information of the entry applicant to the server device;
the server device stores the ID and face information included in the admission permitted person notice in an admission permitted person list;
the entrance terminal reads the ID from a medium in which the ID is written and which is held by the person to be authenticated, photographs the person to be authenticated to obtain face information, and transmits an authentication request including the ID and the face information to the server device;
The server device identifies the person to be authenticated using an ID included in the authentication request and an ID included in the entry permitted person list, performs one-to-one authentication using facial information included in the entry permitted person list of the identified person to be authenticated and facial information included in the authentication request, and if the one-to-one authentication is successful, notifies the entrance terminal that the person to be authenticated is allowed to enter the specified facility.
[Appendix 2]
The system described in Appendix 1, wherein the reception terminal controls identity verification using an electronic certificate of an entry applicant wishing to enter the specified facility, and when identity verification using the electronic certificate is successful, writes the ID to a medium on which the electronic certificate of the entry applicant is stored, and transmits the entry permitted notification to the server device, the notification including the ID and facial information of the entry applicant whose identity verification using the electronic certificate was successful.
[Appendix 3]
The system described in Appendix 2, wherein, if the reception terminal is successful in identity verification using the electronic certificate, it performs identity verification using facial information obtained from the medium in which the electronic certificate is stored and facial information obtained by photographing the person wishing to enter.
[Appendix 4]
The system described in Appendix 3, wherein the reception terminal, upon successful identity verification using the electronic certificate and identity verification using the facial information, writes the ID to a medium on which the electronic certificate is stored.
[Appendix 5]
the reception terminal performs identity verification using at least the electronic certificate when the admission applicant is attempting to enter the predetermined facility for the first time;
The system described in Appendix 4, which, if the person wishing to enter the specified facility wishes to enter the facility for a second or subsequent time, executes control over identity verification using at least the electronic certificate and confirmation of the number of times the person wishes to enter the specified facility.
[Appendix 6]
The reception terminal includes:
If the ID cannot be read from the medium in which the electronic certificate is stored, the entrance applicant is determined to be a user attempting to enter the specified facility for the first time;
The system described in Appendix 5, wherein if the ID can be read from the medium on which the electronic certificate is stored, the person wishing to enter is determined to be a user wishing to enter the specified facility for the second or subsequent time.
[Appendix 7]
The system according to any one of appendix 1 to 6, wherein the medium on which the electronic certificate is stored is a My Number Card.
[Appendix 8]
8. The system of claim 7, wherein the facial information is a facial image.
[Appendix 9]
A reception terminal;
an entrance terminal for restricting the entrance of an authenticated person who is attempting to enter a predetermined facility;
A server device;
In a system comprising:
writing an ID for identifying the entry applicant to a medium storing an electronic certificate of the entry applicant in response to an operation of the entry applicant who wishes to enter the specified facility, and transmitting an entry permitted person notice including the ID and face information of the entry applicant to the server device;
storing the ID and face information included in the admission permitted person notification in an admission permitted person list;
reading out the ID from a medium in which the ID is written and held by the person to be authenticated, photographing the person to be authenticated to obtain face information, and transmitting an authentication request including the ID and the face information to the server device;
The method includes identifying the person to be authenticated using an ID included in the authentication request and an ID included in the entry permitted person list, performing one-to-one authentication using facial information included in the entry permitted person list of the identified person to be authenticated and facial information included in the authentication request, and, if the one-to-one authentication is successful, notifying the entry terminal that the person to be authenticated is allowed to enter the specified facility.
 なお、引用した上記の先行技術文献の各開示は、本書に引用をもって繰り込むものとする。以上、本発明の実施形態を説明したが、本発明はこれらの実施形態に限定されるものではない。これらの実施形態は例示にすぎないということ、及び、本発明のスコープ及び精神から逸脱することなく様々な変形が可能であるということは、当業者に理解されるであろう。即ち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得る各種変形、修正を含むことは勿論である。 The disclosures of the above cited prior art documents are incorporated herein by reference. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. Those skilled in the art will understand that these embodiments are merely illustrative and that various modifications are possible without departing from the scope and spirit of the present invention. In other words, the present invention naturally includes various modifications and amendments that a person skilled in the art can make in accordance with the entire disclosure, including the scope of the claims, and the technical ideas.
10 受付端末
20 入場端末
30 カジノサーバ
40 第1のPFサーバ
50 管理サーバ
60 第2のPFサーバ
70 認証局サーバ
80 入場制御サーバ
101 受付端末
102 入場端末
103 サーバ装置
201 通信制御部
202 入場確認制御部
203 記憶部
301 通信制御部
302 認証制御部
303 ゲート制御部
304 記憶部
311 プロセッサ
312 メモリ
313 入出力インターフェイス
314 通信インターフェイス
401 通信制御部
402 本人確認処理部
403 入場確認処理部
404 入場通知部
405 記憶部
501 通信制御部
502 検証制御部
503 記憶部
601 通信制御部
602 回数確認制御部
603 入退制御部
604 記憶部
701 通信制御部
702 検証制御部
703 記憶部
801 通信制御部
802 検証部
803 記憶部
901 通信制御部
902 入場許可者通知処理部
903 認証要求処理部
904 記憶部 10 Reception terminal 20 Admission terminal 30 Casino server 40 First PF server 50 Management server 60 Second PF server 70 Authentication authority server 80 Admission control server 101 Reception terminal 102 Admission terminal 103 Server device 201 Communication control unit 202 Admission confirmation control unit 203 Storage unit 301 Communication control unit 302 Authentication control unit 303 Gate control unit 304 Storage unit 311 Processor 312 Memory 313 Input/output interface 314 Communication interface 401 Communication control unit 402 Personal identification processing unit 403 Admission confirmation processing unit 404 Admission notification unit 405 Storage unit 501 Communication control unit 502 Verification control unit 503 Storage unit 601 Communication control unit 602 Number of times confirmation control unit 603 Entry/exit control unit 604 Storage unit 701 Communication control unit 702 Verification control unit 703 Storage unit 801 Communication control unit 802 Verification unit 803 Storage unit 901 Communication control unit 902 Admission permitted person notification processing unit 903 Authentication request processing unit 904 Storage unit

Claims (9)

  1.  受付端末と、
     所定の施設に入場しようとする被認証者の入場を制限する、入場端末と、
     サーバ装置と、
     を含み、
     前記受付端末は、前記所定の施設に入場を希望する入場希望者の操作に応じて、前記入場希望者の電子証明書が格納された媒体に、前記入場希望者を識別するIDを書き込み、前記IDと前記入場希望者の顔情報を含む入場許可者通知を前記サーバ装置に送信し、
     前記サーバ装置は、前記入場許可者通知に含まれる前記IDと顔情報を入場許可者リストに記憶し、
     前記入場端末は、前記被認証者が所持する前記IDが書き込まれた媒体から前記IDを読み出すと共に、前記被認証者を撮影して顔情報を取得し、前記IDと前記顔情報を含む認証要求を前記サーバ装置に送信し、
     前記サーバ装置は、前記認証要求に含まれるIDと前記入場許可者リストに含まれるIDを用いて前記被認証者を特定し、前記特定された被認証者の前記入場許可者リストに含まれる顔情報と前記認証要求に含まれる顔情報を用いた1対1認証を実行し、前記1対1認証に成功すると、前記被認証者は前記所定の施設に入場できることを前記入場端末に通知する、システム。     A reception terminal;
    an entrance terminal for restricting the entrance of an authenticated person who is attempting to enter a predetermined facility;
    A server device;
    Including,
    the reception terminal, in response to an operation of an entry applicant who wishes to enter the predetermined facility, writes an ID for identifying the entry applicant into a medium in which an electronic certificate of the entry applicant is stored, and transmits an entry permitted person notification including the ID and face information of the entry applicant to the server device;
    the server device stores the ID and face information included in the admission permitted person notice in an admission permitted person list;
    the entrance terminal reads the ID from a medium in which the ID is written and which is held by the person to be authenticated, photographs the person to be authenticated to obtain face information, and transmits an authentication request including the ID and the face information to the server device;
    The server device identifies the person to be authenticated using an ID included in the authentication request and an ID included in the entry permitted person list, performs one-to-one authentication using facial information included in the entry permitted person list of the identified person to be authenticated and facial information included in the authentication request, and if the one-to-one authentication is successful, notifies the entrance terminal that the person to be authenticated is allowed to enter the specified facility.
  2.  前記受付端末は、前記所定の施設に入場を希望する入場希望者の電子証明書を用いた本人確認に関する制御を行い、前記電子証明書を用いた本人確認に成功すると、前記入場希望者の電子証明書が格納された媒体に、前記IDを書き込み、前記IDと前記電子証明書を用いた本人確認に成功した入場希望者の顔情報を含む前記入場許可者通知を前記サーバ装置に送信する、請求項1に記載のシステム。 The system according to claim 1, wherein the reception terminal controls identity verification using an electronic certificate of an applicant who wishes to enter the specified facility, and when identity verification using the electronic certificate is successful, writes the ID to a medium storing the electronic certificate of the applicant, and transmits the admission permission notification including the ID and face information of the applicant who has been successfully identified using the electronic certificate to the server device.
  3.  前記受付端末は、前記電子証明書を用いた本人確認に成功すると、前記電子証明書が格納された媒体から得られる顔情報と、前記入場希望者を撮影することで得られる顔情報と、を用いた本人確認を実行する、請求項2に記載のシステム。 The system of claim 2, wherein, if the reception terminal is successful in identity verification using the electronic certificate, the reception terminal performs identity verification using face information obtained from the medium in which the electronic certificate is stored and face information obtained by photographing the person wishing to enter.
  4.  前記受付端末は、前記電子証明書を用いた本人確認と前記顔情報を用いた本人確認に成功すると、前記IDを前記電子証明書が格納された媒体に書き込む、請求項3に記載のシステム。 The system of claim 3, wherein the reception terminal writes the ID to a medium on which the electronic certificate is stored if the identity verification using the electronic certificate and the identity verification using the face information are successful.
  5.  前記受付端末は、前記入場希望者が前記所定の施設に初めて入場しようとする場合には、少なくとも前記電子証明書を用いた本人確認を実行し、
     前記入場希望者が前記所定の施設に2回目以降の入場を希望している場合には、少なくとも前記電子証明書を用いた本人確認と前記所定の施設に入場することの回数確認に関する制御を実行する、請求項4に記載のシステム。     the reception terminal performs identity verification using at least the electronic certificate when the admission applicant is attempting to enter the predetermined facility for the first time;
    The system described in claim 4, wherein, when the person wishing to enter the specified facility wishes to enter the facility for a second or subsequent time, control is executed regarding at least identity verification using the electronic certificate and confirmation of the number of times the person wishes to enter the specified facility.
  6.  前記受付端末は、
     前記電子証明書が格納された媒体から前記IDを読み出せない場合には、前記入場希望者は前記所定の施設に初めて入場しようとする利用者と判定し、
     前記電子証明書が格納された媒体から前記IDを読み出せた場合には、前記入場希望者は前記所定の施設に2回目以降の入場を希望する利用者と判定する、請求項5に記載のシステム。     The reception terminal includes:
    If the ID cannot be read from the medium in which the electronic certificate is stored, the entrance applicant is determined to be a user attempting to enter the specified facility for the first time;
    The system according to claim 5, wherein if the ID can be read from the medium in which the electronic certificate is stored, the person wishing to enter is determined to be a user wishing to enter the specified facility for the second or subsequent time.
  7.  前記電子証明書が格納された媒体は、マイナンバーカードである、請求項1乃至6のいずれか一項に記載のシステム。 The system according to any one of claims 1 to 6, wherein the medium on which the electronic certificate is stored is a My Number card.
  8.  前記顔情報は、顔画像である、請求項7に記載のシステム。 The system of claim 7, wherein the facial information is a facial image.
  9.  受付端末と、
     所定の施設に入場しようとする被認証者の入場を制限する、入場端末と、
     サーバ装置と、
     を含むシステムにおいて、
     前記所定の施設に入場を希望する入場希望者の操作に応じて、前記入場希望者の電子証明書が格納された媒体に、前記入場希望者を識別するIDを書き込み、前記IDと前記入場希望者の顔情報を含む入場許可者通知を前記サーバ装置に送信し、
     前記入場許可者通知に含まれる前記IDと顔情報を入場許可者リストに記憶し、
     前記被認証者が所持する前記IDが書き込まれた媒体から前記IDを読み出すと共に、前記被認証者を撮影して顔情報を取得し、前記IDと前記顔情報を含む認証要求を前記サーバ装置に送信し、
     前記認証要求に含まれるIDと前記入場許可者リストに含まれるIDを用いて前記被認証者を特定し、前記特定された被認証者の前記入場許可者リストに含まれる顔情報と前記認証要求に含まれる顔情報を用いた1対1認証を実行し、前記1対1認証に成功すると、前記被認証者は前記所定の施設に入場できることを前記入場端末に通知する、方法。     A reception terminal;
    an entrance terminal for restricting the entrance of an authenticated person who is attempting to enter a predetermined facility;
    A server device;
    In a system comprising:
    writing an ID for identifying the entry applicant to a medium storing an electronic certificate of the entry applicant in response to an operation of the entry applicant who wishes to enter the specified facility, and transmitting an entry permitted person notice including the ID and face information of the entry applicant to the server device;
    storing the ID and face information included in the admission permitted person notification in an admission permitted person list;
    reading out the ID from a medium in which the ID is written and held by the person to be authenticated, photographing the person to be authenticated to obtain face information, and transmitting an authentication request including the ID and the face information to the server device;
    The method includes identifying the person to be authenticated using an ID included in the authentication request and an ID included in the entry permitted person list, performing one-to-one authentication using facial information included in the entry permitted person list of the identified person to be authenticated and facial information included in the authentication request, and, if the one-to-one authentication is successful, notifying the entry terminal that the person to be authenticated is allowed to enter the specified facility.
PCT/JP2022/037037 2022-10-03 2022-10-03 System and method WO2024075173A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/037037 WO2024075173A1 (en) 2022-10-03 2022-10-03 System and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/037037 WO2024075173A1 (en) 2022-10-03 2022-10-03 System and method

Publications (1)

Publication Number Publication Date
WO2024075173A1 true WO2024075173A1 (en) 2024-04-11

Family

ID=90607720

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/037037 WO2024075173A1 (en) 2022-10-03 2022-10-03 System and method

Country Status (1)

Country Link
WO (1) WO2024075173A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001338296A (en) * 2000-03-22 2001-12-07 Toshiba Corp Face image recognizing device and passing through controller
JP2021135813A (en) * 2020-02-27 2021-09-13 富士通株式会社 Information processing system, method, device and program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001338296A (en) * 2000-03-22 2001-12-07 Toshiba Corp Face image recognizing device and passing through controller
JP2021135813A (en) * 2020-02-27 2021-09-13 富士通株式会社 Information processing system, method, device and program

Similar Documents

Publication Publication Date Title
US11182792B2 (en) Personal digital key initialization and registration for secure transactions
JP6783430B2 (en) Qualification authentication system using mobile terminals, qualification authentication tools, and qualification authentication methods
US20060212407A1 (en) User authentication and secure transaction system
JP2018124622A (en) Admission reception terminal, admission reception method, admission reception program, and admission reception system
JP2015525409A (en) System and method for high security biometric access control
US20230283606A1 (en) Secure Methods, Systems, And Media For Generating And Verifying User Credentials
JP7364057B2 (en) Information processing device, system, face image update method and program
JP7115369B2 (en) Entrance/exit management system, traffic management system, entrance/exit management method, and entrance/exit management program
WO2024075173A1 (en) System and method
US11601816B2 (en) Permission-based system and network for access control using mobile identification credential including mobile passport
JP6897891B1 (en) Admission management system, admission management device, admission management method, and computer program
WO2022024281A1 (en) Authentication server, authentication system, authentication request processing method, and storage medium
KR100711863B1 (en) A kiosk for identifying a person
WO2023145081A1 (en) System, server device, control method for server device, and storage medium
JP2020038684A (en) Qualification authentication system using mobile terminal, tool for qualification authentication, and qualification authentication method
WO2023170899A1 (en) Terminal, system, method for controlling terminal, and storage medium
WO2024122003A1 (en) Server device, system, server device control method, and storage medium
WO2024024043A1 (en) System and method
WO2023053362A1 (en) Authentication terminal, system, control method for authentication terminal, and recording medium
JP7371818B1 (en) Terminal, system, terminal control method and program
WO2024122002A1 (en) Terminal, system, method for controlling terminal, and storage medium
WO2024057457A1 (en) Authentication terminal, system, control method of authentication terminal, and recording medium
US11716630B2 (en) Biometric verification for access control using mobile identification credential
WO2023157158A1 (en) System, server device, server device control method, and storage medium
TW202316297A (en) Authentication system, authentication method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22961363

Country of ref document: EP

Kind code of ref document: A1