The present invention relates to a biometric authentication system, a biometric authentication processing apparatus, a biometric authentication method, a biometric information acquisition terminal, and an information terminal.
1: N biometric authentication, which uses biometric information such as a finger vein pattern or a fingerprint, has come to be used in recent years.
To achieve a biometric authentication apparatus capable of biometric authentication that is secure yet simple and speedy, Patent Literature 1 discloses a biometric authentication apparatus that includes: a one-to-one authenticating unit that, in response to transmission of biometric information with an ID number, acquires biometric information associated with the ID number from a user database, checks the transmitted biometric information against the acquired biometric information, and when they match, concludes that the transmitted biometric information is successfully authenticated; a biometric-information transferring unit that, when the one-to-one authenticating part successfully has authenticated the transmitted biometric information, transfers the information associated with the ID number in the user database to a visitor database; and a one-to-N authenticating unit that, when biometric information is transmitted thereto without an ID number, sequentially acquires biometric information stored in the visitor database, checks the transmitted biometric information against each biometric information thus acquired, and when there is at least one match, concludes that the transmitted biometric information is successfully authenticated.
In 1:N authentication, the larger the value of N, the higher the risk of false recognition. Thus, 1:N authentication faces an issue of how to reduce the value of N from the total number of users.
In the method disclosed in Patent Literature 1, one-to-one authentication involving a user ID has to be performed first. Patent Literature 1 therefore does not disclose a method that saves a user from having to operate a terminal to input their ID. Further, Patent Literatures 1 does not disclose a case where an ID is transmitted on a communication channel different from that on which biometric information is transmitted. Patent Literature 1, in which a user who has not passed 1:1 authentication is excluded from 1:N authentication, does not disclose a method that supports a case where entrance and exit may not be strictly managed, such as a shopping mall.
In view of the above, the present invention aims to provide a highly-secure yet convenient 1:N biometric authentication system using a combination of wireless communication by an information terminal, such as a smartphone, and biometric information acquired by a biometric information acquisition terminal.
To overcome the above problems, for example, configurations described in CLAIMS are employed.
The invention according to the present application includes various means for solving the above problems. An example of the solving means is a biometric authentication system including an information terminal that has ID information, a biometric information acquisition terminal that acquires biometric information, and a biometric authentication processing apparatus. The biometric authentication system is characterized as follows. The biometric authentication processing apparatus comprises: a first communication part that communicates with the information terminal and thereby acquires the ID information and location information on the information terminal; a second communication part that communicates with the biometric information acquisition terminal and thereby acquires the biometric information; a location information storage part that stores therein an indication that the information terminal having the ID information and the biometric information acquisition terminal are located within a predetermined range; a biometric reference information storage part that associates and stores the ID information and biometric reference information to be used for comparison in biometric authentication; and a control part that controls these parts. The control part controls the following operations: acquiring the ID information on the information terminal and the location information indicating a location of the information terminal using the first communication part, when the location information on the information terminal indicates that the information terminal is within the predetermined range from a location of the biometric information acquisition terminal, storing, in the location information storage part, an indication that the information terminal and the biometric information acquisition terminal are located within the predetermined range, and upon acquisition of the biometric information from the second communication part, performing a comparison process on the biometric information using the biometric reference information stored in the location information storage part in association with the ID information on the information terminal.
The present invention can provide a secure yet convenient biometric authentication system, in which a user of a service that requires authentication processing can receive the service simply by carrying an information terminal with a wireless communication function and presenting biometric information, without entry of an ID or presentation of an ID card.
Problems, configurations, and advantageous effects other than the ones given above will become apparent by way of an embodiment described below.
An embodiment of the present invention is described below using the drawings. Descriptions are given of specific examples of processing needed to provide a highly-secure yet convenient 1:N biometric authentication system which uses a combination of wireless communication by an information terminal and biometric information acquired by a biometric information acquisition terminal.
The biometric authentication server 1 is a server that communicates with the biometric information acquisition terminal 2 and the like via networks or the like. For example, the biometric authentication server 1 may be a server that performs predetermined processing related to biometric authentication. Other applications may be operated on the biometric authentication server 1. The functions of the biometric authentication server 1 may be distributed among multiple devices in separate casings, such as servers, storages, and the like, which work in cooperation.
The biometric information acquisition terminal 2 is a terminal having functions such as a biometric information acquisition function to acquire biometric information, a display function to enable display of information, an input function to enable input of information, a communication function to enable communications with other apparatuses and devices, and a control function to enable computation on information. The main role of the biometric information acquisition terminal 2 is to acquire biometric information, send the biometric information to the biometric authentication server 1, and receive an authentication result from the biometric authentication server 1. The biometric authentication system may include more than one biometric information acquisition terminal 2. Examples of the biometric information acquisition terminal 2 include, but are not limited to, a cash register at a store or elsewhere, a tablet, a smartphone, a personal computer, and a thin client terminal.
The information terminal 3 is a terminal having functions such as a display function to enable display of information, an input function to enable input of information, a communication function to enable communications with other apparatuses and devices, and a control function to enable computation on information. The main role of the information terminal 3 is to send the biometric authentication server 1 information uniquely associated with a user. The biometric authentication system includes multiple information terminals 1. Examples of the information terminal 1 include, but are not limited to, a smartphone, a tablet terminal, and a wearable terminal.
The beacon 4 is an apparatus having functions such as a beacon broadcast function to send ID information and the like by radio waves at predetermined intervals. The beacon 4 is installed at a predetermined location, and its main role is to notify the biometric information acquisition terminal 2 and the information terminal 3 of location-related information. Examples of the beacon 4 include, but are not limited to, apparatuses that emit radio waves of close-range communication or proximity communication, such as Bluetooth Low Energy (registered trademark), a wireless LAN (Local Area Network), Zigbee (registered trademark), or NFC (Near Field Communication). As will be described later in detail, the role of the beacon 4 may be played by the biometric information acquisition terminal 2.
The communications between the biometric information acquisition terminal 2 and the biometric authentication server 1 may be conducted using, for example, wireless communications such as LTE (Long Term Evolution), 3G (3rd Generation), WiMAX (Worldwide Interoperability for Microwave Access) (registered trademark), a wireless LAN (Local Area Network), or WAN (Wide Area Network), or using wired communications such as wired LAN, the Internet, or communications using dedicated lines.
The communications between the information terminal 3 and the biometric authentication server 1 may be conducted using, for example, wireless communications such as LTE, 3G, WiMAX (registered trademark), a wireless LAN, or WAN, or using wired communications such as wired LAN, the Internet, or communications using dedicated lines.
The communications between biometric information acquisition terminal 2 and the biometric authentication server 1 and the communications between the information terminal 3 and the biometric authentication server 1 may be conducted over different communication networks or the same network.
The biometric authentication server 1 includes, for example, a storage part 11, a control part 12, a power supply part 13, a biometric information acquisition terminal communication part 14, an information terminal communication part 15, a biometric reference information retention part 161, a biometric information acquisition terminal location information retention part 162, and an information terminal location information retention part 163, with these coupled to one another by buses. Although the modules are depicted in
The storage part 11 is configured of a memory incorporated in the biometric authentication server 1, a removable external memory, or the like, and stores various types of information. The storage part 11 stores, for example, operation control programs executed by the control part 12. The storage part 11 has control software 111. The control software 111 may be a series of processing triggered by the start of communications with the biometric information acquisition terminal 2 or the information terminal 3, or a series of processing started by a predetermined timer or other interruption handling. The control software 111 may be composite software including multiple sets of software that are linked. In the present invention, a statement that the control software 111 executes processing means, unless otherwise noted, that physically, the control part 12 executes the processing following programs described in the control software 111.
The control part 12 is configured of a CPU (Central Processing Unit), an MPU (Micro Processing Unit), a DSP (Digital Signal Processor), or the like, and controls the overall operation of the biometric authentication server 1 by, for example, executing predetermined operation control programs.
The power supply part 13 is configured of a battery, an AC adapter, a charging circuit, and the like. The power supply part 13 performs power supply to the parts of the biometric authentication server 1, and charging of the battery. The power supply part 13 may also perform status checking, such as whether the biometric authentication server 1 is being powered by the battery or powered by the AC adapter, and checking of the remaining battery charge.
The biometric information acquisition terminal communication part 14 is a function to enable the biometric authentication server 1 to communicate with the biometric information acquisition terminal 2, and may be a module for performing wireless communications using LTE, 3G, WiMAX (registered trademark), wireless LAN, WAN, or the like, or communications using wired LAN, the Internet, or dedicated lines. The biometric information acquisition terminal communication part 14 may be the same module as the information terminal communication part 15 to be described below. The biometric authentication server 1 may have more than one biometric information acquisition terminal communication part 14 for different communication methods and the like.
The information terminal communication part 15 is a function to enable the biometric authentication server 1 to communicate with the information terminal 3, and may be a module for performing wireless communications such as LTE, 3G, WiMAX (registered trademark), wireless LAN, or WAN, or communications using wired LAN, the Internet, or dedicated lines. The biometric authentication server 1 may have more than one information terminal communication part 15 for different communication methods and the like.
The biometric information acquisition terminal communication part 14 and the information terminal communication part 15 may be the same module, or may also be used by another module used for communications for a different purpose.
The communication functions provided by the biometric information acquisition terminal communication part 14 and the information terminal communication part 15 may include an antenna and a modem circuit or the like if they perform wireless communications and may include a connector and a modem circuit or the like if they perform wired communications. Each of the biometric information acquisition terminal communication part 14 and the information terminal communication part 15 may be configured to support multiple communication methods.
The biometric reference information retention part 161 is a functional element for associating and storing the IDs of the information terminals 3 owned by respective users and biometric reference information acquired from biological objects of the respective users. The biological reference information may be a template obtained by extraction of an image or a feature of biometric information, such as a vein pattern, a fingerprint, a palm, an iris, a voice, or a face. The biometric reference information retention part 161 may be means for retaining data, such as a table, a database, a hash structure, or KVS (Key Value Store), in which to store predetermined information. An example of data retained by the biometric reference information retention part 161 will be given later.
The biometric information acquisition terminal location information retention part 162 is a functional element for storing therein location information on each of the biometric information acquisition terminals 2. The location information may be, for instance, a beacon ID to be described later, or information based on GPS (Global Positioning System), IMES (Indoor MEssaging System), or the like. The biometric information acquisition terminal location information retention part 162 may be means for retaining data, such as a table, a database, a hash structure, or KVS (Key Value Store), in which to store predetermined information. An example of data retained by the biometric information acquisition terminal location information retention part 162 will be given later.
The information terminal location information retention part 163 is a functional element for storing therein location information on each of the information terminals 3. The location information may be, for instance, a beacon ID to be described later, or information based on GPS, IMES, or the like. The information terminal location information retention part 163 may be means for retaining data, such as a table, a database, a hash structure, or KVS (Key Value Store), in which to store predetermined information. An example of data retained by the information terminal location information retention part 163 will be given later.
The biometric information acquisition terminal 2 includes, for example, a storage part 21, a control part 22, a power supply part 23, a biometric authentication server communication part 24, a display part 25, an input part 26, a biometric information acquisition part 27, a beacon reception part 28, and a beacon broadcast part 29, with these coupled to one another by buses. Although the modules are depicted in
The storage part 21 is configured of a memory incorporated in the biometric information acquisition terminal 2, a removable external memory, or the like, and stores various types of information. The storage part 21 stores, for example, operation control programs executed by the control part 22.
The storage part 21 has, in one example, control software 211, a biometric information acquisition terminal ID 212, and a beacon ID 213. The control software 211 may have described therein software for controlling the biometric information acquisition terminal 2, and may be a series of processing started by an input from the input part 26 or a predetermined input from the beacon reception part 28 or by a predetermined timer or other interruption handling. The control software 211 may be composite software including multiple sets of software that are linked. In the present invention, a statement that the control software 211 executes processing means, unless otherwise noted, that physically, the control part 22 executes the processing following programs described in the control software 211.
The biometric information acquisition terminal ID 212 is ID information for the biometric authentication server 1 to use in uniquely identifying the biometric information acquisition terminal 2 among the multiple biometric information acquisition terminals 2 in the biometric authentication system. The biometric information acquisition terminal ID 212 may be any data as long as it is consistent within the entire biometric authentication system. The biometric information acquisition terminal ID 212 may be preset information, information generated by the control software 211, ID information on the hardware or the like of the biometric information acquisition terminal 2, or an ID notified of as the biometric information acquisition terminal ID 212 by the biometric authentication server 1 or the like in advance.
The beacon ID 213 is ID information broadcasted by the beacon broadcast part 29 using close-range wireless communication, and is an ID by which the biometric information acquisition terminal 2 informs other constituents of location-related information. Alternatively, ID information received by the beacon reception part (described later) using close-range wireless communication may be dynamically stored in the beacon ID 213. The beacon ID 213 is ID information for the biometric authentication server 1 to use in identifying the location of a certain apparatus. The beacon ID 213 may be any data as long as it is consistent within the entire biometric authentication system. The biometric information may be preset information, information generated by the control software 211, ID information on the hardware or the like of the biometric information acquisition terminal 2, or an ID notified of as the beacon ID 213 by the biometric authentication server 1 or the like in advance. If necessary, the biometric information acquisition terminal 2 may have multiple beacon IDs. Instead of beacon IDs, other location information may be stored in the beacon ID 213, such as information based on GPS or IMES.
The control part 22 is configured of a CPU, an MPU, a DSP, or the like, and controls the overall operation of the biometric information acquisition terminal 2 by, for example, executing predetermined operation control programs.
The power supply part 23 is configured of a battery, an AC adapter, a charging circuit, and the like. The power supply part 23 performs power supply to the parts of the biometric information acquisition terminal 2, and charging of the battery. The power supply part 23 may also perform status checking, such as whether the biometric information acquisition terminal 2 is being powered by the battery or powered by the AC adapter, and checking of the remaining battery charge.
The biometric authentication server communication part 24 is a function to enable the biometric information acquisition terminal 2 to communicate with the biometric authentication server 1 and the like, and may be a module for performing wireless communications using LTE, 3G, WiMAX (registered trademark), wireless LAN, WAN, or the like, or communications using wired LAN, the Internet, or dedicated lines. The biometric information acquisition terminal 2 may have more than one biometric authentication server communication part 24 for different communication methods and the like. The biometric authentication server communication part 24 may be used by another module used for communications for a different purpose. The biometric authentication server communication part 24 may include an antenna and a modem circuit or the like if it performs wireless communications and may include a connector and a modem circuit or the like if it performs wired communications. The biometric authentication server communication part 24 may be configured to support multiple communication methods.
The display part 25 is configured of a panel, such as a liquid crystal display, an organic EL (Electro-Luminescence) display, or an electronic paper display, a driver circuit, and the like, and displays any given information (such as text, still images, or video images) as controlled by the control part 22. For example, the display part 25 may display a result of biometric authentication. The display part 25 may include multiple display devices for displaying different pieces of information.
The input part 26 includes at least one of a touch panel, buttons, a keyboard, a mouse, a cursor key, number keys, and the like. The input part 26 receives operational inputs by a user and inputs, to the control part 22, input signals indicative of the operational inputs. In a case like a touch panel, the display part 25 and the input part 26 may be integrated. The input part 26 may also generate input signals upon voice recognition, image recognition, gesture recognition, and the like, and inputs the input signals to the control part 22.
The biometric information acquisition part 27 includes a device that acquires data on an image or a voice signal, or a feature extracted therefrom, of biometric information which is at least one of a vein pattern, a fingerprint, a palm, an iris, a voice, a face, and the like, and the biometric information acquisition part 27 inputs the data to the control part 22. The biometric information acquisition part 27 may start the data acquisition operation upon detection of a biological object or upon an input from the input part 26. The biometric information acquisition terminal 2 may have more than one biometric information acquisition part 27.
The beacon reception part 28 is a function to receive close-range radio waves emitted by the beacon 4 and the like, and receives radio waves of close-range communication or proximity communication, such as Bluetooth Low Energy (registered trademark), a wireless LAN, Zigbee (registered trademark), or NFC. The beacon reception part 28 may have a function to acquire the radio field intensity or information on the distance from the radio source. The beacon reception part 28 is mainly configured to enable the biometric information acquisition terminal 2 to acquire location information. If there is no need for the biometric information acquisition terminal 2 to acquire location information from the beacon reception part 28, the beacon reception part 28 may be omitted. The beacon reception part 28 may be functionally configured to receive GPS or IMES information as the location information.
The beacon broadcast part 29 is a function to broadcast radio waves using close-range wireless communication, and receives radio waves of close-range communication or proximity communication, such as Bluetooth Low Energy (registered trademark), a wireless LAN, Zigbee (registered trademark), or NFC. The beacon broadcast part 29 is mainly configured to enable the biometric information acquisition terminal 2 to give a notification of location-related information to the other constituents of the biometric authentication system. If there is no need for the biometric information acquisition terminal 2 to notify the other constituents of location-related information, the beacon broadcast part 29 may be omitted. The beacon reception part 28 may be functionally configured to transmit radio waves compatible with GPS or IMES information as the location-related information.
The beacon reception part 28 and the beacon broadcast part 29 may be configured to share the same module. In the above-described cases where the beacon reception part 28 and the beacon broadcast part 29 are unnecessary, one or both of the beacon reception part 28 and the beacon broadcast part 29 may be omitted.
The information terminal 3 includes, for example, a storage part 31, a control part 32, a power supply part 33, a biometric authentication server communication part 34, a display part 35, an input part 36, and a beacon reception part 38, with these coupled to one another with buses. Although the modules are depicted in
The storage part 31 is configured of a memory incorporated in the information terminal 3, a removable external memory, or the like, and stores various types of information. The storage part 31 stores, for example, operation control programs executed by the control part 32.
The storage part 31 has, in one example, control software 311, an information terminal ID 312, and a beacon ID retention part 313. The control software 311 may have described therein software for controlling the information terminal 3, and may be a series of processing started by an input from the input part 36 or a predetermined input from the beacon reception part 38 or by a predetermined timer or other interruption handling. The control software 311 may be composite software including multiple sets of software that are linked. In the present invention, a statement that the control software 311 executes processing means, unless otherwise noted, that physically, the control part 32 executes the processing following programs described in the control software 311.
The information terminal ID 312 is ID information for the biometric authentication server 1 to use in uniquely identifying the information terminal 3 among the multiple information terminals 3 in the biometric authentication system. The information terminal ID 312 may be any data as long as it is consistent within the entire biometric authentication system. The information terminal ID 312 may be preset information, information generated by the control software 311, ID information on the hardware or the like of the information terminal 3, or an ID notified of as the information terminal ID 312 by the biometric authentication server 1 or the like in advance.
The beacon ID retention part 313 stores ID information received from the beacon reception part 28 (described later) using close-range wireless communication. If necessary, the information terminal 3 may include more than one beacon ID retention part 313. The beacon ID retention part 313 may store other types of location information, such as GPS or IMES information.
The control part 32 is configured of a CPU, an MPU, a DSP, or the like, and controls the overall operation of the information terminal 3 by, for example, executing predetermined operation control programs.
The power supply part 33 is configured of a battery, an AC adapter, a charging circuit, and the like. The power supply part 33 performs power supply to the parts of the information terminal 3, and charging of the battery. The power supply part 33 may also perform status checking, such as whether the information terminal 3 is being powered by the battery or powered by the AC adapter, and checking of the remaining battery charge.
The biometric authentication server communication part 34 is a function to enable the information terminal 3 to communicate with the biometric authentication server 1 and the like, and may be a module for performing wireless communications using LTE, 3G, WiMAX (registered trademark), wireless LAN, WAN, or the like, or communications using wired LAN, the Internet, or dedicated lines. The information terminal 3 may have more than one biometric authentication server communication part 34 for different communication methods or the like. The biometric authentication server communication part 34 may be used by another module used for communications for a different purpose. The biometric authentication server communication part 34 may include an antenna and a modem circuit or the like if it performs wireless communications and may include a connector and a modem circuit or the like if it performs wired communications. The biometric authentication server communication part 34 may be configured to support multiple communication methods.
The display part 35 is configured of a panel, such as a liquid crystal display, an organic EL display, or an electronic paper display, a driver circuit, and the like, and displays any given information (such as text, still images, or video images) as controlled by the control part 32. The display part 35 may include multiple display devices for displaying different pieces of information.
The input part 36 includes at least one of a touch panel, buttons, a keyboard, a mouse, a cursor key, number keys, and the like. The input part 36 receives operational inputs by a user and inputs, to the control part 32, input signals indicative of the operational inputs. In a case like a touch panel, the display part 35 and the input part 36 may be integrated. The input part 36 may also generate input signals upon voice recognition, image recognition, gesture recognition, and the like, and inputs the input signals to the control part 32.
The beacon reception part 38 is a function to receive close-range radio waves emitted by the beacon 4, the biometric information acquisition terminal 2, and the like, and receives radio waves of close-range communication or proximity communication, such as Bluetooth Low Energy (registered trademark), a wireless LAN, Zigbee (registered trademark), or NFC. The beacon reception part 38 may have a function to acquire the radio field intensity or information on the distance from the radio source. The beacon reception part 38 is mainly configured to enable the information terminal 3 to acquire location-related information. If there is no need for the information terminal 3 to acquire location-related information from the beacon reception part 38, the beacon reception part 38 may be omitted. The beacon reception part 38 may be functionally configured to receive GPS or IMES information as the location-related information.
The beacon 4 includes, for example, a storage part 41, a control part 42, a power supply part 43, and a beacon broadcast part 49, with these being coupled to one another by buses. Although the modules are depicted in
The storage part 41 is configured of a memory incorporated in the beacon 4, a removable external memory, or the like, and stores various types of information. The storage part 41 stores, for example, operation control programs executed by the control part 42.
The storage part 41 has, for example, control software 411 and a beacon ID 413. The control software 411 may have described therein software for controlling the beacon 4, and may be a series of processing started by a predetermined timer or other interruption handling. The control software 411 may be composite software including multiple sets of software that are linked. In the present invention, a statement that the control software 411 executes processing means, unless otherwise noted, that physically, the control part 42 executes the processing following programs described in the control software 411.
The beacon ID 413 is ID information broadcasted by the beacon broadcast part 49 (described later) using close-range wireless communication, and is an ID for the beacon 4 to use in informing the other constituents of location-related information. The beacon ID 413 is ID information for the biometric authentication server 1 to use in identifying the location of a certain apparatus. The beacon ID 413 may be any data as long as it is consistent within the entire biometric authentication system. The beacon ID 413 may be preset information, information generated by the control software 411, ID information on the hardware or the like of the beacon 4, or an ID notified as the beacon ID 413 of by the biometric authentication server 1 or the like in advance. If necessary, the beacon 4 may have more than one beacon ID 413. Instead of a beacon ID, other location-related information may be stored, such as information compatible with GPS or IMES.
The control part 42 is configured of a CPU, an MPU, a DSP, or the like, and controls the overall operation of the information terminal 3 by, for example, executing predetermined operation control programs.
The power supply part 43 is configured of a battery, an AC adapter, a charging circuit, and the like. The power supply part 43 performs power supply to the parts of the beacon 4, and charging of the battery. The power supply part 43 may also perform status checking, such as whether the beacon 4 is being powered by the battery or powered by the AC adapter, and checking of the remaining battery charge.
The beacon broadcast part 49 is a function to broadcast short-range radio waves, and receives radio waves of close-range communication or proximity communication, such as Bluetooth Low Energy (registered trademark), a wireless LAN, Zigbee (registered trademark), or NFC.
The beacon 4 is configured to notify the other constituents of location-related information. If there is no need for the beacon 4 to notify the other constituents of location-related information, the beacon 4 may be omitted. For example, if the role of the beacon 4 is played by the biometric information acquisition terminal 2, the independent beacon 4 may be omitted from the biometric authentication system. Moreover, the beacon 4 may be configured to broadcast radio waves compatible with GPS or IMES information serving as the location-related information.
The biometric reference information retention part 161 associates and stores the information terminal ID 312 of the information terminal 3 associated with an individual user, the user ID of the individual user, and biometric reference information on the individual user. The biometric reference information retention part 161, as an example of a configurational element for retaining such an association, has an information terminal ID 1611, a user ID 1612, and a biometric reference information 1613. Data stored in the information terminal ID 1611 are the information terminal IDs 312 of the respective information terminals 3 in the biometric authentication system. Data stored in the user ID 1612 are IDs associated with the individuals owning the information terminals 3 which are identified by the information terminal IDs 312. These individuals are the targets of authentication by the biometric authentication system of the present invention. Data stored in the biometric reference information 1613 may be templates for use in authentication of biometric information acquired from biometric objects of the individuals. If necessary, more than one type of template may be stored. In the first entry of the example shown in
The biometric information acquisition terminal location information retention part 162 associates and stores, for example, the biometric information acquisition terminal ID 212, a beacon ID, and a validity term of the corresponding entry. The biometric information acquisition terminal location information retention part 162, as an example of a configuration element for storing such an association, has a biometric information acquisition terminal ID 1621, a beacon ID 1622, and a validity term 1623. Data stored in the biometric information acquisition terminal ID 1621 are the biometric information acquisition terminal IDs 212 of the respective biometric information acquisition terminals 2 in the biometric authentication system. Data stored in the beacon ID 1622 are data indicating the locations of the biometric information acquisition terminals 2 identified by the biometric information acquisition terminal IDs 212. If the beacon 4 and the biometric information acquisition terminal 2 are both fixed at predetermined locations, the beacon ID 413 of the beacon 4 installed near the biometric information acquisition terminal 2 may be statically stored as the beacon ID 1622 for the biometric information acquisition terminal 2. Alternatively, if the beacon 4 is fixed and the biometric information acquisition terminal 2 is mobile, the biometric information acquisition terminal 2 sends the beacon ID 413 received from the beacon 4 to the biometric authentication server 1, and the biometric authentication server 1 then updates the association dynamically. A detailed flowchart will be described later in this regard. Alternatively, if the biometric information acquisition terminal 2 is configured to broadcast beacons, the beacon ID 213 broadcasted by the biometric information acquisition terminal 2 is statically stored in the beacon ID 1622. Data stored in the validity term 1623 indicates the term of validity of the entry. Data stored as the validity term may be the time of expiration, a count number to the expiration, or the like. If the above-described associations are static, data indicating an indefinite term may be stored in the validity term. More than one beacon ID may be associated with one biometric information acquisition terminal ID. Although
The information terminal location information retention part 163 associates and stores, for example, a beacon ID, the information terminal ID 312, and the validity term of the corresponding entry. The information terminal location information retention part 163, as an example configurational element for retaining such an association, has a beacon ID 1631, an information terminal ID 1632, and a validity term 1633. Data stored in the beacon ID 1631 are beacon IDs of devices that transmit beacons in the biometric authentication system. In this example, a functional configuration shown as the beacon ID 213 or the beacon ID 413 corresponds to the beacon ID 1631. Data stored in the information terminal ID 1632 are the information terminal IDs 312 of the information terminals 3 in the biometric authentication system. An association between the beacon ID 1631 and the information terminal ID 1632 provides a list of the information terminals 3 located near a certain apparatus transmitting the beacon ID. The information terminal 3 sends the biometric authentication server 1 a beacon ID received from another apparatus and then stored in the beacon ID retention part 313, and then the biometric authentication server 1 dynamically updates the concerned association. This will be described in detail later. Data stored in the validity term 1633 indicates the validity term of the concerned entry. Data stored as the validity term may be the time of expiration or a count number to expiration. Typically, more than one information terminal ID is associated with one beacon ID. Although
In the above example, a beacon ID near T1 is B2, and the information terminals M1 and M3 are located within a range in which B1 is receivable. Thus, a user likely to request biometric authentication processing using T1 is a user P1 or P3 that owns the information terminal 3 whose ID is M1 or M3. This enables the substantial number of N in 1:N authentication to be narrowed down from all the users. A detailed flowchart of such a case will be described later.
In the branching steps in the flowcharts illustrated in
Should any error occur during any of the flowcharts in the present invention, a notification of the error may be issued to the control part of each of the constituents, although this is not described in the flowcharts in detail.
Using the display part 25 or the display part 35, the control software 211 and the control software 311 may, if necessary, notify users of processing in execution, although this is not described in the flowcharts in detail. In particular, it is desirable that a user be notified of processing completion or branching via the display part, and the user may be asked to make a decision for the branching using the input part 26 or input part 36.
In addition, although the flowcharts omit information exchange between steps, the steps may actually form a command-response pair. Even when information exchange between certain steps is shown with a single bidirectional arrow, the exchange may include more than one command/response exchange. In addition, even when a communication between a terminal and a server is described in such a manner that the server transmits data to the terminal (a client) and the terminal then receives the data, the communication may actually be carried out by a command/response exchange between the client and the server, implementing the above-described data transmission as a result.
It should be noted that the present invention is not limited to each embodiment described above, and include various modifications thereof. For example, each embodiment described above is given in a detailed manner in order to facilitate understanding of the present invention, and the present invention does not necessarily have to include all the configurations described above. Moreover, part of a configuration in a certain embodiment may be replaced by a configuration in another embodiment, or a configuration in a certain embodiment may be added to a configuration of another embodiment. Further, part of a configuration in each embodiment may be added to another configuration, deleted, or replaced with another configuration.
Some or all of the configurations, functions, processing parts, processing means, and the like described above may be implemented by hardware using, for example, an integrated circuit designed to implement them. The configurations, functions, and the like described above may be implemented by software when a processor interprets and executes programs for implementing the respective functions. Information used for the implementation of each function, such as programs, tables, and files may be stored in a recording device such as a memory, a hard disk, or an SSD (Solid State Drive) or a recording medium such as an IC card, an SD card, or a DVD. As shown in
Control lines and information lines illustrated are ones that are deemed necessary for the purpose of illustration. All the control lines and information lines necessary as products are not necessarily illustrated. Actually, almost all the configurations may be interconnected.
Number | Date | Country | Kind |
---|---|---|---|
2014-187209 | Sep 2014 | JP | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/JP2015/070067 | 7/13/2015 | WO | 00 |