CN114365126B - Biometric authentication system and biometric authentication device - Google Patents
Biometric authentication system and biometric authentication device Download PDFInfo
- Publication number
- CN114365126B CN114365126B CN201980100333.2A CN201980100333A CN114365126B CN 114365126 B CN114365126 B CN 114365126B CN 201980100333 A CN201980100333 A CN 201980100333A CN 114365126 B CN114365126 B CN 114365126B
- Authority
- CN
- China
- Prior art keywords
- authentication
- biometric information
- information
- biometric
- registered
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Collating Specific Patterns (AREA)
Abstract
本发明的生物体认证系统具备将预先登记的生物体信息即登记生物体信息与识别信息对应地存储的服务器(2)、以及进行生物体认证的生物体认证装置(1)。生物体认证装置(1)具备存储多个登记生物体信息的存储部(15)、取得利用者的生物体信息作为输入生物体信息的传感器(12)、取得利用者的识别信息的输入装置(11)、以及对登记生物体信息与输入生物体信息进行核对的核对部(14)。核对部(14)判断是否取得了利用者的识别信息,在未取得的情况下,进行对存储于存储部(15)的多个登记生物体信息与输入生物体信息进行核对的1对多认证,在已取得的情况下,从服务器取得与利用者的识别信息对应的登记生物体信息,并使用所取得的登记生物体信息进行1对1认证。此外,核对部(14)在传感器(1)取得输入生物体信息之前,使收发部(16)接收用于1对多认证的多个登记生物体信息。
The biometric authentication system of the present invention comprises a server (2) for storing pre-registered biometric information, i.e., registered biometric information, in correspondence with identification information, and a biometric authentication device (1) for performing biometric authentication. The biometric authentication device (1) comprises a storage unit (15) for storing a plurality of registered biometric information, a sensor (12) for acquiring a user's biometric information as input biometric information, an input device (11) for acquiring the user's identification information, and a checking unit (14) for checking the registered biometric information and the input biometric information. The checking unit (14) determines whether the user's identification information has been acquired. If the user's identification information has not been acquired, the checking unit (14) performs a one-to-many authentication by checking the plurality of registered biometric information stored in the storage unit (15) with the input biometric information. If the user's identification information has been acquired, the checking unit acquires the registered biometric information corresponding to the user's identification information from the server and performs a one-to-one authentication using the acquired registered biometric information. In addition, the checking unit (14) causes a transceiver (16) to receive a plurality of registered biometric information for the one-to-many authentication before the sensor (1) acquires the input biometric information.
Description
Technical Field
The present invention relates to a biometric authentication system and a biometric authentication device for downloading biometric information from a server to the biometric authentication device.
Background
Patent document 1 discloses a biometric authentication system that downloads feature data of a living body from a server to a terminal based on ID (identification) provided by a user at the time of authentication of biometric authentication. In this system, the biometric authentication device acquires biometric information of a user who should be authenticated using a sensor, and extracts a feature of the living body from the information. Then, the terminal checks the extracted feature data of the living body of the user with the downloaded feature data of the living body to verify the 1-to-1 authentication of the validity of the user.
Prior art literature
Patent literature
Patent document 1 Japanese patent laid-open No. 2006-2626333
Disclosure of Invention
Problems to be solved by the invention
The biometric authentication system described above is useful when the feature data of the living body to be authenticated is specified as 1 using the ID, that is, when 1-to-1 authentication is performed. However, when authentication is performed by checking the feature data of the living body of the user to be authenticated with the feature data of all living bodies registered in the server without specifying the feature data of the living body to be authenticated, that is, 1-to-many authentication, the biometric authentication system cannot be used. This is because the data to be downloaded becomes huge, and authentication cannot be completed within a practical time.
The present invention has been made in view of the above-described problems, and an object of the present invention is to provide a biometric authentication system capable of performing authentication in a practical time and shortening a startup time of a biometric authentication device in a biometric authentication system in which a biometric authentication device performs authentication of both 1-to-1 authentication and 1-to-multiple authentication.
Means for solving the problems
A biometric authentication system includes a server for storing registered biometric information, which is registered biometric information in advance, in correspondence with identification information for each of a plurality of subjects, and a biometric authentication device including a transmitting/receiving unit for transmitting an acquisition request for registering biometric information from the server, a sensor for acquiring biometric information of a user as input biometric information, an input device for acquiring identification information of the user, a storage unit for storing the plurality of registered biometric information received by the transmitting/receiving unit, and a collation unit for performing 1-to-multiple authentication and 1-to-1 authentication, wherein in the 1-to-multiple authentication, the registered biometric information corresponding to the identification information of the user is collated with the input biometric information, in the 1-to-1 authentication, the collation unit judges whether the identification information of the user is acquired by the input device, in the case that the identification information of the user is not acquired, in the case that the biometric information is acquired by the input device, and in the case that the biometric information is acquired by the server, the registered biometric information corresponding to the user is acquired by the input device, and the registered biometric information is collated by the 1-to-1 biometric authentication is input by the biometric authentication unit before the biometric authentication is acquired by the biometric authentication device.
The biometric authentication device of the present invention is a biometric authentication device of a biometric authentication system including a server for storing registered biometric information, which is registered in advance, in correspondence with identification information for each of a plurality of subjects, and a biometric authentication device for communicating with the server, wherein the biometric authentication device includes a transmitting/receiving unit for transmitting an acquisition request for registering biometric information from the server, receiving a plurality of registered biometric information from the server, a sensor for acquiring biometric information of a user, an input device for acquiring identification information of the user, a storage unit for storing the plurality of registered biometric information received by the transmitting/receiving unit, and a collation unit for collating 1-to-1 authentication, in which 1-to-1 authentication is performed by collating the plurality of registered biometric information stored in the storage unit with the input biometric information, in which 1-to-1 authentication is performed by collating the registered biometric information corresponding to the identification information of the user with the input biometric information, and in which 1-to-1 authentication is performed by collating the registered biometric information corresponding to the biometric information of the user, and in which 1-to-1 authentication is performed by the biometric information of the user, and before the biometric authentication is acquired by the user.
ADVANTAGEOUS EFFECTS OF INVENTION
According to the present invention, in a biometric authentication system in which a biometric authentication device performs authentication of both 1-to-1 authentication and 1-to-multiple authentication, authentication can be performed in a practical time, and the startup time can be shortened as compared with a biometric authentication system in which feature data of all living beings is downloaded at the time of startup.
Drawings
Fig. 1 is a diagram showing an entry and exit management system using the biometric authentication system according to embodiment 1 of the present invention.
Fig. 2 is a block diagram of the biometric authentication system according to embodiment 1 of the present invention.
Fig. 3 is a front view of the biometric authentication device according to embodiment 1 of the present invention.
Fig. 4 is a diagram showing a data structure of a biological information database in embodiment 1 of the present invention.
Fig. 5 is a flowchart showing control at the time of starting up the biometric authentication device in embodiment 1 of the present invention.
Fig. 6 is a flowchart showing control during authentication operation of the biometric authentication device according to embodiment 1 of the present invention.
Fig. 7 is a flowchart showing control of a server in the biometric authentication system according to embodiment 1 of the present invention.
Fig. 8 is a timing chart showing the operation of the biometric authentication system according to embodiment 1 of the present invention.
Fig. 9 is a flowchart showing control during authentication operation of the biometric authentication device according to embodiment 2 of the present invention.
Detailed Description
Embodiment 1.
Hereinafter, a biometric authentication system and a biometric authentication device according to embodiment 1 of the present invention will be described in detail with reference to the drawings. In addition, like reference numerals in the various drawings denote like or corresponding structures and steps.
Fig. 1 is a diagram showing an entry and exit management system using the biometric authentication system according to embodiment 1 of the present invention. The system as a whole will be described first with reference to fig. 1.
The entry and exit management system is constituted by a biometric authentication system including a biometric authentication device 1, a server 2, and a signal line 4, and a door 3.
The biometric authentication device 1 acquires biometric information (hereinafter referred to as input biometric information) which is a fingerprint of a user from a biometric sensor 12 described later with reference to fig. 2, and performs biometric authentication by checking the biometric information with the biometric information registered in the server 2 (hereinafter referred to as registered biometric information). The biometric authentication device 1 outputs authentication success to the server 2 when biometric authentication is successful.
The biometric authentication device 1 has two authentication methods, i.e., 1-to-1 authentication (hereinafter, referred to as 1:1 authentication) and 1-to-multiple authentication (hereinafter, referred to as 1:n authentication).
The server 2 is, for example, a device provided in a management room of a building or facility, each floor of a building having a plurality of floors, or the like, and controls the biometric authentication device 1 and the door 3. The server 2 is a device that records biometric information of a subject person who enters and exits management as registered biometric information, and performs unified management of the subject person's information, such as changing, adding, and deleting the subject person. The server 2 is connected to the biometric authentication device 1 via a signal line 4. The server 2 is also a device that performs unlocking control of the door 3. Fig. 1 illustrates a system in which 1 biometric authentication device 1 and 1 gate 3 are connected to a server 2, but in many cases, a plurality of biometric authentication devices 1 and a plurality of gates 3 are connected to the server 2.
Next, a detailed configuration of the biometric authentication system will be described with reference to fig. 2. The biometric authentication device 1 includes an input device 11 for receiving identification information of a user, a biometric sensor 12 for reading a fingerprint or the like, a processor 13 for controlling and performing authentication processing on the input device and the biometric sensor, and a transmitting/receiving unit 16 for transmitting/receiving data to/from the server 2. Fig. 3 shows an external appearance of the biometric authentication device 1 as an example.
The input device 11 is a numeric keypad for acquiring identification information, i.e., identification numbers, inputted by a user. The input device 11 is connected to the processor 13, and outputs an identification number input by a user to the processor 13.
The biosensor 12 is a camera for reading in input biometric information of a user. The biosensor 12 is connected to the processor 13, and outputs the input biometric information of the user to the processor 13.
The processor 13 is a system on a chip (SoC) having a microcontroller and a memory, and is connected to the input device 11, the biosensor 12, the transceiver 16, and the output device 17 to exchange data. The processor 13 includes a verification unit 14 for performing authentication processing, and a storage unit 15 for storing biometric information and a code of a software module.
The collation unit 14 includes a control unit 14a that performs download control or selection processing of authentication methods and performs input/output processing with the input device 11 and the like, a1 st authentication unit 14b that performs 1:n authentication, and a2 nd authentication unit 14c that performs 1:1 authentication.
The control unit 14a is configured by software modules that control the input device 11, the biometric sensor 12, the 1 st authentication unit 14b, the 2 nd authentication unit 14c, the storage unit 15, and the transmitting/receiving unit 16 that constitute the biometric authentication device 1. The control unit 14a determines whether to perform the authentication of the 1 st authentication unit 14b or the 2 nd authentication unit 14c based on whether or not the identification number is input to the input device 11.
The 1 st authentication unit 14b is configured by a software module that performs 1:n authentication in which the input biometric information of the user acquired by the biometric sensor 12 is checked against the plurality of registered biometric information 21c stored in the storage unit 15. The registered biometric information 21c is biometric information stored in the database of the server 2 in the format shown in fig. 4, and is downloaded from the server 2 and stored in the storage unit 15. The 2 nd authentication unit 14c is composed of a software module for performing 1:1 authentication, and checks the input biometric information of the user acquired by the biometric sensor 12 with the specific registered biometric information 21c downloaded from the server 2 based on the identification number 21a acquired by the input device 11 and stored in the storage unit 15 in the 1:1 authentication.
The storage unit 15 is a flash memory, and is a storage device that stores the registered biometric information 21c downloaded from the server 2 via the transmitting/receiving unit 16.
The transceiver unit 16 is an RS-422 transceiver that communicates with the transceiver unit 22 of the server 2 via the signal line 4.
The output device 17 is a sound output device having a speaker that outputs sound in accordance with a command of the control unit 14 a.
The server 2 includes a biological information database 21, a transmitter/receiver 22, a controller 23, and an unlock signal transmitter 24. As shown in fig. 4, the biometric information database 21 stores the identification number 21a, the registration type 21b, and the registered biometric information 21c in association with each other. The identification number 21a is an integer of 7 bits, and is a number itself input to the input device 11 by the user. The identification number 21a corresponds to the registered biometric information 21c 1 to 1. The registration type 21b is information indicating whether the corresponding registration biometric information 21c is used for 1:n authentication or 1:1 authentication. The registered biometric information 21c is characteristic point information of the fingerprint.
The transmitter/receiver 22 is an RS-422 transceiver that communicates with the transmitter/receiver 16 of the biometric authentication device 1 via the signal line 4.
The control unit 23 is a control device that extracts the registered biometric information 21c from the biometric information database 21 in response to the request for acquiring the registered biometric information 21c received by the transmitting/receiving unit 22, and transmits the extracted registered biometric information 21c via the transmitting/receiving unit 22. When receiving the signal notifying the success of authentication, the transmitting/receiving unit 22 also performs control to transmit the unlock signal of the electronic lock 31 via the unlock signal transmitting unit 24. The control unit 23 is constituted by a software module that performs the above control with the processor.
The unlock signal transmitting unit 24 is connected to the electronic lock 31 via the signal line 4, and transmits an unlock signal to the electronic lock 31 in response to an instruction from the control unit 23.
The door 3 is composed of an electronic lock 31 and a door leaf, and is unlocked by driving a motor of the electronic lock 31 according to a signal output from the server 2.
The signal line 4 is an electrical signal line conforming to the RS-422 standard.
Next, the operation of the present embodiment will be described with reference to fig. 5, 6, and 7.
Fig. 5 is a flowchart showing control at the time of starting the biometric authentication device 1 according to the present embodiment.
When the power is supplied to the biometric authentication device 1 and the start-up process of the processor 13 is started, the control unit 14a initializes each component of the biometric authentication device 1 in step S11. For example, the biosensor 12 sets a parameter for the control, or transmits a command instructing to start the internal processing of the biosensor 12 to the biosensor 12. Next, in step S12, the control unit 14a determines whether the start-up process is a process of the initial start-up. Specifically, it is determined whether or not the number of times of the start-up processing stored in the storage unit 15 is 0. If the initial start is not performed, the start processing is ended and the operation proceeds to the authentication operation.
On the other hand, at the time of the initial startup, the control unit 14a transmits a request for acquiring the registered biometric information 21c with the registration type 21b of 1:n from the transmitting/receiving unit 16 to the server 2 in step S13. The communication method for acquiring the request is a packet switching method. In the acquisition request, information that can identify the type of the registered biometric information 21c to be requested as 1:n is described as an instruction, and address information of the server 2 is described as a destination, and address information of the own device is described as request source information. Next, in step S14, the control unit 14a acquires the plurality of pieces of registered biometric information 21c received from the server 2 by the transmitting/receiving unit 16 from the transmitting/receiving unit 16. Next, in step S15, the information is stored in the storage unit 15. At this time, the control unit 14a counts the number of startup processes stored in the storage unit 15, and stores the number of startup processes in the storage unit 15. After that, the start processing is ended, and the operation proceeds to the authentication operation.
Next, the operation of the biometric authentication device 1 in the authentication operation will be described with reference to fig. 6. First, in step S21, the control unit 14a starts receiving the identification number 21a and inputting the biometric information by the input device 11 and the biometric sensor 12, respectively.
In step S22, the input device 11 and the biosensor 12 wait until there is an input of the identification number 21a and the input biometric information by the user, respectively. When the biosensor 12 detects input of the input biometric information, the process proceeds to step S23, and the control unit 14a acquires the input biometric information from the biosensor 12. Specifically, the control unit 14a extracts details (minutia, hereinafter referred to as feature points) of the fingerprint from the image information of the fingerprint acquired by the biosensor 12, and stores the details in the storage unit 15. The feature point extraction method uses an extraction method used in a known detail matching method. When the user inputs the identification number 21a to the input device 11 in step S22, the control unit 14a also acquires the identification number 21a in step S23. Then, the identification number 21a is stored in the storage unit 15.
In step S24, the control unit 14a determines the authentication method and whether or not the registered biometric information 21c needs to be downloaded, based on whether or not the identification number 21a is acquired in step S23. Specifically, it is determined whether or not the identification number 21a is stored in the storage unit 15. If the identification number 21a is not acquired, the registration biometric information 21c is not downloaded, and it is determined that 1:n authentication is performed, and the flow proceeds to step S25. At this time, the control unit 14a instructs the 1 st authentication unit 14b to perform authentication processing. In step S25, the 1 st authentication unit 14b of the collation unit 14 performs 1:n authentication for collating the input biometric information with the plurality of registered biometric information 21c stored in the storage unit 15. Specifically, according to the detail/matching method, if registered biometric information 21c, which matches a predetermined number of parts (for example, 20 parts or more) or more among the feature points of the input biometric information stored in the storage unit 15, exists, it is determined that authentication is successful, and if there is no registered biometric information 21c that matches, it is determined that authentication is failed.
On the other hand, when the identification number 21a is acquired in step S23, that is, when the control unit 14a determines that the identification number 21a input by the user is stored in the storage unit 15, the registered biometric information 21c is downloaded from the server 2, and it is determined that 1:1 authentication is performed, and the flow proceeds to step S26. In step S26, the control unit 14a determines whether or not the registered biometric information 21c corresponding to the input identification number 21a is stored in the storage unit 15. When the corresponding registered biometric information 21c is stored, the control unit 14a omits the download of the registered biometric information 21c, and the flow advances to step S210. Here, the control section 14a instructs the 2 nd authentication section 14c to execute authentication processing. The 2 nd authentication unit 14c of the collation unit 14 performs 1:1 authentication for collating the input biometric information with the registered biometric information 21c. Specifically, according to the detail/matching method, if a predetermined number or more (for example, 10 or more points) of the feature points of the input biometric information stored in the storage unit 15 match the registered biometric information 21c corresponding to the identification number 21a, it is determined that the authentication is successful.
In step S26, when the control unit 14a determines that the registered biometric information 21c corresponding to the input identification number 21a is not stored in the storage unit 15, the flow proceeds to step S27. In step S27, the control unit 14a transmits an acquisition request including the registered biometric information 21c of the inputted identification number 21a from the transmitting/receiving unit 16 to the server 2. In the acquisition request, information capable of identifying the type of the registered biometric information 21c to be requested as 1:1 is described as an instruction, and information capable of identifying the identification number 21a is described as a parameter. In addition, in the acquisition request, the address information of the server 2 is described as the destination, and the address information of the own device is described as the request source information. Next, in step S28, the control unit 14a receives the registered biometric information 21c received from the server 2 by the transceiver unit 16 from the transceiver unit 16. Then, in step S29, the control unit 14a stores the received registered biometric information 21c in the storage unit 15 in association with the identification number 21 a. After that, 1:1 authentication is performed in step S210.
When each authentication is successful, the control unit 14a outputs a notification notifying that the authentication is successful from the transmitting/receiving unit 16. The notification is described with information that can identify that the content of the notification is the content for which the authentication is successful. In this notification, the address information of the server 2 is described as the destination, and the address information of the own device is described as the request source information. Further, the control unit 14a deletes the identification number 21a input by the user and the input biometric information from the storage unit 15, regardless of whether or not the authentication is successful.
When each authentication is successful, the control unit 14a outputs a sound such as "scratching" notifying that the authentication is successful from the output device 17. On the other hand, when each authentication fails, the control unit 14a outputs a sound such as "crack-to-crack" notifying that the authentication failed from the output device 17.
Next, the operation of the server 2 in the biometric authentication system according to the present embodiment will be described with reference to fig. 7. In step S31, the control unit 23 waits until the transmitting/receiving unit 22 receives the request for acquiring the registered biometric information 21 c. The transmitting/receiving unit 22 is configured to always receive a request and a notification from the signal line 4, and to store the content when a request or the like is received. The control unit 23 accesses the transceiver unit 22 periodically or aperiodically to check whether the transceiver unit 22 receives a request or not. When the transceiver 22 receives the acquisition request, the controller 23 acquires the acquisition request from the transceiver 22 and determines the registration type 21b of the requested registration biometric information 21 c. Specifically, when it is determined that the information is 1:n information that can identify the registered biometric information 21c requested by the instruction part of the acquisition request, the flow proceeds to step S32, and when it is determined that the information is 1:1 information that can identify the registered biometric information 21c requested by the instruction part of the acquisition request, the flow proceeds to step S34.
In step S32, the control unit 23 of the server 2 extracts all registered biometric information 21c registered in the biometric information database 21, the registered types 21b being 1:n. At this time, the control unit 23 extracts a plurality of pieces of registered biometric information 21c from the biometric information database 21 using the 1:n authentication of the registered type 21b as a search key. After that, the process advances to step S33, and the control unit 23 transmits the extracted plurality of pieces of registered biometric information 21c from the transmitting/receiving unit 22 to the biometric authentication device 1. On the other hand, in step S34, the control unit 23 extracts the registered biometric information 21c corresponding to the identification number 21a from the biometric information database 21 based on the identification number 21a that can be specified based on the parameter described in the acquisition request. After that, the process advances to step S33, and the control unit 23 transmits the extracted registered biometric information 21c from the transmitting/receiving unit 22 to the biometric authentication device 1.
The communication method for registering the biometric information 21c is also a packet switching method. In the packet, information indicating a response to the acquisition request is described as an instruction, and 1 or more of the number of registered biometric information and the group of the identification number 21a, the registration type 21b, and the registered biometric information 21c shown in fig. 4 are described as parameters. The address information of the biometric authentication device 1 is described as the destination, and the address information of the server 2 is described as the source information. When it is necessary to transmit a large amount of registered biometric information 21c and the data amount thereof is large, the plurality of registered biometric information 21c and the like are divided into a plurality of packets and transmitted.
When the biometric authentication device 1 receives a notification of successful authentication, the control unit 23 outputs an unlock signal from the unlock signal transmission unit 24.
As described above, the biometric authentication system according to the embodiment downloads registered biometric information for 1:n authentication in the start-up process of the biometric authentication device 1. Therefore, at the time of 1:n authentication, the biometric authentication device 1 holds the registered biometric information 21c necessary for collation in advance, and thus can complete authentication in a practical time. In addition, the biometric authentication device 1 according to the present embodiment downloads the registered biometric information 21c for 1:n authentication based on the authentication type information, and delays the download of the registered biometric information 21c for 1:1 authentication, instead of downloading all the registered biometric information 21c at the time of startup. For example, the registered biometric information 21c for 1:1 authentication is downloaded at the time of authentication. Therefore, the biometric authentication device 1 can start receiving the input biometric information after downloading the registered biometric information 21c for 1:n authentication, and has the effect of ending the start-up process early.
This will be described with reference to fig. 8. Fig. 8 is a timing chart described for data exchange between the biometric authentication device 1 and the server 2.
When the start of the biometric authentication device 1 is the initial start, the control unit 14a downloads the registered biometric information 21c having the registration type 21b of 1:n from the server 2 immediately after initializing each component of the biometric authentication device 1 (step S11) (step S13, step S32, step S33, and step S15). After the downloading is completed, the biometric authentication device 1 starts receiving the input biometric information from the biometric sensor 12 (step S21).
After that, when the user inputs the biometric information, the control unit 14a acquires the input biometric information (step S23), and the 1 st authentication unit 14b performs 1:n authentication using the registered biometric information 21c of which the registered type 21b is 1:n, which was downloaded immediately after the start (step S25).
On the other hand, when the user inputs the identification number 21a and then inputs the biometric information, the control unit 14a acquires the identification number 21a in match with the input biometric information (step S23). In this case, if the registered biometric information 21c corresponding to the identification number 21a input by the user does not exist in the storage unit 15, the control unit 14a downloads the registered biometric information 21c corresponding to the identification number 21a from the server 2 (step S26, step S34, step S33, and step S29). The 2 nd authentication unit 14c performs 1:1 authentication using the downloaded registered biometric information 21c (step S210).
From the above, the registered biometric information 21c for 1:1 authentication can be downloaded to the biometric authentication device 1 at the time of authentication as in the related art, and the registered biometric information 21c for 1:n authentication can be downloaded in advance at the time of startup. Therefore, it is not necessary to start downloading the huge registered biometric information 21c at the time of 1:n authentication, and authentication can be performed in a practical time. Further, since the registered biometric information 21c for 1:1 authentication is downloaded at the timing when the identification number 21a is input, the startup time can be shortened as compared with a biometric authentication system in which all registered biometric information 21c is downloaded at the startup regardless of the type of the registered type 21 b.
Embodiment 2.
For example, when used in applications in which authentication by 1:1 is normally performed, authentication by 1:1 is performed when authentication by 1:n cannot be normally performed, a biometric authentication system that performs two types of authentication can achieve both convenience improvement and high security. The reason for this is described below. In 1:N authentication in which the input of the identification number 21a is not necessary, the registered biometric information 21c of the authentication target person is checked against the input biometric information, and if there is a match, the authentication is the own person. Therefore, if 1 registered biometric information 21c similar to the input biometric information is present in a large amount of registered biometric information, the registered biometric information is erroneously authenticated. That is, in 1:n authentication, although the input biometric information is input biometric information of another person, the possibility of being erroneously authenticated as the own person is higher than 1:1 authentication. Therefore, in 1:n authentication, it is necessary to set a threshold value for the degree of coincidence of biometric information authenticated as the own person to be high. However, such threshold setting has a disadvantage that a user to be authenticated in 1:n authentication cannot be authenticated in some cases.
On the other hand, in 1:1 authentication, since authentication is performed after registration of biometric information 21c is determined by identification number 21a, even if the threshold value for matching determination of details is set low, the possibility of false authentication is low. Therefore, if a two-stage authentication method is used in which identification information is input and 1:1 authentication is performed when authentication is not possible in 1:n authentication, the above-described disadvantage can be eliminated and the authentication accuracy does not decrease.
In view of the above-described advantages, the present embodiment is a biometric authentication system that prompts a user to perform authentication by 1:1 authentication when authentication is not performed in 1:n authentication. Hereinafter, differences from embodiment 1 will be mainly described. In fig. 9, the same reference numerals as those in fig. 6 denote the same or corresponding parts.
The operation of the present embodiment will be described with reference to fig. 9. In fig. 9, the processing before step S25 is not shown, and the processing before this is the same as in fig. 6. In the present embodiment, by the same operation as in embodiment 1, after the 1 st authentication unit 14b performs 1:n authentication in step S25, the control unit 14a determines whether or not the authentication is successful in step S41. In the case where authentication is successful, the control unit 14a outputs a notification notifying that authentication is successful from the transmitting/receiving unit 16, as in embodiment 1.
On the other hand, if it is not authenticated in step S41, the flow proceeds to step S42. In step S42, the control unit 14a outputs a sound (for example, "please input the identification number") prompting the user to input the identification number 21a from the output device 17, and the flow advances to step S43. In step S43, the input device 11 waits for the input of the identification number 21a for a predetermined time (for example, 10 seconds), and when the identification number 21a is input by the user, the control unit 14a acquires the identification number 21a and proceeds to step S27. Thereafter, the registered biometric information 21c corresponding to the identification number 21a is downloaded (step S27, step S28, and step S29) by the same processing as in embodiment 1, and 1:1 authentication is performed (step S210). On the other hand, in step S43, if there is no input of the identification information for a predetermined time, the authentication process is terminated.
In embodiment 1, the description has been made of the case where the authentication is unsuccessful in the 1:n authentication, and the input biometric information is deleted from the storage unit 15, but in this embodiment 2, the input biometric information is stored in the storage unit 15 without being deleted, and the input biometric information is used in the 1:1 authentication in step S210. Then, when the authentication is unsuccessful in the 1:1 authentication, the control unit 14a deletes the identification number 21a stored in the storage unit 15 and the input biometric information.
Here, in the 1:n authentication in step S25 and the 1:1 authentication in step S210, different thresholds are used in the coincidence determination using the coincidence degree of the registered biometric information 21c and the feature point of the input biometric information. In the authentication system, the principal rejection rate and the other acceptance rate are set according to the requested security level. For example, the target value is set so that the personal rejection rate is 0.0001% and the other personal acceptance rate is 0.005%, and the threshold value is determined. The matching degree becomes a higher value as the feature of the comparison object matches, and in the personal authentication, the authentication is the personal if the matching degree is equal to or higher than the threshold value, and the authentication is determined to be other people otherwise. Therefore, the lower the threshold value is, the lower the personal rejection rate is, but the other party has a higher acceptance rate. Therefore, in order to make the above-described personal rejection rate and other person acceptance rate fall within the target values, the threshold value must be set to an appropriate value based on the required personal rejection rate and other person acceptance rate. In 1:1 authentication, since 1 registered biometric information 21c is used for collation, even when the same threshold value is used, the acceptance rate of other persons is lower than that in 1:n authentication using a large amount of registered biometric information 21 c. Then, the biometric authentication device 1 according to this embodiment performs the principal authentication using a threshold lower than the threshold of 1:n authentication in 1:1 authentication, that is, sets the principal rejection rate of 1:1 authentication to be lower than the principal rejection rate of 1:n authentication. Therefore, when the user refuses the authentication in the 1:n authentication despite the user's finger state or the problem of reading, the authentication can be successfully performed by further performing the 1:1 authentication, and a system with high convenience can be provided. At the same time, the acceptance rate of other persons can be reduced, and therefore, high safety can be achieved.
In view of the above, the user can normally perform 1:n authentication without inputting the identification number 21a, and therefore, the user does not need to perform such a job as inputting the identification number 21a each time. In addition, when 1:1 authentication is required, 1:1 authentication can be performed promptly in response to a request from the biometric authentication device 1. Therefore, the authentication system is convenient for users to use.
The embodiment has been described above, but the present invention is not limited to the embodiment. A modification to the structure is shown below.
In the embodiment, 1 server 2 is provided on each floor, and the server 2 is connected to a plurality of biometric authentication devices 1 provided for each of a plurality of doors 3 on the floor, but the server 2 may be 1 and connected to the biometric authentication device 1 of the entire building, or may be connected to the biometric authentication device 1 located at a remote place via the internet.
The input device 11 may be an IC card reader that reads an IC (INTEGRATED CIRCUIT: integrated circuit) card storing the identification number 21a, or a camera that reads other biometric information such as a face or iris as identification information, for example, as long as the identification information of the user can be acquired.
The biosensor 12 may be a camera that reads the iris, a venous sensor, or the like, as long as it can acquire input biological information of the user.
The input device 11 and the biometric sensor 12 are attached to the biometric authentication device 1, but the input device 11 and the biometric sensor 12 may be provided independently of the biometric authentication device 1 as long as they can exchange data with the processor 13.
The storage unit 15 may be a nonvolatile memory other than a flash memory, or may be a volatile memory as long as the registered biometric information 21c can be stored.
The constituent elements of the processor 13 may be any elements as long as they have the functions described in the embodiments, and for example, the storage unit 15 as a flash memory may be mounted outside the processor 13, or another processor may be provided outside as the control unit 14a, independently of the biometric authentication device 1.
The transmitting/receiving unit 16 of the biometric authentication device 1 and the transmitting/receiving unit 22 of the server 2 may have the functions of the embodiment, and for example, when the signal line 4 is the internet, the transmitting/receiving unit 16 and the transmitting/receiving unit 22 may be communication devices for the internet.
The server 2 may include the constituent elements of the embodiment, and may be replaced with a personal computer or the like.
The biometric information database 21 may store at least the registered biometric information 21c in association with the identification information of the registered biometric information 21c, and for example, the identification number 21a may include information of the registered type 21b, or may store information of 1 or more users, identification information of the biometric authentication device 1, or the like in association with each other.
The identification number 21a may be encrypted, for example, in correspondence with the information acquired by the input device 11 and the registered biometric information 21c, or a plurality of registered biometric information 21c may be stored in correspondence with one identification number 21 a.
The registered biometric information 21c may be information that can be checked against the input biometric information acquired by the biometric sensor 12, and may be, for example, feature point information of a face, features of a contour line, arrangement of a plurality of elements, features of frequency components of an image, or other information on the whole, instead of feature points.
The interface of the unlock signal transmitting unit 24 and the communication method of the unlock signal may be the same as the interface and communication method of the transmitting/receiving unit 22, or may be different from the interface and communication method of the transmitting/receiving unit 22.
The electronic lock 31 of the door 3 may be unlocked by a signal output from the biometric authentication system, or may be unlocked by a signal output from the biometric authentication device 1. The server 2 or the biometric authentication device 1 may supply electric power to the electronic lock 31 instead of the unlock signal to unlock the electronic lock.
In the embodiment, the signal line 4 is an electric signal line having the RS-422 as an interface, but other interfaces such as RS-485 may be used, or wireless communication such as the internet may be used instead.
In the embodiment, the output device 17 is an audio output device, but any device may be used as long as it notifies some information to the user, and for example, a lamp that can be visually confirmed by the user may be used instead.
A modification of the operation is shown below.
In step S12 of the embodiment, the control unit 14a determines whether or not the start is the initial start, but step S12 may be omitted, and the request for acquiring the registered biometric information 21c may be transmitted at each start.
Step S21 of the embodiment is automatically started after the start-up process is completed, but may be started by the user operating the input device 11. The request for acquiring the registered biometric information 21c with the registration type 21b of 1:n in step S13 may be made at any time before step S21.
The communication method of the acquisition request of the registered biometric information 21c in step S13 and step S27 in the embodiment is a packet-switched method, but may be another communication method. In the embodiment, the registration type 21b of the registration biometric information 21c to be requested may be included in the acquisition request of the registration biometric information 21c for 1:n authentication, and the identification number 21a acquired by the input device 11 may be included in the acquisition request of the registration biometric information 21c for 1:1 authentication. The acquisition request may include any information as long as it includes information capable of specifying the information, and may include identification information of the biometric authentication device 1.
In step S25 of the embodiment, the 1 st authentication unit 14b of the collation unit 14 is used to perform 1:n authentication for collating the input biometric information with the plurality of pieces of registered biometric information 21c stored in the storage unit 15, but the plurality of pieces of registered biometric information 21c to be collated here may be all pieces of registered biometric information 21c stored, or some pieces of registered biometric information 21c may be registered therein.
In step S26 of the embodiment, the control unit 14a determines whether or not the registered biometric information 21c corresponding to the input identification number 21a is stored in the storage unit 15, but the step S26 may be omitted, and the request for acquiring the registered biometric information 21c may be transmitted each time the input biometric information is acquired along with the identification number 21 a.
In step S210 of the embodiment, the 2 nd authentication unit 14c of the collation unit 14 performs 1:1 authentication using the registered biometric information 21c stored once in the storage unit 15, but the registered biometric information 21c received from the server 2 may not be stored in the storage unit 15, and the 2 nd authentication unit 14c collates the registered biometric information 21c received from the transmission/reception unit 16 with the input biometric information.
The authentication algorithm may be an algorithm capable of detecting coincidence between the input biometric information and the registered biometric information, and an algorithm other than the detail/matching method may be used. For example, a detail/association method, a pattern matching method, or the like can be used. In addition, when face authentication, voiceprint, or the like is used as input biometric information, an algorithm such as a pattern matching method corresponding thereto can be used.
In step S32 of the embodiment, the control unit 23 of the server 2 extracts all the registered biometric information 21c registered in the biometric information database 21, the registered biometric information 21c extracted here may be not all the registered biometric information of which registered category 21b is 1:n, but a part thereof.
In embodiment 2, in step S43, only the input of the identification number 21a is detected, and the waiting is performed until the input is present, but the waiting may be performed until both the input of the identification number 21a and the input of the biological information is present in the same manner as in step S22 of embodiment 1. In addition, step S24 and step S26 of embodiment 1 may be applied to embodiment 2, and the same operation as embodiment 1 may be performed except that the input of identification information is requested.
Description of the reference numerals
The electronic lock comprises a1 biological authentication device, a2 server, a 3-door, a 4-signal wire, a11 input device, a 12 biological sensor, a 13 processor, a 14 checking part, a 14a control part, a 14b 1 st authentication part, a 14c 2 nd authentication part, a 15 storage part, a 16 transmitting and receiving part, a 17 output device, a 21 biological information database, a 21a identification number, a 21b registration type, a 21c registration biological information, a 22 transmitting and receiving part, a 23 control part, a 24 unlocking signal transmitting part and a 31 electronic lock.
Claims (7)
1. A biometric authentication system, wherein,
The biometric authentication system includes:
A server for storing registered biometric information, which is registered biometric information in advance, in association with the identification information for each of a plurality of subjects, and
The biometric authentication device comprises a biometric authentication device,
The biometric authentication device is provided with:
A transmitting/receiving unit that transmits an acquisition request for requesting the registered biometric information, and receives a plurality of registered biometric information from the server;
a sensor that acquires biological information of a user as input biological information;
An input device that acquires identification information of the user;
A storage unit for storing the plurality of registered biological information received by the transmitting/receiving unit, and
A collation unit for collating the data of the image data,
The collation unit performs 1-to-multiple authentication in which the plurality of registered biometric information stored in the storage unit is collated with the input biometric information, and 1-to-1 authentication in which the registered biometric information corresponding to the identification information of the user is collated with the input biometric information,
The verification unit determines whether or not the user identification information is acquired through the input device, performs the 1-to-many authentication if not acquired, acquires the registered biometric information corresponding to the user identification information from the server if acquired, performs the 1-to-1 authentication using the acquired registered biometric information,
The collation unit causes the transmission/reception unit to receive the plurality of pieces of registered biometric information for the 1-to-many authentication before the sensor acquires the input biometric information,
The server stores the plurality of pieces of registered biometric information in association with types of authentication methods, and extracts and transmits to the biometric authentication device the registered biometric information whose type of authentication method is the 1-to-many authentication among the plurality of pieces of registered biometric information when the biometric authentication device is started.
2. The biometric authentication system according to claim 1, wherein,
When the user identification information is acquired by the input device, if the registered biometric information corresponding to the user identification information is already stored in the storage unit, the collation unit performs the 1-to-1 authentication for collating the registered biometric information already stored in the storage unit with the input biometric information.
3. The biometric authentication system according to claim 1, wherein,
The transmitting/receiving unit receives the registered biometric information for the 1-to-many authentication at the time of starting the biometric authentication device, acquires the identification information of the user through the input device, and then receives the registered biometric information for the 1-to-1 authentication.
4. The biometric authentication system according to claim 2, wherein,
The transmitting/receiving unit receives the registered biometric information for the 1-to-many authentication at the time of starting the biometric authentication device, acquires the identification information of the user through the input device, and then receives the registered biometric information for the 1-to-1 authentication.
5. The biometric authentication system according to any one of claims 1 to 4, wherein,
When the authentication is not performed in the 1-to-many authentication, the biometric authentication device performs authentication based on the 1-to-1 authentication having a principal rejection rate lower than that of the 1-to-many authentication.
6. A biometric authentication system, wherein,
The biometric authentication system includes:
A server for storing registered biometric information, which is registered biometric information in advance, in association with the identification information for each of a plurality of subjects, and
The biometric authentication device comprises a biometric authentication device,
The biometric authentication device is provided with:
A transmitting/receiving unit that transmits an acquisition request for requesting the registered biometric information, and receives a plurality of registered biometric information from the server;
a sensor that acquires biological information of a user as input biological information;
An input device that acquires identification information of the user;
A storage unit for storing the plurality of registered biological information received by the transmitting/receiving unit, and
A collation unit for collating the data of the image data,
The collation unit performs 1-to-multiple authentication in which the plurality of registered biometric information stored in the storage unit is collated with the input biometric information, and 1-to-1 authentication in which the registered biometric information corresponding to the identification information of the user is collated with the input biometric information,
The verification unit determines whether or not the user identification information is acquired through the input device, performs the 1-to-many authentication if not acquired, acquires the registered biometric information corresponding to the user identification information from the server if acquired, performs the 1-to-1 authentication using the acquired registered biometric information,
The collation unit causes the transmission/reception unit to receive the plurality of pieces of registered biometric information for the 1-to-many authentication before the sensor acquires the input biometric information,
The transmitting/receiving unit receives the registered biometric information for the 1-to-many authentication at the time of starting the biometric authentication device, acquires the identification information of the user through the input device, and then receives the registered biometric information for the 1-to-1 authentication.
7. A biometric authentication device is provided with a server for storing registered biometric information, which is registered biometric information in advance, in association with identification information for each of a plurality of subjects, and a biometric authentication device for communicating with the server,
The biometric authentication device is provided with:
A transmitting/receiving unit that transmits an acquisition request for requesting the registered biometric information, and receives a plurality of registered biometric information from the server;
a sensor that acquires biological information of a user as input biological information;
An input device that acquires identification information of the user;
A storage unit for storing the plurality of registered biological information received by the transmitting/receiving unit, and
A collation unit for collating the data of the image data,
The collation unit performs 1-to-multiple authentication in which the plurality of registered biometric information stored in the storage unit is collated with the input biometric information, and 1-to-1 authentication in which the registered biometric information corresponding to the identification information of the user is collated with the input biometric information,
The verification unit determines whether or not the user identification information is acquired through the input device, performs the 1-to-many authentication if not acquired, acquires the registered biometric information corresponding to the user identification information from the server if acquired, performs the 1-to-1 authentication using the acquired registered biometric information,
The collation unit causes the transmission/reception unit to receive the biometric information of the plurality of subjects for the 1-to-many authentication before the sensor acquires the input biometric information,
The transmitting/receiving unit receives the registered biometric information for the 1-to-many authentication at the time of starting the biometric authentication device, acquires the identification information of the user through the input device, and then receives the registered biometric information for the 1-to-1 authentication.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/JP2019/036655 WO2021053777A1 (en) | 2019-09-19 | 2019-09-19 | Biometric authentication system and biometric authentication device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114365126A CN114365126A (en) | 2022-04-15 |
| CN114365126B true CN114365126B (en) | 2025-01-03 |
Family
ID=74884425
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980100333.2A Active CN114365126B (en) | 2019-09-19 | 2019-09-19 | Biometric authentication system and biometric authentication device |
Country Status (3)
| Country | Link |
|---|---|
| JP (1) | JP7164052B2 (en) |
| CN (1) | CN114365126B (en) |
| WO (1) | WO2021053777A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR102817340B1 (en) * | 2023-04-28 | 2025-06-10 | 주식회사 유니온바이오메트릭스 | Visitor Management Kiosk Using Biometric Recognition, Access Control Method thereof, and Access Control System |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1810206A (en) * | 2005-01-24 | 2006-08-02 | 柯尼卡美能达商用科技株式会社 | Apparatus, system and method for person verification |
| JP2012048520A (en) * | 2010-08-27 | 2012-03-08 | Hitachi Information & Control Solutions Ltd | Biometric authentication terminal device |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3774885B2 (en) * | 2000-03-15 | 2006-05-17 | 株式会社日立インフォメーションテクノロジー | Gate management system |
| JP4509581B2 (en) * | 2004-01-16 | 2010-07-21 | 株式会社東芝 | Personal authentication device using biometric verification, personal authentication method, and traffic control device |
| KR101094051B1 (en) * | 2007-08-23 | 2011-12-19 | 후지쯔 가부시끼가이샤 | Biometric Authentication System and Computer-readable Recording Media |
| JP2010140499A (en) * | 2010-01-18 | 2010-06-24 | Konica Minolta Business Technologies Inc | Biometric authentication device, biometric authentication system and biometric data management method |
| JP5549456B2 (en) * | 2010-07-22 | 2014-07-16 | 富士通株式会社 | Biometric authentication device and biometric authentication method |
| US10361879B2 (en) * | 2016-11-12 | 2019-07-23 | Fujitsu Limited | Persona-based service delivery |
-
2019
- 2019-09-19 CN CN201980100333.2A patent/CN114365126B/en active Active
- 2019-09-19 WO PCT/JP2019/036655 patent/WO2021053777A1/en not_active Ceased
- 2019-09-19 JP JP2021546126A patent/JP7164052B2/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1810206A (en) * | 2005-01-24 | 2006-08-02 | 柯尼卡美能达商用科技株式会社 | Apparatus, system and method for person verification |
| JP2012048520A (en) * | 2010-08-27 | 2012-03-08 | Hitachi Information & Control Solutions Ltd | Biometric authentication terminal device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021053777A1 (en) | 2021-03-25 |
| CN114365126A (en) | 2022-04-15 |
| JPWO2021053777A1 (en) | 2021-03-25 |
| JP7164052B2 (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8952781B2 (en) | Method and apparatus for access control using dual biometric authentication | |
| CN106429660B (en) | A kind of intelligent elevator safety management system and method | |
| US20100182123A1 (en) | System for monitoring users' time and attendance and controlling users' access | |
| CN109249898B (en) | Authentication device and authentication method | |
| EP4207112A1 (en) | Authentication method and apparatus for gate entrance | |
| US10410040B2 (en) | Fingerprint lock control method and fingerprint lock system | |
| JP2009211488A (en) | Authentication device | |
| JP2019144695A (en) | Face authentication system, face authentication server and face authentication method | |
| US9111084B2 (en) | Authentication platform and related method of operation | |
| EP3062294B1 (en) | Method and devices for upgrading an existing access control system | |
| US11823512B1 (en) | Smart access control system using an electronic card | |
| CN114365126B (en) | Biometric authentication system and biometric authentication device | |
| JP2002055956A (en) | Personal authentication device and storage medium | |
| JP2004355088A (en) | Personal identification system, method, and program | |
| KR101407443B1 (en) | User authentication system and method using near field communication | |
| CN110217194B (en) | Shared automobile control method and device and electronic equipment | |
| JP6381478B2 (en) | Biometric authentication system | |
| WO2005054977A2 (en) | A method and system to electronically identify and verify an individual presenting himself for such identification and verification | |
| CN104103106B (en) | access control method | |
| JP2011118561A (en) | Personal identification device and personal identification method | |
| KR20170083778A (en) | Fingerprint recognition security system for visitors access management | |
| JP2001144865A (en) | Authentication system using mobile phone | |
| CN111369716B (en) | Unlocking method, door lock and computer readable storage medium | |
| JP2014016726A (en) | Authentication device, authentication method, door opening and closing management device, and computer program | |
| JP2007293396A (en) | Action body operation management system, gate entrance / exit management system, and portable terminal used therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |