JP2007018203A - Personal identification device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve the problem which occurs in personal identification using multiple kinds of biological information, for example, an increase in information processing quantity and a difficulty in determination of a variation in matching rates in each kind of biological information. <P>SOLUTION: A personal identification device, which identifies a person by using multiple kinds of biological information, receives the input of multiple kinds of biological information on a person to be identified, and compares biological information corresponding to first biological information included in the inputted multiple kinds of information and the biological information being included in multiple kinds of biological information on the person which are preliminarily stored in a storage means, to determine a first matching rate. When the first matching rate satisfies first conditions, the personal identification device compares second biological information included in the inputted multiple kinds of information and biological information corresponding to the second biological information included in the multiple kinds of biological information on the person which are preliminarily stored in the storage means, to determine a second matching rate, and then determines a final matching rate from the first and second matching rates. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a technique for executing personal authentication using a plurality of pieces of biometric information. In particular, it relates to authentication in a financial transaction system including ATM. The biometric information indicates physical characteristics and includes face images, fingerprint information, iris information, and vein information including fingers.

   In the personal authentication method, a four-digit password input method has been mainly used in the past. However, the risk of fraudulent withdrawal due to counterfeiting or theft of a cash card has increased in recent years. Major financial institutions have begun to introduce a single-person biometric authentication function into ATMs using a method such as vein authentication in addition to entering a 4-digit password. The biometric authentication method can reduce the risk of impersonation of the person due to theft of a cash card or a personal identification number as compared with the conventional authentication method by inputting a four-digit personal identification number. However, since biometric information is lifelong information, there is a risk that once biometric information has been duplicated, it is easy to impersonate and correction is not easily used. In order to cope with this risk, Patent Document 1 describes using a plurality of pieces of biological information.

JP2003-30154

  However, since the method described above uses a plurality of authentications, various problems occur in information processing. For example, when there is a variation in the matching rate among each of the plurality of authentications, it is unclear how to determine. In addition, a plurality of authentications are indispensable, and the amount of information processing is increased as compared with the authentication process using one piece of biometric information.

  Therefore, in the present invention, authentication with the second biometric information is executed in accordance with the authentication result (match rate) with the first biometric information. More specifically, the following aspects are included.

  A personal authentication device that authenticates an individual using a plurality of pieces of biometric information, and accepts input of a plurality of pieces of biometric information of an individual to be authenticated, and corresponds to first biometric information included in the plurality of pieces of inputted biometric information Biometric information, comparing biometric information included in the plurality of individual biometric information stored in advance in the storage means, calculating a first match rate, and the first match rate is a first condition If the second biometric information is satisfied, the second biometric information included in the input biometric information and the biometric information corresponding to the second biometric information are stored in the storage unit. The biometric information included in the biometric information is compared to calculate the second match rate, and the final match rate is calculated from the first match rate and the second match rate, and this is used for authentication. Here, when the final matching rate satisfies the second condition, the face image included in the biological information stored in the storage unit may be displayed on the display screen. In the authentication apparatus, the first condition is that the first matching rate is (1) a first threshold or more, (2) less than a second threshold, and (3) less than the first threshold and It is also included in the present invention that it is any one of two or more threshold values. Further, according to the present invention, the second condition is that the final match rate is (1) a third threshold or more, (2) less than a fourth threshold, and (3) less than the third threshold and fourth It is also included that it is any one of the threshold value or more.

  Further, the present invention also includes that the first condition is the same condition as the second condition. Finally, if the first condition is (3) less than the first threshold and greater than or equal to the second threshold, and the first match rate is greater than or equal to the first threshold, the individual is the person It also includes authenticating as being.

  More specific application destinations of the present invention include the following. Using an information processing system that includes an ATM and a teller terminal, an account holder himself / herself withdraws a deposit with a cash card or makes a balance inquiry, etc. It can be used at the same time to make personal authentication more strict and to prevent unauthorized authentication due to impersonation. Information that stores image information, and when you fail to authenticate yourself at an ATM installed in the store during business hours at the store or branch, you will be asked to come to the counter on the screen of the ATM , And prompts ATM users to the teller window. On the other hand, in the information system, the image information of the account opener is searched and the image information is displayed. Authentication method characterized in that the inner destination teller window the is displayed on the installed teller on the terminal, the teller itself to help confirm that the same person by the image.

  In addition, when the user authentication fails at the ATM, the ATM device notifies the information system of the cash card number, the authentication failure, and the time at that time. A method of authenticating a person is also included, in which an e-mail address is searched, a notification that authentication is impossible is sent to the e-mail address, and the account opener is cautioned.

  In order to avoid the risk, as shown in 90009, 90010, 90011, and 90012 in FIG. 9, two or more kinds of personal biometric information are stored in advance in the IC cash card shown in FIG. The biometric information of the principal is acquired with the consent of the principal when the account is opened. Security is ensured by an encryption processing program shown by 90006 in FIG. 9 so that the biometric information cannot be easily taken out from the IC cash card. In addition, in a database (30002 in FIG. 3) of an information system computer (10002 in FIG. 1, 30001 in FIG. 3) installed in a financial institution, 30003 and 30004 in FIG. 3 or 100004 and 100005 in FIG. As indicated by 100006, image information, e-mail address, and telephone number of the contact information of the account opener are registered in advance. The series of personal attribute information is acquired with the consent of the principal at the time of opening an account. When receiving personal authentication at an ATM, two types of biometric information are randomly selected on the ATM side, and the ATM user authenticates the two types of biometric information selected by the ATM. To receive. Until the biometric information to be authenticated is specified by ATM, the user himself / herself cannot know which of the two types of biometric information is. In ATM, authentication is not successful unless the coincidence rate of the two types of biometric information specified above exceeds a predetermined value.

  If the ATM authentication fails, the ATM notifies the information computer of the financial institution that the authentication has failed, and the information computer that received the notification searches the e-mail address of the person from the cash card number. Then, the e-mail address is notified of the ATM authentication failure and the time information at that time to alert the genuine account opener.

  Also, if the ATM authentication fails, and if that time is within the counter business hours, the ATM notifies the teller terminal operating closest to the cash card number and the authentication failure, On the ATM screen, display the information that you want to come to the window of the window number (window identification code) where the notified teller terminal is installed, and ask the user to come to the window. Prompt. On the other hand, the teller terminal that has received the notification of authentication failure by the ATM searches the information system computer for various attribute information including the image information of the account opener using the cash card number as a key. When the search result returns, the result is displayed on the screen of the teller terminal. Since the image information of the genuine account holder himself / herself is displayed on the screen of the teller terminal, when the ATM user who has failed authentication at the ATM comes to the window where the teller terminal is installed, An image can be used to confirm whether an ATM user is a genuine account opener.

  According to the present invention, information processing can be executed more efficiently in authentication using a plurality of biological information.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
FIG. 1 shows an example of a block diagram of a system for realizing this method. In FIG. 1, 10001 is an accounting computer used by a financial institution, 10002 is an information system computer used by a financial institution, 10003 is an internal network of the financial institution, 10004 is an external network, and 10005 is a branch of a financial institution or sales A store, 10006 represents an in-store network of a financial institution, 10007 represents an ATM, and 10008 represents a teller terminal.

  In FIG. 1, an accounting computer indicated by 10001, an information system computer indicated by 10002, an ATM indicated by 10007, and a teller terminal indicated by 10008 are an internal network indicated by 10003 and an in-store network indicated by 10006. A series of account-related operations such as normal balance inquiry, transfer, and deposit withdrawal are performed between the account-related computer indicated by 10001 and the ATM indicated by 10007. The accounting business is similarly performed between the accounting computer indicated by 10001 and the teller terminal indicated by 10008. On the other hand, an information system computer indicated by 10002 is connected to the external network 100004 while ensuring security, and can notify each account opener by e-mail when necessary.

  FIG. 2 shows a system configuration of the ATM indicated by 10007 in FIG. In FIG. 2, 20001 denotes an ATM main body, 20002 denotes a communication device for ATM to communicate between an information computer, a billing computer, and a teller terminal via a network, and 20003 denotes an ATM screen or An input / output device connection I / O device for connecting an input / output device such as a touch panel or a biometric authentication device, 20004 is an ATM display device, 20055 is an input device such as a touch panel or a keyboard. Reference numeral 20006 denotes a biometric authentication device connected to the ATM, but in order to distinguish it from other biometric authentication devices, here, the biometric authentication device 1 for vein authentication is used, and 20007 is the biometric authentication device 2 for fingerprint authentication. Is a biometric authentication device 3 for iris authentication, and 20009 is a biometric authentication device 4 for retinal authentication. Of course, in the biometric authentication device 1 to the biometric authentication device n, it is needless to say that the biometric subject to be authenticated is not in this order, and other biometric information may be authenticated. Reference numeral 20010 represents an ATM central processing unit, and 20011 represents an ATM storage device. In FIG. 2, reference numeral 20012 denotes a teller terminal information table for managing the position order information of the teller terminal stored in the storage device 20001, and is the same table as the teller terminal information table indicated by 110001 in FIG. 11. The table manages information for selecting a destination teller terminal to notify that the authentication is failed when the personal authentication is not successful in the ATM. In FIG. 3, reference numeral 30001 denotes an information system computer, which is the same as the information system computer 10002 in FIG.

  An information system computer indicated by 30001 in FIG. 3 manages an information system database indicated by 30002 (hereinafter referred to as an information system DB). In the information system DB indicated by 30002, a customer attribute table indicated by 30003 and image information of each account opener indicated by 30004 for managing attributes of customers, that is, individual account openers, are managed. is doing. 3 represents a customer attribute table indicated by 30003 in FIG. In FIG. 10, 100001 indicates the details of the customer attribute table indicated by 30003 in FIG. This is the same as the customer attribute table 100001 in FIG. In the customer attribute table of FIG. 10, 100001, 100002 is a cash card number information storage field for storing the cash card number information of each account opener, and 100003 is a customer name for storing name information of each account opener. Information storage field 100004 is a customer phone number information storage field for storing the contact telephone number of each account opener, and 100005 is a customer for storing e-mail address information as a contact to each account opener. An e-mail information storage field 100006 represents a storage destination pointer information storage field of customer principal image information for holding storage destination information of each account opener. Reference numerals 100007 and 100008 denote image information of each account opener linked by the pointer information in the storage location pointer information storage field of the customer principal image information, that is, customer principal image information.

  110001 in FIG. 11 represents a teller terminal information table stored in the storage device in the ATM indicated by 20011 in FIG. In the teller terminal information table shown in 110001 of FIG. 11, 110002 is a teller terminal position order information storage field indicating the order in which the distance from the ATM is close, and 110003 is a field storing the teller terminal identification code of each teller terminal. , 110004 indicates a field for storing window number information (window identification code information) in which each teller terminal is installed, and the table indicates that the authentication failed when the personal authentication is not successful in the ATM as described above. Manages information for selecting a destination teller terminal to be notified of.

  Next, the flow of implementation of the present invention will be described with reference to the flowcharts shown in FIGS. 4, 5, 6, and 7. In the flowchart of FIG. 4, an account opener at a financial institution, that is, a user himself / herself, stands in front of the ATM, selects “withdrawal” from the menu displayed on the ATM screen, When a key is pressed on the keyboard, the ATM detects that “withdrawal” has been selected from the menu (FIG. 4, step 40001), and the ATM changes the cash card to the ATM on the screen. The user is prompted to insert (step 40002). When the cash card is inserted into the ATM by the user, the ATM detects that the cash card has been inserted (step 40003), and the ATM performs biometric authentication from the biometric authentication device 1 to the biometric authentication device n. Among the devices, two types of biometric authentication devices to be used this time for personal authentication are selected at random (step 40004). Hereinafter, the two selected biometric authentication devices will be described as biometric authentication device A and biometric authentication device B, respectively. Next, the ATM displays on the screen a prompt to hold the user's own biometric device over the biometric authentication device A and the biometric authentication device B (step 40006).

  At this time, since the ATM counts the number of trials of the authentication process, 0 is set as an initial value of the number of trials in the storage device and stored (step 40005). When the ATM detects that the biometric information is held over each biometric authentication device by the user according to the instruction from the ATM screen (step 40007), the number of trials is counted up (step 40008), and biometric authentication processing is performed. (Step 40009). Next, the detailed content of the biometric authentication process will be described using the flowchart shown in FIG. In ATM, each biometric information corresponding to biometric authentication device A and biometric authentication device B registered in advance is read from the inserted cash card (step 70001). Here, the biometric information corresponding to the biometric authentication device A and the biometric authentication device B acquired from the cash card will be described as a and b, respectively. Of the two pieces of biometric information a and b, the biometric information a is compared with the biometric information detected by the biometric authentication device A (step 70002). As a result of the comparison, ATM calculates the coincidence rate as α. When the coincidence rate α is 95% or more, it is considered that the biometric authentication by the biometric authentication device A is successful, and the biometric information b acquired from the cash card and the biometric information acquired from the biometric authentication device B are Comparison is performed (steps 70003 and 70004). As a result of the comparison, ATM sets this as β, and substitutes the value of β into X as the final matching rate X which is the final result of the matching rate (step 70006).

  On the other hand, in step 70003, when the coincidence rate α is less than 95%, it is considered that the biometric authentication in the biometric authentication device A has failed, and the biometric information acquired from the biometric authentication device B and the biometric information b acquired from the cash card. The biometric authentication process is completed by substituting the coincidence rate α into X as the final coincidence rate X (step 70005). In the present embodiment, the borderline matching rate that biometric authentication is considered to be successful is described as 95%. However, other values may be set according to the standards of each financial institution. Returning to the flowchart shown in FIG. 4, it is determined whether or not the final matching rate X is 95% or more which is the borderline in this embodiment (step 40010). If the coincidence rate is 95% or more, it is considered that the authentication has succeeded, and the deposit withdrawal process is performed between the ATM and the accounting computer, and the series of processes is completed (steps 40015 and 40016). .

  Returning to step 40010, if the match rate X is less than 95%, it is determined whether the match rate is 70% or more, which is an ambiguity determination region in this embodiment (step 40011). In this example, the borderline match rate that it is ambiguous whether biometric authentication was successful or not is described as 70%, but values other than the above can be freely set in light of the standards of each financial institution. However, it may not be set in some cases. If the coincidence rate is 70% or more as a result of the determination processing in step 40001, it is determined whether the current time is within the counter business hours (step 40012). If it is not within the counter business hours, biometric authentication is performed. It is determined whether the number of trials has reached 3 (step 40013).

  If the number of trials is less than 3, the ATM displays on the screen that authentication is to be performed again, and the process proceeds to step 40006 (step 40014). In step 40012, if the ATM is within the sales window, the ATM refers to the teller terminal information table indicated by 110001 in FIG. 11 and is the closest to the ATM and has been confirmed to be operating on the network. Is selected (FIG. 5, Step 50001). Here, the teller terminal selected by the ATM is hereinafter referred to as a teller terminal n. The ATM identification code and the cash card number information of the user are notified to the teller terminal n selected by the ATM (step 50002). The teller terminal n that has received the notification from the ATM (step 50003) instructs the information computer to retrieve the attribute information of the account opener corresponding to the cash card number, using the received cash card number as a key. (Step 50004).

  When the information computer receives the cash card number and the information search instruction from the teller terminal n (50005), it searches the name, image information and contact information of the account opener using the received cash card number as a search key ( Step 50006). In addition, you may search in addition to the attribute information of the said account opener other than the above. Next, in the flowchart shown in FIG. 6, as a result of the search processing in the information system computer, the name, contact information, and image information of the account holder who has been hit are transmitted to the teller terminal n (step 60001).

When the teller terminal n receives the name, contact information and image information of the account opener from the information computer (step 60002),
On the screen of the teller terminal, the ATM identification code, the name of the account holder himself / herself, contact information and image information are displayed (step 60003). The teller who operates the teller terminal n waits for the ATM user to come to his / her window, and the processing on the teller terminal n side ends. On the other hand, in the ATM, the cash card is returned (FIG. 6, step 60004), the identification code of the counter where the teller terminal n is installed is obtained by referring to the teller terminal information table indicated by 110001 in FIG. On the screen, a message indicating that the user wants to come to the counter is displayed, and at the same time, an identification code (or counter number) of the counter is displayed, and the teller terminal n is displayed to the ATM user. To end the series of processing (step 60006).

  The description of the processing returns to the determination processing in step 40011 of the flowchart shown in FIG. In the ATM, after the personal authentication process, when the final matching rate X is less than 70%, that is, in this embodiment, when authentication fails (step 40011), or in step 40013, even if the final matching rate is 70%. If the number of trials reaches 3 times outside the sales window, the process moves to the flowchart of FIG. 6, and the ATM notifies the information computer of the cash card number and the authentication failure (FIG. 6, In step 60008, a message indicating that the user cannot be authenticated is displayed on the ATM screen (step 60009), and a message indicating that the cash card is temporarily stored is displayed on the ATM screen (step 60010). At the same time, the business hours of the branch or branch and the contact information related to the case are displayed (step 60011), and a series of processing on the ATM side is completed. On the other hand, in step 60008, the information computer that has received the cash number notification from the ATM (step 60012) searches the name and e-mail address of the account opener using the received cash card number as a key (step 60013). Then, the success of the account is notified to the e-mail address of the account opener, and a series of processing is terminated (step 60014).

The system block diagram which showed an example of the connection structure of the information processing system for implement | achieving this invention. The figure which showed an example of the apparatus structure of ATM for implement | achieving this invention. The figure which showed an example of the database which the information system computer for implement | achieving this invention managed. The flowchart which showed an example of implementation by this invention. FIG. 5 is a continuation of a flowchart illustrating an example implementation according to the present invention. FIG. FIG. 5 is a continuation of a flowchart illustrating an example implementation according to the present invention. FIG. FIG. 5 is a continuation of a flowchart illustrating an example implementation according to the present invention. FIG. The figure which showed an example of the external appearance of an IC cash card for implement | achieving this invention. The figure which showed an example of the internal structure of an IC cash card for implement | achieving this invention. The figure which showed an example of the table which stores the attribute information of an account opener for implement | achieving this invention. The figure which showed an example of the table which manages the position order information of the teller terminal located in the place near the said ATM for implement | achieving this invention.

Explanation of symbols

10001 ・ ・ ・ Account computer, 10002 ・ ・ ・ Information computer, 10003 ・ ・ ・ Internal network, 10004 ・ ・ ・ External network, 10005 ・ ・ ・ Branch or sales office, 10006 ・ ・ ・ In-store network, 10007 ・ ・ ・ATM, 10008 ... Teller terminal,

Claims (5)

In a personal authentication device that authenticates an individual using a plurality of biometric information,
Means for receiving input of a plurality of pieces of biometric information of individuals to be authenticated;
The biometric information corresponding to the first biometric information included in the plurality of input biometric information, the biometric information included in the plurality of individual biometric information stored in the storage unit in advance is compared, A means for calculating a match rate for
When the first matching rate satisfies the first condition, the second biological information included in the input plurality of biological information and the biological information corresponding to the second biological information, Means for comparing the biometric information contained in the plurality of biometric information of the individual stored in the storage means to calculate a second match rate;
Means for calculating a final match rate from the first match rate and the second match rate;
And a means for displaying a face image included in the biometric information stored in the storage means on a display screen when the final matching rate satisfies a second condition. The personal authentication device according to claim 1,
The first condition is that the first matching rate is any one of (1) a first threshold or more, (2) less than a second threshold, and (3) less than the first threshold and more than a second threshold. A personal authentication device, characterized in that In the personal authentication device according to claim 1 or 2,
The second condition is that the final match rate is any one of (1) a third threshold or more, (2) less than a fourth threshold, and (3) less than the third threshold and more than a fourth threshold. A personal authentication device. The personal authentication device according to any one of claims 1 to 3,
The personal authentication device, wherein the first condition is the same condition as the second condition. The personal authentication device according to claim 2,
If the first condition is (3) less than the first threshold and greater than or equal to the second threshold and the first match rate is greater than or equal to the first threshold, the person is authenticated as the person A personal authentication device.

Images