JP2012008816A - Authentication card, card authentication terminal, card authentication server and card authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable an operator who operates a terminal to easily determine with high accuracy whether or not a user of an authentication card is a proper holder.SOLUTION: A card authentication terminal 3 comprises: image recording means 12 for recording a base image collection consists of a plurality of base images; coefficient information acquiring means 11 and 13 for acquiring coefficient information corresponding to each base image from an authentication card 4 recording the coefficient information or a card authentication server 2 connected to a network 5; and image processing means 14 for performing composite processing on an authentication image used for determining whether or not the user of the card is the proper holder based on the base image collection and the coefficient information.

Description

  The present invention relates to an authentication card, a card authentication terminal, a card authentication server, and a card authentication system, and more particularly, easily determines whether or not a user who uses an authentication card is a holder (a legitimate card owner). The present invention relates to an authentication card, a card authentication terminal, a card authentication server, and a card authentication system.

  Nowadays, a service provider provides a predetermined card to a specific user (for example, a member), and a card user is a legitimate card owner (the genuine user who received the card). There are many systems that provide specific services when a decision (authorization) can be made. As cards used for such services, for example, a security card, a basic resident register card, and the like are known. It can also be applied to ID cards such as driver's licenses.

  A credit card is widely known as one of the cards provided in this way. Nowadays, users often use credit cards instead of cash when shopping. By shopping with a credit card in this way, various products (or services) can be freely purchased without carrying cash. Today, many credit cards are issued and widely used.

  Magnetic cards and IC cards are known as common card types of credit cards. A magnetic card and an IC card are greatly different in two points, that is, a data recording capacity and an arithmetic processing function. The recording capacity of the IC card is larger than that of the magnetic card, and the IC card is provided with an arithmetic processing function.

  When shopping using a magnetic card, the card information of the magnetic card (information used for card authentication) is read by the terminal, and the read card information is transferred from the terminal to the server via the network. Communicated. This server has a credit card authentication function, and can determine (authentication processing) the validity of the magnetic card based on the magnetic card information transmitted via the network. The server determines the legitimacy of the magnetic card based on the transmitted magnetic card information, and if it is determined to be legitimate, returns information permitting the use of the credit card from the server to the terminal. .

  The determination of validity in the server is to determine whether or not the magnetic card itself is a legitimate card, and whether or not the user who uses the magnetic card is the legitimate owner of the card. It is not a judgment. Note that a legitimate owner of a card, that is, a person who is officially registered with the card company as a card owner is called a holder.

  When the validity of the magnetic card is recognized and the use of the card is permitted, an operator who operates the terminal (for example, a store clerk who uses the credit card) asks the user for a signature. Evaluate the user's legitimacy (whether or not the user is a holder) and use the credit card only when the operator confirms the legitimacy of the user (the user is the holder) Shopping can be performed.

  In this way, when determining the validity of a magnetic card, since card information is transmitted and received via a network, a third party can steal card information when the card information is transmitted to a server. There is sex. In the case of a magnetic card, it is possible to easily duplicate the card based on the stolen card information, so that the copied card can be obtained by a third party obtaining the holder's signature by some means. It becomes possible to shop illegally using the. Such card duplication is an illegal act called so-called skimming.

  In order to prevent such card damage due to skimming, IC card type credit cards are often used today. The IC card has an arithmetic processing function and a relatively large recording capacity (memory) as described above, and can perform processing as a small computer (see, for example, Patent Document 1). For this reason, information indicating the validity of the credit card and authentication information such as a password indicating the validity of the holder are recorded inside the IC card, and without checking the validity of the card at the server. The validity of the card can be determined by mutual authentication (authentication processing) between the IC card and the terminal.

  In addition, since the IC card is provided with an arithmetic processing function, the validity of the terminal is also determined by the IC card by performing mutual authentication between the IC card and the terminal. In such mutual authentication between the IC card and the terminal, the information on the IC card is not read out, but a determination is made on the IC card side based on necessary information, so personal information recorded on the IC card, etc. It is possible to effectively prevent leakage.

  When the validity of the IC card and the terminal is recognized, the operator authenticates the user by asking the user for a password or the like. When authenticating the user, the password input by the user is sent to the IC card, and an authentication judgment is made as to whether or not the user is a holder inside the IC card, and only the authentication result is obtained. It will be output to the terminal. In this way, when using an IC card, it is difficult for a third party to steal, etc., thus effectively preventing leakage of information recorded on the IC card and counterfeiting / duplication of the IC card. Is possible.

  However, even if an IC card is used, it cannot be guaranteed that it is absolutely safe. For example, when a personal identification number is used for user authentication, a third party can impersonate the holder by seeing the personal identification number. When the holder inputs a personal identification number when using a credit card, it is relatively rare to enter the personal identification number after confirming that there is no complete eavesdropper around. If anything, the holder often inputs the password without paying attention to the surroundings, so it can be said that the possibility that the password is stolen is relatively high. When a third party steals the password entered in this way, the password can be obtained. By using this password, it becomes possible to impersonate the holder when the card is used. Therefore, even if it is difficult to steal card information from the card itself, such as an IC card type credit card, a third party can easily make a purchase with another person's credit card by stealing the password. be able to.

  In this way, even if the card information defense is enhanced using an IC card, if the validity of whether or not the user is a holder cannot be strictly determined, the user authentication is performed like a credit card. It is not possible to sufficiently secure the safety of a card that requires a card. For this reason, today, by printing a face photo of a holder on a credit card or the like, an operator handling the terminal compares the face of the user with the face photo of the holder printed on the credit card. Many methods are used to determine whether or not a user is a holder.

  However, when a third person replaces the face photograph printed on the card surface with his / her own face photograph, it is determined that the third party is the holder. Furthermore, even if the photo is not replaced, if the third person resembles a holder, the photo may be determined as a holder based on the face photo. In particular, since the size of the credit card is regulated to a predetermined size, the face photograph printed on the credit card also becomes a relatively small image, and there is a possibility that details may become unclear. For this reason, when a third party is relatively similar to the holder, there is a possibility that even if the operator confirms the face photograph, the operator may recognize it as a holder. In such a case, sufficient safety is obtained. It was difficult to secure.

  In addition, today, as a method of determining the validity of a holder, biometric information unique to the holder such as fingerprint information and vein information is recorded in the IC card, and the biometric information of the person who uses the card is recorded on the IC card. A method for comparing the biometric information of the holder is also adopted. However, when it is determined whether or not the user is a holder using biometric information, it is necessary to install an apparatus for performing biometric authentication in a store or the like, which causes problems such as installation costs. End up.

  In addition, a method for ensuring the safety by increasing the accuracy of determining the validity by using a plurality of authentication methods such as a signature, a personal identification number, and biometric information in combination with the holder can be considered. If this combination is allowed, the burden of authentication when shopping with a credit card increases, and the convenience of the credit card may be impaired.

  For this reason, a method for determining whether or not a card user is a holder by using a photo of the holder without impairing the convenience for the card user has been proposed (see, for example, Patent Document 2).

  In the method disclosed in Patent Document 2, the authentication image is brought closer to the target image by using an image morphing technique based on the authentication image that proves the holder and the target image that is an image different from the authentication image. A deformed authentication image is generated. Then, the generated deformation authentication image is printed on the surface of the card, or the deformation authentication image information is recorded on the card.

  When authenticating the holder, first, the terminal device scans the deformation authentication image printed on the surface of the card or reads out the deformation authentication image information recorded on the card. Then, based on the deformation authentication image information, the deformation rate, the target image, and the deformation feature information that partially defines the characteristic configuration of the deformation authentication image, an authentication image that proves the holder itself using a reverse morphing technique And an authentication image is displayed on a display provided in the card authentication terminal. By comparing the authentication image generated in this way with the face of the card user, the operator can determine whether or not the card user is a holder.

JP2008-181225 Japanese Patent Application No. 2009-144420

  However, as shown in Patent Document 2, in order to record a deformation authentication image on a card, it is necessary to provide the card with a relatively large recording capacity (memory capacity). For this reason, there is a problem that it is difficult to secure a sufficient recording capacity in a credit card or the like that is generally distributed.

  On the other hand, when using a method for displaying a deformed authentication image on the surface of a credit card, the image size displayed on the credit card is small, so scanning with sufficient resolution is possible even if the deformed authentication image is read by a scanner. Sometimes it was difficult to do. Furthermore, there is a problem that it is difficult to read the deformation authentication image with high accuracy when the printed deformation authentication image is stained or the image is faint.

  The present invention has been made in view of the problems described above, and an authentication card that allows an operator operating the terminal to easily and accurately determine whether or not the card user is a holder, It is an object to provide a card authentication terminal, a card authentication server, and a card authentication system.

  In order to solve the above-described problem, the first authentication card according to the present invention is based on a base image collection composed of a plurality of base images and coefficient information corresponding to each of the base images. Is an authentication card used in a card authentication terminal that performs authentication image composition processing in order to determine whether or not it is a holder, and the coefficient information is recorded on the authentication card.

  As described above, by using the first authentication card according to the present invention, it is possible to perform authentication image composition processing based on the base image and the coefficient information. Can be synthesized easily and with high accuracy.

  Further, the authentication image cannot be combined only with the base image used for the authentication image combination, and the authentication image cannot be combined without the coefficient information corresponding to the base image. For this reason, it becomes difficult for a third party to easily synthesize the authentication image of the holder, and security can be improved.

  Furthermore, since the coefficient information has an extremely small amount of data compared to the authentication image and the base image, the coefficient information itself can be recorded on the authentication card. For this reason, the coefficient information necessary for the authentication image composition processing is recorded and stored in the authentication card, and the base image is stored in the card authentication terminal, thereby distributing the information required for the authentication image composition processing. Since it can be managed, security can be enhanced.

  Here, the holder means a legitimate owner of the card. Generally, the use of a card is often permitted only to the holder, but if a third party who is not the holder uses the card, there is a risk that the holder may be caused an unexpected disadvantage. For this reason, it is very important to determine whether the card user is a holder.

  Further, the second authentication card according to the present invention includes a base image set obtained by combining a plurality of base image collections composed of a plurality of base images having a common feature so that their features are different from each other, and the validity of the holder. Index information for identifying a base image used for authentication image synthesis processing used for determination from the set of base images, and coefficient information corresponding to each of the plurality of base images identified by the index information; The authentication card is used in a card authentication terminal that performs the authentication image composition processing by using at least one of the index information and the coefficient information recorded on the authentication card. .

  In the second authentication card according to the present invention, by using the index information, it is possible to specify the base image used for the authentication image combining process from the base image set. Therefore, even if a base image set including a base image used for authentication image composition processing and other images is stolen by a third party, if there is no index information, the base image used for authentication image composition processing Therefore, it is possible to prevent the authentication image composition process from being easily performed by a third party.

  Furthermore, in the second authentication card according to the present invention, the authentication image is synthesized based on the base image specified by the index information and the coefficient information, so that the face photograph of the holder (or a face photograph approximate to the holder). ) Can be synthesized easily and with high accuracy.

  Also, in the second authentication card according to the present invention, the authentication image combining process cannot be performed only with the base image used for the authentication image combining process, and the coefficient corresponding to the base image specified by the index information Information is needed. For this reason, it becomes difficult for a third party to easily synthesize the authentication image of the holder, and security can be improved.

  Furthermore, since the index information and the coefficient information have an extremely small data amount as compared with the authentication image and the base image, it is possible to record at least one of the index information and the coefficient information on the authentication card. For this reason, by recording and storing index information or coefficient information necessary for the authentication image composition processing on the authentication card, information necessary for the authentication image composition processing can be distributed and managed. Can be increased.

  The first card authentication terminal according to the present invention is connected to the image recording means for recording a base image collection composed of a plurality of base images and coefficient information corresponding to each base image via an authentication card or a network. Authentication information combining means for acquiring from a card authentication server, and based on the basis image collection and the coefficient information, an authentication image combining process used to determine whether or not the card user is a holder. Image processing means for performing the processing.

  As described above, in the first card authentication terminal according to the present invention, since the authentication image is combined based on the base image and the coefficient information, the face photograph of the holder (or the face photograph approximate to the holder) is used. It becomes possible to synthesize easily and with high accuracy.

  Further, the authentication image cannot be combined only with the base image used for the authentication image combination, and the authentication image cannot be combined without the coefficient information corresponding to the base image. For this reason, it becomes difficult for a third party to easily synthesize the authentication image of the holder, and security can be improved.

  Furthermore, since the coefficient information has an extremely small amount of data compared to the authentication image and the base image, the coefficient information itself can be recorded on the authentication card. Similarly, since the coefficient information has an extremely small amount of data, even when the coefficient information is acquired from a card authentication server connected via a network, the time and burden required for data transmission / reception are increased. Less likely.

  For this reason, the coefficient information necessary for the authentication image composition processing is recorded and stored in the authentication card or the card authentication server, and the base image is stored in the card authentication terminal, so that the information required for the authentication image composition processing is stored. Can be distributed and managed, and security can be improved.

  Furthermore, the second card authentication terminal according to the present invention records an image record that records a set of base images in which a plurality of base images configured by a plurality of base images having common features are combined with each other having different features. Card authentication in which index information for identifying a base image used for synthesizing the authentication image used for determining the authenticity of the means and the holder from the set of base images is connected via an authentication card or a network Index information acquisition means acquired from a server, and coefficient information corresponding to each of a plurality of base images specified by the index information, acquired from the authentication card or the card authentication server connected via the network An information acquisition unit and the index acquired by the index information acquisition unit; Base image specifying means for specifying a plurality of base images used for the authentication image combining process, a plurality of base images specified by the base image specifying means, and the plurality of base images And image processing means for combining the authentication images based on coefficient information corresponding to each.

  In the second card authentication terminal according to the present invention, by using the index information, it is possible to specify the base image used for the authentication image combining process from the base image set. Therefore, even if a base image set including a base image used for authentication image composition processing and other images is stolen by a third party, if there is no index information, the base image used for authentication image composition processing Therefore, it is possible to prevent the authentication image composition process from being easily performed by a third party.

  Furthermore, in the second card authentication terminal according to the present invention, the authentication image is synthesized based on the base image specified by the index information and the coefficient information, so that the face photograph of the holder (or the face approximated to the holder). It is possible to compose a photograph) easily and with high accuracy.

  Further, in the second authentication terminal according to the present invention, the authentication image combining process cannot be performed only with the base image used for the authentication image combining, and the coefficient information corresponding to the base image specified by the index information Is required. For this reason, it becomes difficult for a third party to easily synthesize the authentication image of the holder, and security can be improved.

  Furthermore, since the coefficient information and the index information have an extremely small amount of data compared to the authentication image and the base image, the information itself can be recorded on the authentication card. Similarly, the coefficient information and the index information are extremely small in amount of data, so that even when the coefficient information and the index information are obtained from a card authentication server connected via a network, they are required for data transmission / reception. Less likely to increase time and burden.

  For this reason, index information used for specifying the base image and coefficient information used for authentication image composition processing are recorded and stored in the authentication card or card authentication server, and the base image is stored in the card authentication terminal. Information required for authentication image composition processing can be distributed and managed, and security can be improved.

  On the other hand, in the first and second card authentication terminals described above, the plurality of base images recorded in the image recording means are subjected to different replacement conversion processing for each card authentication terminal, and the arrangement order of the base images is changed. The index information may be recorded in a changed state, and the index information may be subjected to replacement conversion corresponding to replacement conversion processing of the base image recorded in the image recording unit.

  As described above, in the first and second card authentication terminals according to the present invention, the base image used for the authentication image composition processing is subjected to the replacement conversion process, and the base image is recorded in the state in which the arrangement order is changed. Recorded in the means. For this reason, even if a third party obtains a plurality of base images used for authentication image composition processing, the order of the base images has been changed, so any base image can be used for authentication as it is. It cannot be determined whether the image composition processing is performed.

  Furthermore, since the replacement conversion process is performed so that the order of arrangement of the base images is different for each card authentication terminal, any replacement conversion can be performed even if a third party acquires the base image subjected to the replacement conversion process. It becomes difficult to determine whether it is necessary to perform processing, and security can be improved.

  Further, when the arrangement order of the base images is changed, the base image used for the authentication image combining process cannot be specified with the index information as it is. For this reason, the index information used in the card authentication terminal according to the present invention is subjected to a replacement conversion process corresponding to the base image, whereby the base used for the authentication image synthesis process from the base image subjected to the replacement conversion process. It is possible to specify an image.

  Further, the first card authentication server according to the present invention determines whether or not the card user is a holder based on a base image collection composed of a plurality of base images and coefficient information corresponding to each of the base images. A card authentication server connected via a network to a card authentication terminal that performs authentication image composition processing used to determine whether a base image that records a plurality of base images constituting the base image collection An image recording means, a base image updating means for periodically updating a part of the plurality of base images recorded in the base image recording means, and a base image updated by the base image updating means And a base image distribution means for distributing a new base image collection to the card authentication terminal via the network.

  In the first card authentication server according to the present invention, authentication image composition processing is performed based on the base image and the coefficient information, so that a face photograph of the holder (or a face photograph close to the holder) can be easily and highly expensive. It becomes possible to synthesize with accuracy.

  Furthermore, the authentication image cannot be combined only with the base image used for the authentication image combination, and the authentication image cannot be combined without the coefficient information corresponding to the base image. For this reason, it becomes difficult for a third party to easily synthesize the authentication image of the holder, and security can be improved.

  On the other hand, since the data amount of the base image collection used for the authentication image composition process is larger than the coefficient information, it is desirable that the data amount be recorded in advance on the card authentication terminal. However, if the same base image collection is always recorded in the card authentication terminal and the authentication image composition processing is always performed based on the same base image collection, the base image necessary for the composition processing is fixed. There is a risk of lowering security. For this reason, in the first card authentication server according to the present invention, the base image is prevented from being fixed by periodically updating a part of the base images of the base image collection that can be used for the authentication image combining process. And high security can be maintained.

  Furthermore, it is better to adopt a method of regularly delivering a new base image collection to the card authentication terminal than a method of acquiring the base image collection via the network every time authentication image composition processing is performed at the card authentication terminal. In addition, it is easy to speed up the synthesizing process in the card authentication terminal, and it is possible to reduce the network load that may be caused by data distribution.

  In addition, the second card authentication server according to the present invention includes a base image set obtained by combining a plurality of base image collections configured by a plurality of base images having common characteristics so that their features are different from each other, and the validity of the holder. Index information for specifying a base image used for the authentication image synthesis process used for sex determination from the base image set, and coefficient information corresponding to each of the plurality of base images specified by the index information A card authentication server connected via a network to a card authentication terminal that performs the authentication image combining process, and a base image recording unit that records a plurality of base images constituting the base image set; A base image updating means for periodically updating a part of the plurality of base images recorded in the base image recording means; A new base image set including a base image updated by the image updating means, characterized in that it comprises a base image distributing means for distributing to the card authentication terminal via the network.

  In the second card authentication server according to the present invention, by using the index information, it is possible to specify the base image used for the authentication image composition processing from the base image set. Therefore, even if a base image set including a base image used for authentication image composition processing and other images is stolen by a third party, if there is no index information, the base image used for authentication image composition processing Therefore, it is possible to prevent the authentication image composition process from being easily performed by a third party.

  Further, in the second card authentication server according to the present invention, the authentication image is synthesized based on the base image specified by the index information and the coefficient information, so that the face photograph of the holder (or the face approximated to the holder). It is possible to compose a photograph) easily and with high accuracy.

  Further, in the second card authentication server according to the present invention, the authentication image combining process cannot be performed only with the base image used for the authentication image combining, and the coefficient corresponding to the base image specified by the index information Information is needed. For this reason, it becomes difficult for a third party to easily synthesize the authentication image of the holder, and security can be improved.

  Furthermore, in the second card authentication server according to the present invention, it is possible to prevent the fixing of the base image by periodically updating a part of the base images of the base image collection that can be used for the authentication image combining process. It is possible to maintain a high level of security.

  Also, it is better to adopt a method of periodically delivering a new set of base images to the card authentication terminal than a method of acquiring a base image collection via the network every time authentication image composition processing is performed at the card authentication terminal. In addition, it is easy to speed up the synthesizing process in the card authentication terminal, and it is possible to reduce the network load that may be caused by data distribution.

  Next, in the first and second card authentication servers described above, the base image update unit classifies a plurality of images prepared for generating a base image into a plurality of groups according to image characteristics. And a plurality of base images capable of displaying a low-dimensional distribution state capable of well expressing the distribution state from a high-dimensional distribution state based on features of a plurality of images belonging to the group classified by the classification unit. A base image generating means for generating; an authentication image combining means for combining authentication images corresponding to each of the multiple images using a plurality of base images belonging to the respective groups generated by the base image generating means; A synthesis error between the authentication image of each group synthesized by the authentication image synthesis unit and the image is obtained, and a base image of the group into which the image is classified by the classification unit is obtained. And determining whether or not the combined error of the authentication image combined is the smallest than the combined error of all the authentication images combined using the base images of the group in which the image is not classified by the classification unit. An error determination unit, and the combination error determination unit determines that the combination error of the authentication image combined using the base image of the group in which the image is not classified by the classification unit is the smallest. The classification means reclassifies the image corresponding to the group with the smallest synthesis error, and the base image generation means regenerates the base image using the plurality of images reclassified by the classification means. Processing, and the authentication image synthesis means uses each of the plurality of base images generated again by the base image generation means to correspond to each of the multiple images. The authentication error is determined by the combining means, and the combining error determination means obtains a combining error between the authentication images of the groups recombined by the authentication image combining means and the images, and the classification means reclassifies the images. The authentication error of the authentication image combined using the base image of the group that has been grouped is more than the composite error of all authentication images combined using the base image of the group in which the image is not classified again by the classification unit. When it is determined repeatedly whether or not it is the smallest, and it is determined by the combining error determination means that the combining error of the authentication image combined using the base image of the group into which the image is classified by the classification means is the smallest The base image distribution unit distributes a plurality of base images generated by the base image generation unit to the card authentication terminal. May be.

  In the first and second card authentication servers according to the present invention, in the base image update means, the composite error determination means combines the authentication images synthesized using the base images of the group whose images are not classified by the classification means. When it is determined that the error is the smallest, the classification unit re-classifies the image corresponding to the group with the smallest synthesis error, thereby newly generating a base image. In this way, the base image is generated repeatedly by comparing the authentication image synthesized by the base image of the group into which the image is classified by the classification means and the classified image until the composition error is minimized, thereby obtaining the base image. It is possible to improve the synthesis accuracy of the authentication image synthesized using the image.

  Furthermore, it is assumed that the number of base images and the amount of coefficient information required for the composition processing are reduced by performing authentication image composition processing using a base image whose image features are similar to the face photograph of the holder In addition, it is possible to generate an authentication image with sufficient accuracy that can be used for the holder authentication process. Therefore, the amount of data such as coefficient information and index information can be effectively reduced, and the coefficient information and index information can be positively recorded on an authentication card or the like.

  Further, the first and second card authentication servers described above replace different sets of card authentication terminals with respect to a set of new base images in which some base images are updated by the base image update means. And a replacement conversion unit that changes the arrangement order of the base images by performing a conversion process, and the base image distribution unit distributes the set of base images subjected to the replacement conversion process by the replacement conversion unit to the card authentication terminal. It may be a thing.

  As described above, in the first and second card authentication servers according to the present invention, the replacement order is changed on the base image by the replacement conversion means, so that the arrangement order is changed. For this reason, even if a third party obtains a plurality of base images used for authentication image composition processing, the order of the base images has been changed, so any base image can be used for authentication as it is. It cannot be determined whether the image composition processing is performed.

  Further, the replacement conversion means performs processing such that the order of arrangement of the base images is different for each card authentication terminal. Therefore, even if a third party acquires the base image subjected to the replacement conversion processing, any replacement conversion is possible. It becomes difficult to determine whether it is necessary to perform processing, and security can be improved.

  When the order of arrangement of the base images is changed, the base image used for the authentication image synthesis cannot be specified with the index information as it is. For this reason, the index information used in the card authentication system according to the present invention is obtained by performing a replacement conversion process corresponding to the base image, so that the base used for the authentication image combining process from the base image subjected to the replacement conversion process. It is possible to specify an image.

  As a method for generating a plurality of base images capable of displaying a low-dimensional distribution state that can well represent the distribution state from a high-dimensional distribution state based on the characteristics of the plurality of images, for example, a principal component analysis method Or the nearest neighbor search method can be used.

  On the other hand, the first card authentication system according to the present invention determines whether or not the card user is a holder based on a base image collection composed of a plurality of base images and coefficient information corresponding to each of the base images. A card authentication system that performs authentication image composition processing to determine whether the authentication information is recorded, an authentication card that records the coefficient information, and a card authentication terminal that performs composition processing of the authentication image. A card authentication server connected to the card authentication terminal via a network, the card authentication terminal including an image recording means for recording the base image collection, and a coefficient for acquiring the coefficient information from the authentication card. It has an information acquisition means, and an image processing means for synthesizing the authentication image based on the base image collection and the coefficient information.

  Further, the second card authentication system according to the present invention is based on whether or not the card user is a holder based on a base image collection composed of a plurality of base images and coefficient information corresponding to each of the base images. A card authentication system that performs authentication image composition processing to determine whether or not the card authentication system includes a card authentication server that records the coefficient information and a card authentication terminal that performs the authentication image composition processing. The card authentication terminal includes: an image recording unit that records the base image collection; a coefficient information acquisition unit that acquires the coefficient information from the card authentication server connected via a network; and the base image. And an image processing means for performing a composition process of the authentication image based on the collection and the coefficient information.

  As described above, in the first and second card authentication systems according to the present invention, the authentication image is synthesized based on the base image collection and the coefficient information. It is possible to synthesize a face photograph) easily and with high accuracy.

  Further, the authentication image cannot be combined only with the base image used for the authentication image combination, and the authentication image cannot be combined without the coefficient information corresponding to the base image. For this reason, it becomes difficult for a third party to easily synthesize the authentication image of the holder, and security can be improved.

  Furthermore, since the coefficient information has an extremely small data amount compared to the authentication image and the base image, the coefficient information itself can be recorded on the authentication card as shown in the first card authentication system. Further, since the data amount of the coefficient information is extremely smaller than that of the authentication image and the base image, as shown in the second card authentication system, the coefficient information is obtained from a card authentication server connected via a network. However, the possibility of increasing the time and burden required for data transmission / reception is low.

  For this reason, the coefficient information necessary for the authentication image composition processing is recorded and stored in the authentication card or the card authentication server, and the base image is stored in the card authentication terminal, so that the information required for the authentication image composition processing is stored. Can be distributed and managed, and security can be improved.

  In particular, when the coefficient information is not recorded on the authentication card but is recorded on the card authentication server, the authentication card does not need to record the coefficient information required for the authentication image composition process. Therefore, even if a magnetic card or the like having a small recording capacity is used as an authentication card, by using the card authentication system according to the present invention, whether the user of the card is a holder by performing authentication image composition processing It is possible to determine whether or not.

  In the first and second card authentication systems described above, the card authentication server is recorded in a base image recording unit that records a plurality of base images constituting the base image collection, and the base image recording unit. A base image update means for periodically updating a part of the plurality of base images, and a new base image collection including the base images updated by the base image update means, via the network, the card The card authentication terminal may have the image recording unit record the new base image collection distributed to the authentication terminal.

  In the first and second card authentication systems according to the present invention, since the card authentication server periodically updates a part of the base images of the base image collection that can be used for the authentication image combining process, the base image is fixed. Can be prevented, and high security can be maintained.

  Furthermore, it is better to adopt a method of regularly delivering a new base image collection to the card authentication terminal than a method of acquiring the base image collection via the network every time authentication image composition processing is performed at the card authentication terminal. In addition, it is easy to speed up the synthesizing process in the card authentication terminal, and it is possible to reduce the network load that may be caused by data distribution.

  In addition, the third card authentication system according to the present invention includes a base image set obtained by combining a plurality of base image collections composed of a plurality of base images having common features so that their features are different from each other, and the validity of the holder. Index information for specifying a base image used for the authentication image synthesis process used for sex determination from the base image set, and coefficient information corresponding to each of the plurality of base images specified by the index information The card authentication system performs the authentication image composition processing by using the authentication card, the card authentication system including the authentication card and the card authentication server capable of recording the index information and the coefficient information, and the authentication. A card authentication terminal that performs image composition processing, and the index information includes the authentication card or The coefficient information is recorded on either the authentication card or the card authentication server, and the card authentication terminal includes image recording means for recording the base image set. Index information acquisition means for acquiring the index information from the authentication card or the card authentication server connected to the network, and acquiring the coefficient information from the authentication card or the card authentication server connected to the network Coefficient information acquisition means for performing, based on the index information acquired by the index information acquisition means, a base image specifying means for specifying a plurality of base images used in the authentication image combining processing, and the base image specification A plurality of base images identified by the means and the plurality of base images Based on the coefficient information corresponding to each image, and having an image processing means for performing synthesis processing of the authentication image.

  In the third card authentication system according to the present invention, by using the index information, it is possible to specify the base image used for the authentication image combining process from the base image set. Therefore, even if a base image set including a base image used for authentication image composition processing and other images is stolen by a third party, if there is no index information, the base image used for authentication image composition processing Therefore, it is possible to prevent the authentication image composition process from being easily performed by a third party.

  Furthermore, in the third card authentication system according to the present invention, the authentication image is synthesized based on the base image specified by the index information and the coefficient information, so that the face photograph of the holder (or the face approximated to the holder). It is possible to compose a photograph) easily and with high accuracy.

  Further, in the third card authentication system according to the present invention, the authentication image combining process cannot be performed only with the base image used for the authentication image combining, and the coefficient information corresponding to the base image specified by the index information Is required. For this reason, it becomes difficult for a third party to easily synthesize the authentication image of the holder, and security can be improved.

  Furthermore, since the coefficient information and the index information have an extremely small amount of data compared to the authentication image and the base image, the coefficient information itself can be recorded on the authentication card. In addition, since the coefficient information and the index information have a very small amount of data, even when the coefficient information and the index information are acquired from a card authentication server connected via a network, The possibility of increasing the burden is low.

  For this reason, index information used for specifying the base image and coefficient information used for authentication image composition processing are recorded and stored in the authentication card or card authentication server, and the base image is stored in the card authentication terminal. Information required for authentication image composition processing can be distributed and managed, and security can be improved.

  In particular, when index information and coefficient information are recorded in the card authentication server, authentication image composition processing can be performed without causing the authentication card to record the index information and coefficient information. For this reason, even when a conventional authentication card with a small data recording capacity such as a magnetic card is used, it is possible to perform an authentication process as to whether or not the card user is a holder based on the authentication image. It becomes.

  In the third card authentication system described above, the card authentication server includes a base image recording unit that records a plurality of base images constituting the base image set, and a plurality of bases recorded in the base image recording unit. Base image update means for periodically updating a part of the base images of the image, and a new base image set including the base images updated by the base image update means to the card authentication terminal via the network The card authentication terminal may cause the image recording unit to record a new set of distributed base images.

  In the third card authentication system according to the present invention, the base image can be prevented from being fixed by periodically updating a part of the base images of the base image collection that can be used for the authentication image combining process. High security can be maintained.

  Furthermore, it is better to adopt a method of periodically delivering a new set of base images to the card authentication terminal than a method of acquiring a base image collection via the network every time authentication image composition processing is performed at the card authentication terminal. In addition, it is easy to speed up the synthesizing process in the card authentication terminal, and it is possible to reduce the network load that may be caused by data distribution.

  Further, in the above-described card authentication system, the base image update unit of the card authentication server includes a classifying unit that classifies a number of images prepared for generating a base image into a plurality of groups according to image characteristics. Generating a plurality of base images capable of displaying a low-dimensional distribution state that can well represent the distribution state from a high-dimensional distribution state based on the characteristics of the plurality of images belonging to the group classified by the classification unit A basic image generating means; an authentication image synthesizing means for synthesizing an authentication image corresponding to each of the multiple images using a plurality of base images belonging to each group generated by the basic image generating means; and the authentication A synthesis error between the authentication image of each group synthesized by the image synthesis unit and the image is obtained, and the group in which the image is classified by the classification unit. Whether or not the authentication error of the authentication image synthesized using the base image is the smallest than the synthesis error of all the authentication images synthesized using the base images of the group in which the image is not classified by the classification unit A combination error determination unit that determines whether the authentication error of the authentication image combined by using the base image of the group in which the image is not classified by the classification unit is smallest. If it is determined, the classification unit reclassifies the image corresponding to the group with the smallest synthesis error, and the base image generation unit uses the plurality of images reclassified by the classification unit. The base image generation process is performed again, and the authentication image composition unit uses the plurality of base images generated again by the base image generation unit to generate the multiple images. By combining the authentication images corresponding to each of the authentication images, the combining error determining unit obtains a combining error between the authentication images of the respective groups combined again by the authentication image combining unit and the images. The authentication error of the authentication image synthesized using the base image of the group in which the image is classified again is all the authentication images synthesized using the base image of the group in which the image is not classified again by the classification means. It is repeatedly determined whether or not the combined error of the authentication image is the smallest, and the combined error of the authentication image synthesized by using the base image of the group into which the image is classified by the classifying unit is the smallest. If it is determined that the base image distribution unit distributes the plurality of base images generated by the base image generation unit to the card authentication terminal. You may believe.

  In the card authentication system according to the present invention, in the base image update unit of the card authentication server, there is a composite error of the authentication image synthesized by using the base image of the group in which the image is not classified by the classification unit in the synthesis error determination unit. When it is determined that the image is the smallest, the classification unit re-classifies the image corresponding to the group having the smallest synthesis error to newly generate a base image. In this way, the base image is generated repeatedly by comparing the authentication image synthesized by the base image of the group into which the image is classified by the classification means and the classified image until the composition error is minimized, thereby obtaining the base image. It is possible to improve the synthesis accuracy of the authentication image synthesized using the image.

  Furthermore, it is assumed that the number of base images and the amount of coefficient information required for the composition processing are reduced by performing authentication image composition processing using a base image whose image features are similar to the face photograph of the holder In addition, it is possible to generate an authentication image with sufficient accuracy that can be used for the holder authentication process. Therefore, the amount of data such as coefficient information and index information can be effectively reduced, and the coefficient information and index information can be positively recorded on an authentication card or the like.

  Furthermore, in the above-described card authentication system, the card authentication server may perform a different replacement conversion for each card authentication terminal with respect to a new set of base images in which some base images are updated by the base image update unit. A replacement conversion means for changing the order of arrangement of base images by performing processing, wherein the base image distribution means distributes a set of base images subjected to replacement conversion processing by the replacement conversion means to the card authentication terminal It may be.

  As described above, in the card authentication system according to the present invention, the replacement conversion unit of the card authentication server performs the replacement conversion process on the set of base images to change the arrangement order. For this reason, even if a third party obtains a plurality of base images used for authentication image composition processing, the order of the base images has been changed, so any base image can be used for authentication as it is. It cannot be determined whether the image composition processing is performed.

  Further, the replacement conversion means performs processing such that the order of arrangement of the base images is different for each card authentication terminal. Therefore, even if a third party acquires the base image subjected to the replacement conversion processing, any replacement conversion is possible. It becomes difficult to determine whether it is necessary to perform processing, and security can be improved.

  When the order of arrangement of the base images is changed, the base image used for the authentication image combining process cannot be specified with the index information as it is. For this reason, the index information used in the card authentication system according to the present invention is obtained by performing a replacement conversion process corresponding to the base image, so that the base used for the authentication image combining process from the base image subjected to the replacement conversion process. It is possible to specify an image.

  According to the authentication card, the card authentication terminal, the card authentication server, and the card authentication system according to the present invention, it is determined whether or not the card user is a holder based on the base image collection, the index information, and the coefficient information. This authentication image can be synthesized. For this reason, by comparing the authentication image synthesized at the terminal with the face of the card user, the operator can authenticate whether the user is a holder based on stricter standards. It becomes.

It is the figure which showed schematic structure of the card | curd authentication system which concerns on this Embodiment. It is the figure which showed the credit card used for the card | curd authentication system which concerns on this Embodiment, and the authentication image synthesize | combined based on the information etc. which are recorded on a credit card. It is the figure which showed schematic structure of the terminal which concerns on this Embodiment. It is the figure which showed schematic structure of the server which concerns on this Embodiment. It is the flowchart which showed the process which produces | generates a base image in the server which concerns on this Embodiment. It is the flowchart which showed the processing content which the control processing part of the terminal concerning this Embodiment performed according to the card | curd authentication method (1). It is the flowchart which showed the processing content which the control process part of the terminal concerning this Embodiment performed according to the card | curd authentication method (2). It is the flowchart which showed the processing content which the control processing part of the terminal concerning this Embodiment performed according to the card | curd authentication method (3). It is the flowchart which showed the processing content which the control processing part of the terminal concerning this Embodiment performed according to the card | curd authentication method (4). It is the table | surface which showed the authentication method of the holder shown in contrast with the kind of card | curd and the kind of terminal.

  Hereinafter, a card authentication system which is an example of the invention according to the present invention will be described and described with reference to the accompanying drawings.

  First, in the card authentication system according to the present embodiment, a method for synthesizing an authentication image for determining the validity of a card user will be described. Here, the determination of the validity of the card user means determination of whether or not the card user is a person who is registered as an authorized owner (or authorized user or holder) of the card. In a general card, the card user is often limited to a holder by a card issuing company or the like. However, there are cases where a person other than the holder impersonates a legitimate card (a card that has not been counterfeited) and uses the card as a holder. There is a risk. For this reason, it is very important to determine whether the card user is a holder.

  Here, the card subject to the validity judgment is a card that allows the card user to receive various services, etc., or a card that proves (certifies) that the party satisfies certain conditions. Means. For example, various cards such as a basic resident register card, an in-house security card, and a driver's license may correspond to the cards subject to the judgment of validity. The card authentication system according to the present embodiment will be described using a credit card as an example of a target card.

[Authentication image composition processing method]
1. Base Image and Coefficient Various methods can be used to determine whether a card user is a registered person as a valid owner of the card. However, depending on the authentication method, the convenience of using the card may be impaired, and accurate legitimacy determination may be difficult.

  For this reason, in the card authentication system according to the present embodiment, when a store operator who provides a service performs an accounting process using a card user's card, the photograph of the holder registered with the card company is displayed. Read on the terminal screen and compare whether the card user is the holder by comparing the card user's face with the face photo displayed on the terminal screen (hereinafter referred to as the authentication image). Adopt the method to do. In this way, the operator actually determines the authentication image (face photograph) of the holder and the card user's face with the naked eye, so that the hair style is different, the presence or absence of a beard, the swelling of the face, the fatness of the face and the thinness. Even if a change in condition occurs in the holder, it is possible to determine whether the owner is a valid owner with high accuracy.

  As a method of displaying the authentication image of the holder on the terminal screen, the photograph of the face of the owner of all valid cards is recorded in advance on the terminal of the store or the card company's server as an authentication image, and it is determined by the presented card. A method of extracting and displaying an authentication image of a corresponding holder from a terminal or a server based on the identification information of the obtained holder is conceivable. However, using the face photograph of the holder as it is (without modifying or encrypting the image) as an authentication image makes it easy to create or replace the authentication image on the holder. There is a risk of lowering.

  For this reason, a method of synthesizing an authentication image of a holder by an image morphing technique based on information recorded on a card and information of a face photograph other than the holder has been proposed (see Patent Document 2 described above). In the authentication image synthesizing process using such a morphing technique, for example, it is necessary to extract the overall arrangement of the constituent parts of the face such as eyes, nose, mouth, and the shape of the constituent parts as feature points. . Then, by using an image morphing technique or the like to transform the feature point of another person's face photograph around the feature point of the holder, it is possible to synthesize an authentication image that becomes an image similar to the face of the holder.

  However, since the feature points are different for each person, it is not easy to extract the feature points accurately and more efficiently. Also, in order to accurately synthesize the authentication image of the holder using image morphing technology, in addition to the face photograph of another person, the face photograph of the deformed holder (for example, the face photograph of the holder itself is similar to the holder In other words, the amount of data required for the authentication processing of the holder authentication image tends to increase.

  For this reason, in the card authentication system according to the present embodiment, statistical pattern recognition is performed by treating a plurality of face photographs themselves as a plurality of image patterns, instead of using a method of extracting a facial component part specially. A method of applying the method and synthesizing the authentication image of the holder is used. In general, if a method for synthesizing an authentication image by patterning a plurality of facial photographs is used, the amount of data required for the authentication image combining process becomes enormous. Therefore, the card authentication system according to the present embodiment performs authentication image composition processing after reducing the amount of data using a principal component analysis (PCA) method.

The principal component analysis method used in the card authentication system according to the present embodiment can indicate a low-dimensional distribution state that can well represent the distribution state from a high-dimensional distribution state based on the characteristics of a plurality of images. This is a method using a base image. Specifically, based on a large number of face photographs, for example, M face photographs (variable {Z _m } {m = 1, 2,... M}), the face is minimized while minimizing information loss. This is a method for obtaining K (K <M) independent base images {P _k } that can express the characteristics of a photograph well.

  Specifically, each of the M face photographs is regarded as a vector based on the feature of each image. Then, an average image obtained from the M images is used as an average vector, and an M-dimensional image space is constructed based on a vector obtained by subtracting the average vector from a vector indicating each image. The vector indicating the base image constitutes the axis of the principal component in the M-dimensional image space. The coordinates located in the M-dimensional space can be approximately obtained by a linear combination (primary combination) of a vector indicating the base image and a coefficient (scalar amount) corresponding to the vector of the base image.

で表すことが可能となる。従って、ｐ_ｎは基底画像として使用できる。 Specifically, let P be the set of principal axis vectors, P = {p ₁ , p ₂ ,..., P _N }.
Represented by An image x of a face photograph existing in the image space is

Can be expressed as Thus, _{p n} can be used as a base image.

Y = {y ₁ , y ₂ , y ₃ ,... Y _N } is a set of coefficients corresponding to the base image.

  As described above, the base image is a vector serving as a principal axis indicating the feature of each image. Therefore, by linearly combining vectors corresponding to the base image with appropriate coefficients, an arbitrary image x (in this embodiment) It is possible to synthesize the authentication image of the holder with high accuracy.

  When obtaining a base image by the principal component analysis method, an image space is constructed based on a vector obtained by subtracting an average vector from a vector indicating each image. That is, centering is performed by subtracting an average image vector from a vector indicating each image. For this reason, it is necessary to obtain and store an average image of all the images. However, if the average image forming the center is considered as one of the base images, there is an advantage that the corresponding coefficient can always be 1.

  Further, ε in Equation 1 is an error (hereinafter referred to as a synthesis error) between the image x (authentication image) synthesized based on the base image and the face photograph of the holder. When combining the authentication image of the holder based on the base image, it is unlikely that the combined authentication image and the real face photo of the holder will be the same face, and a certain error (combination error) occurs. End up. However, when the synthesis error is small, it can be determined that the synthesized authentication image x and the face photograph of the holder are compared with each other by visual comparison. As described above, an error range that can be determined to be substantially equal images is obtained as an allowable range, and the authentication image of the holder is synthesized so as to fall within the allowable range, thereby using an image morphing processing method or the like. It is possible to reproduce the face photograph of the holder with a much smaller amount of data.

Note that if the set of base images that can synthesize the authentication image x with the highest accuracy is P, and if the combination error ε is small enough to be within the allowable range, the coefficient sequence y _n and the inner product of the authentication image x with the base image p _n, it is possible to easily determine.
y _n = <x, p _n > where n = 1, 2, 3,...

2. Reduction of Compositing Error As described above, in order for the operator to determine the validity of the holder by comparing the face of the holder with the authentication image, it is necessary to keep the combining error ε within an allowable range. Since the synthesis error ε is inversely proportional to the number of coefficients used (= the number of base images), if the number of coefficients is reduced to reduce the amount of data, the synthesis error exceeds the allowable range and becomes a large value. There is a risk that.

  On the other hand, in order to synthesize an authentication image, as described above, a plurality of base images and coefficients corresponding to the base images are required. Here, a plurality of base images for synthesizing the authentication images are prepared in advance (only one set) (a set (combination) of a plurality of base images required for the authentication image combining process is hereinafter referred to as a base image collection). By changing only the coefficients according to the authentication image without changing the base image collection used in the authentication image synthesis process (that is, always using this set of base image collections) It is also possible to synthesize authentication images. However, in the case where a plurality of base images used for the combining process are always a set of the same images (when only one set of base images is used), in order to improve the authentication accuracy of the authentication image, the number of coefficients Will need to be increased. If the number of coefficients (the number of base images) increases in this way, the amount of data required to synthesize the authentication image will be increased.

For this reason, when the authentication image of the holder is actually combined using the base image and the coefficient, the combination error and information necessary for combining the authentication image (such as the number of coefficients and base images) It is necessary to make adjustments in consideration of the amount of data. In the card authentication system according to the present embodiment, as a method for reducing the synthesis error without increasing the data amount of information required for synthesizing the authentication image, the basis is set according to the authentication image to be synthesized. A method of appropriately changing the set of images is adopted. In particular,
(1) A large number of base images are classified into a plurality of groups (for example, K groups) according to the characteristics of the base images (one type of base image collection is constituted by a plurality of base images classified into the same set). This base image collection is formed in a plurality of groups (for example, K sets) according to the characteristics of the base image collection.)
(2) Select an optimum group that approximates the characteristics of the authentication image to be synthesized from the group of K sets of base image collections.
(3) A coefficient corresponding to the base image is obtained by an inner product of a plurality of base images (base image collection) belonging to the selected group and the authentication image to be synthesized.

  Thus, by classifying the base images according to the features of the base images, the features of the base images belonging to the same group become common. For this reason, when the coefficient used for the authentication image composition processing is obtained using the base image collection of the group closest to the feature of the authentication image, and the coefficient is obtained using the base image collection of the group having no common feature at all. It is possible to effectively reduce the synthesis error with a smaller number of coefficients. In addition, since the authentication image can be synthesized by synthesizing the authentication image using the coefficient thus obtained and the base image collection of the corresponding group, in the holder validity determination The determination accuracy can be improved.

  In the card authentication system according to the present embodiment, after classifying a plurality of images used for obtaining a base image, a method for obtaining a base image for each group based on the classified images is adopted. The detailed method will be described later.

3. Base Image Set Replacement Conversion Processing If a set of base image sets classified into K groups is a base image set, the base image set can be expressed as follows.

は、第１番目のグループの基底画像集におけるＮ_１番目の基底画像を示している。従って、第１番目のグループの基底画像集は、Ｎ_１枚の基底画像により構成されることになる。 In Equation 3, p ₁₁ represents the first base image in the first group of base image collections.

Indicates the N ₁ th base image in the base image collection of the _first group. Therefore, the base image collection of the _first group is composed of N ₁ base images.

は、第２番目のグループの基底画像集におけるＮ_２番目の基底画像を示している。 Similarly, p ₂₁ represents the first base image in the second group of base image collections,

Shows the N _2nd base image in the base image collection of the second group.

は、第Ｋ番目のグループの基底画像集におけるＮ_Ｋ番目の基底画像を示しており、Ｋ番目のグループの基底画像集は、Ｎ_Ｋ枚の基底画像により構成されることになる。 P _K1 represents the first base image in the K-th group of base image collections. Also,

Shows the N _K-th base image in the basal image album of the K th group, the base image album of K th group is to be configured by N _K basis images.

と示すことができる。 As described above, the base images composed of a plurality of groups can be regularly arranged for each group and for each order of the base images in the group. In the base image set arranged as shown in Expression 3, the base images used for the authentication image combining process are only base image sets belonging to any one group. For convenience, if the k-th group base image collection is used for the authentication image synthesis process, the k-th group base image collection P _k is

Can be shown.

とすると、合成される認証画像ｘは、上述した式４に示される基底画像と、式５に示される係数列とにより

として求めることができる。 Also, a coefficient sequence used for synthesizing the authentication image using the k-th group of base image collections is

Then, the authentication image x to be synthesized is obtained by the base image shown in the above-described equation 4 and the coefficient sequence shown in the equation 5.

Can be obtained as

  As described above, in the card authentication system according to the present embodiment, a base image collection as shown in Expression 4 of a group suitable for authentication image synthesis processing is obtained from the base image set shown in Expression 3 and obtained. Using the base image collection and the coefficient sequence as shown in Equation 5, the authentication image is synthesized as shown in Equation 6.

  Here, the base image set shown in Expression 3 is used as information indispensable for the authentication image combining process. As described above, the base image set is a set in which K sets of base image sets are sequentially arranged. Further, a plurality of base images constituting each base image collection of each group are arranged in order. For this reason, if the base image collection is used as it is, the group of the base image collection and the order of the base images in each group may be easily known to a third party. In a situation where information about the base image can be easily known to a third party, the base image may be easily tampered with, which may lead to a decrease in security.

  For this reason, in the card authentication system according to the present embodiment, the order (arrangement order) of the base images is changed by performing a replacement conversion process on each base image constituting the base image set as shown in Expression 3. Perform the change process. In this way, by changing the order of the base images in the base image set, it becomes difficult to specify the group of base image collections required for the authentication image combining process, and the coefficient for combining the authentication images The correspondence (combination) between the column and the base image cannot be easily specified.

に変換する処理を意味する。ここで、Ｍは認証画像の合成処理に使用される基底画像の枚数を示している。また、ｊは、置換変換処理を行う場合において設定される定数であり、本実施の形態に係るカード認証システムでは、合成された認証画像を表示させる端末のＩＤ（識別番号情報）を示している。 Here, the replacement conversion processing is, for example, a sequence I ⁰ = [1, 2,..., M],

It means processing to convert to. Here, M indicates the number of base images used for the authentication image combining process. Further, j is a constant set when the replacement conversion process is performed, and in the card authentication system according to the present embodiment, indicates the ID (identification number information) of the terminal that displays the synthesized authentication image. .

は、１からＭまでの整数であり、Ｉ^ｊの要素は重複しない。またＩ^ｊのｍ番目の要素は、置換変換処理前の基底画像集合における基底画像の位置（順番）を示している。従って、ｍ番目の基底画像は、置換変換処理によりＩ^ｊ _ｍの位置に変換されることになる。 I ^j elements

Is an integer from 1 to M, and the elements of I ^j do not overlap. The m-th element of I ^j indicates the position (order) of the base image in the base image set before the replacement conversion process. Therefore, the m-th base image is converted to the position of I ^j _m by the replacement conversion process.

For example, it is assumed that N base images from k ₁ to k _N are used when a certain authentication image is synthesized. If the base image collection including the base image used for the authentication image combining process is stored in the terminal j in a state where the replacement conversion process is performed, the position of the base image in the base image set used for the combining process is It can be easily obtained by using the position information of the replacement transformation I ^j corresponding to the terminal j.

と示すことができる。 In addition, since the base image collection used for the authentication image composition processing is a plurality of base images constituting a part of the base image set, the base image used for the authentication image composition processing from the base image set. Information that identifies the image is required. In the card authentication system according to the present embodiment, index information indicating the order of the base images constituting the base image set is used as information for combining the authentication images. For example, the order of the base images of the base image collection of the k-th group before performing the replacement conversion process is based on the index information.

Can be shown.

  Therefore, when obtaining a base image used for the synthesis process from the base image set (for example, a base image of the K-th group base image collection), an appropriate base image is appropriately selected by using the index information shown in Equation 9. Can be obtained in any order.

  As described above, when the replacement conversion process is performed on the base image set, the replacement conversion process obtained based on the ID (identification number information) of the terminal on which the authentication process is performed is also performed on the index information. As a result, the security of the index information can be increased. When performing authentication image composition processing at the terminal, the index information subjected to replacement conversion processing is acquired at the terminal, and necessary for the composition processing from the base image set subjected to replacement conversion processing based on the acquired index information. A plurality of base images can be obtained.

  As described above, in the card authentication system according to the present embodiment, the base image set subjected to the replacement conversion process is Key1, the index information subjected to the replacement conversion process is Key2, and the coefficient sequence information used for the authentication image combining process is Key3. And

  In the card authentication system according to the present embodiment, authentication processing of a holder authentication image is performed using three types of information: Key1 consisting of a base image set, Key2 consisting of index information, and Key3 consisting of coefficient information. Do.

[Overall configuration of card authentication system]
FIG. 1 is a block diagram showing a schematic configuration of a card authentication system according to the present embodiment. A card authentication system 1 according to the present embodiment is roughly configured by a server (card authentication server) 2, a terminal (card authentication terminal) 3, and a credit card (authentication card) 4. Are connected via the network 5. The server 2 and the terminal 3 send and receive data (for example, the above-described Key1 to Key3) necessary for the authentication image composition process, and information (card information) for determining the validity of the credit card 4, etc. This is done via the network 5. The network 5 may be a dedicated line or may be a public communication line such as the Internet.

  In order to transmit and receive data between the server 2 and the terminal 3, an encryption technique is often used so that the data contents are not easily leaked to a third party. Various methods can be used as the encryption technique. In the card authentication system 1 according to the present embodiment, in order to perform data encryption, and in addition, to determine the validity of the server 2 and the terminal 3. Adopt public key cryptosystem.

  In the public key cryptosystem, the key used for data encryption and the key used for decryption are separated, and decryption cannot be performed using the same key as the key used for encryption. It is not easy to figure out the other key. The key owner manages only the key used for decryption so that it is not known to others (decryption key = secret key), and the key used for encryption can be widely disclosed (encrypted) Key = public key). Note that the public key does not necessarily need to be disclosed, and a method that does not disclose it according to the method of use can also be used. When data is encrypted and transmitted / received, the sender transmits the data after obtaining the public key published by the receiver and encrypting the data. Since the encrypted data can be decrypted only with the private key of the receiver, the contents are not decrypted even if intercepted by a third party on the way, and information leakage can be prevented.

  In addition, in the data transmission / reception between the terminal 3 and the server 2 according to the present embodiment, the public key cryptosystem described above is used, but the encryption method is not limited to the public key cryptosystem, and other encryption schemes are used. May be adopted. For example, the key used for encryption and the key used for decryption may be the same key encryption method, and even when the common key encryption method is adopted, the management of key information is thoroughly performed. As a result, data leakage can be suppressed.

  Furthermore, a one-time key may be used as a key used for encryption. A one-time key is a key that can be used only once. When using a one-time key, a password (one-time key) with seemingly random numbers is generated by combining the holder's PIN number and time information (minute information). Data is encrypted using a password, and data is transmitted from the terminal 3 to the server 2. The server 2 can confirm whether or not the password is generated by a genuine user by using a similar algorithm. The one-time key has a feature that changes every short time, for example, every minute. Even if the one-time key (password) is stolen, the valid period is one minute as an example at the maximum. . Furthermore, since the one-time key is used only once and is not used repeatedly (that is, disposable), it is possible to ensure high safety.

  The above-described encryption method encrypts information recorded on the credit card 4 in order to prevent the information recorded on the credit card 4 from being stolen by a third party and easily leaking the contents. It can also be used when For example, after the information is encrypted before the credit card 4 is issued, the encrypted information is recorded on the credit card 4. By recording the encrypted information on the credit card 4, it is difficult to easily know the contents even if a third party steals the information recorded on the credit card 4. Become.

  When it becomes necessary to confirm the contents of the information recorded on the credit card 4, mutual authentication between the credit card 4 and the terminal 3 is performed as described later, and further, mutual authentication between the terminal 3 and the server 2 is performed. After the validity of the credit card 4 and the terminal 3 is recognized by the server 2, the server 2 uses the public key of the terminal 3 to encrypt a decryption key for decrypting information recorded on the credit card 4. The decrypted decryption key is sent to the terminal 3.

  The terminal 3 receives the decryption key from the server 2, decrypts the acquired decryption key with the private key corresponding to the public key used in the server 2, and uses the decrypted decryption key as the decryption key. By using it, the information read from the credit card 4 can be decrypted.

  As the credit card 4, two types of cards, that is, a magnetic card and an IC card can be used. The magnetic card is different from the IC card in that the data recording capacity of the card is small and the arithmetic processing function in the credit card 4 is not provided. In the present embodiment, the case where an IC card is mainly used will be described, and the case where a magnetic card is used will be supplementarily described. However, in any case, the synthesized authentication image is used. It is possible to achieve the characteristic configuration and effect of the present invention that the holder is authenticated based on the above.

  Further, as shown in FIG. 2, the credit card 4 is provided with a recording unit 9 capable of recording information necessary for synthesizing the authentication image 6 (for example, Key2 and Key3). Yes. The recording unit 9 includes a general memory and can record a certain amount of data. Details of the information recorded in the recording unit 9 will be described later.

[Terminal configuration]
As shown in FIG. 3, the terminal 3 includes a card reader unit (coefficient information acquisition unit, index information acquisition unit) 11, an image recording unit (image recording unit) 12, and a communication unit (coefficient information acquisition unit, index information acquisition). Means) 13, a control processing section (image processing means, base image specifying means) 14, and an image display section 15.

  The card reader unit 11 has a function of reading data (information such as Key2 and Key3) recorded in the recording unit 9 of the credit card 4. When an IC card is used as the credit card 4, the card reader unit 11 can not only read data recorded on the IC card but also input necessary information to the IC card. Yes. The IC card can perform information authentication processing based on the input information, and the card reader unit 11 reads the authentication result from the IC card, thereby authenticating the credit card 4 and the terminal 3. It is possible to do.

  The image recording unit 12 is configured by a general storage device such as a hard disk or an SSD (Solid State Drive). The image recording unit 12 can record a base image set (a plurality of base image collections) acquired from the server 2. The communication unit 13 is configured by a general network interface card (LAN (Local Area Network) card) or the like, and is used for transmission / reception of data with the server 2.

  The control processing unit 14 has a function of performing various processes in the terminal 3, and includes a CPU (Central Processing Unit) that performs arithmetic processing, a ROM (Read-Only Memory) that records a program related to holder authentication processing, A RAM (Random Access Memory) used as a work area is used. This RAM can temporarily record data read from the credit card 4 in the card reader unit 11.

  The control processing unit 14 has a role of synthesizing the authentication image 6 on the basis of information on Key1 to Key3. When an IC card is used as the credit card 4, the control processing unit 14 has a role of performing an authentication process between the credit card 4 and the terminal 3 by operating the card reader unit 11. Further, when a magnetic card is used as the credit card 4, the control processing unit 14 transmits the card information to the server 2 via the communication unit 13, and the authentication information returned from the server 2 is sent to the communication unit 13. It has the role which performs the authentication process of a magnetic card by acquiring via.

  Further, the control processing unit 14 transmits authentication information of the terminal 3 that can identify the terminal 3 to the server 2 via the communication unit 13, and returns a response from the server 2 to the transmitted authentication information of the terminal 3. By receiving the authentication result via the communication unit 13, it has a function of performing authentication processing between the terminal 3 and the server 2. The control processing unit 14 also has a role of performing encryption / decryption processing using the public key cryptosystem described above in information transmission / reception processing with the server 2.

  The image display unit 15 is configured by a liquid crystal display, a CRT display, or the like, and has a role of allowing the operator to visually recognize the authentication image 6 synthesized by the control processing unit 14. The authentication image 6 displayed on the image display unit 15 is the authentication image 6 restored based on the information of Key1 to Key3, and can be determined to be almost the same as the face photo of the holder applied at the time of card registration. Therefore, the operator can authenticate the holder by comparing the face photograph displayed on the image display unit 15 with the actual face of the user of the credit card 4. It becomes.

  The authentication image 6 displayed on the image display unit 15 is desirably displayed so that only the operator can visually recognize it. For this reason, it is also possible to use a display technique that can switch whether or not the image display unit 15 can be visually recognized depending on the viewing angle. Further, since the authentication image 6 is not limited to a flat one, the authentication image 6 is a stereoscopic image, and the image display unit 15 is a display capable of stereoscopically viewing the stereoscopic image with the naked eye, thereby authenticating the holder. The accuracy can be improved.

[Server configuration]
As shown in FIG. 4, the server 2 includes a communication unit (base image distribution unit) 20 and a control unit (base image generation unit, base image update unit, authentication image synthesis unit, synthesis error determination unit, substitution conversion unit, classification Means, base image distribution means) 21, terminal information recording unit 22, base image recording unit (basic image recording unit) 23, holder information recording unit 24, and general image recording unit 25.

  The communication unit 20 has a function of transmitting / receiving data to / from the terminal 3 connected via the network 5. In FIG. 1, only two terminals 3 connected to the server 2 via the network 5 are shown for convenience, but the number of terminals 3 connected to the server 2 is limited to two. Instead, in general, a plurality of terminals 3 are connected. Further, the server 2 according to the present embodiment is connected to the Internet, and can collect an image for extracting a base image from images published on the Internet, as will be described later. It has become.

  Similarly to the image recording unit 12 of the terminal 3, the terminal information recording unit 22, the base image recording unit 23, the holder information recording unit 24, and the general image recording unit 25 are general storage such as a hard disk and an SSD (Solid State Drive). It is comprised by the apparatus.

  In the terminal information recording unit 22, information related to the terminal 3 connected via the network 5 is recorded. By using information for each terminal 3 recorded in the terminal information recording unit 22, the server 2 can authenticate the terminal 3. The information for each terminal 3 (hereinafter referred to as terminal information) includes, for example, the terminal ID (identification number information), the type of the terminal, information regarding the user or administrator of the terminal, and information regarding the location of the terminal.

  Further, the terminal information recording unit 22 encrypts the information to be transmitted or decrypts the encrypted information when transmitting and receiving information between the server 2 and the terminal 3. Each public key is recorded. When information is encrypted and transmitted from the server 2 to the terminal 3, only the legitimate terminal 3 having the corresponding secret key is encrypted by encrypting the information using the public key of the corresponding terminal 3. Information can be decrypted.

  When the public key of the corresponding terminal 3 can be easily obtained through the network 5, the terminal information recording unit 22 does not always record the public key for each terminal 3, but the network. 5 may be temporarily recorded in the terminal information recording unit 22 for encryption processing.

  In the base image recording unit 23, a base image set composed of a large number of base images is recorded. As indicated by Key1, the base image set is recorded in a state where a base image set including a plurality of base images is arranged for each group (a state in which the base images are arranged in a predetermined order). Note that the base image set recorded in the base image recording unit 23 may be deleted, added, or updated by the control unit 21 at regular intervals. Further, it is possible to improve the synthesis accuracy of the authentication image 6. When the base image set is updated in this way, the control unit 21 replaces the base image set recorded in the base image recording unit 23 based on the ID information of the terminal 3 and the like. Then, the base image set subjected to the replacement conversion process is distributed to the corresponding terminal 3.

  The holder information recording unit 24 records various information related to the holder, such as the holder ID (identification number information), the type of the credit card 4, and personal information (address, name, etc.) of the holder. Therefore, the control unit 21 of the server 2 determines the type of the credit card 4 based on information (card information) for specifying the card received from the terminal 3 and information on the holder recorded in the holder information recording unit 24. And holders can be specified.

  In addition, when the information recorded in the recording unit 9 of the credit card 4 is encrypted, a decryption key used for decrypting the encrypted information of the credit card 4 is recorded in the holder information recording unit 24. ing. For example, when the key 2 or key 3 information is recorded on the credit card 4 and the key 2 or key 3 information is encrypted for the purpose of improving security, the terminal 3 that has been mutually authenticated with the credit card 4 The decryption key for decrypting the information recorded on the credit card 4 can be requested. In the terminal 3, by using the decryption key of the credit card 4 transmitted from the server 2, it becomes possible to decrypt the information of Key2 and Key3.

  Furthermore, information such as Key2 and Key3 can be recorded in the holder information recording unit 24 as necessary. Key2 and Key3 are different information for each holder, and are information related to information about the holder. Therefore, in response to a request from the terminal 3, the server 2 can encrypt the key 2 and key 3 information of the holder obtained from the card information using the public key of the terminal 3 and transmit the encrypted information to the terminal 3. it can.

  Note that Key2 is index information, and is information used to specify a base image used for synthesizing the authentication image 6. In the card authentication system 1 according to the present embodiment, the control unit 21 is configured to deliver a base image set from the server 2 to the terminal 3 at regular intervals. In the terminal 3, when the authentication image 6 is combined, it is necessary to specify a base image used for combining the authentication image 6 from the base image set distributed from the server 2. Information used when specifying the base image is index information (Key2).

  In the general image recording unit 25, a large number of images used for generating and updating a base image by the control unit 21 are temporarily recorded.

  The control unit 21 has a function of performing various processes. For example, authentication processing with the terminal 3 described above, authentication processing of a magnetic card when a magnetic card is used for the credit card 4, encryption processing used for data transmission / reception with the terminal 3, and base image recording For example, the base image set recorded in the unit 23 is compressed and distributed to the terminal 3. Further, the control unit 21 collects an image such as a facial photograph via the Internet, and performs a process of generating a base image after classifying the collected image.

  FIG. 5 is a flowchart showing processing for generating a base image by the control unit 21. First, the control unit 21 collects a number of face photographs (images) used for generating a base image (step S.1).

  The image collection processing in the control unit 21 can be realized, for example, by collecting human face photographic images published on the Internet. The images of facial images to be collected usually have eyes, nose, mouth, and ears located at similar positions, and have similar head contours. By making a determination based on these characteristic arrangement positions based on the analysis, it is possible to automatically collect only face photographs. As described above, when the server 2 collects images, the control unit 21 circulates the Internet via the communication unit 20 to collect facial photograph images and record them in the general image recording unit 25.

  In addition, when the credit card company operates and manages the server 2, the user may be requested to submit face photo data at the time of membership registration. For this reason, in the credit card company, by using the facial photograph data that is permitted to use the facial photograph for generating the base image by the user among the accumulated facial photograph data, many images can be easily and It becomes possible to collect quickly. When using facial photograph data, the control unit 21 records facial photograph data to be used in the general image recording unit 25.

  Next, the control unit 21 performs a classification process for images recorded in the general image recording unit 25 (step S.2). In the case of generating a base image based on a large number of collected images, the composite error is within an allowable range so that the authentication image 6 combined based on the base image and the face photograph of the holder are similar to each other. It is necessary to fit in. Furthermore, it is desired to reduce the data amount of information (Key2 and Key3) required for the synthesis process of the authentication image 6 while keeping the synthesis error within an allowable range. For this reason, in the card authentication system 1 according to the present embodiment, the images used when generating the base image set are classified into a plurality of patterns according to the characteristics of the facial photograph, and the characteristics of the images are classified for each classified group. A method of generating a base image collection according to the above is adopted.

  Specifically, when the authentication image 6 to be combined is a female face photograph, the base image collection used when combining the authentication image 6 is also a base image collection having characteristics as a woman. It is desirable. When the authentication image 6 to be combined is a white face photograph, it is desirable that the base image collection used when combining the authentication image 6 is also a base image collection having the characteristics of white. . Further, when the authentication image 6 to be combined is a face photograph of an infant, it is desirable that the base image collection used when combining the authentication image 6 is also a base image collection having characteristics as an infant. . As described above, the base image collection used to generate the authentication image 6 is characterized by the feature of the authentication image 6 in order to reduce the data amount of information (mainly coefficient information) required for the authentication image synthesis process. It is preferable to use a base image comprising Therefore, the control unit 21 classifies the images used for generating the base image according to the image characteristics, and then generates a base image collection for each classified image.

  As a method of automatically classifying images, various clustering methods proposed in the field of pattern analysis can be used. For example, the k-means method is known as a clustering method. This k-means method is a representative example of a non-hierarchical clustering method. A representative prototype is given to each of a predetermined number of clusters (for example, k), and each individual is assigned to the nearest prototype. Clustering is performed by assigning to. Once the individual is assigned, the process of calculating a new prototype from the assigned individual is repeated until the prototype calculation and the assignment of the individual converge until the appropriate prototype estimation and data division are performed. Done. In general, in the case of multivariate numerical data, an average value (mean) is used as a prototype of a cluster, so that k means are referred to as a k-means method.

  However, the image classification method (clustering method) is not limited to such a method. Classification may be performed using a classification method used empirically based on image characteristics. For example, the authentication image 6 synthesized by the card authentication system 1 according to the present embodiment is synthesized by using a plurality of face photographs as base images. For this reason, the images (face photographs) collected for generating the base image collection are classified into ten or more layers based on the age of appearance, and classified into 3 to 5 types based on the color of the skin, By classifying into several tens of types based on the shape of the face and further classifying in combination according to gender, it is possible to classify the number of groups of face photos into hundreds to thousands of types. By classifying images in this way, it is possible to classify images having common features into the same group.

  As described above, the control unit 21 performs grouping for each image having a similar feature by performing case classification such as the skin color of the face photograph, the outline of the face, and the gender determined from the face photograph.

  And the control part 21 produces | generates a base image for every group using several grouped image (step S.3). In the card authentication system 1 according to the present embodiment, as described above, a plurality of base images (base image collections) are obtained for each groove using the principal component analysis method. The base image collection for each group obtained in this way is a common image in the group having the same base image characteristics. Therefore, by synthesizing the authentication image 6 using a group of base images common to the features of the face photograph of the holder, accuracy can be obtained using a relatively small number of coefficient information and a relatively small amount of index information. It is possible to synthesize an authentication image 6 having a high value.

  In addition, in the case of updating an already existing base image by generating a new base image, if the coefficient information of the base image before the change is recorded on the credit card 4, the corresponding base image is set as a new base image. Can not be changed. For this reason, when the base image collection is changed, the change processing is performed only on the base images that are not used in the composition processing.

  Next, the control unit 21 performs a process of synthesizing all images (face photographs) used for grouping the base images for each group based on the base image collections of all the grouped groups (step). S.4). Then, the control unit 21 performs step S.1. A synthesis error between the synthesized image synthesized in 4 and the image used for grouping is obtained based on all the images. Then, the control unit 21 determines that the group of base image collections having the smallest synthesis error in all the images is step S. It is determined whether or not the group is classified by the image classification process in step 2 (step S.5).

  When the group of the base image collection with the smallest synthesis error and the group of images used for grouping the base images are different groups (No in step S.5), the control unit 21 corresponds. The image group is changed to the group with the smallest synthesis error, and a new image classification process is performed (step S.6).

  And the control part 21 produces | generates a base image for every group again using the newly classified image (step S.3), and all the images used for grouping of the base image are grouped. Based on the base image collection of all the groups (step S.4). Then, the control unit 21 determines that the group of base image collections with the smallest synthesis error is the step S.P. In Step S.5, it is repeatedly determined whether or not the image is classified into groups in Step 6 (Step S.5).

  When the group of base image collections with the smallest synthesis error and the group of images used for grouping the base images are the same group for all images (Yes in step S.5), the control unit 21 Records the obtained base image collection of each group as a base image set in the base image recording unit 23 (step S.7), and ends the processing for generating the base image.

  In this way, the authentication image 6 is synthesized for each group based on the base image collection of each group, and the group of base images that minimizes the synthesis error and the group of images classified for generating the base image. By re-determining the base image collection until all the images match, the feature of each base image collection can be made more prominent, and authentication that is synthesized using the corresponding base image collection It is possible to minimize the synthesis error of the image 6.

  In the card authentication system 1 according to the present embodiment, a configuration in which the control unit 21 of the server 2 automatically performs a plurality of image classification processes (the process shown in step S.2 in FIG. 5) (automatic classification method: Automatic Classification) is adopted, but the image classification method is not limited to the automatic classification method by the control unit 21. For example, when the image classification process is performed by a complete mechanical judgment process (automatic classification method) by the control unit 21, a classification that is difficult to determine from the human viewpoint based on the feature of the image is performed. There can be.

  That is, even if it is determined by human judgment that the two images are similar (having common characteristics), the control unit 21 may classify the two images as different groups. Therefore, manual classification methods (Manual Classification) in which images are classified while being checked by the human eye so that the situation conforms to human judgment criteria, and some images are manually grouped by humans. Furthermore, it is also possible to use a semi-automatic classification method (Semi-Automatic Classification) in which the control unit 21 automatically performs classification processing based on manually classified images.

  In the manual classification method, classification is performed while confirming images with human eyes, and therefore, the processing burden tends to increase when the number of collected images is large. In particular, when the base image set is regularly updated, it seems to be difficult to classify images using only the manual classification method.

  On the other hand, the semi-automatic classification method extracts some sample images from a large number of images, and performs image classification processing by a manual classification method based on the extracted images. Thereafter, by using the result of classification of the sample images performed based on the manual classification method as known information, all the remaining images are classified using the automatic classification method.

  That is, when automatic classification (machine classification) is performed by the control unit 21, semi-supervised learning using known classification information is used. Various algorithms have been developed for such a semi-automatic classification method. In the card authentication system 1 according to the present embodiment, a TSVM (Transductive Support Vector Machine) algorithm can be used (“T. Joachims,“ Transductive Inference for Text Classification using Support Vector Machines ”, 16th ICML, p. 200-209 (1999)). Also, an NNC-Tree (Nearest Neighbor Classification Tree) algorithm (“Takefumi Tsuji,“ Multivariable Decision Tree Construction System, Multivariable Decision Tree Construction Method, and Program for Constructing Multivariate Decision Tree ”, Japanese Patent Application Laid-Open No. 21441 (see Japanese Patent Application No. 2006-34343) is an algorithm proposed on the premise of supervised learning, but can also be applied to semi-automatic classification processing.

  The control unit 21 of the server 2 has a function of transmitting the base image set recorded in the base image recording unit 23 to the terminal 3. In transmitting the base image set, the server 2 transmits a base image set to each terminal 3 after performing replacement conversion processing (shuffle) of the base images constituting the base image set. This replacement conversion process is performed so as to be different depending on the terminal 3. Therefore, in the base image set that has undergone the replacement conversion process, the order (which position) in which the base image used for the authentication image 6 synthesis process exists differs from terminal 3 to terminal 3. Become. Based on the index information (Key 2), the terminal 3 determines in which position of the base image set the base image used for the synthesis process exists.

  In a case where the index information (Key2) is recorded in the holder information recording unit 24 of the server 2, the control processing unit 14 of the terminal 3 acquires the index information (Key2) from the server 2 by using the server 2 and the terminal 3 It is necessary to perform authentication processing. By strictly performing authentication processing between the server 2 and the terminal 3, the server 2 transmits the index information (Key2) to the terminal 3 only when it is determined that there is an access from the authentic terminal 3. Can be done. For this reason, it is possible to prevent the base image used for the composition processing of the authentication image 6 from leaking to the unauthorized terminal, and to prevent the authentication image 6 of the holder from being easily restored. It becomes possible.

Further, as described above, information regarding the replacement conversion process is recorded in the terminal information recording unit 22 of the server 2 in association with the identification number of the terminal 3. The base image set transmitted from the server 2 to the terminal 3 and stored in the image recording unit 12 of the terminal 3 is a base image set subjected to the replacement conversion process in the server 2 and is used as a base image used for the synthesis process. The order has been changed. In such a situation, the base image required for the synthesis process of the authentication image 6 is selected from the base image set stored in the terminal 3 by using the replacement transformation I ^j determined based on the terminal 3. It can be easily obtained.

  Further, as described above, the control unit 21 of the server 2 has a function of transmitting the base image set recorded in the base image recording unit 23 to the terminal 3. However, since general image data has a larger data capacity than other data, if the base image set is transmitted as it is, there is a risk of increasing the transmission burden on the communication line. Furthermore, it can be said that the image itself is preferably subjected to encryption processing for transmission / reception.

  For this reason, the card authentication system 1 according to the present embodiment employs a method of compressing the base image set before encryption as a technique for reducing the calculation cost of encryption / decryption of the base image set. As a method for reducing the burden of encryption and decryption, an image compression technique called k-PCA can be used.

  Regarding the k-PCA method, “CF Lv and QF Zhao,“ k-PCA: a semi-universal encoder for image compression, ”International Journal of Pervasive Computing and Communications, 2007, Vol. 3, No. 2, p. 205-220 '', `` CF Lv and QF Zhao, `` Integration of Data Compression and Cryptography: Another Way to Increase the Information Security '' Proc. Of IEEE 21st International Conference on Advanced Information Networking and Applications (AINA07), Niagara Falls, Canada , May, 2007, p.543-547 ”, the description is omitted here.

  By using k-PCA in this way, it is possible to generate compressed base image set data and an image compression key used for compression. Of the data generated in this way, if only the image compression key can be encrypted and transmitted from the server 2 to the terminal 3, the compressed base image set is not specially encrypted. It becomes possible to transmit to the terminal 3 via the open network 5 such as the Internet. In addition, since the data amount of the image compression key is much smaller than the data amount of the base image set, the processing load required to encrypt and decrypt the base image set is very low.

  Next, a method for authenticating the holder by synthesizing the holder authentication image 6 using the card authentication system 1 described above will be described.

As described above, in the card authentication system 1 according to the present embodiment,
(1) Base image set (Key1) used for the composition processing of the authentication image 6
(2) Index information (Key 2) for specifying a base image necessary for the composition processing of the authentication image 6
(3) Coefficient information (Key3) used for performing the synthesis process of the authentication image 6
Is needed.

  Further, the composition process of the authentication image 6 is performed in the terminal 3, and after the terminal 3 performs the mutual authentication process with the server 2 and the credit card 4, the authentication process is performed based on the above-described information of Key 1 to Key 3. The image 6 is synthesized. Therefore, Key1 to Key3 are recorded in any one of the server 2, the terminal 3, and the credit card 4, and are acquired by the terminal 3 through the network 5 or the like as necessary.

  Here, the base image set of Key1 includes a large number of pieces of image information. For this reason, if information on the base image set is acquired from the server 2 via the network 5 every time it is determined whether or not the card user is a holder, it takes time to synthesize the authentication image 6. There's a problem. Furthermore, when the server 2 performs the process of transmitting the base image set for each request to all the terminals 3 for which the authentication image 6 has been combined, the processing load on the server 2 is increased. There is a risk of delaying data transmission in the network 5.

  Therefore, in the card authentication system 1 according to the present embodiment, when the base image set that has been subjected to the replacement conversion process in advance is distributed from the server 2 to the terminal 3 and the authentication image 6 is combined, It is assumed that the base image set recorded in the image recording unit 12 of the terminal 3 is used. In this way, by recording the base image set in the image recording unit 12 of the terminal 3 in advance, it is possible to reliably acquire the corresponding base image set when the authentication image 6 is combined. Become.

  On the other hand, the key 2 index information and the key 3 coefficient information are indispensable information for synthesizing the authentication image 6, and are different information for each holder, which is associated with the holder that is the synthesis target of the authentication image 6. It can be said that there is. For this reason, the information associated with this holder should not be recorded in advance on any terminal 3. In the card authentication system 1 according to the present embodiment, the key 2 or key 3 information is recorded in the recording unit 9 of the credit card 4 and the mutual authentication between the terminal 3 and the credit card 4 is permitted. 4. A method of reading the information of Key2 or Key3 from 4 is adopted. Alternatively, information on Key 2 or Key 3 is recorded in the holder information recording unit 24 of the server 2, and information regarding authentication of the credit card 4 (card authentication information) when mutual authentication between the terminal 3 and the server 2 is permitted. Based on the above, a method is adopted in which the terminal 3 acquires information on the Key2 or Key3 related to the holder from the server 2.

Therefore, in the card authentication system 1 according to the present embodiment,
(1) When the base image set (Key 1) is recorded in advance on the terminal 3, the index information (Key 2) is recorded on the server 2, and the coefficient information (Key 3) is recorded on the credit card 4, the authentication image is recorded on the terminal 3. A method of synthesizing 6;
(2) When the base image set (Key1) is recorded in advance on the terminal 3, the coefficient information (Key3) is recorded on the server 2, and the index information (Key2) is recorded on the credit card 4, the authentication image is recorded on the terminal 3. A method of synthesizing 6;
(3) The base image set (Key1) is recorded in advance on the terminal 3, the index information (Key2) and the coefficient information (Key3) are recorded on the credit card 4, and none of the Key1 to Key3 is recorded on the server 2. A method of synthesizing the authentication image 6 at the terminal 3;
(4) The base image set (Key1) is recorded in advance on the terminal 3, the index information (Key2) and the coefficient information (Key3) are recorded on the server 2, and none of the Key1 to Key3 is recorded on the credit card 4. A method of synthesizing the authentication image 6 at the terminal 3;
The following four methods are assumed.

  Hereinafter, a card authentication method in which the authentication image 6 is synthesized by the control processing unit 14 of the terminal 3 will be described for each of the cases (1) to (4).

  Note that the information recorded on the credit card 4 (card information and information on Key2 and Key3) is likely to be forged if the contents are known to a third party. It is assumed that In addition, a decryption key for decrypting information recorded on the credit card 4 is recorded on the server 2. In order to decrypt the information of the credit card 4 at the terminal 3, after the authentication between the credit card 4 and the terminal 3 is permitted, the terminal 3 acquires the information from the credit card 4, and further, the terminal 3 and the server 2 is required, the terminal 3 needs to acquire the decryption key of the credit card 4 from the server 2. Thus, by recording the decryption key of the credit card 4 in the server 2, it is possible to suppress easy decryption of the card information and to enhance the security of information regarding the credit card 4.

  As the credit card 4, two types of cards, an IC card and a magnetic card, are widely used. As described above, since the recording capacity of the magnetic card is smaller than that of the IC card, it may be difficult to record Key2 or Key3 with the magnetic card. For this reason, when using a magnetic card for the credit card 4, the method (4) described above, that is, a method in which none of the keys 1 to 3 is recorded on the credit card 4 is used.

[Card authentication method (1)]
First, when the base image set (Key 1) is recorded in advance on the terminal 3, the index information (Key 2) is recorded on the server 2, and the coefficient information (Key 3) is recorded on the credit card 4, the authentication image 6 on the terminal 3 is recorded. A card authentication method (1) for combining

  The base image set (Key1) is distributed to the terminal 3 after being subjected to replacement conversion processing by the server 2. Further, the coefficient information (Key3) recorded in the recording unit 9 of the credit card 4 is subjected to encryption processing with an encryption key managed by the server 2 for the purpose of enhancing security, and then the credit card 4 Shall be recorded.

  FIG. 6 is a flowchart showing the contents of the card authentication method (1) in the control processing unit 14 of the terminal 3. The control processing unit 14 executes the process shown in FIG. 6 according to the program recorded in the ROM.

  The control processing unit 14 first performs authentication processing with the credit card 4 (step S.21). The control processing unit 14 sends information necessary for authentication to the credit card 4 to perform mutual authentication between the terminal 3 and the credit card 4 on the credit card 4 side using the arithmetic processing function of the IC card. The terminal 3 determines the authentication result based on the authentication result returned from the credit card 4.

  The control processing unit 14 of the terminal 3 that acquired the authentication result of the credit card 4 determines whether the credit card 4 is valid based on the acquired authentication result (step S.22). When it is determined that the authentication result is not valid (No in step S.22), the control processing unit 14 determines that the credit card 4 is illegal and displays a message that the credit card 4 is illegal use. The image is displayed on the image display unit 15 to warn the operator (step S.23), and the credit card 4 authentication process is terminated. In this way, by determining the validity of the credit card 4, unauthorized use of the credit card 4 can be prevented.

  On the other hand, when it can be determined that the authentication result is valid (Yes in step S.22), the control processing unit 14 accesses the credit card 4 via the card reader unit 11 and records the credit card 4. The coefficient information (Key 3) recorded in the section 9 and information about the card (card information) are acquired (step S.24). In the credit card 4, step S.E. In the authentication process shown in FIG. 21, the coefficient information (Key3) and the card information are allowed to be read only when the authentication that the terminal 3 is valid is performed. On the other hand, step S.I. In the authentication process shown in FIG. 21, when it is determined that the terminal 3 is not valid, the credit card 4 rejects the request for the coefficient information (Key3) and the card information by the control processing unit 14, thereby synthesizing the authentication image 6 Prevent unauthorized access to necessary data.

  Note that coefficient information (Key3) is recorded in the credit card 4 according to the card authentication method (1). For this reason, when authentication is permitted between the terminal 3 and the credit card 4, the control processing unit 14 obtains one piece of information (coefficient information (Key3)) required for the composition processing of the authentication image 6. It can be acquired.

  Next, the control processing unit 14 encrypts the terminal information and the card information using the public key of the server 2 and then transmits it to the server 2 (step S.25). The server 2 decrypts information (terminal information and card information) encrypted with the public key of the server 2 using its own private key.

  Since the information encrypted with the public key of the server 2 is transmitted from the terminal 3 to the server 2, the server 2 that does not have a secret key corresponding to the public key decrypts the encrypted information. I can't. However, the legitimate server 2 having a secret key corresponding to the public key can decrypt the information transmitted from the terminal 3 by using its own secret key. Thus, since the information transmitted from the terminal 3 is not decrypted unless the server 2 is valid, it is possible to prevent the terminal information and the card information from leaking to a third party. .

  The server 2 performs authentication processing of the terminal 3 based on the decrypted terminal information and performs authentication processing of the credit card 4 based on the card information. When it is determined by the authentication process of the terminal 3 and the credit card 4 that the terminal 3 and the credit card 4 are valid, the server 2 extracts the corresponding holder information from the holder information recording unit 24 based on the card information. . Then, the server 2 obtains index information (Key 2) necessary for synthesizing the authentication image 6 of the holder based on the extracted holder information, and recorded on the credit card 4 based on the holder information. Key information for decrypting the coefficient information (Key3) is obtained.

  Then, the server 2 performs index information replacement conversion processing based on the ID information of the terminal 3 specified in the authentication processing. For this reason, even if the arrangement order of the base image set is delivered to the terminal 3 after the replacement conversion process, it is necessary for the authentication image 6 synthesis process by referring to the index information subjected to the replacement conversion process. It is possible to specify the base image to be processed.

  Thereafter, the server 2 encrypts the index information (Key2) subjected to the replacement conversion process and the key information for decrypting the coefficient information (Key3) with the public key of the terminal 3, and then transmits the encrypted information to the terminal 3. .

  The terminal 3 receives the encrypted information transmitted by the server 2 (step S.26), and decrypts the received information with the secret key of the terminal 3, thereby obtaining the index information and the key information of the coefficient information. Is acquired (step S.27). The terminal 3 then decrypts the coefficient information (Key 3) read from the credit card 4 based on the key information of the acquired coefficient information (step S.28). In addition, the terminal 3 specifies a base image required for the synthesis process of the authentication image 6 based on the index information subjected to the replacement conversion process (step S.29).

  In this way, the terminal 3 can obtain the coefficient information required for the synthesis process of the authentication image 6 by performing the decoding process of the coefficient information, and further, based on the index information subjected to the replacement conversion process. The base image required for the synthesis process of the authentication image 6 can be obtained. And the terminal 3 performs the synthetic | combination process of the authentication image 6 by calculating | requiring the linear combination of a base image using the calculated | required coefficient information (step S.30). Thereafter, the terminal 3 displays the synthesized authentication image 6 on the image display unit 15 (step S.31), and provides the operator with the authentication image 6 of the holder.

  The operator compares the authentication image 6 of the holder displayed on the image display unit 15 with the face of the user of the credit card 4 to determine whether the user of the credit card 4 is a genuine owner. It can be confirmed visually. In particular, since the authentication image 6 displayed on the image display unit 15 is larger and more detailed than a face photograph that can be printed on the credit card 4 or the like, it is possible to improve the determination accuracy at the time of authentication. Further, since the operator can directly determine with the naked eye whether or not the card user is a holder from the authentication image 6, even if the hairstyle or clothes of the holder is different from the authentication image 6, By authentic judgment, the holder can be authenticated, and the safety of the credit card 4 can be further enhanced.

[Card authentication method (2)]
Next, when the base image set (Key1) is recorded in advance on the terminal 3, the coefficient information (Key3) is recorded on the server 2, and the index information (Key2) is recorded on the credit card 4, the authentication image is recorded on the terminal 3. A card authentication method (2) for combining

  In the case of the card authentication method (2), it is assumed that the base image set (Key1) is delivered to the terminal 3 without being subjected to replacement conversion processing by the server 2. As described in the card authentication method (1), the base image set (Key1) may be distributed to the terminal 3 after being subjected to the replacement conversion process. However, when the base image set (Key1) subjected to the replacement conversion process is distributed to the terminal 3, the index information also needs to be replaced with the server 2 based on the ID information of the terminal 3.

  In the case of the card authentication method (2), since the index information is recorded on the credit card 4 as described above, in order to perform the replacement conversion process on the index information based on the ID information of the terminal 3, After the terminal 3 reads the index information from the credit card 4, the terminal 3 needs to transmit the read index information to the server 2. Further, the server 2 needs to perform replacement conversion processing on the received index information based on the ID information of the terminal 3 and then transmit it to the terminal 3 again.

  However, transmitting the index information from the credit card 4 to the server 2 via the terminal 3 and performing a replacement conversion process in the server 2 and then returning the index information to the terminal 3 causes inefficiency in processing. Is. In addition, such unnecessary transmission / reception of index information may lead to a decrease in security of the index information. In reality, as shown in the card authentication method (1), the holder information of the server 2 In many cases, a method of recording and managing index information in the recording unit 24 is used.

  For this reason, in the case of the card authentication method (2) (when index information is recorded on the credit card 4), the server 2 distributes the base image set (Key1) to the terminal 3 without performing replacement conversion processing. The case will be described.

  Further, the index information (Key 2) recorded in the recording unit 9 of the credit card 4 is subjected to an encryption process with an encryption key managed by the server 2 for the purpose of enhancing security, and then the credit card 4 Shall be recorded.

  FIG. 7 is a flowchart showing the contents of the card authentication method (2) in the control processing unit 14 of the terminal 3. The control processing unit 14 executes the process shown in FIG. 7 according to the program recorded in the ROM.

  The control processing unit 14 first performs an authentication process with the credit card 4 (step S.41). The control processing unit 14 sends information necessary for authentication to the credit card 4 to perform mutual authentication between the terminal 3 and the credit card 4 on the credit card 4 side using the arithmetic processing function of the IC card. The terminal 3 determines the authentication result based on the authentication result returned from the credit card 4.

  The control processing unit 14 of the terminal 3 that has acquired the authentication result of the credit card 4 determines whether or not the credit card 4 is valid based on the acquired authentication result (step S.42). When it is determined that the authentication result is not valid (No in step S.42), the control processing unit 14 determines that the credit card 4 is illegal and displays a message that the credit card 4 is illegally used. The image is displayed on the image display unit 15 or the like to warn the operator (step S.43), and the credit card 4 authentication process is terminated. In this way, by determining the validity of the credit card 4, unauthorized use of the credit card 4 can be prevented.

  On the other hand, when it is determined that the authentication result is valid (Yes in step S.42), the control processing unit 14 accesses the credit card 4 via the card reader unit 11 and records the credit card 4. The index information (Key 2) recorded in the section 9 and information (card information) relating to the card are acquired (step S.44). In the credit card 4, step S.E. In the authentication process shown in 41, reading of the index information (Key 2) and the card information is permitted only when the authentication that the terminal 3 is valid is performed. On the other hand, step S.I. In the authentication process shown in 41, when it is determined that the terminal 3 is not valid, the credit card 4 combines the authentication image 6 by refusing the request for the index information (Key 2) and the card information by the control processing unit 14. Prevent unauthorized access to necessary data.

  In addition, index information (Key2) is recorded on the credit card 4 according to the card authentication method (2). For this reason, when the authentication is permitted between the terminal 3 and the credit card 4, the control processing unit 14 obtains one piece of information (index information (Key2)) required for the composition processing of the authentication image 6. It can be acquired.

  Next, the control processing unit 14 encrypts the terminal information and the card information using the public key of the server 2 and then transmits it to the server 2 (step S.45). The server 2 decrypts the information encrypted with the public key of the server 2 using its own private key.

  Since the information is transmitted from the terminal 3 to the server 2 after being encrypted with the public key of the server 2, the information transmitted from the terminal 3 is not decrypted unless it is a valid server 2. For this reason, it can prevent that terminal information and card information leak to a third party.

  The server 2 performs authentication processing of the terminal 3 based on the decrypted terminal information and performs authentication processing of the credit card 4 based on the card information. When it is determined that the terminal 3 and the credit card 4 are valid by the authentication process of the terminal 3 and the credit card 4, the server 2 extracts the corresponding holder information from the holder information recording unit 24 based on the card information. . Then, the server 2 obtains coefficient information (Key3) necessary for synthesizing the holder authentication image 6 based on the extracted holder information, and is recorded in the credit card 4 based on the holder information. The key information for decrypting the index information (Key2) is obtained.

  Thereafter, the server 2 encrypts the coefficient information (Key3) and the key information for decrypting the index information (Key2) with the public key of the terminal 3, and then transmits to the terminal 3.

  The terminal 3 receives the encrypted information transmitted by the server 2 (step S.46), and decrypts the received information with the private key of the terminal 3, thereby obtaining the key information of the coefficient information (Key3) and the index information. Are acquired (step S.47). Then, the terminal 3 decrypts the index information (Key2) read from the credit card 4 based on the key information of the acquired index information (step S.48), and based on the decrypted index information. The base image required for the authentication image 6 synthesis process is specified (step S.49).

  As described above, the terminal 3 can obtain the index information necessary for the composition process of the authentication image 6 by performing the decryption process of the index coefficient (Key2) acquired from the credit card 4. And the terminal 3 can obtain | require the base image required for the synthetic | combination process of the authentication image 6 from a base image set based on the calculated | required index information. Further, since the terminal 3 can acquire coefficient information from the server 2, the authentication image 6 can be combined by obtaining a linear combination of the base images using the acquired coefficient information. (Step S.50).

  Then, the terminal 3 displays the synthesized authentication image 6 on the image display unit 15 (step S.51), and provides the operator with the authentication image 6 showing the face photograph of the holder.

  The operator visually checks whether the user of the credit card 4 is a holder by comparing the authentication image 6 of the holder displayed on the image display unit 15 with the face of the user of the credit card 4. Therefore, the authentication accuracy of the holder can be improved, and the safety of the credit card 4 can be further increased.

[Card authentication method (3)]
Next, the base image set (Key 1) is recorded in advance on the terminal 3, the index information (Key 2) and the coefficient information (Key 3) are recorded on the credit card 4, and none of the Key 1 to Key 3 is recorded on the server 2. In this case, a card authentication method (3) for synthesizing the authentication image 6 at the terminal 3 will be described.

  In the case of the card authentication method (3), as in the case of the card authentication method (2), the base image set (Key1) is delivered to the terminal 3 without being subjected to replacement conversion processing by the server 2. To do. In addition, the index information (Key2) and coefficient information (Key3) recorded in the recording unit 9 of the credit card 4 are encrypted with an encryption key managed by the server 2 for the purpose of improving security. In addition, the credit card 4 is assumed to be recorded.

  FIG. 8 is a flowchart showing the contents of the card authentication method (3) in the control processing unit 14 of the terminal 3. The control processing unit 14 executes the process shown in FIG. 8 according to the program recorded in the ROM.

  The control processing unit 14 first performs an authentication process with the credit card 4 (step S.61). The control processing unit 14 sends information necessary for authentication to the credit card 4 to perform mutual authentication between the terminal 3 and the credit card 4 on the credit card 4 side using the arithmetic processing function of the IC card. The terminal 3 determines the authentication result based on the authentication result returned from the credit card 4.

  The control processing unit 14 of the terminal 3 that has acquired the authentication result of the credit card 4 determines whether or not the credit card 4 is valid based on the acquired authentication result (step S.62). When it is determined that the authentication result is not valid (No in step S.62), the control processing unit 14 determines that the credit card 4 is illegal and displays a message that the credit card 4 is illegally used. The image is displayed on the image display unit 15 or the like to warn the operator (step S.63), and the credit card 4 authentication process is terminated. In this way, by determining the validity of the credit card 4, unauthorized use of the credit card 4 can be prevented.

  On the other hand, when it is determined that the authentication result is valid (Yes in step S.62), the control processing unit 14 accesses the credit card 4 via the card reader unit 11, and records the credit card 4. Index information (Key 2), coefficient information (Key 3), and information (card information) related to the card recorded in the section 9 are acquired (step S.64). Note that the index information (Key2) and coefficient information (Key3) acquired from the credit card 4 are encrypted by the key information managed in the server 2, and as such, in the synthesizing process of the authentication image 6 as they are. It cannot be used.

  In the credit card 4, step S.E. In the authentication process shown in 61, reading of the index information (Key2), the coefficient information (Key3), and the card information is permitted only when the authentication that the terminal 3 is valid is performed. On the other hand, step S.I. If it is determined in the authentication process shown in 61 that the terminal 3 is not valid, the credit card 4 rejects the request for the index information (Key 2), the coefficient information (Key 3), and the card information by the control processing unit 14. This prevents unauthorized access to data or the like necessary for the authentication image 6 composition processing.

  In addition, since the index information (Key2) and the coefficient information (Key3) are recorded on the credit card 4 related to the card authentication method (3), the authentication is permitted between the terminal 3 and the credit card 4. In this case, the control processing unit 14 can acquire part of the information (index information (Key 2) and coefficient information (Key 3)) required for the authentication image 6 composition processing.

  Next, the control processing unit 14 encrypts the terminal information and the card information using the public key of the server 2, and transmits the encrypted information to the server 2 (step S.65). The server 2 decrypts the information encrypted with the public key of the server 2 using its own private key.

  Since the information is transmitted from the terminal 3 to the server 2 after being encrypted with the public key of the server 2, the information transmitted from the terminal 3 is not decrypted unless it is a valid server 2. For this reason, it can prevent that terminal information and card information leak to a third party.

  The server 2 performs authentication processing of the terminal 3 based on the decrypted terminal information and performs authentication processing of the credit card 4 based on the card information. When it is determined that the terminal 3 and the credit card 4 are valid by the authentication process of the terminal 3 and the credit card 4, the server 2 extracts the corresponding holder information from the holder information recording unit 24 based on the card information. . Then, the server 2 obtains key information for decrypting the index information (Key2) and the coefficient information (Key3) recorded on the credit card 4 based on the extracted holder information.

  Thereafter, the server 2 encrypts the key information for decrypting the index information (Key 2) and the coefficient information (Key 3) with the public key of the terminal 3, and then transmits to the terminal 3.

  The terminal 3 receives the encrypted information transmitted by the server 2 (step S.66), and decrypts the received information with the private key of the terminal 3, thereby obtaining index information (Key2) and coefficient information (Key3). Key information is acquired (step S.67). Then, the terminal 3 performs decryption processing on the index information (Key 2) read from the credit card 4 based on the key information of the acquired coefficient information (Key 3) and index information (Key 2), and at the same time the credit card 4 Decoding processing with the coefficient information (Key3) read out is performed (step S.68). Then, the terminal 3 specifies a base image necessary for the composition processing of the authentication image 6 based on the decoded index information (step S.69).

  In this way, the terminal 3 can obtain the index information required for the authentication image 6 synthesis process by performing the decryption process of the index information (Key 2) using the key information acquired from the server 2. Based on the obtained index information, the base image required for the synthesis process of the authentication image 6 can be obtained from the base image set. Further, the terminal 3 can obtain the coefficient information required for the authentication image 6 synthesizing process by decrypting the coefficient information (Key 3) using the key information acquired from the server 2.

Thereafter, the terminal 3 based on the acquired coefficient information and the obtained base image,
The authentication image 6 is synthesized by obtaining the linear combination of the base images using the obtained coefficient information (step S.70). Then, the terminal 3 displays the synthesized authentication image 6 on the image display unit 15 (step S.71), and provides the operator with the authentication image 6 showing the face photograph of the holder.

  The operator visually checks whether the user of the credit card 4 is a holder by comparing the authentication image 6 of the holder displayed on the image display unit 15 with the face of the user of the credit card 4. Therefore, the authentication accuracy of the holder can be improved, and the safety of the credit card 4 can be further increased.

[Card authentication method (4)]
Next, the base image set (Key1) is recorded in advance on the terminal 3, the index information (Key2) and the coefficient information (Key3) are recorded on the server 2, and none of the Key1 to Key3 is recorded on the credit card 4. In this case, a card authentication method (4) for synthesizing the authentication image 6 at the terminal 3 will be described.

  In the configuration shown in the card authentication method (4), neither the index information (Key2) nor the coefficient information (Key3) is recorded on the credit card 4, and therefore the card authentication method ( The authentication method in 4) can be used. Whether the IC card is used as the credit card 4 or the magnetic card is used, the card information is recorded in the recording unit 9 of the credit card 4. .

  Further, in the case of the card authentication method (4), as in the case of the card authentication method (2) and the card authentication method (3), the base image set (Key1) is not subjected to replacement conversion processing by the server 2. It is delivered to the terminal 3.

  FIG. 9 is a flowchart showing the contents of the card authentication method (4) in the control processing unit 14 of the terminal 3. The control processing unit 14 executes the process shown in FIG. 9 according to the program recorded in the ROM.

  The control processing unit 14 first performs an authentication process with the credit card 4 (step S.81). When an IC card is used as the credit card 4, the control processing unit 14 sends information necessary for authentication to the credit card 4, thereby using the arithmetic processing function of the IC card. The terminal 3 determines the mutual authentication between the terminal 3 and the credit card 4, and the terminal 3 determines the authentication result based on the authentication result returned from the credit card 4.

  On the other hand, when a magnetic card is used as the credit card 4, the authentication process of the terminal 3 cannot be performed on the credit card 4 side. For this reason, the terminal 3 performs a process of reading the card information of the credit card 4 via the card reader unit 11. Then, the terminal 3 transmits the terminal information and the card information to the server 2 after performing encryption processing using the public key of the server 2. The server 2 authenticates the validity of the terminal 3 and the credit card 4 based on the terminal information and the card information acquired from the terminal 3 after decrypting the encryption with the secret key. When the authentication is successful, the server 2 encrypts the authentication result indicating that the terminal 3 and the credit card 4 are valid using the public key of the terminal 3 and transmits the result to the terminal 3. The terminal 3 determines the authentication result of the credit card 4 by decrypting the received information using its own secret key.

  By the method described above, the authentication result of the credit card 4 is acquired in the terminal 3, and the control processing unit 14 of the terminal 3 determines whether the card is valid based on the acquired authentication result (step S.82). . When it is determined that the authentication result is not valid (No in step S.82), the control processing unit 14 determines that the credit card 4 is illegal and notifies the credit card 4 that it is illegal use. Is displayed on the image display unit 15 or the like to warn the operator (step S.83), and the card authentication process is terminated. In this way, by determining the validity of the credit card 4, unauthorized use of the card can be prevented.

  On the other hand, when it is determined that the authentication result is valid (Yes in step S.82), the control processing unit 14 accesses the credit card 4 via the card reader unit 11 and records the credit card 4. Information on the card (card information) recorded in the section 9 is acquired (step S.84).

  When an IC card is used as the credit card 4, the credit card 4 uses the step S.1. In the authentication process shown in 81, reading of card information is permitted only when authentication that the terminal 3 is valid is performed. On the other hand, step S.I. In the authentication process shown in 81, when it is determined that the terminal 3 is not valid, the credit card 4 rejects the card information request by the control processing unit 14, so that data necessary for the authentication image 6 composition process is obtained. Prevent unauthorized access.

  In the case where a magnetic card is used as the credit card 4, the step S. In 81, since the card information has already been acquired from the recording unit 9 of the credit card 4, the above-described processing (step S.84) need not be performed.

  Next, the control processing unit 14 encrypts the terminal information and the card information using the public key of the server 2 and then transmits the encrypted information to the server 2 (step S.85). The server 2 decrypts the information encrypted with the public key of the server 2 using its own private key.

  Since the information is transmitted from the terminal 3 to the server 2 after being encrypted with the public key of the server 2, the information transmitted from the terminal 3 is not decrypted unless it is a valid server 2. For this reason, it can prevent that terminal information and card information leak to a third party.

  The server 2 performs authentication processing of the terminal 3 based on the decrypted terminal information and performs authentication processing of the credit card 4 based on the card information. In the case of a magnetic card, step S.E. Since the authentication process has already been performed in 81, the above-described process (step S.85) can be omitted.

  When it is determined that the terminal 3 and the credit card 4 are valid by the authentication process of the terminal 3 and the credit card 4, the server 2 extracts the corresponding holder information from the holder information recording unit 24 based on the card information. . Then, the server 2 obtains index information (Key2) and coefficient information (Key3) necessary for synthesizing the authentication image 6 of the holder based on the extracted holder information.

  Thereafter, the server 2 encrypts the index information (Key2) and the coefficient information (Key3) with the public key of the terminal 3, and then transmits the encrypted information to the terminal 3.

  The terminal 3 receives the encrypted information transmitted by the server 2 (step S.86), and decrypts the received information with the secret key of the terminal 3 to obtain coefficient information (Key3) and index information (Key2). Are acquired (step S.87). And the terminal 3 specifies the base image required for the synthetic | combination process of the authentication image 6 based on the acquired index information (step S.88).

  As described above, the terminal 3 can obtain a base image required for the synthesis process of the authentication image 6 from the base image set based on the index information (Key 2) acquired from the server 2. Further, the terminal 3 performs the synthesis process of the authentication image 6 by obtaining a linear combination of the base images based on the coefficient information (Key 3) obtained from the server 2 and the obtained base images (step S.3). 89). Then, the terminal 3 displays the synthesized authentication image 6 on the image display unit 15 (step S.90), and provides the operator with the authentication image 6 showing the face photograph of the holder.

  The operator visually checks whether the user of the credit card 4 is a holder by comparing the authentication image 6 of the holder displayed on the image display unit 15 with the face of the user of the credit card 4. Therefore, the authentication accuracy of the holder can be improved, and the safety of the credit card 4 can be further increased.

  As described above, as shown in the above card authentication methods (1) to (4), the index information (Key 2) and coefficient information (Key 3) required for the composition processing of the authentication image 6 are stored in the credit card 4 or the server 2. When the terminal 3 performs the restoration process of the authentication image 6, after the strict authentication process regarding the credit card 4, the terminal 3, and the server 2 is performed, the terminal 3 combines the authentication image 6. By adopting a configuration for acquiring data (Key 1 to Key 3) necessary for processing, it is possible to prevent information required for the composition processing of the authentication image 6 from being stolen all at once by a third party. Therefore, it is possible to improve the security in the authentication process of the authentication image 6.

  Although the index information (Key 2) and the coefficient information (Key 3) have a relatively small amount of data, by adopting the card authentication method (4) shown in the present embodiment, the index information and the coefficient information are stored in the server 2. Can be recorded. In this way, the information to be recorded on the credit card 4 can be limited to the card information, so that the amount of data to be recorded on the credit card 4 can be reduced.

  Accordingly, even if an IC card is used as the credit card 4 or a magnetic card is used, the amount of data to be recorded on the credit card 4 can be reduced, so that many are issued today. Using the credit card 4 (such as a credit card with a small recording capacity) as it is, the authentication image 6 shown in the present embodiment can be combined.

  Further, at the time of renewal of the credit card, the card authentication method (1) to the card authentication described above is performed by changing the credit card to the IC card and recording the index information and coefficient information in the recording unit of the IC card. The method (3) can be realized, and the authentication accuracy of the holder can be improved smoothly without burdening the user with the burden of introducing the system.

  Finally, the differences between the credit card 4 and the terminal 3 used in the card authentication system 1 according to the present embodiment and the credit card and the terminal in the card authentication system conventionally used are examined and used conventionally. In the card authentication system and the card authentication system 1 according to the present embodiment, a case where each credit card is used in each terminal will be described.

  A terminal that is conventionally used is a first type terminal. The first type terminal performs authentication of the holder based on the signature of the holder or the password of the credit card. In the first type terminal, the distribution of the base image set is not performed by the server, and the authentication image synthesizing process is not performed in the terminal. Therefore, the operator authenticates the holder by presenting the card user's signature or password. For this reason, unlike the card authentication method of the terminal 3 shown in the present embodiment, the operator cannot visually compare the authentication image 6 displayed on the image display unit 15 and the state of the card user's face. .

  On the other hand, the terminal 3 of the card authentication method shown in the present embodiment is a second type terminal. As described above, the second type terminal obtains index information and coefficient information from the credit card 4 or the server 2 by the terminal 3, and the base obtained from the base image set distributed to the terminal 3 by the server 2 in advance. The authentication image 6 can be combined using the image. Therefore, the operator determines whether or not the card user is a valid owner (holder) by comparing the authentication image 6 displayed on the image display unit 15 with the face of the card user. It is possible to do.

  Also, the types of credit cards can be classified into two types corresponding to two types of terminals. First, a conventionally used credit card is a first type card. The first type card refers to a card in which an operator obtains a holder's signature or card password and authenticates the holder based on the signature or password. As an example of the first type card, a magnetic card or an IC card can be shown. However, only the card information is recorded in the recording unit of the credit card, and the index information and coefficient information as well as the base image collection are recorded. Not recorded.

  On the other hand, the credit card 4 of the card authentication method shown in the present embodiment is a second type card. In the recording unit 9 of the second type card, at least one of index information and coefficient information is recorded in addition to the card information. Therefore, when the authentication image 6 is synthesized using the card authentication method shown in the present embodiment, the authentication image is read by the terminal 3 by reading the index information or coefficient information recorded on the credit card 4. It is possible to acquire information necessary for the composition process 6.

  The table shown in FIG. 10 summarizes the holder authentication method when the above-described two types of cards are used in the above-described two types of terminals.

  First, the first type terminal performs authentication of the holder based on the signature of the holder or the password of the credit card, and does not have a function of combining authentication images and displaying them on the image display unit. For this reason, when using the first type card or the second type card for the first type terminal, the holder authentication is performed by obtaining the card user's signature or the credit card PIN as before. Will do. For this reason, even if a conventional type terminal (first type terminal) that does not have a function for synthesizing the authentication image 6 uses a second type card in which information necessary for the authentication image synthesizing process is recorded. By using the same holder authentication method (signature or personal identification number) as that of the conventional credit card, the card authentication processing is performed.

  Next, a case where the first type card or the second type card is used for the second type terminal will be considered.

  The second type terminal is a terminal 3 that authenticates the holder by acquiring index information or coefficient information from the credit card 4 or the server 2 and performing authentication image composition processing. Here, since the index information or the coefficient information is not recorded at all on the first type card, the terminal 3 cannot obtain information necessary for the composition process of the authentication image 6 from the credit card. However, if the user of the first type card provides information such as a photograph of the face of the holder to a credit card company or the like and the index information and coefficient information of the holder are already recorded in the server 2, By using the described card authentication method (4), the terminal 3 can acquire index information and coefficient information from the server 2.

  For this reason, when the type 1 card is used for the type 2 terminal and the index information and coefficient information necessary for the composition process of the authentication image 6 are recorded in the server 2, the type 2 terminal The authentication image 6 can be combined, and the operator can determine whether or not the card user is a valid owner (holder) based on the combined authentication image 6.

  On the other hand, when the type 1 card is used for the type 2 terminal and the index information and the coefficient information necessary for the composition process of the authentication image 6 are not recorded in the server 2, the type 1 card is stored in the type 1 terminal. As in the case of using the first type card, the holder can be authenticated based on the card user's signature or personal identification number.

  Next, a case where the second type card is used for the second type terminal will be described. On the second type card, at least one of index information and coefficient information is recorded. For this reason, the type 2 terminal can acquire index information or coefficient information from the type 2 card or the server 2, and can synthesize the authentication image 6 based on the base image set. For this reason, the operator can determine whether or not the card user is a valid owner (holder) based on the synthesized authentication image 6.

  As described above, when the card authentication system according to the present invention is introduced into the market, it is not necessary to replace terminals and credit cards that have been conventionally used at the same time. It becomes possible to spread the card | curd authentication system 1 which concerns on.

  The card authentication system according to the present invention has been described in detail with reference to the drawings. However, the card authentication system according to the present invention is not limited to the one shown in the embodiment. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present invention. Understood.

  For example, in the card authentication system 1 according to the present embodiment, the card authentication system using the credit card 4 has been described, but the card used is not limited to the credit card. A credit card is used as an example of a card that requires holder authentication. If the system requires holder authentication, the card uses a card other than a credit card, such as a company employee ID card or security card. It may be a management card or the like, and the card authentication system according to the present invention can be used in a holder authentication system in various fields.

  In the card authentication system 1 according to the present embodiment, the case where the principal component analysis method is used as the method for obtaining the base image has been described. However, the method for obtaining the base image is not limited to the principal component analysis method. It is not limited. Any method may be used as long as it obtains a base image that can show a low-dimensional distribution state that can well represent the distribution state from a high-dimensional distribution state based on the characteristics of a plurality of images. For example, by using a nearest neighbor search method, a method may be used in which k nearest neighbor images of an image to be synthesized are obtained as a base image and a least square method is obtained as a coefficient.

1 ... Card authentication system 2 ... Server (card authentication server)
3 ... Terminal (card authentication terminal)
4 ... Credit card (authentication card)
5 ... Network 6 ... Authentication image 9 ... (Credit card) recording unit 11 ... (Terminal) card reader unit (coefficient information acquisition means, index information acquisition means)
12 ... Image recording section (terminal) (image recording means)
13 (communication unit) (coefficient information acquisition means, index information acquisition means)
14 ... Control processing unit (of terminal) (image processing means, base image specifying means)
15 ... Image display unit 20 (of the terminal) ... Communication unit (of the server) (base image distribution means)
21 (control unit) (server) control unit (base image generation unit, base image update unit, authentication image synthesis unit, synthesis error determination unit, replacement conversion unit, classification unit, base image distribution unit)
22 ... (server) terminal information recording unit 23 ... (server) base image recording unit (base image recording means)
24 ... Holder information recording unit 25 (server) General image recording unit (server)

Claims (16)

Based on a base image collection composed of a plurality of base images and coefficient information corresponding to each of the base images, an authentication image combining process is performed to determine whether or not the card user is a holder. An authentication card used in a card authentication terminal,
An authentication card, wherein the coefficient information is recorded on the authentication card. A set of base images in which a plurality of base images composed of a plurality of base images having common features are combined in such a way that their features are different from each other;
Index information for identifying a base image used in the authentication image combining process used for determining the validity of the holder from the base image set;
An authentication card used in a card authentication terminal that performs the authentication image combining process by using coefficient information corresponding to each of a plurality of base images specified by the index information,
An authentication card, wherein at least one of the index information and the coefficient information is recorded on the authentication card. Image recording means for recording a base image collection composed of a plurality of base images;
Coefficient information acquisition means for acquiring coefficient information corresponding to each base image from an authentication card or a card authentication server connected via a network;
An image processing means for combining authentication images used for determining whether or not the card user is a holder based on the base image collection and the coefficient information; Authentication terminal. Image recording means for recording a plurality of base image sets obtained by combining a plurality of base image collections configured by a plurality of base images having a common feature so that their features are different from each other;
Index information for identifying the base image used for the authentication image synthesis process used for determining the validity of the holder from the base image set is acquired from an authentication card or a card authentication server connected via a network. Index information acquisition means for
Coefficient information acquisition means for acquiring coefficient information corresponding to each of a plurality of base images specified by the index information from the card authentication server connected via the authentication card or the network;
Base image specifying means for specifying a plurality of base images used for the authentication image combining process based on the index information acquired by the index information acquiring means;
Image processing means for combining the authentication image based on a plurality of base images specified by the base image specifying means and coefficient information corresponding to each of the plurality of base images. Card authentication terminal to be used. The plurality of base images recorded in the image recording means are recorded in a state where the replacement conversion process is changed for each card authentication terminal and the arrangement order of the base images is changed,
The card authentication terminal according to claim 3 or 4, wherein the index information is subjected to replacement conversion corresponding to replacement conversion processing of a base image recorded in the image recording unit. Based on a collection of base images composed of a plurality of base images and coefficient information corresponding to each of the base images, an authentication image combining process used for determining whether or not the card user is a holder is performed. A card authentication server connected via a network to a card authentication terminal to perform,
A base image recording means for recording a plurality of base images constituting the base image collection;
Base image update means for periodically updating some base images among a plurality of base images recorded in the base image recording means;
A card authentication server comprising: a base image distribution unit that distributes a new base image collection including the base image updated by the base image update unit to the card authentication terminal via the network. A base image set in which a plurality of base image collections configured by a plurality of base images having a common feature are combined in such a way that their features are different from each other;
Index information for identifying a base image used in the authentication image combining process used for determining the validity of the holder from the base image set;
A card authentication server connected via a network to a card authentication terminal that performs the authentication image composition processing by using coefficient information corresponding to each of a plurality of base images specified by the index information,
Base image recording means for recording a plurality of base images constituting the base image set;
Base image update means for periodically updating some base images among a plurality of base images recorded in the base image recording means;
A card authentication server comprising: a base image distribution unit that distributes a new set of base images including the base image updated by the base image update unit to the card authentication terminal via the network. The base image update means includes
Classification means for classifying a large number of images prepared for generating a base image into a plurality of groups according to image characteristics;
A base for generating a plurality of base images capable of displaying a low-dimensional distribution state capable of well expressing the distribution state from a high-dimensional distribution state based on the characteristics of the plurality of images belonging to the group classified by the classification unit Image generating means;
Using a plurality of base images belonging to each group generated by the base image generating means, authentication image combining means for combining authentication images corresponding to each of the multiple images;
The authentication error between the authentication image of each group combined by the authentication image combining means and the image is obtained, and the combining error of the authentication image combined using the base image of the group into which the image is classified by the classification means is Combining error determining means for determining whether the image is the smallest than the combined error of all the authentication images combined using the base image of the group in which the image is not classified by the classification means,
When it is determined by the combining error determination means that the combining error of the authentication image combined using the base image of the group that has not been classified by the classification means is the smallest, the classification means Reclassify the corresponding image to a group with a small synthesis error, and the base image generation means performs base image generation processing again using a plurality of images reclassified by the classification means, and the authentication image synthesis Means synthesizes an authentication image corresponding to each of the plurality of images using the plurality of base images regenerated by the base image generation means, and the synthesis error determination means re-engages the authentication image synthesis means. By obtaining a synthesis error between the authentication image of each group synthesized and the image, the classification unit re-classifies the image. Whether the authentication error of the authentication image synthesized using the bottom image is the smallest than the synthesis error of all the authentication images synthesized using the base images of the group in which the image is not classified again by the classification means Repeatedly determine whether
When it is determined by the combining error determination means that the combining error of the authentication image combined using the base image of the group into which the image is classified by the classification means is the smallest, the base image distribution means The card authentication server according to claim 6 or 7, wherein a plurality of base images generated by the base image generation means are distributed to the card authentication terminal. A replacement transform that changes the sequence of base images by performing a different replacement transform process for each card authentication terminal on a set of new base images in which some base images have been updated by the base image updating means. Having means,
The card according to any one of claims 6 to 8, wherein the base image distribution unit distributes a set of base images subjected to replacement conversion processing by the replacement conversion unit to the card authentication terminal. Authentication server. Based on a base image collection composed of a plurality of base images and coefficient information corresponding to each of the base images, an authentication image combining process is performed to determine whether or not the card user is a holder. A card authentication system,
The card authentication system
An authentication card in which the coefficient information is recorded, a card authentication terminal that performs the authentication image combining process, and a card authentication server connected to the card authentication terminal via a network,
The card authentication terminal
Image recording means for recording the base image collection;
Coefficient information acquisition means for acquiring the coefficient information from the authentication card;
A card authentication system, comprising: an image processing unit configured to combine the authentication images based on the base image collection and the coefficient information. Based on a base image collection composed of a plurality of base images and coefficient information corresponding to each of the base images, an authentication image combining process is performed to determine whether or not the card user is a holder. A card authentication system,
The card authentication system
A card authentication server in which the coefficient information is recorded, and a card authentication terminal that performs a composition process of the authentication image,
The card authentication terminal
Image recording means for recording the base image collection;
Coefficient information acquisition means for acquiring the coefficient information from the card authentication server connected via a network;
A card authentication system, comprising: an image processing unit configured to combine the authentication images based on the base image collection and the coefficient information. The card authentication server is
A base image recording means for recording a plurality of base images constituting the base image collection;
Base image update means for periodically updating some base images among a plurality of base images recorded in the base image recording means;
A base image distribution unit that distributes a new base image collection including the base image updated by the base image update unit to the card authentication terminal via the network;
The card authentication system according to claim 10 or 11, wherein the card authentication terminal causes the image recording unit to record a new base image collection distributed. A base image set in which a plurality of base image collections configured by a plurality of base images having a common feature are combined in such a way that their features are different from each other;
Index information for identifying a base image used in the authentication image combining process used for determining the validity of the holder from the base image set;
A card authentication system that performs a composition process of the authentication image by using coefficient information corresponding to each of a plurality of base images specified by the index information,
The card authentication system
An authentication card and a card authentication server capable of recording the index information and the coefficient information, and a card authentication terminal that performs a composition process of the authentication image;
The index information is recorded on either the authentication card or the card authentication server, and the coefficient information is recorded on either the authentication card or the card authentication server.
The card authentication terminal is
Image recording means for recording the base image set;
Index information acquisition means for acquiring the index information from the authentication card or the card authentication server connected to the network;
Coefficient information acquisition means for acquiring the coefficient information from the card authentication server connected to the authentication card or the network;
Base image specifying means for specifying a plurality of base images used for the authentication image combining process based on the index information acquired by the index information acquiring means;
Image processing means for combining the authentication image based on a plurality of base images specified by the base image specifying means and coefficient information corresponding to each of the plurality of base images. Card authentication system. The card authentication server is
Base image recording means for recording a plurality of base images constituting the base image set;
Base image update means for periodically updating some base images among a plurality of base images recorded in the base image recording means;
A base image distribution means for distributing a new base image set including the base image updated by the base image update means to the card authentication terminal via the network;
The card authentication system according to claim 13, wherein the card authentication terminal causes the image recording unit to record a new set of distributed base images. The base image update means of the card authentication server includes:
Classification means for classifying a large number of images prepared for generating a base image into a plurality of groups according to image characteristics;
A base for generating a plurality of base images capable of displaying a low-dimensional distribution state capable of well expressing the distribution state from a high-dimensional distribution state based on the characteristics of the plurality of images belonging to the group classified by the classification unit Image generating means;
Using a plurality of base images belonging to each group generated by the base image generating means, authentication image combining means for combining authentication images corresponding to each of the multiple images;
The authentication error between the authentication image of each group combined by the authentication image combining means and the image is obtained, and the combining error of the authentication image combined using the base image of the group into which the image is classified by the classification means is Combining error determining means for determining whether the image is the smallest than the combined error of all the authentication images combined using the base image of the group in which the image is not classified by the classification means,
When it is determined by the combining error determination means that the combining error of the authentication image combined using the base image of the group that has not been classified by the classification means is the smallest, the classification means Reclassify the corresponding image to a group with a small synthesis error, and the base image generation means performs base image generation processing again using a plurality of images reclassified by the classification means, and the authentication image synthesis Means synthesizes an authentication image corresponding to each of the plurality of images using the plurality of base images regenerated by the base image generation means, and the synthesis error determination means re-engages the authentication image synthesis means. By obtaining a synthesis error between the authentication image of each group synthesized and the image, the classification unit re-classifies the image. Whether the authentication error of the authentication image synthesized using the bottom image is the smallest than the synthesis error of all the authentication images synthesized using the base images of the group in which the image is not classified again by the classification means Repeatedly determine whether
When it is determined by the combining error determination means that the combining error of the authentication image combined using the base image of the group into which the image is classified by the classification means is the smallest, the base image distribution means The card authentication system according to claim 12 or 14, wherein a plurality of base images generated by the base image generation means are distributed to the card authentication terminal. The card authentication server is
A replacement transform that changes the sequence of base images by performing a different replacement transform process for each card authentication terminal on a set of new base images in which some base images have been updated by the base image updating means. Having means,
The base image distribution unit distributes a set of base images subjected to replacement conversion processing by the replacement conversion unit to the card authentication terminal. Card authentication system described in 1.

Images