JP2018134138A - Authentication apparatus, authentication method, and authentication program - Google Patents

Abstract

[PROBLEMS] To perform highly convenient authentication. An authentication apparatus according to the present application includes a generation unit and an authentication unit. The generation unit generates first feature information indicating physical characteristics of the user from the genetic data of the user. The authentication unit authenticates the user by collating the first feature information generated by the generation unit with the second feature information indicating the physical feature acquired from the user. [Selection] Figure 4

Description

  Embodiments described herein relate generally to an authentication device, an authentication method, and an authentication program.

  Conventionally, various methods are used for user authentication. For example, user authentication using a password is most popular because it is simple, but on the other hand, decoding technology has also improved, and biometric authentication, which is user authentication using biological features, has become widespread.

  For example, fingerprint authentication has been introduced in bank ATM usage. There are also face authentication and iris authentication. Furthermore, genetic authentication is known as the most accurate biometric authentication.

JP 2002-73572 A JP-A-2005-242777

  However, with the above-described conventional technology, it is not always possible to perform highly convenient authentication. For example, in the technique described in Patent Document 1, user authentication is performed by comparing a pre-registered hybridization pattern with an authentication table on which the hybridization pattern is formed. In the technique described in Patent Document 1, for example, when authentication is performed on the go, a situation may occur in which authentication cannot be performed due to the user forgetting or losing the authentication table. It is stress.

  In the technique described in Patent Document 2, authentication is performed by comparing a face photograph of a person to be authenticated registered in advance with a captured face photograph. In such a technique described in Patent Document 2, since the face changes with aging, the user has to re-register the face photograph many times.

  Therefore, the above-described conventional technology cannot always perform highly convenient authentication.

  The present application has been made in view of the above, and an object thereof is to provide an authentication apparatus capable of performing highly convenient authentication.

  An authentication apparatus according to the present application acquires from a user's genetic data, a generating unit that generates first feature information indicating a physical feature of the user, first feature information generated by the generating unit, and the user And an authentication unit that authenticates the user by collating the second feature information indicating the physical characteristics.

  According to one aspect of the embodiment, there is an effect that highly convenient authentication can be performed.

FIG. 1 is a diagram illustrating an example of authentication processing according to the embodiment. FIG. 2 is a diagram illustrating a configuration example of the control device according to the embodiment. FIG. 3 is a diagram illustrating an example of a gene information database according to the embodiment. FIG. 4 is a diagram illustrating a configuration example of the authentication device according to the embodiment. FIG. 5 is a diagram illustrating an example of the authentication target specifying database according to the embodiment. FIG. 6 is a diagram illustrating an example of the condition specifying database according to the embodiment. FIG. 7 is a sequence diagram illustrating a preprocessing procedure for the authentication processing according to the embodiment. FIG. 8 is a sequence diagram illustrating an authentication processing procedure by the authentication processing system according to the embodiment. FIG. 9 is a hardware configuration diagram illustrating an example of a computer that realizes the function of the authentication device.

  Hereinafter, an embodiment for implementing an authentication device, an authentication method, and an authentication program according to the present application (hereinafter referred to as “embodiment”) will be described with reference to the drawings. Note that the authentication apparatus, the authentication method, and the authentication program according to the present application are not limited by this embodiment. Moreover, in the following embodiment, the same code | symbol is attached | subjected to the same site | part and the overlapping description is abbreviate | omitted.

[1. (Authentication process)
First, an example of an authentication process according to the embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating an example of authentication processing according to the embodiment. The authentication process according to the embodiment is performed in the entire system 1 shown in FIG.

  First, the system configuration shown in FIG. 1 will be described. In the example of FIG. 1, the overall system 1 includes a terminal device 20, a vendor device 30, a control device 100, and an authentication device 200. The terminal device 20, the vendor device 30, the control device 100, and the authentication device 200 are connected to be communicable by wire or wireless via a network. The overall system 1 illustrated in FIG. 1 may include a plurality of terminal devices 10, a plurality of vendor devices 20, and a plurality of control devices 100 and 200.

  Further, as shown in FIG. 1, a system including control devices 100 and 200 included in the overall system 1 is referred to as an authentication system 10. Of the authentication processing according to the embodiment, the central processing is performed by the authentication system 10. Note that the authentication process performed by the control devices 100 and 200 may be performed by a single device that integrates the control devices 100 and 200.

  Next, details of the overall system 1 and the authentication system 10 will be described. The terminal device 20 is a terminal device having a photographing function. For example, the terminal device 20 is a signage having a camera function. Further, for example, the terminal device 20 may be a smartphone having a camera function, a tablet terminal, a notebook PC (Personal Computer), a desktop PC, a mobile phone, a PDA (Personal Digital Assistant), or the like. . Further, for example, the terminal device 20 may be an imaging device dedicated to authentication processing according to the embodiment.

  As will be described later, the terminal device 100 captures a specific part of the user's body in response to a user operation. Then, the terminal device 100 transmits captured image data obtained by shooting to the authentication device 200.

  The trader device 30 is a terminal device used by an analysis trader (hereinafter referred to as “analysis trader T”) that performs genetic analysis. For example, a smart phone, a tablet-type terminal, a notebook PC, a desktop PC, or a mobile phone Or PDA.

  Here, the analysis company T will be described. The analysis company T is a specialized institution (company) or a medical institution (hospital) that provides a gene analysis service. The analysis company T performs gene analysis on the visiting user. Or the analysis trader T mails a test kit to the user who requested it, and performs genetic analysis on a sample (for example, saliva) collected using the test kit.

  In the present embodiment, for example, a predetermined contract is made between the analysis company T and the management company that manages the authentication system 10. Therefore, the analysis company T provides the management company with genetic data that is an analysis result obtained by the gene analysis. That is, the trader device 30 transmits gene information to the control device 100. The analysis company T notifies the user who is the client of the analysis result.

  The authentication system 10 performs an authentication process according to the embodiment. The authentication system 10 performs authentication by indirectly using genetic data of a user to be authenticated. For this reason, it can be said that the authentication process concerning embodiment is a kind of gene authentication.

  Here, general gene authentication will be described. For example, in general gene authentication, when performing authentication, a sample is collected from a subject, and gene data is acquired by scientifically analyzing the collected sample. Then, authentication is performed by collating the acquired gene data with, for example, gene data registered in advance by the subject. Such gene authentication has a demerit that it takes time to analyze a sample and acquire gene data, that is, it takes a longer time to obtain an authentication result, and is not highly convenient.

  In addition, as a gene authentication to eliminate such disadvantages, there is a technology that uses a special print created by dissolving an individual gene, but forgetting the special print at the time of authentication. If it is lost or lost, it is natural that authentication is not possible and it is not always convenient. In the first place, the procedure for creating special printing is troublesome and expensive.

  As described above, in general gene authentication, it can be said that a gene itself is used for authentication, that is, personal information is used for authentication. This is because a gene is unique to an organism. Therefore, gene authentication is generally known to have particularly high authentication accuracy among many user authentications, but it may not always be safe from a security aspect. For example, when genetic information is stolen from the outside during authentication, there is a possibility that an individual can be identified from the genetic information.

  Based on the problems in gene authentication as described above, the authentication system 10 according to the embodiment performs authentication by indirectly using gene data instead of using gene data itself at the time of authentication. .

  Specifically, the authentication system 10 generates first feature information indicating a physical feature of the user from the genetic data of the user by using the functions of the control devices 100 and 200. And the authentication system 10 collates the 1st characteristic information produced | generated by the function of the control apparatuses 100 and 200, and the 2nd characteristic information which shows the physical characteristic acquired from the user, and authenticates this user I do. Below, an example of the authentication process performed by the authentication system 10 is demonstrated concretely.

  Here, the user U1 is used as the user who is authenticated. The user U1 needs to have the genetic data registered in the control device 100 by undergoing the heterogeneous test before the authentication according to the embodiment is performed. This will be described first from this point.

  For example, the user U1 transmits a genetic test request to the control device 100 by using his / her terminal device (step S1). For example, the user U1 accesses the control apparatus 100 using an account issued with the control apparatus 100. Then, the user U1 requests genetic testing from a predetermined registration screen.

  Then, when receiving the genetic test request from the user U1, the control device 100 transmits to the analysis company T that the user U1 wishes to receive a genetic test (step S2). For example, the control device 100 transmits a user ID (user ID “U1”), which is identification information of the user U1, to the supplier device 30. Then, when the user ID “U1” is received by the supplier device 30, the analysis supplier T receives a genetic test request from the user U1.

  After the genetic testing request is received by the analysis company T, the user U1 actually receives the genetic testing (step S3). The user U1 may go directly to the analysis company T and receive a genetic test, or send a sample collected using the test kit sent from the analysis company T back to the analysis company T to receive a genetic test. May be.

  Next, the trader apparatus 30 transmits the analysis result obtained by analyzing the gene of the user U1 by the analysis trader T to the control apparatus 100 (step S4). For example, the trader apparatus 30 associates the user ID “U1” with the analysis result and transmits the association result to the control apparatus 100. The control device 100 stores the analysis result received from the supplier device 30 in the gene information database 121 (step S5). For example, the control device 100 stores the analysis result received from the supplier device 30 in the gene information database 121 as gene data.

  The control device 100 may generate predetermined gene data based on the analysis result received from the supplier device 30 and store the generated gene data in the gene information database 121. An example is shown in this regard. The control device 100 calculates a hash value corresponding to the gene information indicated by the analysis result by multiplying the analysis result received from the supplier device 30 by the hash function. And the control apparatus 100 stores this hash value in the gene information database 121 as gene data.

  Here, the analysis result is personal information (in the example of FIG. 1, personal information of the user U1), but the hash value is not personal information, and original information (analysis result) is obtained from the hash value. Have difficulty. Therefore, by storing the hash value obtained from the analysis result rather than storing the analysis result itself, the security from the viewpoint of security becomes higher.

  As shown in the gene information database 121 in FIG. 1, the control apparatus 100 stores “gene ID” and “birth date” as described above in association with “user ID”. In the example of the user U1, the control device 100 associates the user ID “U1” with gene data “DA1” based on the analysis result obtained by analyzing the gene of the user U1 and the date of birth “YMD1” of the user U1. And stored in the gene information database 121. The date of birth is, for example, registered in step S1.

  The steps described so far can be said to be preprocessing for actually performing authentication among the authentication processing according to the embodiment. In the subsequent steps, authentication is actually performed using the gene data stored in the gene information database 121.

  For example, the terminal device 20 transmits an authentication request to the authentication device 200 according to the operation of the user U1 (step S6). The authentication request is, for example, a signal that requests the authentication device 200 to authenticate the user U1. Further, the terminal device 20 can be assumed as, for example, a signage installed to perform user authentication at the entrance of the event venue, an ATM installed in a bank, or the like.

  Upon receiving the authentication request, the authentication device 200 specifies an authentication target. Specifically, the authentication device 200 identifies a physical feature (referred to as “authentication target”) to be authenticated (step S7). That is, the authentication device 200 specifies which part (authentication target) of the predetermined part of the body of the user U1 is used for authentication. For example, the authentication apparatus 200 specifies a part having a higher gene contribution rate among the specific parts of the body of the user U1 as an authentication target to be used for authentication.

  As will be described later, authentication target candidates are stored in the authentication target specifying database 221, and the authentication apparatus 200 can specify an authentication target to be used for authentication from here. On the other hand, the authentication device 200 may cause the user U1 to designate an authentication target. For example, the authentication device 200 may cause the user U1 to specify which part of the body is used for authentication. In the example of FIG. 1, the authentication apparatus 200 specifies “lips” as an authentication target.

  Subsequently, the authentication device 200 requests the control device 100 and the user U1 for the image data (part image data) of the part specified in step S7 (step S8). That is, the authentication apparatus 200 requests image data of “lips” (“lips” image data).

  For example, the authentication device 200 requests the “lip” image data corresponding to the user ID “U1” by transmitting the user ID “U1” to the control device 100. In addition, the authentication device 200 instructs the user U1 to take a picture of his / her face using the terminal device 20 and transmit the face image data obtained by the photographing. The authentication device 200 causes the user U1 to recognize the content of the instruction by displaying such an instruction on the display screen of the terminal device 20, for example.

  Upon receiving the request for “lip” image data from the authentication device 200, the control device 100 generates “lip” image data from the gene data. For example, the control apparatus 100 acquires gene data corresponding to the user ID “U1” from the gene information database 121, and generates “lip” image data from the gene data.

  Then, control device 100 transmits the generated “lip” image data to authentication device 200 (step S9). In the present embodiment, the image data generated by the control device 100 as described above and information indicating the shape of a predetermined part of the body of the user who is authenticated is referred to as “first image data”. “First image data” is an example of first feature information indicating a physical feature of a user. The “lip” image data generated here includes only the “lips” of the user U1, and does not include the entire face, for example.

  Here, the control device 100 can use any technique as a method for generating the first image data from the gene data. For example, the control device 100 uses machine information collected from various users to determine what characteristics each part of the human body shows in accordance with the gene information. I will do it. For example, the control device 100 generates a learning model by machine learning for each part of the human body (particularly, a part having a high gene contribution rate). For example, the control apparatus 100 performs machine learning on what kind of DNA sequence the lips form, and generates a learning model. In such a learning model, by inputting a hash value obtained from a target DNA sequence, the shape of a part corresponding to the DNA sequence can be calculated as a feature amount.

  Therefore, in step S <b> 9, the control device 100 calculates the feature amount indicating the shape of the lip of the user U <b> 1 by inputting the genetic data of the user U <b> 1 to the learning model corresponding to “lip”. Then, the control device 100 generates “first image data” that is the “lip” image data of the user U1 based on the calculated feature amount.

  On the other hand, the terminal device 20 captures the face of the user U1 with a built-in camera in response to the operation of the user U1. Then, the terminal device 20 transmits “lip” image data obtained by cutting out only the “lip” portion from the face image data obtained by photographing to the authentication device 200 (step S10). In this way, information indicating the shape of a predetermined part of the body, which is image data acquired from a user who is authenticated, is referred to as “second image data”. “Second image data” is an example of second feature information indicating a physical feature acquired from a user.

  Then, the authentication device 200 generates the “first image data” generated by the control device 100 and the “second image data” (both image data indicating the “lips” of the user U1) acquired from the user U1. Upon reception (step S11), the user U1 is authenticated by collating “first image data” with “second image data” (step S12). For example, the authentication device 200 authenticates the user U1 by checking the shape of the lips included in the “first image data” with the shape of the lips included in the “second image data”.

  For example, the authentication device 200 determines whether or not the collated collation result satisfies a predetermined condition. The predetermined condition is “obtain authentication when the matching rate by collation is a predetermined value (for example, matching rate 90%) or more”. Therefore, for example, when the matching rate (matching rate of lip shape) when the “first image data” and the “second image data” are collated is equal to or greater than a predetermined value, the authentication apparatus 200 determines that the user U1 Get the certification. On the other hand, the authentication device 200 outputs an error when the matching rate when the “first image data” and the “second image data” are collated is less than a predetermined value. For example, the authentication device 200 displays on the display screen of the terminal device 20 as an error that the authentication has failed.

  If the matching rate when the “first image data” and the “second image data” are collated is less than a predetermined value, the authentication apparatus 200 relaxes the condition (for example, sets the matching rate to 80%). If the condition after relaxation is satisfied, the user U1 may be authenticated. Further, if the relaxed condition is not satisfied, the authentication apparatus 200 may output an error.

  As described above, the authentication system 10 configured by the control device 100 and the authentication device 200 acquires image data of a predetermined part of the body from the user who is the person to be authenticated, and the same part as the predetermined part. Is generated from the genetic data of the user. Then, the authentication system 10 authenticates the user by checking the shape of the predetermined part based on the generated image data and the image data acquired from the user.

  Although not shown, the authentication apparatus 200 completely deletes both the “first image data” and the “second image data” when the authentication process is completed regardless of the authentication result.

  In the authentication system 10 according to such an embodiment, the user only needs to provide image data on the spot to be authenticated. In addition, since image data that is correct data is generated from its own gene data in real time and collation is performed, the user does not wait for a long time until a collation result is obtained. In addition, the user does not need to perform the troublesome work of regularly providing his / her face data like face authentication. Therefore, the authentication system 10 according to the embodiment has an effect that highly convenient authentication can be performed.

  Further, the authentication system 10 does not use the entire face of the user for authentication, such as performing authentication using a part of the user's body (for example, “lips”). That is, since the authentication system 10 does not perform authentication using personal information (for example, the entire face) that allows the user to be easily identified from an external third party, for example, the authentication system 10 performs more secure authentication. be able to. Further, the control device 100 can also realize more secure authentication by holding only the hash value obtained from the analysis result, not the analysis result itself by the genetic test.

[2. Configuration of control device]
Next, the control device 100 according to the embodiment will be described with reference to FIG. FIG. 2 is a diagram illustrating a configuration example of the control device 100 according to the embodiment. As illustrated in FIG. 2, the control device 100 includes a communication unit 110, a storage unit 120, and a control unit 130.

(About the communication unit 110)
The communication unit 110 is realized by, for example, a NIC (Network Interface Card). The communication unit 110 is connected to the network N in a wired or wireless manner, and transmits and receives information to and from the terminal device 20, the vendor device 30, and the authentication device 200, for example.

(About the storage unit 120)
The storage unit 120 is realized by, for example, a semiconductor memory device such as a RAM (Random Access Memory) or a flash memory, or a storage device such as a hard disk or an optical disk. The storage unit 120 has a gene information database 121.

(About gene information database 121)
The gene information database 121 is a storage unit that stores gene data based on the analysis result of gene analysis. Here, FIG. 3 shows an example of the gene information database 121 according to the embodiment. In the example of FIG. 3, the gene information database 121 includes items such as “user ID”, “gene data”, “birth date”, “name”, and “address”.

  “User ID” indicates identification information for identifying a user. “Gene data” indicates data based on analysis results obtained by analyzing a user's gene by genetic testing. Although the analysis result itself may be stored as “gene data”, it is desirable to store a hash value obtained by multiplying the analysis result by a hash function from the viewpoint of security.

  “Birth date” indicates the birth date of the corresponding user. “Name” indicates the name of the corresponding user. “Address” indicates the address of the corresponding user.

  That is, the example of FIG. 3 indicates that gene data “DA1” is obtained from the analysis result of analyzing the gene of the user (user U1) indicated by the user ID “U1”. The user U1 shows an example in which the date of birth is “YMD1”, the name “NA1”, and the address “ADD1”.

(About the control unit 130)
Returning to FIG. 2, the control unit 130 executes various programs stored in a storage device inside the control device 100 using a RAM as a work area by a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or the like. It is realized by. The control unit 130 is realized by an integrated circuit such as an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA).

  As illustrated in FIG. 3, the control unit 130 includes a request unit 131, a reception unit 132, a storage unit 133, and a generation unit 134, and realizes or executes information processing functions and operations described below. . The internal configuration of the control unit 130 is not limited to the configuration illustrated in FIG. 2, and may be another configuration as long as the information processing described later is performed. In addition, the connection relationship between the processing units included in the control unit 130 is not limited to the connection relationship illustrated in FIG. 2, and may be another connection relationship.

(About request unit 131)
The request unit 131 mediates a genetic test request from the user to the analysis company. In the example of FIG. 1, when the request unit 131 receives an input of a user ID and other user information (birth date, name, address, etc.) from the user U1, the user U1 receives a genetic test for the analysis company T. Send a message to the effect. For example, the request unit 131 transmits the user ID “U1” and the “name” of the user U1 to the dealer apparatus 30. The analysis company T completes receiving the genetic test request from the user U1 when the user ID and the name are received by the company apparatus 30. Further, the request unit 131 stores the user ID and other user information in the gene information database 121.

(Receiver 132)
The receiving unit 132 receives the analysis result obtained by analyzing the user's gene from the analysis company. As illustrated in FIG. 1, for example, when a gene analysis is performed on the user U1 by the analysis company T, the reception unit 132 receives the analysis result from the company terminal 30 of the analysis company T.

(About the storage unit 133)
The storage unit 133 stores gene data based on the analysis result received by the receiving unit 132 in the gene information database 121. For example, the storage unit 133 calculates a hash value corresponding to gene information (for example, a DNA sequence) indicated by the analysis result by multiplying the analysis result received by the reception unit 132 by a hash function. Then, the storage unit 133 stores the calculated hash value in the gene information database 121.

(About the generator 134)
The production | generation part 134 produces | generates the 1st characteristic information which shows the said user's physical characteristic from a user's genetic data. For example, the generation unit 134 specifies, when the authentication target, which is a physical feature to be authenticated, is specified by the specifying unit 232 of the authentication device 200, that is, what physical feature is used for authentication. The user who receives the authentication generates first feature information indicating what the physical feature is.

  For example, the specifying unit 232 specifies a part of a predetermined part of the human body that has a higher gene contribution rate, and specifies that the shape of the specified part is used for matching. In addition, the specifying unit 232 specifies a part of the predetermined part of the human body that is considered to have a higher gene contribution rate, and specifies that the length of the specified part (which may be a width) is used for matching. Also good.

  The generation unit 134 will be described more specifically. The generation unit 134 generates information indicating the shape of a predetermined part of the user's body as the first feature information. For example, it is assumed that the “lip shape” is specified as an authentication target by the specifying unit 232. In other words, it is assumed that the “lip shape” is designated by the specifying unit 232 to be used for collation. In such a case, the generation unit 134 generates information indicating the “lip shape” of the user as the first feature information. For example, the generation unit 134 generates image data (first image data) that is information indicating the user's “lip shape” based on the user's genetic data and the date of birth of the user.

  The generation unit 134 can use a learning model obtained by machine learning when generating the first image data based on the gene data and the date of birth. For example, the generation unit 134 performs machine learning using gene information (analysis result by genetic test) collected from various users. As an example, the generation unit 134 performs machine learning on what characteristics each part of the human body shows in accordance with gene information collected from various users. And the production | generation part 134 produces | generates the learning model by machine learning for every site | part of the human body (especially site | part with which the contribution rate of a gene is considered high). For example, the generation unit 134 performs machine learning on what kind of DNA sequence the lip will have and generates a learning model. Such a learning model can calculate the shape of a part corresponding to a DNA sequence as a feature amount by inputting a hash value or a date of birth obtained from the target DNA sequence.

  Therefore, for example, when the authentication target is “lip shape”, the generation unit 134 inputs the genetic data of the user to be authenticated into the learning model corresponding to “lip”, thereby The feature amount indicating the “shape” is calculated. Then, the generation unit 134 generates first image data that is the user's “lip” image data based on the calculated feature amount.

  In addition, the production | generation part 134 can also produce | generate 1st feature information directly from gene data and a date of birth using methods, such as deep learning. The machine learning may be performed by a processing unit (for example, a learning unit) other than the generation unit 134.

[3. Configuration of authentication device]
Next, the authentication apparatus 200 according to the embodiment will be described with reference to FIG. FIG. 4 is a diagram illustrating a configuration example of the authentication device 200 according to the embodiment. As illustrated in FIG. 4, the authentication device 200 includes a communication unit 210, a storage unit 220, and a control unit 230.

(About the communication unit 210)
The communication unit 210 is realized by a NIC or the like, for example. The communication unit 210 is connected to the network N in a wired or wireless manner, and transmits and receives information to and from the terminal device 20, the vendor device 30, and the control device 100, for example.

(Regarding storage unit 220)
The storage unit 220 is realized by, for example, a semiconductor memory device such as a RAM or a flash memory, or a storage device such as a hard disk or an optical disk. The storage unit 220 includes an authentication target specifying database 221 and a condition specifying database 222.

(Regarding the authentication target specifying database 221)
The authentication target specifying database 221 stores authentication target candidates such as what physical characteristics are used for authentication. Here, FIG. 5 shows an example of the authentication target specifying database 221 according to the embodiment. In the example of FIG. 5, the authentication target specifying database 221 includes an item “part”.

  As shown in FIG. 5, each part of the face such as eyes, nose, lips, chin, etc. and each part of the hand such as fingers, nails,. Each of these sites is an example of a site with a high gene contribution rate, and it goes without saying that other sites may be associated with each other. The registration of the part in the authentication target specifying database 221 is performed by an administrator of the authentication system 10, for example. In the present embodiment, the authentication target specifying database 221 does not store a coarse-grained part such as “face” or “upper body” that is easy to specify an individual.

(Regarding the condition specifying database 222)
The condition specifying database 222 stores condition information for obtaining authentication. For example, the authentication apparatus 200 obtains user authentication when the collation result satisfies the condition information. FIG. 6 shows an example of the condition specifying database 222 according to the embodiment. In the example of FIG. 6, the condition specifying database 222 has items such as “condition ID” and “condition information”.

  “Condition ID” indicates identification information for identifying each condition. “Condition information” indicates a condition indicated by a corresponding “condition ID”. That is, in the example of FIG. 6, the condition indicated by the condition ID “J1” is “match rate 90% or more”. This means that “when the matching rate, which is the collation result, is 90%, user authentication is obtained”.

(About the control unit 230)
Returning to FIG. 4, the control unit 230 is realized by executing various programs stored in the storage device inside the authentication apparatus 200 using the RAM as a work area by the CPU, the MPU, or the like. The control unit 230 is realized by an integrated circuit such as ASIC or FPGA, for example.

  As illustrated in FIG. 4, the control unit 230 includes a request reception unit 231, a specification unit 232, an acquisition unit 233, a conversion unit 234, and an authentication unit 235, and functions and functions of information processing described below. Realize or execute. Note that the internal configuration of the control unit 230 is not limited to the configuration illustrated in FIG. 4, and may be another configuration as long as information processing described later is performed. Further, the connection relationship between the processing units included in the control unit 230 is not limited to the connection relationship illustrated in FIG. 4, and may be another connection relationship.

(About the request reception unit 231)
The request reception unit 231 receives an authentication request that instructs to perform authentication. For example, the request reception unit 231 receives an authentication request from the terminal device 20 operated by the user.

(About the specific part 232)
When the authentication request is received by the request receiving unit 231, the specifying unit 232 specifies an authentication target that is a physical feature to be authenticated. That is, the specifying unit 232 specifies what physical characteristics are used for authentication. For example, the specifying unit 232 specifies a part having a higher gene contribution ratio among predetermined parts of the human body as an authentication target.

  For example, the specifying unit 232 specifies a part of a predetermined part of the human body that has a higher gene contribution rate, and specifies that the shape of the specified part is used for verification to obtain authentication. To do. Further, the specifying unit 232 specifies a part of the predetermined part of the human body that has a higher gene contribution rate, and the size of the specified part (horizontal width or vertical width) is used for verification to obtain authentication. To be specified.

  The specifying unit 232 specifies the authentication target by referring to the authentication target specifying database 221. As shown in FIG. 5, since the name of each part of the human body is stored in the authentication target specifying database 221, the specifying unit 232 selects one part from the names. Further, the specifying unit 232 selects whether the “shape” of the selected part is to be authenticated or “size” is to be authenticated.

  For example, when the parts “lips” and “shape” are selected, the specifying unit 232 specifies “lip shape” as an authentication target and specifies that “lip shape” is used for authentication. In addition, when the parts “lips” and “size” are selected, the specifying unit 232 specifies “lip size” as an authentication target and specifies that “lip size” is used for authentication. The “size” here may be, for example, one of “horizontal width” and “vertical width”, or both.

  The specifying unit 232 also specifies condition information for obtaining authentication. For example, the specifying unit 232 refers to the condition specifying database 222 and selects one of the stored condition information, thereby specifying the selected condition information as condition information for obtaining authentication.

(About the acquisition unit 233)
The acquisition unit 233 receives information such as what physical features the user to be authenticated has as physical features corresponding to the authentication target specified by the specifying unit 232, and receives authentication. Obtain from the user.

  Of the information about what physical features the user receiving authentication has, what is acquired from the control device 100 side corresponds to the first feature information. Moreover, what is acquired from the user himself / herself who is authenticated among the information such as what physical characteristics the user to be authenticated has corresponds to the second characteristic information.

  That is, the acquisition unit 233 responds to the authentication target by transmitting the authentication pair specified by the specifying unit 232 and the user ID of the user to be authenticated to the control device 100 in association with the control device 100. It requests | requires producing | generating the 1st characteristic information which shows the physical characteristic of this user as a physical characteristic to perform. By transmitting such a request, the acquisition unit 233 acquires the first feature information. The generation unit 134 of the control device 100 described above generates the first feature information in response to a request from the acquisition unit 233. Since the generation method is as described above, the description thereof is omitted here.

  On the other hand, the acquisition unit 233 instructs the user who is authenticated to provide the second feature information indicating the physical feature of the user as the physical feature corresponding to the authentication target. For example, the acquisition unit 233 requests provision of the second feature information by displaying the instruction content on the display screen of the terminal device 20. By performing such an instruction, the acquisition unit 233 acquires the second feature information. As described with reference to FIG. 1, as a providing method by the user, it is preferable to take a picture using the terminal device 20.

(About the conversion unit 234)
The conversion unit 234 converts the second feature information acquired from the user by the acquisition unit 233 into numerical data in accordance with the content to be authenticated. As will be described later, the specifying unit 232 may specify “lip size” as an authentication target. That is, the specifying unit 232 may specify that “lip size” is used for authentication.

  Here, since the second feature information acquired from the user via the terminal device 20 is image data, the conversion unit 234 analyzes the image data acquired by the acquisition unit 233 to convert the image data into numerical values. By converting to data, numerical data indicating the size of the “lips” included in the image data is generated.

(About the authentication unit 235)
The authenticating unit 235 collates the first feature information generated by the generating unit 134 of the control device 100 with the second feature information indicating the physical features acquired from the user who is authenticated, so that the user's Authenticate. Specifically, the authentication unit 235 obtains authentication for the user when the collation result obtained by collating the first feature information and the second feature information satisfies predetermined condition information.

  For example, when the specification unit 232 specifies that “the shape of the predetermined part of the body” is used for authentication, the generation unit 134 includes the first feature information indicating the “shape of the predetermined part of the body” of the user who is authenticated (FIG. In the first example, first image data) is generated. In addition, the user who receives the authentication uses the terminal device 20 to transmit the second feature information indicating the “shape of the predetermined part of the body” to the authentication device 200.

  Then, when the first feature information and the second feature information are acquired by the acquisition unit 233, the authentication unit 235 performs user authentication by comparing the first feature information and the second feature information. For example, the authentication unit 235 collates the first feature information and the second feature information, and calculates a matching rate indicating how much the first feature information matches the second feature information. Then, the authentication unit 235 determines whether or not the calculated match rate satisfies the condition information specified by the specifying unit 232. For example, when the condition information “match rate 90% or higher” is specified by the specifying unit 232, the authentication unit 235 obtains user authentication if the calculated match rate is “90% or higher”. On the other hand, if the calculated matching rate is “less than 90%”, the authentication unit 235 determines that an authentication error has occurred.

  Further, when the authentication is obtained, the authentication unit 235 notifies the user that the authentication has been obtained via the display screen of the terminal device 20. When the authentication is obtained, the authentication unit 235 notifies the user of an authentication error via the display screen of the terminal device 20. Note that if the authentication is not obtained, the authentication unit 235 refers to the condition specifying database 222, specifies condition information that is looser than the current condition information, and calculates the condition information with the calculated matching rate being relaxed. Whether it is an authentication or an error may be determined depending on whether or not it is satisfied.

[4. Example of authentication process)
Now, in the following, an example of the authentication process will be described with the above processing units clarified. Assume that a user who is authenticated is a user U1, and the user U1 has undergone a genetic test in advance. That is, it is assumed that the control device 100 already holds the gene data of the user U1 in the gene information database 121.

  First, the terminal device 20 transmits an authentication request to the authentication device 200 according to the operation of the user U1. Next, when the authentication request is received by the request receiving unit 231, the specifying unit 232 refers to the authentication target specifying database 221 and specifies the authentication target. Also, the specifying unit 232 refers to the condition specifying database 222 and specifies the condition information. Here, it is assumed that the specifying unit 232 specifies “lip shape” as a physical feature used for authentication. Further, the specifying unit 232 specifies the condition information “match rate 90% or more”.

  When the identifying unit 232 identifies as described above, the identifying unit 232 outputs to the obtaining unit 233 information indicating that authentication is performed using the “lip shape”. Further, the specifying unit 232 outputs the condition information “match rate 90% or more” to the authentication unit 235.

  Next, the acquisition unit 233 associates the authentication target “lip shape” specified by the specifying unit 232 with the user ID “U1” and transmits the control unit 100 to the control device 100. Thus, the acquisition unit 233 requests the control device 100 to generate first image data (an example of first feature information) that is image data indicating the “lip shape” of the user U1.

  Upon receiving the request from the acquisition unit 233, the generation unit 134 extracts the gene data of the user U1 from the gene information database 121, and generates first image data from the gene data. The first image data generated by the generation unit 134 at this time is image data that can recognize the “lip shape” of the user U1 and includes only “lips”. That is, the first image data does not include the entire face of the user U1. The generation unit 134 transmits the generated first image data to the acquisition unit 233.

  In addition, the acquisition unit 233 instructs the user U1 to provide the image data of “lips” via the terminal device 20. For example, the acquisition unit 233 instructs the user U1 to photograph his / her face using the terminal device 20. When the terminal device 20 takes in the image data of the face of the user U1 in response to the operation of the user U1, the second image data (an example of the first feature information) is image data obtained by cutting out only the “lip” portion from the terminal U20. Is transmitted to the acquisition unit 233. That is, the second image data is image data including only the “lips” of the user U1, and does not include the entire face of the user U1.

  The acquisition unit 233 acquires the first image data from the control device 100 and the second image data from the user U1 as described above.

  Then, the authentication unit 235 authenticates the user U1 by comparing the first image data acquired by the acquisition unit 233 with the second image data. For example, the authentication unit 235 collates the shape of the lips included in the first image data with the shape of the lips included in the second image data, and calculates the matching rate between them.

  Then, the authentication unit 235 determines whether or not the calculated matching rate satisfies the condition information “matching rate of 90% or more”. For example, if the calculated matching rate is “90% or more”, the authentication unit 235 obtains authentication of the user U1. On the other hand, if the calculated matching rate is “less than 90%”, the authentication unit 235 determines that an authentication error has occurred.

  Then, the authentication unit 235 notifies the user U1 of the authentication result via the terminal device 20. For example, the authentication unit 235 performs a notification such as “Authentication has been obtained. Please enter” or “Authentication error. Please follow the staff's instructions”.

[5. Authentication processing flow (1)]
Next, a pre-process for performing the authentication process according to the embodiment will be described with reference to FIG. The pre-process for performing the authentication process indicates a process until a user's gene analysis is performed by a genetic test and the analysis result is registered in the control device 100. FIG. 7 is a sequence diagram illustrating a preprocessing procedure for the authentication processing according to the embodiment.

  First, the user U1 requests a genetic test (step S101). For example, the user U1 transmits to the control device 100 that he / she wishes to receive a genetic test by registering the user ID and the date of birth. When the request unit 131 of the control device 100 accepts a genetic test consultation request from the user U1 (step S102), the request unit 131 transmits a request to perform the genetic test of the user U1 to the trader device 30 of the analysis company T (step S102). S103).

  When the analysis company T confirms that the request has been received by the company apparatus 30, the analysis company T receives a genetic test consultation request by the user U1 (step S104). The analysis company T analyzes the gene of the user U1 (step S105), and transmits the obtained analysis result to the control device 100 (step S106).

  When the analysis result is received by the reception unit 132 (step S107), the storage unit 133 of the control device 100 stores gene data based on the analysis result in the gene information database 121. For example, the storage unit 133 calculates a hash value by multiplying a DNA sequence included in the analysis result by a hash function, and stores the calculated hash value and the user ID “U1” in association with each other in the gene information database 121. (Step S108).

[6. Authentication processing flow (2)]
Next, a procedure of authentication processing by the authentication processing system 10 according to the embodiment will be described with reference to FIG. FIG. 8 is a sequence diagram illustrating an authentication processing procedure by the authentication processing system 10 according to the embodiment. Here, it is assumed that the user U1 receives authentication via the terminal device 20.

  First, the terminal device 20 transmits an authentication request to the authentication device 200 according to the operation of the user U1 (step S201). When the authentication request is received by the request receiving unit 231 (step S202), the specifying unit 232 of the authentication device 200 specifies the authentication target and condition information (step S203). Specifically, the specifying unit 232 refers to the authentication target specifying database 221 and specifies a physical feature to be authenticated. For example, the specifying unit 232 specifies what feature in which part of the human body is used for authentication. For example, the specifying unit 232 specifies a shape of a part having a higher gene contribution rate among predetermined parts of the human body as an authentication target. Further, the specifying unit 232 refers to the condition specifying database 222 and specifies condition information for determining whether or not to permit authentication.

  Next, the acquisition unit 233 performs processing for acquiring the authentication target image data identified by the identification unit 232. Specifically, the acquisition unit 233 obtains part image data, which is information indicating what kind of features the user U1 has as the characteristics of the part of the human body specified by the authentication target, by the control device 100 and the user U1. Requests to both sides (step S204).

  Here, when receiving the request from the acquisition unit 233 (Step S205a), the generation unit 134 of the control device 100 generates first image data indicating the physical characteristics of the user U1 from the genetic data of the user U1 (Step S206b). ). For example, the generation unit 134 generates first image data based on the genetic data of the user U1 and the date of birth of the user U1. For example, the generation unit 134 calculates the feature amount indicating the physical characteristics of the user U1 by inputting the genetic data and date of birth of the user U1 into a learning model obtained by machine learning. If the authentication target is “lip shape”, the generation unit 134 calculates a feature amount indicating the “lip shape” of the user U1. Then, the generation unit 134 generates first image data based on the calculated feature amount. Then, the generation unit 134 transmits the generated first image data to the acquisition unit 233 (Step S207a).

  Further, when the user U1 is requested to provide the part image data via the terminal device 20 (step S205b), for example, the terminal unit 20 is used to take a photograph of the requested part. For example, if the authentication target is “lip shape”, the user U1 uses the terminal device 20 to take a picture of his / her face.

  The terminal device 20 generates second image data, which is data obtained by cutting out the required part from the facial image data captured in response to a user operation (step S206b), and acquires the generated second image data. It transmits to 233 (step S207b).

  The acquisition unit 233 receives the first image data and the second image data transmitted in steps S207a and S207b, respectively (step S208).

  Next, the authentication unit 235 authenticates the user U1 by comparing the first image data acquired by the acquisition unit 233 with the second image data (step S209). For example, the authentication unit 235 collates the first image data and the second image data, and calculates the matching rate between them. Then, the authentication unit 235 determines whether or not the calculated matching rate satisfies the condition information. For example, when the calculated match rate satisfies the condition information (step S210; Yes), the authentication unit 235 obtains authentication of the user U1. On the other hand, when the calculated matching rate does not satisfy the condition information (No at Step S210), the authentication unit 235 outputs an authentication error.

[7. (Modification)
The authentication system 10 according to the embodiment may be implemented in various different forms other than the above examples. Accordingly, other embodiments will be described below.

[7-1. (Authentication using features)
In the above-described embodiment, an example has been described in which the authentication unit 235 performs user authentication by collating image data as information indicating the shape of a predetermined part of the user's body. However, the authentication unit 235 may perform user authentication by collating feature amounts as information indicating the shape of a predetermined part of the user's body.

  Specifically, the generation unit 134 calculates a feature amount indicating the shape of a predetermined part of the user's body as the first feature information. Then, the authentication unit 235 is a second feature information that is a feature amount based on the feature amount generated by the generation unit 134 and the image data acquired from the user and indicating the shape of the predetermined part of the user's body. User authentication is performed by checking the above.

  Even in the case where collation is performed using feature amounts in this way, there is no means by which a user who is authenticated can calculate feature amounts. Therefore, for example, in the case of the authentication target “lip shape”, as described above, the user who receives authentication uses the terminal device 20 to obtain the second image data, which is lip image data, from the authentication device 200. Send to.

  In such a state, the conversion unit 234 analyzes the second image data acquired by the acquisition unit 233 to calculate a feature amount that is numerical data that characterizes the “lip shape” of the user. That is, the conversion unit 234 converts the image into a numerical value. Then, the authentication unit 235 performs user authentication by collating the feature amount obtained from the generation unit 124 with the feature amount obtained by converting the image data acquired from the user.

  Thereby, since the authentication system 10 according to the embodiment does not need to generate image data at the time of authentication, it can perform authentication more quickly. That is, since the authentication system 10 can shorten the time that the user waits for authentication, it can perform highly convenient authentication. In addition, the authentication system 10 can realize secure authentication by using feature values that are numerical values instead of images.

[7-2. (Authentication using size)
The authentication unit 235 may perform user authentication by checking the size of a predetermined part of the user's body. Specifically, the generation unit 134 generates numerical data indicating the size of a predetermined part of the user's body as the first feature information. And the authentication part 235 collates the numerical data produced | generated by the production | generation part 134 with the numerical data which shows the size of the predetermined part of a user's body as 2nd characteristic information which shows the physical characteristic acquired from the user. As a result, user authentication is performed. An example is shown below.

  For example, the specifying unit 232 refers to the authentication target specifying database 221 in response to the authentication request, specifies a predetermined part of the human body as the authentication target, and specifies that the size of the specified part is used for authentication. For example, the specifying unit 232 specifies a part of the human body that is determined to have a higher gene contribution rate, and specifies that the specified part size (horizontal width or vertical width) is used for authentication. Here, it is assumed that the specifying unit 232 specifies the authentication target “lip size”. In addition, the size at this time may be either the horizontal width or the vertical width, or may be both.

  In such a state, upon receiving a request from the acquisition unit 233, the generation unit 134 generates first numerical data (an example of first feature information) that is data indicating the “lip size” of the user U1. For example, the generation unit 134 calculates the feature amount indicating the “lip shape” of the user U1 by inputting the genetic data and date of birth of the user U1 into a learning model obtained by machine learning. Then, the generation unit 134 generates first numerical data indicating the “lip size” of the user U1 from the calculated feature amount.

  The conversion unit 234 converts the image data into a numerical value by analyzing the image data of the “lips” acquired from the user U1 by the acquisition unit 233. Then, the conversion unit 234 generates second numerical data (an example of second feature information) that is data indicating the “lip size” of the user U1.

  The authentication unit 235 authenticates the user U1 by comparing the first numerical data acquired by the acquisition unit 233 with the second numerical data. For example, the authentication unit 235 compares the first numerical data and the second numerical data, and calculates an error between them. Then, the authentication unit 235 determines whether or not the calculated error satisfies the condition information. For example, when the condition information “within 0.1 point error” is specified by the specifying unit 232, the authentication unit 235 authenticates the user U1 if the calculated error is “within 0.1 point”. Get.

  As described above, the authentication system 10 according to the embodiment can realize more secure authentication by using a numerical size instead of an image.

[7-3. Authentication with multiple parts (1)]
In the above embodiment, an example in which the authentication apparatus 200 performs authentication using one part has been described. For example, an example in which the authentication apparatus 200 performs authentication on the part “lips” has been shown. However, the authentication device 200 may perform authentication using a plurality of different parts. That is, the generation unit 134 generates information indicating the shapes of different parts of the user's body. And the authentication part 235 is the information acquired by the production | generation part 134, and the information which is the information acquired from the user, and shows the shape of a different part of a user's body, and shows the information which shows the shape of a corresponding part. Authentication is performed by checking. This point will be described using an example.

  For example, the specifying unit 232 refers to the authentication target specifying database 221 in response to the authentication request, specifies a plurality of different parts in the human body as the authentication target, and uses the specified shapes of the plurality of different parts for authentication. specify. For example, the specifying unit 232 specifies “lip shape” and “eye shape” to be used for authentication by specifying “lips” and “eyes”. That is, the specifying unit 232 specifies the authentication target “lip shape” and “eye shape”.

  In such a state, when receiving the request from the acquisition unit 233, the generation unit 134 generates image data indicating the “lip shape” and the “eye shape” of the user U1. For example, as described so far, the generation unit 134 generates image data indicating the “lips” and “eyes” of the user U1 based on the genetic data and date of birth of the user U1, respectively. In such a case, both the image data generated by the generation unit 134 can be said to be an example of the first feature information. Then, the generation unit 134 transmits image data indicating “lips” and “eyes” of the user U1 to the acquisition unit 233.

  In addition, the terminal device 20 transmits image data obtained by cutting out the “lip” and “eye” portions from the face image data captured by the user U1 taking a picture of the face to the acquisition unit 233. In such a case, both image data provided by the user U1 can be said to be an example of the second feature information.

  Then, the authentication unit 235 performs authentication by comparing the “lip” image data generated by the generation unit 134 with the “lip” image data acquired from the user U1. In addition, the authentication unit 235 performs authentication by comparing the “eye” image data generated by the generation unit 134 with the “eye” image data acquired from the user U1.

  In other words, the authentication unit 235 performs two collations such as “lip shape” collation and “eye shape” collation, so whether or not to obtain authentication based on both collation results. Judging. For example, the authentication unit 235 obtains the collation of the user U1 when the coincidence rate of “lip shape” satisfies the condition information and “eye shape” satisfies the condition information. In other words, the authentication unit 235 determines an authentication error if either one does not satisfy the condition information. Here, an example in which the shape of each part is collated using the image data itself has been shown, but the authentication unit 235 may collate a feature amount indicating the shape of each part.

  As described above, since the authentication system 10 according to the embodiment performs authentication at each of the plurality of parts, high-accuracy authentication can be realized.

[7-4. Authentication at multiple sites (2)]
Moreover, the authentication part 235 may authenticate by collating the size of each part. That is, the generation unit 134 generates numerical data indicating the size of a predetermined part of the user's body. And the authentication part 235 is the numerical data produced | generated by the production | generation part 134, and the numerical data which are the information acquired from the user, and show the size of the predetermined part from which a user's body differs, between numerical data of a corresponding part Authentication is performed by checking This point will be described using an example.

  For example, the specifying unit 232 refers to the authentication target specifying database 221 in response to the authentication request, specifies a plurality of different parts of the human body as the authentication target, and uses the specified sizes of the plurality of different parts for authentication. specify. For example, the specifying unit 232 specifies “lip size” and “eye size” for authentication by specifying “lips” and “eyes”. That is, the specifying unit 232 specifies the authentication target “lip size” and “eye size”.

  In such a state, upon receiving a request from the acquisition unit 233, the generation unit 134 generates numerical data indicating the “lip size” and “eye size” of the user U1. For example, as described above, the generation unit 134 generates numerical data indicating the “lip size” and the “eye size” of the user U1 based on the genetic data and date of birth of the user U1. . Then, the generation unit 134 transmits numerical data indicating the generated size of each part to the acquisition unit 233.

  In addition, the terminal device 20 transmits image data obtained by cutting out the “lip” and “eye” portions from the face image data captured by the user U1 taking a picture of the face to the acquisition unit 233.

  Here, the conversion unit 234 analyzes the “lip” image data and the “eye” image data acquired from the user U1 by the acquisition unit 233, and converts these image data into numerical values. Then, the conversion unit 234 generates numerical data indicating the “lip size” and the “eye size” of the user U1.

  Then, the authentication unit 235 performs authentication by comparing the numerical data indicating the “lip size” generated by the generating unit 134 with the numerical data indicating the “lip size” acquired from the user U1. Further, the authentication unit 235 performs authentication by comparing the numerical data indicating the “eye size” generated by the generating unit 134 with the numerical data indicating the “eye size” acquired from the user U1.

  For example, the authentication unit 235 satisfies the condition information with an error between the numerical data indicating the “lip size” generated by the generating unit 134 and the numerical data indicating the “lip size” acquired from the user U1. Authentication is obtained when the error between the numerical data indicating the “eye size” generated by the generating unit 134 and the numerical data indicating the “eye size” acquired from the user U1 satisfies the condition information.

  As described above, since the authentication system 10 according to the embodiment performs authentication at each of the plurality of parts, high-accuracy authentication can be realized.

[7-5. About authentication process)
In the above-described embodiment, the authentication unit 235 relaxes the condition if an authentication error occurs (selects condition information that is looser than the current condition information), and whether or not the collation result satisfies the relaxed condition. An example of performing authentication processing was shown. However, in the case of an authentication error, the authentication unit 235 may perform authentication again for an authentication target different from the current authentication target. That is, the authentication unit 235 obtains from the user the first feature information generated by the generation unit 134 according to the authentication target specified again by the specifying unit 232 when authentication is not obtained for the user. The user is authenticated again by collating with the second feature information. This point will be described using an example.

  For example, the authentication unit 235 collates the first image data generated by the generation unit 134 with the second image data acquired from the user U1 when the authentication target “lip shape” is specified by the specifying unit 232. Suppose that That is, it is assumed that the authentication unit 235 collates the “lip shape” generated from the genetic data of the user U1 with the “lip shape” acquired from the user U1. Then, it is assumed that the authentication unit 235 obtains a result of an authentication error because the matching rate does not satisfy the condition information.

  In such a state, the authentication unit 235 instructs the specifying unit 232 to specify an authentication target different from the “lip shape”. Upon receiving such an instruction, if the identifying unit 232 identifies the authentication target “nose shape”, the identifying unit 232 outputs the authentication target “nose shape” to the acquisition unit 233.

  The acquisition unit 233 requests the control device 100 to generate first image data (image data of “nose” of the user U1) corresponding to the authentication target “nose shape”. In addition, the acquisition unit 233 requests the user U1 to take a picture again. In other words, the acquisition unit 233 requests the terminal device 20 to acquire, from the user U1, the second image data (image data of the “nose” of the user U1) corresponding to the authentication target “nose shape”. .

  As described above, the first image data generated according to the authentication target “nose shape” and the second image data provided from the user U1 according to the authentication target “nose shape” are acquired. Then, the authentication unit 235 performs collation again using these image data. In other words, the authentication unit 235 collates the first image data and the second image data acquired according to the authentication target different from the first time due to an authentication error in the first collation, thereby obtaining 2 Perform the second authentication. If the authentication unit 235 generates an authentication error for the second time, the authentication unit 235 may perform the third authentication by the same process or may determine the authentication error.

  In addition, here, an example is shown in which the shape of the body part based on the image data is used for authentication. However, as described above, even if the feature amount of the body part or the size of the body part is used for authentication. Good.

  As a result, the authentication system 10 according to the embodiment, for example, can change the authentication target and perform the authentication process again when an authentication error occurs in one authentication process, so that highly accurate authentication can be realized. .

[7-6. (User specified)
In the above-described embodiment, an example in which the specifying unit 232 automatically specifies an authentication target has been described. However, the specifying unit 232 may specify a physical feature specified by the user as an authentication target. For example, when the request receiving unit 231 receives an authentication request from the user U1, the specifying unit 232 requests the user U1 to specify an authentication target. That is, the specifying unit 232 requests the user U1 to specify a part that is desired to be used for authentication. For example, the specifying unit 232 displays such a request on the display screen of the terminal device 20.

  An arbitrary method may be used as a method of accepting designation of an authentication target from the user. For example, the specifying unit 232 may display one or more authentication targets from the displayed authentication target candidates by displaying a plurality of authentication target candidates.

  In addition, when a touch panel is adopted for the display screen of the terminal device 20, the specifying unit 232 causes the face image diagram to be displayed, and allows the finger to select a part to be used for authentication from the face parts. Also good. In this case, for example, if the user U1 wants to use “nose” for authentication, the user U1 selects “nose” by tracing the “nose” with a finger in the face image diagram. The specifying unit 232 may also specify whether the selected part is to be authenticated by “shape” or “size”. Here, it is assumed that the user U1 finally designates “the shape of the nose”.

  In such a case, the specifying unit 232 specifies the “nose shape” specified by the user U1 as an authentication target. Since the subsequent processing is the same as before, it will be briefly described. Specifically, the acquisition unit 233 requests the control device 100 to generate first image data indicating “the shape of the nose”. Further, the acquisition unit 233 requests the user U1 to provide the second image data indicating “the shape of the nose”. Then, the authentication unit 235 performs authentication by comparing the first image data acquired by the acquisition unit 233 with the second image data.

  Thereby, since the authentication system 10 according to the embodiment can perform authentication at a site desired by the user, for example, it is possible to perform highly convenient authentication.

[7-7. Combination authentication)
The authentication system 10 may combine other authentication with the authentication processing described so far. For example, the authentication system 10 further requests the presentation (or input) of a password from the user who has determined that the collation result satisfies the condition information by the authentication processing according to the embodiment. Then, if the presented password is correct, the authentication system 10 obtains authentication of the user.

  As described above, the authentication system 10 according to the embodiment performs the authentication accuracy according to the embodiment by performing authentication in a plurality of stages in combination with another authentication (for example, authentication with a password). Can be increased.

  The combined authentication is not limited to password authentication. For example, the authentication unit 235 may request a user to present a hobby preference to a user who has determined that the collation result satisfies the condition information. Then, the authentication unit 235 obtains user authentication when the hobby preference presented by the user matches (or is related to) the user's hobby preference determined on the own device side.

  The method by which the authentication unit 235 determines the user's hobby preference may be arbitrary. For example, the authentication unit 235 acquires history information (for example, search history, purchase history, movement history, etc.) corresponding to the user ID of the user. Then, the authentication unit 235 determines the user's hobby preference from the acquired history information. For example, when the hobby presented to the user is “skiing” and the purchase history includes history information indicating purchase of “skiing equipment”, the authentication unit 235 provides the hobby “skiing” presented to the user. "Is correct and the user is authenticated.

[7-8. Practical example)
A practical example of authentication processing performed in the overall system 1 shown in FIG. 1 will be described. Such authentication processing can be applied, for example, when entering a ticket-free event venue. This point will be described using the user U1.

  For example, it is assumed that the user U1 accesses a predetermined site (for example, an event application site) to apply for participation in a desired event and a dedicated password is issued. The user U1 does not obtain a physical ticket, but receives authentication by the authentication process described so far and two-step authentication with an issued password at the entrance of the event venue.

  For example, a terminal device 20 that is a signage is installed at the entrance to the event venue, and the user U1 operates the terminal device 20 to transmit an authentication request to the authentication system 10, thereby authenticating. Let the system 10 perform authentication. If authentication is obtained, the user U1 is permitted to enter the event venue.

  As another example, the authentication processing according to the embodiment can be applied to an in-house system that allows entry by presenting an employee ID card. Specifically, instead of presenting an employee ID card, an authentication process may be performed at a dedicated gate having the function of the terminal device 20.

[8. Hardware configuration)
Further, the control device 100 and the authentication device 200 according to the above-described embodiments are realized by a computer 1000 having a configuration as shown in FIG. 9, for example. Hereinafter, the authentication apparatus 200 will be described as an example. FIG. 9 is a hardware configuration diagram illustrating an example of a computer 1000 that realizes the function of the authentication device 200. The computer 1000 includes a CPU 1100, RAM 1200, ROM 1300, HDD 1400, communication interface (I / F) 1500, input / output interface (I / F) 1600, and media interface (I / F) 1700.

  The CPU 1100 operates based on a program stored in the ROM 1300 or the HDD 1400 and controls each unit. The ROM 1300 stores a boot program executed by the CPU 1100 when the computer 1000 is started up, a program depending on the hardware of the computer 1000, and the like.

  The HDD 1400 stores programs executed by the CPU 1100, data used by the programs, and the like. The communication interface 1500 receives data from other devices via the communication network 50 and sends the data to the CPU 1100, and transmits data generated by the CPU 1100 to other devices via the communication network 50.

  The CPU 1100 controls an output device such as a display and a printer and an input device such as a keyboard and a mouse via the input / output interface 1600. The CPU 1100 acquires data from the input device via the input / output interface 1600. In addition, the CPU 1100 outputs the generated data to the output device via the input / output interface 1600.

  The media interface 1700 reads a program or data stored in the recording medium 1800 and provides it to the CPU 1100 via the RAM 1200. The CPU 1100 loads such a program from the recording medium 1800 onto the RAM 1200 via the media interface 1700, and executes the loaded program. The recording medium 1800 is, for example, an optical recording medium such as a DVD (Digital Versatile Disc) or PD (Phase change rewritable disk), a magneto-optical recording medium such as an MO (Magneto-Optical disk), a tape medium, a magnetic recording medium, or a semiconductor memory. Etc.

  For example, when the computer 1000 functions as the authentication device 200, the CPU 1100 of the computer 1000 implements the function of the control unit 230 by executing a program loaded on the RAM 1200. The HDD 1400 stores data in the storage unit 220. The CPU 1100 of the computer 1000 reads these programs from the recording medium 1800 and executes them. However, as another example, these programs may be acquired from other devices via the communication network 50.

[9. Others]
In addition, among the processes described in the above embodiment, all or part of the processes described as being automatically performed can be performed manually, or the processes described as being performed manually can be performed. All or a part can be automatically performed by a known method. In addition, the processing procedures, specific names, and information including various data and parameters shown in the document and drawings can be arbitrarily changed unless otherwise specified. For example, the various types of information illustrated in each drawing is not limited to the illustrated information.

  Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured.

  Moreover, each embodiment mentioned above can be combined suitably in the range which does not contradict a process content.

[10. effect〕
The authentication system 10 according to the embodiment (which can be configured as a single authentication device by combining the control device 100 and the authentication device 200) includes a generation unit 134 and an authentication unit 235. The production | generation part 134 produces | generates the 1st characteristic information which shows the said user's physical characteristic from a user's genetic data. The authentication unit 235 authenticates the user by collating the first feature information generated by the generation unit 134 with the second feature information indicating the physical features acquired from the user.

  Thereby, the authentication system 10 (authentication apparatus) according to the embodiment can perform highly convenient authentication.

  In addition, the authentication system 10 according to the embodiment includes a specifying unit 232. The identification unit 232 identifies an authentication target, which is a physical feature used for authentication, when an authentication request from a user is received. Then, the generation unit 134 generates first feature information indicating the physical characteristics of the user according to the authentication target specified by the specification unit 232. And the authentication part 235 collates the 1st feature information produced | generated by the production | generation part 134 with the 2nd feature information which shows the physical feature acquired from the user according to the authentication object specified by the specific | specification part 232. By doing so, the user is authenticated.

  Thereby, since the authentication system 10 (authentication apparatus) according to the embodiment can perform authentication on the spot when a request is received from the user, it is possible to perform highly convenient authentication.

  Further, the specifying unit 232 specifies a part having a higher gene contribution rate among predetermined parts of the user's body as an authentication target.

  Thereby, since the authentication system 10 (authentication apparatus) according to the embodiment can obtain the first feature information with higher accuracy from the gene data, it is possible to perform the authentication with higher accuracy.

  Further, the specifying unit 232 specifies a physical feature specified by the user as an authentication target.

  Thereby, since the authentication system 10 (authentication apparatus) concerning embodiment can authenticate in the site | part which a user desires, for example, highly convenient authentication can be performed.

  Moreover, the production | generation part 234 produces | generates 1st characteristic information based on a user's gene data and a user's birth date.

  Thereby, since the authentication system 10 (authentication apparatus) according to the embodiment can obtain the first feature information according to the age of the current user, for example, each time authentication is performed as in face authentication, It is not necessary to present a recent face photo. That is, the authentication system 10 (authentication apparatus) according to the embodiment can perform highly convenient authentication.

  Moreover, the production | generation part 134 produces | generates the information which shows the shape of the predetermined part of a user's body as 1st feature information. And the authentication part 235 collates the information produced | generated by the production | generation part 134 with the information which shows the shape of the predetermined part of a user's body as 2nd characteristic information which shows the physical characteristic acquired from the user. The user is authenticated.

  Thereby, the authentication system 10 (authentication apparatus) according to the embodiment only needs to allow the user to take a picture at the time of authentication when performing authentication with information indicating the shape of the predetermined part of the user's body. Therefore, it is possible to perform highly convenient authentication that does not give the user trouble.

  In addition, the generation unit 134 generates information indicating the shape of a predetermined part of the user's body. And the authentication part 235 shows the shape of the corresponding predetermined part in the information produced | generated by the production | generation part 134, and the information which is the information acquired from the user, and shows the shape of the predetermined part from which the said user's body differs. The user is authenticated by collating information.

  Thus, since the authentication system 10 (authentication apparatus) according to the embodiment performs authentication at each of a plurality of parts, high-precision authentication can be realized.

  Moreover, the production | generation part 134 produces | generates the numerical data which shows the size of the predetermined part of a user's body as 1st feature information. And the authentication part 235 collates the numerical data produced | generated by the production | generation part 134 with the numerical data which shows the size of the predetermined site | part of the said user's body as 2nd feature information which shows the physical characteristic acquired from the user. By doing so, the user is authenticated.

  As described above, the authentication system 10 (authentication apparatus) according to the embodiment can realize more secure authentication by using a numerical size instead of an image.

  Further, the generation unit 134 generates numerical data indicating the size of a predetermined part of the user's body that is different. And the authentication part 235 is the numerical data produced | generated by the production | generation part 134, and the numerical value data which are the numerical data acquired from the user, and show the size of the predetermined part from which a user's body differs, The numerical value of a corresponding predetermined part The user is authenticated by collating the data.

  Thus, since the authentication system 10 (authentication apparatus) according to the embodiment performs authentication at each of a plurality of parts, high-accuracy authentication can be realized.

  Further, the authentication unit 235 obtains authentication for the user when the collation result obtained when the first feature information and the second feature information are collated satisfies predetermined condition information.

  Thereby, the authentication system 10 (authentication apparatus) according to the embodiment can control when the verification result is obtained.

  In addition, the authentication unit 235 acquires the first feature information generated by the generation unit 134 according to the authentication target specified again by the specifying unit 232 when the authentication is not obtained for the user, and is acquired from the user. The user is authenticated again by collating with the second feature information.

  Thereby, the authentication system 10 (authentication apparatus) according to the embodiment realizes high-precision authentication because, for example, when an authentication error occurs in one authentication process, the authentication target is changed and the authentication process is performed again. can do.

  As described above, some of the embodiments of the present application have been described in detail with reference to the drawings. However, these are merely examples, and various modifications, including the aspects described in the disclosure section of the invention, based on the knowledge of those skilled in the art, It is possible to implement the present invention in other forms with improvements.

  In addition, the “section (module, unit)” described above can be read as “means” or “circuit”. For example, the authentication unit can be read as authentication means or an authentication circuit.

DESCRIPTION OF SYMBOLS 1 Overall system 10 Authentication system 20 Terminal apparatus 30 Contractor apparatus 100 Control apparatus 121 Gene information database 131 Request part 132 Reception part 133 Storage part 134 Generation part 200 Authentication apparatus 221 Authentication object specification database 222 Condition specification database 231 Request reception part 232 Identification unit 233 Acquisition unit 234 Conversion unit 235 Authentication unit

Claims (13)

A generating unit that generates first characteristic information indicating physical characteristics of the user from the genetic data of the user;
An authentication unit that authenticates the user by collating the first feature information generated by the generation unit with the second feature information indicating the physical feature acquired from the user. An authentication device. When an authentication request from the user is received, the information processing apparatus further includes a specifying unit that specifies an authentication target that is a physical feature used for authentication,
The generating unit generates first feature information indicating physical characteristics of the user according to an authentication target specified by the specifying unit,
The authentication unit collates first feature information generated by the generation unit with second feature information indicating physical features acquired from the user according to an authentication target specified by the specifying unit. The authentication apparatus according to claim 1, wherein the user is authenticated. The authentication device according to claim 2, wherein the specifying unit specifies, as the authentication target, a part having a higher gene contribution ratio among predetermined parts of the user's body. The authentication device according to claim 2 or 3, wherein the specifying unit specifies a physical feature specified by the user as the authentication target. The authentication device according to claim 1, wherein the generation unit generates first feature information based on the user's genetic data and the date of birth of the user. . The generation unit generates information indicating a shape of a predetermined part of the user's body as the first feature information,
The authentication unit collates information generated by the generation unit with information indicating a shape of a predetermined part of the user's body as second characteristic information indicating a physical characteristic acquired from the user. The authentication apparatus according to any one of claims 1 to 5, wherein the user is authenticated. The generation unit generates information indicating the shape of the predetermined part of the user's body,
The authentication unit indicates the shape of the corresponding predetermined part in the information generated by the generation part and the information acquired from the user and indicating the shape of the predetermined part of the user's body that is different. The authentication apparatus according to claim 6, wherein the user is authenticated by collating information. The generation unit generates numerical data indicating a size of a predetermined part of the user's body as first feature information,
The authentication unit collates numerical data generated by the generating unit with numerical data indicating a size of a predetermined part of the user's body as second characteristic information indicating physical characteristics acquired from the user. The authentication apparatus according to claim 1, wherein the user is authenticated. The generation unit generates numerical data indicating the size of the predetermined part of the user's body,
The authenticating unit includes: numerical data generated by the generating unit; and numerical data acquired from the user and indicating the size of a different predetermined part of the user's body. The authentication apparatus according to claim 8, wherein the user is authenticated by collating numerical data. The authentication unit obtains authentication for the user when a collation result obtained by collating the first feature information and the second feature information satisfies predetermined condition information. The authentication device according to any one of the above. The authentication unit is acquired from the user with the first feature information generated by the generation unit according to the authentication target specified again by the specifying unit when authentication is not obtained for the user. The authentication apparatus according to any one of claims 2 to 4, wherein the user is authenticated again by collating with second feature information. An authentication method executed by the authentication device,
Generating a first feature information indicating the physical characteristics of the user from the genetic data of the user;
An authentication step of authenticating the user by collating the first feature information generated by the generation step with the second feature information indicating the physical feature acquired from the user. A characteristic authentication method. A generation procedure for generating first characteristic information indicating physical characteristics of the user from the genetic data of the user,
The computer executes the authentication procedure for authenticating the user by comparing the first feature information generated by the generation procedure with the second feature information indicating the physical feature acquired from the user. A distribution program characterized by that.

Images