JP2025064010A - Identity verification system and identity verification method - Google Patents

Abstract

To provide an identity verification system for identity verification and person authentication taking into account convenience of a user while using a public personal authentication.SOLUTION: An identity verification system 500 includes an Individual Number Card 115, a communication terminal 100, and a digital signature verification server 200. In identity verification, the communication terminal 100 digitally signs an appearance image of a user 110 and transmits it to the digital signature verification server 200, and the digital signature verification server 200 decrypts the digital signature to verify the identity, verifies the validity of the digital certificate, when the identity and validity are verified, determines that the identity verification of the user 110 is successful and stores the appearance image of the user 110 as an image for identity authentication. In the person authentication, after a facial image of the user 110 is photographed, the identity verification system executes face authentication between the appearance image of the user 110 and the personal authentication image, and when a degree of agreement is a predetermined threshold or more, determines that the person authentication is successful.SELECTED DRAWING: Figure 4

Description

The present invention relates to an identity verification system and method that uses the Japan Personal Identification System (JPKI) to verify identity and authenticate the person in question.

Research and development has been conducted on identity verification and the verification of images used for identity verification. For example, Patent Document 1 (JP 2001-292360 A) discloses an image input device that makes it possible to authenticate the authenticity of formed digital image data.
The video input device described in Patent Document 1 is a video input device that inputs video and converts it into digital data, and is equipped with a communication means for communicating with an external device, and transmits the digital data to the external device via the communication means, and causes the external device to generate information that identifies the digital data by processing secret information stored in the external device and the digital data using a predetermined calculation.

In addition, Patent Document 2 (JP 2020-161191 A) discloses a mobile terminal, an identity verification system, and a program for strict identity verification in online transactions.
The mobile terminal described in Patent Document 2 is a mobile terminal having a photographing unit, and acquires data necessary for user identity verification at the start of the service using only the mobile terminal carried by the user, and is characterized in that it comprises a guidance screen output means for outputting a guidance screen specifying the position of an object to be photographed together with an identification document having a facial photograph, an identification image acquisition means for acquiring from the photographing unit an identification image which is an image including the object and the identification document in accordance with the guidance screen output by the guidance screen output means, a match image acquisition means for acquiring from the photographing unit a comparison image which is an image including the face of a person holding the identification document, and a match image transmission means for transmitting the identification image acquired by the identification image acquisition means and the match image acquired by the match image acquisition means to an identification server which performs identity verification using images.

Furthermore, Patent Document 3 (JP-A-2004-326441) discloses an image data registration method for storing and providing image data that is free from the risk of being tampered with.
The image data registration method described in Patent Document 3 is characterized by having a first transmission step in which a communication device equipped with an imaging means captures an image, generates image data representing the image, and immediately transmits the image data to an image server device via a first communications network after generating the image data; a first reception step in which the image server device receives the image data transmitted from the communication device; a registration request step in which the communication device transmits a registration request to the image server device via the first communications network indicating a request to register the image data in the notarization server device; a second reception step in which the image server device receives the registration request transmitted from the communication device; a first transmission step in which the image server device transfers the image data and registration request to the notarization server device via the second communications network; and a first storage step in which the notarization server device receives the image data and registration request transferred from the image server device and stores the image data in association with the confirmation date.

Furthermore, Patent Document 4 (JP Patent Publication 2006-113926A) discloses a welfare operation system that can improve the convenience of applying for and using welfare facilities and prevent unauthorized use of welfare facilities.
The welfare operation system described in Patent Document 4 is characterized by comprising: a welfare operation server which stores an operational private key, which is a secret key, and an operational public key, which is a public key, as encryption keys of a public key cryptosystem owned by an organization which operates welfare services, and which has a public key certificate generation unit which has a function of generating a public key certificate using the operational private key for the public key of the public key cryptosystem and a function of authenticating the validity of the public key certificate using the operational public key; a user token which stores a user public key, which is an encryption key of the public key cryptosystem owned by a user of the welfare service, a user private key, which is a secret key, and a user public key certificate, which is a public key certificate generated by the public key certificate generation unit for the user public key, and which has a digital signature generation unit which generates a digital signature for the user using the user private key; and a welfare facility server which has a digital signature authentication unit which has a function of authenticating the user public key certificate stored in the user token with the operational public key and a function of authenticating a digital signature generated by the user token using the user private key, using the user public key.

JP 2001-292360 A JP 2020-161191 A JP 2004-326441 A JP 2006-113926 A

In recent years, there has been an increase in fraudulent use of eKYC (JPKI: Public Key Identification System, etc.) mechanisms to open new accounts or to spoof existing accounts.
In this case, the perpetrator uses the personal information obtained from the victim to, for example, partially complete the account opening procedure at a bank. In this case, the victim's personal information (name, date of birth, address, etc.) is entered for most items, and the perpetrator's information is entered for some items (ID, password, phone number, etc.).
When the victim is asked to provide identity verification (eKYC) during the account opening process, the perpetrator guides the victim through the procedure for eKYC (JPKI, etc.), the victim completes the eKYC procedure, and the perpetrator successfully opens an account in the victim's name.
When the perpetrator uses an account, they successfully authenticate the ID/PW and phone number they registered using an SMS OTP (one-time password), and then carry out transactions while impersonating the victim.
This is because in methods such as Method E of the Act on Prevention of Transfer of Criminal Proceeds (hereinafter also referred to as the Criminal Proceeds Act), an image of the person's appearance is sent when identity is confirmed, and this image of the person can be used to authenticate the person, but in public personal authentication (Method Wa of the Criminal Proceeds Act), an image of the person's appearance is not sent, so at the time of executing a transaction, there is no way to confirm whether the person conducting the transaction is the person whose My Number card was used for identity confirmation.

The video input device described in Patent Document 1 comprises a video input device (corresponding to a communication terminal with a shooting function) and a portable device (corresponding to a My Number card), and calculates a digital signature for the video captured by the video input device using a private key and a digital signature algorithm stored in an external device, and performs digital signature verification using the encrypted video and the original image, thereby verifying that the transmitted video was captured by the video input device to which the portable device (My Number card) is connected (see paragraphs [0045]-[0048] of the Patent Document 1 specification).
However, with the video input device of Patent Document 1, it is not possible to verify whether the image captured by the video input device is an image of the mobile device holder. Therefore, for example, if an assailant who borrows a My Number card takes an image of his or her own appearance, electronically signs it, and sends it, there is a possibility that an image of the appearance of someone other than the My Number card holder will be registered.

The mobile terminal described in Patent Document 2 outputs a guide screen that specifies the position of the object to be photographed together with the identification document containing a facial photograph, and by photographing the document, it is possible to reliably obtain an image of the identification document held by the mobile terminal.
However, in this case, it is possible to forge the facial photograph or personal information on the identification document by, for example, falsifying the image on the identification document, so it is not always possible to accurately confirm the identity of the person, including the facial image.

In the image data registration method described in Patent Document 3, the captured image data is immediately digitally signed using the user's private key, and is then transmitted to an image server via a mobile communication network together with the digital certificate. When the server receives the transmitted image data, digital certificate, identifier, and registration request, it uses the public key included in the digital certificate to decrypt the digital signature to obtain a hash value H1. The CPU also obtains a hash value H2 of the image data, and verifies the authenticity of the image data by comparing H1 and H2 (see paragraphs [0022]-[0023] of the specification of Patent Document 3).
In this case, the private key is stored in the mobile device, and if the mobile device is a communication terminal with a photographing function such as a smartphone, the identity of the mobile device's owner cannot be sufficiently verified, so this method of identity verification cannot be said to be accurate. In addition, it is not possible to verify whether the photographed image data is an image of the mobile device's owner.

In the welfare operation system described in Patent Document 4, a user has an IC card that stores a user private key, a user public key, an operation private key, and a user public key certificate.
Then, in the step of starting an application for welfare services, if the validity of the digital signature included in the user public key certificate is authenticated by the welfare operations server, a digital signature for the application form is generated, and when the application form and the digital signature for the application form are sent, the welfare operations server authenticates the validity of the digital signature for the application form, and if the authentication is successful, use of the welfare services is permitted.
In addition, in the step where a user uses welfare services, a digital signature authentication unit provided in the welfare facility server certifies the validity of the digital signature generated by the digital signature generation unit provided in the IC card using the user public key obtained from the IC card, and if the authentication is successful, the user is permitted to use the welfare facilities (see paragraphs [0013]-[0032] of the specification of cited document 4).
In this case, the accuracy of identity verification is guaranteed by using an IC card to verify the identity of the user when applying for use and to authenticate the user when using the service. However, the need to always use an IC card when using the service poses an issue in terms of user convenience.

The main object of the present invention is to provide an identity verification system and method for preventing fraudulent opening of new accounts or spoofing of existing accounts by utilizing the eKYC (JPKI: Public Personal Identification System, etc.) mechanism, while utilizing JPKI and taking maximum consideration of user convenience for identity verification and person authentication.
A second object of the present invention is to provide an identity verification system and method for more accurate identity verification and person authentication by combining an additional identity verification technique.

(1)
According to one aspect, the identity verification system is composed of a user's My Number card, a communication terminal capable of communicating with the IC chip of the My Number card and having a photographing function, an electronic signature verification server, a public personal authentication service server, and a person authentication server. In identity verification, the communication terminal photographs an image of the user's appearance, verifies the entered password for the electronic signature, and if the password is correct, connects to the user's My Number card, electronically signs a document including the image of the user's appearance, personal information, and an identification ID for identifying the individual, and sends the document body and an electronic certificate to the electronic signature verification server. The electronic signature verification server The communication terminal decrypts the electronic signature to confirm its identity with the document body, and communicates with a server of a public personal authentication service to determine whether the electronic certificate is valid. If the identity and validity of the electronic certificate are confirmed, it is determined that the user's identity has been successfully verified, and an image of the user's appearance is sent to the person authentication server together with the identification ID as an image for person authentication. In authenticating the user, the communication terminal takes a photograph of the user's appearance and sends the image of the user's appearance and the identification ID to the person authentication server. The person authentication server performs facial authentication between the sent image of the user's appearance and the image for person authentication corresponding to the identification ID, and determines that the authentication of the user has been successful if a degree of match equal to or exceeds a predetermined threshold is obtained.
As of September 2023, the server of the public personal authentication service corresponds to the server of the Japan Agency for Local Authority Information Systems (J-LIS).

The identity verification system of the present invention is composed of identity verification and person authentication. Identity verification is carried out when opening a bank account, etc., and is used to verify that the person currently performing the procedure is the correct owner of the identity verification document (such as a My Number card) presented. Person authentication is carried out when conducting a transaction with a bank account, etc., and is used to verify that the user is the person registered in advance.
In terms of identity verification, the public personal authentication (JPKI) using the My Number card is considered the most desirable method, as it provides the highest level of assurance and takes only about 20 seconds for the user to complete.
Meanwhile, authentication of a person has traditionally been done by inputting and confirming an ID and password. In this case, however, if the ID and password are leaked to others, there is a problem that they may be able to withdraw money from the bank account.
In response to this problem, two-step authentication has recently been implemented, in which a security code is sent to the user via SMS or other means, and the user then inputs the security code, allowing for identity authentication that can be used even if the user's ID and password are leaked to others.
However, even when two-step authentication is set, the perpetrator can still pass the two-step authentication by using personal information obtained from the victim, for example, when opening a bank account, by entering the victim's personal information (name, date of birth, address, etc.) in most of the fields and the perpetrator's information in some of the fields (ID, password, phone number, etc.).

On the other hand, in identity verification, when a user's facial photograph is sent to an authentication server, as in Methods E and F of the Criminal Proceedings Act, the user can be authenticated by comparing the facial photograph of the user stored in the authentication server at the time of identity verification with the facial photograph taken at the time of person authentication. However, Methods E and F of the Criminal Proceedings Act are considered to have a lower level of assurance of identity verification compared to public personal authentication (Method Wa), and issues remain regarding identity verification.
On the other hand, in public personal authentication, an image of the user's appearance is not sent to the electronic signature verification server, and an image of the user's appearance cannot be stored in the authentication server. Therefore, in authenticating the user, the facial photo of the user stored in the authentication server at the time of identity confirmation cannot be compared with the facial photo taken at the time of authenticating the user.

In accordance with one aspect, the identity verification system takes into account the above-mentioned problems with identity verification to date, and utilizes public personal authentication, which provides the highest level of assurance in identity verification, while storing an image of the user's appearance in an authentication server and performing identity verification by comparing the stored image of the appearance (image for authenticating the user) with the image of the appearance photographed at the time of authenticating the user.
In this case, it is important that the facial image captured during identity verification is the facial image of the user himself/herself. In an identity verification system according to one aspect, a facial image of the user is captured immediately before connecting to the user's own My Number card, and a personal identification number (a mixture of alphanumeric characters and 6 to 16 half-width characters) of a signature electronic certificate is entered to connect to the My Number card, thereby preventing a facial image of a person other than the user from being used as the facial image of the user himself/herself.
In addition, when identity confirmation and person authentication are successful, the successful identity confirmation and person authentication may be immediately transmitted directly to the communications terminal, or the successful identity confirmation and person authentication may be effectively notified by proceeding with the bank account opening or bank account transaction procedure.
In addition, the communication terminal used for person authentication may be a terminal that cannot communicate with the IC chip of the My Number card, such as a personal computer that does not have an IC card reader/writer for NFC.
In the personal identification system according to one aspect, the electronic signature verification server may also perform personal authentication without providing a separate server for person authentication.

(2)
In an identity verification system according to a second aspect of the present invention, in an identity verification system according to one aspect, an electronic signature verification server may certify, in identity verification and/or person authentication, that a captured facial image is an facial image of a real person by passive authentication, which does not require user action, and/or active authentication, which does require user action.

When photographing the user's appearance, instead of photographing the user's appearance directly, a photo of the user is taken, which may lead the digital signature verification server to mistakenly believe that the user is actually present.
When verifying identity, it is necessary to connect the My Number card and enter a password for electronic signature, but when authenticating the person, these steps are not necessary, so there is a high risk of incorrect authentication, especially if a photo of the user is taken.
In the personal identification system according to the second aspect of the invention, in the case of identity confirmation and/or person authentication, it is desirable to verify that the photographed facial image is that of a real person.
Methods for authenticating that an image is of a real person's facial expression can be achieved by using active authentication, which requires user action such as specifying the direction in which the face should be turned and then checking whether the captured facial expression image is facing the specified direction; passive authentication, which does not require user action and only involves capturing a frontal image; or a combination of active authentication and passive authentication.
The authentication method to be used must be determined by taking into consideration the balance between the authentication level and the convenience for the user.

(3)
An identity verification system according to a third aspect of the present invention may further perform transaction authentication in addition to the person authentication.

Transaction authentication is an authentication method for verifying that the contents of a transaction have not been tampered with during communication when the transaction is executed.
In identity verification, a document including a facial image and personal information is digitally signed and sent to an electronic signature verification server together with the document itself and the electronic certificate. The electronic signature verification server then decrypts the electronic signature and verifies its identity with the document itself. Therefore, if communication is hijacked, it can be reliably confirmed that the information has been tampered with.

On the other hand, identity authentication is mainly performed during bank transactions such as transfers, and is intended to confirm that the user attempting to carry out the bank transaction is a legitimate user verified by identity verification, but if communications are hijacked by a malicious third party, the input transaction details may be tampered with to make fraudulent transaction details, even though the transaction is being requested by a legitimate user. Or, it is possible that an image of the user's appearance may be tampered with and identity authentication may be determined to have been successful, even though the user is not a legitimate user.
The identity verification system according to the first aspect itself cannot prevent tampering during identity authentication, i.e., during bank transactions. Therefore, the identity verification system according to the third aspect of the present invention further enhances the assurance level of transactions by performing transaction authentication.

(4)
The identity verification system according to a fourth aspect of the present invention is an identity verification system according to one aspect, in which, in the identity verification, the communications terminal takes a photograph of the front image of the My Number card or reads a facial photo image from the IC chip of the My Number card and sends it to an electronic signature verification server, and the electronic signature verification server compares the facial photo image contained in the front image of the My Number card or the facial photo image read from the IC chip of the My Number card with an appearance image contained in the document, and if a degree of match equal to or greater than a predetermined threshold is obtained, the identity verification of the user may be successful.

In an identity verification system that follows one aspect of electronically signing an image of a user's appearance and sending it to an electronic signature verification server, and verifying it at the electronic signature verification server, it is guaranteed that the captured image of the appearance is that of the user by verifying the user's password and connecting to the user's My Number card. However, even in this case, if the perpetrator obtains the victim's My Number card and password, there is a possibility that the perpetrator's image of the appearance will be stored in the electronic signature verification server as an image for authenticating the victim.

In the identity verification system according to the fourth invention, the communication terminal further takes a photograph of the front image of the My Number card or reads a facial photo image from the My Number card's IC chip and sends it to the electronic signature verification server, and the electronic signature verification server compares the facial photo image contained in the front image of the My Number card or the facial photo image obtained from the My Number card's IC chip with the facial image contained in the document, and if a degree of match equal to or exceeds a predetermined threshold is obtained, the user's identity is successfully verified, thereby ensuring that the electronically signed facial image is the facial image of the holder of the My Number card.

(5)
In the identity verification system of the fifth invention, in one aspect, the electronic signature verification server may further compare the age calculated from the user's date of birth in the personal information sent from the communications terminal with the age estimated from an image of the user's appearance, and determine that the identity verification is successful if the difference in age is less than a predetermined value.

In the identity verification system according to the fifth invention, even if the perpetrator obtains the victim's Individual Number card and password, if the perpetrator and the victim are of different ages, it is possible to determine that the facial image sent is not that of the user himself, i.e., the victim. The identity verification system according to the sixth invention is particularly effective when the victim is an elderly person.
The predetermined value is, for example, 3 years old, but it is desirable to change it appropriately depending on the accuracy of age estimation and the need for stricter identity verification.

(6)
According to another aspect, a personal identification method performs personal identification using a user's My Number card, a communication terminal capable of communicating with an IC chip of the My Number card and having an image capturing function, an electronic signature verification server, a server of a public personal authentication service, and a server for authenticating the person in question, the method comprising an identity verification process and an identity authentication process, the identity verification process including a first appearance image capturing step in which the communication terminal captures an appearance image of the user, an electronic signature step in which the communication terminal verifies an input password for electronic signature and, if the password is correct, connects to the user's My Number card and electronically signs a document including the user's appearance image, personal information, and an identification ID for identifying the individual, an electronic signature sending step in which the communication terminal sends the document body, the electronic signature, and an electronic certificate to the electronic signature verification server, and the electronic signature verification server decrypts the electronic signature and transmits the document body. the personal authentication server performs face authentication on the basis of a facial image of the user sent by the communication terminal, a facial image sending step in which the communication terminal sends information including the user's facial image and the identification ID to the personal authentication server, and a personal authentication determination step in which the personal authentication server performs face authentication on the sent facial image of the user and the personal authentication image corresponding to the identification ID, and determines that the personal authentication is successful if a degree of match equal to or greater than a predetermined threshold is obtained.

The identity verification method according to another aspect is an invention of a method corresponding to the identity verification system according to the one aspect, and in consideration of the problems with identity verification to date, utilizes public personal authentication, which has the highest level of assurance in identity verification, while storing an image of the user's appearance in a server for authenticating the person, and performs identity authentication by comparing the stored image of the appearance (image for authenticating the person) with the image of the appearance photographed at the time of authenticating the person.
In this case, it is important that the facial image captured during identity verification is the facial image of the user himself/herself. In an identity verification system according to one aspect, a facial image of the user is captured immediately before connecting to the user's own My Number card, and a personal identification number (a mixture of alphanumeric characters and 6 to 16 half-width characters) of a signature electronic certificate is entered to connect to the My Number card, thereby preventing a facial image of a person other than the user from being used as the facial image of the user himself/herself.

1 is a schematic diagram showing a configuration of an identity verification system according to a first embodiment; FIG. 2 is a schematic block diagram illustrating an example of a configuration of a communication terminal according to the first embodiment. FIG. 2 is a schematic block diagram illustrating an example of a configuration of a digital signature verification server according to the first embodiment. 11 is a schematic flowchart showing an example of a flow of an identity verification process. 11 is a schematic flowchart showing an example of a flow of person authentication processing. 1 is a schematic flowchart showing an example of a flow of transaction authentication. 13 is a schematic flowchart illustrating an example of a flow of an identity verification process according to the second embodiment;

Hereinafter, an embodiment of the present invention will be described with reference to the drawings. In the following description, the same parts are given the same reference numerals. Their names and functions are also the same. Therefore, detailed descriptions thereof will not be repeated.

[First embodiment]
The first embodiment of the identity verification system 500 performs identity verification by combining photographing the user's 110 appearance with public personal authentication, and authenticates the person by facial recognition of an appearance image (image for authenticating the person) identified as the person in the identity verification and an appearance image taken at the time of authentication.

(Configuration of the identity verification system 500 according to the first embodiment)
FIG. 1 is a schematic diagram showing an example of the configuration of an identity verification system 500 in the first embodiment, FIG. 2 is a schematic block diagram showing an example of the configuration of a communication terminal 100, and FIG. 3 is a schematic block diagram showing an example of the configuration of an electronic signature verification server 200.

As shown in FIG. 1, the identity verification system 500 is composed of a communication terminal 100, a My Number card 115 connected to the communication terminal 100, an electronic signature verification server 200, a public personal authentication service server 300, and a person authentication server 200a.
The communication terminal 100 , the electronic signature verification server 200 , the public personal authentication service server 300 and the person authentication server 200 a are connected via a communication network 400 .
It is also possible that the person authentication server 200a is not provided separately, and the digital signature verification server 200 also performs person authentication.
Also, as of September 2023, the server 300 of the public personal authentication service corresponds to the server 300 of the Japan Agency for Local Authority Information Systems (J-LIS).
The communication terminal 100 is operated by a user 110 and is used for taking an image of the user's 110's appearance and for official personal authentication using a My Number card 115 when verifying the user's identity. The electronic signature verification server 200 is used for official personal authentication when verifying the user's identity and for face authentication when authenticating the person in question.

2, the communication terminal 100 includes a photographing unit 120 for photographing an image of the user 110's appearance, a display/operation unit 150 for inputting application information when applying for an account opening, and displaying the photographed image of the appearance and the result of identity verification, a communication unit 170 for communicating with the electronic signature verification server 200, and a control unit 180. The communication unit 170 also includes NFC 175 (Near Field Communication) for connecting to the My Number card 115, and can read the IC chip data of the My Number card 115. When used for person authentication, the communication terminal 100 may be a terminal that cannot communicate with the IC chip of the My Number card 115, such as a personal computer that does not include an IC card reader/writer for NFC.

The communication terminal 100 may be, for example, a smartphone equipped with a camera and NFC, or a personal computer equipped with a camera and an IC card reader/writer for NFC.
In addition, the My Number card 115 stores a 6- to 16-digit alphanumeric password required to initiate an electronic signature, a private key and a public key for creating an electronic signature, an electronic certificate, and an application for electronic signatures (JPKI-AP).

As shown in FIG. 3, the digital signature verification server 200 includes a digital signature decryption unit 210 , a digital signature verification unit 220 , a face authentication unit 230 , an authentication image storage unit 240 , a communication unit 250 , and a control unit 260 .
The digital signature decryption unit 210 uses the public key to decrypt the digital signature received from the communication terminal 100. The digital signature verification unit 220 verifies whether the decrypted information such as the facial image matches the original unencrypted information, and queries the server 300 of the public personal authentication service whether the received digital certificate has expired.
In addition, if the revocation information of the electronic certificate is previously transmitted from the server 300 of the public personal authentication service to the electronic signature verification server 200 and stored therein, it is not necessary to query the server 300 of the public personal authentication service for each electronic certificate.

In person authentication, the face authentication unit 230 performs face authentication between the facial image of the user 110 sent and the person authentication image, and calculates the degree of match.
The authentication image storage unit 240 stores the facial image confirmed to be that of the user in the identity verification as an image for authenticating the user, as an image for authenticating the user.
The communication unit 250 communicates with the communication terminal 100 and the server 300 of the public personal authentication service via the communication network 400 .
When the control unit 260 confirms the identity of the document obtained by decrypting the digital signature and the original document, and confirms the validity of the digital certificate, it returns the identity confirmation result to the communication terminal 100 and stores the facial image of the user 110 as an image for person authentication in the authentication image storage unit 240. When authenticating the person, it determines whether the person authentication has been successful or not depending on whether the degree of match of the face authentication unit 230 is equal to or higher than a predetermined threshold, and returns the authentication result to the communication terminal 100.
3 is a configuration in the case where the electronic signature verification server 200 also functions as the person authentication server 200a. When the electronic signature verification server 200 and the person authentication server 200a are provided separately, the electronic signature verification server 200 may not have the face authentication unit 230 and the authentication image storage unit 240. Moreover, the person authentication server 200a may not have the electronic signature decryption unit 210 and the electronic signature verification unit 220.

(Flowchart of identity verification method)
Identity verification includes identity verification performed when opening an account, etc., and identity authentication performed when conducting account transactions, etc. Identity verification is a process in which a service provider verifies that user 110 is an actual person when the user 110 registers an account. Identity authentication is a process in which a service provider verifies that user 110 is definitely the person registered in advance.
FIG. 4 is a schematic flow chart showing an example of a flow of identity confirmation, and FIG. 5 is a schematic flow chart showing an example of a flow of person authentication.

First, the flow of identity verification will be described.
4, the horizontal axis indicates which device executes each step in the flowchart: the communication terminal 100, the My Number card 115, the electronic signature verification server 200, and the public personal authentication service server 300. Each step will be described below.
(Step S01) The communication terminal 100 displays an explanation of the method of identity verification on the display/operation unit 150, and then the photographing unit 120 photographs an image of the user's appearance 110 (first facial image photographing step).
(Steps S02, S03) User 110 inputs a password for electronic signature from display/operation unit 150, and communication terminal 100 checks whether the input password is correct. If it is incorrect, user 110 is asked to re-enter the password. Note, however, that if the password for electronic signature is input incorrectly five times in a row, a password lock will be set up, so care should be taken.
(Step S04) The user 110 connects the My Number card 115 to the communication terminal 100. In this case, if the communication terminal 100 is a smartphone, the My Number card 115 is scanned with the smartphone. Also, if the communication terminal 100 is a personal computer, the My Number card 115 is inserted into an IC card reader/writer.

(Step S05) The communication terminal 100 transmits an image of the user 110's appearance and other information to the My Number card 115 via the NFC 175 included in the communication unit 170.
(Steps S06, S07) My Number card 115 digitally signs the received facial image and other personal information (name, address, date of birth, gender) and an identification ID that identifies the individual using a private key, and returns the digital signature and digital certificate to communication terminal 100.
(Step S08) The communication terminal 100 transmits the document body including the captured facial image, the received digital signature, and the digital certificate to the digital signature verification server 200.

(Steps S09, S10) The digital signature verification server 200 decrypts the received digital signature and checks whether it is identical to the received facial image and other information.
(Step S11) If they are identical, the electronic certificate is sent to the server 300 of the public personal authentication service, and a request is made to confirm whether the electronic certificate is valid.
(Step S12) The server 300 of the public personal authentication service checks whether the electronic certificate is valid and returns the check result to the electronic signature verification server 200. Note that if the revocation information of the electronic certificate has been transmitted in advance from the server 300 of the public personal authentication service to the electronic signature verification server 200 and stored therein, the electronic signature verification server 200 may directly determine the validity of the electronic certificate.

(Steps S13, S14) If the validity of the electronic certificate is confirmed, the received facial image is stored as an image for authenticating the person together with the identification ID in the authentication image storage unit 240. When the electronic signature verification server 200 and the person authentication server 200a are separately provided, the electronic signature verification server 200 transmits the received facial image and identification ID to the person authentication server 200a, and the person authentication server 200a stores the received facial image as an image for authenticating the person together with the identification ID in the authentication image storage unit 240.
(Step S15) If the identity confirmation is not successful in step S10, or if the validity confirmation is not successful in step S13, communication terminal 100 receives a message indicating that identity confirmation was not successful and displays this on display/operation unit 150.
(Step S16) If the validity check is successful in step S13, the communication terminal 100 receives the identity check success and displays it on the display/operation unit 150. Furthermore, for example, if this identity check was performed when the account was opened, the flow proceeds to the account opening flow.
In addition, when the validity confirmation is successful in step S13, instead of sending a notification of successful identity confirmation directly to communication terminal 100 and displaying it on display/operation unit 150 of communication terminal 100, the successful identity confirmation may be effectively notified by proceeding with procedures such as opening a bank account.

Next, each step of the flow of person authentication will be described with reference to FIG.
(Step S21) The communication terminal 100 displays an explanation of the method of identity verification on the display/operation unit 150, and then the photographing unit 120 photographs an image of the user's appearance 110 (second appearance image photographing step).
(Step S22) The communication terminal 100 transmits the photographed facial image and an identification ID for identifying the individual to the person authentication server 200a.
(Steps S23 to S26) The person authentication server 200a extracts the person authentication image corresponding to the received identification ID from the authentication image storage unit 240, performs facial authentication between the sent facial image of the user 110 and the extracted person authentication image, and determines that the person authentication is successful if a degree of match equal to or greater than a predetermined threshold is obtained, and determines that the person authentication is unsuccessful if the degree of match is below the predetermined threshold, and returns the person authentication result.

(Steps S27, S28) The communication terminal 100 receives the person authentication success or failure from the person authentication server 200a, and, for example, if this person authentication is being performed during an account transaction (deposit/withdrawal, transfer, etc.), proceeds to the account transaction flow.
In addition, if the person authentication is successful in step S25, instead of sending the successful person authentication directly to the communication terminal 100 and displaying it on the display/operation unit 150 of the communication terminal 100, the successful person authentication may be effectively notified by proceeding with the bank account transaction or other procedure.

(Modification of facial image capture)
When photographing an appearance image, instead of directly photographing the appearance of the user 110, a photograph of the user 110 is taken and sent to the electronic signature verification server 200 or the person authentication server 200a, which may result in erroneous authentication that the user 110 is actually present.
When verifying identity, it is necessary to connect the My Number card 115 and enter a password for electronic signature, but when authenticating the person, these steps are not necessary, and therefore there is a high risk of erroneous authentication, particularly by taking a photo of the user 110.
To reduce the risk of these false positives, it is desirable in identity verification and/or person authentication cases to verify that the captured facial image is that of a real person.

Methods for confirming that the image is of a real person's facial expression can include, for example, active authentication, in which the user specifies the direction in which the face is facing and checks whether the captured facial expression image is facing the specified direction, and/or passive authentication, which does not require any action from the user 110 and only requires a frontal photograph.
Passive authentication is preferable because it does not require any action by the user 110 and therefore can confirm that the facial image is that of a real person without impairing the convenience of the user 110.
However, in order to raise the level of authentication, it is necessary to select active authentication, which requires the action of the user 110, or a combination of active authentication and passive authentication, although this increases the burden on the user 110 and reduces convenience to some extent.

(Addition of transaction authentication to person authentication)
When person authentication is performed by account transactions via a network, account transactions (deposits, withdrawals, transfers, etc.) are often performed after successful person authentication. However, since person authentication does not involve verification by electronic signature as in identity confirmation, if the image is tampered with during communication from the communication terminal 100 to the person authentication server 200a and the facial image is replaced with a different image, erroneous authentication may occur.
On the other hand, there is a method of verifying that the contents of a transaction made by the user 110 have not been tampered with during communication and executing the transaction, called transaction authentication.

6 is a schematic flowchart showing an example of a flow of transaction authentication. The flow of transaction authentication will be described below with reference to FIG.
(Step S31) The user 110 inputs the transaction details into the communication terminal 100.
(Steps S32 and S33) The communication terminal 100 transmits the transaction details to the bank transaction server 350.
(Steps S34 and S35) The bank transaction server 350 creates a two-dimensional code based on the transaction details and transmits it to the communication terminal 100.
(Step S36) Communications terminal 100 displays the received two-dimensional barcode on display/operation unit 150.

(Steps S37 and S38) The camera-equipped token 190 reads the two-dimensional barcode, and restores and displays the transaction details.
(Steps S39, S40) The user 110 checks the transaction details displayed on the camera-equipped token 190, and if the displayed transaction details are correct, he/she enters the authentication number displayed on the camera-equipped token 190 into the communication terminal 100 and transmits it to the bank transaction server 350.
(Steps S41, S42) If the displayed transaction details are correct and the authentication number is entered and transmitted to the bank transaction server 350, the transaction is completed; if the displayed transaction details are incorrect, the transaction is canceled.

As described above, if communication between the communication terminal 100 and the bank transaction server 350 is tampered with, the transaction details cannot be correctly restored from the two-dimensional code, so by performing transaction authentication at the time of the transaction, it is possible to prevent fraudulent transactions due to communication tampering. On the other hand, the identity verification system 500 of the present invention can prevent fraudulent transactions due to impersonation of the user 110. Therefore, by combining the identity authentication of the present invention with transaction authentication, it is possible to more reliably prevent fraud in bank transactions, etc.

(Stricter identity verification through age estimation)
In cases of fraudulent new account opening or spoofing of existing accounts, elderly people are often the victims. In such cases, since the ages of the perpetrator and the victim are significantly different, in identity verification, the age estimated from the facial image of the user 110 sent is compared with the age calculated from the date of birth included in the personal information sent, and if the age difference is less than a specified value, the identity verification is judged to be successful, and if it exceeds the specified value, the identity verification is judged to be unsuccessful, thereby preventing damage caused by fraud.
In this case, the predetermined value is, for example, 3 years old, but it is desirable to change it appropriately depending on the accuracy of age estimation and the need for stricter identity verification.

Second Embodiment
The identity verification in the first embodiment uses public personal authentication, which is considered to have the highest level of assurance, to guarantee that the user 110 of the communication terminal 100 has memorized the password for the electronic signature and has the My Number card 115 in his/her possession. Therefore, there is a very high probability that the facial image is that of the holder of the My Number card 115. However, if someone other than the holder of the My Number card 115 illegally obtains the holder's My Number card 115 and password, it is not impossible to register that person's facial image as the holder's facial image. In that case, the fraud cannot be detected even in the person authentication.

In the second embodiment, the identity verification system 500a compares the appearance image (face photo image) contained in the front image of the My Number card 115 or the face photo image obtained from the IC chip of the My Number card 115 with the appearance image sent with an electronic signature before registration, so that even if someone illegally obtains the My Number card 115 and password of the holder, the illegally obtained appearance image is not registered as the identity authentication image of the holder of the My Number card. If a match is obtained that is equal to or exceeds a predetermined threshold, the identity verification of the user 110 is successful.

Therefore, the configuration of the identity verification system 500 in FIG. 1, the configuration of the communication terminal 100 in FIG. 2, and the configurations of the electronic signature verification server 200 and the person authentication server 200a in FIG. 3 are the same in the identity verification system 500a of the second embodiment. The flowchart of the person authentication process in FIG. 5 is also the same. However, in the second embodiment, if the electronic signature verification server 200 and the person authentication server 200a are provided separately, the electronic signature verification server 200 must also be provided with a face authentication unit 230.

7 is a schematic flowchart showing an example of the flow of the identity confirmation process of the second embodiment. Since the identity confirmation process of the second embodiment is similar to the identity confirmation process of the first embodiment, only the changes from the flowchart of the first embodiment will be described here.
(Step S01) In the first embodiment, only an image of the user's 110 appearance is captured, whereas in the second embodiment, an image of the front of the My Number card 115 is captured in addition to an image of the user's 110 appearance.
(Step S08) In the first embodiment, an image of the user's 110 appearance, an electronic signature, and an electronic certificate are transmitted, whereas in the second embodiment, an image of the front side of the My Number card 115 is transmitted in addition to the above.

(Steps S17 and S18) These are steps added in the second embodiment. In the first embodiment, if the validity of the electronic certificate is confirmed, the identity confirmation is deemed successful. In the second embodiment, however, the facial image included in the front image of the My Number card 115 is compared with the facial image sent with the electronic signature, and if a degree of match equal to or exceeds a predetermined threshold is obtained, the identity confirmation of the user 110 is deemed successful.
In the embodiment described in Figure 7 above, an image of the front of the My Number card 115 is photographed and sent to the electronic signature verification server 200, where it is compared with the facial image that has been electronically signed and sent. However, instead of photographing an image of the front of the My Number card 115, a facial photo image may be read from the IC chip of the My Number card 115, the read facial photo image may be sent to the electronic signature verification server 200, and it may be compared with the facial image that has been electronically signed and sent.

In this embodiment, user 110 corresponds to the "user", My Number card 115 corresponds to the "My Number card", communication terminal 100 corresponds to the "communication terminal", electronic signature verification server 200 corresponds to the "electronic signature verification server", person authentication server 200a corresponds to the "person authentication server", public personal authentication service server 300 corresponds to the "public personal authentication service server", and personal identification system 500, 500a corresponds to the "person identification system".

Although a preferred embodiment of the present invention is as described above, the present invention is not limited thereto. It will be understood that various other embodiments can be made without departing from the spirit and scope of the present invention. Furthermore, although the actions and effects of the configuration of the present invention are described in this embodiment, these actions and effects are merely examples and do not limit the present invention.

100 Communication terminal 110 User 115 My Number card 200 Electronic signature verification server 200a Person authentication server 300 Public personal authentication service server 500, 500a Personal identification system

Claims (6)

The user's My Number card,
A communication terminal capable of communicating with the IC chip of the My Number card and having a photographing function;
An electronic signature verification server;
A server of a public personal authentication service;
A personal identification system comprising:
In identity verification, the communication terminal photographs an image of the user's appearance, verifies the entered password for electronic signature, and if the password is correct, connects to the user's My Number card, electronically signs a document including the image of the user's appearance, personal information, and an identification ID for identifying the individual, and transmits the document body and the electronic certificate to the electronic signature verification server;
the electronic signature verification server decrypts the electronic signature to verify its identity with the document body, and communicates with a server of the public personal authentication service to determine whether the electronic certificate is valid or not. If the identity and validity of the electronic certificate are verified, the server determines that the identity verification of the user has been successful, and sends an image of the user's appearance together with the identification ID to the server for person authentication;
In the person authentication, the communication terminal takes a facial image of the user, and then transmits the facial image of the user and the identification ID to the person authentication server;
The identity authentication server performs facial authentication between the sent image of the user's appearance and the image for identity authentication corresponding to the identification ID, and determines that identity authentication is successful if a degree of match above a predetermined threshold is obtained. The identity verification system according to claim 1, wherein the electronic signature verification server verifies that the captured facial image is an image of a real person in the identity verification and/or the person authentication by passive authentication that does not require the user to act and/or active authentication that requires the user to act, The identity verification system of claim 1, further comprising transaction authentication during the identity authentication. In the identity verification, the communication terminal further takes a photograph of the front side of the My Number card or reads a face photo image from an IC chip of the My Number card and sends it to the electronic signature verification server;
The identity verification system of claim 1, wherein the electronic signature verification server compares a facial photo image contained in the front image of the My Number card or a facial photo image obtained from an IC chip of the My Number card with a facial image contained in the document, and if a degree of match equal to or exceeds a predetermined threshold is obtained, the identity verification of the user is successful. The identity verification system of claim 1, further comprising: in the identity verification, the electronic signature verification server compares the age calculated from the user's date of birth in the personal information sent from the communication terminal with the age estimated from the image of the user's appearance, and determines identity verification to be successful if the difference in age is within a predetermined range. The user's My Number card,
A communication terminal capable of communicating with the IC chip of the My Number card and having a photographing function;
An electronic signature verification server;
A server of a public personal authentication service;
A method for verifying identity by using a person authentication server, comprising:
The identity verification method consists of identity verification processing and person authentication processing,
The identity verification process includes:
a first facial image photographing step of the communication terminal photographing a facial image of the user;
an electronic signature step of verifying the input password for electronic signature by the communication terminal, and if the password is correct, connecting to the My Number card of the user and electronically signing a document including an image of the user's appearance, personal information, and an identification ID for identifying the individual;
an electronic signature sending step in which the communication terminal sends the document body, the electronic signature, and the electronic certificate to the electronic signature verification server;
an electronic signature verification step in which the electronic signature verification server decrypts the electronic signature to confirm the identity with the document body and communicates with a server of the public personal authentication service to determine whether the electronic certificate is valid;
an identity verification determination step of, when the identity and the validity of the electronic certificate are confirmed in the electronic signature verification step, determining that the identity verification of the user has been successful and sending an image of the user's appearance together with the identification ID to the person authentication server as an image for person authentication,
The person authentication process includes:
a second facial image photographing step of the communication terminal photographing a facial image of the user;
a facial image sending step in which the communication terminal sends a facial image of the user and the identification ID to the person authentication server;
The method for identity verification includes an identity authentication determination step in which the identity authentication server performs facial authentication between the sent image of the user's appearance and the image for identity authentication corresponding to the identification ID, and determines that identity authentication has been successful if a degree of match equal to or exceeds a predetermined threshold is obtained.