JPWO2012144105A1 - Biometric authentication system - Google Patents

Abstract

The biometric information acquired from the user at the time of authentication is registered, and the authentication accuracy from the next time is improved. At this time, even when a part of the existing registered biometric information includes a large error, highly accurate authentication is realized. A plurality of pieces of biological information acquired from the user at the time of past authentication and the reliability of each piece of biological information evaluated based on the similarity between the pieces of biological information are held. Similarity between each registered biometric information is calculated, and based on the similarity and reliability corresponding to each registered biometric information, a personal probability indicating the probability that the user is the user is calculated. High accuracy authentication is realized by determining whether or not the user is the person based on whether or not the threshold is exceeded, and when it is determined that the user is the person, the biometric acquired from the user The information is additionally registered as registered biometric information and used in the subsequent authentication.

Description

  The present invention relates to a biometric authentication technique, and more particularly to a technique for performing biometric authentication based on a plurality of registered biometric information.

  The biometric authentication system performs personal authentication based on biometric information such as fingerprints, veins, irises, faces, sounds, and handwriting. In general, in a biometric authentication system, first, biometric information of a user is acquired and registered in advance, and the biometric information of the user (hereinafter referred to as “authentication biometric information”) acquired at the time of authentication is registered in advance. The identity authentication is realized based on whether the similarity with the information (hereinafter referred to as “registered biometric information”) exceeds a certain threshold value. Here, in the biometric authentication system, if the degree of similarity between the registered biometric information and the authenticated biometric information acquired from the principal is a value lower than the threshold value, an event in which the principal is not authenticated (hereinafter referred to as “personal refusal”). ) Occurs, leading to a decrease in system convenience. The probability of this person refusal occurrence (hereinafter referred to as “person refusal rate”) depends on the surrounding environment (temperature, humidity, lighting environment, etc.) ) Will change and will increase when there is an error in the biological information.

  In order to solve this problem, a method of registering a plurality of biometric information after aging and biometric information acquired in various surrounding environments and using the biometric information for authentication can be considered.

  Patent Document 1 discloses a biometric authentication system in which biometric information acquired from a user at the time of authentication is registered and used for subsequent authentication. The biometric authentication system sets a certain range for the similarity between the authentication biometric information and the registered biometric information, and additionally registers the authentication biometric information included in the range. In the subsequent authentication, authentication is performed based on a plurality of registered biometric information including additionally registered biometric information.

  In Non-Patent Document 1, a plurality of types of biological information (for example, fingerprints and faces) are acquired, collated with the biological information acquired in advance, and identity verification is performed by performing fusion determination of the obtained similarities. A biometric authentication method is disclosed. In the biometric authentication method, a likelihood ratio is calculated from each similarity, and it is determined whether or not the person is the person by performing a test on the obtained likelihood ratio.

  In Patent Literature 1, it is determined based on the similarity between the authentication biometric information and a plurality of registered biometric information whether or not the authentication target person is the same as the person registered in advance. For this judgment method, a method for judging from the average value of all similarities, a method for judging from the similarity of the largest (or smallest) numerical value, a method for judging from the top several similarities with the largest numerical values, etc. are applied. can do.

JP 2006-127236 A K. Nandakumar, S .; C. Dass, A.D. K. Jain, “Likelihood Ratio Based Biometric Score Fusion”, Pattern Analysis and Machine Intelligence, IEEE, vol30, pp342-347, 2008

  However, these determination methods may fail to achieve sufficient authentication accuracy when one (or a plurality) of registered biometric information includes a large error.

  Therefore, the present invention performs high-accuracy authentication even when some of registered biometric information includes errors due to secular changes in biometric information, changes in the surrounding environment, noise at the time of biometric information acquisition, and the like. For the purpose.

  A typical example is a biometric authentication system that includes an input device that acquires biometric information of a user, a processor connected to the input device, and a storage device. A plurality of registered biometric information that is biometric information of the user at the time of authenticating the user and a reliability indicating an error between the plurality of registered biometric information are stored, and the processor authenticates the user Sometimes, it receives input biometric information that is biometric information of the user input from the input device, calculates a first similarity between the input biometric information and each of the plurality of registered biometric information, Based on the first similarity and the reliability, an identity probability indicating the probability that the user is the identity is calculated, and when the identity probability exceeds a predetermined authentication threshold, Authenticates that it is the identity of the user If it is determined that the person to provide a biometric authentication system and registers in the storage device by adding said input biometric information to the registered biometric information.

  According to an embodiment of the present invention, when a plurality of pieces of biometric information acquired for authentication are registered and the biometric information is used for subsequent authentication, some of the registered biometric information includes a large error. Even in the case where it is, high-accuracy authentication can be realized without degrading the authentication accuracy.

It is a figure which shows the system configuration | structure of the authentication terminal of 1st embodiment of this invention, and an authentication server. It is the figure which showed the information accumulate | stored in the registration biometric information storage part of 1st embodiment of this invention. It is the figure which showed the information accumulate | stored in the temporary registration biometric information storage part of 1st embodiment of this invention. It is the figure which showed the information preserve | saved in the likelihood ratio arrangement | sequence storage part of 1st embodiment of this invention. It is the figure which showed the information preserve | saved in the authentication threshold value storage part of 1st embodiment of this invention. In 1st embodiment of this invention, it is a figure which shows the procedure in the case of a user operating an authentication terminal and registering biometric information by batch processing. In 1st embodiment of this invention, it is a figure which shows the procedure in the case of a user operating an authentication terminal and registering biometric information by a real-time process. In 2nd embodiment of this invention, it is a figure which shows the procedure in the case of an operator operating an authentication terminal and registering biometric information by batch processing. In 2nd embodiment of this invention, it is a figure which shows the procedure in the case of an operator operating an authentication terminal and registering biometric information by real-time processing. In 3rd embodiment of this invention, it is a figure which shows the procedure in the case of an operator operating an authentication terminal and registering biometric information by batch processing. In 3rd embodiment of this invention, it is a figure which shows the procedure in the case of an operator operating an authentication terminal and registering biometric information by real-time processing. It is a figure which shows the procedure of biometric information collation in 1st embodiment of this invention. In 1st embodiment of this invention, it is a figure which shows the procedure of a principal probability calculation. In 1st embodiment of this invention, it is a figure which shows the procedure of identity determination. In 1st embodiment of this invention, it is a figure which shows the procedure of biometric information temporary registration. It is a figure which shows the procedure of biometric information main registration in 1st embodiment of this invention. It is a block diagram which shows the hardware constitutions of the authentication terminal in the biometrics system of 1st embodiment of this invention, and an authentication server. It is the figure which showed the information accumulate | stored in the black list of 3rd embodiment of this invention.

  In the determination methods of Patent Document 1 and Non-Patent Document 2, if one (or a plurality) of registered biometric information includes a large error, there is a possibility that sufficient authentication accuracy cannot be achieved. For example, in the method of judging from the average value of all similarities or the method of judging from the similarity of the smallest numerical value, if one (or a plurality) of registered biometric information includes a large error, High rejection rate. The method of judging from the similarity of the largest numerical value is the probability that the registered biometric information containing a large error and the biometric information of another person will be erroneously determined as the other person (hereinafter referred to as the person). , "Other person acceptance rate"). In the method of judging from the top several similarities with large numerical values, the authentication accuracy varies depending on the parameter of the number of similarities to be used, but an appropriate value for this parameter is the operating environment of the biometric authentication system (user familiarity, authentication Therefore, it is considered difficult to always operate with high authentication accuracy.

  Further, in Non-Patent Document 1, by calculating the likelihood ratio for each similarity and performing a fusion determination using the obtained likelihood ratio, it is determined whether or not the person to be authenticated is the same as the person registered in advance. Determine (hereinafter referred to as “likelihood ratio test method”). By using the likelihood ratio test method, the distribution according to the similarity when matching the biometric information of the person (hereinafter referred to as “identity distribution”) and the distribution according to the similarity when matching the biometric information of another person When (hereinafter referred to as “other person distribution”) is known, it is possible to minimize the rejection rate under certain restrictions on the acceptance rate of others.

  However, if one (or a plurality) of registered biometric information includes a large error, the similarity distribution between the registered biometric information including the error and the biometric information of the user is obtained by learning in advance. Unlike this, there is a problem that authentication accuracy is lowered.

<First embodiment>
The first embodiment uses an authentication terminal and an authentication server operated by the user himself / herself, and an error included in the biometric information with respect to a plurality of biometric information registered in advance (hereinafter referred to as “registered biometric information”). When authenticating the user with the reliability indicating, the similarity between the biometric information acquired from the user (hereinafter referred to as “authenticated biometric information”) and a plurality of registered biometric information, and each Based on the reliability of the registered biometric information, the probability of being the same person as the person registered in advance by the user (hereinafter referred to as the “principal probability”) is determined to determine whether or not the person is authentic, and the authentication has succeeded. In this case, the authentication biometric information is automatically registered in the authentication server.

  Hereinafter, it will be described in detail with reference to the drawings.

  FIG. 1 is a diagram illustrating a system configuration of an authentication terminal and an authentication server according to the first embodiment of this invention.

  In this figure, reference numeral 101 denotes an authentication terminal, reference numeral 102 denotes an authentication information acquisition unit, reference numeral 103 denotes an authentication result display unit, reference numeral 104 denotes an authentication server, reference numeral 105 denotes a biometric information matching unit, reference numeral 106 denotes a biometric information selection unit, reference numeral 107. Is a biometric information registration unit, code 108 is a reliability calculation unit, code 109 is a reliability registration unit, code 110 is a personal probability calculation unit, code 111 is a registered biometric information storage unit, code 112 is a temporary registration biometric information storage unit, code Reference numeral 113 denotes a likelihood ratio array storage unit, and reference numeral 114 denotes an authentication threshold value storage unit.

  The authentication terminal 101 corresponds to, for example, a terminal in an entry / exit management system, a PC in a PC login system, an examination terminal or an automated gate in an immigration control system, and is operated by the user who is the object of authentication or the operator in charge of the terminal Terminal. The authentication terminal 101 includes an authentication information acquisition unit 102 and an authentication result display unit 103 and is connected to the authentication server 104.

  The authentication information acquisition unit 102 acquires a user ID and biometric information from the user. The biometric information is a behavioral or physical feature that can identify an individual, such as a fingerprint, a vein, an iris, a face, a voice, or a handwriting.

  The authentication result display unit 103 displays the authentication result to a user who is operating the authentication terminal 101 or an operator.

  The authentication server 104 is a server that manages and collates biometric information in, for example, an entrance / exit management system, a PC login system, and an immigration control system. The authentication server 104 includes a biometric information matching unit 105, a biometric information selection unit 106, a biometric information registration unit 107, a reliability calculation unit 108, a reliability registration unit 109, an individual probability calculation unit 110, a registered biometric information storage unit 111, and temporary registration. The biometric information storage unit 112, the likelihood ratio array storage unit 113, and the authentication threshold value storage unit 114 are configured and connected to the authentication terminal 101.

  The biometric information collation unit 105 collates two pieces of biometric information and calculates a similarity or dissimilarity between the biometric information. The similarity or dissimilarity is an index representing how similar biometric information is expressed by a numerical value having a certain range such as 0 to 100, for example. For example, in the case of fingerprint authentication, the similarity or dissimilarity is obtained by evaluating the similarity between images based on the positions and directions of feature points in two fingerprint images. In the finger vein authentication based on image matching, for example, two finger vein patterns are overlapped and the similarity between patterns is evaluated based on the number of matching pixels.

  The biometric information selection unit 106 selects biometric information to be registered from a plurality of biometric information. As a standard used for selection of biometric information, it is possible to apply similarity between biometric information, biometric information registration date and time, quality of biometric information, and the like.

  The biometric information registration unit 107 registers the biometric information in the registered biometric information storage unit 111 in association with the user ID.

  The reliability calculation unit 108 calculates the reliability for the registered biometric information. The reliability is a value indicating how much error is included in each registered biometric information. Even if the registered biometric information includes an error by performing identity determination in consideration of the reliability, the reliability is high. Accurate determination is possible. For the reliability calculation, the similarity between biometric information, biometric information registration date, biometric information quality, and the like can be used. For example, the average value of the similarity (M-1) between the registered biometric information targeted for reliability calculation and other registered biometric information acquired from the same biometric is included in the target registered biometric information. Since it depends on the error, it can be used as the reliability of the registered biometric information of interest. In place of the average value, the error included in the registered biometric information is estimated using a statistical method from the similarity between the registered biometric information of interest and other registered biometric information acquired from the same biometric information. , It is good also as the reliability.

  The reliability registration unit 109 registers the reliability calculated by the reliability calculation unit 108 in the registered biometric information storage unit 111.

  The identity probability calculation unit 110 calculates the identity probability for the user based on the similarity between the biological information and the reliability for each biological information.

  The registered biometric information storage unit 111 stores a user ID, biometric information, and reliability.

  The temporary registration biometric information storage unit 112 stores a user ID and biometric information before being stored in the registration biometric information storage unit 111. The information stored in the temporary registration biometric information storage unit 112 is then registered in the registration biometric information storage unit 111 by batch processing.

  The likelihood ratio array storage unit 113 stores the likelihood ratio corresponding to the reliability of the biological information and the similarity between the biological information. The likelihood ratio L (r, s) corresponding to the reliability r and the similarity s is expressed as L (r, s) = G (r, s) / I (r, s). Here, G (r, s) indicates the value of the identity distribution when the reliability is r and similarity s, and I (r, s) indicates the value of the other person distribution when the reliability is r and similarity s. The individual distribution G (r, s) and the other person distribution I (r, s) are obtained by collecting biological information in advance and learning the distribution that the biological information follows. Specifically, in this learning, a reliability r and a similarity s are calculated for a set of biometric information between each other and between others, and a two-dimensional frequency distribution is acquired. This frequency distribution is subjected to parametric estimation using a distribution function typified by a normal distribution, non-parametric estimation typified by kernel density estimation, etc., so that the principal distribution G (r, s) and The other person distribution I (r, s) is obtained.

  The authentication threshold value storage unit 114 stores an authentication threshold value for the probability of identity. The authentication threshold is used when determining whether or not the person to be authenticated is the person based on the probability of the person. When the person's probability is equal to or higher than the authentication threshold, the person is determined to be the person and the person's probability is authenticated. When it is less than the threshold value, it is determined that the person is another person. The authentication threshold is determined by collecting biometric information in advance and calculating an authentication threshold that satisfies the accuracy requirement. In addition, since an appropriate value for the authentication threshold varies depending on the required accuracy requirement, the accuracy requirement and the corresponding authentication threshold are determined and held in advance. Here, as the accuracy requirement, the probability that another person is erroneously determined as the principal (hereinafter referred to as “other person acceptance rate”) is used.

  Details of each part in FIG. 1 will be described with reference to the drawings in FIGS.

  FIG. 2 is a diagram illustrating information accumulated in the registered biometric information storage unit 111 according to the first embodiment of this invention.

  “User ID” 201 is a unique ID assigned to each user, and is composed of alphanumeric characters, for example. The line 204 is a description regarding the “user ID” being “0001”, the line 205 is the description regarding the “user ID” being “0001”, and the line 206 is the “user ID” being “0001”. It is a description regarding what is “0002”.

  “Registered biometric information” 202 describes registered biometric information acquired from the user. For example, “registered biometric information” 202 in the row 204 stores biometric information acquired when a user whose “user ID” is “0001” uses it for the first time.

  “Reliability” 203 describes the reliability R (i, j) for the biometric information acquired by the user with the user ID i at the j-th use. The reliability is represented by a numerical value within a certain range, and is a value indicating how much error the corresponding registered biometric information includes, and is calculated by the reliability calculation unit 108.

  FIG. 3 is a diagram illustrating information accumulated in the temporary registration biometric information storage unit 112 according to the first embodiment of this invention. In this embodiment, there are two methods for registering biometric information: batch processing and real-time processing, and the provisional registration biometric information storage unit 112 stores information before batch application when performing registration in batch processing. Used.

  “User ID” 301 is a unique ID assigned to each user, and is composed of alphanumeric characters, for example. The row 303 is a description regarding the “user ID” of “0001”, the row 304 is the description of the “user ID” of “0001”, and the row 305 is the “user ID” of “0001”. It is a description regarding what is “0002”.

  “Temporary registration biometric information” 302 describes temporary registration biometric information acquired from the user. For example, “temporarily registered biometric information” 302 in the row 303 stores biometric information acquired when the user with the user ID “0001” uses it for the third time.

  FIG. 4 is a diagram illustrating information stored in the likelihood ratio array storage unit 113 according to the first embodiment of this invention. In this embodiment, the likelihood ratio L (r, s) when the reliability is r and the similarity is s is calculated based on the principal distribution G (r, s) and others distribution I (r, s) learned in advance. Then, the obtained likelihood ratio is stored in the likelihood ratio array storage unit 113. Personal authentication is realized by calculating the identity probability based on this likelihood ratio and determining whether or not the person to be authenticated is the identity.

  “Reliability” 401 describes the reliability r (eg, 10, 20,...) Of the registered biometric information.

  The “similarity” 402 describes values (for example, 0 to 100) that the similarity s between the biological information can take.

  The “likelihood ratio” 403 stores the likelihood ratio L (r, s) when the reliability is r and the similarity is s. The likelihood ratio L (r, s) is calculated based on biological information collected in advance for learning, and is written in the “likelihood ratio” 403 before starting the operation of the system.

  FIG. 5 is a diagram illustrating information stored in the authentication threshold value storage unit 114 according to the first embodiment of this invention.

“Accuracy requirement (FAR)” 501 is a requirement for the accuracy of authentication, line 503 is a description regarding “accuracy requirement (FAR)” being “0.001”, and line 504 is “accuracy requirement (FAR)”. "Is a description related to" 0.0001 ", and line 505 is a description related to" accuracy requirement (FAR) "is" 0.0001 ".
“Authentication threshold value” 502 describes an authentication threshold value to be applied to the identity probability.

  “Accuracy requirement (FAR)” 501 is a security requirement for the accuracy of authentication. For example, when it is desired to suppress the probability of erroneously accepting another person to about once every 1000 times (that is, FAR = 0.001), the authentication threshold is set to “T (0.001)” according to the row 503. In this case, the authentication is successful when the identity probability exceeds “T (0.001)”, and the authentication failure occurs when the probability is lower.

  6 and 7 are diagrams showing a procedure for performing user authentication and biometric information registration in the first embodiment of the present invention. In the first embodiment of the present invention, a user who is an authentication target operates the authentication terminal 101. There are two methods for registering biometric information: batch processing and real-time processing. FIG. 6 shows a procedure for registering biometric information by batch processing, and FIG. 7 shows a case for registering biometric information by real-time processing. Show the procedure. Furthermore, the detailed procedure of the processing of FIGS. 6 and 7 is shown in FIGS.

  FIG. 6 is a diagram showing a procedure when the user operates the authentication terminal and registers biometric information by batch processing in the first embodiment of the present invention.

  First, the authentication terminal 101 performs processing 603 for acquiring a user ID. As a method for acquiring a user ID, a method of manually inputting with a numeric key, a method of acquiring an ID from a magnetic card or an IC card, a method of reading a character string printed on paper with a scanner, and the like are applicable. .

  Next, the authentication terminal 101 performs processing 604 for acquiring biometric information. In acquiring biometric information, a dedicated device that reads fingerprints, veins, irises, handwriting, and the like included in the authentication information acquisition unit 102, a camera that captures a face, a microphone that acquires sound, and the like are used. Next, the authentication terminal 101 transmits authentication information (user ID / biometric information) 605 to the authentication server 104. Next, the authentication server 104 performs processing 606 for collating biometric information. In the process 606, the user's biometric information (one case) and a plurality of registered biometric information (N cases) are collated, and N similarities (or dissimilarities) are calculated. A specific processing procedure of the processing 606 is shown in FIG. Next, the authentication server 104 performs a process 607 for calculating the identity probability. In the process 607, the authentication server 104 calculates the identity probability based on the similarity between the biometric information acquired from the user and the registered biometric information and the reliability of the registered biometric information. The similarity between the biometric information is an index indicating how similar the biometric information is calculated in the process 606. When the similarity is large, the two biometric information is obtained from the same person. It can be judged that there is. The reliability of the registered biometric information is calculated in advance in the biometric information main registration 612 when the user has previously authenticated, and indicates how much error the registered biometric information includes. A specific processing procedure of the processing 607 is shown in FIG. Next, the authentication server 104 performs processing 608 for determining whether or not the user is the user. In process 608, a likelihood ratio is calculated from the similarity between the biometric information and the reliability of each registered biometric information, and the individual probability is calculated by integrating the likelihood ratio, and the obtained individual probability is authenticated. It is determined whether or not the user is the user by applying a threshold value. At this time, in the present embodiment, the reliability of the registered biometric information is included in the likelihood ratio calculation, and the personal probability calculation is performed in consideration of the error included in the registered biometric information. As a result, compared with a method in which identity determination is performed based only on the similarity between biometric information, even when a part of registered biometric information includes a large error, high-accuracy authentication is possible. A specific processing procedure of the processing 608 is shown in FIG. Next, the authentication server 104 performs processing 609 for temporarily registering biometric information. A specific processing procedure of the processing 609 is shown in FIG. Next, the authentication server 104 transmits the authentication result 610 to the authentication terminal 101. The authentication result 610 includes information indicating whether or not the user has been successfully authenticated. Next, the authentication terminal 101 performs processing 611 for outputting an authentication result. In process 611, the authentication result display unit 105 is used to convey the authentication result to the user.

  By repeating the authentication processing from the user ID acquisition processing 603 to the authentication result output processing 611, the biometric information temporary registration 609 is executed a plurality of times, and a plurality of biometric information is accumulated in the temporary registration biometric information storage unit 112. Thereafter, in this embodiment, biometric information main registration 612 is performed as a batch process. A specific procedure of the process 612 is shown in FIG. As a result, a plurality of pieces of biometric information are registered and utilized in subsequent authentications.

  As described above, in the method in which the biometric information temporary registration 609 is executed a plurality of times and then the biometric information main registration 612 is performed (hereinafter referred to as “biometric information batch registration method”), the process (process) necessary for authentication is performed at the time of user authentication. 606 to process 608) and temporary biometric information registration 609 are performed. Since the biometric information temporary registration 609 has a relatively low computer load, it is possible to perform a quick authentication process without degrading the performance by adopting the biometric information batch registration method. Therefore, it is desirable to adopt a biometric information batch registration method in a large-scale biometric authentication system with a large number of authentications per unit time. In the biometric information batch registration method, the similarity between each registered biometric information and the reliability are not calculated during authentication, and the biometric information main registration 612 performs batch processing.

  The detailed procedure of the process in the first embodiment is shown in FIGS. Hereinafter, it will be described in detail with reference to the drawings.

  FIG. 12 is a diagram showing a biometric information collating procedure in the first embodiment of the present invention.

  Step 1201 is a process of reading the registered biometric information 202 stored in the registered biometric information storage unit 114 based on the user ID. Since the registered biometric information storage unit 114 can store a plurality of registered biometric information, one or a plurality of registered biometric information is read out here.

  Step 1202 is processing for collating the biometric information received from the authentication terminal 101 with the N registered biometric information read out in step 1201. With this process, N similarities are calculated for N registered biometric information.

  FIG. 13 is a diagram showing a procedure for calculating the probability of identity in the first embodiment of the present invention.

  Step 1301 is a process of reading the reliability 203 for each registered biometric information stored in the registered biometric information storage unit 114 based on the user ID. Since the registered biometric information storage unit 114 can store a plurality of registered biometric information, the reliability 203 read here is one or more.

  Step 1302 is a process of reading the likelihood ratio L (r, s) from the likelihood ratio array storage unit 113 based on the reliability r of each registered biometric information read in step 1301 and the similarity s calculated in step 1202. is there.

  Step 1303 is a process for calculating the identity probability by integrating the likelihood ratios obtained in step 1302. Specifically, the likelihood ratio L ′ for the entire registered biometric information is obtained by multiplying the likelihood ratios for each registered biometric information, and the posterior probability P ′ = (L ′ × P) / (L '× P + 1−P) is calculated. However, P is a prior probability for the user, and the probability of the user trying to authenticate is substituted in advance. The prior probability may be given the same value (for example, 0.5) to all users in advance. When there is a difference in the probability that the user performs authentication, a different prior probability may be assigned to each user according to the probability. In step 1303, the obtained posterior probability P ′ is output as the principal probability.

  Here, each likelihood ratio L is calculated based on the reliability and similarity corresponding to each registered biometric information. Each likelihood ratio L takes a large value when the reliability is high (that is, the error included in the registered biometric information is small), and when the reliability is low (that is, the error included in the registered biometric information is large). Take a small value. As a result, a determination is made with emphasis on the registered biometric information determined that the error is small, and even when a part of the registered biometric information includes a large error, the influence is reduced, and highly accurate authentication is possible.

  Note that the method for performing identity determination is not limited to the method using the likelihood ratio, and various methods can be employed. For example, in a machine learning method represented by SVM and Boosting, the same effect can be obtained by obtaining a final output value in consideration of the reliability of each registered biometric information.

FIG. 14 is a diagram showing a procedure for identity determination in the first embodiment of the present invention.
Step 1401 is processing for applying the authentication threshold value 502 to the identity probability calculated in step 1304.

  Step 1402 is processing for determining whether or not the identity probability is greater than the authentication threshold value 502. If the identity probability is greater than the authentication threshold value 502, the process proceeds to step 1403. If the identity probability is smaller than the authentication threshold value 502, the process proceeds to step 1404.

  Step 1403 is processing for substituting information indicating successful authentication into the authentication result.

  Step 1404 is processing for substituting information indicating authentication failure into the authentication result.

  FIG. 15 is a diagram showing a procedure of temporary biometric information registration in the first embodiment of the present invention.

  Step 1501 is a process of registering the user ID acquired in the user ID acquisition process 603 and the biometric information acquired in the biometric information acquisition process 604 in the temporary registration biometric information storage unit 112. The registered biometric information is not yet used for the subsequent authentication, and is registered in the registered biometric information storage unit 111 when the biometric information main registration shown in FIG. 16 is performed.

  FIG. 16 is a diagram showing a procedure of biometric information main registration in the first embodiment of the present invention.

  Step 1601 is a process of registering the user ID / biometric information received from the authentication terminal 101 and the user ID / biological information recorded in the temporary registration biometric information storage unit 112 in the registered biometric information storage unit 111. At this time, if the biometric information already associated with the user ID exists in the registered biometric information storage unit 111, the biometric information is additionally registered while the existing biometric information remains. In addition, if additional registration is repeated to increase registered biometric information, the required storage capacity and the time required to collate biometric information increase proportionally, so an upper limit is set for the number of registered biometric information. You can also. In order to keep the number of registered biometric information below the upper limit, it is necessary to select / delete biometric information when the registered number exceeds the upper limit. The biometric information to be deleted is selected in the biometric information selection unit 106 based on the biometric information registration date and time, the similarity between the biometric information, the value indicating the quality of the biometric information, and the like. For example, biometric information with the oldest registration date and time, maximum (or minimum), average value, median, average value of several upper (or lower) similarities with other biometric information are maximum (or minimum). By selecting and deleting biometric information, biometric information having the lowest quality value, and the like, the number of registered biometric information can be kept below the upper limit.

  In addition, when biometric information is deleted, information used for authentication decreases, and there is a risk that authentication accuracy from the next time onward will decrease. In order to prevent this decrease in accuracy, for example, a method of providing a weight for each registered biometric information and increasing the weight for biometric information similar to the biometric information when the biometric information is deleted can be considered. At the time of authentication, it is possible to suppress a decrease in authentication accuracy due to deletion of biometric information by obtaining the identity probability in consideration of this weight.

  Step 1602 is a process of collating all combinations of registered biometric information having the same user ID and obtaining the similarity. For example, when N pieces of registered biometric information corresponding to a certain user ID are registered, the registered biometric information is collated (N−1) × N times, and (N−1) × N similarities. Degree is obtained.

  Step 1603 is a process for calculating the reliability of each registered biometric information based on the similarity between the registered biometric information. The reliability is a value indicating how much error is included in each registered biometric information. Even if the registered biometric information includes an error by performing identity determination in consideration of the reliability, the reliability is high. Accurate determination is possible. As the reliability, for example, an average value of the similarities (N−1) between the registered biometric information of interest and other registered biometric information can be employed. In addition, the said reliability is the minimum value, average value, median value, maximum value, and several upper (or lower) similarities (M-1) between the target registered biometric information and other registered biometric information. It can also be calculated by using one or more of the average value, the elapsed time since biometric information is registered, and the value indicating the quality of the biometric information.

  Step 1604 is processing for registering the reliability calculated in step 1603 to the reliability 203 of the registered biometric information storage unit 111.

  FIG. 17 is a block diagram illustrating a hardware configuration of an authentication terminal and an authentication server in the biometric authentication system according to the first embodiment.

  In this figure, reference numeral 1701 is a CPU (Central Processing Unit), reference numeral 1702 is a memory, reference numeral 1703 is an HDD (Hard Disk Drive), reference numeral 1704 is an input device, reference numeral 1705 is an output device, and reference numeral 1706 is a communication device.

  The CPU 1701 executes programs corresponding to the biometric information matching unit 105, the biometric information selection unit 106, the biometric information registration unit 107, the reliability calculation unit 108, the reliability registration unit 109, and the identity probability calculation unit 110 of the authentication server 104. The memory 1702 stores programs corresponding to the biometric information matching unit 105, the biometric information selection unit 106, the biometric information registration unit 107, the reliability calculation unit 108, the reliability registration unit 109, and the identity probability calculation unit 110 of the authentication server 104. Each process is realized by the CPU 1701 executing these programs. The HDD 1703 corresponds to the registered biometric information storage unit 111, temporary registration biometric information storage unit 112, likelihood ratio array storage unit 113, and authentication threshold value storage unit 114 in the authentication server 101. Data stored by each unit is accumulated as data on the HDD 1703. The input device 1704 corresponds to the biometric information acquisition unit 102 in the authentication terminal 101. The biometric information acquisition unit 102 acquires biometric information such as fingerprints, veins, irises, sounds, and handwriting from the user. The output device 1705 corresponds to the authentication result display unit 103 of the authentication terminal 101. The authentication result display unit 103 transmits the authentication result to a user or an operator who operates the authentication terminal 101 through, for example, a display. The communication device 1706 is used when transmitting / receiving authentication information and an authentication result between the authentication terminal 101 and the authentication server 104.

  FIG. 7 is a diagram showing a procedure when the user operates the authentication terminal and registers biometric information by real-time processing in the first embodiment of the present invention.

  First, the authentication terminal 101 performs a user ID input process 703. As a method for acquiring the user ID, a method of manually inputting with a numeric key, a method of acquiring an ID from a magnetic card or an IC card, a method of reading a number printed on paper with a scanner, and the like are applicable. Next, the authentication terminal 101 performs a process 704 for acquiring biometric information. In acquiring biometric information, a dedicated device that reads fingerprints, veins, irises, handwriting, and the like included in the authentication information acquisition unit 102, a camera that captures a face, a microphone that acquires sound, and the like are used. Next, the authentication terminal 101 transmits authentication information (user ID / biometric information) 705 to the authentication server 104. Next, the authentication server 104 performs processing 706 for collating biometric information. A specific processing procedure of the processing 706 is shown in FIG. Next, the authentication server 104 performs a process 707 for calculating the identity probability. A specific processing procedure of the processing 707 is shown in FIG. Next, the authentication server 104 performs processing 708 for determining the person. A specific processing procedure of the processing 708 is shown in FIG. Next, the authentication server 104 performs a process 709 for registering the main biometric information. A specific procedure of the processing 709 is shown in FIG. Next, the authentication server 104 transmits an authentication result 710 to the authentication terminal 101. The authentication result 710 includes information indicating whether or not the user has been successfully authenticated. Finally, the authentication terminal 101 performs processing 711 for outputting the authentication result. In process 711, the authentication result display unit 103 is used to convey the authentication result to the user.

  As described above, in the method of performing biometric information main registration 709 at the time of authentication (hereinafter referred to as “biological information sequential registration method”), the processing (steps 706 to 708) necessary for the user identification at the time of user authentication and biometric information main registration are performed. 709 is performed. Since the biometric information main registration 709 has a relatively high computer load, it is difficult to apply the biometric information sequential registration method to a large-scale biometric authentication system. However, in the biometric information sequential registration method, biometric information is immediately registered at the time of authentication, so that it is possible to improve authentication accuracy without waiting for batch processing. Therefore, a biometric authentication system in which the number of authentications per unit time is small and the same person authenticates many times in a short time is considered to be highly effective.

  According to the first embodiment of the present invention described above, even when a large error is included in some of the plurality of registered biometric information, it is possible to perform highly accurate identity verification.

<Second Embodiment>
The second embodiment uses an authentication terminal and an authentication server operated by an operator to automatically register biometric information acquired from a user (hereinafter referred to as authentication biometric information) in the authentication server, and a plurality of registered biometric information The reliability based on the similarity between the registered biometric information is given to the registered biometric information (hereinafter referred to as “registered biometric information”). At the time of user authentication, the similarity between the authentication biometric information and the plurality of registered biometric information This is a system for determining whether or not the person is the principal by calculating the principal probability based on the reliability. However, the authentication terminal can receive the confirmation result regarding the user's identification items from the operating operator. For example, when the verification of the biometric information in the authentication server fails and the identity verification based on the biometric information cannot be performed, the identity verification is completed by accepting the confirmation result.

  Hereinafter, the second embodiment will be described in detail with reference to the drawings.

  FIG. 8 is a diagram showing a procedure when an operator operates an authentication terminal and biometric information is registered by batch processing in the second embodiment of the present invention.

  First, the authentication terminal 101 performs processing 803 for inputting a user ID. As in the first embodiment, the method for acquiring the user ID is a method of manually inputting with a numeric key, a method of acquiring an ID from a magnetic card or an IC card, and reading a number printed on paper with a scanner. Methods, etc. are applicable. Next, the authentication terminal 101 performs processing 804 for acquiring biometric information. Also in the acquisition of biometric information, as in the first embodiment, the authentication information acquisition unit 102 includes a dedicated device for reading fingerprints, veins, irises, handwriting, etc., a camera for photographing a face, a microphone for acquiring sound, and the like. Use. Next, the authentication terminal 101 transmits authentication information (user ID / biometric information) 805 to the authentication server 104. Next, the authentication server 104 performs processing 806 for collating biometric information. A specific processing procedure of the processing 806 is shown in FIG. Next, the authentication server 104 performs processing 807 for calculating the identity probability. A specific processing procedure of the processing 807 is shown in FIG. Next, the authentication server 104 performs processing 808 for determining whether or not the user is the person himself / herself. A specific processing procedure of the processing 808 is shown in FIG. Next, the authentication server 104 transmits an authentication result 809 to the authentication terminal 101. The authentication result 809 includes information indicating whether or not the user has been successfully authenticated. Next, the authentication terminal 101 performs processing 810 for outputting an authentication result, and presents through the output device 1705 to the operator whether the user has been successfully authenticated. Next, the authentication terminal 101 performs processing 811 for accepting the confirmation result of the authentication result.

  There are four types of confirmation results depending on the authentication result of the user. When the user authentication is successful, it is possible to select a confirmation result that accepts the authentication result and recognizes the user as the principal, and a confirmation result that does not recognize the user as the principal against the authentication result. If there are no problems with other identification items (for example, identification card, etc.) related to the user, selecting the former will determine that the final identity verification has been successful, and the biometric information obtained from the user Additional registration can be performed. On the other hand, if there is a problem with identification items other than the biometric information related to the user and the user cannot be identified as the person, selecting the latter will fail the identity verification and cancel the additional registration of the biometric information. Is possible.

  In addition, when the user authentication fails, a confirmation result that recognizes the user as the person against the authentication result and a confirmation result that accepts the authentication result and does not recognize the person can be selected. If identity verification can be performed from other than the biometric information related to the user, selecting the former will result in the final identity verification being successful and registering additional biometric information obtained from the user. Is possible. On the other hand, if it is difficult to perform identity verification using identification items other than biometric information related to the user, selecting the latter will result in failure of identity verification and additional registration of biometric information. It becomes possible not to.

  Next, the authentication terminal 101 transmits the confirmation result 812 to the authentication server 104. If the confirmation result 812 includes information indicating successful identity verification, the authentication server 104 executes a biometric information temporary registration process 813. A specific procedure of the process 813 is shown in FIG. On the other hand, if the confirmation result 812 includes information indicating the failure of identity verification, the process is terminated without performing the subsequent biometric information temporary registration process 813.

  By repeating the authentication process from the user ID input 803 to the biometric information temporary registration 813, the biometric information temporary registration 813 is executed a plurality of times. Thereafter, in the present embodiment, biometric information main registration 814 is performed as batch processing. A specific procedure of the process 814 is shown in FIG. Thereby, a plurality of user's biometric information is registered.

  In this embodiment, after the authentication result based on the biometric information is transmitted to the authentication terminal 101, the operator's confirmation result can be accepted. As a result, even if the degree of similarity between the existing registered biometric information and the biometric information acquired from the user is low and the authorized user fails to authenticate, the person based on the identification items other than the biometric information by the operator of the authentication terminal 101 The confirmation result can be transmitted to the authentication server 106. As a result, the authentication server 106 can perform additional registration of biometric information even when identity verification based on biometric information fails.

  FIG. 9 is a diagram showing a procedure when an operator operates an authentication terminal and biometric information is registered by real-time processing in the second embodiment of the present invention.

  First, the authentication terminal 101 performs a user ID input process 903. As a method for acquiring the user ID, a method of manually inputting with a numeric key, a method of acquiring an ID from a magnetic card or an IC card, a method of reading a number printed on paper with a scanner, and the like are applicable. Next, the authentication terminal 101 performs a process 904 for acquiring biometric information. In process 904, a dedicated device for reading fingerprints, veins, irises, handwriting, and the like included in the authentication information acquisition unit 102, a camera that captures a face, a microphone that acquires sound, and the like are used. Next, the authentication terminal 101 transmits authentication information (user ID / biometric information) 905 to the authentication server 104. Next, the authentication server 104 performs processing 906 for collating biometric information. A specific processing procedure of the processing 906 is shown in FIG. Next, the authentication server 104 performs processing 907 for calculating the identity probability. A specific processing procedure of the processing 907 is shown in FIG. Next, the authentication server 104 performs processing 908 for determining the person. A specific processing procedure of the processing 908 is shown in FIG. Next, the authentication server 104 transmits an authentication result 909 to the authentication terminal 101. The authentication result 909 includes information indicating whether the user authentication is successful. Next, the authentication terminal 101 performs a process 910 for outputting an authentication result, and presents through the output device 1705 whether or not the user has been successfully authenticated. Next, the authentication terminal 101 performs a process 911 for receiving a confirmation result of the authentication result. Next, the authentication terminal 101 transmits the confirmation result 912 to the authentication server 104. Finally, the authentication server 104 performs a process 913 for registering biometric information. A specific processing procedure of the processing 913 is shown in FIG.

According to the above procedure, in this embodiment, in the biometric authentication system that additionally registers the biometric information acquired at the time of authentication and performs authentication using a plurality of registered biometric information, a part of the registered biometric information includes a large error. Even in such a case, it is possible to perform highly accurate authentication. In addition, when a legitimate user fails in biometric authentication, it is possible to perform additional registration of biometric information by accepting an examination result by an operator, and to improve authentication accuracy from the next time.
<Third embodiment>
The third embodiment uses an authentication terminal and an authentication server operated by an operator to acquire two types of biological information, ie, first biological information and second biological information, from a user, and uses the first biological information. It is a system that performs efficient examination by utilizing blacklist matching using confirmation and second biometric information. The first biometric information is biometric information such as fingerprints, veins, irises, faces, voices, and handwriting, and the second biometric information is a type of biometric information different from the first biometric information. For example, it is possible to employ a vein as the first biological information and a fingerprint as the second biological information. In blacklist verification, biometric information acquired from a criminal or other sensitive person is accumulated as a blacklist, and checked with the user's biometric information to determine whether the user is a sensitive person. Is. An example of the black list is shown in FIG. “User ID” 1801 is a unique ID assigned to each user, and is composed of alphanumeric characters, for example. “Identification information” 1802 is information regarding the identity of the user, and includes, for example, name, nationality, gender, date of birth, and the like. “Biometric information” 1803 is the biometric information of the user, and stores registered second biometric information acquired from the user. This black list is stored in the HDD 1703 of the authentication server 104 or the HDD 1703 in another server that can be referred to by the authentication server 104.
This embodiment can be applied to a system that performs blacklist matching using biometric authentication, represented by immigration.

  As in the second embodiment, the identity verification is realized by determining whether or not the user is the identity based on the biometric information registered at the time of previous authentication. At this time, by registering only the users who are not registered in the black list in the biometric information database for identity verification, it is confirmed that the user is not registered in the black list by the identity verification based on the first biometric information. It can be guaranteed.

  On the other hand, the black list collation is realized by collating the second biometric information included in the black list with the second biometric information acquired from the user. If there is no matching biometric information as a result of the blacklist collation, the user is determined not to be a person of caution and can pass the examination.

  Hereinafter, the third embodiment will be described in detail with reference to the drawings.

  FIG. 10 is a diagram showing a procedure in the case where the operator operates the authentication terminal in the third embodiment of the present invention and performs examination including blacklist verification for the user.

  First, the authentication terminal 101 performs a user ID input process 1003. As in the first embodiment, the method for acquiring the user ID is a method of manually inputting with a numeric key, a method of acquiring an ID from a magnetic card or an IC card, and reading a number printed on paper with a scanner. Methods, etc. are applicable. In particular, when immigration is applied, it is possible to uniquely determine the traveler by reading the passport number printed on the passport.

  Next, the authentication terminal 101 performs the process 1004 which acquires 1st biometric information and 2nd biometric information. In the acquisition of biometric information, as in the first embodiment, a dedicated device that reads fingerprints, veins, irises, and the like included in the authentication information acquisition unit 102, a camera that shoots a face, and the like are used. However, in this embodiment, it is necessary to acquire two types of first biological information and second biological information. The method for acquiring two types of biological information includes a method of using a device for acquiring first biological information (for example, vein) and a device for acquiring second biological information (for example, fingerprint), and first biological information, A method using an apparatus that acquires second biological information at a time is applicable.

  Next, the authentication terminal 101 transmits authentication information (user ID / first biometric information) 1005 to the authentication server 104. Next, the authentication server 104 performs a process 1006 for collating biometric information (first biometric information). A specific processing procedure of the processing 1006 is shown in FIG. The content of the process 1006 is the same as the process 606 in the first embodiment.

  Next, the authentication server 104 performs a process 1007 for calculating the identity probability. A specific processing procedure of the processing 1007 is shown in FIG. The content of the process 1007 is the same as the process 607 in the first embodiment.

  Next, the authentication server 104 performs processing 1008 for determining the person. A specific processing procedure of the processing 1008 is shown in FIG. The content of the process 1008 is the same as the process 608 in the first embodiment.

  Next, the authentication server 104 transmits the first verification result 1009 to the authentication terminal 101. The first verification result 1009 includes information indicating whether or not the user authentication is successful.

  Next, the authentication terminal 101 performs a process 1010 for outputting the first verification result, and presents to the operator whether or not the user has been successfully authenticated through the output device 1705. The present embodiment is intended to determine whether or not a user is a person requiring attention registered in a black list. For this reason, if the first verification result 1009 includes information indicating that the authentication is successful, the blacklist verification may not be performed in the following processing 1011 to processing 1014. On the other hand, if the first verification result 1009 includes information indicating that authentication failed or registered biometric information does not exist, blacklist verification is performed in the following processing 1011 to processing 1014, and the user It is necessary to determine whether the person is a person who needs attention.

  Next, the authentication terminal 101 transmits authentication information (second biometric information) 1011 to the authentication server 104.

  Next, the authentication server 104 performs processing 1012 for performing blacklist matching based on the second biometric information. In the process 1012, it is determined whether or not the user is a person requiring attention by comparing the second biological information acquired in advance from a plurality of persons requiring attention with the biological information acquired from the user.

  Next, the authentication server 104 transmits the second verification result 1013 to the authentication terminal 101. The second verification result 1013 includes information indicating whether or not the user is determined to be a person requiring attention.

  Next, the authentication terminal 101 performs processing 1014 for outputting the second verification result, and presents to the operator whether or not the user is a person requiring attention through the output device 1705.

  Next, the authentication terminal 101 performs a process 1015 for accepting an operator confirmation result. The confirmation result includes information indicating whether or not to register the first biological information. If the user is not a person who needs attention, registering the first biometric information can realize a smooth examination that does not require blacklist verification from the next time onward. On the other hand, if the user is a person who needs attention, the first biometric information is not registered and the examination is completed. Here, even if it is determined in the second verification result 1013 that the user is a person requiring attention, the operator is confirmed that the user is not a person requiring attention in an examination based on identification items other than the user's biological information. Then, the first biometric information registration can be executed. This is because when the second biometric information of the user and the second biometric information of the person requiring attention are similar, a user other than the person requiring attention may be erroneously determined as the person requiring attention. As described above, a user having second biometric information similar to a person requiring attention may be erroneously determined to be a person requiring attention each time blacklist matching based on the second biometric information is performed and there is a risk that convenience may be reduced. However, by registering the first biometric information, it is not necessary to perform blacklist matching, and it is possible to ensure convenience.

  Next, the authentication terminal 101 transmits the confirmation result 1016 to the authentication server 104.

  Here, the authentication server 104 branches the process according to the information included in the confirmation result 1016. If the confirmation result 1016 includes information indicating that the first biometric information registration is performed, processing 1017 to processing 1018 are performed. If the confirmation result 1016 includes information indicating that the first biometric information registration is not performed, the process ends here.

  In process 1017, temporary registration of the first biological information is performed. A specific processing procedure of the processing 1017 is shown in FIG. By repeating the processing 1003 to the processing 1017, a plurality of first biometric information is accumulated in the temporary registration biometric information storage unit 115.

  Finally, the authentication server 104 performs a process 1018 for registering the first biometric information. A specific processing procedure of the processing 1018 is shown in FIG. Registration of the accumulated first biological information is completed by repeating steps 1003 to 1017.

  FIG. 11 is a diagram showing a procedure in the case where the operator operates the authentication terminal in the third embodiment of the present invention and performs examination including blacklist verification for the user. Processes 1103 to 1116 are the same as those in FIG. 10, but the timing of executing subsequent biometric information main registration (first biometric information) 1117 is different from that in FIG. 10. In FIG. 10, the biometric information temporary registration (first biometric information) 1017 is repeated to accumulate biometric information in the temporary registration biometric information storage unit 115, and then the biometric information main registration (first biometric information) 1018 performs batch processing. Information is permanently registered in the registered biometric information storage unit 114. In this method involving temporary registration of biometric information, the calculation load at the time of authentication is low, but a table for storing temporary biometric information is required, and the capacity of the DB increases. On the other hand, in FIG. 11, provisional registration of biometric information is not performed, but biometric information main registration (first biometric information) 1117 is performed in real time, and biometric information is registered in the registered biometric information storage unit 114. In this method of performing real-time biometric information registration, the calculation load at the time of authentication is high, but a table for storing temporarily registered biometric information is not required, and the required DB capacity is reduced.

  As described above, in the biometric authentication system that performs examination including blacklist matching based on the second biometric information, a plurality of first biometric information can be registered and used for identity verification. By using this embodiment, a user who does not match the biometric information in the black list can perform a smooth examination by the identity verification based on the first biometric information. In addition, if a user who has similar biometric information to the person requiring attention is confirmed not to be a person requiring attention in the examination based on the identification items other than the biometric information, the first biometric information is registered, and the blacklist is used from the next time. It becomes possible to receive an examination without misjudgment of verification.

DESCRIPTION OF SYMBOLS 101 ... Authentication terminal 102 ... Authentication information acquisition part 103 ... Authentication result display part 104 ... Authentication server 105 ... Biometric information collation part 106 ... Biometric information selection part 107 ... Biometric information registration part 108 ... Reliability calculation part 109 ... Reliability registration part 110 ... Identity probability calculating unit 111 ... Registered biometric information storage unit 112 ... Temporarily registered biometric information storage unit 113 ... Likelihood ratio array storage unit 114 ... Authentication threshold value storage unit 201 ... User ID
202 ... Registered biometric information 203 ... Reliability 301 ... User ID
302 ... Temporarily registered biometric information 401 ... Reliability 402 ... Similarity 403 ... Likelihood ratio 501 ... Accuracy requirement (FAR)
502 ... Authentication threshold value 603 ... User ID acquisition 604 ... Biometric information acquisition 605 ... Authentication information (user ID / biological information)
606 ... biometric information collation 607 ... identity probability calculation 608 ... identity determination 609 ... biometric information temporary registration 610 ... authentication result 611 ... authentication result output 612 ... biometric information main registration 703 ... user ID input 704 ... biometric information acquisition 705 ... authentication information (User ID / Biological information)
706 ... biometric information collation 707 ... identity probability calculation 708 ... identity determination 709 ... biometric information main registration 710 ... authentication result 711 ... authentication result output 803 ... user ID input 804 ... biometric information acquisition 805 ... authentication information (user ID and biometrics) information)
806 ... Biometric information collation 807 ... Identity probability calculation 808 ... Identity determination 809 ... Authentication result 810 ... Authentication result output 811 ... Confirmation result input 812 ... Confirmation result 813 ... Biometric information temporary registration 814 ... Biometric information main registration 903 ... User ID input 904 ... Biometric information acquisition 905 ... Authentication information (user ID and biometric information)
906 ... biometric information collation 907 ... identity probability calculation 908 ... identity determination 909 ... authentication result 910 ... authentication result output 911 ... confirmation result input 912 ... confirmation result 913 ... biometric information main registration 1003 ... user ID input 1004 ... first and second Second biometric information acquisition 1005 ... authentication information (user ID / first biometric information)
1006 ... Biometric information collation (first biometric information)
1007 ... Identity probability calculation 1008 ... Identity determination 1009 ... First verification result 1010 ... First verification result output 1011 ... Authentication information (user ID / second biometric information)
1012 ... Biometric information collation (second biometric information)
1013 ... Second collation result 1014 ... Second collation result output 1015 ... Confirmation result input 1016 ... Confirmation result 1017 ... Biometric information temporary registration (first biometric information)
1018 ... Biometric information main registration (first biometric information)
1103 ... User ID input 1104 ... First and second biometric information acquisition 1105 ... Authentication information (user ID and first biometric information)
1106 Biometric information collation (first biometric information)
1107 ... Identity probability calculation 1108 ... Identity determination 1109 ... First verification result 1110 ... First verification result output 1111 ... Authentication information (user ID / second biometric information)
1112 ... Biometric information collation (second biometric information)
1113 ... second verification result 1114 ... second verification result output 1115 ... confirmation result input 1116 ... confirmation result 1117 ... biometric information main registration (first biometric information)
1201... Processing for referencing registered biometric information (N cases) based on user ID 1202... Processing for comparing received biometric information with N pieces of registered biometric information 1203... Processing for calculating N similarities 1301. A process 1302 for reading the reliability of each registered biometric information based on the person ID, a process 1303 for reading the likelihood ratio based on the reliability and similarity of the registered biometric information, and a likelihood ratio corresponding to each registered biometric information. Process 1401 for integrating and calculating a probability of identity 140... Processing for applying a preset authentication threshold to the probability of identity 1402... Checking whether identity probability> authentication threshold 1403. Substitution process 1404 ... Substitution process 1501 for substituting authentication failure into the authentication result Process 1 for registering the user ID and the biometric information acquired from the user in the temporary registration biometric information storage unit 01 ... Process for registering user ID and biometric information in registered biometric information storage unit 1602 ... Process for matching registered biometric information with the same user ID and obtaining similarity 1603 ... Similarity between registered biometric information Processing for calculating the reliability of each registered biometric information 1604... Processing for registering the reliability in the registered biometric information storage unit 1701... CPU (Central Processing Unit)
1702 ... Memory 1703 ... HDD (Hard Disk Drive)
1704 ... Input device 1705 ... Output device 1706 ... Communication device 1801 ... User ID
1802 ... Identification information 1803 ... Biological information

Claims (8)

A biometric authentication system comprising an input device for acquiring biometric information of a user, a processor connected to the input device, and a storage device,
In the storage device,
A plurality of registered biometric information that is biometric information of the user when the user has been authenticated in the past, and a reliability indicating an error between the plurality of registered biometric information are stored,
When the processor authenticates the user,
Receiving input biometric information that is biometric information of the user input from the input device;
Calculating a first similarity between the input biometric information and each of the plurality of registered biometric information;
Based on the first similarity and the reliability, a user probability indicating the probability that the user is the user is calculated,
If the identity probability exceeds a predetermined authentication threshold, authenticate that the user is the identity,
When it is determined that the user is the user, the biometric authentication system is characterized in that the input biometric information is added to the registered biometric information and registered in the storage device. The biometric authentication system according to claim 1,
The processor is
When calculating the reliability of the registered biometric information,
Calculating a second similarity between each of the registered biometric information;
An error included in the registered biometric information is estimated based on the similarity. The biometric authentication system according to claim 2,
The said processor calculates | requires the average value of said 2nd similarity as each said error about each of the said user's registration biometric information, The biometrics authentication system characterized by the above-mentioned. The biometric authentication system according to claim 1,
The storage device further stores registered biometric information of other users,
The processor is
A first likelihood ratio relating to the reliability and similarity of the registered biometric information of the user;
A second likelihood ratio related to the reliability and similarity of the registered biometric information of the other user is estimated and stored in the storage device;
The biometric authentication system, wherein the identity probability is calculated using the first likelihood ratio and the second likelihood ratio. The biometric authentication system according to claim 1,
An authentication terminal,
The processor is
Outputting the authentication result of the user to the authentication terminal;
Receiving the first information indicating acceptance of the authentication result or the second information indicating the examination result based on the identification items other than the biological information from the authentication terminal;
When the first information is received, the authentication result is used. When the second information is received, the examination result is used as a final authentication result.
The biometric authentication system, wherein when the authentication is successful according to the final authentication result, the input biometric information is added to the plurality of registered biometric information and registered. The biometric authentication system according to claim 5,
The storage device further stores a black list, and the black list stores biometric information of a user,
The processor is
Receiving from the user second biometric information of the user different from the first biometric information of the user and the first biometric information;
Authenticating the identity based on the first biological information;
Authenticating that the user is a user included in the blacklist based on the second biometric information and the biometric information stored in the blacklist;
If it turns out that the user is not a blacklisted person of interest,
A biometric authentication system, wherein the first biometric information is registered in addition to the plurality of registered biometric information. The biometric authentication system according to claim 1,
Set an upper limit on the number of registered biometric information,
When biometric information exceeding the threshold is registered, select biometric information to be held based on the registration date and time of each registered biometric information, the similarity between registered information, the value indicating the quality of each registered biometric information, and the like,
A biometric authentication system that deletes other biometric information. The biometric authentication system according to claim 1,
When the user authentication is successful, the biometric information acquired from the user is temporarily registered,
Then calculate the reliability for each temporary registration biometric information in batch processing,
A biometric authentication system characterized in that temporary registration biometric information and its reliability are fully registered.

Images