WO2008050765A1 - Individual authentication system - Google Patents

Abstract

When performing individual authentication via a network by using electronic information which can easily be tampered, leak, or be stolen, it is possible to provide an authentication system increasing an authentication accuracy and the improving the in-system safety by performing match/not-match authentication using biometrics and temporally/spatially continuous authentication across the registered person existence history and the information providing terminal. The authentication server includes a database for managing individual information on a registered person to be an authentication object. The authentication server is connected to a plurality of managing terminals via a communication line network. The individual information and the spatial information transmitted from the individual information input via the managing terminal are correlated with the individual information and the spatial information in the database, thereby performing authentication of existence of the registered person.

Description

 Specification

 Personal authentication system

 Technical field

 TECHNICAL FIELD [0001] The present invention relates to an authentication system, and in particular, biometric information, information terminals carried by registrants, photographing devices centered on surveillance cameras scattered in society, and registrants use daily. It relates to an authentication system that links various location information providing services and various processes.

 Background art

 Conventionally, at the time of financial transactions, the identity of a user has been proved by combining a proof of cash card and an information input operation of password input. Also, when entering the building, they have presented ID cards such as employee ID cards and student ID cards, and previously used keys.

 However, in the case of cash cards and ID cards, advances in printing and skimming technologies make it possible to forge cards and documents, and passwords are also easy to guess because of many guessable character strings such as date of birth and phone number. There was room for others to illegally use. Also, it is possible to make a copy of the certification item called a key in a short time.

 [0003] In order to prevent such unauthorized authentication, authentication using biometrics information such as fingerprint information and palm vein information and electronic information media such as IC cards and electronic tags has been proposed in recent years. This biometric information refers to information that is inherent to the person, and is unique to the person that cannot be possessed by others, so it has been said that it is difficult to counterfeit or obtain unauthorized information. . Also, it has been said that IC cards are highly tamper resistant and it is difficult for third parties to obtain stored information easily.

 However, even in the authentication method using biometric information and electronic information media, the technology for tampering with and illegally obtaining the electronic information is constantly evolving, and in particular, authentication via the Internet. In this case, since it is difficult to see the other party's appearance, the vulnerability of the authentication cannot be denied.

[0004] As one of the security enhancements of such electronic information authentication, A personal authentication system using biometrics information disclosed in Document 1 and position information of an input device and an admission management system using an IC card disclosed in Patent Document 2 have been proposed.

 In this patent document 1, an individual is specified by collating biometrics information registered in advance, input biometrics information, and position information of an information input device. Personal authentication information stored in a pre-distributed IC card is presented to the reading terminal when entering the room, and the individual is identified.

 Patent Document 1: JP 2006-236357

 Patent Document 2: JP 2005-285056

[0005] On the other hand, system control using spatial information recognition as disclosed in Patent Document 3 has been proposed as one of enhancements to personal authentication processing.

 In this Patent Document 3, personal authentication processing is performed by taking into account the continuity of the space and time in which personal information for collation is entered and read only by collating personal information. It is possible to provide with high accuracy.

 Patent Document 3: Patent No. 3946243

 Disclosure of the invention

 Problems to be solved by the invention

[0006] However, even in the case of personal authentication based on electronic information with enhanced security, the input of authentication information is based on the registrant's own actions, so if the number of actions is small, It is possible to illegally align the space and time sequence to be compared. On the other hand, in the admission management system using IC cards, both of them are completely prevented by impersonating IC cards and falsifying electronic information. It was difficult.

[0007] The present invention has been made in view of the above-mentioned problems, and when performing personal authentication via a network using electronic information that can be easily altered, leaked, and stolen, Regardless of whether or not it has been tampered with, the existence of the registrant is verified by performing temporal and spatial authentication by adding the estimated information of the registrant's existence space to the biometrics information match / mismatch authentication. Authentication accuracy can be improved and fraudulent activity can be easily detected. An object of the present invention is to provide an authentication system that realizes improved security. Means for solving the problem

 [0008] In order to achieve such an object, the present invention provides a server group including a database for managing personal information of a registrant, an information input device operated by the registrant, and the personal belongings of the person. An authentication system in which a reader that receives radio waves is connected via a communication network, and the information input device performs personal authentication based on personal information input by the registrant, and The mobile information created as an authentication result is transmitted to the server group, and the reader performs personal authentication based on the radio wave information received from the registrant's belongings and the terminal identification information, and the authentication is performed. The movement information created as a result is transmitted to the server group. When the server group receives the movement information, the server group compares the received movement information with past movement information in the database. , Characterized in that to authenticate the existence of the registrant.

 [0009] According to the present invention, the movement information includes spatial information based on an installation position of the information input device that is the movement information transmission source, and time information indicating a time when the information was input by the person. And a personal identification ID unique to the person.

 [0010] Further, according to the present invention, the movement information includes the spatial information based on the position of the possessed item recognized by the reading device as the movement information transmission source and the time when the radio wave is received by the reading device. Including time information to be shown and a personal identification ID unique to the person.

Yes

 [0011] Further, according to the present invention, the authentication system creates an exchange server for creating information indicating a space where the registrant is personally authenticated based on the movement information and distributing the information to the server group. It is characterized by having.

 [0012] According to the present invention, the exchange server converts a personal identification ID included in the movement information into a personal ID corresponding to the server group to be distributed, and distributes the registrant's real information. It is characterized by doing.

[0013] Further, according to the present invention, the server group manages one or more information input devices or reading devices to form a unit that is a network configuration unit, and the information input device in the unit Or, the personal information of the registrant is input or radio waves by the reader. Is received, the server group determines that the registrant exists within the physical space that the unit constitutes, and recognizes that the registrant has moved out of the physical space after the determination. If the information input device in another unit inputs the personal information of the registrant or recognizes the radio wave reception of the belongings by the reading device, the registrant provides a predetermined service to the information input device in the unit. When the function to provide is provided, the service providing function of the information input device is stopped or restricted.

[0014] According to the present invention, the server group includes one or more information input devices or reading devices.

 By forming a unit that is a network configuration unit, when the personal information of the registrant is input or a radio wave is received by the information input device or the reading device in the unit, the server group The registrant determines that the unit has moved from the physical space formed by the unit to the physical space in which the other unit is arranged, and after the determination, the registrant's personal information by the information input device in the unit before the movement If the information input device in the unit has a function of providing a predetermined service to the registrant upon recognizing the radio wave received by the input or reading device, the service of the information input device is provided. The provision function is stopped or restricted.

 [0015] According to the present invention, when the server group obtains information indicating the registrant's existence space, the physical space corresponding to the spatial information and the information installed in the vicinity of the physical space are provided. A process for verifying the existence of the registrant is requested from the input device or the reading device.

 [0016] Further, according to the present invention, if the server group cannot acquire the information indicating the existence of the registrant after receiving the information for requesting the registrant's existence verification process, the information indicating the existence unconfirmed Is transmitted to the exchange server.

 [0017] Further, according to the present invention, the server group transmits transaction, service or operation permission information to the information input device.

[0018] Further, according to the present invention, when the server group obtains information indicating the existence space of the registrant, the server group executes a transaction or service or operation in the space as a process belonging to the registrant. It is characterized by that. [0019] According to the present invention, the transaction or service or operation is a financial transaction, a settlement transaction, data browsing, data registration, use of an electronic medical record, unlocking or locking, and operation of the information input device. It is characterized by.

 [0020] Further, according to the present invention, the server group indicates the movement information of the registrant, the information indicating the existence space, and the existence space recognized by another server group received via the exchange server. The processing range is determined by comparing with information.

 [0021] According to the present invention, the server group compares information indicating the location of the registrant with information indicating the location of the registrant that is continuous with the information, and The authentication accuracy step is determined.

 [0022] According to the present invention, the server group may be configured such that the registrant determines that the unit has moved from the physical space in which the unit is disposed to the physical space in which another unit is disposed. When the personal information of the registrant is input, it is determined that an abnormal situation has occurred.

 [0023] Further, according to the present invention, when the server group determines that the input of the personal information of the registrant is an abnormal state, the server group locks or shoots images to the information input device or the reading device. Information for instructing photography is transmitted.

 [0024] Further, according to the present invention, after the registrant determines that the registrant exists in the physical space in which the unit is arranged, the registrant has another unit from the exchange server. When receiving information indicating that personal authentication has been performed, the registrant recognizes that the unit has left the physical space in which the unit is placed.

 [0025] Further, according to the present invention, the server group includes a calculation system for calculating the personal credit of the person.

 [0026] It should be noted that any combination of the above-described constituent elements, and the constituent elements and expressions of the present invention are mutually replaced between a method, apparatus, authentication system, computer program, recording medium storing the computer program, and the like. Those are also effective as an embodiment of the present invention.

 The invention's effect

[0027] The authentication system according to the present invention has a plurality of terminals and is based on position information held by a terminal that inputs registrant's personal information and radio waves transmitted / received by an information terminal held by the registrant. A system that authenticates registrants based on specified location information, and the storage location of the registrant's personal information in the authentication system moves according to the physical movement of the registrant. Since it is difficult for a third party to specify the storage location of the registrant's personal information, such third parties prevent the registrant's personal information from being altered, leaked, or stolen. The fraudulent behavior can be easily detected, and security in the system can be improved.

 BEST MODE FOR CARRYING OUT THE INVENTION

<Description of Basic Configuration and Basic Operation of Authentication System>

 Before describing each embodiment, the basic configuration and basic operation of the authentication system according to this embodiment will be described below by dividing it into the following items.

 • Basic configuration of authentication system

 • Common features of each terminal that composes the authentication system

 • Basic information each terminal has

 • Example of database configuration for each terminal

[0029] (Basic configuration of authentication system: overall configuration)

FIG. 1 (a) is a block diagram showing a schematic configuration of the authentication system in the embodiment of the present invention. As shown in FIG. 1 (a), the authentication system includes an authentication server 10 that manages registrant history information, and , The exchange server 20 that distributes the registrant's location information or unconfirmed information, the building-side terminal 110 that integrates and manages the terminals installed in buildings such as mansions and buildings, and administrative agencies, companies, and schools Organizational side terminal 120 that integrates and manages terminals installed in a certain organization, regional management side terminal 130 that integrates and manages terminals installed in a certain area such as OOmachi 1-chome, and each of these terminals 110, Relay terminal 140 that complementarily integrates and manages terminals that are not integratedly managed by 120 and 130, aggregation terminal 150 that integrates and manages these terminals 110, 120, 130, and 140, The terminal 160 for authenticating the registrant Communication network 200, which is a network of the Internet, wired communication network, wireless communication network, digital terrestrial wave, infrared communication, optical fiber communication, quantum communication, power line communication, millimeter wave communication, human body communication, weak radio wave, etc. Connected through Made.

 Each of these terminals is subdivided according to the application, installation location, etc., but when referred to below as “each terminal”, unless otherwise specified, each of these terminals 10, 20, 110, 120, 130, 140, 15 It is assumed that 0 and 160 are all shown.

 Further, the building-side terminal 110, the organization-side terminal 120, the regional management-side terminal 130, and the relay-side terminal 140 are collectively referred to as “sub-server group” below.

 Each terminal has a database (DB) for recording and managing the registrant's personal history information and location information, and the details of the management structure in the database will be described later.

 In addition, each terminal has a function for reading personal information such as biometrics information, a function for determining the authenticity of evidence, infrared, temperature, humidity, illuminance, human feeling, sound, radio wave status, power status, acceleration, distortion, vibration In some cases, a sensor capable of grasping magnetism or the like is attached or mounted.

[0030] (Basic configuration of authentication system: authentication server 10)

 The authentication server 10 is a server device managed and operated by a management organization that manages the personal information of the registrant. The authentication server 10 has a function for authenticating the registrant based on personal history information and location information, and a database. (DB) 11

[0031] (Basic configuration of authentication system: exchange server 20)

 The exchange server 20 is a server device managed and operated by a management organization that receives and distributes location information of registrants. The exchange server 20 includes a function for distributing and storing the received location information, a function for authenticating a registrant based on the location information of the registrant and information about whether or not the registrant is present, and a database (DB) 21. Yes.

[0032] (Basic configuration of authentication system: Aggregation side terminal 150)

 Aggregation-side terminal 150 is a sub-server device provided to connect authentication server 10 and a group of sub-servers that collectively manage terminal-side terminal 160 via communication network 200. However, in the system configuration, the authentication server 10 and the sub server group are directly connected without using the aggregation side terminal 150, or the aggregation side terminal 150 is connected between the authentication server 10 and the sub server group. There may be several installed in between.

Aggregation side terminal 150 performs the function of authentication server 10 and stores it in history information and location information. Based on this, it has a function to authenticate the registrant and a database (DB) 151.

[0033] (Basic configuration of authentication system: building-side terminal 110)

 The building-side terminal 110 is a sub-server device that is provided for integrated management of the terminal-side terminal 160 installed in or around the building for each building. The building-side terminal 110 performs the function of the authentication server 10 or the aggregation-side terminal 150, and has a function of authenticating the registrant based on history information and location information, and a database (DB) 111. In addition, the integrated management unit of the terminal 160 by the building terminal 110 is a room, a school classroom, an independent division unit of the condominium, a resident individual / group unit in the building, which may be further subdivided in the building It is composed of floor units!

 The user of the building-side terminal 110 is a management organization such as a school, a factory, a hospital, an airport, a station, a store, a door, or a user organization, an owner of an aircraft, a train, a building or a structure, or a user.

[0034] (Basic configuration of authentication system: organization side terminal 120)

 The organization-side terminal 120 is a sub-server device provided for integrated management of each terminal-side terminal 160 used by a school, company, public institution, or any organization that uses a database. This organization-side terminal 120 performs the function of the authentication server 10 or the aggregation-side terminal 150, and has a function of authenticating the registrant based on history information and location information, and a database (DB) 121. ing.

 Users of organization-side terminal 120 are: schools, entire companies or branches / departments, municipalities, ministries and agencies such as the Ministry of Foreign Affairs, financial institutions (including electronic money management companies), hospitals, hobby associations, store sales units, It may be a building management association, an entrance / exit, an electronic money terminal, a manager of a register, or a user. Further, when a single organization conducts business activities and transactions in a plurality of fields, an organization-side terminal 120 may be provided for each field, and the related terminal-side terminals 160 may be integrated and managed.

[0035] (Basic configuration of authentication system: regional management side terminal 130)

The terminal 130 on the regional management side is used for the integrated management of the terminal unit 160 installed within the range managed by administrative units such as prefectures, municipalities, and town names, or by wireless and wired base stations. This is a sub-server device provided for the purpose. The regional management side terminal 130 performs the function of the authentication server 10 or the aggregation side terminal 150, and has a function of authenticating the registrant based on history information and location information, and a database (DB) 131. ing.

 For example, the regional management terminal 130 is located on the terminal side installed in a certain area as shown below.

 The terminal 160 is integratedly managed.

 • Within a certain area surrounded by two different meridians and two different latitudes

 • Circular shape with one point on the earth as the central point · Within a certain area specified as a square shape

 • Within a certain area specified on the earth from a cone with a point in the universe

 • Within a certain area where radio towers and radio transmitters / receivers can communicate

[0036] (Basic configuration of authentication system: relay terminal 140)

 The relay-side terminal 140 is a sub-server device provided to manage and operate the end-side terminal 160 that is not directly connected to the building-side terminal 110, the organization-side terminal 120, and the regional management-side terminal 130. This relay side terminal 140 acts as a proxy for the function of the authentication server 10 or the aggregation side terminal 150, and has a function of authenticating the registrant based on history information and location information, and a database (DB) 141. Yes.

[0037] (Basic configuration of authentication system: terminal 160 on the terminal side)

 The terminal 160 is an information processing device installed in a daily activity range of a registrant, etc., and a building, place, organization, or area where people gather, or an information processing device possessed by a registrant. Personal biometrics information of registrants, information on evidence such as passport 'license' magnetic card 'authentication cards, passwords, radio waves from mobile phones, personal digital assistants and GPS systems, IC cards, electronic tags and beacons A function that reads, inputs, or communicates radio waves (hereinafter referred to as electronic tags, etc.) (hereinafter referred to as inputs), and authenticates the registrant based on history information and location information; It has a database (general DB161).

In addition, the terminal 160, when the registrant's personal authentication is successful, enters and exits, uses electronic money, financial transactions, uses various systems, unlocks keys, uses various electrical products, and signs documents. Printing, browsing various information, etc., providing identification information and all processing based on personal authentication.

 As a result of authentication, the fact that a registrant receives these various services from the terminal 160 on the terminal side is referred to as “utilization on the terminal”.

 Terminal-side terminal 160 functions as an information input device, a function for registering authentication history information and personal information in its own terminal, a function for browsing registered personal information and authentication history information, and a function for transmitting and receiving with each other terminal Have

 The terminal 160 includes a mobile phone, a portable information terminal, an IC card, an electronic recording medium, and RFI D, and may be installed in household appliances and various machines. Note that the terminal 160 may be rented by the registrant from the management side of the authentication system, etc., which the registrant himself owns or occupies.

[0038] An authentication system according to an embodiment of the present invention includes the above-described components.

 1S In each embodiment to be described later, the authentication system is selectively configured by its components.

 [0039] (Features common to all terminals)

 Here, a description will be given of features common to the above-described terminals.

 1. Storage of the installation position information of own machine

 2. Auxiliary transmission function such as installation position information of own machine

 3. Storage of terminal identification ID

 4. Storage of usage information of own machine

 [0040] (Common features of each terminal: 1. Storage of installation position information or installation space information)

 Each terminal stores installation position information indicating the position where the terminal is installed! /.

 This installation position information includes the 2D or 3D information of the position where the information terminal is actually installed and / or the name of the installation position. Two-dimensional information is represented by latitude and longitude, and three-dimensional information is the sky represented by height from the ground or underground depth in addition to latitude and longitude.

Inter-recognition information. Note that the height or depth is displayed in addition to the metric display. The display may be the second floor of the object, the first floor of the basement, or the display above sea level. In addition, examples of names of installation locations include fixed locations such as “00 Building 6th Floor” and “00 Hospital Reception Desk Unit 1”, as well as airplanes, trains, automobiles, etc. , Elevators, escalators, portable terminals, etc. whose installation position and altitude change every moment. For example, “Owner owned XX company △△ type aircraft, right side of boarding gate of airplane number 123 It is always indicated as “door”.

 In addition, when a location information recognition authentication system represented by a GPS authentication system or a flight recorder is available, it can be displayed in the information format specified by the system, or a mobile phone or a mobile information terminal, When the location of the terminal changes from moment to moment, it is allowed to recognize the applicable range of base stations, radio wave receivers, etc. that are performing wireless communication and infrared communication as space and use it as installation location information.

 To store location information, only ro information that identifies the device itself is stored in the terminal, and location information associated with ro information in another terminal in the network is acquired through the communication network 200, and the location information is acquired. Needless to say, the recognition method is also included.

 In the example described above, each terminal stores information indicating its own installation position in itself! /, But the information terminal is equipped with a device such as GPS that can recognize the current position! /, The device may recognize the current location (2D / 3D information or the situation around the installation location).

 In addition, in the case of mobile phone base stations, wireless antennas (hereinafter referred to as antennas), surveillance cameras, video cameras and facial information readers (hereinafter referred to as cameras), the location of the terminal and the terminal can communicate with each other. The information indicating the space or the space that can be photographed may be used as installation position information.

 [0041] (Common features of each terminal: 2. Auxiliary transmission function such as installation location information of own device)

 Each terminal has a function of transmitting input (reading) information, movement information, and various types of information to each terminal. At this time, each terminal transmits the transmission information in association with the above-described location information of the terminal and the terminal identification ID. This makes it easy to determine the information source and spatial information in the system.

[0042] (Basic information held by each terminal: 3. Storage of terminal identification ID) Each terminal is assigned unique identification information (including the terminal identification ID) for identifying the terminal itself, and stores each terminal's own identification information.

 This identification information may be a character string of several digits such as a general identification ID or an identification number. In addition, it is preferable that the identification information is given a name of the installation location and a specific description. In particular, in the case of terminals installed at one point represented by the same latitude and longitude, identification information is assigned according to installation altitude and installation purpose so that clear terminal identification is possible.

[0043] (Basic information held by each terminal: 4. Storage of usage information of own device)

 In addition to the function to authenticate the registrant and send / receive the authentication result and the personal information of the registrant, each terminal has multiple other functions that can be applied to multiple purposes. Stores information indicating the available functions.

 For example, in the case of a terminal 160 installed on the doorknob outside the house entrance, when the registrant holds the doorknob to enter the building, authentication is performed and the door lock is unlocked. Determine whether to allow entry. At the same time, it may be set such that the operation of instructing the process of automatically turning on the room lamp is performed in accordance with the recognition that “it will be in the house”. In this way, it is possible to improve the convenience of a terminal by stacking multiple purposes on one terminal.

[0044] (Database configuration example: overall configuration example)

 FIG. 1 (b) shows an example of the database configuration of the authentication system of the present invention, taking the integrated DB 11 provided in the authentication server 10 as an example. Figure 1 (c) is a list showing that each terminal in this system configures the database in the same way as the general DB11. As shown in the figure, the comprehensive DB 11 is composed of a history information DB12, a verification information DB13, a basic information DB14, an availability information DB15, and a search information DB16. Below, the information in the database managed by each terminal is summarized as personal information.

 The availability information DB and the search information DB may not be stored in the general DB, but may be provided in parallel with the general DB.

[0045] The history information DB is a database that stores information related to personal history, and is a registered person. There are pre-defined columns for storing and storing all of the registered history, behavior history, medical records, various transaction histories such as finance and purchases, balance, entry / exit history, and biometrics information. It also has a part to store the history of personal information registration, browsing requests, authentication requests, legitimate requests for personal information or legitimacy responses made by each terminal.

 [0046] The verification information DB is a database that stores information on processing steps, execution details, evidence, witnesses, etc. related to verification of the existence of an individual or the authenticity of the personal information. The behavioral records of the person, the contents of exchanges with related organizations, evidence, and video / audio of the witness are replaced with electronic information and stored.

 [0047] The basic information DB is a database that stores information that is a basic part of personal information. The latest information is stored in the terminal and the history information and verification information stored in the terminal related to the terminal. Information or information that is judged to form the basis of the registrant's personal information is extracted and stored.

 Basic information DB14 includes historical information DB12, 112, 122, 132, 142, 152, 162 and verifications Jusei DB13, 113, 123, 133, 143, 153, 163 The basic information at the terminal is extracted in the same way as the basic information DB14.

 Examples of information to be extracted include main items such as general standard information of registrants such as address, name, date of birth, and the latest electronic money balance and electronic medical record information. The basic information extracted is the source. The ability to easily browse or search detailed information by linking to certain history information and verification information.

 [0048] The availability information DB is a database that stores information for determining, instructing, and controlling the operation progress after authentication based on the authentication result of the registrant.

 [0049] The search information DB is a database that stores the names, personal identification IDs and Vs of all registrants to facilitate the search process, and is stored in the terminal and terminals related to the terminal. Extracted from the personal information of everyone who is stored. The search information can also be linked to the personal information that is the source of the extraction, and the detailed information can be easily browsed or searched.

[0050] The history information DB, the verification information DB, and the basic information DB are individual information folders, and the availability information DB and the search information DB are preferably managed in an aggregated form. If there is no information to be stored in each DB, it is possible that the terminal does not have the DB. is there.

 In addition, if the information registered or used in the terminal is common or limited among registrants, the DB folder should be used so that one shared folder is used without providing a personal folder. Make the structure simple! /!

 (Database configuration example: Data configuration example of the history information database)

 For example, the following (1) to (; 13) are listed as the history information registered in the history information DB. In principle, all information is given time information indicating the date and time when the information occurred.

 (1) Personal data

 Name, address, phone number, e-mail address, date of birth, nearest station, family structure, friendship, hobbies, creditworthiness, information such as passport and Basic Resident Register card, and personal identification ID.

 (2) Career data

 School enrollment certificate · Graduation certificate · Grade certificate, qualification name, year of passing qualification and registration number, education, job history, job qualification, etc. are all included.

 (3) Biometric information

 Includes all biometric information such as fingerprints, irises, voiceprints, veins, genes, and face outlines.

 (4) Visual data

 Video, images, audio, or a combination of multiple information that records individual actions, including information that indirectly proves the existence of the registrant, such as interview photos and news videos.

 (5) Action record data

 Register detailed item information indicating the start or result of actions such as application form, admission card, participation certificate, certificate of commendation, participant list, participation data, entry / exit record, entry / exit record.

 (6) Financial transaction data

Financial derivatives such as electronic money, deposits, investment trusts, loans, stocks, bonds, foreign exchange, options and derivatives, precious metals (gold, platinum, etc.), items handled by commodity exchanges (red beans, soybeans, oil, sugar, etc.) , Credit card, point card, mileage card, etc. Available balance and transaction history.

 Warranty of life insurance, non-life insurance, etc. Usage limit information, transfer limit amount, various setting condition information that permits or disallows financial transaction processing.

 (7) Key data

 Open / close locks, switch ON / OFF, entrance / exit (entrance / exit) consent 'Deny, accept processing progress · Deny, accept service start · Denial information etc.

 (8) Activity data

 Information on the daily activities of registrants recognized by the sub-server group and the aggregation terminal 150, etc., information on the places visited, information on the call's email status, purchased product name, service name, etc., and history information.

 (9) Immigration data

 Immigration information by visiting immigration offices, visiting travel destination information, and history information.

 (10) Reserved seat data

 Information on reserved seats and tickets for transportation such as airplanes, trains, buses, etc., information on tickets for concerts, movie theaters, etc., and dates and places that occur in daily life such as restaurant and hotel reservations Information related to the action to be reserved and history information.

 (11) Medical data

 Medical record information, medication information, examination information, medical examination information, physical information, rehabilitation information, daily physical measurement information, medical consultation content information, and history information.

 (12) Movement information

 Includes the following 4 points of information

 1. Spatial information (including terminal identification ID and identification number assigned to the terminal)

 2.Personal identification ID of the person to be authenticated

 3. Time information indicating the time when authentication was performed, or time information indicating the time when personal information (such as biometrics information) was read / input

 4. Information indicating that it is "authenticated" as a result of real authentication

(13) Other data Other information whose classification destination is difficult to determine.

 Since this authentication system is aimed mainly at supporting human life in general, the scope of data is not limited to the listed items!

[0052] (Concept of real authentication)

 When verifying the existence of a registrant, the authentication system specifically performs the following two processes:

Five.

 First, in the first verification process, each terminal reads the read or input information and the authentication system.

 The identity of the registered person is verified by judging whether the existing personal information stored in the database is identical or within the threshold.

 In the second verification process, each terminal matches the newly read / input information with the existing personal information stored in the authentication system database in two points: spatial information and temporal information. Judgment whether or not it has a sex!

[0053] In this second verification process, each terminal reads and inputs the timing and position of personal information (biometric information, etc.) for identifying an individual, the purpose of use of each terminal, Accumulate travel prediction time, etc., and verify it.

 For example, if personal authentication is performed using vein information in Marunouchi, Chiyoda-ku, Tokyo at 9:00, a request for personal authentication based on iris information will be made at the Kyoto station premises at 9:10. This is not possible, and it is judged that the time information and the spatial information are inconsistent, and authentication is not performed.

 In addition, if it is recognized in the authentication system that you have boarded an airplane from Haneda Airport at 8:00, a request for personal authentication will be made in Chiyoda-ku, Tokyo at 8:10. It is judged that there is a mismatch between the terminal purpose indicating entrance and the spatial information, and authentication is not performed. In the specific processing of the second verification, since each terminal of the authentication system stores its installation position information, the time required for movement between each terminal can be calculated.

For example, in the above example, the time required to travel from Marunouchi, Chiyoda-ku, Tokyo to Kyoto Station is calculated from multiple stations in the Marunouchi area, which is the movement start terminal, to Kyoto Station, where the terminal at the end of movement is located. Search for the means of transportation and the shortest by available transportation The estimated travel time is calculated by adding the time required to travel the distance from each terminal to the boarding station.

 Each terminal reads / enters personal information at the terminal that made the personal authentication request (in Kyoto Station), and when it read / entered the personal information at the previous authentication request terminal (Marunouchi, Chiyoda-ku, Tokyo) If it is earlier than the estimated arrival time with the estimated movement time, it is determined as an abnormal value, and it is determined that the personal information read / input newly requested for personal authentication is invalid.

 In addition, when you make a reservation for an air ticket or a designated ticket by reading / entering personal information, the transit time of each terminal can be predicted, so the transit time and the reading / You may compare with input time.

[0054] In this authentication system, personal information is collected over a wide range by various terminals and sensors scattered in the real space, and the collected information is regarded as a single flow. Next, if the information is compared with the information before and after the information, there is no contradiction when considering the situation where space, time, and registrant exist (placed V)! It is possible to verify and judge the existence of a person.

 Compared to the information to be compared immediately before use for comparison verification and newly created information to be compared, the distance between the spatial information and the time information included in the mutual information is short! To do.

 Therefore, in order to refine the spatial information, it is set to create comparison target information each time the space (unit) moves, and to set the time difference of the information to be compared within a certain time (for example, 5 minutes). May be. As a result, if the setting condition is not met, notice information indicating that condition or information requesting the start of continuous authentication by creating movement related information may be notified.

[0055] (Unit concept)

In order to recognize the human physical existence space, one sub-server group terminal or aggregation-side terminal 150 and one or more end-side terminals 160 or sub-server group terminals or aggregation-side terminals 150 managed by the terminal A unit space is defined as “unit”, and a certain space is specified. In this case, “terminal of the same unit” means terminals under the control of the same terminal. “Knit terminal” refers to terminals under the control of different terminals. The unit composed of the terminal terminal 160A installed in the conference room and the building terminal 110A, which is the management terminal, is referred to as “building terminal 110A unit” and indicates the conference room space.

 The unit composed of the terminal 160B at the terminal and the building terminal 110B, which is the management terminal, is referred to as “building terminal 110B unit” and indicates the office space.

 The aggregation-side terminal 150 forms an “aggregation-side terminal 150 unit” by managing the building-side terminals 110A and 110B, and shows the entire building as one space.

 In this authentication system, the space where individuals are mainly present, such as home, is defined as “main unit”, and the space where work is frequently performed, such as school, is defined as “sub unit”.

 Terminal-side terminals are beginning to be attached to various articles, such as buildings, structures, etc., rooms, aircraft, vehicles, automobiles, trunks, boxes, tents, capsules, lockers, mobile phone base stations, park sites Among them, a certain space such as a proximity space of various devices such as ATMs or registers, a desk and a seat, a bed, etc. can be recognized as a “unit”.

[0056] (Concept of movement information)

 Human behavior can be recognized and compared as a series of movements between “units”

Yes

 At this time, in order to exchange movement recognition between “units”, “movement information” is used as common information, and this authentication system verifies the continuity of this “movement information”. It is characterized by performing personal authentication.

[0057] The above-mentioned movement information includes the movement-derived information listed in the following (1) to (26), and is classified into four categories (S movement information, A movement information, hereinafter) according to the degree of authentication accuracy and the content of the information. B movement information and C movement information). During strict operation, the S move information immediately before and at the time of requesting authentication is compared with each other to make the registrant's real authentication judgment. However, when operation is permitted to reduce authentication accuracy, A move information can be added as comparison target information. Admit. In addition, personal authentication, permission to use personal information, provision of various services using an authentication system, etc. are collectively referred to as an authentication service.

[0058] (S movement information)

S Movement information is movement derivative information used to perform registrant authentication precisely. is there.

 (1) Movement start information

 Information that includes information indicating that the unit seeking authentication service moves from the current unit to the movement information.

 (2) Movement stop information

 Information obtained by adding information indicating that the unit requiring the authentication service has stopped moving or information indicating presence information of the registrant to the movement information.

 (3) Movement advance notice information

 Information in which movement information is added to information notifying that there is a possibility (planned) that a unit seeking authentication service may move to a specific unit.

 This information indicates the registrant's future travel schedule, and each terminal in the unit to which the terminal receiving this information belongs can make advance preparations for future authentication processing.

 (4) Movement related information

 Information indicating any of movement start information, movement stop information, and movement advance notice information.

 (5) Movement notification information

 Information notifying that the action based on the movement notice information has started.

 (6) Other unit move completion information

 Information obtained by adding movement information to the information indicating that the unit requiring personal authentication service from another unit has been moved.

 (A movement information)

 A movement information is movement derivative information used to assist the registrant's authentication continuity.

 (7) Video presence information

 Information on the result of processing performed by the terminal that received the verification request information for verifying whether or not the registrant exists in the stored video.

 Time information when the registrant was photographed, and terminal ID indicating the photographing terminal or sub server group to be managed

Information indicating that an individual is present in the captured video and the request included in the verification request information This is information combined with a number, including the case where the personal identification ID of the registrant is added.

 (8) Communication presence information

 Information obtained as a result of processing performed by the terminal that received the verification request information for verifying whether or not the registrant exists in the stored communication record.

 A mobile phone number (including an IMUI number that identifies a mobile phone, an authentication key, an e-mail address, etc.) or an identification ID that identifies a mobile communication device or mobile information terminal (hereinafter referred to as a mobile phone) and a mobile phone Included in the verification request information is the time information that the base station communicated with, the terminal identification ID that indicates the communication base station side terminal that communicated, the information that the communication record between the mobile phone and the communication base station existed This information is combined with the request number and includes the case where the personal identification ID of the registrant is added.

 (9) Movement estimation information

 Information that collectively refers to video presence information and communication presence information.

 (10) Movement recognition information

 Information indicating that video presence information and communication presence information, video presence information and mobile radio wave recognition information or GPS recognition information or tag recognition information, biometrics recognition information and communication presence information are established simultaneously by the verification process.

 (11) Mobile radio wave recognition information

 Time information when receiving (communication) radio waves, terminal identification ID (for example, mobile phone base station) that received (communication) radio waves, and personal information indicating the registrant (mobile phone number, personal identification ID, radio wave transmission terminal Information including identification ID, etc.).

 (12) GPS recognition information

 This is a combination of the time information received from the artificial satellite, the terminal identification ID of the GPS function-equipped device owned by the registrant, and the measured or calculated position information, and this is the personal identification ID of the registrant. Including the case where is added.

 (13) Tag recognition information

This is information that combines communication or reading time information such as electronic tags, terminal identification IDs (mainly GPS measurement device IDs) possessed by the registrant, and recognized spatial information. This includes cases where an identification ID is added. (14) Biometrics recognition information

 This is information that combines the reading or input time information of the nanometric information, the terminal identification ID that has been read or input, and the personal information (for example, face information) that has been read or input, and this is the information of the registrant. This includes cases where a personal identification ID is added.

 (15) Estimated presence information

 Information that collectively refers to mobile radio wave recognition information, GPS recognition information, tag recognition information, and biometrics recognition information.

 (16) Presence notification information

 (1) to (; 15) Information that combines spatial information, time information, and personal identification ID converted to the ID of the recipient.

 In the presence notification information 1, the information on which the creation is based is S movement information.

 In the presence notification information 2, the information on which the creation is based is A movement information.

 (17) Information to be compared

 Collective name for S movement information and A movement information

[0060] (B movement information)

 The B movement information is movement derivative information used to assist each terminal in executing an authentication service using the S movement information or the A movement information.

 (18) Usage notice information

 Information indicating that when a terminal recognizes that a registrant exists in its unit space, the registrant may request a personal authentication service from other terminals in the unit. Each terminal of the unit that has received the usage notice information refers to its own search DB and searches for the registrant in advance! /, And prepares for subsequent authentication processing.

 (19) Availability information

 Because it is recognized that there is a registrant in the unit space! /, Na! /, There is a possibility that the registrant will request authentication service in the unit. Information indicating the effect.

[0061] (C movement information)

C Movement information is movement derivative information used for the safe operation of the authentication system. (20) Permit information

 Information that allows each terminal to provide authentication services to registered users.

 (21) Sub movement start information

 Information that each terminal estimates that no registrant exists in its unit space! /, (Moved). After this information is created, if there is a registrant authentication service request in the unit, alarm information is sent to each terminal.

 (22) Sub movement stop information

 Information that each terminal estimates that a registrant exists in its own unit space.

 After this information is created, if there is a request for authentication service of a registrant outside the unit, alarm information is sent to each terminal.

 (23) Warning information

 Information indicating that the request for an authentication service is abnormal.

 (24) System usage suspension information

 Information that executes processing to stop using the system, recognizing that the request is an abnormal situation when an authentication service is requested.

 (25) Verification request information

 Verification process instruction information sent to each terminal to create video presence information and communication presence information.

 The verification request information 1 is a request for verification processing whether the registrant's personal identification ID and face information, time information of the estimated presence information, and whether the registrant exists in the video shot in the management unit of each sub server group terminal Information combining information and request number.

The verification request information 2 includes the registrant's personal identification ID and mobile phone number, time information of the video confirmation information, and the registrant in the management unit of each sub-server group terminal, such as radio communication of the mobile phone, GPS measurement, etc. Information that requests verification of whether or not the request has been made and the request number. The verification request information 3 includes the registrant's personal identification ID, time information of the movement-related information, information for requesting verification processing whether the registrant exists in the video shot in the management unit of each sub-server group terminal, Information combined with the request number. The verification request information 4 includes a registrant's personal identification ID, time information of movement-related information, and verification processing that the registrant has performed radio wave communication, GPS measurement, etc. of a mobile phone in the management unit of each sub-server group terminal. Information that combines the request number and the request number.

 (26) Video confirmation information

 Personal identification ID of the registrant, time information when the registrant was photographed, photographing terminal identification ID, and information indicating that the registrant was photographed (existing)

[0062] (Effect of movement information, authentication system usage control linked to movement information)

 The movement start information is information that is created when the registrant recognizes that the unit has moved from the unit that existed (exists outside the unit), and after this information is created, it is created in the unit that existed before the movement started. The process for requesting the registrant's authentication service is determined to be “abnormal”, and warning information or system use stop information is sent to the terminal that requested the authentication service and each terminal.

 Movement stop information is information that is created because the registrant recognizes that it exists in the unit (it does not exist outside the unit! /,). After this information is created, the unit that exists after the movement is completed The processing for requesting the registrant's authentication service from the outside unit is judged as “abnormal”, and the warning information or the system use stop information is transmitted to the terminal that requested the authentication service and each terminal.

 In addition, the movement stop information enables transmission of advance notice information to each terminal in the unit, and permission and provision of various authentication services in the unit.

 Note that the same system control effect may be achieved even when the existence or movement of the registrant is recognized or estimated (hereinafter referred to as estimation recognition) using the A movement information.

[0063] (Individual credit rating)

 The registrant's history information, reality, and system usage status will be digitized to make the registrant's creditworthiness recognizable. As a result, it is possible to determine the range of authentication services provided and the authentication method required by the system at the time of authentication based on the reliability value.

[0064] The real rate, which is an index representing the authenticity of realism, is calculated using one of the following formulas:! To 5

(Formula 1) Reality rate (%) = 1 Risk probability (Formula 2) Reality rate (%) = Risk rate consideration points ÷ Reality points X 100

 (Formula 3) Reality rate (%) = Credit evaluation factor ÷ Real points X 100

 (Formula 4) Reality rate (%) = total mining rate ÷ number of mining rates used for addition

 (Equation 5) Multiply the actual rate calculated by Equations 1 to 3 by the actual rate calculated by Equation 4 to calculate each actual rate.

 Real ratio (%) = (Real ratio calculated by Formula 1 to Formula 3) X (Real ratio calculated by Formula 4)

[0065] For each piece of personal information registered in the personal authentication system, a score is determined based on the reliability, uniqueness, quantity, etc. of the registered information. Multiply this score by the number of points or evaluation rate that takes into account the elapsed time from the time of registration, the expiration date, the verification result, and the elapsed time from the time of verification, to calculate the number of points acquired, and to calculate the actual number as the total. .

 In addition, the basic score is calculated by multiplying the score obtained by the index (1 risk rate) reflecting the risk factor of fraud, and the risk rate consideration score is calculated as the total.

 Credit assessment consideration points are multiplied by the credit score (highest value is 1, lowest value is 0) of the issuing agency such as the person or group who proved the registrant's existence, identification card, etc. The total number of points calculated in this step is summed up to calculate the credit evaluation consideration score.

 The mining rate is calculated according to the degree to which the behavior pattern of a recent certain period matches the behavior pattern of a registrant in the past certain period.

 Verification base mining rate = number of corresponding pattern actions during a certain period in the past ÷ number of days in a certain period

 Target mining rate = Number of corresponding pattern actions during the most recent period ÷ Number of days in the most recent period

 Mining rate (%) = Target mining rate ÷ Verification base mining rate

[0066] The creditworthiness is creditworthiness 1 and creditworthiness 2 calculated by the following two formulas.

 The system usage status is quantified by credit rating 1, and the overall credibility of registrants is quantified by credit score 2.

[0067] (Formula) Credit rating 1 = Initial setting score + Credit addition score 1 Credit loss score

Credit score = total credit score + non-violating period score Credit addition points = occurrence X degree of involvement X achievement X validity period

 Credit loss points = total credit loss points

 Credit loss point = (credit loss point 1 + credit loss point 2) X designated field

 Credit Loss Point 1 = Items to be Discovered X Degree of Engagement X Human Life Influence X Person Influence Factor X Elapsed Period

 Loss of credit 2 = Discovered matters

 The initial set score is a numerical value that is set uniformly for all the users when the authentication system starts to be used. The credit addition score is a numerical value given by evaluating the usage period without violation, achievements related to the construction and operation of authentication systems, labor related to detection and prevention of unauthorized use, etc.

 The credit loss score is a value that is deducted in the case of a fraudulent act stipulated by the authentication system, and is not related to the criminal penalties stipulated in the criminal law established by each country.

 Fig. 2 (a) is a diagram showing an example of the entire contents of the credit scoring table, and Fig. 2 (b) is a diagram showing an example of detailed contents. Credit scoring charts show the matters that have occurred or discovered, the degree to which they are involved, the degree of achievement to the system and society, the degree to which human lives are concerned, the approximate number of people affected or the number of people expected to be affected, Estimated economic loss, effective period for systems and society, elapsed time since fraudulent activity was discovered or announced, designated fields (fields that affect human life, social infrastructure), non-violating system usage period, etc. It is possible to register the provisions of, warning information indicating the occurrence of new scoring, etc. In addition, a table that replaces each item with a numerical value is prepared, and the contents are always published and updated.

[Formula] Credit Rating 2 = Credit Rating 1 Rating + Reality Rating + Credit Rating Consideration Rating

 Credit rating 2 is calculated by comparing the numerical value calculated with credit rating 1, actual ratio, and credit evaluation consideration points with a table that sets the score for each numerical value by relative evaluation or absolute evaluation. As a result, the authentication system is used legitimately and the frequency of use is high, and a person with a lot of registered personal information realizes a mechanism that obtains higher reliability.

[0069] <First embodiment>

 (Basic principle of mobile information authentication using biometric information)

FIG. 3 shows that in the first embodiment of the present invention, the registrant leaves the home and reaches the hospital. 5 is a sequence chart showing a basic operation example of an authentication system using biometric information based on processing until wearing.

 When the registrant leaves the home, personal information (for example, fingerprint information) is read by the terminal terminal 160A installed at the entrance door (step S1), and the reading time and reading location are read by the terminal terminal 160A. Send certain information to the building-side terminal 110A (step S2)

Yes

 The building-side terminal 110A compares and compares the received personal information, time information, spatial information, and registration information in its own database (Step S3). In S4), the information indicating that the user has moved is attached to the movement information (in the following, movement start information) and transmitted to the authentication server 10 (step S5).

 The authentication server 10 compares the movement information immediately before the registrant stored in its own machine with the movement information received in step S5 to determine the existence (step S6). Recognize that it has moved from the OA space and does not exist in the space (step S7).

 Subsequently, the registrant arrives at the nearest station, reads personal information (for example, face information) with the terminal 160B installed at the ticket gate (step S8), and also reads the reading time and the reading time. Information indicating that the location is the terminal 160B is transmitted to the organization terminal 120A (step S9).

 The organization side terminal 120A performs the same processing as steps S3 to S4 (steps S8 to S9), and appends information indicating that it has not moved to the movement information (hereinafter referred to as movement stop information) to the authentication server. (Step S12).

 Here, the authentication server 10 compares and compares the movement information (movement start information) received from the building-side terminal 110A and the movement information (movement stop information) received from the organization-side terminal 120A. Judge the spatial continuity (step S13). As a result, if consistency is obtained, the registrant recognizes that the registrant actually exists in the station (step S14), and transmits permission information to the organization side terminal 120A (step S15).

The organization-side terminal 120A that has received the permission information opens a ticket gate for the registrant and provides services such as boarding and electronic money on the premises (step S16). Similarly, when the registrant arrives at the hospital, the terminal 160C installed at the entrance door performs the same processing as steps S8 to S9 (steps S17 to S18), and the building terminal 110B performs step S10. Processes similar to S12 are performed (Steps S19 to S21).

 The authentication server compares and matches the movement information (movement stop information) received from the organization-side terminal 120A in its own machine with the movement information (movement stop information) received from the building-side terminal 110B.

 Determine spatial-spatial continuity (step S22). As a result, if consistency is obtained, the registrant recognizes that the registrant actually exists in the hospital building (step S23), and transmits permission information to the building-side terminal 110B (step S24).

 The building-side terminal 120B that has received the permission information provides services such as a new entry and review of the registrant's electronic medical record and a settlement within the medical fee authentication system (step S25).

[0071] (Variation 1 Use of advance notice information)

 For example, when an action pattern exists by data mining technology or when an action schedule is determined, a unit that exists or passes can be inferred, and movement advance notice information is transmitted to the inferred unit.

 In the first embodiment, the building-side terminal 110A creates movement advance notice information in addition to the movement information created in step S4 (step S4), and sends it to the organization-side terminal 120A along with the transmission in step S5. Send (step S5). Instead of the authentication process in steps S10 to S15, the organization side terminal 120A compares the time advancement information and the information received in step S9 with the time information and the spatial information, and performs the authentication process. As a result, the organization side terminal 120A can perform the function of the authentication server 10.

[Modification 2 Use of Induction Electronic Recording Medium]

Since the organization-side terminal 120A and the authentication server 10 store a large amount of personal information, it takes time to retrieve the personal information and movement information of the registrant and perform the authentication process. To compensate for this vulnerability, registrants use “guided electronic recording media” and record inclusions to establish sub-server group terminals and authentication services that mainly store registrants' personal information and mobile information. Connect the requested terminal on the network to assist in obtaining information necessary for real authentication. “Induction electronic recording medium” refers to an electronic recording medium such as an IC chip or an electronic tag. For example, the power incorporated in a portable information device such as an IC card, a PDA, a ubiquitous communicator or a mobile phone, Embedded in the human body. In the electronic recording medium, the personal identification ID of the registrant and the terminal identification ID of the sub server group terminal that manages the main unit or subunit of the registrant and the related authentication server are written. In addition to the storage medium storage ID!

 When requesting the authentication service, the personal information for authentication and the ID stored in the recording medium are read to the sub-server group terminals that manage the main unit, etc. via the network. Enables inquiries and requests for personal information, etc., facilitates coordination of movement information within the authentication system, and improves the efficiency of authentication processing.

 [0073] (Modification 3 Authentication using estimated presence information)

 In the basic principle of the first embodiment, the registrant is authenticated by the movement related information. However, since the movement-related information is mainly created when a registrant requests an authentication service, if the number of requests for the authentication service is small, the spatial information and time information included in the movement-related information to be compared There is a concern that the accuracy of authenticity may be reduced because the interval becomes large and the integrity of information can be easily secured.

 To compensate for this vulnerability, we automatically create estimated presence information regardless of the intentional behavior of the registrant, refine information linkage that compensates for gaps between movement-related information, and It is possible to provide a simple authentication service by comparison and maintain the accuracy of the authentication system.

 [0074] (Cellular wave recognition information)

 Mobile radio wave recognition information that estimates the existence of a registrant using a mobile phone, a mobile information device, etc. (hereinafter referred to as a mobile phone) and an antenna will be described. In addition, radio antennas such as antennas may be operated as a single device in conjunction with a plurality of antenna devices (terminal-side terminal 160). In addition, the registrant shall be personally authenticated at the time of application and receipt of the mobile phone, and then possess it properly.

In this case, when the registrant leaves home, he / she will have a mobile phone (Terminal terminal 160) automatically communicates with an antenna or the like (regional management side terminal 130) (step S1), and information specifying the terminal side terminal 160 such as a mobile phone number is recognized by the regional management side terminal 130 ( Step S2).

 The regional management side terminal 130 creates mobile radio wave recognition information based on the communicable space, mobile phone number, etc. supported by the antenna that communicated (step S3), and the organization of the mobile phone company that manages the regional management side terminal 130 Transmit to terminal 120 (step S4).

 The organization side terminal 120 converts the mobile phone number of the received mobile radio wave recognition information into a personal identification ID and transmits it to the authentication server 10 (step S5), and the authentication server 10 stores the registrant stored in its own device. Compares the previous movement information with the mobile radio wave recognition information received in step S5 to determine the existence (step S6), and the registrant presumes that the region management side terminal 130 exists in a space where communication is possible. (Step S7).

[0075] (GPS recognition information)

 This section describes GPS recognition information that estimates the existence of registrants using GPS-equipped devices and satellites. The registrant shall be personally authenticated at the time of application and receipt of a device with a GPS function, and shall then be legitimately held.

 In this case, when the registrant leaves home, the device with GPS function (terminal terminal 160) automatically communicates with the satellite (regional management terminal 130) at the entrance door (step SI), and the G PS Information specifying the terminal-side terminal 160, which is the terminal identification ID of the function-equipped device, is recognized by the regional management-side terminal 130 (including the satellite management organization) (step S2).

 The regional management side terminal 130 creates GPS recognition information based on the measured or calculated location information and terminal identification ID (step S3), and the organization of the management organization that manages the regional management side terminal 130 or the organization that provides the GPS service. It transmits to the side terminal 120 (step S4).

 The organization-side terminal 120 converts the terminal identification ID of the GPS function-equipped device in the received GPS recognition information into a personal identification ID and transmits it to the authentication server 10 (step S5), and the authentication server 10 stores it in its own device. Compare the movement information immediately before the registered user with the GPS recognition information received in step S5 to determine the existence (step S6), and the registered user is present at the position measured or calculated by the regional management terminal 130. It is estimated to recognize (step S7).

[0076] (Tag recognition information) We will explain GPS recognition information that estimates the existence of a registrant using information communication equipment, electronic tags, etc. and IC chips (including internal chips). Spatial information is mainly recognized by the following two methods. The

 In the first method, information communication devices and readers such as electronic tags (including IC chips) possessed by registrants have location information installed (embedded) in real space (access to servers and terminals with spatial information). Spatial information is the information obtained through communication with electronic tags (including information for communication).

 In the second method, the stored information power of electronic tags, etc. (including information communication equipment and cards equipped with electronic tags, etc.) possessed by the registrant is read by reading equipment such as electronic tags installed or incorporated in real space. In this case, the installation position information on the reading device side is used as spatial information.

Yes

 In this case, when the registrant leaves the home, the electronic tag (terminal terminal 160A) possessed by the entrance door automatically communicates with the electronic tag reader (terminal terminal 160B) installed on the door. (Step S1), the information identifying the terminal 160A on the terminal side such as the card number is recognized by the terminal 16OB on the terminal side (Step S2).

 Terminal-side terminal 160B creates tag recognition information based on the communicable space, card number, etc. supported by the electronic tag reader (step S3), and transmits it to the building-side terminal 110 at home that manages terminal-side terminal 160B (Step S4).

 The building-side terminal 110 converts the card number of the received tag recognition information into a personal identification ID and sends it to the authentication server 10 (step S5). The authentication server 10 immediately before the registrant stored in its own device. Is compared to the tag recognition information received in step S5 to determine the existence.

 (Step S6), the registrant presumes and recognizes that the end-side terminal 160B actually exists in a communicable space (Step S7).

 (Biometrics recognition information)

 Biometrics recognition information that estimates the existence of the registrant by using the metric information unique to the registrant (especially face information, veins, iris information, and how to walk) will be explained.

The biometrics information used in this information is the face information captured by street surveillance cameras, This refers to vein information, iris information, etc. automatically read by a reading device installed at the entrance / exit, and is distinguished from information read (input) by the intentional operation of the registrant as in the first embodiment.

 In this case, when the registrant leaves home, the camera, etc. (terminal terminal 160) installed on the telephone pole in front of the home shoots the face of the registrant (step S1), and the captured video is the terminal of the device. The identification ID and the like are transmitted to the regional management side terminal 130 (step S2). The regional management-side terminal 130 identifies the registrant based on the received video (step S3), further creates the metric measurement recognition information (step S4), and transmits it to the authentication server 10 (step S5).

 The authentication server 10 compares the movement information immediately before the registrant stored in its own device with the biometrics recognition information received in step S5 to determine the existence (step S6). It is estimated and recognized that the terminal 160 is actually present in the space that can be photographed (step S7).

 <Second Embodiment>

 (Create movement estimation information and movement recognition information)

 FIG. 4 shows an operation of creating movement estimation information and movement recognition information by linking estimated presence information with images and communication status recorded by a camera or an antenna in the second embodiment of the present invention. It is a sequence chart which shows an example.

 As shown in Fig. 5 (a), the space for communication between the mobile phone (terminal terminal 160A) and the antenna (regional management terminal 130A) has overlapping video shooting spaces for multiple cameras. Fig. 5 (b) is a diagram showing an example of the configuration of terminals such as antennas and cameras installed in society. Cameras etc. exist in the communication space of mobile phones surrounded by dotted lines.

[0079] (Creation of movement recognition information from mobile radio wave recognition information)

Upon receiving the mobile radio wave recognition information from the organization-side terminal 120A, the authentication server 10A performs estimation recognition of the registrant's real space through the processing of steps S6 to S7 in the first embodiment, and then communicates Search for the authentication server 10 that manages the unit existing in the server (step S51), and if the corresponding authentication server exists (in this case, the authentication server 10B), create verification request information 1 based on the charged wave recognition information (Step S52) and send (Step S53).

 In order to facilitate the search, each terminal may investigate the installation status of the camera or the like in the unit managed by itself and register the installation and shooting space information in advance.

 The authentication server 10B searches the sub server group that manages the unit existing in the communicable space based on the received verification request information 1 (step S54), and if the corresponding sub server group exists (here, The building-side terminal 110A) transmits verification request information 1 (step S55). The terminal 110A on the building side always receives and stores the video taken by the terminal 160A on the terminal side. When the verification request information 1 is received, the face information of the registrant is received from the personal folder by the personal identification ID in the video. Extract (step S56), and verify whether it exists in the stored video (step S57). At this time, the video to be verified is a range shot in a certain time zone based on the time information of the verification request information 1.

 As a result, if there is a registrant in the video, video shooting information is created (step S58), and transmitted to the authentication server 10A that is the request source via the authentication server 10B (step S59). The authentication server 10A compares the mobile radio wave recognition information stored in its own device with the video shooting information to determine whether the spatial information and time information are consistent (step S60). Recognition information is created and stored (step S61). After that, the authentication server 1 OA

 Then, the movement recognition information is transmitted to the authentication server 10B (step S62), and as a result, the authentication server 10B also presumes and recognizes the registration of the information within the device and the existence of the registrant (steps S63 and S64). Note that the personal identification ID and spatial information of the verification request information 1 may be converted into a unique personal identification ID and installation position information of each terminal during the processing of step S55 or S56. If face information does not exist in the process of step S56, the authentication server 10A or 10B is requested to transmit face information, and the face information is acquired.

This authentication system verifies that both personal identities that can be separated from the registrant, such as mobile phones, and personal information that is inseparable from the registrant, such as face information, exist at the same time in the same space. Strengthen personal authentication accuracy. As a result, vulnerabilities of a single personal authentication method, such as unauthorized use when face information is copied in advance when a person other than the registrant possesses a mobile phone, are prevented. It is also possible to analyze the communication status with a plurality of antennas, etc., narrow down the space where mobile phones exist, and implement the verification limited space.

[0081] (Variation 1 Generation of neurometric recognition information and creation of movement recognition information)

 Upon receiving the biometrics recognition information from the building-side terminal 110A, the authentication server 10B searches for the authentication server 10 that manages the units existing in the video shooting space after performing the estimated recognition of the registrant's real space. (Step S51) When the corresponding authentication server exists (here, the authentication server 10A) creates verification request information 2 based on the biometrics recognition information (Step S52) and transmits it (Step S53). In order to facilitate the search, each terminal investigates the installation status of antennas, etc. in the unit managed by its own device, registers the installation and communication space information in advance, and verifies the verification request information. The mobile phone number may be extracted from the personal identification ID at the time of creation of 2, and the telephone company to be used may be specified.

 The authentication server 10A searches the sub server group that manages the unit existing in the video shooting space based on the received verification request information 2 (step S54), and if the corresponding sub server group exists (here, The organization side terminal 120A) transmits the verification request information 2 (step S55). The organization side terminal 120A always receives and stores the communication history of the end side terminal 160B. Upon receipt of the verification request information 2, the organization side terminal 120A extracts the mobile phone number of the registrant from the personal folder by using the personal identification ID therein. (Step S56), a verification process is performed to check whether it exists in the update history (Step S57). At this time, the communication history to be verified is a range shot in a certain time zone based on the time information of the verification request information 2.

 If there is a registrant in the communication history, communication presence information is created (step S58), and sent to the requesting authentication server 10B via the authentication server 1 OA (step S59). The authentication server 10B compares the biometrics recognition information stored in its own device with the communication presence information to determine whether the spatial information and time information are consistent (step S60). Creates and stores movement recognition information (step S61). Thereafter, the authentication server 1OB sends the movement recognition information to the authentication server 10A (step S62), and as a result, the authentication server 10A also presumes and recognizes the registration of the information in its own device and the existence of the registrant (step S63, S64)

Yes

[0082] (Variation 2 Verification of movement-related information) Even when movement-related information is created with no metric information, the vulnerability of impersonating a registrant by unauthorized operation cannot be completely prevented. Therefore, in order to compensate for this vulnerability, the authentication server 10 performs the same processing as the authentication method of the second embodiment by using the verification request information 3 and 4 when receiving the movement-related information. It is also possible to estimate and recognize the existence of registrants and verify their consistency with movement-related information.

 For the main operations, except that movement related information is received in step S51, verification request information 3 is used instead of verification request information 1, and verification request information 4 is used instead of verification request information 2. This is the same as in the second embodiment.

 As a result, when video presence information or communication presence information is received, the movement related information stored in the

 Compared with the information, it is determined whether there is consistency between the spatial information and the time information (step S60). If they match, the movement related information is stored as it is (step S61).

 [0083] (Variation 3 Video billing information and communication presence information simultaneous billing)

 For example, if the authentication service is not used after a certain period of time has passed since the registrant is recognized (estimated), it is uncertain whether the registrant still exists in the unit. It becomes. Therefore, in this case, the authentication server 10 and the sub server group simultaneously request the verification request information 1 or 3 and the verification request information 2 or 4 from each terminal concerned to obtain movement estimation information and movement recognition information. In this way, the existence of the registrant is confirmed.

 <Third Embodiment>

 (Cooperation of comparison target information)

 FIG. 6 is an operation example in which the comparison server information is transmitted to the terminal related to the registrant by the exchange server 20 and the mutually created comparison target information can be used for the authentication service in the third embodiment of the present invention. This is a sequence chart showing a mobile radio wave recognition information as an example.

In this embodiment, when comparison target information is created, each terminal creates a comparison target information terminal, a target terminal in the presence information notification table, and the possibility that a registrant will exist in the future via the exchange server 20. Presence notification information created based on information to be compared with a unit terminal, main unit (including sub-units) management terminal, terminal that wants to be notified of the registrant's presence space, etc. By transmitting, it is possible to smoothly use authentication services such as financial transactions, use of electronic money, access control, electronic device operation control, and identification.

 Authentication server 10A determines the consistency between the mobile radio wave recognition information, which is the latest comparison target information of the registrant, and the previous movement information. The latest mobile radio wave recognition information is transmitted to the exchange server 20 (Step S101). The exchange server 20 prepares the presence information notification table in advance in advance, and the registrant and the destination to which the presence notification information is to be distributed (in the following, The information delivery destination and delivery conditions are pre-registered by the relevant organization. The exchange server 20 searches the presence information notification table based on the personal identification ID of the received information, determines the presence or absence of delivery conditions by pre-registration (step S102), and if it is not registered, the presence information notification All notification destinations registered in the table are recognized as transmission destinations (step S103). On the other hand, if there is a registration, it is determined whether or not the current received information meets the delivery conditions by pre-registration (step S104). If not, all the notification destinations registered in the presence information notification table are listed. (Step S 105), if applicable, the designated individual transmission destination is recognized as the notification destination (step S 106).

 After that, the exchange server 20 converts the personal identification ID of the portable radio wave recognition information into the unique identification ID of each notification destination, and then creates presence notification information together with the spatial information and time information of the portable radio wave recognition information. After being registered in the information notification table (step S107), it is transmitted to each notification destination (step S108).

 Upon receiving the presence notification information, the authentication server 10A identifies the mobile radio wave recognition information transmitted in step S101 based on the registrant's personal identification ID, and determines that the spatial information matches the time information (step S 109), if they match, it is recognized that the processing in step S101 has been completed successfully (step S110). If there is a mismatch, steps S102 to S108 may be erroneous processing, so information indicating that is sent to the exchange server 20 for verification.

On the other hand, the authentication server 10B, the authentication server 10C, and the authentication server 10D store the received information in the own device, and estimate and recognize the space where the registrant exists, and then compare it with the registrant in the unit managed by the own device. Whether target information has been created! / Is searched (step S111). If it cannot be created, the presence notification information received in step S 111 is stored after a predetermined time (for example, If it is created (step SI12), it is compared with the received presence notification information, and the continuity of personal authentication is determined (step S113).

 As a result, if continuity is established, it is recognized that the registrant exists in the unit (step S 114). If continuity is inconsistent, the presence notification information and the unit managed by the own device are recognized. Notification abnormality information indicating that the comparison target information does not match is transmitted to the exchange server 20 (step S115). Upon receiving the notification abnormality information, the exchange server 20 stores it in its own device, extracts the transmission destination in step S108 (step S116), and transmits warning information (step S117). Each terminal stores the received warning information in its own device (step S118) and controls the authentication service for the registrant.

 Figure 7 (a) is a diagram showing an example of the contents of this presence information notification table. The personal identification ID of the registrant, the latest presence notification information, the creation destination and creation method of comparison target information, and each system It includes information such as a unique ID, terminal identification ID or notification destination that sends presence notification information, presence / absence of presence in each system, and registrant main unit information. Here, the common personal identification ID “001234” of registrants is displayed, and the ability to centrally manage distribution destinations based on this personal identification ID. Separate distribution destination information combining notification destinations and group settings between distribution destinations are performed separately.

 Fig. 7 (b) is a diagram showing an example of registering individual distribution destinations of presence notification information, and includes information such as distribution destination, notification reason, registration date, distribution conditions, etc. (c) shows the details of delivery conditions.

 For example, as shown in the diagram, the organization side terminal 120A that controls the door key of the registrant's work entrance / exit 1202A indicates that all presence notification information is distributed. It indicates that the presence notification information is distributed to the organization-side terminal 120B on the transportation side that controls the mouth when the registrant moves to a space (unit) around or near the unit managed by the organization-side terminal 120B. Circumstance R2 is registered.

 The notification conditions to be registered include the following (1) to (4) and combinations thereof as main examples.

 (1) In the case of existing in or outside the registered space and its surrounding space

 (2) —When approaching a certain space or away from a certain space

(3) When the registered notification time comes (4) When the notification time corresponds to the registration time interval

 The exchange server 20 may authenticate the registrant and recognize the existence space by comparing the registration information in the presence information notification table with the comparison target information and the presence notification information.

 [0087] (Variation 1 Notification to main unit and sub unit)

 In order to facilitate the acquisition of comparison target information within the authentication system, all presence notification information may be set to be transmitted to the registrant's main unit (including subunits). The authentication server 10E that manages the main unit compares and verifies the presence notification information received immediately before, the comparison target information in its own device, and the received information in step S108, and determines the continuity of personal authentication (step S 113). The subsequent processing is the same as in steps S114 and S115. The received presence notification information is stored for a certain period (for example, one week).

 [0088] (Variation 2 Transmission of non-target information)

 If comparison target information is not created during the processing of step S111, non-target information combining information indicating that it has not been created and the received presence notification information may be created and sent to the exchange server 20. When this information is received, the registrant is identified based on the presence notification information included, and the reception of the non-target information is registered in the presence information notification table. As a result, it is clarified that the registrant is not recognized in the system with non-target information registration.

 [0089] (Variation 3 Effect of notification abnormality information)

 Since the notification abnormality information is information that is created when the actual continuity is not established, the exchange server 20 uses the information that requires authentication based on the movement-related information or the movement-related information for subsequent use of the terminal. If there is no authentication, restriction information that prohibits the use of the terminal is automatically created and presence information is passed.

 It may be transmitted to the destination registered in the knowledge table. As a result, it is possible to prevent unauthorized use and impersonation of registrants' personal information and mobile phones.

[0090] (Variation 4 Creation of movement estimation information and movement recognition information via exchange server 20)

 The exchange server 20 creates verification instruction information in conjunction with the process of step S107 (step S107) and transmits it to the authentication servers 10A to 10E (step S108).

This verification instruction information is a combination of the three-stage process and the request number. As the first process, a terminal (unit) corresponding to the spatial information of the presence notification information is managed under the authentication server 10. Determine if it exists. As the second process, if the corresponding terminal exists, it is determined whether there is a face information reading device or a terminal that manages radio communication records in the unit managed by the corresponding terminal. As the third process, when there is a face information reader or a terminal that manages radio communication records, the time information of the presence notification information is recorded in the captured video or image (hereinafter referred to as video) or in the communication record. The verification server 10 verifies whether or not the registrant has been photographed or communicated within a certain time range based on the information and transmits the movement estimation information as the response information.The authentication server 10 receives the verification instruction information received after the determination of the second process. If the verification request information 1 to ₄ is created and transmitted to the corresponding terminal, the process according to steps S51 to S59 of the second embodiment is executed, and the movement estimation information is received as the verification result, the exchange server 20 Send to.

 The exchange server 20 compares the movement estimation information with the original comparison target information by the processing according to steps S59 to S60 of the second embodiment. Successful verification information is transmitted by combining the presence notification information in S107 and information indicating that the verification has been established.

 (Variation 5 Automatic notification 1 Specific person approach notification)

 When the presence information notification table recognizes the presence of the person A in the space within a certain range from the registrant's existence space, the presence notice information, which is information indicating that the person A exists in the neighborhood, is automatically added to the registrant. Registration of the distribution condition of notification. In this case, in the presence information notification table for person A, a condition that “every person A presence notification information is created is sent to the registrant presence information notification table or main unit management terminal” and the registrant presence information notification is sent. In the table or main unit management terminal, “When the presence notification information of person A is received, the presence space of person A is compared with the existence space of the latest registrant, and it is recognized that the space is the same or within a certain range. In this case, it is possible to make a judgment that links the presence space information of both parties.

Users include victims of criminal or civil cases, witnesses and perpetrators, stalker victims and strikers, bullying, domestic violence, divorce (including disputes before divorce), etc. This is a case where the reason for the notification request is justified in light of social conventions. [0092] (Variation 6 Automatic notification 2 Notification inside or outside specific area)

 If the registrant's presence information notification table or the main unit's management terminal is not in compliance with the registration conditions, `` spatial information indicating a certain area that is required to exist '' or `` spatial information indicating a certain area where entry is prohibited '' Automatically notify the registrant and related parties ”, and verify that the current existence space meets the registration condition each time the latest information for comparison of the registrant is created.

 An example of use is a prisoner who can recognize that he / she exists in a prison as a specific area, or that he / she performs labor or service activities in a certain area outside the prison. And notify the nearest police officer or prison officer. As a result, escape is difficult, prison walls and detention facilities are simple, and prisoners are prepared to reintegrate through specific labor training in society. Also. If it is defined that the suspect or prisoner is in a certain space from the police officer or police car, physical means such as handcuffs are not necessary.In addition, in crimes with a high recidivism rate or serious crimes, If it exists in a space that is likely to lead to re-offending later, it automatically notifies registrants and related parties, and has the effect of deterring re-offending.

 [0093] Services that provide location information of registrants using mobile phones, GPS functions, electronic tags, etc.

 However, since it is an independent service, it is possible to obtain fragmentary location information based on the space where radio waves do not reach and the number of readers installed, and discontinuity of location information and impersonation of registrants. There were vulnerabilities to enable, and inefficiencies in which each service always prepared for use.

 In this embodiment, the exchange server 20 is used to share information to be compared and a single authentication system in which individual services are merged. As a result, the existence space of the registrant is continuously grasped. In addition, the use of each service can be terminated or interrupted according to the registrant's behavior, so that efficiency can be improved and the accuracy of authentication can be improved.

In addition, the registrant can specify the delivery destination based on self-judgment, which Self-management of the destination to be recognized, and the information to be compared are transformed into presence notification information that matches the delivery destination, so that it is not possible to trace back from each service, and the privacy S of the registrant can be protected.

[0094] <Fourth embodiment>

 (Providing existence space information)

 Fig. 8 shows an example of the operation of the authentication system when providing the third party who requests browsing or notification of the spatial information and time information that the registrant exists or has existed in the fourth embodiment of the present invention. It is a sequence chart which shows.

 The registrant agrees in advance to provide information on the space and time that exists to a third party, and sets the level from the level that the other party provides without restriction to the level limited to a specific person using the authentication service. To do. Here, an example will be described in which parents and children use mobile phones.

 [0095] Upon receiving the child comparison information from the authentication server 10A, the exchange server 20 stores it in its own presence information notification table, and automatically distributes spatial information and time information to a third party. Verify registration (step S151), and if there is registration, extract personal identification ID, spatial information, and time information from the comparison target information to create location provision information (step S152) and send it to the distribution target terminal (Step S153). At this time, the exchange server 20 may convert the personal identification ID into a registrant name or a unique ID of the distribution destination.

 If there is no registration for automatic distribution, the guardian will receive personal authentication in accordance with the first or second embodiment, and will request the exchange server 20 to provide information. The parent / guardian automatically creates mobile radio wave recognition information using the mobile phone he / she owns (step S154). Then, the personal identification ID of the target person (child) (including the identification ID or telephone number of the mobile phone held by the child), information for requesting the location information of the target person, and the requester (guardian) ) And the comparison target information are created (step S155) and transmitted to the authentication server 10B via the organization side terminal 120B (step S156).

The authentication server 10B executes personal authentication processing based on the received information, and when authentication of the guardian is established, it creates location confirmation request information that combines the authentication result information and location confirmation information (step S157), and transmits it to the exchange server 20 (step S158). The exchange server 20 compares the received information with the registration conditions in the presence information notification table to determine whether information can be provided to the claimant (step S159). Location provision refusal information combined with information indicating that information provision is rejected is created (step S160), and transmitted to the authentication server 10B and the terminal terminal 160 (step S161).

 If the registration server satisfies the registration conditions, the exchange server 20 extracts the spatial information and time information included in the latest comparison target information and presence notification information of the target person (step S162), and then determines the personal identification ID of the target person. The combined location providing information is created (step S163) and transmitted to the authentication server 10B and the terminal terminal 160 (step S164).

 In the fourth embodiment, the power S described with the exchange server 20 as the distribution destination, the authentication server 10 and the sub server group similarly have the presence information notification table and perform the distribution process. The terminals may automatically perform distribution processing.

 (Automatic distribution destination of space and time information)

 In cases where the following (1) to (8) are applicable, it is permitted to provide information automatically from the social viewpoint without the personal authentication process of the claimant, and the delivery destination terminal, person, etc. are indicated in the presence information notification table. Register the applicable conditions. Note that with automatic delivery, if a third party is using the delivery destination terminal, the provided information may be obtained by a person other than the authorized claimant, and the delivery person may include the billing agent's agent. With consent! /.

 (1) Parents who want to obtain location information of children (minors)

 (2) Caregivers wishing to acquire location information of elderly and elderly people

 (3) Medical personnel or guardians who wish to obtain the location information of persons who are ill or being treated

(4) Immigration Bureau officials who wish to obtain information on the location of foreigners who have entered Japan for a specific purpose (such as attending school or working) or whose residence permit period has elapsed.

 (5) A probation officer or probation officer who wishes to obtain the position information of a person under probation

(6) Stakeholders who want to get information on the location of persons who are close to a specific person or who are legally prohibited from entering or leaving a specific space

(7) Judicial officials and police officials when it is necessary to obtain location information of persons who have been subjected to criminal actions with high recidivism or brutality (8) In addition, a third party in the case where notifying the contents of location information to a related third party in light of social conventions becomes a public interest or a third party benefit.

[0097] (Automatic processing condition of space 'time information)

 When the following (1) to (7) are applicable, the authentication system recognizes the existence of the registrant regardless of whether or not the registrant requests for personal authentication, and the comparison target information and presence Allows creation of notification information and automatic distribution processing. With this setting, related organizations and main unit management terminals can recognize the latest existence space of registrants and prevent unauthorized authentication processing.

 (1) When arriving and passing through a specific space, or when leaving from a specific space.

 For example, home unit, nearest station unit, visited unit, transportation unit, space where presence can be predicted, daily existence space, space where registrant has set automatic processing.

 (2) When it is a specific time.

 (3) When a certain period of time has elapsed since the recognition of (1) or (2).

 (4) When recognizing that the route is not expected.

 (5) Arrived or passed through the expected arrival space by the expected arrival time!

(6) When certain device operations are performed.

 For example, when a mobile phone is turned on, when an answering machine service is used, or when a call or e-mail is made to a specific contact.

 (7) When conditions are set that combine (1) to (6).

[0098] (Variation example 1 Automatic processing stop condition for space and time information)

 On the other hand, if the following (8) to (; 14) are met, the existence space of the registrant corresponds to privacy protection, so if the authentication system stops the search process to recognize the existence of the registrant, it exists. It is possible to set to automatically delete information that has been recognized.

 (8) When arriving and passing through a specific space, or when departing from a specific space.

 For example, toilet units, hospital units, non-daily existence spaces such as restaurants and travel destinations, and spaces where registrants prohibit automatic processing.

 (9) When it is a specific time.

(10) When a certain period of time has elapsed since the recognition of (8) or (9). (11) When recognizing that the route is not expected.

 (12) Arrived or passed into the expected arrival space by the expected arrival time! / ,!

 (13) When certain device operations are performed.

 For example, when a mobile phone is turned off or when a call or email is made to a specific contact.

 (14) When the condition setting combining (8) to (; 13) is made.

 <Fifth embodiment>

 (Various transaction control using information to be compared)

 (Processing of related organizations notified of information)

 FIG. 10 and FIG. 11 are sequence diagrams showing operation examples of information acceptance processing and authentication service provision processing performed by the related organizations to which the comparison target information is distributed in the fifth embodiment of the present invention.

 In this section, we will explain the personal authentication and terminal operations necessary for various related transactions, taking the example of a registrant going to the hospital from the workplace to receive a medical examination.

As shown in Fig. 9 (a), the end terminals 160A and 160B that read the face information of the entrance / exit at the entrance of the hospital, and the end terminals 160 0C that read the face information of the person in the waiting room in the hospital. Terminal terminal 160D that reads the iris information of the entrance / exit of the examination room, terminal terminal 160E that reads the iris information of the entrance / exit of the examination room, and the terminal terminal attached to the electronic money terminal at the accounting window 160F and a terminal 160G attached to the office terminal at the reception desk are installed. In addition, in the hospital, terminal terminals 160H and 1601 for viewing or inputting electronic medical records, terminal terminal 160J, which is an electronic money terminal equipped with registers, medical fee calculation functions, etc., and patient health A terminal terminal 160K, which is an office terminal that has insurance information acquisition or consultation reception processing and office processing functions, is installed. FIG. 9 (b) is a diagram showing an example of the terminal configuration of FIG. 9 (a). The authentication server 10A that manages the terminal in the hospital is connected to the terminal of the electronic medical record organization via the exchange server 20. Authentication server 10D that manages terminals of electronic money management companies, authentication server 10F that manages terminals of health insurance associations, and authentication server 10G that manages terminals of registrants Connected with. In addition, each authentication server 10 has clear linkage of processing. In this case, information may be directly exchanged without going through the exchange server 20.

 Each sub-server group performs authentication processing based on the read personal information of the terminal 160 managed by itself, and terminal terminal authentication services (various transactions) based on the received comparison target information and presence notification information. Control (allow, start, stop) the provision of The terminal 110A on the building side controls the opening and closing of the electronic lock at the entrance, the terminal 110B on the building side recognizes the presence unit of the person in the hospital and controls access, and the terminal 120A on the organization side controls the viewing and input of the electronic medical record. The organization side terminal 120B controls the use of electronic money, and the organization side terminal 120C controls the use of office equipment terminals.

 (Basic 1 When registrant is at work)

 When the exchange server 20 receives the comparison target information indicating that the registrant exists in the work unit from the authentication server 10G (step S201), the exchange server 20 performs the same process as steps S102 to S108 in the third embodiment. The presence notification information is transmitted to each authentication server 10 (steps S202 and S203).

 The authentication server 10A recognizes that the registrant does not exist in the hospital (step S205) by the process of step S111 of the third embodiment (step S204), and adds it to the subserver group managed by its own device. On the other hand, each subserver group or a terminal managed by the subserver group (mainly the terminal terminal 160) is combined with information for instructing to stop the personal identification ID and authentication service (hereinafter referred to as usage control information). Transmit (steps S206 and S207). As a result, it is impossible for a hospital to impersonate a registrant and use the system illegally.

Similarly, the authentication servers 10D to 10G recognize that the available space is a work unit (step S208), and each terminal managed by the device has a personal identification ID and an authentication service billing terminal. Creates permission information if the is a terminal in the work unit, and information that instructs the use control information to be sent if it is a terminal other than the work unit (hereinafter referred to as processing instruction information) (Step S209) and transmit (Step S210). A terminal that has received permission information, usage control information, and processing instruction information transmits the received information to a terminal managed by the terminal so that it can recognize the same process, or based on the personal identification ID. The personal folder of the registrant in the basic information DB and history information DB is extracted, and the received information is registered. You may record.

[0101] (Basic 2 When the registrant leaves the office)

 When the registrant starts moving, the authentication server 10G creates movement start information and sends it to the exchange server 20 (step S211). The exchange server 20 and each authentication server 10 perform the same processing as steps S202 to S210. Force S is performed (steps S214 to S222). Further, since the authentication server 10G recognizes that there is no registrant in its own unit from the movement start information, it creates usage control information (step S212) and adds it to the sub-server group managed by its own unit. The data is transmitted (step S213). As a result, it is impossible to impersonate a registrant both at work and in the hospital and use the system illegally.

 In addition, if the authentication server 10G power S and movement advance notice information are created and sent during the processing of step S211, each authentication server 10 creates availability information and sends it to the sub-server group managed by itself. It may encourage the preparation of authentication service processing when a registrant arrives.

 [0102] (Basic 3 When the registrant arrives at the hospital)

When the registrant arrives at the hospital, the terminal-side terminal 160A reads the face information and the building-side terminal 110A reads the movement stop information or biometrics recognition by the processing according to steps S17 to S23 of the first embodiment. Information is created, and the authentication server 10A verifies the continuity of authentication between the comparison target information created by the building-side terminal 110A and the presence notification information in step S215, so that the registrant exists in the hospital unit. Is recognized (step S223). Thereafter, the authentication server 10A transmits the movement stop information to the exchange server 20 (step S224), and the same processing as steps S202 to S203 and steps S208 to S210 is performed (steps S225 to S229). As a result, the registrant can use the authentication service inside the hospital and cannot impersonate the registrant outside the hospital to use the system illegally. Upon receiving the presence notification information from the exchange server 20, the authentication server 10A compares the information with the comparison target information and recognizes that the process of step S224 has been successful (step S230). Furthermore, usage notice information is created (step S231) and transmitted to the sub-server group managed by the own device (step S232). The sub-server group extracts the personal folder of the registrant in the basic information DB and history information DB in the machine based on the personal identification ID, and uses the received advance notice. When the information is registered, the previously registered usage control information is released, and the registrant can use each terminal (terminal operation, system access, unlocking, entry permission, financial transaction processing, etc.) and register. Encourage preparation when a person requests an authentication service.

 The authentication server 10A registers the personal identification ID of the registrant, the time information when the existence is recognized (including estimated recognition), and the presence recognition records such as terminal information in the presence recognition record table provided in the device itself.

 (Basic 4 Authentication service in hospital)

 When the registrant reads the vein information by the terminal 160G at the reception desk, the authentication server 10A performs continuity of authentication with step S223 by the process according to steps S17 and S23 of the first embodiment. When the registrant's existence space is recognized, permission information is sent to the organization side terminal 120C and building side terminal 110B that manage the existence space. Use notice information is transmitted to the group organization side terminal 120A 12 OB (step S 301).

 When the organization side terminal 120C sends the received permission information to the terminal side terminal 160K (step S302), the registrant can use it as a reception machine, and the desired authentication is performed based on the terminal usage purpose information. Service can be processed automatically (Step S303) Since the terminal 160K on the terminal side is a medical examination acceptance machine, the first is to provide the registrant's health insurance card information to the hospital side. Information is automatically sent to the authentication server 1 OA (step S304) for authentication, including the personal identification ID of the user, the terminal identification ID of the terminal terminal 160K, and the billing process (here, acquisition of health insurance card information). Server 10A is the latest comparison of this information! ¼

Information or information that has been successfully authenticated (step S305) and transmitted to the authentication server 10F managed by the health insurance association (step S306).

The authentication server 10F performs an authentication process based on the received information (step S307), recognizes the registrant's existence space (step S308), and requests the process (here, the health insurance card information is extracted and transmitted). To the end side through the authentication server 10A as response information Transmit to terminal 160K (step S309). As a result, the terminal 160K receives the health insurance card information (step S310), and the hospital acquires information such as the name of the registrant, the billing destination of the medical fee, the expiration date, etc., and uses it for paperwork.

 The second is to prepare for the use of electronic medical records that centrally manage the registrant's medical history and examination history. In accordance with the processing of steps S304 to S306, the authentication server 10D On the other hand, a process for prompting preparation of the electronic medical chart is automatically performed (steps S311 to S313). The authentication server 10D performs authentication in accordance with the processing of steps S307 to S308 (steps S314 to S315), and prepares for extraction and the like in preparation for the actual electronic medical chart usage charge (step S316).

 The authentication server 10A has been described by transmitting the billing information to the authentication server 10 that is the other party of the purpose of use. However, the request is transmitted to the exchange server 20, and the comparison target information is transmitted according to the third embodiment. The presence notification information may be sent after being converted from a personal identification ID to a unique ID.

 The automatic processing according to the purpose of use of the terminal 160 is explained as an example, but the registrant and the related parties input the contents of the request into the terminal, the input information, the personal identification ID of the registrant, and the terminal identification of the processing request terminal. Information combined with the ID may be transmitted.

 (Application 1 Authentication service in hospitals)

 When the terminal 160D on the door of the examination room is used, it is recognized that the terminal is in the examination room and the use permission information of the terminal 160H is obtained. Since the terminal 160H is a terminal for browsing or inputting electronic medical records, it can be used as terminal usage purpose information such as browsing or inputting electronic medical records, performing inspections, sending information on the contents of dispensing, and performing medical treatment. It has the purpose of performing multiple processes such as automatically calculating received items and determining receipts and registrant charges, and exchanging information with related terminals whenever such items occur. .

For example, when the billing amount is confirmed, the billing amount is transmitted to the terminal terminal 160J, which is an electronic money terminal at the accounting window, notifying that payment processing will occur, and encouraging preparatory actions. In addition, since the registrant's location is in the examination room, it will be clear that the registrant is not in any other space in the hospital, thus preventing patient confusion. When each terminal receives permission information as an authentication result, each terminal automatically provides an authentication service based on the purpose of use of the terminal of the terminal. For example, after the comparison information based on information entering the room from the entrance of the house is created, the registrant recognizes that the person exists inside the house and cannot impersonate the person outside the house to use the terminal. In addition, even within the house, if comparison target information based on information in the bedroom or bathroom is created, even the family cannot impersonate the registrant while sleeping or taking a bath and use the terminal.

 [0105] (Basic 5 When registrant goes out of hospital)

 When the registrant starts to move in accordance with the process S according to the basic examples 2 and 3, the terminal terminal 160B reads the face information by the process according to steps S17 to S23 of the first embodiment, and the building Side terminal 11 OA creates movement start information or biometrics recognition information, and authentication server 10A power Continuous authentication of the comparison target information created by the building side terminal 110A and the latest comparison target information of its own equipment Recognize that the registrant exists outside the hospital unit. After that, the authentication server 10A sends the movement start information to the exchange server 20, and the same processing as in steps S202 to S203 and steps S208 to S210 is performed. On the other hand, the movement start information is used in the own unit. Since it recognizes that there is no registrant, it creates usage control information and sends it to the sub-servers managed by its own device. As a result, registrants are outside the hospital.

 Authentication service becomes available, and it is impossible to impersonate a registrant in a hospital and use the system illegally.

 The authentication server 10A registers the presence recognition record such as the personal identification ID of the registrant, the time information that recognizes the departure (including the estimated recognition) and the terminal information in the presence recognition record table provided in the device itself.

[0106] (Existence recognition record table)

Fig. 12 is a diagram showing an example of the contents of this existence recognition record table. The name and name of the terminal that manages the unit, the current time, the personal identification ID and name of the presence person, the presence person entered the unit, or It contains information such as the terminal and time that it has recognized that it has exited or continues to exist, the current presence / absence, and the authentication response level. It also receives comparison target information and presence notification information. If received, the received information and the terminal identification ID that became the sender are registered. The presence recognition record table compares the entrance recognition time and the exit recognition time, calculates the stay time, identifies the number of unexited people, counts the number of unexited people, and registers the presence recognition record table for each unit There is also a function to compare information with each other and a function to register unregistered person information. As a result, the registrant's final confirmation time and the final confirmation terminal can be recognized.

[0107] (Responding to abnormalities after leaving the unit)

 After each terminal recognizes that the registrant no longer exists from the unit (exit) and the usage control information is sent, the personal information of the registrant is read, the authentication service is billed, When the information creation process is performed, the process is regarded as an abnormal process, and warning information is created and transmitted to the related terminals.

 At the same time, if the unit includes a terminal with a function that can restrict entry / exit, such as a door or opening / closing device, the lock force information (including closing the door) is sent along with the warning information to force the door. Lock it. In addition, when a face information reader is installed in the unit, the forced shooting information is transmitted along with the warning information, and the status of the person in the unit is recorded. This procedure ensures the identity of the person who performed the impersonation and creates evidence.

[0108] (Application 2 Operation in financial transactions)

 When the registrant enters personal information at the terminal 160F at the accounting window, authentication processing and terminal purpose recognition similar to those in Basic 4 and Application 1 of the fifth embodiment are executed, and the terminal Electronic money can be used at 160J.

 The terminal-side terminal 160J is an electronic money terminal with a register function and a medical fee calculation function, so when receiving medical treatment contents from the terminal-side terminal 160H linked to the electronic medical record, the medical fee is calculated and displayed in the register. At the same time, the authentication server 10E that manages the registrant's electronic money information is automatically accessed, and the personal identification ID of the registrant, the registrant's latest comparison target information, and the electronic money account of the hospital And charge the deposit account to the amount equivalent to the medical fee.

The authentication server 10E verifies the continuity of authentication and compares the contents of the requested financial transaction with the status of the financial transaction such as the extracted registrant's account balance and setting conditions for financial processing. If verification and billing content can be processed, transfer processing is executed, and as a result, information indicating that the processing has been successful, the electronic money balance of the registrant after transfer, etc. are transmitted, and the terminal side Terminal 160J displays the information to the registrant.

[0109] For financial transactions, a typical example uses an authentication service according to Application 2.

 When purchasing goods, tickets or air tickets, and when paying service charges such as food and beverage charges, hotel accommodation fees, or art museum admission fees, the terminal 160 is connected to a register or a computer for fee calculation. Built in or attached as part of the function. Therefore, when the registrant checks the displayed amount and reads the personal information for authentication at the terminal 160 on the terminal side, the authentication system completes confirmation of the intention to pay the displayed amount to the terminal administrator. After that, if the authentication service is successful, the organization side terminal 120E performs settlement, payment, transfer processing, and the like.

 Similarly, transfer of funds between accounts, domestic and foreign remittances, financial transactions such as payment for foreign exchange or stocks or bonds, etc., payment using the Internet such as payment for shopping or auction, payment, transfer processing, etc. In this case, when processing for reading personal information for authentication is performed, it is considered that the processing regarding the transaction details and the amount of money displayed on the electronic device screen being operated is accepted, and if the authentication service is successful, the organization side terminal 120E processes

[0110] (Authentication service result or expiration date of permission information)

 In addition, when a predetermined time (for example, 5 minutes) has elapsed since receipt of information that the authentication service was established, permission information, and the latest comparison target information, permission information, etc. is automatically used to ensure the safety of the transaction. It may be set to be deleted.

[0111] (Exchange example of economic value)

 Here, financial transaction processing will be described as a main example for the exchange of economic values. For the sake of explanation, the registrant's electronic money account balance is 50 yen, the savings account balance is 80 yen, the credit available amount is 70 yen, and the automatic loan amount (automatic borrowing amount) is 50 yen. Personal information, transaction details, payment methods, etc. are entered by the registrant into the terminal 160 and transmitted to the organization terminal 120E that manages financial transactions including electronic money.

(Example 1 Product purchase price 30 yen is paid with electronic money or deposit account) The organization side terminal 120E withdraws 30 yen from the registrant's electronic money account, or withdraws 30 yen from the registrant's savings account and pays 30 yen to the store's designated account because the payment amount is within the account balance Execute transfer process to deposit.

 (Example 2 Pay 20 yen for examination fee with credit)

 At organization side terminal 120E, the payment amount is within the credit allowance, so the registrant and the hospital side provide information on the credit use consent, and then the information registration that provided 20 yen credit to the registrant and the credit company The transfer process will be implemented in which 20 yen is withdrawn from the bank account and 20 yen is deposited into the designated account on the hospital side.

 (Example 3: Eating and drinking 60 yen with electronic money, automatic loan)

 Since the organization side terminal 120E has a shortage of 10 yen in electronic money, the end side terminal 160 will receive an unprocessable answer information, an electronic money account balance, and other available payment means (for example, a deposit account). Withdrawals) and proposals for combination processing of electronic money and other payment methods.

 The organization side terminal 120E verifies whether there is an automatic credit line setting equivalent to the balance, and if it exists, the registrant borrows 10 yen and the 10 yen deposit process into the electronic money account. At the same time, a transfer process of depositing 60 yen into the store's designated account may be implemented.

 (Example 4 Withdraw the purchase cost of 20 yen per share of Company A shares from the deposit account)

 With the organization side terminal 120E, the payment amount is within the account balance range, so if you withdraw 20 yen from the registrant's ordinary account and deposit 20 yen into the specified account of the securities company that is the seller or agency! Perform the transfer process.

 (Example 5 Exchange of coins and banknotes with electronic money)

 The registrant asks the receiving side, such as a financial institution or a store, for cash to be exchanged for electronic money, and confirms it on the terminal 160. The registrant inputs the personal information reading process and information instructing payment to the electronic money to the terminal 160 on the terminal side, and the organization terminal 120E transfers from the designated account on the receiving side to the registrant's electronic money account. Perform a 30 yen transfer process.

On the other hand, the registrant reads the personal information to the terminal 160 and transfers the money from electronic money to cash. Enter the information to instruct the exchange and the exchange amount of 20 yen. Since the exchange amount is within the account balance, the organization side terminal 120E carries out a transfer process of withdrawing 20 yen from the registrant's electronic money account and depositing 20 yen into the cashier's designated account. Notify terminal 160. After confirming the completion notice, the cash issuer will give the cash equivalent to the exchange amount to the registrant.

 (Example 6: Transfer funds between accounts of registrants)

 The registrant inputs personal information to the terminal 160, information for instructing the transfer of funds from the savings account to the electronic money account, and the exchange amount. The organization terminal 120E has a normal exchange amount.

If it is within the balance range of the deposit account, the transfer amount is deducted from the savings account and the transfer amount is transferred to the electronic money account.

 (Example 7 Transfer funds between accounts to non-registrants, transfer)

 The registrant inputs the personal information read into the terminal 160, information for instructing the transfer of funds from the electronic money account or the savings account to the third party account, and the transfer amount. When the transfer amount is within the account balance range, the organization side terminal 120E carries out a transfer process of withdrawing the exchange amount from the registrant's account and depositing it into the third party account.

 (Example 8 Conversion to foreign currency Exchange with US dollar 1)

 The registrant inputs information on reading the personal information, instructing payment from the electronic money account, and information indicating that he / she wants to exchange from Japanese yen to US $ 1. The organization-side terminal 120E calculates the amount necessary for applying for foreign currency exchange (for example, 13 yen, which is a total of 12 yen for the exchange rate and 1 yen for the commission), and transmits it to the terminal 160 for display.

 The registrant confirms the displayed amount of 13 yen and reads the personal information to the terminal 160 again or inputs the amount approval information and transmits it.

 The organization terminal 120E has a foreign currency exchange requirement of 13 yen in the account balance, so 13 yen is withdrawn from the registrant's savings account, 1 yen as the company's commission, and 12 yen in the exchange partner account. If you deposit! /, Carry out the transfer process.

 (Variation 1 Setting of payment limit and transfer limit)

In the case of financial transactions, there are transaction setting conditions as items to be verified in step S309. The person or legal agent or service provider is responsible for payment, transfer of funds, transfer limit, credit line usage limit, borrowing limit, exchange limit, transaction limit, etc. when processing financial transactions. May be registered.

 The limit setting conditions mainly include the following (1) to (4) and combinations thereof.

 (1) Limitation by a certain time

 Set a limit for a certain time or period such as once, one day, one week, etc.

 (2) Restrictions due to trading space

 Set a limit for each transaction space such as home, office, designated or undesignated store.

 (3) Limits due to trading hours

 Set the limit of the transaction time and the non-transaction time.

 (4) Restrictions on transaction details

 Set limits for each transaction, such as product purchases, net banking use, electronic money use, and cash withdrawals.

 (Modification 2 Balance transfer between accounts)

 In the case of financial transactions, there is a comparison between the transaction amount and the account balance as a matter to be verified in step S309. However, a certain amount or shortage amount or a certain percentage is transferred from the account of the principal or another person (including a corporation), A setting condition for enabling completion may be registered.

 There are mainly the following (1) to (4) as the setting conditions between the target accounts for automatic balance transfer.

 (1) Between registrant accounts

 (2) Between registrant's account and family account

 (3) Between the registrant's own account and the account of the organization and person belonging to the organization

 (4) Between the registrant's own account and the account approved by the account holder of the transfer source

 The automatic transfer amount setting conditions mainly include the following (5) to (9) and combinations thereof.

 (5) —Setting by fixed time

 Set transfer approval amount for a certain time or period such as once, one day, one week.

 (6) Setting by trading space

Set transfer approval amount for each transaction space such as home, office, designated or undesignated store. (7) Setting by transfer partner

 Set transfer approval amount for each party such as between parent and child, between company and employee.

 (8) Setting by transfer amount

 Processing to transfer the specified amount, the amount required to complete the transaction, the amount that the transfer destination account balance reaches the specified amount, the amount that the transfer source account balance reaches the specified amount, a certain percentage of the transfer source account balance, etc. Set.

 (9) Setting by transaction details

 Set transfer approval amount for each transaction such as product purchase, use of electronic money, cash withdrawal

[0114] In the past system, if a registrant's betrayal act (for example, unauthorized lending of an entry card) or personal information (biometrics information) is lost, a third party impersonates the registrant and uses the system. There was a vulnerability that could be done.

 In this authentication system, it is also possible to send usage control information every time it recognizes the registrant's location and control all electronic device terminals and access to the information system. It is impossible for a third party to perform impersonation separately from the existing existence, and the security of personal information and personal assets is ensured.

[0115] <Sixth embodiment>

 (Continuity determination using the main unit)

 Each terminal may not have the latest information for comparison in order to authenticate the registrant. Therefore, each terminal registers in advance the terminal information that manages the registrant's main unit and the personal identification ID of the registrant used at that terminal in the history information DB and basic information DB, and is charged for authentication service processing. If so, send the information to be compared to the main unit and ask for continuity.

 FIG. 13 shows that in the sixth embodiment of the present invention, when the sub server group receives the presence notification information from the exchange server 20, the received information is transmitted to the main unit to perform the authentication process, and the processing result information is acquired. FIG.

[0116] The building-side terminal 110 that manages the registrant's main unit is always notified of the presence notification information from the exchange server 20, determines the continuity of authentication, and recognizes the latest existence space. The exchange server 20 creates presence notification information based on the newly received comparison target information, and transmits it to the organization side terminal 120 and the building side terminal 110 for electronic money management (step S351).

Yes

 The building-side terminal 110 compares and verifies the received presence notification information with the immediately previous comparison target information stored in its own device (step S352), and recognizes the latest existence space (step S353). The organization-side terminal 120 determines the power of storing comparison target information that can be compared with the presence notification information received for the authentication continuity determination (step S354). If it is stored as a result of the determination, authentication processing is executed (step S355), the existence space is recognized, and permission information for using electronic money is created (step S356). On the other hand, if not stored, terminal information (in this case, the building-side terminal 110) that manages the registrant's main unit is extracted (step S357), and the personal identification ID of the presence notification information received in step S351 is stored in the main menu. To the building-side terminal 110, the information converted into the personal identification ID of the knit, the terminal identification ID of the machine, the information for requesting an authentication response, and the request number (hereinafter referred to as main authentication request information) Transmit (step S358).

 The building-side terminal 110 determines whether authentication by the same presence notification information as the received main authentication request information has been processed (step S359), and if there is authentication, information indicating that authentication has been performed, and main authentication request information The request number and the terminal identification ID of the device itself (hereinafter, main authentication response information) are transmitted to the organization side terminal 120 (step S360). Upon receiving the answer information, the organization side terminal 120 recognizes the existence space and creates permission information (step S361).

 On the other hand, if there is no authentication, the main authentication request information and the presence notification information in step S351 may be fake, so it is recognized that there is an abnormal situation (step S362), and the notification abnormal information is immediately created and the organization The data is transmitted to the terminal 120 and the exchange server 20 (step S363). As a result, the organization-side terminal 120 stops the authentication service (step S364), and the exchange server 20 transmits warning information to the transmission destination of step S351 (step S365).

 (Modification 1 Judgment of continuity using recognition processing of other terminals and exchange server)

If the management terminal of the main unit that constantly receives the presence notification information determines that there is an abnormality in information consistency when receiving new presence notification information or main authentication request information, the communication terminal The exchange server 20 that has transmitted the intellectual anomaly information and has received the information transmits warning information to each terminal.

 For this reason, the terminal that has received the presence notification information from the exchange server 20 may determine that the authentication has been established if it does not receive the warning information within a certain time after the reception.

[0118] <Seventh embodiment>

 (Collaborative transactions of different space terminals using information to be compared)

 FIG. 14 is a sequence chart showing an operation example of an authentication service when a transaction provision is recognized by linking a plurality of terminals existing in different spaces according to comparison target information in the seventh embodiment of the present invention. is there. Here, the explanation is based on railway use and financial transactions.

[0119] The authentication server 10B that manages the main unit of the registrant always receives the presence notification information from the exchange server 20, and recognizes the latest existence space of the registrant.

 In order to get on the train, the registrant reads the vein information at the terminal 160A at the end of the A station ticket gate and sends it to the authentication server 1OA that manages all terminals of the railway company. The authentication server 1 OA performs authentication determination based on the received information. If authentication is established, the movement start information is created and stored in the own machine (step S375) and transmitted to the exchange server 20 (step S376). Further, the authentication server 10A recognizes that the purpose of use of the terminal 160A on the terminal side is “pass the ticket gate to enter the station A premises” and “consider A station as the first station” (step S377).

 When the exchange server 20 converts the movement start information into presence notification information (step S378) and sends it to the authentication servers 10A and 10B (step S379), the authentication server 10B compares the received information with the comparison target that has been recognized immediately before. By comparing with the information, a new existence space is recognized and registered in the own aircraft (step S380).

 After getting off the train, the registrant performs the same processing as steps S375 to S380 at the terminal 160B at the terminal B of the B station ticket gate (steps S38;! To S386). At this time, the authentication server 1 OA recognizes that the purpose of use of the terminal 160B on the end side is “pass the ticket gate to enter outside the B station” and “deem B station as the arrival station”.

Authentication server 1 When OA recognizes the registrant as “starting station” and “getting off station” in the aircraft, it automatically calculates the fare from A station to B station. Execute (Step S387) and include the billing amount, comparison target information that is the basis for calculation, and the account information of the bank account at the banking company for the bank authentication server 10C that manages the fee payment account set in advance by the registrant. Billing information to be sent (step S388).

[0120] The authentication server 10C does not have the latest comparison target information for authenticating the registrant in its own device. Therefore, when the billing information is received, the authentication server 10C manages the main unit to verify the validity. To the authentication server 10B, the action history authentication request information that combines the comparison target information that is the basis for the calculation and the information that requests the identity authentication of the comparison target information that the authentication server 10B has (step S389). .

 The authentication server 10B verifies the identity with the comparison target information stored in the device based on the personal identification ID and spatial information of the registrant in the received information (step S390). The approval information is transmitted to the server 10C (step S391). As a result, the authentication server 10C performs the transfer / withdrawal process based on the billing information (step S392).

 On the other hand, if the authentication server 10B does not match the stored information, the authentication server 10B transmits non-approval information to the authentication server 10C (step S393). The authentication server 10C stores the received information in its own machine (step S394), and performs the authentication server without performing the transfer / withdrawal process based on the billing information.

 Payment rejection information that includes non-approval information in addition to billing information is sent to 10A (step S395), and recalculation of charges, re-verification processing of calculation basis, etc. are performed (step S396)

Yes

 If the registrant approves in advance, the processing of steps S389 to S391 may be omitted, and payment or transfer processing may be performed as soon as a request is made.

[0121] (Automatic charge calculation 1)

 (1) When using a terminal on the terminal side with fixed space information

 Terminal terminal 160 is installed at the boarding gate of an aircraft, bus stop, station ticket gate, boarding gate, etc. to recognize take-off airport and landing airport, boarding location and getting-off location, etc., and calculate fare .

Similarly, if an entrance fee or entrance fee is collected to enter a building or site that is managed or provided, such as an art museum, a tourist facility, or an amusement facility, the terminal is terminated at the entrance. By installing the side terminal 160, it recognizes admission and admission, and calculates the fee.

 (2) When using a terminal on the terminal side with a position measurement function

 Terminal side terminal 160 is installed on a taxi door, train door, etc., and the terminal side terminal 160 acquires spatial information from the GPS function and wireless communication status with the control tower, etc., and recognizes the boarding place and the getting off place etc. And charge calculation.

 (3) When a fee is required if the service is provided in a certain space during service provision time

Service provision time (screening time, performance time, business hours, etc.) in buildings or grounds that manage or provide services, such as movie theaters, theaters, karaoke boxes, cartoon cafes, and other play facilities, hotels, rental halls, etc. If that existed), and some force ^s fee payment is required.

 In this case, the terminal 160 is installed at the entrance, recognizes that the registrant was in the corresponding space and the time it was present, and if the service provision space and time correspond, charge calculation is performed.

 (Automatic charge calculation 2)

 Terminal terminal 160 is installed at the entrance, and the registrant recognizes that it exists in the space.

In (4) to (8), information on product prices, food and beverage charges, and various service charges are pre-stored in electronic tags, IC chips, and QR codes.

 (4) Batch calculation at exit

 When the registrant leaves the store with the product, the terminal 160 creates movement start information. In addition, an information reader such as an electronic tag installed at the exit acquires information such as an electronic tag attached to the product and calculates a purchase price. After that, the time information of the registrant's movement start information is compared with the reading time information of the electronic tag, etc., and the pieces of time information at the same time or near each other are linked together to calculate the fee as the purchase price of the registrant.

 (5) Calculation for each space movement

The store is divided into one or more spaces so that registrants can be recognized in each space, and information such as electronic tags can be constantly grasped in each space. When recognizing that the product no longer exists in the space for each space, the registrant who no longer exists in the space (moved from the space) is identified. After that, registrant movement start time and reading time of electronic tag etc. Are compared with each other and linked together at the same time or near time information, and the fee is calculated as the purchase price of the registrant.

 (6) Interlock by reader

 In the case of (4) and (5), if multiple people enter and exit at the same time, there is a possibility that the charge information may be complicated, and it is necessary to take measures such as going through the exit one by one or restricting entrance to the store. Become.

 Therefore, a terminal 160 and a reading device such as an electronic tag are installed in the store, the registrant's personal information is read to identify the individual, and affixed to the product that the registrant wishes to purchase! /, One or more pieces of information such as electronic tags are read and linked in advance.

 After that, when the terminal 160 installed at the exit recognizes the movement start information of the registrant, the information such as the electronic tag of the product acquired by the information reader such as the electronic tag installed at the exit is included in advance. Compare whether or not it contains one or more information such as electronic tag of the product linked with the registrant. As a result, if information such as electronic tags in advance is included, the price of goods read by the information reader such as the electronic tag installed at the outlet is calculated as the purchase price of the registrant.

 (7) Automatic calculation of provision period

 In the case of rental of goods, when the registrant starts moving from the corresponding space while holding the product, the terminal 160 installed at the exit recognizes the movement start information of the registrant and at the same time installed at the exit. The information reading device such as the electronic tag acquires the information such as the electronic tag attached to the product, and acquires the time information about the start of lending to the registrant regarding the product. After that, when the registrant moves to the corresponding space while holding the product, the terminal 160 installed at the entrance recognizes the registrant's movement stop information and simultaneously reads information such as the electronic tag installed at the entrance. The device obtains information such as the electronic tag attached to the product, obtains information on the time when the renter has finished renting the product, and calculates the rental fee for the registrant.

 (8) Automatic charge calculation based on existence space

The store is divided into one or more spaces, and registrants can be recognized for each space. Every time the registrant places an order for a service (food order, medical request, hairdressing, etc.), Enter the space of the person who placed the order with the orderer (here, the registrant) and the order contents. After that, when the registrant starts moving from the space, the service provision fee is calculated based on the order contents, and the transfer / withdrawal process is performed.

<Eighth embodiment>

 (Understanding the presence of units in the unit by using the information to be compared)

 In the eighth embodiment of the present invention, recognition processing of the latest presence person and existence space in the unit is performed using the comparison target information and the existence recognition record table. .

[0124] (Existence management)

 The authentication server 10A registers the information of the person who entered and exited the hospital in the presence recognition record table of FIG. 12 (a) by the processing of the first to sixth embodiments, and FIG. This is a categorization of the presence / absence of personal authentication and the contents registered in the presence recognition record table when entering and exiting the entrance.

 (1) Pattern 1

 This is a case where a person is specified based on the information to be compared for both entry and exit. In the presence recognition record table, the name of the presence person and time information, confirmation terminal information, etc. are registered as records of entry and exit.

 The administrator can easily recognize the presence of persons in the unit by counting the number of unregistered persons.

 (2) Pattern 2

 If it is impossible to specify a person for both entry and exit, the presence recognition record table will automatically include an anonymous person identification ID that combines “Z” indicating an anonymous person and “the number arbitrarily assigned by the system”. Time information, confirmation terminal information, etc. are registered with separate entry and exit records. If the face information reader has a person tracking function and it can be confirmed consistently until the anonymous person who has entered leaves, it will be registered with the same anonymous person identification ID.

 It is impossible for the administrator to identify the presence in the unit, but only the number of people who exist by subtracting the number of people who have left the anonymous person.

 (3) Pattern 3-1, Pattern 3-2

Only one of the entrance and exit will specify the registrant based on the information to be compared. In the case where no person can be specified, registration according to Pattern 1 and Pattern 2 is performed in the presence recognition record table.

 Although it is difficult for the administrator to identify the presence person in the unit, the total number of visitors with the name of the person and the number of visitors with the name of the person from the sum of the number of visitors with the anonymous ID ID By subtracting the total number of people leaving the anonymous ID ID, only the number of people present is recognized.

 Figure 12 (c) shows an example of specific registration processing based on the hospital shown in Figure 9 (a) for the contents of Pattern 3.

 In action 1, the person is identified based on the comparison target information at the entrance of the building, and the information such as “Taro” as the name of the presence person, the time information of the entrance, and the terminal terminal 160A as the entrance confirmation terminal are registered. When `` Taro '' enters the examination room anonymously, an anonymous person identification ID `` Z01 '' is automatically created and registered in the presence recognition record table together with information such as the time information of the entry and the terminal confirmation terminal 160D as the entry confirmation terminal To do. At this time, as operation 3, an anonymous person identification ID “Z02” is created to indicate that the patient has left the hospital unit that is connected to the examination room, and the time information of operation 2 is the exit time, and the terminal 160D In action 4, when a person is identified based on the comparison target information when leaving the examination room, “Taro”, the time information for leaving, Information such as the terminal 160D is registered in the existence recognition record table. At this time, as operation 5, the hospital unit connected to the examination room indicates that it has entered, so the existence name is “Taro”, the time information of operation 4 is the entry time, and the terminal 160D is the entrance confirmation terminal. Register in the presence recognition record table. As operation 6, when leaving the hospital with anonymity, an anonymous person identification ID “Z03” is automatically created and registered in the presence recognition record table together with the time information of leaving and information on the terminal terminal 160B as the terminal confirming exit.

 Even when moving within a unit, the number of people in each unit and the whole unit can be accurately grasped by registering the entry / exit record in the presence recognition record table.

When space A and space B are continuous units, they moved from space A to space B. If the terminal in space B recognizes it by the entry process, it will be “unit movement information 1”, and if the terminal in space A recognizes it by the exit process, it will be “unit movement information 2”.

[0126] (Exit recognition based on presence notification information)

 The exchange server 20 creates presence notification information based on the comparison target information and transmits it to the authentication server 10A. The authentication server 10A verifies whether the received information is based on the comparison target information transmitted from within the unit managed by the received information, and if the authentication server 10A determines that it is based on information transmitted from other than the unit managed by its own device, Verify whether it is registered in the record table. At this time, the first process determines whether or not the registrant is registered in the presence recognition record table, and if there is a registration, extracts the registration data. The second process determines whether or not there is an exit record for the corresponding data, and identifies the data portion that does not have an exit record. If entry and exit information is registered in the same name column, it is recognized that the user has already exited, so it is removed from the specified subject. The third process verifies whether the entry time information of the specified data and the own space information match the received presence notification information, and if they match, the time information in the presence notification information is replaced with the departure time information. Register server 20 as an exit confirmation terminal. By this registration, the authentication server 10A recognizes that the registrant has left the unit managed by its own device, and transmits usage control information within the unit.

 [0127] (Variation 1 Recognition of exit by cooperation with main unit)

 In the case of a terminal that does not always receive presence notification information, the latest comparison target information is billed to the exchange server 20 and the sub-server group that manages the registrant's main unit.

Verify whether registrants are moving or continue

[0128] FIG. 15 shows a modification example 1 of the eighth embodiment of the present invention in which a terminal that manages the presence recognition record table requests the latest comparison target information from another terminal and uses its response information to determine its own device. It is a sequence chart showing an operation example of performing recognition processing of the presence / absence of a corresponding person in a management unit.

[0129] The authentication server 10 confirms the exit from the presence recognition record table! /,!, A person with a specific person or person's name registered but no exit record, and registration data of the person concerned. Is extracted (step S451), and the management terminal information such as the main unit related to the extraction target is specified (step S452). After that, the authentication server 10 authenticates the personal identification I to the terminal in step S452. D, registration time information being registered, terminal identification ID of the device, information for requesting the presence or absence of the latest comparison target information created after the entrance time information on the management terminal such as the main unit, The request number is also transmitted (hereinafter referred to as exit investigation information) (step S453).

 The management terminal such as the main unit itself is based on the time information included in the received exit investigation information.

It is verified whether the relevant information exists in the aircraft (step S454), and if it exists, response information including the time information, spatial information, and request number included in the relevant information (hereinafter referred to as exit response information). Is transmitted to the authentication server 10 (step S455).

 The authentication server 10 verifies whether the received exit response information matches the entrance record of the presence recognition record table (step S456) .If they match, the authentication server 10 recognizes that the person has exited, and uses it as the exit response information. The included time information is registered as an exit time, the answering terminal is registered as an exit confirmation terminal (step S457), and usage control information is transmitted to each terminal in the management unit (step S458).

 If it is determined that there is a mismatch, it is recognized as an abnormal state (step S459), and notification abnormality information is transmitted to the response terminal and the exchange server 20 (step S460). The subsequent processing is the same as steps S364 to S365 of the sixth embodiment.

 (Variation 2 Existence management processing and calculation of real existence time)

 Since the entry and exit records are registered as information in the presence recognition record table, the following management information (1) to (4) can be created.

 (1) Attendance and absence

 Judgment is based on the admission record information for the unit requested to attend.

 (2) Presence of entry or arrival, departure or departure

 (3) Real existence time in the unit

 Exit time information ability Calculate and provide time information minus entry time information.

 (4) When combining (1) to (3)

For example, in attendance management and attendance management for classes and training, the space attended by (1) and the presence time calculated in (3) are combined to satisfy the space and time required for attendance. Judge the force. In addition, by calculating the time that exists outside the working space (rest room, smoking room, etc.) and subtracting it from the time that was present in the office building, it is possible to verify the satisfaction of real working hours.

 [0131] (Variation 3 Search support for unit residuals)

 The person who performed the work extracts the latest residual information of the existence recognition record table and the terminal terminal information of the corresponding person. Subsequently, for the person who has the name of the survivor among the extracted survivors, when the modified existence example 1 of the seventh embodiment is executed and the latest existence is confirmed! /, The exit response information is acquired Register as an exit record. As a result, the latest residual information is updated, and the operator starts the search from the unit indicated by the final confirmation terminal, and then moves to the unit that is continuous with the unit and searches. .

 [0132] Some entry / exit management systems manage attendance status using electronic tags and mobile phones, but if a registrant rents the equipment to a third party, it can be reimbursed or registered for unauthorized attendance. Met.

 In addition, the conventional entrance / exit management system performs entrance / exit management and residual estimation based on records detected or recognized by various sensors and readers installed at the entrance / exit, so the system does not recognize the exit of a person. In this case, it was judged that the person was in the building.

 This authentication system prevents impersonation because if the registrant is recognized twice in the same unit and another space at the same time, authentication will be inconsistent and notification abnormal information will be sent. In addition, since the residual situation is determined based on the continuity of individual existence, if the registrant is recognized in another space, the exit recognition is processed in conjunction with it, so the actual registrant exit cannot be recognized. Even in the case, it is complemented by another terminal to realize precise access control.

<Ninth Embodiment>

 (Recognition of seated 'vacant seats')

 FIG. 16 shows an operation example of recognizing whether a seat is seated or vacant using the comparison target information and the presence recognition record table and notifying the recognition result in the ninth embodiment of the present invention. It is a sequence chart.

[0134] Fig. 17 (a) shows an image in which the restaurant seats are regarded as one unit, and the table and This space is composed of three chairs with terminal 160 and a monitor camera. Fig. 17 (b) replaces the installation situation of Fig. 17 (a) with a terminal configuration.

 Fig. 17 (c) is a presence recognition record table for the building-side terminal 110 to manage the passenger seat unit of Fig. 17 (a). The table shows the unit of chair and the unit of passenger seat. It is a table that manages both at the same time. In this presence recognition record table, a chair is fixed data, and a person's entry / exit record is registered for the chair.

 In addition, the administrator side publishes the personal authentication technology that can be used in the seats and the space around the seats as an available equipment table, and provides the registrants with advance information necessary for creating comparison information.

 Fig. 18 (a) is a diagram showing an example of the contents of this available equipment table, and the personal information that can be handled by the equipment, installation location, and installation equipment that can be used for authentication in the seat and the space around the seat. Type, personal information type compatible as authentication information, etc. are disclosed. In addition, the manager side provides a reservation form for accepting a seat reservation.

 Figure 18 (b) shows an example of the contents of this reservation form. The date and time the registrant wants to reserve a seat, the seat contents (e.g. flight number, train number, building name, store name, room number, etc.) ), Scheduled usage time, scheduled usage period, registrant's personal identification ID, registrant's main unit management terminal ID, scheduled at the time of registration! /, Terminal identification ID indicating the movement start space, etc. Register.

 By registering the registrant's main unit management terminal ID in advance, the sixth embodiment can be used as a personal authentication method at the seat, and the information on the movement start space can be registered. Enables the use of travel notice information.

 When two people, Taro and Saburo, are seated, the terminal terminals 160A and 160C installed in the chair read the personal information, and the building terminal 110 performs the authentication process.

 At this time, in principle, the building-side terminal 110 recognizes that the person whose personal information has been read has been seated in the chair, and registers the admission record. In FIG. "Indicates that you are seated. If the administrator wants to confirm the seated person more strictly, it sends verification request information to the terminal 160D and creates video presence information.

The terminal 110 on the building side has two admission records in the presence recognition record table and the presence columns for chair 1 and chair 3. If the information indicating that a person exists in the unit (for example, “1”) is registered (step S 501), it is recognized that a person exists and is seated in the chair unit and the audience unit. (Step S502), information indicating that the passenger seat unit is in use (hereinafter, seating information) is transmitted to the organization side terminal 120 that manages the entire restaurant (Step S503). As a result, the organization-side terminal 120 recognizes that the passenger seat unit is in use (step S504), and may transmit that fact to the reception desk or kitchen.

 After that, when Saburo returns, the terminal 160D detects that Saburo is not present in the video (Step S505), and transmits information indicating the absence of Saburo to the building terminal 110 (Step S505). S506), the building-side terminal 110 recognizes that Saburo has moved from the auditorium unit (step S507), and in the presence recognition record table, Saburo's exit record, and in the presence column of chair 3, there is a person in the unit. Information indicating that it does not exist (for example, “0”) is registered (step S508), and it is recognized that there are some empty seats in the passenger seat unit (step S509). Thereafter, information indicating that the passenger seat unit is partially vacant (hereinafter, vacant seat information) is transmitted to the organization side terminal 120 (step S510). As a result, the organization side terminal 120 recognizes that the passenger seat unit has some empty seats (step S511).

 The building-side terminal 110 has sent the seating or vacancy information to the organization-side terminal 120, but at the discretion of the administrator, the building-side terminal 110 is directly or via the exchange server 20 for institutions and customers that provide vacancy status notification services. You may distribute. In addition, the absence recognition process may be performed by, for example, reading personal information to the terminal 160 at the store outlet or receiving presence notification information from another unit through the exchange server 20. It may be due.

 (Registering the vacancy definition to the presence recognition record table)

If there is information that is valid even with a single vacant seat, such as a train seat, or if there is a close relationship between a table and multiple chairs as a set, such as a table in a restaurant Even if there are vacant seats, it will not be vacant seat information. Therefore, for each unit, the definition information for the system to determine that there is a vacant seat in the unit is registered in the presence recognition record table. In Fig. 17 (d), "all chairs 1-3 are vacant. , The unit is vacant, ”which indicates that the system has registered the definition information judged by the system. Since “1” is registered in the presence column of chair 1, recognition while seated can be continued. In addition, if the weight or temperature sensor installed in the chair does not detect the presence of a person for a certain period of time, or if an electronic tag or the like that stores information on vacant or reserved seats is placed and recognized in the unit, etc. A definition using technology that recognizes vacant seats without using authentication may be set.

 [0137] (Variation 1 reserved seat)

 In the ninth embodiment, the building-side terminal 110 recognizes only the presence of a seated person. However, there are reserved seats or reserved seats (hereinafter referred to as designated seats), and only designated persons (such as the person who reserved or designated the seat) can be seated. For this reason, it is necessary to register the authorized person information in the presence recognition record table in advance and recognize that the seated person is a legitimate user.

 FIG. 19 is a process for permitting only a legitimate user to be seated in a designated seat using the comparison target information and the existence recognition record table in the first modification of the ninth embodiment of the present invention. It is a sequence chart which shows the operation example which performs.

 For example, reserved seats refer to both seats for restaurants, railways, aircraft, lectures, concerts, etc., and fixed spaces such as accommodation rooms and time rental rental spaces. Including events.

[0138] The registrant sends the reserved seat reservation information to the reservation form in the restaurant-side terminal 120 using the terminal 160B at home (step S531). When the information is received, the possibility of making a reservation is examined (step S532), and if it is available, the reservation details such as the reservation person and the reservation date and time are registered in the presence recognition record table in the aircraft (step S533). If this is not possible, a message to that effect is transmitted to the terminal 160B (step S534).

Figure 18 (c) is a diagram showing an example of the contents of the presence recognition record table when reservation details are registered. Information indicating that reservation information exists in a unit (including seats and spaces inside the unit). Reservation date and time, reserved seat contents (including flight number, train number, room number, etc.), scheduled use time, scheduled use section, registrant's personal identification ID, registrant main unit management terminal ID, Register information such as the terminal ID that indicates the planned movement start space. When the reservation date is reached, the organization side terminal 120 receives the comparison target information from the exchange server 20 and the like along with the movement of the registrant, and determines the continuity of the individual real authentication (step S535).

 When the registrant arrives at the store and sits in the reserved seat, the registrant reads the personal information from the terminal 16 OA installed in the seat (step S536) and sends it to the organization terminal 120 via the building terminal 110 Then (step S537), the organization-side terminal 120 stores reservation information in the presence-recognition record table in which seat usage is limited to a specific person for the terminal 160A from the current time until a certain time (including the current space to a certain space). Verify whether is registered (step S538). If there is no reservation information, anyone can use it freely, so information indicating that is transmitted to the terminal 160A (step S539).

 On the other hand, if there is reservation information, the organization side terminal 120 performs personal authentication of the registrant based on the received personal information etc. and the comparison target information stored in its own device! ) If the registrant authentication is not established, the building side terminal 110 is read again for personal information, the situation check by the store clerk, or the processing to make the terminal side terminal 160A unusable. Use caution information that is instruction information is transmitted (step S541), and the building-side terminal 110

The contents are displayed (step S542), and the instruction content is processed (step S543).

 On the other hand, if the registrant authentication is established, the presence recognition record table in the aircraft is referred to verify whether the authenticated person is consistent with the reservation information (step S544), and the registration information is inconsistent. In this case, as in step S541, usage attention information is transmitted to the building-side terminal 110 (step S545), and processing such as identity confirmation and reservation confirmation is performed based on the instruction information (steps S546 and S547).

 When it matches with the reservation information, the organization side terminal 120 transmits information indicating that the end side terminal 160A unit can be used to the building side terminal 110 (step S548).

 The conventional reserved seat system has been judged to be a legitimate user by having a reserved ticket issued in advance, an electronic tag storing reserved seat information, a mobile phone, and the like. For this reason, it was necessary for the user to secure the proof at hand, troubles due to double ticketing, and reissuance processing when the designated ticket or mobile phone was lost or stolen.

This authentication system uses the presence recognition record table, and the registrant uses the reservation details as electronic information. Since it is stored at the service provider side, it is only necessary to implement an authentication service that does not require a certificate at hand.

[0140] <Tenth embodiment>

 (Determining authentication level)

 In the first to ninth embodiments, the presence space of the registrant is recognized by personal authentication using the comparison target information, and various transaction processes are permitted within the space. However, because the accuracy of personal authentication differs between the movement-related information that generates the ability to read personal information and the estimated presence information that is generated by the mobile device that is possessed, the transaction content and scope allowed by the registrant differ. Also allowed to set. For this reason, in the present embodiment, a process for linking the accuracy of personal authentication information with access control and various transaction permissions will be described.

 FIG. 20 shows an operation example of processing for determining an authentication level based on comparison target information used when performing personal authentication and performing access control according to the authentication level in the tenth embodiment of the present invention. It is a sequence chart.

[0141] The authentication server 10A recognizes the registrant's existence space based on the comparison target information received from the exchange server 20 or the like (steps S601 to S602).

 When the registrant arrives at the hospital, the terminal 160A at the entrance reads the personal information of the registrant (step S603) and sends the read information and time information to the authentication server 1 OA (step S604). ). If the registrant wishes to be anonymous, the terminal-side terminal 160A does not perform the personal information reading process, and transmits the anonymous person's entrance, time information, and the like (step S605).

When the authentication server 10A receives personal information or the like in step S604, the authentication server 10A executes authentication processing such as verification of read information and verification of continuity with the immediately previous comparison target information (step S606). As a result, when the personal authentication is not established and when the anonymous person entrance information is received in step S605, the anonymous person entrance record is registered in the presence recognition record table, and “level 0” is automatically assigned (step S605). S607). In addition, usage attention information, which is instruction information for prohibiting personal information reading or terminal operation, may be transmitted to each terminal in the unit (step S608). Each terminal 160 that has received the usage attention information displays the instructed content (step S609) and performs the processing of the instructed content (step S609). S610).

 On the other hand, if personal authentication is established, the authentication server 1 OA recognizes the presence of the registrant, registers an entry record such as the name of the resident in the presence recognition record table (step S611), and receives it in step S604. Based on the comparison target information and the latest comparison target information used for comparison verification in the process of step S606, the authentication level is determined by comparing with the authentication stage table in the device, and registered in the presence recognition record table ( Step S612).

[0142] (Entry / Exit Management by Authentication Level)

 As shown in Fig. 21 (a), the authentication level is set for each space in the hospital. When the registrant enters the examination room, when the terminal 160D reads personal information, etc. (step S613), the authentication level determined this time is determined after performing the same processing as steps S604 to S611. It is verified whether the authentication level is higher than the authentication level set for the room (step SS616).

If the registrant's authentication support level is 6 or lower, it is lower than the set authentication level, so entry is not permitted! /, (Do not unlock the door! /), And there is no person in the unit below the set authentication level. Since the user has entered, usage attention information is transmitted to the terminal 160D, 160H on the terminal side (step S617). Terminal receiving the usage warning information displays the instruction content, the process (step S618, S619) ₀ Further, use care information in this case, the usage control information of the terminal device 160H, the fifth embodiment It may also include the meaning of mandatory locking information for the terminal 160D on the terminal side in conformity with the above. The level matching information shown is transmitted (step S620). As a result, the terminal 160H can be operated, and electronic medical record information can be obtained and viewed (step S621).

[0143] (Example of transaction based on authentication level Financial transaction)

At the time of processing in step S613, the registrant inputs the desired financial transaction content (type, amount, etc.) and sends it to the authentication server 10A (step S614). The authentication server 10A determines the authentication level by the same process as steps S604 to S611 (step S616), and then determines the authentication level required for the requested financial transaction content by referring to the authentication level comparison table. (Step S616). In addition, the current authentication level is the level of authentication required for the transaction. The financial transaction processing is executed (step S620). If not satisfied, information indicating that the authentication level is insufficient is returned, and a notification of a necessary authentication level, a re-authentication process, a change in transaction contents, etc. is prompted (step S617).

[0144] FIG. 22 is a diagram showing an example of the contents of the authentication stage table. The type of comparison target information created by the latest authentication process and the type of comparison target information immediately before used in the authentication process are shown. The combined authentication level is set in 10 levels.

 The certification stage table not only provides a uniform level setting for the entire certification system, but also prepares one or more model patterns, and the service provider, unit administrator, registrant, etc. select the pattern that best suits them. May be. Further, the type, combination, and authentication level of comparison target information to be used may be freely set. For model patterns and individual settings, register the settings, registration date and time, and registration processing terminal.

 In FIG. 22, the judgment level may be determined by taking into account the ability to determine the authentication level based on the two pieces of information, the latest and the immediately preceding comparison target information, and one or more continuous comparison target information. The more information used, the more accurate the authentication level is determined.

[0145] Fig. 23 is a diagram showing an example of the content of the authentication level transaction comparison table, showing the authentication level determined in the authentication stage table, the unit corresponding to that level, the processing content, the transaction scope, etc. Information is set.

 Here, the unit name for each authentication level is an example of the unit, the entry / exit management conditions, the attendee information notification, the management correspondence notification, the caution information notification, the transaction range example, There is information such as the maximum amount.

 Visitor information notification refers to the function of notifying the administrator of the person's entry into the unit and the personal information of the person. The administrator response notice is information that instructs the administrator to perform actions such as manned response, video confirmation using a face information reader, person tracking system, etc. when the presence of a person in the unit is recognized. A function to notify. The notice information notification is information that notifies the administrator that a person below the set authentication level has entered the unit in the unit.

In the authentication level transaction comparison table, registration is required for small amounts of electronic money used on a daily basis. It can be used based on estimated movement information that does not require the user's voluntary movements, ensuring convenience. On the other hand, many

 In the case of a transaction involving a large amount of personal assets, we require authentication based on movement-related information to ensure safety.

 In the authentication level transaction comparison table, as in the authentication stage table, select and register the uniform settings for the entire authentication system, model patterns, and self-declared settings.

[0146] (Variation 1 Setting and disclosure of authentication level for unauthorized users)

 If a registrant is involved in the use of an unauthorized authentication system, the registration level transaction comparison table established by the system operator will be forcibly set in advance for that registrant. In this case, in order to ensure the safety of the system, the contents of transactions at each level are restricted from the generally prescribed contents, transaction notifications are given to the administrator side, and information for personal authentication is used. Requires that it be limited to movement-related information. The application and duration of this procedure is stipulated by the system operator separately from the criminal laws of each country. Also, if the maliciousness is high, notify or disclose to the other party of the transaction or the person concerned that the person is the compulsory authentication level transaction comparison table setter.

 This causes the registrant to have a psychological deterrent effect on the unauthorized use, and at the same time alerts the other party to the transaction.

[0147] (Variation 2 Admission control based on authentication level and identification card function)

 This section describes the process of controlling admission to the unit in advance using the authentication level determined by the comparison target information, and the process of using the comparison target information as an identification card function.

 Figure 21 (b) is an image of an airport departure gate. A person who wants to leave enters the aircraft from Hall A through the departure gate. At the departure gate, terminal terminals 160A, 160B, and 160C are installed to read main biometric information.

 The registrant generates one or more pieces of information to be compared before arriving at the departure gate, and sends it to the organization terminal 120 of the immigration office from the exchange server 20 as presence notification information to recognize the existence space of the registrant. Let

The registrant causes the end-side terminals 160A, 160B, and 160C to read the biometric information. According to steps S603 to S612 of the ninth embodiment, the organization side terminal 120 determines the authentication level and registers it in the presence recognition record table.

 The organization-side terminal 120 determines whether the authentication level power S is “8” or higher because the set authentication level of Hall B, which is the space after passing through the departure gate, is “8”. In the case of “7” or less, the terminal terminal 160D, 160E that controls the opening and closing of the gate transmits information (hereinafter referred to as closing information) instructing to close the gate, and immediately receives the gate. To close. After that, as in step S617 of the ninth embodiment, usage attention information is transmitted, and re-authentication processing and the like are executed. As a result, registrants cannot enter Hall B, or if they do enter Hall C, they cannot enter Hall C and cannot leave the country. On the other hand, when the authentication support level is “8” or higher, the organization terminal 120 recognizes the existence of the registrant based on the comparison target information, and based on the personal identification ID, the registrant's history information DB and basic information DB It is verified that there is no information that restricts departure, etc., and that it does not violate the unique requirements of the Immigration Bureau. As a result, if there is no problem, the information to be compared at the departure gate is registered as departure management information, and the terminal side terminals 160D and 160E are instructed to open the gate (hereinafter referred to as “open”). Information) and immediately open the gate. As a result, the registrant has the effect of completing the departure procedure without possessing or presenting a passport, and can proceed to the aircraft on board.

 In the case of overseas travel, the aircraft to be boarded is usually reserved in advance, so the presence of human beings is checked in two stages: reserved seat processing in the ninth embodiment and authentication level processing in the tenth embodiment. , To prevent unauthorized persons from traveling abroad. In addition, since the route to the airport can be predicted in advance, it is possible to arrive at the departure gate by creating travel advance notice information, accessing the main unit etc. using a guidance electronic recording medium, and acquiring comparison target information for authentication. The registrant can determine the authentication level at the time of arrival at his discretion.

 In the case of an organization such as a school or company, permission to enter the management unit of the organization in the existence recognition record table

It is possible to manage unit entry only for related parties by registering the identification information of the person to be registered and combining the authentication level and the determination of whether or not to register the person identification information. As a result, identity verification and entry / exit management are carried out without possession of identification cards such as student ID cards or employee ID cards, keys or cards. It becomes the power S Kurakura.

[0149] (Variation 3 Notification of admission unit by recognition of authentication level)

 By setting an authentication level for each terminal or unit, when entering or leaving an authentication level unit registered as an entry / exit management notification condition, the registrant or related parties may be notified.

 In this case, the presence recognition record table is prepared in the terminal that manages the main unit, and the conditions for performing the notification process, the notification destination, etc. are registered in the table, or the conditions are set in the presence information notification table, and the exchange server 20 Always receive the presence notification information, and determine whether to execute the process.

 The conditions for executing the notification process mainly include the following (1) to (3).

 (1) When entering a unit below the registration standard level

 (2) When leaving a unit that is higher than the registration standard level

 (3) When entering a unit whose authentication level is unknown

 [0150] For example, when a child is a management target, a guardian obtains a registration reference level as an index for determining an entry / exit management notification condition, spatial information such as a school, a friend's house, a school route, and a terminal identification ID. Set the authentication level and register it in the presence recognition record table.

 If you are in a space where there is no problem for children (school, school, school road, friend's house, etc.), the authentication level of the existing unit is compared with the registration standard level in the presence recognition record table, and the guardian is not notified.

. On the other hand, if the child leaves the space where there is no problem for the child due to a detour, lost child, kidnapping, etc., the guardian will be notified immediately of “leaving” according to the provisions of (2).

[0151] <Eleventh embodiment>

 (Registration of authentication information)

 Part or all of the personal identification ID, spatial information, and time information of the comparison target information used for personal authentication is automatically registered along with processing information, history information, result information, etc. executed by the authentication service. You can do it! /

 As a result, it is possible to perform alibi certification, identification of the executing person, prevention of false declarations of unrelated persons, and prevention of unauthorized authentication services.

[0152] (Example of registration electronic medical record)

(1) Examination and inspection records In order to prove that the patient has undergone a medical examination, the information to be compared is created in the electronic medical record using the comparison information created by the terminal 160D on the terminal side when entering the examination room. In addition, in order to clarify the examination time, the comparison target information created by the terminal 160D at the time of leaving the room or the comparison target information created in another space after leaving the room may be registered.

 (2) Records of related parties

 In order to prove a person (doctor, nurse, etc.) related to a medical examination or operation, register the latest information to be compared to the registrant's electronic medical record, recognizing that the relevant person exists in the examination room or operating room. . In this case, even if the comparison target information created to obtain the operation permission of the terminal 160H on the terminal side or the comparison target information newly obtained by making a request for authentication when registering data in the electronic medical record is used. Good.

 In addition, if the person concerned is recognized to exist in the specific space, the processing information of the authentication service that is performed in the specific space until the person who leaves the space or the recognition that exists in another space is created. The latest comparison information of related parties is automatically registered in the history information.

 (3) Automatic registration by the prescribed operation

 When a registered person measures blood pressure, body temperature, etc. and registers it in an electronic medical record, or when a doctor processes the contents registered in advance as a predetermined operation so that the patient's electronic power record is viewed, the latest comparison target in the processing stage Information is registered in conjunction with data registration and processing of specified actions. For measurement values such as blood pressure and body temperature, there is a service that automatically sends the read measurement values to the electronic medical record S, information to be compared when using this service The person is also identified by sending and registering the authentication information together.

 <Summary of embodiment>

 In the above-described embodiment, all the information in all the databases is stored in association with the personal identification ID unique to the registrant. Specifically, the database used in this authentication system always stores this personal identification ID.

Each terminal or server sends the registrant's personal history information to other terminals or servers. When you want to send the information automatically with a personal identification ID!

[0154] In addition to the above-described personal identification ID, there is registrant identification information as information for identifying the individual registrant. For example, the registrant identification information is registrant's individual biometric information or registrant-specific electronic information, and is stored in an electronic recording medium or the like owned by the registrant. One or more registrant identification information is registered for each registrant in the authentication system.

 [0155] In the above-described embodiment, the registrant directly inputs the electronic information indicating characters, numbers, symbols, or the like, or a combination thereof into the terminal 160 on the terminal side, or writes the electronic information. Authentication may be performed by reading the recorded information recording medium.

 [0156] In addition, in order to facilitate the transfer process between different accounts (between the various accounts of the principal and between the accounts with other persons), details such as the name of the registered financial institution of the registrant, account type, account number, balance, etc. Individual personal information and processing condition settings may be registered in an organization that manages personal information centrally or in the authentication system server 10, and only a part of the result information is notified to the business related organization. In this case, the transaction-related institution shall request the authentication system server 10 to execute the processing generated in the financial transaction from the centralized information management institution.

 [0157] When information is displayed on each terminal, notification may be made using information notification technology developed for people with physical disabilities, such as artificial speech and vibrations, rather than just displaying information on the screen.

Five.

 [0158] An electronic tag or the like may be embedded in paper just attached to an electronic device, printed on paper or an article, or incorporated in a paper or article. is there.

 [0159] Each terminal or server in the above authentication system is realized mainly by a program loaded in the CPU and memory. However, it is also possible to configure this apparatus or server by any other combination of hardware and software, and the degree of freedom in design is easily understood by those skilled in the art.

When each terminal or server is configured as a software module group, the program is recorded on a recording medium such as an optical recording medium, a magnetic recording medium, a magneto-optical recording medium, or a semiconductor, and the recording medium strength described above is recorded. May be loaded, or a predetermined network It may be loaded from an external device connected via a network.

[0160] The above-described embodiment is an example of a preferred embodiment of the present invention, and the embodiment of the present invention is not limited to this, and various modifications can be made without departing from the scope of the present invention. It becomes possible to carry out.

 Brief Description of Drawings

 [0161] [Fig. 1] (a) is a block diagram showing a schematic configuration of an authentication system in an embodiment of the present invention, (b) is a diagram showing a configuration example of a database of an authentication server, and (c ) Is a list of database configurations of each terminal.

[Fig. 2] (a) is a diagram showing an example of the main items of the credit score table, and (b) is a diagram showing an example of detailed contents of the credit score table.

 FIG. 3 is a sequence chart showing a detailed operation example of personal authentication processing using movement information in the first embodiment of the present invention.

 FIG. 4 is a sequence chart showing an operation example of personal authentication processing in which simple authentication by a mobile phone and verification processing by a camera video are linked in the second embodiment of the present invention.

 [FIG. 5] (a) is a diagram illustrating an example of a corresponding space between an antenna and the camera and the like, and (b) is a diagram illustrating a configuration example of a system such as an antenna and the camera.

 FIG. 6 is a sequence chart showing an operation example in which presence notification information is distributed to related terminals by an exchange server and used for mutual authentication service in the third embodiment of the present invention.

 [Fig. 7] An example of a presence information notification table, (a) is a diagram showing an image of basic storage items, (b) is a diagram showing a registration image of a delivery destination, (C) shows specific delivery conditions.

 FIG. 8 is a sequence chart showing an operation example when providing the third party who wants to acquire the existence space information and time information of the registrant in the fourth embodiment of the present invention.

[Fig. 9] (a) is a diagram showing an image of information manipulation and installation of an information reading terminal in a hospital building, and (b) is an example of a system configuration such as a management terminal related to the terminal in (a). FIG.

[FIG. 10] In the fifth embodiment of the present invention, when the registrant exists at the office, the move It is a sequence chart which shows the operation example of the authentication system by the information cooperation when it starts and arrives at a hospital.

11] In the fifth embodiment of the present invention, it is a sequence chart showing an operation example of various transaction processing by information cooperation when a registrant exists in a hospital.

 [Fig. 12] Presence recognition record table, (a) is a diagram showing an example of the contents, (b) is a diagram showing a type image of presence recognition, (c) is (b) It is a figure which shows an example of no registration.

13] A sequence chart showing a detailed operation example of authentication processing using presence notification information and a main unit terminal in the sixth embodiment of the present invention. .

14] A sequence chart showing a detailed operation example of processing in which presence notification information and transactions based on different space terminals are linked in the seventh embodiment of the present invention.

15] FIG. 15 is a sequence chart showing a detailed operation example of grasping processing of an in-unit presence person using presence recognition of another terminal in the first modification of the eighth embodiment of the present invention. [Sen 16] In the ninth embodiment of the present invention, it is a sequence chart showing a detailed operation example of the recognition of the seat use situation using the comparison object information and the presence recognition record table. (A) is an available equipment table, (b) is a reserved farm, and (c) is a diagram showing an example of the contents of each person list.

Isis] ω is a diagram showing an image of the installation of the passenger seat unit, (b) is a diagram showing a configuration example of a system such as a management terminal related to the terminal of ω, (c) is a diagram It is a figure which shows an example of registration of a recognition record table.

FIG. 19] is a sequence chart showing a detailed operation example of performing reserved seat reservation and use processing according to the comparison target information and the presence recognition record table in the first modification of the ninth embodiment of the present invention.

 FIG. 20 is a sequence chart showing a detailed operation example of determining an authentication level in conjunction with personal authentication and controlling an authentication service in the tenth embodiment of the present invention. .

[Fig. 21] (a) is a diagram showing an image in which an authentication level is set for each space in a hospital building, and (b) is a diagram showing an image in which an authentication level is set for each space in an airport. It is. 22] It is a diagram showing an image of the authentication stage table.

FIG. 23 shows an image of an authentication level transaction comparison table. Explanation of symbols

 10, 10A ~: 10G authentication support

 11, 21, 111, 121, 131, 141, 151, 161

12 History information DB

 13 Verification information DB

 14 Basic information DB

 15 Availability information DB

 16 Search information DB

 20 Exchange server

 110, 110A ~; 110B Building side terminal

 120, 120A ~; 120G Organization side terminal

 130, 130A ～; L 30D Regional management terminal

140 Relay terminal

 150 Aggregation terminal

 160, 160A ~; L 60K Terminal

 200 Communication network

Claims

The scope of the claims  [1] A communication network includes a server group including a database for managing registrant's personal information, an information input device operated by the registrant, and a reader that receives radio waves of the personal belongings. An authentication system connected via  The information input device performs personal authentication based on the personal information input by the registrant, transmits the movement information created as the authentication result to the server group, and the reading device transmits the registrant's information. Based on the radio wave information and terminal identification information received from the belongings, personal authentication is performed, and the mobile information created as the authentication result is sent to the server group 1S,  When the server group receives the movement information from the information input device, the server group compares the received movement information with past movement information in the database to authenticate the existence of the registrant. A featured authentication system.  [2] The movement information includes spatial information based on an installation position of the information input device of the movement information transmission source, time information indicating a time when the information is input by the person, a personal identification ID unique to the person, and The authentication system according to claim 1, further comprising:  [3] The movement information includes spatial information based on the position of the possessed item recognized by the reading device that is the transmission source of the movement information, time information indicating when the radio wave is received by the reading device, and the person-specific information. The authentication system according to claim 1, further comprising: a personal identification ID.  [4] The authentication system includes an exchange server for generating information indicating a personally authenticated space of the registrant based on the movement information and distributing the information to the server group. 1. The authentication system described in 1. [5] The exchange server converts the personal identification ID included in the movement information into a personal ID suitable for the server group to be distributed, and distributes the registrant's real information. Item 4. Personal authentication system. [6] The server group forms one unit as a network constituent unit by managing one or more information input devices or readers. Personal information of the registrant by the information input device or reading device in the unit. When the information is input or the radio wave is received, the server group determines that the registrant exists in the physical space formed by the unit,  After the determination, when the registrant is not aware that the registrant has moved out of the physical space, the personal information of the registrant is input by the information input device in another unit or the radio wave reception of the belongings by the reading device. If recognized, if the information input device in the unit has a function of providing a predetermined service to the registrant, the service providing function of the information input device is stopped or restricted. The authentication system according to claim 1 or 4.  [7] The server group forms a unit that is a network constituent unit by managing one or more information input devices or readers.  When the registrant's personal information is input or radio waves are received by the information input device or the reading device in the unit, the server group is configured so that the registrant can move the other unit from the physical space formed by the unit. After the determination, the personal information of the registrant is input by the information input device in the unit before the movement or the radio wave reception of the belongings by the reading device is recognized. 2. The service providing function of the information input device is stopped or restricted when the information input device in the unit has a function of providing a predetermined service to the registrant. 4. Authentication system according to 4.  [8] When the server group obtains information indicating the registrant's existence space, the server group sends the information to the physical space corresponding to the spatial information and the information input device or reading device installed around the physical space. 8. The authentication system according to claim 1, 4 or 7, wherein a process for verifying the existence of the registrant is requested.  [9] After receiving the information for requesting the registrant's existence verification process, the server group cannot acquire information indicating the existence of the registrant! /, And information indicating that the registrant is not confirmed. 9. The authentication system according to claim 8, wherein the authentication system is transmitted to the server. 10. The authentication system according to any one of claims 1 to 9, wherein the server group transmits permission information for execution of a transaction, service, or operation to the information input device. [11] The server group, when acquiring information indicating the existence space of the registrant, executes a transaction, a service, or an operation in the space as a process belonging to the registrant. The authentication system according to any one of 9 above. 12. The transaction or service or operation is a financial transaction, a settlement transaction, data browsing, data registration, use of an electronic medical record, unlocking or locking, and operation of the information input device. 11 power, the authentication system according to item 1. [13] The server group compares the movement information of the registrant, the information indicating the existence space, and the information indicating the existence space recognized by another server group received via the exchange server, The recognition / certification system according to any one of claims 1 to 9, characterized in that an available processing range is determined.  [14] The server group compares the information indicating the location of the registrant with information indicating the location of the registrant that is continuous with the information, and determines the authentication accuracy stage of the registrant. The authentication system according to any one of claims 1 to 9, characterized in that it is characterized in that  [15] After the registrant determines that the registrant has moved from the physical space in which the unit is placed to the physical space in which the other unit is placed, the server group includes the individual of the registrant within the unit. 10. The authentication system according to claim 1, wherein the information is determined as an abnormal situation when the information is input.  [16] When the server group determines that the input of the personal information of the registrant is an abnormal situation, the server group transmits information instructing locking, video shooting, or photo shooting to the information input device or the reading device. The authentication system according to claim 15, wherein:  [17] The server group indicates that the registrant has been personally authenticated by another unit from an exchange server after the registrant determines that the unit exists in the physical space in which the unit is placed. The authentication system according to any one of claims 1 to 16, wherein upon receiving the information, the registrant recognizes that the unit has left the physical space in which the unit is arranged.  18. The authentication system according to any one of claims 1 to 17, wherein the server group includes a calculation system for calculating the personal credit of the person.