JP2006331048A - Personal identification method and system by position information - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve accuracy of personal identification under a small burden on a user. <P>SOLUTION: A service terminal 111 and a portable terminal 121 transmit position information showing a position of the user to a management server 101. A position time history database 102 stores a history of time information corresponding to the position information received from the terminal in each user. The management server 101 refers to the position time history database 102, decides whether time corresponding to the received position information is proper or not on the basis of continuity of the time information and the position information of the user, and stores the received position time information in the position time history database 102. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a personal authentication method for a user who uses a mobile terminal or a fixed terminal, and more particularly to a technique for performing personal authentication based on information on a location where the user is located.

  Personal authentication technology is required for the purpose of identity verification in information protection in information devices, use of services with cards, and personal identification in entrance and exit. As means for personal authentication, a method using a password or a personal identification number or a biometric authentication technique such as a fingerprint or a vein is used.

  In general, when these techniques are used for the purpose of improving the accuracy of authentication, for example, a burden on the user due to a complicated password and biometric authentication are accompanied by problems on the device and psychological resistance of the user.

  As a technology to avoid such problems and improve the accuracy of personal authentication, a method to improve the accuracy of personal authentication in some information devices based on location information based on GPS and base station information during wireless communication / call is proposed. Has been. For example, Patent Document 1 proposes a technique for formulating a range in which a user can be located based on the accumulation of position information by GPS where an information terminal has been used in the past, and improving the accuracy of personal authentication if the range is outside that range. Has been.

  This method can be applied only to a specific mobile terminal, and if the determination based on such location information is successful when the mobile terminal itself is illegally used, the authentication accuracy cannot be improved.

JP 2004-118456 A

  An object of the present invention is to improve the accuracy of personal authentication without burdening the user even in a system based on a simple personal authentication technique.

  In many cases, position information can be acquired when performing personal authentication regardless of means such as a password or biometric authentication. For example, devices used for bank ATMs and entrance / exit management are fixedly installed, and as described in Patent Document 1, connection by mobile phone or wireless LAN is also based on information from the base station. The position in the range is fixed. In such a case, the fact that the person was in the position at the time of performing personal authentication is proved.

  In addition, even if it is not generally recognized as personal authentication without entering a password, when using a commuter pass or a membership card in the name of an individual, it can be considered that the position of the person is determined with the time used. In the present invention, such an opportunity is also used to acquire the position and time information of the user.

  The present invention accumulates location information and time information of users who use some of these different terminals, and detects an unauthorized personal authentication request or notification of location information by verifying the continuity of the location time of the user.

  As described above, it is possible to regard personal authentication at a place where movement is impossible from the elapsed time based on the position time history of the individual user as being illegal and to reject it. Only in this case, the level of authentication can be increased by, for example, lengthening the password.

  By coordinating personal authentication and identity verification via a plurality of services, the history information of the location information is made dense, and by using these mutually, personal authentication can be performed with high accuracy.

  Hereinafter, embodiments of a personal authentication system based on position information will be described in detail with reference to the drawings. Currently, personal authentication and corresponding processing for authenticating one user are performed in a plurality of services. In the present invention, personal authentication is coordinated between these services based on the user's location and time information.

  In the first embodiment, the present invention is applied to a system with personal authentication for the purpose of service use restriction and information protection using information terminals such as a bank ATM terminal, an entrance management system, a PC (personal computer), a mobile phone, and a PDA. It is an example to apply. FIG. 1 shows the overall configuration of the system of the embodiment. This system is composed of a management unit comprising a management server 101, a location time history database 102, and a service system (110, 120 in the figure) with a plurality of personal authentications connected to the management server 101 via the network 103. The

  The management server 101 is a server computer that includes a CPU, a memory, and other storage devices, and operates by executing a program stored in the memory by the CPU. The location time history database 102 is a database stored in the storage device of the management server 101.

  The service system 110 schematically illustrates services such as bank ATMs, automatic ticket gates, and entrance management, and includes a service terminal 111 connected to a service server 112 via an in-service network 113. A card reader 114 and an input device 115 are connected to the service terminal 111. Depending on the type of service, either the card reader 114 or the input device 115 may not be present. Service terminal 111 is a fixed type, and position information is determined at the time of installation. The service server 112 performs a predetermined service in response to a request from the service terminal 111.

  The service system 120 indicates a service using a mobile terminal such as a mobile phone or a public wireless LAN, and includes a base station 124 connected to the service server 122 via the in-service network 123, and a plurality of mobile terminals 121 communicating with the base station. Become. The portable terminal 121 includes an input device 125, and optionally includes a GPS device 126. The service server 122 performs a predetermined service in response to a request from the mobile terminal 121.

The processing flow of the first embodiment will be described with reference to the flowchart of FIG.
(1) After the service system is started, when a user requests use of a service or information that requires personal authentication, the terminals 111 and 121 request the user to authenticate (step 201).
(2) The terminals 111 and 121 perform personal authentication (step 202) by a user authentication input (step 210) using a conventional method. For example, the service system 110 uses the card reader 114 and the input device 115 to perform personal authentication using a combination of an ID card and a password. At this time, personal authentication using only one of them may be performed, for example, when the user ID and password are input using only the ID card or only the input device. The service system 120 performs personal authentication by inputting a password or biometric information from the input device 125. If the personal authentication here fails, it will be retried and will not proceed.
(3) If the personal authentication in step 202 is successful, the terminals 111 and 121 acquire position information (step 203). In the service system 110, since the service terminal 111 is fixedly installed like a bank ATM or an automatic ticket gate, the location information of the terminal is fixedly determined. Further, the location where the terminal is installed in advance can be registered in the service server 112 or the management server 101, and the terminal ID or the like can be transmitted as an alternative. The service system 120 uses the position and cover range of the base station 124 when the mobile terminal 121 uses communication as position information. In general, a base phone 124 covers a certain area of a mobile phone or a wireless LAN. Range in the presence of the mobile terminal 121 by either using any base station therefor is determined. Further, when the mobile terminal 121 incorporates a unique position information acquisition device such as the GPS 126, more accurate position information can be acquired even by a mobile terminal by acquiring the position information using the GPS function.
(4) The terminals 111 and 121 transmit the location information acquired in step 203 or the alternative terminal ID together with the user's individual identification ID to the management server 101 via the service server 112 or 122 as an authentication request (step 204). . Although the user may be managed by the ID of each service, the user ID is converted to a common user ID when passing through the service servers 112 and 122, and an authentication request is sent to the management server 101.
(5) The management server 101 receives this authentication request (step 220), acquires the location time information history managed for each user ID from the location time history database 102, and the location included in the authentication request from each service It is determined whether the information and the current time are consistent with each other from the history (step 221). Details of the determination of the position time will be described later. The current time corresponding to each piece of location information may be acquired on the management server 101 side, or may be acquired on the terminals 111 and 121 or the service servers 112 and 122 together with the authentication request.
(6) The management server 101 adds the determination result of step 221, the position information included in the authentication request, and the current time to the position time information history managed by the user ID of the position information database 102 (step 222). .
(7) Next, the management server 101 transmits the determination result of the location time as an authentication result to the terminals 111 and 121 via the service servers 112 and 122 of each service system (step 223).
(8) The terminals 111 and 121 receive this authentication result, and if the authentication is successful, the service and function can be used (steps 205 to 207). If it has failed, use is denied (step 208).

  The position time determination method will be described with reference to FIG. In the position time history database 102, the positions and times of the terminals 111 and 121 that have performed personal authentication are recorded for each user in the format illustrated in FIG. Each record records a management ID 301, location information 302, time 303, service type 304, and authentication success / failure 305 for each authentication. Note that the location information 302 is not necessarily indicated by a point, but may be indicated by a range such as within the range of a mobile phone base station. Similarly, the time 303 may be recorded in the time range in which the service was used. Further, in the case of a service that is continuously used, the accuracy of the location time information can be improved by notifying the terminal side of these information at regular time intervals or notifying both start / end timings. The service type 304 is information that identifies the service terminal 111 or the base station 124 transmitted by the service servers 112 and 122.

  When there is a new authentication request, the management server 101 checks whether the position information and time information included in the authentication request are consistent with the position time information record. Most simply, the moving distance and the elapsed time are calculated from the difference between the latest position time history and the position time information of the authentication request. There is a method in which the moving speed is calculated from here and whether or not the user can move is determined using a threshold value. As the threshold value, for example, a value that does not easily occur in a normal user's life such as 200 km / h is set in advance. By doing as described above, if it is determined that the personal authentication is performed at a point where the user cannot move from the point where the previous authentication was performed, it is possible to deny this. it can. If successful, the latest history is stored, and the next personal authentication is executed based on the difference from this history.

  In addition to calculating with the straight line distance from the previous authentication point as in the above example, as a more realistic solution, link both points with the route and required time acquisition services such as existing railways and roads. It may be a method of more accurately deriving whether or not it is possible to move within the elapsed time by searching for the moving means to be connected.

  In addition, if it is a section that frequently appears on a daily basis, a certain accurate time can be statistically obtained from the past position time information history.

  In any case, personal authentication at a point where the user cannot move is detected by linking the personal authentication of one user who receives one or a plurality of services with the positional information associated therewith. can do.

  Further, as a threshold value setting method, not only two values of permission and non-permission are set according to one value, but a method of delimiting with a plurality of threshold values and returning the authentication result in stages may be used. For example, it is theoretically possible to move at a speed of 100 km / h in an urban area, but in reality it is difficult and suspicious, and the response can be determined flexibly according to the standards of each service. Even in the case of a service that has been successfully authenticated in step 202 with a normal short four-digit password once, if it is determined that the location information is suspicious according to the present invention, a 16-digit password may be requested again. is there.

  In the first embodiment, the example in which the service terminal 111 and the mobile terminal 121 are accompanied by personal authentication by the conventional method is shown. In this way, not only with explicit authentication such as login screen and password entry, but also mobile phone calls and commuter passes that are used only by the user in the name of the individual are regarded as processing equivalent to identity verification. Can do. In many cases, the position information can be specified in the same manner as in the first embodiment, and information that the person was present at the position at a specific time can be acquired.

  The second embodiment can be regarded as a kind of personal authentication, but it is better to be regarded as a method for acquiring user location time information. The second embodiment is meaningful in determining the continuity of the position time information in combination with other embodiments rather than performing personal authentication by itself. If the location time information can be obtained densely as in the second embodiment, the accuracy of the personal authentication is improved accordingly.

As a second embodiment, a procedure of processing for acquiring position time information without explicit authentication will be described in detail with reference to the flowchart of FIG. The basic system configuration is the same as that shown in FIG.
(1) After the service system is started, when use of a service or information that requires identity verification is requested, the terminals 111 and 121 are in a state of requesting confirmation from the user (step 401).
(2) When an ID card or commuter pass is inserted by the user (step 410), the terminals 111 and 121 confirm the validity of this (step 402). If it is the use of the mobile terminal registered as a user, it will consider that the user is using. Specifically, entry / exit with an ID card, passage of an automatic ticket gate, mobile phone call, etc. In all cases, unlike the first embodiment, personal authentication in a strict sense is due to the speed of service. That is, it does not involve password entry. Although it is confirmed that the service is based on the user's own ID, the possibility of unauthorized use by another person cannot be excluded.
(3) In steps 403 and 404, the terminals 111 and 121 acquire position information and transmit the position information to the management server 101. The management server 101 also receives the position information from step 420 to step 422, determines the position / time information, and stores the determination result and the history of the position / time information in the same manner as in the first embodiment, but transmits the determination result to the terminal side. Do not do.
(4) In step 405, the terminals 111 and 121 enable the use of services and functions without waiting for a response from the management server 101.

  In the second embodiment, position time information is mainly acquired by simple identity verification without authentication processing or by confirming the legitimacy of an article considered to belong to the identity.

  As a modification of the second embodiment, there is an embodiment in which the terminals 111 and 121 perform personal authentication similar to the steps 201, 210, and 202 of the embodiment, but only send the location information to the management server 101 and do not wait for the determination result. In the case of this embodiment as well, as in the second embodiment, the combination of confirmation by an ID card or the like and personal authentication by location time history can be said to protect the individual by personal authentication according to the present invention without imposing a burden on the user. Aim can be achieved.

  Even if the location time information is mainly acquired and the authentication result by the management server 101 is determined to be abnormal as in the second embodiment, the service is used based on the incorrect location time even if it is not reflected in the use permission of the service. The management server 101 can also notify the user by a method such as a predetermined mail. Thereby, for example, the detection of theft loss such as an ID card is promoted, and the user can take measures early. Even when the use of the service is refused in the first embodiment, the early notification can be similarly performed.

  As shown in the second embodiment, the use of an ID card, a commuter pass, a mobile phone call, etc. is often not confirmed by the user himself and does not necessarily detect unauthorized use. Further, even with the personal authentication of the first embodiment, the possibility of unauthorized use due to password leakage cannot be denied. The first object of the present invention is to eliminate such illegal use on the basis of position time information. However, it may not work effectively if unauthorized use is performed at a position or time consistent with the regular user's location time information history, or if the history is not large enough and time is available. . In such a case, it is registered in the location information history even though it is an unauthorized use, and then the use of a legitimate user may contradict this and the service use may be rejected as an unauthorized use. . Although this cannot be avoided, the use refusal allows the user to know that the personal property has been illegally used elsewhere. When unauthorized use is made, measures can be promoted by notifying the user at an early stage. This is the secondary effect of the present invention together with the effect of the first object mentioned above.

  Among the services described in the first embodiment and the second embodiment, when both the entrance and exit of the user are personally managed as in the case of automatic ticket gates and entrance / exit management, the user enters. The location information indicating that the user is in an area defined as a certain railway line, building, or site is established, and this continues until the user leaves the area receiving the service. As a result, it is possible to exclude a personal authentication request from outside the determined area within that time period as an unauthorized one.

  Based on the same idea, the authentication time according to the present invention covers the time when the user spends most of his / her life at home by performing the acquisition processing of position time information according to the present invention when returning home or going out. Will be able to. This can be realized by installing a corresponding device at the entrance or the locking device, but it is possible to indicate that the user is at home by always connecting the portable terminal to be carried with the cradle at home without using an explicit method. In this case, when the connection is established / disconnected, the management server is provided with information on entry / exit regarding the user-specific site from either the mobile terminal or the cradle, for example, returning home or going out of the home. .

  In the authentication based on the difference in position time as in the first embodiment or the like, the authentication range expands with the passage of time, but with this method, the range of the position information within the time is clear and more accurate authentication can be performed.

An authentication process based on area entry / exit by the management server according to the third embodiment will be described in detail with reference to the flowchart of FIG.
(1) In a normal state (normal mode 500) in which area information is not used, the following processing is not executed, and authentication processing is executed according to the procedure described in the first embodiment.
(2) When an area entry event 510 is transmitted, such as when a personal ID is input from the terminals 111 and 121, the management server 101 shifts from the normal mode to a mode using area information (step 501). It is to be noted that, when an area entry event is registered in advance in the management server, it is determined whether or not it corresponds to entry depending on the type of terminal and usage method.
(3) In this mode, when there is location information transmission 511 from the terminals 111, 121 such as start of use of the terminals 111, 121, the management server 101 receives this location information (step 502) and performs region information collation (step 503). ). This is a process of confirming that the position information sent by the position information transmission 511 is in the area registered in advance in the area information database 520 indicated by the previous area entry event 510.
(4) When this collation fails (step 504 failure), the management server 101 executes a process of accumulating the collation result and position time information in step 506 on the assumption that the authentication has failed. If successful (step 504 is successful), the management server 101 further performs position time information determination (step 505).
(5) The determination process in step 505 is the same as the position / time comparison described in the first embodiment. This process may be performed prior to step 503, but the success of both is required for authentication. When the definition of the area is a wide area such as a railway line or a wide site, the accuracy is enhanced by complementing each other with the position time information of the first embodiment. If the area is small, steps 504 and 505 are skipped, and authentication can be performed only by the result of area information collation in step 503.
(6) In the determination result / position time information accumulation in step 506, the management server 101 receives the result of the collation and determination in steps 503 and 505, and records the result in the position time history database 102.
(7) The mode using this area information continues until the area exit event 512 is notified from the terminals 111 and 121 with the personal ID. When the area exit event 512 is notified, the management server 101 shifts to the normal mode (steps 507 and 508). As for the area exit event, the terminal type and usage method are registered in advance as in the area entrance event.

  FIG. 6 shows an example of data held in the area information database 520. The area information database 520 is stored in the storage device of the management server 101. A record indicating one area includes information of ID 601, service terminal type 602, and area 603. These pieces of information are registered in advance in the storage device when the service is registered in the management server 101. The service terminal type 602 indicates what kind of service terminal the authentication by the area is applied to, and the area 603 indicates the corresponding area. In the area 603, the area information is indicated by, for example, a vertex string expression (array having polygon vertex coordinates as elements) by latitude and longitude. The management server 101 uses the area included in the polygon indicated by the vertex row for the area matching process in step 503 of the third embodiment.

  As described in the above embodiments, the present invention detects contradiction based on the continuity of position time information and uses it for user authentication. In this method, the position information of the user is determined each time new authentication is permitted. Based on the position information obtained here, it can be notified that the user is no longer near another terminal that is a predetermined distance away from the terminal. For example, in the case of a terminal having a login state such as a PC or a dedicated terminal, if it is determined by the method of the present invention that the logged-in user has left a predetermined distance, a notification for locking or logging out to the terminal is transmitted. be able to. Similarly, even if the device is not normally locked on a mobile device, etc., if the distance from the user exceeds the predetermined distance, the function cannot be used without locking and authentication in consideration of the possibility of misplacement. You can take measures such as

According to the present invention, by using the location information included in the newly generated authentication request, even if the terminal belongs to another service, the use of the terminal owner is restricted by the fact that the user has left, thereby limiting the security of the terminal owner. Can be improved. The processing of the fourth embodiment will be described in detail using the flowchart of FIG.
(1) When the terminals 111 and 121 transmit an authentication request (step 710) and the management server 101 receives this authentication request (step 701), the management server 101 makes a determination based on location time information according to the procedure described in the first embodiment. Perform (step 702).
(2) When the result of the determination in step 702 is received and this is successful (step 703 is successful), it is found that the current position of the user is the position information indicated in the authentication request. When the management server 101 fails (step 703 failure), the management server 101 proceeds to the accumulation process of the determination result and the position time information (step 707) as in the first embodiment.
(3) When the position information of the user is determined by the position time determination in step 702, the management server 101 searches for terminals to be notified among terminals registered in the notification destination terminal database 721 (step 704). Specifically, a terminal or a portable terminal that has a login state or usage authority function, such as a PC or a dedicated terminal, that is fixedly used by the user and can be locked is a candidate. In these cases, it is assumed that the terminal is registered in advance in the notification destination terminal database 721 by the user or service provider. The notification destination terminal database 721 has a terminal ID list of notification destination terminals for each user. It is efficient to notify only terminals that are more than a predetermined distance apart from the registered position information among the registered terminals. The terminal location information is used because the fixed location is determined at the time of installation. A portable terminal or the like can inquire about the location information from the terminal side, or if the location information cannot be acquired, the location information of the user can be included in the notification described below and the terminal side can make a determination. It is also possible to prepare a mechanism for registering itself in the notification destination terminal database only when the user has usage authority on the terminal side so that notification is not sent when unnecessary.
(4) If there is a notification destination searched in Step 704 (there is Step 705), the management server 101 notifies the notification destination terminal of the location information of the user (Step 706). This notification is notified to the notification destination terminal through the service server for each service, the terminal receives the notification (step 730), and performs state transition such as logout and function lock as necessary (step 731).
(5) After the notification step 707 described above, the management server 101 proceeds with the process in the same manner as in the first and second embodiments (steps 707, 708, and 711).

It is a block diagram of the personal authentication system of an Example. 3 is a flowchart illustrating a flow of processing according to the first exemplary embodiment. It is a figure which shows the structural example of a position time history database. 10 is a flowchart illustrating a flow of processing according to the second embodiment. 10 is a flowchart illustrating a flow of processing according to the third embodiment. It is a figure which shows the structural example of an area | region information database. 12 is a flowchart illustrating a flow of processing according to the fourth embodiment.

Explanation of symbols

101: Management server, 102: Location time history database, 111: Service terminal, 121: Mobile terminal, 520: Area information database

Claims (5)

A personal authentication system having a first terminal device, a second terminal device, and a server computer,
The first terminal device transmits an authentication request to the server computer together with location information indicating a position of the first terminal device and a user identifier, and receives an authentication result from the server computer and responds to the authentication result. And means for determining whether or not a predetermined service can be enjoyed,
The second terminal device has means for transmitting position information indicating the position of the second terminal device and the user identifier to the server computer,
The server computer stores, for each user, a location time history database that stores a history of time information corresponding to the location information received from the first terminal device and the second terminal device;
Means for receiving the user identifier and the location information from the first terminal device and the second terminal device;
Means for referring to the location time history database for a user corresponding to the user identifier and determining whether time information corresponding to the location information received based on continuity of location information and time information is valid;
Means for storing time information corresponding to the location information received for the user in the location time history database;
And a means for transmitting the determination result by the determination means to the first terminal device as an authentication result. The first terminal device or the second terminal device further transmits, in addition to the means for transmitting the position information, information indicating entry into a predetermined area and the user identifier to the server computer. And means for transmitting information indicating that the user leaves the area and the user identifier to the server computer,
The server computer further includes a region information database that sets a range of position information for each region;
Means for receiving the user identifier and information indicating entry and exit of the area from the first terminal device or the second terminal device;
Means for referring to the area information database when receiving information indicating admission of the area and determining whether the received position information is within the set range of the position information. The personal authentication system by position information according to claim 1.   The personal authentication system according to claim 2, wherein the area is a site unique to a user. The personal authentication system further includes a third terminal device for notifying the abnormality of the user authentication,
2. The server computer according to claim 1, further comprising means for notifying the third terminal device of the abnormality when the means for determining detects an abnormality in the location time information of the user. Personal authentication system based on location information. A personal authentication method for a system having a first terminal device, a second terminal device, and a server computer,
The first terminal device transmits an authentication request to the server computer together with location information indicating a location of the first terminal device and a user identifier,
The second terminal device transmits position information indicating the position of the second terminal device and the user identifier to the server computer,
The server computer receives the user identifier and the location information from the first terminal device and the second terminal device, and for the user corresponding to the user identifier, the first terminal device and the second terminal The time information corresponding to the position information received based on the continuity of the position information and the time information is referred to by referring to the position time history database storing the history of the time information corresponding to the position information received from the device. Determining whether or not, storing the time information corresponding to the position information received for the user in the position time history database, and transmitting the determination result of the determination to the first terminal device as an authentication result,
The first terminal apparatus receives an authentication result from the server computer and determines whether or not a predetermined service can be enjoyed according to the authentication result.

Images