JP7540539B2 - Server device, server device control method and computer program - Google Patents

Description

The present invention relates to technology related to biometric authentication.

Immigration inspections are carried out at airports and ports. The immigration officer in charge of the inspection compares the face of the person standing in front of them with the photograph affixed to the passport, and if the image on the passport matches the face of the person standing in front of them, the officer allows the person to enter or leave the country.

Technology is currently being developed to use biometric authentication for the above immigration procedures.

For example, Patent Document 1 states that the operator can grasp the factors behind the facial recognition results at a glance, and can therefore confirm or correct the facial recognition results on the spot.

The display control device of Patent Document 1 includes a similarity acquisition unit and a display control unit. The similarity acquisition unit acquires the similarity derived by a matching process for each partial region of the face image. The display control unit controls at least one of a first region in which the similarity exceeds a threshold and a second region in which the similarity does not exceed the threshold to be superimposed on the face image.

Patent Document 2 describes a security inspection confirmation system that can strengthen security inspections at airports. The system in Patent Document 2 includes a storage unit, a matching unit, and a notification unit. The storage unit stores first facial image data of a person included in a first captured image acquired by a first imaging unit. The matching unit matches second facial image data of a passenger included in a second captured image acquired by a second imaging unit with the first facial image data. The notification unit notifies the result of the matching by the matching unit.

International Publication No. 2017/043132 JP 2019-125237 A

As disclosed in Patent Documents 1 and 2, various technologies related to biometric authentication have been developed. However, there is a limit to the accuracy of biometric authentication, and a certain percentage of erroneous authentication (acceptance of a false person, rejection of the person in question) may occur. If an erroneous authentication occurs during procedures at an airport, it may take time to correct the erroneous authentication, or the user may leave the country on the wrong aircraft.

The main objective of the present invention is to provide a server device, a system, a method for controlling a server device, and a storage medium that contribute to making it possible to detect the occurrence of erroneous authentication (particularly false acceptance) in biometric authentication.

According to a first aspect of the present invention, a server device is provided that includes an acquisition unit that acquires biometric information of a person to be authenticated from a terminal, and an authentication unit that performs biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users that have been registered in advance, and when a predetermined condition is satisfied, the authentication unit transmits authentication result information, which includes the biometric information acquired from the terminal and the registered biometric information of a person who has been successfully authenticated, to a staff terminal used by a staff member.

According to a second aspect of the present invention, a system is provided that includes a terminal, a staff terminal used by a staff member, and a server device connected to the terminal and the staff terminal, the server device having an acquisition unit that acquires biometric information of a person to be authenticated from the terminal, and an authentication unit that performs biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users that have been registered in advance, and the authentication unit transmits authentication result information to the staff terminal when a predetermined condition is satisfied, the authentication result information including the biometric information acquired from the terminal and the registered biometric information of a person who has been successfully authenticated.

According to a third aspect of the present invention, a method for controlling a server device is provided, in which the server device acquires biometric information of a person to be authenticated from a terminal, performs biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance, and, when a predetermined condition is satisfied, transmits authentication result information including the biometric information acquired from the terminal and the registered biometric information of a person who has been successfully authenticated to a staff terminal used by a staff member.

According to a fourth aspect of the present invention, a computer-readable storage medium is provided that stores a program for causing a computer mounted on a server device to execute the following processes: acquiring biometric information of a person to be authenticated from a terminal; performing biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of pre-registered users; and, when a predetermined condition is satisfied, transmitting authentication result information including the biometric information acquired from the terminal and the registered biometric information of a person who has been successfully authenticated, to a staff terminal used by a staff member.

According to each aspect of the present invention, a server device, a system, a control method for a server device, and a storage medium are provided that contribute to making it possible to detect the occurrence of erroneous authentication (particularly false acceptance) in biometric authentication. Note that the effects of the present invention are not limited to the above. The present invention may achieve other effects instead of or in addition to the effects.

FIG. 1 is a diagram for explaining an overview of an embodiment. 1 is a diagram showing an example of a schematic configuration of a boarding procedure system according to a first embodiment; FIG. 2 is a diagram for explaining the operation of a terminal according to the first embodiment. FIG. 2 is a diagram for explaining the operation of a terminal according to the first embodiment. FIG. 2 is a diagram illustrating an example of a processing configuration of a check-in terminal according to the first embodiment. FIG. 4 is a diagram for explaining the operation of a system registration unit according to the first embodiment. FIG. 2 is a diagram illustrating an example of a processing configuration of a system registration unit according to the first embodiment. FIG. 2 is a diagram illustrating an example of a processing configuration of a boarding gate apparatus according to the first embodiment. FIG. 11 is a diagram illustrating an example of an authentication request according to the first embodiment. FIG. 2 is a diagram illustrating an example of a processing configuration of a server device according to the first embodiment. FIG. 2 is a diagram illustrating an example of a token ID information database according to the first embodiment. FIG. 2 is a diagram illustrating an example of a business information database according to the first embodiment. FIG. 4 is a sequence diagram showing an example of the operation of the boarding procedure system according to the first embodiment. FIG. 11 is a diagram illustrating an example of a schematic configuration of a boarding procedure system according to a second embodiment. FIG. 11 is a diagram for explaining the operation of the staff terminal according to the second embodiment. FIG. 11 is a diagram illustrating an example of information stored in a server device according to a second embodiment. FIG. 2 illustrates an example of a hardware configuration of a server device. FIG. 11 is a diagram for explaining the operation of a terminal according to a modified example of the present disclosure. 13 is a diagram for explaining the operation of the staff terminal according to the modified example disclosed in the present application. FIG.

First, an overview of one embodiment will be described. The reference numbers in the drawings are added to each element for convenience as an example to aid in understanding, and the description of this overview is not intended to be limiting in any way. Furthermore, unless otherwise specified, the blocks shown in each drawing represent functional units rather than hardware units. The connection lines between blocks in each drawing include both bidirectional and unidirectional lines. Unidirectional arrows are used to show the main signal (data) flow diagrammatically, and do not exclude bidirectionality. In this specification and drawings, elements that can be described in the same way may be given the same reference numbers to avoid duplicated explanations.

A server device 100 according to one embodiment includes an acquisition unit 101 and an authentication unit 102 (see FIG. 1). The acquisition unit 101 acquires biometric information of the person to be authenticated from the terminal. The authentication unit 102 performs biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a number of users registered in advance. When a predetermined condition is satisfied, the authentication unit 102 transmits authentication result information including the biometric information acquired from the terminal and the registered biometric information of the person who succeeded in the biometric authentication to a staff terminal used by the staff member.

When the server device 20 successfully authenticates the person to be authenticated, and if certain conditions are met, it transmits the biometric information used for authentication (e.g., an acquired face image acquired by the terminal, a registered face image registered in advance) to a terminal used by a staff member. The staff member terminal presents this information to staff at the airport, etc. The staff member compares the two presented face images to detect the occurrence of erroneous authentication (acceptance of a false person). At that time, the staff member terminal displays the authentication results (two face images) narrowed down in advance by the server device 20. As a result, the staff member only needs to carefully check the narrowed down authentication results, reducing the probability of overlooking the occurrence of false acceptance. In other words, a system including the server device 100 can detect the occurrence of erroneous authentication (in particular, acceptance of a false person) in biometric authentication.

Specific embodiments are described in more detail below with reference to the drawings.

[First embodiment]
The first embodiment will be described in more detail with reference to the drawings.

[System Configuration]
Fig. 2 is a diagram showing an example of a schematic configuration of a check-in system according to the first embodiment. The check-in system according to the first embodiment is a system that realizes a series of procedures at an airport (baggage check, security check, etc.) by biometric authentication. The check-in system shown in Fig. 2 is operated, for example, by a public institution such as an immigration control bureau or a contractor entrusted with the business by the public institution.

In this disclosure, "boarding procedures" refers to the series of procedures carried out from check-in to boarding the aircraft.

Referring to FIG. 2, the boarding procedure system includes a check-in terminal 10, a baggage drop machine 11, a passenger passage system 12, a gate device 13, a boarding gate device 14, and a server device 20.

The check-in terminal 10, baggage drop machine 11, passenger passage system 12, gate device 13, and boarding gate device 14 are terminals (touch points) installed at the airport. These terminals are connected to the server device 20 via a network. The network shown in FIG. 2 is composed of a LAN (Local Area Network), including the airport's on-site communication network, a WAN (Wide Area Network), a mobile communication network, etc. The connection method is not limited to a wired method, and may be a wireless method.

The server device 20 is installed in a facility of an airport company or the like. Alternatively, the server device 20 may be a server installed in a cloud on a network.

Note that the configuration shown in FIG. 2 is an example and is not intended to limit the configuration of the boarding system. The boarding system may include devices not shown.

The boarding procedure for users is carried out at each terminal shown in Figure 2. Specifically, a series of procedures when a user departs the country is carried out sequentially at terminals installed at five locations. In the boarding procedure system shown in Figure 2, the boarding procedure for users is realized by authentication using biometric information (biometric authentication).

Biometric information in this disclosure includes face images, fingerprint images, iris images, finger vein images, palm print images, palm vein images, etc. Alternatively, biometric information may be audio data (voiceprint) that stores a person's voice. There may be one or more pieces of biometric information. Note that the term "biometric information" in this disclosure refers to image data containing all or part of a living body, audio data, and features extracted from the images.

When a user (system user) who wishes to check in using biometric authentication arrives at the airport, they operate the check-in terminal 10 to carry out the "check-in procedure." The system user presents the check-in terminal 10 with a paper airline ticket, a two-dimensional barcode containing boarding information, a mobile device displaying a copy of the e-ticket, or the like. Once the check-in procedure is complete, the check-in terminal 10 outputs a boarding pass. The boarding pass includes both paper and electronic boarding passes.

A system user who has completed the check-in procedure and wishes to use biometric authentication for boarding procedures performs system registration using the check-in terminal 10. Specifically, the system user has the check-in terminal 10 read the boarding pass and passport they have acquired. The check-in terminal 10 also acquires the system user's biometric information (e.g., a facial image).

The check-in terminal 10 transmits information related to these (boarding pass, passport, biometric information) to the server device 20.

The server device 20 checks the validity of the information obtained from the check-in terminal 10. Specifically, the server device 20 checks the validity of the presented passport. Upon completing this check, the server device 20 registers the system user. Specifically, the server device 20 issues a token to be used for the boarding procedure of the user registered in the system.

The issued token is identified by a token ID (identifier). Information required for boarding procedures (e.g., biometric information, business information required for boarding procedures, etc.) is associated via the token ID. In other words, a "token" is issued together with the registration of a system user, and is identification information that enables the registered system user to undergo boarding procedures using biometric information. Once a token (token ID) is issued, the system user can use boarding procedures that use biometric authentication.

In response to the generation of the token, the server device 20 adds an entry to both the token ID information database and the business information database.

The token ID information database is a database that stores detailed information about generated tokens. The database stores at least the token ID and biometric information (facial image, feature amount) in association with each other. The server device 20 refers to the token ID information database to perform biometric authentication.

The business information database is a database that stores business information. The business information database stores token IDs and business information in association with each other.

When a system user to whom a token has been issued arrives at a terminal, biometric information (e.g., a facial image) is acquired at the terminal. The terminal sends an authentication request including the facial image to the server device 20.

In the present disclosure, the term "terminal" refers to an apparatus, device, etc. that transmits an authentication request including biometric information to the server apparatus 20. In the example of FIG. 2, the baggage drop machine 11, the passenger passage system 12, the gate apparatus 13, and the boarding gate apparatus 14 correspond to the "terminal". Alternatively, if the check-in procedure is also performed using biometric authentication, the check-in terminal 10 also corresponds to the "terminal".

The server device 20 performs biometric authentication using the biometric information acquired from the terminal and the biometric information registered in the system. If the biometric authentication is successful, the server device 20 sends a positive response to the terminal, including the biometric information (registered face image) of the registration side used in the biometric authentication and business information. If the biometric authentication fails, the server device 20 sends a negative response to that effect to the terminal.

The terminal that receives the successful authentication will carry out the user's boarding procedures based on the acquired business information. The terminal will also open gates, etc. as necessary, to allow the user to pass through.

The terminal that receives the authentication result (authentication successful, authentication failed) displays the result. Specifically, the terminal provides information to the passenger (person to be authenticated) using an LCD display or the like. The display device such as an LCD display is installed in a location that is easily visible to the person to be authenticated. The LCD display or the like may be installed in the terminal or may be installed away from the terminal. Alternatively, an image or the like may be projected onto the floor where the passenger passes, and information may be provided to the person to be authenticated.

The terminal that receives the successful authentication displays a message including the biometric information (the facial image of the registering party) acquired from the server device 20. For example, the terminal displays a message as shown in FIG. 3. The terminal that receives the failed authentication displays a message as shown in FIG. 4. The person to be authenticated checks the display on the terminal.

Note that the display shown in FIG. 3 is an example and is not intended to limit the contents. Furthermore, the contents displayed may differ depending on the type of terminal. For example, items such as name, destination, airline, and flight number may be displayed in common on each terminal, while the departure time of the flight may be displayed only on the boarding gate device 14.

Here, there are four possible combinations of authentication results (authentication successful, authentication failed) by the server device 20 and whether the authentication result is correct or incorrect:

The first combination is when authentication is successful and the authentication result is correct. Specifically, the first combination corresponds to a case where user A is the person to be authenticated and the server device 20 also recognizes the person to be authenticated as user A.

The second combination is when the authentication is successful but the authentication result is incorrect (accidental acceptance occurs). For example, the second combination corresponds to a case where user A is the person to be authenticated and the server device 20 recognizes user B as the person to be authenticated.

The third combination is when authentication fails and the authentication result is correct. Specifically, the third combination can occur when the biometric information of the person to be authenticated is not registered in the server device 20.

The fourth combination is when authentication fails and the authentication result is incorrect (the user is rejected). For example, the fourth combination is when the server device 20 fails to authenticate user A even though the biometric information of user A is registered in the server device 20.

In the case of the first combination, the person to be authenticated passes through the gate, etc., without any doubts when he or she sees the display shown in Figure 3. Because the person to be authenticated sees his or her own facial image displayed on the terminal, the person to be authenticated believes that the biometric authentication procedure has been completed successfully.

In the second combination, when the person to be authenticated sees a display such as that shown in FIG. 3, he or she will have doubts about whether it is OK to pass through the gate, etc. This is because the gate, etc. is open and the person to be authenticated can pass through, but the facial image of another person is displayed. In addition, if the information displayed is different from the information about the flight that the person to be authenticated has in mind (destination, airline, etc.), the person to be authenticated will also have doubts about whether it is OK to pass through the gate. In such a case, the person to be authenticated (the person who has been successfully authenticated) will inform a staff member or the like waiting near the terminal of the above fact (that the facial image of another person is displayed). The staff member or the like will check the passport, etc. held by the user, support the user in the procedure, and correct the authentication result of the server device 20 as necessary.

In the case of the third and fourth combinations, when the person to be authenticated encounters a display such as that shown in Figure 4, he or she inquires of a staff member waiting near the terminal about how to proceed.

The staff will ask the person to be authenticated (who failed authentication) about their status (for example, whether or not they have completed the token issuance procedure to undergo biometric authentication). If the person to be authenticated has not completed the above procedure, the staff will ask the person to complete the token issuance procedure. Alternatively, if the person to be authenticated has completed the token issuance procedure, the staff may check the passport or boarding pass held by the person to proceed with the procedure.

Next, we will explain the general configuration and functions of each device.

The check-in terminal 10 is installed in the check-in lobby of the airport. As described above, the user uses the check-in terminal 10 to register with the system in order to carry out the boarding procedure using biometric authentication. The system user also operates the check-in terminal 10 to carry out the check-in procedure. In other words, the check-in terminal 10 is also a self-service terminal that is operated by the user to carry out the check-in procedure. The check-in terminal 10 is also called a CUSS (Common Use Self Service) terminal. After completing the check-in procedure, the user proceeds to the baggage drop-off area or security checkpoint.

The baggage drop machine 11 is installed in an area adjacent to the baggage counter (manned counter) in the airport or in an area near the check-in terminal 10. The baggage drop machine 11 is a self-service terminal that is operated by a user to carry out the procedure for dropping off baggage that will not be carried on board the aircraft (baggage drop procedure). The baggage drop machine 11 is also called a CUBD (Common Use Bag Drop) terminal. After completing the baggage drop procedure, the user proceeds to the security inspection area. Note that if the user does not check in baggage, the baggage drop procedure is omitted.

The passenger passage system 12 is a gate device installed at the entrance to the security checkpoint in the airport. The passenger passage system 12 is also called a PRS (Passenger Reconciliation System), and is a system that determines whether or not a user can pass through the security checkpoint at the entrance. After passing through the passenger passage system 12 and completing the security check procedure, the user moves to the departure inspection area.

Gate device 13 is installed at the immigration area in the airport. Gate device 13 is a device that automatically performs immigration procedures for users. After completing immigration procedures, users move to the departure area where duty-free shops and boarding gates are located.

The boarding gate device 14 is a passage control device installed at each boarding gate in the departure area. The boarding gate device 14 is the final gate device in the series of procedures for departure inspection (inspection using biometric information). The boarding gate device 14 is also called an ABG (Automated Boarding Gates) terminal. The boarding gate device 14 verifies that the user is a passenger of an aircraft that can be boarded from the boarding gate. After passing through the boarding gate device 14, the user boards the aircraft and departs for a second country.

Note that the boarding procedure using biometric authentication by the devices shown in FIG. 2 (check-in terminal 10, baggage drop machine 11, passenger passage system 12, gate device 13, boarding gate device 14) is just one example, and is not intended to limit the devices used in the procedure. For example, devices other than the above devices may be used for the boarding procedure, or some of the above devices may not be used for the procedure. For example, gate device 13 may not be included in the boarding procedure system.

The server device 20 is a server device for supporting and managing the above-mentioned boarding procedures. The server device 20 manages token IDs. Specifically, the server device 20 issues and invalidates token IDs. The server device 20 also processes authentication requests from various terminals in the airport.

Next, we will explain the details of each device included in the boarding check-in system according to the first embodiment. In the following explanation, we will use the user's "face image" and "feature values generated from the face image" as examples of biometric information.

[Check-in terminal]
As described above, the check-in terminal 10 is a device that provides system users with operations related to check-in procedures and system registration.

Fig. 5 is a diagram showing an example of a processing configuration (processing module) of the check-in terminal 10 according to the first embodiment. Referring to Fig. 5, the check-in terminal 10 includes a communication control unit 201, a system registration unit 202, a token issuance request unit 203, a message output unit 204, a check-in execution unit 205, and a memory unit 206.

The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the server device 20. The communication control unit 201 also transmits data to the server device 20. The communication control unit 201 passes data received from other devices to other processing modules. The communication control unit 201 transmits data acquired from other processing modules to other devices. In this way, the other processing modules send and receive data to and from other devices via the communication control unit 201.

The system registration unit 202 is a means for performing system registration of a user who wishes to check in using biometric authentication. For example, after the check-in procedure is completed, the system registration unit 202 provides the user with a GUI (Graphical User Interface) for confirming whether or not the user wishes to "check in using a facial image" (see Figure 6).

When a user requests boarding using a facial image, the system registration unit 202 uses a GUI to obtain three pieces of information (information printed on the boarding pass, information printed on the passport, and biometric information).

The system registration unit 202 has three sub-modules. FIG. 7 is a diagram showing an example of the processing configuration (processing module) of the system registration unit 202 according to the first embodiment. As shown in FIG. 7, the system registration unit 202 has a boarding pass information acquisition unit 211, a passport information acquisition unit 212, and a biometric information acquisition unit 213.

The boarding pass information acquisition unit 211 is a means for acquiring information (hereinafter referred to as boarding pass information) printed on a boarding pass held by a system user. The boarding pass information acquisition unit 211 controls a reader such as a scanner (not shown) to acquire the boarding pass information.

Boarding pass information includes name (first name, last name), airline code, flight number, boarding date, departure airport (boarding airport), destination airport (arrival airport), seat number, boarding time, arrival time, etc.

The passport information acquisition unit 212 is a means for acquiring information (hereinafter referred to as passport information) written on a passport held by a system user. The passport information acquisition unit 212 controls a reader such as a scanner to acquire passport information.

Passport information includes a facial image (hereinafter referred to as a passport facial image), name, gender, nationality, passport number, passport issuing country, etc.

The biometric information acquisition unit 213 is a means for acquiring biometric information of a system user. The biometric information acquisition unit 213 controls a camera and acquires a facial image of the system user. For example, when the biometric information acquisition unit 213 detects a face in an image that is constantly or periodically captured, it captures a picture of the user's face and acquires the facial image.

Before capturing a facial image, the biometric information acquisition unit 213 preferably displays a guidance message regarding capturing a facial image via the message output unit 204. For example, the biometric information acquisition unit 213 displays a message such as "We will capture an image of your face and register it in the system. The registered facial image will be deleted from the system after boarding is complete."

The system registration unit 202 passes the three pieces of acquired information (boarding pass information, passport information, and biometric information) to the token issuance request unit 203.

The token issuance request unit 203 shown in FIG. 5 is a means for requesting the server device 20 to issue a token. The token issuance request unit 203 generates a token issuance request including boarding pass information, passport information, and biometric information (facial image). The token issuance request unit 203 transmits the generated token issuance request to the server device 20.

The token issuance request unit 203 passes the response (response to the token issuance request) obtained from the server device 20 to the message output unit 204.

The message output unit 204 is a means for outputting various messages. For example, the message output unit 204 outputs a message in response to a response obtained from the server device 20.

When a response (positive response) indicating that the token has been successfully issued is received, the message output unit 204 outputs that information. For example, the message output unit 204 outputs a message such as "Future procedures can be carried out using facial recognition."

If a response (negative response) is received indicating that the token issuance has failed, the message output unit 204 outputs that information. For example, the message output unit 204 outputs a message such as "Sorry. We cannot process your request using face authentication. Please proceed to a manned booth."

The check-in execution unit 205 is a means for carrying out the check-in procedure for the user. The check-in execution unit 205 executes the check-in procedure, such as seat selection, based on the airline ticket presented by the user. For example, the check-in execution unit 205 transmits the information written on the airline ticket to a DCS (Departure Control System) and obtains the information to be written on the boarding pass from the DCS. Note that the operation of the check-in execution unit 205 can be the same as the operation of existing check-in terminals, so a detailed explanation will be omitted.

The memory unit 206 is a means for storing information necessary for the operation of the check-in terminal 10.

[Boarding gate equipment]
Fig. 8 is a diagram showing an example of a processing configuration (processing module) of the boarding gate device 14 according to the first embodiment. Referring to Fig. 8, the boarding gate device 14 includes a communication control unit 301, a biometric information acquisition unit 302, an authentication request unit 303, a message output unit 304, a function realization unit 305, and a storage unit 306.

The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from the server device 20. The communication control unit 301 also transmits data to the server device 20. The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, the other processing modules send and receive data to and from other devices via the communication control unit 301.

The biometric information acquisition unit 302 is a means for controlling a camera (not shown) and acquiring biometric information of a user. The biometric information acquisition unit 302 captures an image in front of the device periodically or at a predetermined timing. The biometric information acquisition unit 302 determines whether the acquired image contains a human face image, and if a face image is included, extracts the face image from the acquired image data.

Note that the facial image detection process and facial image extraction process performed by the biometric information acquisition unit 302 can use existing technology, so detailed explanations will be omitted. For example, the biometric information acquisition unit 302 may extract a facial image (face area) from image data using a learning model trained by a CNN (Convolutional Neural Network). Alternatively, the biometric information acquisition unit 302 may extract a facial image using a method such as template matching.

The biometric information acquisition unit 302 passes the extracted facial image to the authentication request unit 303.

The authentication request unit 303 is a means for requesting the server device 20 to authenticate the user in front of the server device 20. The authentication request unit 303 generates an authentication request including an identifier of the device itself (hereinafter, referred to as a terminal identifier), the acquired face image, etc. (see FIG. 9). The terminal identifier may be a MAC (Media Access Control address) address, an IP (Internet Protocol) address, etc. The authentication request unit 303 transmits the generated authentication request to the server device 20.

By checking the terminal identifier included in the authentication request, the server device 20 can uniquely identify the terminal that sent the authentication request. The server device 20 can also identify the type of terminal (baggage drop machine 11, passenger passage system 12, gate device 13, boarding gate device 14) based on the terminal identifier. The terminal identifier is shared between each terminal included in the system and the server device 20. For example, a system administrator or the like may determine the terminal identifier and input the determined terminal identifier to each terminal. The system administrator may also input table information or the like that associates terminal identifiers with terminal types to the server device 20.

The authentication request unit 303 receives a response to the authentication request from the server device 20. The authentication request unit 303 passes the response obtained from the server device 20 to the message output unit 304 and the function realization unit 305.

The message output unit 304 is a means for outputting various messages. For example, the message output unit 304 displays messages such as those shown in Figs. 3 and 4 according to the authentication result (authentication successful, authentication failed) obtained from the server device 20.

If the authentication is successful, the message output unit 304 displays a message including the face image (registered face image) acquired from the server device 20. Alternatively, as shown in FIG. 3, the message output unit 304 may display a message including personal information (such as name) of the person who was successfully authenticated (the person to be authenticated who was determined to have been successfully authenticated) and information about the flight of the person who was successfully authenticated (information about the airline, information about the arrival airport, flight number of the aircraft, departure time, etc.).

Examples of the information about the airline include the name of the airline and the airline code. Examples of the information about the arrival airport include the name of the arrival airport and the name of the country to which the arrival airport belongs. The message output unit 304 may extract and generate personal information and flight information of the successfully authenticated person from the business information acquired from the server device 20.

If authentication failure is obtained, the message output unit 304 displays a message as shown in FIG. 4. That is, the message output unit 304 notifies the person who failed authentication (the person who was determined to have failed authentication) of the fact that authentication has failed.

The function realization unit 305 is a means for realizing the functions of the boarding gate device 14. The function realization unit 305 realizes procedures related to the successfully authenticated person. The function realization unit 305 identifies the flight number of the aircraft that the user (successfully authenticated person) can board from the acquired business information. If the identified flight number matches the flight number assigned to the function realization unit 305, the function realization unit 305 allows the successfully authenticated person to pass through the gate. Note that the operation of the function realization unit 305 can be the same as the operation of existing boarding gate devices, so a detailed explanation will be omitted. Also, an employee working for the airline of the aircraft boarding from the boarding gate device 14 can assign (input) the necessary flight number to the boarding gate device 14.

When the function realization unit 305 allows a successfully authenticated person to pass through the gate, it notifies the server device 20 of this fact.

The memory unit 306 is a means for storing information necessary for the operation of the boarding gate device 14.

[Other devices]
The basic processing configuration of the other terminals included in the boarding procedure system (baggage drop machine 11, passenger passage system 12, gate device 13) can be the same as the processing configuration of the boarding gate device 14 shown in Fig. 8, so detailed explanation will be omitted. Each terminal acquires biometric information (facial image) of the system user and requests authentication using the acquired biometric information from the server device 20. If the authentication is successful, the function assigned to each terminal is executed. In addition, each terminal outputs a display (message) according to the authentication result (authentication successful, authentication failed).

[Server device]
Fig. 10 is a diagram showing an example of a processing configuration (processing module) of the server device 20 according to the first embodiment. Referring to Fig. 10, the server device 20 includes a communication control unit 401, a token generation unit 402, a database management unit 403, an authentication unit 404, and a storage unit 405.

The communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from the check-in terminal 10. The communication control unit 401 also transmits data to the check-in terminal 10. The communication control unit 401 passes data received from other devices to other processing modules. The communication control unit 401 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data to and from other devices via the communication control unit 401. The communication control unit 401 has a function as an "acquisition unit" that acquires biometric information of the person to be authenticated from the terminal. Alternatively, the communication control unit 401 has a function as a "reception unit" that receives an authentication request including biometric information of the person to be authenticated, and a "transmission unit" that transmits a response to the authentication request.

The token generation unit 402 is a means for generating a token in response to a token generation request from the check-in terminal 10. At that time, the token generation unit 402 judges the validity of the passport presented by the user.

Specifically, the token generation unit 402 determines whether the person who presented a passport to the check-in terminal 10 and the person who was issued the passport are the same person. To perform this determination, the token generation unit 402 extracts the facial image included in the token generation request (the facial image of the system user) and the passport facial image included in the passport information. The token generation unit 402 determines whether these two facial images substantially match.

The token generation unit 402 performs matching (one-to-one matching) of the two facial images. The token generation unit 402 calculates feature vectors from each of the two images. The token generation unit 402 calculates the similarity (e.g., Euclidean distance) between the two images, and determines whether the two images are facial images of the same person based on the result of threshold processing on the calculated similarity. For example, if the similarity is greater than a predetermined value (if the distance is shorter than a predetermined value), the token generation unit 402 determines that the two facial images are of the same person.

When the token generation unit 402 successfully determines the validity of the passport using the biometric information, it issues a token. For example, the token generation unit 402 generates a unique value as a token ID based on the date and time of processing, a sequence number, etc.

When the token generating unit 402 generates a token (token ID), it transmits a positive response (token issued) to the check-in terminal 10. When the token generating unit 402 fails to generate a token ID, it transmits a negative response (token not issued) to the check-in terminal 10.

When the token generation unit 402 successfully generates (issues) a token ID, it passes the generated token ID, boarding pass information, passport information, and facial image (facial image of the system user) to the database management unit 403.

The database management unit 403 is a means (management unit) for managing various databases constructed in the server device 20.

The server device 20 has a token ID information database and a business information database.

The token ID information database stores at least the token ID and the user's biometric information in association with each other. FIG. 11 is a diagram showing an example of the token ID information database. Referring to FIG. 11, the token ID information database has fields for storing the token ID, registered face image, feature amount, token issuance time, token issuing device name, etc.

As described above, the token ID is a temporarily issued identifier. When the user completes the procedures at the boarding gate device 14, the token ID is invalidated. In other words, the token ID is not a permanently used identifier, but a one-time ID with a validity period (life cycle).

The registered face image is a face image of a system user. For example, the registered face image may be a face image of the user captured by the check-in terminal 10, or a passport face image. The feature amount is a feature vector generated from the face image. The token issue time is the time when the server device 20 issues the token ID. The device name is the name of the device (check-in terminal 10) from which the registered face image that triggered the issuance of the token ID was obtained.

The business information database is a database that manages information (business information) required when a user performs boarding procedures. FIG. 12 is a diagram showing an example of a business information database. Referring to FIG. 12, the business information database has fields for storing a token ID, passenger name, departure point, destination, airline code, flight number, operation date, etc. In addition to the above fields, the business information database may have fields for storing a seat number, nationality, passport number, surname, first name, date of birth, gender, etc. The business information database stores business information required for a specific task (procedure tasks performed at each touch point) for each token ID.

The above information stored in the business information database is obtained from boarding pass information and passport information.

When the database management unit 403 obtains a token ID from the token generation unit 402 (when a token ID is issued), it adds a new entry to the two databases. The database management unit 403 sets a setting value in the field of each database. For example, the database management unit 403 generates a feature amount from a registered face image and registers the generated feature amount in the token ID information database. Note that for fields in which a setting value cannot be set, the database management unit 403 may set an initial value (default value).

The authentication unit 404 is a means for performing biometric authentication. The authentication unit 404 processes an authentication request acquired from the terminal. The authentication unit 404 performs biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of multiple users registered in advance in a token ID information database.

Specifically, the authentication unit 404 processes authentication requests from each of multiple terminals, including the boarding gate device 14, by referring to the token ID information database. The authentication request includes biometric information of the person to be authenticated. The authentication unit 404 performs a matching process (1:N matching) using the biometric information included in the authentication request and the biometric information registered in the token ID information database.

The authentication unit 404 generates features from the facial image acquired from the terminal (baggage drop machine 11, passenger passage system 12, gate device 13, boarding gate device 14). Note that existing technology can be used for the feature generation process, so a detailed explanation is omitted. For example, the authentication unit 404 extracts the eyes, nose, mouth, etc. as feature points from the facial image. The authentication unit 404 then calculates the position of each feature point and the distance between each feature point as feature amounts, and generates a feature vector consisting of multiple feature amounts.

The authentication unit 404 sets the generated feature (feature vector) as the feature on the matching side, and the feature stored in the token ID information database as the feature on the registration side.

The authentication unit 404 calculates the similarity (score) between the feature on the matching side and each of the multiple feature on the registration side. The similarity can be calculated using chi-square distance, Euclidean distance, or the like. Note that the greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.

The authentication unit 404 determines that authentication is successful if there is a feature among multiple features (valid features) registered in the token ID information database that has a similarity with the feature to be matched that is equal to or greater than a predetermined value.

If authentication is successful, the authentication unit 404 identifies the token ID that corresponds to the feature with the highest similarity. The authentication unit 404 searches the business information database using the identified token ID as a key to identify the corresponding entry.

The authentication unit 404 sends the authentication result to the terminal (responds to the authentication request).

If the authentication is successful, the authentication unit 404 sends to the terminal a positive response including the entry (token ID, business information) identified from the business information database and the facial image of the person who was successfully authenticated (the facial image of the registered person). In this way, the authentication unit 404 sends to the terminal the registered biometric information (registered facial image) of the person who was successfully authenticated and information about the flight of the person who was successfully authenticated.

If authentication fails, the authentication unit 404 sends a negative response to the terminal indicating that authentication failed.

The storage unit 405 stores various information necessary for the operation of the server device 20. A token ID information database and a business information database are constructed in the storage unit 405. The token ID information database is a first database that stores at least the biometric information of each of the multiple users and the token ID issued to each of the multiple users in association with each other. The business information database is a second database that stores at least the token ID issued to each of the multiple users and the business information of each of the multiple users in association with each other. The business information database stores at least information related to flights as business information.

[System Operation]
Next, the operation of the boarding system according to the first embodiment will be described. Fig. 13 is a sequence diagram showing an example of the operation of the boarding system according to the first embodiment. The operation when performing the authentication process of the user will be described with reference to Fig. 13. The explanation of the operation related to the system registration will be omitted.

The terminal (either the baggage drop machine 11, the passenger passage system 12, the gate device 13, or the boarding gate device 14) acquires a facial image of the user (person to be authenticated) and sends an authentication request to the server device 20 (step S01).

The server device 20 generates features from the facial image included in the authentication request and performs authentication processing using the token ID information database (step S02).

If the authentication is successful (step S03, Yes branch), the server device 20 searches the business information database using the token ID obtained by the matching process as a key (step S04).

If authentication fails (step S03, No branch), the server device 20 executes the process from step S05 onwards.

The server device 20 transmits the authentication result (authentication successful, authentication failed) to the terminal (touch point) (step S05). If the authentication is successful, the server device 20 transmits a response to the terminal including the contents of the entry identified in the search of step S04 (token ID, business information) and the registered face image of the person who was successfully authenticated.

The terminal displays a display according to the authentication result obtained from the server device 20 (step S06). When a response regarding successful authentication is received, the terminal displays, for example, a display as shown in FIG. 3. That is, the terminal displays a display including the biometric information of the person who was successfully authenticated and information regarding the flight. When a response regarding unsuccessful authentication is received, the terminal displays, for example, a display as shown in FIG. 4.

The terminal then executes the user's boarding procedure based on the authentication result. A detailed explanation of this operation is omitted. Each terminal simply executes the function assigned to it.

As described above, the boarding procedure system according to the first embodiment presents the user with a pre-registered face image (a face image registered in the system by the check-in terminal 10) and flight information (information on the destination, airline, etc.) when authentication of the person to be authenticated is successful. The user (successfully authenticated person) can check this information and recognize that the system processing is not normal if other people's information (other people's face image, other people's flight information) is displayed. That is, the server device 20 and the terminal generate information that enables the user to detect erroneous authentication due to the occurrence of acceptance of a different person, and present this information to the user. As a result, in the unlikely event that an erroneous authentication occurs, the user can inform a staff member or the like and problems and inconsistencies caused by the erroneous authentication can be resolved.

Second Embodiment
Next, the second embodiment will be described in detail with reference to the drawings.

In the first embodiment, the terminal simultaneously displays the registered face image of the person who was successfully authenticated, as well as the personal information and flight information of that person. By displaying the above information, even if a false acceptance occurs, the person to be authenticated can detect the occurrence of false acceptance because their own face and flight information are displayed. In other words, in the first embodiment, the detection of the occurrence of false acceptance is left to the user.

In the second embodiment, we explain a case where airport or airline staff can detect the occurrence of false reception.

The processing configuration of the server device 20 and the terminal in the second embodiment can be the same as in the first embodiment, so a description thereof will be omitted.

The differences between the first and second embodiments are explained below.

FIG. 14 is a diagram showing an example of a schematic configuration of a boarding system according to the second embodiment. Referring to FIG. 14, the boarding system according to the second embodiment includes an employee terminal 30.

The staff terminal 30 is a terminal used by airport or airline staff, etc. The boarding procedure system may include one staff terminal 30, or may include multiple staff terminals 30. When multiple staff terminals 30 are included in the system, at least one staff terminal 30 may be installed at each processing location (e.g., immigration). In other words, a staff terminal 30 may be installed corresponding to each terminal used for boarding procedures.

The staff terminal 30 may be a stationary computer as shown in FIG. 14, or a portable terminal such as a mobile phone, smartphone, tablet, or laptop. The staff terminal 30 may be of any type or form as long as it is a terminal used by staff.

The staff terminal 30 may be equipped with a display device such as a liquid crystal panel, an operating device such as a touch panel, and an information provision function and an information input function. The staff terminal 30 may be realized using a commercially available computer, etc., and the internal processing configuration, etc. will be clear to those skilled in the art, so a description thereof will be omitted.

When the server device 20 has successfully authenticated the person to be authenticated, it transmits authentication result information to the staff terminal 30. The authentication result information includes the face image of the person to be authenticated acquired by the terminal (acquired face image) and the face image of the person determined to be the same person as the person to be authenticated by biometric authentication (face image registered in the token ID information database; registered face image).

In response to receiving the authentication result information, the staff terminal 30 displays the display as shown in FIG. 15. The staff member checks the display on the staff terminal 30. The staff member compares the two facial images to determine whether or not false acceptance has occurred. Specifically, if it is determined that the two facial images are facial images of the same person, it is determined that false acceptance has not occurred. If it is determined that the two facial images are not facial images of the same person, it is determined that false acceptance has occurred.

If false acceptance does not occur, the staff will not take any special action. If false acceptance does occur, the staff will correct and revise the authentication result by the server device 20 based on the authentication ID, etc. Specifically, the staff will input the authentication ID into the server device 20 and identify the two parties involved in the false acceptance. The staff will correct the token ID information database based on the names and flight numbers of the parties, or visit the parties to inform them of the false authentication and take the necessary action. Note that the response to false acceptance varies depending on the terminal and the passenger's situation (before or after boarding the aircraft) at the time of false acceptance, and it is difficult to process it uniformly using the system. In other words, since it is assumed that false acceptance occurs with the flexible response of staff, etc., a more detailed explanation will be omitted. When false acceptance occurs, the staff only needs to appropriately correct the inconvenience and inconsistency caused by the false authentication.

If biometric authentication is successful, the authentication unit 404 generates an authentication ID that uniquely identifies the result of the biometric authentication. Each time biometric authentication is successful, the authentication unit 404 assigns a unique value and generates an authentication ID.

The authentication unit 404 stores the generated authentication ID in association with the information obtained from the authentication unit 404 (see FIG. 16).

After generating the authentication ID, the authentication unit 404 generates authentication result information. Specifically, the authentication unit 404 generates authentication result information including the authentication ID, the terminal identifier, the acquired face image, and the registered face image. The authentication unit 404 transmits the generated authentication result information to the staff terminal 30.

Alternatively, the authentication unit 404 may generate authentication result information including personal information (such as name) and flight information (such as flight number) of the person who has been successfully authenticated. The authentication unit 404 can obtain (read) the personal information of the person who has been successfully authenticated from the business information database using the token ID.

When a predetermined condition is satisfied, the authentication unit 404 may transmit authentication result information to the staff terminal 30. For example, when the similarity between the two images (acquired face image, registered face image) at the time of successful authentication is smaller than a predetermined threshold, the server device 20 may transmit the authentication result information to the staff terminal 30. That is, when the similarity between the two images is larger than a first threshold at which authentication is determined to be successful and smaller than a predetermined second threshold, the server device 20 may transmit the authentication result information to the staff terminal 30.

In this way, the authentication unit 404 may perform threshold processing on the calculated similarity and determine whether or not to send authentication result information to the staff terminal 30 depending on the result. As a result, if the certainty (precision) of the authentication result is sufficiently high (if the similarity between the images is equal to or greater than the second threshold), the authentication result information is not sent from the server device 20 to the staff terminal 30. In other words, if the biometric authentication is successful but the certainty is not sufficient, the authentication result information is sent to the staff terminal 30.

By checking the authentication result information selected (filtered) by the server device 20, staff can concentrate more closely on detecting the occurrence of false acceptance.

Alternatively, the server device 20 may determine whether or not to transmit authentication result information using the largest similarity (first similarity) and the next largest similarity (second similarity; first similarity > second similarity) among the multiple similarities calculated during the authentication process. Specifically, the server device 20 may transmit the authentication result information to the staff terminal 30 when the difference between the first similarity and the second similarity is smaller than a predetermined threshold value.

The fact that the difference between the first similarity and the second similarity is large indicates that the face of the person determined to be second most similar to the person being authenticated does not resemble the face of the person being authenticated (the person himself/herself). In contrast, the fact that the difference between the first similarity and the second similarity is small indicates that the face of the person determined to be second most similar to the person being authenticated resembles the face of the person being authenticated. For example, if the people being authenticated are twins and both facial images are registered, the difference between the similarity based on the person's facial image (first similarity) and the similarity based on the twin's other facial image (second similarity) will be small.

The server device 20 may determine whether or not it is necessary to transmit the authentication result information based on the difference in the similarity. In this case, the authentication unit 404 may also perform threshold processing on the difference between the first similarity and the second similarity, and determine whether or not it is necessary to transmit the authentication result information based on the result of the processing.

As described above, in the boarding check-in system according to the second embodiment, when the server device 20 successfully authenticates the person to be authenticated, it transmits authentication result information including the acquired face image and the registered face image to the staff terminal 30. The staff terminal 30 provides information that can be used to verify whether or not erroneous authentication due to false acceptance has occurred to staff, etc. Staff detect the occurrence of erroneous authentication by comparing the two face images. In the second embodiment, staff who are familiar with the work monitor the occurrence of erroneous authentication, so that the occurrence of false acceptance is more reliably detected. In the second embodiment as well, problems and inconsistencies caused by erroneous authentication are eliminated.

Next, we will explain the hardware of each device that makes up the boarding system. Figure 17 is a diagram showing an example of the hardware configuration of server device 20.

The server device 20 can be configured by an information processing device (so-called a computer), and has the configuration shown in FIG. 17. For example, the server device 20 has a processor 311, a memory 312, an input/output interface 313, a communication interface 314, etc. The components such as the processor 311 are connected by an internal bus or the like, and are configured to be able to communicate with each other.

However, the configuration shown in FIG. 17 is not intended to limit the hardware configuration of the server device 20. The server device 20 may include hardware not shown, and may not include an input/output interface 313 as necessary. Furthermore, the number of processors 311 and the like included in the server device 20 is not intended to be limited to the example shown in FIG. 17, and for example, the server device 20 may include multiple processors 311.

The processor 311 is, for example, a programmable device such as a CPU (Central Processing Unit), an MPU (Micro Processing Unit), or a DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or an ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs including an operating system (OS).

Memory 312 is a RAM (Random Access Memory), a ROM (Read Only Memory), a HDD (Hard Disk Drive), a SSD (Solid State Drive), etc. Memory 312 stores the OS program, application programs, and various data.

The input/output interface 313 is an interface for a display device and an input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a device that accepts user operations such as a keyboard or a mouse.

The communication interface 314 is a circuit, module, etc. that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card), etc.

The functions of the server device 20 are realized by various processing modules. The processing modules are realized, for example, by the processor 311 executing a program stored in the memory 312. The program can be recorded on a computer-readable storage medium. The storage medium can be a non-transitory medium such as a semiconductor memory, a hard disk, a magnetic recording medium, or an optical recording medium. That is, the present invention can also be embodied as a computer program product. The program can be downloaded via a network, or updated using a storage medium that stores the program. Furthermore, the processing modules may be realized by a semiconductor chip.

The check-in terminal 10, boarding gate device 14, staff terminal 30, etc. can also be configured with information processing devices like the server device 20, and their basic hardware configurations are no different from those of the server device 20, so a description of them will be omitted. The check-in terminal 10, etc. only needs to be equipped with a camera, etc.

The server device 20 is equipped with a computer, and the functions of the server device 20 can be realized by having the computer execute a program. The server device 20 also executes a control method for the server device by the program.

[Modification]
The configuration, operation, etc. of the boarding system described in the above embodiment are merely examples and are not intended to limit the system configuration, etc.

In the above embodiment, it has been described that system registration is performed after the user's check-in procedure, but system registration may also be performed before the check-in procedure. In this case, since a boarding pass is not issued before the check-in procedure, the server device 20 may perform system registration using airline ticket information instead of a boarding pass.

In the above embodiment, a case has been described in which system registration (registration for implementing boarding procedures using biometric authentication) is performed at the check-in terminal 10. However, system registration may be performed at a device or terminal other than the check-in terminal 10. For example, a device dedicated to system registration may be installed at the airport, or system registration may be performed at a terminal (touch point) such as the baggage drop machine 11 or the passenger passage system 12.

In the above embodiment, a case has been described in which a series of boarding procedures are performed using biometric authentication, but some of the procedures may also be performed using biometric authentication. For example, in FIG. 2, system registration may be performed at the baggage drop-off machine 11, and procedures after baggage drop-off (security check, etc.) may be performed using biometric authentication. In other words, some of the series of boarding procedures may be performed at manned booths, etc.

In the above embodiment, the server device 20 is described as having two databases. However, the token ID information database and the business information database constructed in the server device 20 may be constructed in a database server different from the server device 20. In other words, the boarding procedure system only needs to include the various means (e.g., token generation means) etc. described in the above embodiment.

In the above embodiment, a case has been described in which the authentication request includes a facial image, but the authentication request may also include features generated from the facial image. In this case, the server device 20 processes the authentication request using the features extracted from the authentication request and the features registered in the token ID information database.

In the first embodiment, the server device 20 includes a registered face image in the response to the authentication request. However, the server device 20 may transmit the registered face image to the terminal by a method other than the response to the authentication request. For example, the server device 20 may transmit authentication result information to the terminal as described in the second embodiment.

The server device 20 according to the first embodiment may include a registered face image, etc., in an affirmative response to an authentication request when a predetermined condition is satisfied. For example, as described in the second embodiment, the server device 20 may include a registered face image, etc., in an affirmative response depending on the result of threshold processing on the similarity calculated during the authentication process. In this case, when the terminal receives an affirmative response including a registered face image, it may output a display such as that shown in FIG. 3.

In the display that provides the authentication result to the successfully authenticated person, information about the seat of the successfully authenticated person may also be displayed. For example, the seat number and seat class (first class, business class, economy class) of the successfully authenticated person may be displayed together with the registered face image. The person to be authenticated can detect the occurrence of false acceptance based on this information.

When the terminal displays the information as shown in FIG. 3, the terminal may generate a GUI including a button or the like for acquiring information that the successfully authenticated person has visually confirmed the display (see FIG. 18). That is, the terminal may use the GUI to acquire information as to whether the successfully authenticated person has confirmed that no false acceptance has occurred based on the displayed biometric information and information related to the flight. In response to the successful authenticated person pressing the OK button, the terminal may proceed with the procedure for that successful authenticated person. Alternatively, in response to the pressing of the OK button, the terminal may control a gate or the like to allow the successful authenticated person to pass through. Alternatively, the terminal may acquire information that the successful authenticated person has visually confirmed the display content through non-contact input such as voice or gesture.

In the second embodiment, the staff terminal 30 and the terminal may work in cooperation. For example, the staff terminal 30 may control a gate equipped in the terminal. For example, the staff terminal 30 displays a GUI as shown in FIG. 19. If the staff determines that a false person has been admitted by comparing the two facial images, the staff presses a procedure interruption button. In response to the button being pressed, the staff terminal 30 issues a procedure interruption instruction to the terminal where the biometric authentication was performed (boarding gate device 14 in the example of FIG. 19). The terminal that receives the instruction (terminal function realization unit 305) interrupts the procedure of the person who was successfully authenticated. For example, the terminal controls so that the person who was successfully authenticated cannot pass through the gate. The staff goes to the terminal that interrupted the procedure and takes the necessary measures.

In this way, the staff terminal 30 obtains, via the GUI, whether or not the staff member has determined that false acceptance has occurred, based on the biometric information obtained from the terminal and the registered biometric information of the person who was successfully authenticated. Furthermore, the staff terminal 30 may instruct the terminal to suspend the procedure when the staff member determines that false acceptance has occurred. In other words, the staff terminal 30 may control the terminal in response to the staff member's operation (the result of the staff member's determination of false acceptance).

When a certain condition is met, the server device 20 (authentication unit 404) may include a "warning flag" in the positive response or authentication result information including the registered face image. The warning flag is information that notifies the terminal or the staff terminal 30 that the above-mentioned certain condition has been met. The warning flag is set when requesting the person who has been successfully authenticated or the staff member to carefully consider the authentication result. For example, the server device 20 sets the warning flag according to the result of the threshold processing for the similarity described in the second embodiment. More specifically, when the authentication is successful but the accuracy is assumed to be low, the server device 20 sets the warning flag.

The terminal or staff terminal 30 may change the manner of the display provided to the successfully authenticated person or staff depending on whether an alarm flag is set. For example, the terminal may change the manner of the display (e.g., the display shown in FIG. 3) including the biometric information of the successfully authenticated person and information about the flight depending on whether a specified condition is met.

For example, if the warning flag is set, the terminal or staff terminal 30 may display (highlight) the image using more colors to attract attention than when the flag is not set, or may blink all or part of the screen. Alternatively, the terminal or the like may use audio to urge the user to carefully check the registered face image.

In the above explanation, a case has been described in which authentication result information is sent to the staff terminal 30 when certain conditions are met. The above-mentioned certain conditions are merely examples, and the need to send authentication result information may be determined based on other conditions. For example, the need to send authentication result information may be determined based on the seat class (seat class; first class passenger seat, superior cabin, regular passenger seat) or travel history of the successfully authenticated person. For example, if the seat class of the successfully authenticated person is first class, the authentication result information may be sent to the staff terminal 30. In this case, staff can carefully monitor the occurrence of erroneous authentication of first class passengers (passengers with whom airlines and the like want to avoid trouble).

Alternatively, the server device 20 may transmit a positive response including authentication result information and a registered face image based on an index or the like other than the similarity between face images based on a feature amount generated from a face image. In biometric authentication, erroneous authentication (acceptance of a different person) occurs because the "faces" of the matching side and the registration side are similar. More precisely, if the positions of the eyes and nose and the distance between these feature points are similar, erroneous authentication (acceptance of a different person) may occur even if the faces are different people. Here, in a boarding procedure system at an airport, a registered face image is input to the server device 20 at the time of check-in, and then a terminal (boarding gate device 14, etc.) requests biometric authentication from the server device 20 in a relatively short time. It is difficult to imagine that the subject's hairstyle, whether or not he/she wears glasses, his/her clothes, etc. will change in such a short period of time. The server device 20 may use the features and characteristics of such biometric authentication at an airport to determine whether or not to transmit authentication result information.

More specifically, the server device 20 (authentication unit 404) calculates the similarity between the two images using a method different from the method using the feature amount. For example, the server device 20 sets a low value to the similarity if the hairstyles of the people in the two face images are different. Alternatively, the server device 20 sets a low value to the similarity if one face image shows glasses and the other face image shows no glasses. Alternatively, the server device 20 sets a low value to the similarity if the clothes of the people in the two face images are different. The server device 20 may transmit authentication result information to the staff terminal 30 when the similarity calculated by the above method is lower than a predetermined threshold value. That is, the server device 20 may determine whether or not to transmit authentication result information based on the similarity between images calculated by a method different from the similarity based on the feature amount. Similarly, the server device 20 may transmit a positive response including the registered face image to the terminal based on the similarity between images calculated by a method different from the similarity based on the feature amount.

When determining the similarity of hairstyles, the server device 20 may compare the area of the upper face area or may use the shape of the area. Furthermore, when determining whether or not glasses are worn, the server device 20 may use a method such as template matching. When determining the identity of clothing, the server device 20 may use the results of frequency analysis of areas other than the face area. The server device may determine the identity of clothing depending on whether the patterns and textures of areas other than the face area are different.

In the second embodiment, a case has been described in which authentication result information is sent to the staff terminal 30, but the information may also be sent to the terminal. The terminal may perform a display using the registered face image included in the response to the authentication request and a display using the registered face image included in the authentication result information on different display devices. For example, the former display may be performed on a main display that is visible to the person to be authenticated, and the latter display may be performed on a sub-display that is visible to a staff member (a staff member waiting near the terminal).

In the above embodiment, the case where the staff member detects the occurrence of false acceptance using the staff terminal 30 has been described. However, the detection of the occurrence of false acceptance may be performed using a learning model generated by machine learning. Specifically, the system administrator etc. collects a large number of data (acquired face images, registered face images) when false acceptance occurs. The system administrator etc. generates training data by attaching a label related to authentication failure to the collected data. The system administrator etc. inputs the training data into a learning device to generate a learning model (classification model). The above learning model is implemented in a computer. The computer inputs two face images acquired from the server device 20 into the learning model and outputs a judgment result (false acceptance occurrence, non-occurrence). The staff etc. may take necessary action depending on the result judged by the computer. In addition, any algorithm such as a support vector machine, boosting, or neural network can be used to generate the learning model. In addition, since the above algorithm such as the support vector machine can be a known technology, its description is omitted.

In the above embodiment, the facial image and the features generated from the facial image are treated as "biometric information" and the operation of the system is described. However, other information may be used as "biometric information" instead of the facial image. For example, when voiceprint authentication is used, pre-registered voiceprint information (audio data) may be played back and flight information may be displayed.

In addition, if biometric information other than a facial image is used, the biometric information of the registering party does not need to be displayed. For example, the personal information (name) of the person to be authenticated or flight information (destination, etc.) may be displayed on the terminal. If this information differs from the user's own information, the user can detect erroneous authentication.

The server device 20 may notify the terminal or the staff terminal 30 of the similarity used in the authentication process (similarity of the person who was successfully authenticated). The staff terminal 30 or the like may provide the similarity to the staff or the like. The staff can take action such as checking the two facial images more carefully according to the presented similarity.

The form of data transmission and reception between the check-in terminal 10 and the server device 20 is not particularly limited, but the data transmitted and received between these devices may be encrypted. Boarding pass information and passport information contain personal information, and in order to appropriately protect the personal information, it is desirable to transmit and receive encrypted data.

In the flow diagrams (flowcharts, sequence diagrams) used in the above explanation, multiple steps (processes) are described in order, but the order in which the steps are executed in the embodiment is not limited to the order described. In the embodiment, the order of the steps shown in the diagrams can be changed to the extent that does not interfere with the content, such as executing each process in parallel.

The above embodiments have been described in detail to facilitate understanding of the present disclosure, and it is not intended that all of the configurations described above are necessary. Furthermore, when multiple embodiments are described, each embodiment may be used alone or in combination. For example, it is possible to replace part of the configuration of an embodiment with the configuration of another embodiment, or to add the configuration of another embodiment to the configuration of an embodiment. Furthermore, it is possible to add, delete, or replace part of the configuration of an embodiment with other configurations.

The above explanation makes clear the industrial applicability of the present invention, and the present invention can be suitably applied to boarding procedures at airports and the like. However, the application of the present disclosure is not limited to airport procedures, and the present disclosure can be applied to systems that require multiple procedures. For example, the present disclosure can also be applied to entrance and exit control at event venues and the like. For example, the server device 20 can analyze the authentication history at the event venue, and notify the event organizer or the like of any results that are strongly suspected to be erroneous authentication.

A part or all of the above-described embodiments can be described as, but is not limited to, the following supplementary notes.
[Appendix 1]
an acquisition unit that acquires biometric information of an authentication subject from a terminal;
an authentication unit that performs biometric authentication using biometric information of the person to be authenticated and biometric information of each of a plurality of users registered in advance;
Equipped with
The authentication unit is a server device that, when certain conditions are satisfied, transmits authentication result information including the biometric information acquired from the terminal and the registered biometric information of the person who succeeded in the biometric authentication to a staff terminal used by the staff member.
[Appendix 2]
the authentication unit calculates a similarity between the biometric information of the person to be authenticated and the biometric information of each of the plurality of pre-registered users;
A server device as described in Appendix 1, which transmits the authentication result information to the staff terminal when the largest similarity among the calculated multiple similarities is greater than a first threshold value and less than a second threshold value.
[Appendix 3]
the authentication unit calculates a similarity between the biometric information of the person to be authenticated and the biometric information of each of the plurality of pre-registered users;
Calculating a difference between a first similarity having a largest value and a second similarity having a second largest value among the calculated similarities;
The server device according to claim 1, wherein the authentication result information is sent to the staff terminal when the calculated difference is smaller than a predetermined threshold value.
[Appendix 4]
The server device described in Appendix 1, wherein the authentication unit determines whether or not to send the authentication result information to the staff terminal based on the seat class of the successfully authenticated person.
[Appendix 5]
The server device according to claim 4, wherein the authentication unit transmits the authentication result information to the staff terminal when the seat class of the successfully authenticated person is the highest class seat.
[Appendix 6]
6. The server device according to claim 1, further comprising a database that stores biometric information of each of the plurality of users.
[Appendix 7]
7. The server device according to claim 1, wherein the biometric information is a face image or a feature extracted from the face image.
[Appendix 8]
The server device according to any one of claims 1 to 7, wherein the authentication unit transmits the authentication result information to the terminal instead of the staff terminal.
[Appendix 9]
A terminal,
Staff terminals used by staff;
A server device connected to the terminal and the staff terminal;
Including,
The server device includes:
an acquisition unit that acquires biometric information of an authentication subject from a terminal;
an authentication unit that performs biometric authentication using biometric information of the person to be authenticated and biometric information of each of a plurality of users registered in advance;
Equipped with
A system in which, when certain conditions are met, the authentication unit transmits authentication result information to the staff terminal, the authentication result information including the biometric information acquired from the terminal and the registered biometric information of a person who succeeded in the biometric authentication.
[Appendix 10]
The system described in Appendix 9, wherein the staff terminal displays the biometric information acquired from the terminal and the registered biometric information of the person who was successfully authenticated.
[Appendix 11]
The staff terminal includes:
The system described in Appendix 10, in which the staff member determines whether or not a false positive has occurred based on the biometric information acquired from the terminal and the registered biometric information of the successfully authenticated person.
[Appendix 12]
The staff terminal includes:
The system of claim 11, further comprising: instructing the terminal to suspend the procedure if it is determined that false acceptance has occurred.
[Appendix 13]
In the server device,
Acquire biometric information of the person to be authenticated from the terminal;
performing biometric authentication using the biometric information of the person to be authenticated and the biometric information of each of a plurality of users registered in advance;
A method for controlling a server device, which, when certain conditions are met, transmits authentication result information including biometric information acquired from the terminal and registered biometric information of an individual who succeeded in the biometric authentication to an employee terminal used by an employee.
[Appendix 14]
A computer installed in the server device
A process of acquiring biometric information of a person to be authenticated from a terminal;
A process of performing biometric authentication using biometric information of the person to be authenticated and biometric information of each of a plurality of users registered in advance;
a process of transmitting authentication result information, including the biometric information acquired from the terminal and the registered biometric information of a person who has been successfully authenticated, to a staff terminal used by the staff member when a predetermined condition is satisfied;
A computer-readable storage medium that stores a program for executing the above.

The disclosures of the above cited prior art documents are incorporated herein by reference. Although the embodiments of the present invention have been described above, the present invention is not limited to these embodiments. Those skilled in the art will understand that these embodiments are merely illustrative and that various modifications are possible without departing from the scope and spirit of the present invention. In other words, the present invention naturally includes various modifications and amendments that a person skilled in the art can make in accordance with the entire disclosure, including the scope of the claims, and the technical ideas.

10 Check-in terminal 11 Baggage drop machine 12 Passenger passage system 13 Gate device 14 Boarding gate device 20, 100 Server device 30 Staff terminal 101 Acquisition unit 102 Authentication unit 201, 301, 401 Communication control unit 202 System registration unit 203 Token issuance request unit 204, 304 Message output unit 205 Check-in execution unit 206, 306, 405 Storage unit 211 Boarding pass information acquisition unit 212 Passport information acquisition unit 213, 302 Biometric information acquisition unit 303 Authentication request unit 311 Processor 312 Memory 313 Input/output interface 314 Communication interface 402 Token generation unit 403 Database management unit 404 Authentication unit

Claims (12)

an acquisition unit that acquires biometric information of an authentication subject from a terminal;
an authentication unit that controls biometric authentication using biometric information of the person to be authenticated and biometric information of each of a plurality of users registered in advance;
When the biometric authentication is successful and a predetermined condition is satisfied, the authentication unit transmits authentication result information including the acquired biometric information acquired from the terminal, the registered biometric information corresponding to the person who succeeded in the biometric authentication , and an alarm flag as information used to detect erroneous authentication due to the occurrence of false acceptance to an employee terminal used by an employee or to the terminal ;
A server device , wherein the warning flag is information used to determine a display mode of the acquired biometric information or the registered biometric information on the staff terminal or the terminal . the predetermined condition is a condition regarding a degree of similarity between biometric information of the person to be authenticated and biometric information of each of a plurality of users registered in advance,
The server device according to claim 1 , wherein the authentication unit transmits the authentication result information to the staff terminal or the terminal when the predetermined condition is satisfied. The predetermined condition is a condition related to a seat class corresponding to the successful authentication person,
The server device according to claim 1 , wherein the authentication unit transmits the authentication result information to the staff terminal or the terminal when the predetermined condition is satisfied. The server device according to any one of claims 1 to 3, wherein the authentication result information includes one or both of flight information including at least one of information about the airline, information about the arrival airport, and information about the flight number and departure time of the boarding aircraft corresponding to the successful authentication person, and personal information corresponding to the successful authentication person. The computer installed in the server device
Acquire biometric information of the person to be authenticated from the terminal;
Controlling biometric authentication using biometric information of the person to be authenticated and biometric information of each of a plurality of users registered in advance;
Furthermore, when the biometric authentication is successful and specified conditions are satisfied, authentication result information including acquired biometric information acquired from the terminal, registered biometric information corresponding to the person who succeeded in the biometric authentication, and an alarm flag as information used to detect erroneous authentication due to the occurrence of acceptance of a false identity is transmitted to an employee terminal used by an employee or to the terminal , and the alarm flag is information used to determine the display mode of the acquired biometric information or the registered biometric information on the employee terminal or the terminal . the predetermined condition is a condition regarding a degree of similarity between biometric information of the person to be authenticated and biometric information of each of a plurality of users registered in advance,
6. The method for controlling a server device according to claim 5, further comprising the step of: transmitting the authentication result information to the staff terminal or the terminal by a computer installed in the server device when the predetermined condition is satisfied. The predetermined condition is a condition related to a seat class corresponding to the successful authentication person,
6. The method for controlling a server device according to claim 5, further comprising the step of: transmitting the authentication result information to the staff terminal or the terminal by a computer installed in the server device when the predetermined condition is satisfied. The method for controlling a server device according to any one of claims 5 to 7, wherein the authentication result information includes one or both of flight information including at least one of information about the airline, information about the arrival airport, and information about the flight number and departure time of the boarding aircraft corresponding to the successful authentication person, and personal information corresponding to the successful authentication person. A process of acquiring biometric information of a person to be authenticated from a terminal;
A process of controlling biometric authentication using biometric information of the person to be authenticated and biometric information of each of a plurality of users registered in advance;
a computer program for causing a computer to execute a process in which, when the biometric authentication is successful and specified conditions are satisfied, the computer program transmits authentication result information to an employee terminal used by an employee or to the terminal, the authentication result information including the acquired biometric information acquired from the terminal, the registered biometric information corresponding to the person who succeeded in the biometric authentication, and an alarm flag as information used to detect erroneous authentication due to the occurrence of false acceptance, and the alarm flag is information used to determine the display mode of the acquired biometric information or the registered biometric information on the employee terminal or the terminal. the predetermined condition is a condition regarding a degree of similarity between biometric information of the person to be authenticated and biometric information of each of a plurality of users registered in advance,
The computer program product according to claim 9, for causing a computer to execute a process of transmitting the authentication result information to the staff terminal or the terminal when the predetermined condition is satisfied. The predetermined condition is a condition related to a seat class corresponding to the successful authentication person,
The computer program product according to claim 9, for causing a computer to execute a process of transmitting the authentication result information to the staff terminal or the terminal when the predetermined condition is satisfied. The computer program according to any one of claims 9 to 11, wherein the authentication result information includes one or both of flight information including at least one of information about the airline, information about the arrival airport, and information about the flight number and departure time of the boarding aircraft corresponding to the successful authentication person, and personal information corresponding to the successful authentication person.

Images