JP2016151948A - Station service apparatus and station service system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a station service apparatus and a station service system capable of suppressing the occurrence of the impersonation of an attendant while suppressing an increase in an operation load.SOLUTION: A station service apparatus includes: a first information acquisition part; a second information acquisition part; a ticket examination processing part; and a permission part. The first information acquisition part acquires the identification information of an attendant. The second information acquisition part acquires the biological information of the attendant. The ticket examination processing part performs ticket examination processing corresponding to the operation of the attendant. The permission part permits unit processing when the authentication of the attendant based on the biological information acquired by the second information acquisition part succeeds for each unit processing performed by the ticket examination processing part after the authentication of the attendant based on the identification information acquired by the first information acquisition part succeeds.SELECTED DRAWING: Figure 4

Description

  Embodiments described herein relate generally to a station service device and a station service system.

  There are cases where a station staff is installed at a railway station so that a staff member of the station can perform a ticket gate process when entry or exit using an automatic ticket gate is impossible. 2. Description of the Related Art A station service device monitoring system is known in which an image representing the state of a station service device is captured by a monitoring camera and the captured image is displayed on a display screen. However, with the conventional technology, there is a case where impersonation of the staff in the station service device cannot be suppressed. On the other hand, if a password input or the like is requested every time the clerk operates, the operation load on the clerk increases.

JP 2000-251178 A

  The problem to be solved by the present invention is to provide a station service device and a station service system capable of suppressing an increase in operation load and suppressing an impersonation of a staff member.

  The station service apparatus according to the embodiment includes a first information acquisition unit, a second information acquisition unit, a ticket gate processing unit, and a permission unit. The first information acquisition unit acquires the identification information of the attendant. The second information acquisition unit acquires the biological information of the attendant. The ticket gate processing unit performs ticket processing according to the operation of the attendant. The permission unit is acquired by the second information acquisition unit for each unit process performed by the ticket gate processing unit after successful authentication of the clerk based on at least the identification information acquired by the first information acquisition unit. The unit processing is permitted when the staff authentication based on the biometric information is successful.

The figure which shows the structure of the station service system 1 which concerns on 1st Embodiment. The figure for demonstrating the function structure of the authentication server apparatus 100 which concerns on 1st Embodiment. The perspective view which shows the external appearance structure of the station service apparatus 20 which concerns on 1st Embodiment. The figure which shows the function structure of the station service apparatus 20 which concerns on 1st Embodiment. The flowchart which shows the flow of the process performed by the station service system 1 which concerns on 1st Embodiment. The flowchart which shows the flow of the process performed by the station service system 1 which concerns on 2nd Embodiment. The functional block diagram of the station service apparatus 20 of 3rd Embodiment. The flowchart which shows the flow of the process performed by the station service apparatus 20 which concerns on 3rd Embodiment. The flowchart which shows the flow of the process performed by the station service apparatus 20 which concerns on 4th Embodiment. The functional block diagram of the station service apparatus 20 of 5th Embodiment. The flowchart which shows the flow of the process performed by the station service system 1 which concerns on 5th Embodiment. The flowchart which shows the flow of the process performed by the station service system 1 which concerns on 6th Embodiment.

  Hereinafter, a station service apparatus and a station service system according to embodiments will be described with reference to the drawings.

(First embodiment)
FIG. 1 is a diagram illustrating a configuration of a station service system 1 according to the first embodiment. The station service system 1 includes, for example, an A station system 10A, a B station system 10B, and an authentication server device 100. Communication via the network NW is performed between the A station system 10A, the B station system 10B, and the authentication server device 100. The network NW includes, for example, a WAN (Wide Area Network), a public line, a VPN (Virtual Private Network), and a LAN (Local Area Network).

  The A station system 10A includes, for example, a station service device 20A. Similarly, the B station system 10B includes a station service device 20B. Moreover, in this embodiment, although A station system 10A and B station system 10B are shown as an example, the same station system is constructed also in stations other than the station provided with A station system 10A and B station system 10B. Good. Hereinafter, when the A station system 10A and the B station system 10B are not distinguished, they are simply referred to as the station system 10. Similarly, the components included in the station system 10 will be described by omitting the symbols “A” and “B” that distinguish the stations. Although not shown in the present embodiment, the station system 10 may include a ticket issuing machine, an automatic ticket gate, and the like in addition to the station service device 20.

  The station service device 20 transmits and receives information to and from the authentication server device 100 via the network NW. The functional configuration and processing details of the station service device 20 will be described later, and the functional configuration of the authentication server device 100 will be described first.

  FIG. 2 is a diagram for explaining a functional configuration of the authentication server device 100 according to the first embodiment. The authentication server device 100 includes, for example, a server control unit 110, a server storage unit 120, and a server communication unit 130. The server control unit 110 is, for example, a processor such as a CPU (Central Processing Unit). The server storage unit 120 is a storage device such as a RAM (Random Access Memory), a HDD (Hard Disk Drive), or a flash memory. The server communication unit 130 includes a network card or the like for connecting to the network NW.

  The server control unit 110 causes the server storage unit 120 to store the information acquired by the server communication unit 130 from the station system 10. The server control unit 110 returns the executed processing result or the search result of the server storage unit 120 to the station system 10 according to the information transmitted from the station system 10. For example, the server control unit 110 executes an authentication process requested by the station service device 20 and transmits an authentication result to the station service device 20. The server control unit 110 includes a first authentication unit 111 and a second authentication unit 112 as functional units corresponding to the type of authentication. Details of the authentication processing by these functional units will be described later. The server storage unit 120 stores information transmitted from the station service device 20, information acquired from other terminal devices connected to the network NW, information transmitted from other terminal devices, and the like.

  FIG. 3 is a perspective view showing an external configuration of the station service apparatus 20 according to the first embodiment. FIG. 4 is a diagram illustrating a functional configuration of the station service apparatus 20 according to the first embodiment. The station service device 20 is installed in a place different from the automatic ticket gate installed in the station, for example, in a space connecting the inside of the station and the outside of the station. For example, the staff member stays in a space where the station service device 20 is installed, and operates the station service device 20 as necessary.

  When a user inserts a magnetic ticket into the entrance of an automatic ticket gate or presents an electronic medium with an IC (Integrated Circuit) chip to the reader of the automatic ticket gate, but entry / exit is not permitted The user presents a magnetic ticket or an electronic medium (hereinafter simply referred to as “medium”) to a staff member who is an operator of the station service device 20. At this time, the clerk uses the station service device 20 to execute a ticket gate process for determining whether or not entry / exit permission is allowed for the medium presented by the user. If entry and exit permission is possible, allow the user to pass. On the other hand, if entry / exit is not permitted, the attendant asks the user to pay an additional fee or explains why entry / exit is not permitted.

  As shown in FIGS. 3 and 4, the station service device 20 includes a magnetic ticket reader / writer 30, an IC reader / writer 32, a money processing machine 34, a user display unit 36, and an attendant display / input unit 38. A clerk ID (IDentification) reading unit 40, a camera 42, a control unit 50, a storage unit 60, and a communication unit 70. These units are arranged around the work table TB or the work table TB so that a staff member can sit in front of the work table TB and perform business. The control unit 50 includes a magnetic ticket reader / writer 30, an IC reader / writer 32, a money handling machine 34, a user display unit 36, a clerk display / input unit 38, a clerk ID reading unit 40, and a camera 42. Are communicably connected.

  The control unit 50 includes a ticket gate processing unit 52, a display control unit 54, and an authentication processing unit 55. The ticket gate processing unit 52, the display control unit 54, and the authentication processing unit 55 of the control unit 50 are, for example, software that functions when a processor such as a CPU provided in the station service device 20 executes a program stored in a program memory. It is a functional part. Some or all of these functional units may be hardware functional units such as LSI (Large Scale Integration) and ASIC (Application Specific Integrated Circuit).

  The storage unit 60 is realized by a storage device such as a RAM (Random Access Memory), a HDD (Hard Disk Drive), a flash memory, or an EEPROM (Electrically Erasable Programmable Read-Only Memory). In addition, the storage unit 60 stores firmware, application programs, etc., various programs to be executed by the CPU included in the station service device 20, results of processing executed by the control unit 50, and other fares between the stations. A fare table or the like is stored.

  The magnetic ticket reader / writer 30 reads information including railroad usage information stored in the magnetic ticket or writes information to the magnetic ticket based on an instruction from the ticket gate processing unit 52. Further, the magnetic ticket reader / writer 30 issues a magnetic ticket in which information necessary for entry / exit is written.

  The IC reader / writer 32 supplies power to the IC chip built in the electronic medium presented by the user using electromagnetic induction, for example, and activates the IC chip. The IC reader / writer 32 performs wireless communication with the IC chip while the IC chip is activated, decodes the information encoded by a predetermined method and stored in the IC chip, and outputs the information to the control unit 50. The electronic medium stores information including railway usage information. Further, the IC reader / writer 32 encodes the processing result processed by the ticket gate processing unit 52 and writes the encoded information on the electronic medium. Here, the information written on the electronic medium is, for example, an entrance station, an exit station, an entry / exit processing time, other usage-related conditions, charge balance information after fare collection, and the like.

  The money processing machine 34 settles based on the amount charged to the user (settlement amount) in the processing result of the ticket gate processing unit 52 and the money put into the input unit (not shown) of the money processing machine 34 by the operator. The process is executed, and the result of the settlement process is output to the control unit 50. The money processing machine 34 discharges the difference as change when the inserted money exceeds the settlement amount. In addition, the money processor 34 may be provided with an input unit (not shown), and an amount of money may be input to the input unit by an operator.

  The clerk display / input unit 38 is, for example, a touch panel terminal device that displays an image based on an instruction from the control unit 50 and can detect the touch position when a touch operation is performed on the detection surface. The staff display / input unit 38 is configured by superimposing a display device such as an LCD (Liquid Crystal Display) or an organic EL (Electroluminescence) and a contact detection mechanism. The staff display / input unit 38 displays a GUI (Graphical User Interface) switch for operation. The clerk display / input unit 38 generates an operation signal indicating that a touch operation on the GUI switch has been performed and outputs the operation signal to the control unit 50 when a touch operation on the GUI switch is detected. Further, the staff display / input unit 38 outputs a signal indicating the position (coordinates) of the touch operation to the control unit 50, and the control unit 50 determines which GUI switch the touch operation is for. May be. The touch detection method as a touch panel detects, for example, a resistance film method that detects a voltage generated when two films are brought into contact with each other by operating a touch panel of the indicator, and a change in capacitance caused by an operation of the touch panel of the indicator. Any method may be used such as a capacitance method. The station service device 20 may include an input device such as a keyboard and a mouse.

  The clerk ID reading unit 40 reads information stored in the clerk identification card for identifying the clerk. For example, a clerk identification card is a card containing an IC chip in which identification information for identifying a clerk is stored. When the clerk identification card is trapped by the clerk ID reading unit 40 by the clerk, the clerk ID reading unit 40 performs wireless communication with the IC chip with the IC chip activated, and the clerk stored in the IC chip. Read the ID. The clerk ID reading unit 40 outputs the read clerk ID to the control unit 50.

  The camera 42 is installed so that an area including the face of the attendant becomes an imaging area in a state where the attendant operating the station service device 20 stands or sits down. The camera 42 includes a solid-state imaging device such as a charge coupled device (CCD) or a complementary metal oxide semiconductor (CMOS). The camera 42 converts the light received by the solid-state imaging device into an electric signal, and generates an image based on the converted electric signal. The camera 42 outputs the generated image to the control unit 50. Note that the camera 42 may have a function of automatically recognizing a face based on a feature point or the like and adjusting an imaging region so that the face can be appropriately captured.

  The ticket gate processing unit 52 acquires information output from each function unit. The ticket gate processing unit 52 determines whether or not the user can pass based on the acquired information, and outputs a determination result or information generated based on the determination result to each unit. The determination of whether or not the user can pass is executed based on whether or not the information stored in the presented medium satisfies the conditions for permitting entry from the station premises to the station premises, or for allowing entry from the station premises to the station premises. .

  At the time of entrance, if the ticket gate processing unit 52 determines that the presented medium satisfies the admission permission condition, the attendant permits the user who presented the medium to enter. When the ticket gate processing unit 52 determines that the presented medium satisfies the participation permission condition at the time of participation, the attendant permits the user who presented the medium to participate. Further, the display control unit 54 causes the clerk display / input unit 38 or the user display unit 36 to display an image indicating the processing result in accordance with the processing result of the ticket gate processing unit 52.

  The authentication processing unit 55 includes a first request unit 56, a second request unit 57, and a permission unit 58. The first request unit 56 requests the authentication server device 100 to authenticate the clerk based on the identification information acquired by the clerk ID reading unit 40. The second request unit 57 requests the authentication server device 100 to authenticate a staff member based on information acquired by the camera 42. The permission unit 58 performs the unit processing performed by the ticket gate processing unit 52 after the authentication requested by the first requesting unit 56 to the authentication server device 100 is successful and the authentication requested by the second requesting unit 57 is successful. The second request unit 57 requests the authentication server device 100 to permit unit processing by the clerk when the requested clerk has been successfully authenticated.

  The communication unit 70 transmits the processing result of the control unit 50, the processing process, and the like to the authentication server device 100 based on the instruction of the control unit 50. In addition, the communication unit 70 acquires information transmitted from the authentication server device 100.

  FIG. 5 is a flowchart showing a flow of processing executed by the station service system 1 according to the first embodiment. In the present embodiment, it is assumed that identification information and face information of a staff member who has authority to operate the station service device 20 is stored in the server storage unit 120 in advance.

  First, the permission unit 58 of the station service device 20 performs initial authentication permission determination (steps S100 to S110). By permitting the initial authentication, the clerk can start work using the station service device 20.

  First, the clerk ID reading unit 40 of the station service device 20 receives clerk identification information (step S100). Next, the camera 42 images the face of the clerk (step S102). For example, the camera 42 captures an image at a timing corresponding to the clerk ID reading unit 40 being deceived by the clerk identification card. Thereby, the camera 42 can image the face of the clerk wearing the clerk identification card in a state where the clerk stands up or sits down and can operate the station service device 20. Next, the first request unit 56 requests the authentication server device 100 to authenticate a staff member based on the identification information read in step 100 (step S104). Next, the second request unit 57 requests the authentication server device 100 to authenticate a staff member based on the face image (hereinafter referred to as “face information”) captured in step S102 (step S106).

  Note that the second request unit 57 may transmit the image data obtained by capturing the face of the clerk as face information to the authentication server device 100 as it is, or compress the image data, encode the data, etc. It may be transmitted as information. Further, the second request unit 57 may derive a feature amount from image data and transmit only the feature amount to the authentication server device 100 as face information. Thereby, identification information and face information are transmitted to the authentication server device 100.

  Next, the 1st authentication part 111 of the authentication server apparatus 100 performs the authentication process based on the identification information acquired via the server communication part 130 (step S150). For example, the first authentication unit 111 compares the identification information acquired via the server communication unit 130 with the identification information stored in the server storage unit 120 and determines whether or not they match. Here, “matching” may mean, for example, that the transmitted identification information and the identification information stored in the server storage unit 120 completely match or partially match. May be. Further, when the transmitted identification information is an encrypted password, the first authentication unit 111 decrypts the password, and whether or not the decrypted password matches the password stored in the server storage unit 120. It may be determined.

  Next, the 2nd authentication part 112 of the authentication server apparatus 100 performs the authentication process of a staff based on the face information acquired via the server communication part 130 (step S152). In addition, the second authentication unit 112 compares, for example, the positional relationship such as feature points and contours in the acquired face information with the positional relationship such as feature points and contours of the facial information stored in the server storage unit 120. . As a result of the comparison, when these positional relationships are within the allowable range, it is determined that the authentication based on the face information is successful. The authentication processing based on face information is for determining whether or not the difference from the feature amount stored in the server storage unit 120 is within an allowable range when the feature amount of the image is acquired as face information. It may be.

  Based on these authentication results, the server control unit 110 determines whether or not the staff authentication has succeeded. The server control unit 110 according to the present embodiment assumes that the authentication is successful when the authentication based on the identification information by the first authentication unit 111 is successful and the authentication based on the face information by the second authentication unit 112 is successful. Generate authentication result for. On the other hand, if the identification information does not match or the face information is not similar enough to be the same person, the server control unit 110 generates an authentication result indicating that the authentication has failed. Next, the server control part 110 transmits an authentication result to the station service apparatus 20 (step S154).

  Next, the permission unit 58 of the station service device 20 acquires the authentication result, and determines whether or not the acquired authentication result indicates success (step S108). If the authentication result indicates failure, the process returns to step S100. On the other hand, when the authentication result indicates success, the permission unit 58 controls the station service device 20 to be operable (step S110). Thus, the initial authentication permission determination is completed.

  After controlling the station apparatus 20 to be operable, the permission unit 58 determines whether or not the execution of the unit process has been started (step S112). In the present embodiment, the unit process is a process that is not preferably performed in a state where an impersonator has been impersonated, such as manual change / deletion of medium usage history, addition, entry / exit permission, etc. This is a process that requires security. Then, the permission unit 58, for example, when an initial operation for starting the above-described various processes is performed, or when a staff member sets the medium presented by the user in the magnetic ticket reader / writer 30 or the IC reader / writer 32, etc. It is determined that the execution of the unit process has started.

  When execution of the unit process is not started by the clerk, the permission unit 58 determines whether or not the clerk is replaced (step S114). If it is determined that the staff has been changed, the process returns to step S100. If it is determined that the staff has not been changed, the process returns to step S112. For example, when an operation input indicating that a clerk is to be changed is made by the clerk via the user display unit 36, or a clerk identification card of a clerk different from the clerk who has been initially authenticated is tricked into the clerk ID reading unit 40. When this is detected, the permission unit 58 determines that an attendant has been replaced. In the process of step S114, the permission unit 58 returns to the process of step S100 if a predetermined time has elapsed from the reference time, and returns to the process of step S112 if the predetermined time has not elapsed from the reference time. It may be processed. The reference time may be a timing at which the previous unit process is started or completed, or may be a timing at which the initial authentication permission determination is completed.

  When execution of the unit process is started by the clerk, the second request unit 57 causes the camera 42 to image the clerk's face (step S116). Next, the second request unit 57 requests the authentication server device 100 to authenticate a staff member based on the acquired face information (step S118). Thereby, the face information acquired in step S116 is transmitted to the authentication server device 100.

  Next, the second authentication unit 112 of the authentication server device 100 acquires face information from the second request unit 57, and based on the acquired face information and the face information stored in advance in the server storage unit 120. The staff authentication process is executed (step S156). The server control unit 110 transmits the authentication result to the permission unit 58 (step S158).

  Next, the permission unit 58 acquires the authentication result, and determines whether or not the acquired authentication result indicates success (step S120). If the authentication result indicates failure, the permission unit 58 does not permit execution of the unit process (step S122). In this case, the permission unit 58 causes the clerk display / input unit 38 to display an image that prohibits execution of the unit process, for example. If the authentication result indicates success, the permission unit 58 permits the ticket gate processing unit 52 to execute unit processing (step S124). Then, it returns to step S112 and a process is continued.

  By such control, the station service apparatus 20 according to the present embodiment can prevent a person who is not a regular staff member from performing unit processing, that is, spoofing of a staff member. In addition, since the imaging by the camera 42 and the authentication process using the captured image do not particularly require the clerk's operation, an increase in the clerk's operation load can be suppressed.

  In this embodiment, when the clerk identification card is deceived by the clerk, the clerk ID reading unit 40 reads the identification information and acquires the identification information (step S100). For example, display / input for clerk Identification information, a password, or the like manually input to the unit 38 by an attendant may be handled as identification information used in the processing of this embodiment.

  In addition, the face information of the clerk who executed the unit processing according to the present embodiment and the process or the processing result executed by the clerk may be stored in the storage unit 60 or the server storage unit 120. As a result, when it becomes necessary to specify the combination of the details of the processing executed by the station service device 20 and the clerk who performed the processing later, the details of the processing performed by the clerk and the clerk are specified. be able to.

  In the present embodiment, authentication is performed by comparing face information, which is an example of biometric information of an attendant, with information stored in the server storage unit 120, but instead of authentication using face information. Authentication processing using other biometric information may be performed. The biological information may be, for example, a fingerprint, a voiceprint, a retina, an iris, a vein pattern, or the like. In addition, the station service device 20 may use a human body communication technique when acquiring the identification information. In this case, the station service device 20 includes a detection unit that detects information output from a communication tag for performing human body communication. For example, when an attendant carries the communication tag and touches the detection unit of the station service device 20, the identification information output by the communication tag is output to the station service device 20 through the human body.

  According to the station service apparatus 20 of the first embodiment described above, after the authentication requested by the first request unit 56 is successful and the authentication requested by the second request unit 57 is successful, the ticket gate processing unit. The second request unit 57 requests authentication for each unit processing performed by the 52, and when the requested authentication is successful, the unit processing by the clerk is permitted. Generation of impersonation can be suppressed.

(Second Embodiment)
Hereinafter, the second embodiment will be described. Here, the difference from the first embodiment will be mainly described, and description of functions and the like common to the first embodiment will be omitted. In the first embodiment, the server storage unit 120 stores in advance the identification information and face information of a staff member who has authority to operate the station service device 20 in association with each other. Then, after the initial authentication is successful at the request of the first request unit 56, the second request unit 57 authenticates the staff based on the face information acquired for each unit process and the face information acquired at the time of initial authentication. To the authentication server device 100.

  FIG. 6 is a flowchart showing the flow of processing executed by the station service system 1 according to the second embodiment. First, the clerk ID reading unit 40 of the station service device 20 receives clerk identification information (step S200). Next, according to an instruction from the authentication processing unit 55, the camera 42 captures the face of the attendant (step S202). Next, the 1st request part 56 requests | requires the authentication server apparatus 100 for the authentication of the staff based on the identification information read by the process of step 100 (step S204).

  Next, the 1st authentication part 111 of the authentication server apparatus 100 performs the authentication process based on the identification information acquired via the server communication part 130 (step S250). The contents of such processing are the same as in the first embodiment. Next, the server control unit 110 transmits the authentication result to the station service device 20 (step S252).

  Next, the permission unit 58 of the station service device 20 acquires the authentication result, and determines whether or not the acquired authentication result indicates success (step S206). If the authentication result indicates failure, the process returns to step S200. On the other hand, when the authentication result indicates success, the second request unit 57 transmits the face information acquired in the process of step S202 to the authentication server apparatus 100 (step S208). Next, the authentication server device 100 stores the transmitted face information in the server storage unit 120 in association with the identification information acquired in the process of step S250 (step S254).

  Next, the permission unit 58 controls the station service device 20 so as to be operable (step S210). Next, after controlling the station apparatus 20 to be operable, the permission unit 58 determines whether or not the execution of the unit process has been started (step S212). When execution of the unit process is not started by the staff, the permission unit 58 determines whether or not the staff has been replaced (step S214). If it is determined that the staff has been changed, the process returns to step S200. If it is determined that the staff has not been changed, the process returns to step S212.

  When the execution of the unit process is started by the clerk, the second request unit 57 causes the camera 42 to image the clerk's face (step S216). Next, the second request unit 57 requests the authentication server device 100 to authenticate a staff member based on the acquired face information (step S218). Thereby, the face information acquired in step S216 is transmitted to the authentication server device 100.

  Next, the second authentication unit 112 of the authentication server device 100 acquires face information from the second request unit 57, and based on the acquired face information and the face information stored in advance in the server storage unit 120. The staff authentication process is executed (step S256). The contents of such processing are the same as in the first embodiment. The server control unit 110 transmits the authentication result to the permission unit 58 (step S258).

  Next, the permission unit 58 acquires the authentication result, and determines whether or not the acquired authentication result indicates success (step S220). If the authentication result indicates failure, the permission unit 58 does not permit execution of the unit process (step S222). When the authentication result indicates success, the permission unit 58 permits the ticket gate processing unit 52 to execute the unit process (step S224). Then, it returns to step S212 and a process is continued.

  According to the station service apparatus 20 of the second embodiment described above, after the initial authentication is successful at the request of the first request unit 56, the second request unit 57 acquires the face information acquired for each unit process. And authentication server device 100 is requested to perform authentication based on the face information acquired at the time of initial authentication. As a result, in addition to having the same effect as the first embodiment, the station service device 20 of the second embodiment can exhibit the effect of being able to follow changes in the appearance of the staff. This is because the face information acquired at the time of initial authentication of the station service device 20 becomes face information serving as a reference for authentication, and therefore the face information serving as a reference is not affected by changes over time. As a result, the station service device 20 of the second embodiment can perform authentication based on face information with higher accuracy.

(Third embodiment)
Hereinafter, a third embodiment will be described. Here, the difference from the first embodiment will be mainly described, and description of functions and the like common to the first embodiment will be omitted. In the first embodiment, the authentication processing unit 55 requests the authentication server device 100 to perform authentication based on the identification information and the face information. However, in the third embodiment, the authentication determination unit included in the station service device 20. 85 executes an authentication process based on the identification information and the face information.

  FIG. 7 is a functional configuration diagram of the station service device 20 according to the third embodiment. In the present embodiment, the control unit 50 includes an authentication determination unit 85 instead of the authentication processing unit 55. The authentication determination unit 85 includes a first authentication unit 86, a second authentication unit 87, and a permission unit 88. The first authentication unit 86 executes an authentication process based on the clerk identification information stored in advance in the storage unit 60 and the clerk identification information acquired by the clerk ID reading unit 40. The second authentication unit 87 executes an authentication process based on the face information acquired from the camera 42 and the information stored in the storage unit 60 in association with the identification information of the clerk. The permission unit 88 performs authentication by the second authentication unit 87 for each unit process executed by the own device after the first authentication unit 86 has succeeded in authentication and the second authentication unit 87 has successfully performed authentication. It is determined whether or not indicates success, and if the authentication indicates success, an operation for performing unit processing by an attendant is permitted.

  FIG. 8 is a flowchart showing the flow of processing executed by the station service apparatus 20 according to the third embodiment. First, the clerk ID reading unit 40 of the station service device 20 receives clerk identification information (step S300). Next, according to an instruction from the authentication determination unit 85, the camera 42 images the face of the clerk (step S302). Next, the 1st authentication part 86 performs the authentication process of the attendant based on the acquired identification information (step S304). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment. Next, the 2nd authentication part 87 performs the authentication process of the attendant based on the acquired face information (step S306). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment. Next, the permission unit 88 of the station service device 20 determines whether or not the authentication result indicates success (step S308). If the authentication result indicates failure, the process returns to step S300. On the other hand, when the authentication result indicates success, the permission unit 88 controls the station service device 20 to be operable (step S310). Thus, the initial authentication permission determination is completed.

  After controlling the station service device 20 to be operable, the permission unit 88 determines whether or not execution of the unit process has been started (step S312). When execution of the unit process is not started by the staff, the permission unit 88 determines whether or not the staff is replaced (step S314). If it is determined that the staff has been changed, the process returns to step S300. If it is determined that the staff has not been changed, the process returns to step S312.

  When execution of the unit process is started by the clerk, the second authentication unit 87 causes the camera 42 to image the clerk's face (step S316). Next, the second authentication unit 87 executes an authentication process for the staff based on the captured face information and the face information stored in advance in the storage unit 60 (step S318). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment.

  Next, the permission unit 88 acquires an authentication result, and determines whether or not the acquired authentication result indicates success (step S320). If the authentication result indicates failure, the permission unit 88 disallows execution of the unit process (step S322). If the authentication result indicates success, the permission unit 88 permits the ticket gate processing unit 52 to execute unit processing (step S324). Thereafter, the process returns to step S312, and the process is continued.

  According to the station service apparatus 20 of the third embodiment described above, the permitting unit 88 has succeeded in the authentication by the first authenticating unit 86 and the authentication by the second authenticating unit 87, and thereafter For each unit process executed by the above, it is determined whether or not the authentication by the second authentication unit 87 indicates success. When the authentication indicates success, the unit process by the attendant is performed. Allow operation. As a result, it is possible to suppress an increase in the operation load of the clerk and to suppress the masquerade of the clerk from being generated only by the station service device 20.

(Fourth embodiment)
Hereinafter, a fourth embodiment will be described. Here, the description will focus on differences from the third embodiment, and descriptions of functions and the like common to the third embodiment will be omitted. In the third embodiment, the second authentication unit 87 executes the authentication process based on the acquired face information and the face information stored in the storage unit 60 in advance. In the embodiment, the second authentication unit 87 stores the face information acquired when the authentication is performed by the first authentication unit 86 in the storage unit 60, and the second authentication unit 87 stores the face information in the storage unit 60. The authentication process is executed by comparing the stored information with the face information acquired for each unit process.

  FIG. 9 is a flowchart showing a flow of processing executed by the station service apparatus 20 according to the fourth embodiment. First, the clerk ID reading unit 40 of the station service device 20 receives clerk identification information (step S400). Next, according to the instruction from the authentication determination unit 85, the camera 42 captures the face of the clerk (step S402). Next, the 1st authentication part 86 performs the authentication process of the attendant based on the acquired identification information (step S404). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment.

  Next, the permission unit 58 acquires the authentication result, and determines whether or not the acquired authentication result indicates success (step S406). If the authentication result indicates failure, the process returns to step S400. On the other hand, if the authentication result indicates success, the permission unit 58 stores the face information acquired in the process of step S402 in the storage unit 60 in association with the identification information acquired in the process of step S400 (step S400). S408).

  Next, the permission unit 58 controls the station service device 20 to be operable (step S410). Next, after controlling the station apparatus 20 to be operable, the permission unit 58 determines whether or not the execution of the unit process has been started (step S412). When execution of the unit process is not started by the staff, the permission unit 58 determines whether or not the staff has been replaced (step S414). If it is determined that the staff has been changed, the process returns to step S400. If it is determined that the staff has not been changed, the process returns to step S412.

  When execution of the unit process is started by the clerk, the second authentication unit 87 causes the camera 42 to capture the clerk's face (step S416). Next, the second authentication unit 87 executes an authentication process for the staff based on the captured face information and the face information stored in advance in the storage unit 60 (step S418). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment.

  Next, the permission unit 58 acquires the authentication result, and determines whether or not the acquired authentication result indicates success (step S420). If the authentication result indicates failure, the permission unit 58 does not permit execution of the unit process (step S422). If the authentication result indicates success, the permission unit 58 permits the ticket gate processing unit 52 to execute the unit process (step S424). Thereafter, the process returns to step S412, and the process is continued.

  According to the station service apparatus 20 of the fourth embodiment described above, the second authentication unit 87 stores the face information acquired when the first authentication unit 86 performs authentication in the storage unit 60. Then, the second authentication unit 87 executes the authentication process based on the information stored in the storage unit 60 and the face information acquired for each unit process. As a result, the station service device 20 according to the fourth embodiment can achieve the effect of being able to follow the change in the appearance of the clerk in addition to the same effect as the third embodiment. This is because the face information acquired at the time of initial authentication of the station service device 20 becomes information serving as a reference for authentication, and thus the face information serving as a reference is not affected by changes over time. As a result, the station service device 20 according to the fourth embodiment can perform authentication based on face information with higher accuracy.

(Fifth embodiment)
The fifth embodiment will be described below. Here, the difference from the first embodiment will be mainly described, and description of functions and the like common to the first embodiment will be omitted. In the first embodiment, in the initial authentication permission determination, based on the request of the first request unit 56, the authentication server device 100 acquires the identification information and the identification information stored in the server storage unit 120 in advance. In the fifth embodiment, the station service device 20 performs the authentication process based on the acquired identification information and the identification information stored in the storage unit 60 in advance. Execute.

  FIG. 10 is a functional configuration diagram of the station service device 20 according to the fifth embodiment. In the present embodiment, the control unit 50 includes an authentication control unit 90 instead of the authentication processing unit 55. The authentication control unit 90 includes an identification information authentication unit 92, a biometric information authentication request unit 94, and a permission unit 96. The identification information authentication unit 92 executes an authentication process based on the clerk identification information stored in advance in the storage unit 60 and the clerk identification information acquired by the clerk ID reading unit 40. The biometric information authentication request unit 94 requests the authentication server device 100 to authenticate a staff member based on the face information acquired by the camera 42. The permission unit 96 indicates that the authentication requested by the biometric information authentication requesting unit 94 to the authentication server device 100 is successful for each unit process executed by the own device after the identification information authenticating unit 92 succeeds in the authentication. If the authentication indicates success, an operation for performing unit processing by an attendant is permitted.

  FIG. 11 is a flowchart showing a flow of processing executed by the station service system 1 according to the fifth embodiment. In the present embodiment, identification information of an attendant who has an operation authority for the station service device 20 is stored in the storage unit 60 in advance, and face information of an attendant who has an operation authority for the station service device 20 in advance is stored in the server storage unit 120. Is stored.

  First, the clerk ID reading unit 40 of the station service device 20 receives clerk identification information (step S500). Next, according to the instruction from the authentication control unit 90, the camera 42 captures the face of the clerk (step S502). Next, the identification information authenticating unit 92 executes a clerk authentication process based on the identification information read in the process of step 500 (step S504). The content of the processing is the same as the processing described as processing performed by the authentication server device 100 in the first embodiment or the second embodiment. Next, the biometric information authentication requesting unit 94 requests the authentication server device 100 to authenticate a staff member based on the face information (step S506). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment.

  Next, the 2nd authentication part 112 of the authentication server apparatus 100 performs the authentication process of a staff based on the face information acquired via the server communication part 130 (step S550). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment. Next, the server control unit 110 transmits the authentication result to the station service device 20 (step S552).

  Next, the permission unit 96 of the station service device 20 acquires authentication results of identification information and face information, and determines whether or not the acquired authentication results indicate success (step S508). If the authentication result indicates failure, the process returns to step S500. On the other hand, when the authentication result indicates success, the permission unit 96 controls the station service device 20 to be operable (step S510). Thus, the initial authentication permission determination is completed.

  After controlling the station service device 20 to be operable, the permission unit 96 determines whether or not the execution of the unit process is started (step S512). When execution of the unit process is not started by the staff, the permission unit 96 determines whether or not the staff has been replaced (step S514). If it is determined that the staff has been changed, the process returns to step S500. If it is determined that the staff has not been changed, the process returns to step S512.

  When the execution of the unit process is started by the clerk, the biometric information authentication request unit 94 causes the camera 42 to image the clerk's face (step S516). Next, the biometric information authentication request unit 94 requests the authentication server device 100 to authenticate a staff member based on the acquired face information (step S518). Thereby, the face information acquired in step S516 is transmitted to the authentication server device 100.

  Next, the second authentication unit 112 of the authentication server device 100 acquires face information from the biometric information authentication request unit 94, and based on the acquired face information and face information stored in advance in the server storage unit 120. The staff authentication process is executed (step S554). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment. The server control unit 110 transmits the authentication result to the permission unit 96 (step S556).

  Next, the permission unit 96 acquires the authentication result, and determines whether or not the acquired authentication result indicates success (step S520). If the authentication result indicates failure, the permission unit 96 disallows execution of the unit process (step S522). When the authentication result indicates success, the permission unit 96 permits the ticket gate processing unit 52 to execute the unit process (step S524). Then, it returns to step S512 and a process is continued.

  According to the station service system 1 of the fifth embodiment described above, in the initial authentication, the identification service authentication process is executed by the station service apparatus 20, and the biometric information authentication is executed by the authentication server apparatus 100. As a result, the station service system 1 of the fifth embodiment can easily execute identification information authentication in initial authentication in its own device in addition to the same effects as those of the first embodiment.

(Sixth embodiment)
The sixth embodiment will be described below. Here, the description will focus on differences from the fifth embodiment, and descriptions of functions and the like common to the fifth embodiment will be omitted. In the fifth embodiment, the station service device 20 executes the initial authentication using the station service device 20 and the authentication server. However, in the sixth embodiment, the station authentication device 20 executes the initial authentication only by the station service device 20.

  FIG. 12 is a flowchart showing a flow of processing executed by the station service system 1 according to the sixth embodiment. In the present embodiment, it is assumed that identification information of a staff member who has an operation authority for the station service device 20 is stored in the storage unit 60 in advance.

  First, the clerk ID reading unit 40 of the station service device 20 receives clerk identification information (step S600). Next, according to the instruction from the authentication control unit 90, the camera 42 images the face of the clerk (step S602). Next, the identification information authenticating unit 92 executes a clerk authentication process based on the identification information read in the process of step 600 (step S604). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment.

  Next, the permission unit 96 of the station service device 20 acquires the authentication result, and determines whether or not the acquired authentication result indicates success (step S606). If the authentication result indicates failure, the process returns to step S600. On the other hand, if the authentication result indicates success, the biometric information authentication requesting unit 94 associates the identification information authenticated in the authentication process in step S604 with the face information acquired in the process in step S602. It transmits to 100 (step S608). Next, the authentication server device 100 stores the transmitted face information in the server storage unit 120 in association with the identification information authenticated in the process of step S604 (step S650).

  Next, the permission unit 96 controls the station service device 20 to be operable (step S610). Next, after controlling the station apparatus 20 to be operable, the permission unit 96 determines whether or not the execution of the unit process has been started (step S612). When execution of the unit process is not started by the staff, the permission unit 96 determines whether or not the staff has been replaced (step S614). If it is determined that the staff has been changed, the process returns to step S600. If it is determined that the staff has not been changed, the process returns to step S612.

  When the execution of the unit process is started by the clerk, the biometric information authentication request unit 94 causes the camera 42 to capture the clerk's face (step S616). Next, the biometric information authentication request unit 94 requests the authentication server device 100 to authenticate a staff member based on the acquired face information (step S618). In this case, the face information acquired in step S616 is transmitted to the authentication server apparatus 100 in association with the identification information authenticated in step S604.

  Next, the second authentication unit 112 of the authentication server device 100 acquires face information from the biometric information authentication request unit 94, and based on the acquired face information and face information stored in advance in the server storage unit 120. The staff authentication process is executed (step S652). The contents of the processing are the same as the processing described as processing performed by the authentication server device 100 in the first or second embodiment. The server control unit 110 transmits the authentication result to the permission unit 96 (step S654).

  Next, the permission unit 96 acquires the authentication result, and determines whether or not the acquired authentication result indicates success (step S620). If the authentication result indicates failure, the permission unit 96 disallows execution of the unit process (step S622). When the authentication result indicates success, the permission unit 96 permits the ticket gate processing unit 52 to execute the unit process (step S624). Then, it returns to step S612 and a process is continued.

  According to the station service system 1 of the sixth embodiment described above, after the initial authentication is successful by the authentication process of the identification information authentication unit 92, the biometric information authentication request unit 94 acquires the face information acquired for each unit process. And authentication server device 100 is requested to perform authentication based on the face information acquired at the time of initial authentication. As a result, the station service system 1 of the sixth embodiment has the same effects as those of the first embodiment, and can easily perform initial authentication on its own device, and changes in the appearance of staff members. The effect that it can follow can be produced. This is because the face information acquired at the time of initial authentication of the station service device 20 becomes face information serving as a reference for authentication, and therefore the face information serving as a reference is not affected by changes over time. As a result, the station service system 1 according to the sixth embodiment can easily execute initial authentication and more accurately execute authentication based on face information.

  According to at least one embodiment described above, the first information acquisition unit (40) that acquires the identification information of the clerk, the second information acquisition unit (42) that acquires the biological information of the clerk, After the ticket gate processing unit (52) that performs the ticket gate processing according to the operation and the authentication of the clerk based on the identification information acquired by at least the first information acquisition unit succeeds, By having the permission unit (58, 88, 96) that permits the unit processing when authentication of the clerk based on the biometric information acquired by the information acquisition unit 2 is successful, spoofing can be further suppressed. .

Moreover, this embodiment can be expressed as follows.
A first information acquisition unit that acquires identification information of a staff member;
A second information acquisition unit for acquiring biometric information of the staff;
A ticket gate processing unit for performing ticket gate processing including unit processing for allowing a user who cannot pass through an automatic ticket gate based on the operation of the clerk and information obtained from the medium presented by the user;
Biological information acquired by the second information acquisition unit at least for each unit process performed by the ticket gate processing unit after successful authentication of the staff based on the identification information acquired by the first information acquisition unit An authorization unit that authorizes the unit process when the clerk's authentication is based on:
A station service device comprising:

  Although several embodiments of the present invention have been described, these embodiments are presented by way of example and are not intended to limit the scope of the invention. These embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. These embodiments and their modifications are included in the scope and gist of the invention, and are also included in the invention described in the claims and the equivalents thereof.

DESCRIPTION OF SYMBOLS 1 ... Station service system, 20 ... Station service device, 40 ... Personnel ID reading part, 42 ... Camera, 50 ... Control part, 55 ... Authentication process part, 56 ... 1st request part, 57 ... 2nd request part, 58 ... permission unit, 60 ... storage unit, 70 ... communication unit, 85 ... authentication determination unit, 86 ... first authentication unit, 87 ... second authentication unit, 88, 96 ... permission unit, 92 ... identification information authentication unit 94 ... Biometric information authentication request unit, 100 ... Authentication server device, 110 ... Server control unit, 120 ... Server storage unit, 130 ... Server communication unit

Claims (9)

A first information acquisition unit that acquires identification information of a staff member;
A second information acquisition unit for acquiring biometric information of the staff;
A ticket gate processing unit that performs ticket processing according to the operation of the staff,
The biometric information acquired by the second information acquisition unit is acquired for each unit process performed by the ticket gate processing unit after at least the authentication of the attendant based on the identification information acquired by the first information acquisition unit is successful. A permission unit that permits the unit processing when the authentication of the clerk based is successful,
A station service device comprising: A first request unit that requests other devices to authenticate the staff based on the identification information acquired by the first information acquisition unit;
A second request unit that requests other devices to authenticate the staff based on the biometric information acquired by the second information acquisition unit;
The station service apparatus according to claim 1. The authorization unit performs the second request for each unit process performed by the ticket gate processing unit after the authentication requested by the first request unit is successful and the authentication requested by the second request unit is successful. The request unit requests authentication, and permits the unit processing when the requested authentication is successful.
The station service apparatus according to claim 2. The second request unit acquires the biometric information by the second information acquisition unit when authentication is performed by the first request unit, and uses the acquired biometric information as authentication reference information. Send to other devices,
The station service apparatus according to claim 2. A first authentication unit that authenticates the clerk by comparing the identification information of the clerk stored in advance in the storage unit with the identification information of the clerk acquired by the first information acquisition unit;
A second authentication unit that authenticates the clerk by comparing the biometric information acquired by the second information acquisition unit with information stored in the storage unit in association with the identification information of the clerk. When,
The station service apparatus according to claim 1. The authorization unit authenticates the second authentication unit for each unit process performed by the ticket gate processing unit after the authentication by the first authentication unit is successful and the authentication by the second authentication unit is successful. Allow unit processing by the clerk if successful
The station service apparatus according to claim 5. The second authentication unit acquires biometric information by the second information acquisition unit when authentication is performed by the first authentication unit, and uses the acquired biometric information as reference information for authentication. To remember,
The station service apparatus according to claim 5. A first authentication unit that authenticates the clerk by comparing the identification information of the clerk stored in advance in the storage unit with the identification information of the clerk acquired by the first information acquisition unit;
A second request unit that requests other devices to authenticate the staff based on the biometric information acquired by the second information acquisition unit;
The station service apparatus according to claim 1. The station service apparatus according to any one of claims 1 to 4 or claim 8,
An authentication server device that performs authentication based on a request from the station service device and transmits an authentication result to the station service device;
Equipped with station service system.

Images