[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2024194962A1 - Biometric authentication system, biometric information distribution location determination device, biometric information distribution location determination method, and program - Google Patents

Biometric authentication system, biometric information distribution location determination device, biometric information distribution location determination method, and program Download PDF

Info

Publication number
WO2024194962A1
WO2024194962A1 PCT/JP2023/010738 JP2023010738W WO2024194962A1 WO 2024194962 A1 WO2024194962 A1 WO 2024194962A1 JP 2023010738 W JP2023010738 W JP 2023010738W WO 2024194962 A1 WO2024194962 A1 WO 2024194962A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
biometric information
biometric
location determination
Prior art date
Application number
PCT/JP2023/010738
Other languages
French (fr)
Japanese (ja)
Inventor
浩明 前田
亮太 石橋
浩司 山本
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2023/010738 priority Critical patent/WO2024194962A1/en
Publication of WO2024194962A1 publication Critical patent/WO2024194962A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the present invention relates to the technical field of biometric authentication.
  • biometric authentication Various service formats using biometric authentication are envisioned. For example, when a user is empty-handed (not carrying their own device (such as a smartphone)) and accesses a social device installed around town (such as a digital signage display or a PC installed in a cafe), a camera installed in the device will read biometric information such as the face, and the user will be identified based on biometric authentication, resulting in the provision of services specifically tailored to the user.
  • Non-Patent Document 1 is the technology disclosed in Non-Patent Document 1.
  • facial recognition processing can be performed quickly and with high accuracy by searching for matching facial data in a database (DB) based on the identifier in addition to the facial data obtained from the user.
  • DB database
  • the present invention was made in consideration of the above points, and aims to provide technology that makes it possible to speed up processing in biometric authentication.
  • a plurality of servers each having a biometric authentication unit and located at two or more different locations; a biometric information deployment location determination unit that selects a specific server from the plurality of servers for storing biometric information to be used for biometric authentication of the user based on a user's location identified or predicted from user's location-related information, and requests the selected specific server to store the biometric information.
  • the disclosed technology provides a technology that makes it possible to speed up processing in biometric authentication.
  • FIG. 1 is a diagram illustrating an example of a configuration of a biometric authentication system according to an embodiment of the present invention.
  • 1 is a diagram showing an example of information stored in a user information management DB 20.
  • FIG. FIG. 13 is a diagram showing an image of an MEC server table.
  • FIG. 2 is a diagram illustrating a configuration example of a biological information deployment location determination unit 100.
  • 1 is a flowchart for explaining a first embodiment.
  • 11 is a flowchart for explaining a second embodiment.
  • 13 is a flowchart for explaining a third embodiment.
  • 13 is a flowchart for explaining a fourth embodiment.
  • FIG. 2 illustrates an example of a hardware configuration of the apparatus.
  • MEC Multi-access Edge Computing
  • each MEC server is provided with a biometric authentication unit having a biometric authentication (e.g., face authentication) function.
  • the biometric authentication system also includes a biometric information deployment location determination unit.
  • the biometric information placement location determination unit determines which MEC server in which region should store which user's biometric data, based on location-related information for identifying or predicting the user's current or future location, and updates the information as it changes.
  • the above location-related information includes, for example, "the contract address of the user's carrier (3GPP) network,” "information on the base station that the 3GPP-subscribed UE (terminal) normally accesses,” “history of 3GPP C-Plane presence information,” and “location information (and associated time information) obtained from the system of the service (or application) used by the user.”
  • the technology according to this embodiment can be applied to situations where a user uses a service via a social device while hands-free, but it is assumed that there will be situations in the user's daily life where the user carries his/her UE with him/her, and it is assumed that control will be performed using the location information history, etc., collected at such times.
  • this is not limited to situations where a user uses a service via a social device while empty-handed, but can also be applied when the user has their own UE.
  • the system will recognize the user when they stop in front of or pass by a social device such as digital signage and display the user's schedule, without the user having to take out their UE.
  • a social device such as digital signage
  • control will be possible using location information obtained in real time.
  • the biometric authentication system can also be linked to the system of a service (or application) used by the user.
  • a service or application
  • it can be linked to a car dispatch reservation service to predict where the user is likely to be at a certain time based on the dispatch location and reservation time specified by the user, or linked to an event reservation such as a concert to predict where the user is likely to be at a certain date and time.
  • the technology according to the present invention is applied to a social device (terminal), but the technology according to the present invention can be applied to more than just social devices.
  • the technology according to the present invention can be applied to any device (terminal) where it is difficult to store user information due to some factor, such as functionality or the situation in which it is used.
  • the following shows an example of applying the technology according to the present invention to a 3GPP access network, but the MEC server can also be accommodated in non-3GPP access networks and fixed networks, and the technology according to the present invention can also be applied to non-3GPP access networks and fixed networks.
  • an MEC server is used as the server that stores biometric information
  • the server that has a biometric authentication unit and stores biometric information is not limited to an MEC server.
  • a terminal, a vehicle, a base station, etc. may have a biometric authentication unit and be used as a server that stores biometric information.
  • the location to which each server is subordinate may be a region (prefecture, city, etc.) as in the example below, or a smaller unit (building, room, etc.), or a larger unit (country, land, sky, sea, etc.).
  • each server may be located in a different location, or multiple servers may be located in different locations.
  • the distributed servers such as the MEC server perform biometric authentication using biometric information, but this is not limited to the above.
  • the distributed servers may hold information about the user other than the biometric information and use this information to perform user authentication other than biometric authentication.
  • the "biometric information" in this embodiment may be replaced with this information.
  • the biometric authentication system includes a user information acquisition unit 10, a user information management DB 20, a biometric information deployment location determination unit 30, MEC servers 40 and 50, social terminals 60 and 80, and biometric information acquisition devices 70 and 90.
  • the user information acquisition unit 10, user information management DB 20, biometric information deployment location determination unit 30, and MEC servers 40, 50 are provided on the carrier network.
  • MEC servers 40, 50 are shown in FIG. 1, but this is an example.
  • the number of MEC servers may be three or more. More specifically, the MEC servers may be distributed and placed on a prefecture-by-prefecture, city-by-city basis, etc.
  • the social terminal 60 is connected to the MEC server 40 and the biometric information acquisition device 70
  • the social terminal 80 is connected to the MEC server 50 and the biometric information acquisition device 90
  • the MEC server 40 includes a biometric information DB 41, a biometric authentication unit 42, and a service server 43.
  • the MEC server 50 has a similar configuration.
  • the biometric information acquisition devices 70 and 90 are, for example, cameras that read biometric information such as a face.
  • the user information acquisition unit 10, the user information management DB 20, and the biometric information deployment location determination unit 30 may each be an independent device (computer), or any two or more of them may be realized by a single computer.
  • any one of the user information acquisition unit 10, the user information management DB 20, and the biometric information deployment location determination unit 30 may be provided in any one of the MEC servers.
  • the user information acquisition unit 10 collects location-related information of users (service contract users) who have subscribed to the service related to this embodiment in real time, and also collects biometric information of the service contract users.
  • the user information management DB 20 stores the collected user location-related information and biometric information in association with the user's identification information, and also stores the identification information of the MEC server in which the user's biometric information is currently stored in association with the user's identification information.
  • An example of the information stored in the user information management DB 20 is shown in Figure 2.
  • biometric information is held by the network operator, but this is an example, and the biometric information may also be held by the service operator.
  • the biometric information deployment location determination unit 30 determines which MEC server's region the user is in based on the information in the user information management DB 20, and adds/deletes the user's biometric information to/from the biometric information DB of the corresponding MEC server.
  • the biometric information deployment location determination unit 30 has an MEC server table that associates and holds the region under each MEC server with the identification information of the MEC server. An image of the MEC server table is shown in Figure 3.
  • Biometric information DB 41 selectively stores the biometric information of service contract users.
  • Biometric authentication unit 42 identifies the user by matching the biometric information acquired from the user with the information stored in biometric information DB 41.
  • the service server 43 provides the user with a service. Note that the location of the service server 43 does not have to be on the MEC server 40, and it may be, for example, on the cloud.
  • a device having the biometric information deployment location determination unit 30 may be called a biometric information deployment location determination device 100.
  • Figure 4 shows an example of the configuration of the biometric information deployment location determination device 100.
  • the biometric information deployment location determination device 100 includes a selection unit 110 and a control unit 120.
  • the selection unit 110 selects a specific server from a plurality of servers for storing biometric information to be used for biometric authentication of the user, based on the user's location identified or predicted from the user's location-related information.
  • the control unit 120 requests the selected specific server to store the biometric information.
  • the user information acquisition unit 10 collects, in real time, one or more of the following as user location-related information: "user's carrier (3GPP) NW contract address,””information on base stations that a 3GPP-subscribed UE (terminal) usually accesses,"”history of 3GPP C-Plane presence information,” and “location information (and associated time information) acquired from the system of a service (or application) used by the user,” and stores the information in the user information management DB 20 in association with the user's identification information.
  • 3GPP 3GPP
  • NW contract address information on base stations that a 3GPP-subscribed UE (terminal) usually accesses
  • 3GPP C-Plane presence information information acquired from the system of a service (or application) used by the user
  • the user information acquisition unit 10 collects the biometric information, associates it with the user's identification information, and stores it in the user information management DB 20.
  • the "user's carrier (3GPP) network contract address” can be obtained from the "subscriber information management system database,” which is a database in which subscriber information is registered when a user signs a line contract (for example, at a carrier's shop).
  • the "information on base stations that a 3GPP subscribed UE (terminal) normally accesses" and the "history of 3GPP C-Plane presence information” can be obtained by periodically collecting the following information from the UE Context information collected by the AMF, a 3GPP node, as described in "Table 5.2.2.2.2-1: UE Context in AMF" in Non-Patent Document 2, and by associating and managing the subscriber information, the SUPI contained in the issued USIM (SIM card), and the history of the following information corresponding to the SUPI.
  • This information can be obtained from an external system using the API described in "5.2.2.2.2 Namf_Communication_UEContextTransfer service operation" in Non-Patent Document 2.
  • ⁇ Registration Area Current Registration Area (a set of tracking areas in TAI List).
  • ⁇ TAI of last Registration TAI of the TA in which the last Registration Request was initiated.
  • ⁇ User Location Information Information on user location. The location information of the UE is obtained by using the Get API (see 5.3.2.5 of Non-Patent Document 2) of the Nudm_UEContextManagement Service (see 5.3 of Non-Patent Document 2) in a node called UDM described in Non-Patent Document 2.
  • Location Information Retrieval The details of the API for retrieving location information are described in "5.3.2.5.9 Location Information Retrieval", and the information that can be obtained is described in "Table 6.7.6.2.4-1: Definition of type LocationInfoResult "
  • the location information of the UE may be obtained from the AMF.
  • the "location information (and the associated time information) obtained from the system of the service (or application) used by the user” can be obtained, for example, from the service's system, such as a ticket reservation service system.
  • examples 1 to 4 are described as specific examples of the operation of the biometric information deployment location determination unit 30.
  • the biometric information deployment location determination unit 30 judges whether or not the location-related information of any user has been updated in the user information management DB 20. If it has been updated (Yes), the process proceeds to S102. Note that the check as to whether or not the location-related information of any user has been updated is performed, for example, periodically. This is the same in other embodiments.
  • the biometric information deployment location determination unit 30 obtains from the user information management DB 20 the updated location-related information and the identification information of the first MEC server in which the biometric information of the user related to the update (this user will be referred to as User A) is currently stored.
  • the biometric information deployment location determination unit 30 identifies or predicts a user location, which is the current or future location of user A, based on the updated location related information. That is, the biometric information deployment location determination unit 30 identifies the current location of user A or predicts the future location of user A.
  • the biometric information deployment location determination unit 30 acquires, from the MEC server table, identification information of a second MEC server that has under its control a social terminal in an area that includes the identified or predicted user location.
  • the biological information deployment location determination unit 30 judges whether the identification information of the first MEC server and the second MEC server is the same or not, and if it is the same, the process returns to S101, and if it is not the same, the process proceeds to S106.
  • the biometric information deployment location determination unit 30 acquires the identification information and biometric information of user A from the user information management DB 20, transmits the acquired identification information and biometric information of user A to the second MEC server, and requests that these pieces of information be added to the biometric information DB.
  • the identification information and biometric information are transmitted to the MEC server to request that these pieces of information be added to the biometric information DB, but the present invention is not limited to such processing.
  • a request may be made to the MEC server to add information to the biometric information DB, and the MEC server that receives the request may access the user information management DB 20 to acquire the biometric information. This point is similar to other embodiments.
  • the biometric information deployment location determination unit 30 requests the first MEC server to delete the biometric information of user A.
  • the biometric information deployment location determination unit 30 updates the identification information of the MEC server in the user information management DB 20 in which the biometric information of user A is currently stored.
  • the MEC server corresponding to the user's location can store the user's biometric information.
  • Example 1 there is a possibility that process flapping (repeated deletion/addition of biometric information in a short period of time) may occur.
  • a mechanism may be provided that stores the same user's biometric information in multiple MEC servers according to some criteria or threshold, such as until a certain period of time has passed or until the user's location or predicted location exceeds a certain range. Examples 2 and 3 that include such a mechanism are described below.
  • Example 2 in order to avoid process flapping when a user moves between MEC areas or between their boundaries, a mechanism is provided for storing biometric information of the same user in multiple MEC servers until a certain period of time has elapsed. The operation of the second embodiment will be described with reference to the flowchart of FIG.
  • the biometric information deployment location determination unit 30 judges whether or not the location-related information of any user has been updated in the user information management DB 20. If it has been updated (Yes), the process proceeds to S202.
  • the biometric information deployment location determination unit 30 obtains from the user information management DB 20 the updated location-related information and the identification information of the first MEC server in which the biometric information of the user related to the update (called User A) is currently stored.
  • the biometric information deployment location determination unit 30 identifies or predicts the user location, which is the current or future location of user A, based on the updated location related information.
  • the biometric information deployment location determination unit 30 acquires, from the MEC server table, identification information of a second MEC server that has under its control a social terminal in an area that includes the identified or predicted user location.
  • the biological information deployment location determination unit 30 judges whether the identification information of the first MEC server and the second MEC server is the same or not, and if it is the same, the process returns to S201, and if it is not the same, the process proceeds to S206.
  • the biometric information deployment location determination unit 30 acquires user A's identification information and biometric information from the user information management DB 20, transmits the acquired identification information and biometric information of user A to the second MEC server, and requests that this information be added to the biometric information DB.
  • the biometric information deployment location determination unit 30 adds the identification information of the second MEC server to the identification information of the MEC server in which the user's biometric information is currently stored in the user information management DB 20.
  • the biometric information deployment location determination unit 30 requests the first MEC server to delete the biometric information of user A.
  • the start point of measurement of this predetermined time may be, for example, the point of time when the second MEC server is requested to add the information to the biometric information DB.
  • the specified time may be a time that is preset commonly for all users, a time that is preset for each individual user, or a time that is dynamically determined according to the speed of the target user (here, user A) estimated from the location-related information of the user.
  • the above-mentioned specified time is dynamically determined, for example, when the user moves at a low speed (speed A), it can be estimated that the user will spend a long time near the boundary of the MEC area, so the above-mentioned specified time is determined to be longer than the specified time when moving at a speed faster than speed A.
  • the biometric information deployment location determination unit 30 deletes the identification information of the first MEC server from the identification information of the MEC server in which the biometric information of user A in the user information management DB 20 is currently stored.
  • Example 3 in order to avoid process flapping when a user moves between MEC areas or between their boundaries, a mechanism is provided for storing biometric information of the same user in multiple MEC servers until the user's current location or predicted location exceeds a certain range. The operation of the third embodiment will be described with reference to the flowchart in FIG.
  • the biometric information deployment location determination unit 30 judges whether or not the user's location related information has been updated in the user information management DB 20. If it has been updated (Yes), the process proceeds to S302.
  • the biometric information deployment location determination unit 30 obtains from the user information management DB 20 the updated location-related information and the identification information of the first MEC server in which the biometric information of the user related to the update (called User A) is currently stored.
  • the biometric information deployment location determination unit 30 identifies or predicts the user location, which is the current or future location of user A, based on the updated location related information.
  • the biometric information deployment location determination unit 30 acquires, from the MEC server table, identification information of a second MEC server that has under its control a social terminal in an area that includes the identified or predicted user location.
  • the biometric information deployment location determination unit 30 judges whether the identification information of the first MEC server includes the identification information of the second MEC server. If it does (Yes), the process returns to S301, and if it does not (No), the process proceeds to S306.
  • the identification information of the first MEC server includes the identification information of the second MEC server means that the identification information of the first MEC server and the identification information of the second MEC server are the same, or there are multiple "identification information of the first MEC server", and any one of them is the same as the identification information of the second MEC server.
  • the biometric information deployment location determination unit 30 acquires user A's identification information and biometric information from the user information management DB 20, transmits the acquired identification information and biometric information of user A to the second MEC server, and requests that this information be added to the biometric information DB.
  • the biometric information deployment location determination unit 30 adds the identification information of the second MEC server to the identification information of the MEC server in which the user's biometric information is currently stored in the user information management DB 20.
  • the biometric information deployment location determination unit 30 judges whether or not there is a first MEC server corresponding to an area that is a predetermined distance or more away from the specified or predicted user location of user A. If there is, the process proceeds to S309, and if there is no first MEC server, the process returns to S301.
  • the distance between the identified or predicted user position and a certain area may be, for example, the distance between the identified or predicted user position and the nearest boundary of the area, or the distance between the identified or predicted user position and the center of gravity of the area.
  • the specified distance may be a distance that is set in advance for all users, a distance that is set in advance for each individual user, or a distance that is dynamically determined based on the speed of the target user (user A in this case) estimated from the position-related information of the user.
  • the above-mentioned specified distance is dynamically determined, for example, for a user moving at a low speed (speed A), the above-mentioned specified distance is determined to be a distance shorter than the specified distance when moving at a speed faster than speed A.
  • the biometric information deployment location determination unit 30 requests the first MEC server corresponding to the area that is a predetermined distance or more away from the identified or predicted user position to delete the biometric information of user A.
  • the biometric information deployment location determination unit 30 deletes the identification information of the first MEC server from the identification information of the MEC server in which the biometric information of user A is currently stored in the user information management DB 20.
  • the biometric information placement location determination unit 30 judges whether or not the biometric information of any user has been updated in the user information management DB 20. If it has been updated, the process proceeds to S402. Note that the check as to whether or not the biometric information of any user has been updated is performed, for example, periodically.
  • the biometric information deployment location determination unit 30 acquires, from the user information management DB 20, identification information of the first MEC server in which the biometric information of the user (referred to as user A) whose biometric information has been updated is currently stored.
  • the biometric information deployment location determination unit 30 acquires user A's identification information and biometric information from the user information management DB 20, transmits the acquired identification information and biometric information of user A to the first MEC server, and requests that this information be updated in the biometric information DB.
  • Any of the devices described in this embodiment can be realized by, for example, causing a computer to execute a program.
  • This computer may be a physical computer or a virtual machine on the cloud.
  • the device can be realized by using hardware resources such as a CPU and memory built into a computer to execute a program corresponding to the processing performed by the device.
  • the program can be recorded on a computer-readable recording medium (such as a portable memory) and then stored or distributed.
  • the program can also be provided via a network such as the Internet or email.
  • FIG. 9 is a diagram showing an example of the hardware configuration of the computer.
  • the computer in FIG. 9 has a drive device 1000, an auxiliary storage device 1002, a memory device 1003, a CPU 1004, an interface device 1005, a display device 1006, an input device 1007, an output device 1008, etc., all of which are connected to each other via a bus B.
  • the computer may further include a GPU.
  • the program that realizes the processing on the computer is provided by a recording medium 1001, such as a CD-ROM or a memory card.
  • a recording medium 1001 storing the program is set in the drive device 1000, the program is installed from the recording medium 1001 via the drive device 1000 into the auxiliary storage device 1002.
  • the program does not necessarily have to be installed from the recording medium 1001, but may be downloaded from another computer via a network.
  • the auxiliary storage device 1002 stores the installed program as well as necessary files, data, etc.
  • the memory device 1003 When an instruction to start a program is received, the memory device 1003 reads out and stores the program from the auxiliary storage device 1002.
  • the CPU 1004 realizes the functions related to the device in accordance with the program stored in the memory device 1003.
  • the interface device 1005 is used as an interface for connecting to a network, etc.
  • the display device 1006 displays a GUI (Graphical User Interface) based on a program, etc.
  • the input device 1007 is composed of a keyboard and mouse, buttons, a touch panel, etc., and is used to input various operational instructions.
  • the output device 1008 outputs the results of calculations.
  • a biometric information deployment location determination unit 30 selects an MEC server that holds biometric information to be used for biometric authentication of each user based on location-related information for identifying or predicting the current or future location of the user, and causes the selected MEC server to hold the biometric information of the user.
  • the technology according to this embodiment makes it possible to reduce the total amount of biometric data that the biometric authentication unit of each MEC server reads in the matching process and to make the process more efficient. As a result, the total number of searches can be reduced and the processing can be sped up. In addition, it is expected that the absolute number of biometric data with similar characteristics will also be reduced, improving false positives and detection accuracy.
  • a biometric information deployment location determination unit selects, as the specific server, a server that has a location including the user's location under its control.
  • biometric authentication system according to claim 1 or 2, wherein, in a case where the biometric information is stored in a server other than the specific server, the biometric information deployment location determination unit requests the other server to delete the biometric information after detecting that a certain time has elapsed.
  • biometric information deployment location determination unit requests the other server to delete the biometric information when it detects that a location under the control of the other server is a certain distance or more away from the user's location.
  • a biometric information deployment location determination device used in a biometric authentication system including a plurality of servers each having a biometric authentication unit, the plurality of servers being located in two or more different locations, the device comprising: a selection unit that selects a specific server from the plurality of servers for storing biometric information used for biometric authentication of the user based on a location of the user identified or predicted from location-related information of the user; and a control unit that requests the selected specific server to store the biometric information.
  • a non-transitory storage medium storing a program for causing a computer to function as each unit in the biometric information deployment location determination device according to claim 5.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

This biometric authentication system comprises: a plurality of servers each comprising a biometric authentication unit and disposed at two or more different locations; and a biometric information distribution location determination unit that selects, from the plurality of servers, a specific server for storing biometric information to be used for the biometric authentication of a user on the basis of the position of the user specified or predicted from position-related information about the user, and requests the selected specific server to store the biometric information.

Description

生体認証システム、生体情報配備場所決定装置、生体情報配備場所決定方法、及びプログラムBiometric authentication system, biometric information deployment location determination device, biometric information deployment location determination method, and program
 本発明は、生体認証の技術分野に関連するものである。 The present invention relates to the technical field of biometric authentication.
 生体認証を用いた種々のサービス形態が想定される。例えば、ユーザが手ぶら(自分の端末(スマホなど)を所持していない)の状態で、街中に設置されているソーシャルデバイス(デジタルサイネージやカフェなどに設置されたPCなど)にアクセスすると、デバイスに搭載されたカメラなどで顔などの生体情報を読み取り、生体認証に基づきユーザを特定して、その結果、ユーザ専用のサービスが提供されるようなサービス形態が想定される。 Various service formats using biometric authentication are envisioned. For example, when a user is empty-handed (not carrying their own device (such as a smartphone)) and accesses a social device installed around town (such as a digital signage display or a PC installed in a cafe), a camera installed in the device will read biometric information such as the face, and the user will be identified based on biometric authentication, resulting in the provision of services specifically tailored to the user.
 上記のようなソーシャルデバイスは誰もが物理的にアクセスできる場所に設置され、デバイスの管理者は遠隔での監視が基本となるため、セキュリティやプライバシの観点から、ソーシャルデバイス自体にユーザの顔情報などを保存しておくことはできない。また、ソーシャルデバイス利用時にソーシャルデバイスに対して、IDやパスワードなどの機微な情報を入力・保存することもできない。そのため、ネットワーク上にユーザの顔情報などを保存する構成とすることが必要である。このような構成を用いた技術として、例えば非特許文献1に開示された技術がある。 Since such social devices are installed in locations where anyone can physically access them and the device administrator basically monitors them remotely, from the perspective of security and privacy, it is not possible to store the user's facial information on the social device itself. Furthermore, it is not possible to input or store sensitive information such as an ID or password on the social device when using it. For this reason, it is necessary to have a configuration in which the user's facial information is stored on the network. One example of a technology that uses such a configuration is the technology disclosed in Non-Patent Document 1.
 顔データとユーザ識別子が紐づいており、認証のタイミングでユーザからユーザ識別子が提示される場合であれば、ユーザから取得した顔データに加えて識別子に基づき、データベース(DB)からマッチする顔データを探索することで、顔認証処理を短時間かつ高精度で行うことが可能である。 If facial data and a user identifier are linked and the user presents a user identifier at the time of authentication, facial recognition processing can be performed quickly and with high accuracy by searching for matching facial data in a database (DB) based on the identifier in addition to the facial data obtained from the user.
 しかし、ソーシャルデバイスを用いる場合のように、ユーザ識別子が提示されない場合は、例えばDB内の数千万オーダーなどの大量の顔データの中から、ユーザから取得した顔データとのマッチングをすることになり、高速かつ高精度で顔認証を実施することは困難である。 However, when a user identifier is not presented, such as when using a social device, the facial data obtained from the user must be matched against a huge amount of facial data in a database (on the order of tens of millions of data), making it difficult to perform fast and highly accurate facial recognition.
 本発明は上記の点に鑑みてなされたものであり、生体認証における処理を高速化することを可能とする技術を提供することを目的とする。 The present invention was made in consideration of the above points, and aims to provide technology that makes it possible to speed up processing in biometric authentication.
 開示の技術によれば、それぞれ生体認証部を備える複数のサーバであって、2以上の異なる場所に配置された複数のサーバと、
 ユーザの位置関連情報から特定又は予測される前記ユーザの位置に基づいて、前記ユーザの生体認証に用いる生体情報を格納するための特定のサーバを前記複数のサーバから選択し、選択した前記特定のサーバに対して前記生体情報の格納を要求する生体情報配備場所決定部と
 を備える生体認証システムが提供される。
According to the disclosed technology, a plurality of servers each having a biometric authentication unit and located at two or more different locations;
a biometric information deployment location determination unit that selects a specific server from the plurality of servers for storing biometric information to be used for biometric authentication of the user based on a user's location identified or predicted from user's location-related information, and requests the selected specific server to store the biometric information.
 開示の技術によれば、生体認証における処理を高速化することを可能とする技術が提供される。 The disclosed technology provides a technology that makes it possible to speed up processing in biometric authentication.
本発明の実施の形態における生体認証システムの構成例を示す図である。1 is a diagram illustrating an example of a configuration of a biometric authentication system according to an embodiment of the present invention. ユーザ情報管理DB20に格納される情報のイメージを示す図である。1 is a diagram showing an example of information stored in a user information management DB 20. FIG. MECサーバテーブルのイメージを示す図である。FIG. 13 is a diagram showing an image of an MEC server table. 生体情報配備場所決定部装置100の構成例を示す図である。FIG. 2 is a diagram illustrating a configuration example of a biological information deployment location determination unit 100. 実施例1を説明するためのフローチャートである。1 is a flowchart for explaining a first embodiment. 実施例2を説明するためのフローチャートである。11 is a flowchart for explaining a second embodiment. 実施例3を説明するためのフローチャートである。13 is a flowchart for explaining a third embodiment. 実施例4を説明するためのフローチャートである。13 is a flowchart for explaining a fourth embodiment. 装置のハードウェア構成例を示す図である。FIG. 2 illustrates an example of a hardware configuration of the apparatus.
 以下、図面を参照して本発明の実施の形態(本実施の形態)を説明する。以下で説明する実施の形態は一例に過ぎず、本発明が適用される実施の形態は、以下の実施の形態に限られるわけではない。 Below, an embodiment of the present invention (present embodiment) will be described with reference to the drawings. The embodiment described below is merely an example, and the embodiment to which the present invention is applicable is not limited to the embodiment described below.
 (実施の形態の概要)
 本実施の形態に係る生体認証システムでは、全国(日本国内でもよいし、複数国でもよい)にMEC(Multi-access Edge Computing)サーバが分散配備されており、MECサーバ毎に生体認証(例えば顔認証)機能を有する生体認証部を備える。また、生体認証システムには、生体情報配備場所決定部が備えられる。
(Overview of the embodiment)
In the biometric authentication system according to the present embodiment, MEC (Multi-access Edge Computing) servers are distributed throughout the country (may be in Japan or multiple countries), and each MEC server is provided with a biometric authentication unit having a biometric authentication (e.g., face authentication) function. The biometric authentication system also includes a biometric information deployment location determination unit.
 生体情報配備場所決定部は、ユーザの現在又は将来の位置を特定又は予測するための位置関連情報に基づいて、どの地域のMECサーバにどのユーザの生体データを保持しておくかを決定し、情報の変化に応じて逐次更新を行う。 The biometric information placement location determination unit determines which MEC server in which region should store which user's biometric data, based on location-related information for identifying or predicting the user's current or future location, and updates the information as it changes.
 上記の位置関連情報は、例えば「ユーザのキャリア(3GPP)NWの契約住所」、「3GPP加入の所有UE(端末)が普段アクセスする基地局の情報」、「3GPP C-Plane在圏情報の履歴」、及び「ユーザが利用したサービス(又はアプリケーション)のシステムから取得される位置情報(とそれに対応付けられた時刻情報)」などである。 The above location-related information includes, for example, "the contract address of the user's carrier (3GPP) network," "information on the base station that the 3GPP-subscribed UE (terminal) normally accesses," "history of 3GPP C-Plane presence information," and "location information (and associated time information) obtained from the system of the service (or application) used by the user."
 本実施の形態に係る技術は、背景技術で説明したように、ユーザが手ぶらでソーシャルデバイス経由でサービスを利用する場面に適用可能であるが、ユーザの日々の生活の中では、自分のUEを所持して行動している場面も存在する想定であり、その際に収集した位置情報の履歴等を利用して制御を行うことを想定している。 As explained in the background art, the technology according to this embodiment can be applied to situations where a user uses a service via a social device while hands-free, but it is assumed that there will be situations in the user's daily life where the user carries his/her UE with him/her, and it is assumed that control will be performed using the location information history, etc., collected at such times.
 また、ユーザが手ぶらでソーシャルデバイス経由でサービスを利用する場面に限らず、ユーザが自分のUEを所持している場面においても適用可能であり、例えば、ユーザがわざわざUEを取り出さなくても、デジタルサイネージのようなソーシャルデバイスの前に立ち止まったり、通過したりする際にユーザを認識してユーザ用の予定表を表示する、といった場面での利用が想定される。この場合はリアルタイムに取得した位置情報を利用した制御が可能であると想定する。 Furthermore, this is not limited to situations where a user uses a service via a social device while empty-handed, but can also be applied when the user has their own UE. For example, it is expected that the system will recognize the user when they stop in front of or pass by a social device such as digital signage and display the user's schedule, without the user having to take out their UE. In this case, it is expected that control will be possible using location information obtained in real time.
 本実施の形態に係る生体認証システムと、ユーザが利用したサービス(又はアプリケーション)のシステムとが連携することも可能である。例えば、自動車の配車予約サービスと連動して、ユーザの指定した配車場所と予約時刻からユーザがある時刻にいそうな場所を予測したり、コンサートなどのイベント予約と連動して、ある日時にユーザがいそうな場所を予測したり、という例が挙げられる。これらの情報に基づき先回りして、その地域のMECサーバにユーザの生体情報を保存しておくことで、例えばコンサートのゲートの開閉などを生体認証で実施することが可能となる。 The biometric authentication system according to this embodiment can also be linked to the system of a service (or application) used by the user. For example, it can be linked to a car dispatch reservation service to predict where the user is likely to be at a certain time based on the dispatch location and reservation time specified by the user, or linked to an event reservation such as a concert to predict where the user is likely to be at a certain date and time. By proactively storing the user's biometric information in the MEC server in that area based on this information, it becomes possible to use biometric authentication to open and close the gates to a concert, for example.
 なお、以下では、一例として、本発明に係る技術をソーシャルデバイス(端末)に適用する場合の例を示しているが、本発明に係る技術はソーシャルデバイスに限らずに適用可能である。本発明に係る技術は、例えば、機能面や利用されるシチュエーションなどの何らかの要因によってユーザ情報を保存しておくことが難しい、いかなるデバイス(端末)にも適用することが可能である。 Note that, as an example, the following shows the case where the technology according to the present invention is applied to a social device (terminal), but the technology according to the present invention can be applied to more than just social devices. The technology according to the present invention can be applied to any device (terminal) where it is difficult to store user information due to some factor, such as functionality or the situation in which it is used.
 また、以下では、一例として、本発明に係る技術を3GPPアクセス網に適用する場合の例を示しているが、MECサーバは、non 3GPPアクセス網や固定網にも収容可能であり、本発明に係る技術は、non 3GPPアクセス網や固定網にも適用することが可能である。 In addition, the following shows an example of applying the technology according to the present invention to a 3GPP access network, but the MEC server can also be accommodated in non-3GPP access networks and fixed networks, and the technology according to the present invention can also be applied to non-3GPP access networks and fixed networks.
 また、本実施の形態では、生体情報を保持するサーバとしてMECサーバを使用しているが、生体認証部を持ち、生体情報を保持するサーバはMECサーバに限定されない。例えば、端末、車両、基地局などが、生体認証部を持ち、生体情報を保持するサーバとして使用されてもよい。 In addition, in this embodiment, an MEC server is used as the server that stores biometric information, but the server that has a biometric authentication unit and stores biometric information is not limited to an MEC server. For example, a terminal, a vehicle, a base station, etc. may have a biometric authentication unit and be used as a server that stores biometric information.
 また、MECサーバなどの生体情報を保持するサーバが分散配置される場合において、各サーバがその配下とする場所は、下記の例のように地域(県単位、市単位など)であってもよいし、より狭い単位(ビル単位、部屋単位など)であってもよいし、より広い単位(国単位、陸、上空、海などの単位)であってもよい。 In addition, when servers that store biometric information, such as MEC servers, are distributed, the location to which each server is subordinate may be a region (prefecture, city, etc.) as in the example below, or a smaller unit (building, room, etc.), or a larger unit (country, land, sky, sea, etc.).
 また、生体情報を保持するサーバが分散配置される際に、各サーバが異なる場所に配置されてもよいし、複数サーバごとに異なる場所に配置されてもよい。 In addition, when servers that store biometric information are distributed, each server may be located in a different location, or multiple servers may be located in different locations.
 また、本実施の形態において、MECサーバなどの分散配置されるサーバは、生体情報を用いて生体認証を行うが、これに限定されない。分散配置されるサーバは、生体情報以外のユーザに関する情報を保持し、当該情報を用いて、生体認証以外のユーザ認証を行ってもよい。本実施の形態における「生体情報」を当該情報に置き換えてもよい。 In addition, in this embodiment, the distributed servers such as the MEC server perform biometric authentication using biometric information, but this is not limited to the above. The distributed servers may hold information about the user other than the biometric information and use this information to perform user authentication other than biometric authentication. The "biometric information" in this embodiment may be replaced with this information.
 以下、本実施の形態におけるシステム構成及びシステムの動作例を詳細に説明する。 The system configuration and system operation example of this embodiment are explained in detail below.
 (システム構成)
 図1に、本実施の形態における生体認証システムの構成例を示す。図1に示すように、本実施の形態における生体認証システムは、ユーザ情報取得部10、ユーザ情報管理DB20、生体情報配備場所決定部30、MECサーバ40、50、ソーシャル端末60、80、生体情報取得装置70、90を有する。
(System Configuration)
A configuration example of a biometric authentication system according to the present embodiment is shown in Fig. 1. As shown in Fig. 1, the biometric authentication system according to the present embodiment includes a user information acquisition unit 10, a user information management DB 20, a biometric information deployment location determination unit 30, MEC servers 40 and 50, social terminals 60 and 80, and biometric information acquisition devices 70 and 90.
 本実施の形態では、ユーザ情報取得部10、ユーザ情報管理DB20、生体情報配備場所決定部30、MECサーバ40、50は、キャリアNW上に備えられる。なお、図1には、2台のMECサーバ40、50が示されているが、これは例である。MECサーバの数は3台以上でもよい。より具体的には、MECサーバは、県単位、市単位などに分散して配置されてもよい。 In this embodiment, the user information acquisition unit 10, user information management DB 20, biometric information deployment location determination unit 30, and MEC servers 40, 50 are provided on the carrier network. Note that two MEC servers 40, 50 are shown in FIG. 1, but this is an example. The number of MEC servers may be three or more. More specifically, the MEC servers may be distributed and placed on a prefecture-by-prefecture, city-by-city basis, etc.
 図1の例において、ソーシャル端末60はMECサーバ40及び生体情報取得装置70に接続され、ソーシャル端末80はMECサーバ50及び生体情報取得装置90に接続される。MECサーバ40は、生体情報DB41、生体認証部42、及びサービスサーバ43を備える。MECサーバ50も同様の構成を有する。生体情報取得装置70、90は、例えば、顔などの生体情報を読み取るカメラなどである。 In the example of FIG. 1, the social terminal 60 is connected to the MEC server 40 and the biometric information acquisition device 70, and the social terminal 80 is connected to the MEC server 50 and the biometric information acquisition device 90. The MEC server 40 includes a biometric information DB 41, a biometric authentication unit 42, and a service server 43. The MEC server 50 has a similar configuration. The biometric information acquisition devices 70 and 90 are, for example, cameras that read biometric information such as a face.
 ユーザ情報取得部10、ユーザ情報管理DB20、及び生体情報配備場所決定部30はそれぞれ独立の装置(コンピュータ)であってもよいし、これらのうちのいずれか複数又は全部が1つのコンピュータで実現されてもよい。また、ユーザ情報取得部10、ユーザ情報管理DB20、及び生体情報配備場所決定部30のうちのいずれかが、いずれかのMECサーバに備えられてもよい。 The user information acquisition unit 10, the user information management DB 20, and the biometric information deployment location determination unit 30 may each be an independent device (computer), or any two or more of them may be realized by a single computer. In addition, any one of the user information acquisition unit 10, the user information management DB 20, and the biometric information deployment location determination unit 30 may be provided in any one of the MEC servers.
 本実施の形態における生体認証システムの各部の機能概要は下記のとおりである。 The functional overview of each part of the biometric authentication system in this embodiment is as follows:
 ユーザ情報取得部10は、本実施の形態に係るサービスに契約しているユーザ(サービス契約ユーザ)の位置関連情報をリアルタイムで収集するとともに、サービス契約ユーザの生体情報を収集する。 The user information acquisition unit 10 collects location-related information of users (service contract users) who have subscribed to the service related to this embodiment in real time, and also collects biometric information of the service contract users.
 ユーザ情報管理DB20は、収集されたユーザの位置関連情報及び生体情報をユーザの識別情報と対応付けて格納するとともに、ユーザの生体情報が現在格納されているMECサーバの識別情報をユーザの識別情報と対応付けて格納する。ユーザ情報管理DB20に格納される情報のイメージを図2に示す。 The user information management DB 20 stores the collected user location-related information and biometric information in association with the user's identification information, and also stores the identification information of the MEC server in which the user's biometric information is currently stored in association with the user's identification information. An example of the information stored in the user information management DB 20 is shown in Figure 2.
 なお、本実施の形態では、生体情報をNW事業者側で保持することを想定するが、これは例であり、生体情報をサービス事業者側で保持してもよい。 In this embodiment, it is assumed that the biometric information is held by the network operator, but this is an example, and the biometric information may also be held by the service operator.
 生体情報配備場所決定部30は、ユーザ情報管理DB20の情報をもとに、ユーザがどのMECサーバの地域に存在するかを判断し、対応するMECサーバの生体情報DBにそのユーザの生体情報を追加/削除する。生体情報配備場所決定部30は、各MECサーバが配下とする地域とMECサーバの識別情報を対応付けて保持するMECサーバテーブルを備える。MECサーバテーブルのイメージを図3に示す。 The biometric information deployment location determination unit 30 determines which MEC server's region the user is in based on the information in the user information management DB 20, and adds/deletes the user's biometric information to/from the biometric information DB of the corresponding MEC server. The biometric information deployment location determination unit 30 has an MEC server table that associates and holds the region under each MEC server with the identification information of the MEC server. An image of the MEC server table is shown in Figure 3.
 MECサーバ40とMECサーバ50の内部構成は同じであるため、MECサーバ40を例にとって説明する。生体情報DB41は、サービス契約ユーザの生体情報を選択的に格納する。生体認証部42は、ユーザから取得した生体情報と生体情報DB41に格納された情報をマッチングすることにより、ユーザを特定する。 Since MEC server 40 and MEC server 50 have the same internal configuration, we will use MEC server 40 as an example for explanation. Biometric information DB 41 selectively stores the biometric information of service contract users. Biometric authentication unit 42 identifies the user by matching the biometric information acquired from the user with the information stored in biometric information DB 41.
 サービスサーバ43は、生体認証による認証を通過した場合、ユーザにサービスを提供する。なお、サービスサーバ43の配置場所はMECサーバ40上でなくても良く、例えばクラウド上などでもよい。 If the biometric authentication is successful, the service server 43 provides the user with a service. Note that the location of the service server 43 does not have to be on the MEC server 40, and it may be, for example, on the cloud.
 生体情報配備場所決定部30を有する装置を生体情報配備場所決定装置100と呼んでもよい。図4に生体情報配備場所決定装置100の構成例を示す。 A device having the biometric information deployment location determination unit 30 may be called a biometric information deployment location determination device 100. Figure 4 shows an example of the configuration of the biometric information deployment location determination device 100.
 図4に示すように、生体情報配備場所決定装置100は、選択部110、及び制御部120を含む。 As shown in FIG. 4, the biometric information deployment location determination device 100 includes a selection unit 110 and a control unit 120.
 選択部110は、ユーザの位置関連情報から特定又は予測される前記ユーザの位置に基づいて、前記ユーザの生体認証に用いる生体情報を格納するための特定のサーバを複数のサーバから選択する。制御部120は、選択した前記特定のサーバに対して前記生体情報の格納を要求する。 The selection unit 110 selects a specific server from a plurality of servers for storing biometric information to be used for biometric authentication of the user, based on the user's location identified or predicted from the user's location-related information. The control unit 120 requests the selected specific server to store the biometric information.
 (ユーザ情報取得部10の詳細)
 ここで、ユーザ情報取得部10の機能をより詳細に説明する。ユーザ情報取得部10は、ユーザの位置関連情報として、例えば、「ユーザのキャリア(3GPP)NWの契約住所」、「3GPP加入の所有UE(端末)が普段アクセスする基地局の情報」、「3GPP C-Plane在圏情報の履歴」、及び「ユーザが利用したサービス(又はアプリケーション)のシステムから取得される位置情報(とそれに対応付けられた時刻情報)」のうちのいずれか1以上をリアルタイムで収集し、ユーザの識別情報と対応付けてユーザ情報管理DB20に格納する。
(Details of User Information Acquisition Unit 10)
Here, the function of the user information acquisition unit 10 will be described in more detail. The user information acquisition unit 10 collects, in real time, one or more of the following as user location-related information: "user's carrier (3GPP) NW contract address,""information on base stations that a 3GPP-subscribed UE (terminal) usually accesses,""history of 3GPP C-Plane presence information," and "location information (and associated time information) acquired from the system of a service (or application) used by the user," and stores the information in the user information management DB 20 in association with the user's identification information.
 また、ユーザ情報取得部10は、サービス契約ユーザの生体情報が追加又は更新された場合には、その生体情報を収集し、ユーザの識別情報と対応付けてユーザ情報管理DB20に格納する。 In addition, when biometric information of a service contract user is added or updated, the user information acquisition unit 10 collects the biometric information, associates it with the user's identification information, and stores it in the user information management DB 20.
 以下では、ユーザの位置関連情報の具体的な取得方法の例を説明するが、下記の例に限定されるわけではなく、他の仕組み(例えば以下で説明するAPI以外のAPIなど)を用いて同様の情報を取得するようにしてもよい。 Below, we will explain an example of a specific method for acquiring user location-related information, but this is not limited to the example below, and similar information may be acquired using other mechanisms (e.g., APIs other than the APIs described below).
 「ユーザのキャリア(3GPP)NWの契約住所」は、ユーザが(例えば事業者のショップなどで)回線契約を行った際に加入者情報が登録されるデータベースである「加入者情報管理システムデータベース」から取得可能である。 The "user's carrier (3GPP) network contract address" can be obtained from the "subscriber information management system database," which is a database in which subscriber information is registered when a user signs a line contract (for example, at a carrier's shop).
 「3GPP加入の所有UE(端末)が普段アクセスする基地局の情報」及び「3GPP C-Plane在圏情報の履歴」は、非特許文献2の「Table 5.2.2.2.2-1: UE Context in AMF」に記載されている、3GPPのノードであるAMFが収集しているUE Context情報のうち、以下の情報を定期的に収集し、加入者情報と、発行したUSIM(SIMカード)に含まれるSUPIと、SUPIに対応する以下の情報の履歴とを対応付けて管理しておくことで取得可能である。これらの情報は、非特許文献2の「5.2.2.2.2 Namf_Communication_UEContextTransfer service operation」に記載のAPIを使って外部システムから取得できる。 The "information on base stations that a 3GPP subscribed UE (terminal) normally accesses" and the "history of 3GPP C-Plane presence information" can be obtained by periodically collecting the following information from the UE Context information collected by the AMF, a 3GPP node, as described in "Table 5.2.2.2.2-1: UE Context in AMF" in Non-Patent Document 2, and by associating and managing the subscriber information, the SUPI contained in the issued USIM (SIM card), and the history of the following information corresponding to the SUPI. This information can be obtained from an external system using the API described in "5.2.2.2.2 Namf_Communication_UEContextTransfer service operation" in Non-Patent Document 2.
 ・Registration Area :  Current Registration Area (a set of tracking areas in TAI List).
 ・TAI of last Registration :  TAI of the TA in which the last Registration Request was initiated.
 ・User Location Information :  Information on user location.
 また、UEの位置情報は、非特許文献2に記載のUDMと呼ばれるノードにおけるNudm_UEContextManagement Service(非特許文献2の5.3参照)のGet API(非特許文献2の5.3.2.5参照)を用いることによっても取得できる。なお、位置情報を取得するAPIの詳細は「5.3.2.5.9 Location Information Retrieval」に記載され、得られる情報は「Table 6.7.6.2.4-1: Definition of type LocationInfoResult」に記載されている。また、UEの位置情報は、AMFから取得してもよい。
・Registration Area: Current Registration Area (a set of tracking areas in TAI List).
・TAI of last Registration: TAI of the TA in which the last Registration Request was initiated.
・User Location Information: Information on user location.
The location information of the UE is obtained by using the Get API (see 5.3.2.5 of Non-Patent Document 2) of the Nudm_UEContextManagement Service (see 5.3 of Non-Patent Document 2) in a node called UDM described in Non-Patent Document 2. The details of the API for retrieving location information are described in "5.3.2.5.9 Location Information Retrieval", and the information that can be obtained is described in "Table 6.7.6.2.4-1: Definition of type LocationInfoResult " In addition, the location information of the UE may be obtained from the AMF.
 「ユーザが利用したサービス(又はアプリケーション)のシステムから取得される位置情報(とそれに対応付けられた時刻情報)」は、例えば、チケット予約サービスシステムのようなサービス側のシステムから取得可能である。 The "location information (and the associated time information) obtained from the system of the service (or application) used by the user" can be obtained, for example, from the service's system, such as a ticket reservation service system.
 以下、生体情報配備場所決定部30に係る動作の具体例として、実施例1~4を説明する。 Below, examples 1 to 4 are described as specific examples of the operation of the biometric information deployment location determination unit 30.
 (実施例1)
 まず、図5のフローチャートを参照して実施例1を説明する。
Example 1
First, the first embodiment will be described with reference to the flow chart of FIG.
 <S101>
 S101において、生体情報配備場所決定部30は、ユーザ情報管理DB20における、いずれかのユーザの位置関連情報が更新されたか否かを判断する。更新された場合(Yesの場合)、S102に進む。なお、いずれかのユーザの位置関連情報が更新されたか否かのチェックについては、例えば定期的に実行する。他の実施例でも同様である。
<S101>
In S101, the biometric information deployment location determination unit 30 judges whether or not the location-related information of any user has been updated in the user information management DB 20. If it has been updated (Yes), the process proceeds to S102. Note that the check as to whether or not the location-related information of any user has been updated is performed, for example, periodically. This is the same in other embodiments.
 <S102>
 S102において、生体情報配備場所決定部30は、更新された位置関連情報と、更新に係るユーザ(このユーザをユーザAと呼ぶ)の生体情報が現在格納されている第1のMECサーバの識別情報をユーザ情報管理DB20から取得する。
<S102>
In S102, the biometric information deployment location determination unit 30 obtains from the user information management DB 20 the updated location-related information and the identification information of the first MEC server in which the biometric information of the user related to the update (this user will be referred to as User A) is currently stored.
 <S103>
 S103において、生体情報配備場所決定部30は、更新された位置関連情報に基づいてユーザAの現在又は将来の位置であるユーザ位置を特定又は予測する。つまり、生体情報配備場所決定部30は、ユーザAの現在の位置を特定する、又は、ユーザAの将来の位置を予測する。
<S103>
In S103, the biometric information deployment location determination unit 30 identifies or predicts a user location, which is the current or future location of user A, based on the updated location related information. That is, the biometric information deployment location determination unit 30 identifies the current location of user A or predicts the future location of user A.
 <S104>
 S104において、生体情報配備場所決定部30は、特定又は予測されたユーザ位置を含む地域のソーシャル端末を配下に有する第2のMECサーバの識別情報をMECサーバテーブルから取得する。
<S104>
In S104, the biometric information deployment location determination unit 30 acquires, from the MEC server table, identification information of a second MEC server that has under its control a social terminal in an area that includes the identified or predicted user location.
 <S105>
 S105において、生体情報配備場所決定部30は、第1のMECサーバと第2のMECサーバの識別情報が同一か否かを判断し、同一であればS101に戻り、同一でなければS106に進む。
<S105>
In S105, the biological information deployment location determination unit 30 judges whether the identification information of the first MEC server and the second MEC server is the same or not, and if it is the same, the process returns to S101, and if it is not the same, the process proceeds to S106.
 <S106>
 S106において、生体情報配備場所決定部30は、ユーザAの識別情報と生体情報をユーザ情報管理DB20から取得し、第2のMECサーバに対して、取得したユーザAの識別情報と生体情報を送信し、これらの情報の生体情報DBへの追加を要求する。なお、本実施の形態では、MECサーバに識別情報と生体情報を送信することで、これらの情報の生体情報DBへの追加を要求するが、このような処理に限定されない。例えば、MECサーバに対して情報の生体情報DBへの追加を要求し、要求を受けたMECサーバがユーザ情報管理DB20にアクセスして生体情報を取得してもよい。この点に関しては他の実施例でも同様である。
<S106>
In S106, the biometric information deployment location determination unit 30 acquires the identification information and biometric information of user A from the user information management DB 20, transmits the acquired identification information and biometric information of user A to the second MEC server, and requests that these pieces of information be added to the biometric information DB. Note that in this embodiment, the identification information and biometric information are transmitted to the MEC server to request that these pieces of information be added to the biometric information DB, but the present invention is not limited to such processing. For example, a request may be made to the MEC server to add information to the biometric information DB, and the MEC server that receives the request may access the user information management DB 20 to acquire the biometric information. This point is similar to other embodiments.
 <S107>
 S107において、生体情報配備場所決定部30は、第1のMECサーバに対して、ユーザAの生体情報の削除を要求する。
<S107>
In S107, the biometric information deployment location determination unit 30 requests the first MEC server to delete the biometric information of user A.
 <S108>
 S108において、生体情報配備場所決定部30は、ユーザ情報管理DB20におけるユーザAの生体情報が現在格納されているMECサーバの識別情報を更新する。
<S108>
In S108, the biometric information deployment location determination unit 30 updates the identification information of the MEC server in the user information management DB 20 in which the biometric information of user A is currently stored.
 上述したS101~S108の処理により、ユーザの位置に対応するMECサーバに当該ユーザの生体情報を保持させることができる。 By performing the above-mentioned steps S101 to S108, the MEC server corresponding to the user's location can store the user's biometric information.
 ここで、ユーザがMECエリア間やその境界を行ったり来たりすることが想定される。その場合、実施例1では、処理のフラッピング(生体情報の削除/追加の短期間での繰り返し)が生じる可能性がある。 Here, it is assumed that the user will move back and forth between MEC areas or their boundaries. In that case, in Example 1, there is a possibility that process flapping (repeated deletion/addition of biometric information in a short period of time) may occur.
 処理のフラッピングを避けるために、一定の期間が経過又はユーザの位置や位置の予測が一定範囲を超えるまでの間といった、何らかの基準や閾値に従い、複数個所のMECサーバに同じユーザの生体情報を保持する仕組みを備えてもよい。このような仕組みを備える実施例2,3を以下に説明する。 To avoid process flapping, a mechanism may be provided that stores the same user's biometric information in multiple MEC servers according to some criteria or threshold, such as until a certain period of time has passed or until the user's location or predicted location exceeds a certain range. Examples 2 and 3 that include such a mechanism are described below.
 (実施例2)
 実施例2では、ユーザがMECエリア間やその境界を行ったり来たりした場合の処理のフラッピングを避けるために、一定の期間が経過するまでの間、複数個所のMECサーバに同じユーザの生体情報を保持する仕組みを備える。図6のフローチャートを参照して実施例2の動作を説明する。
Example 2
In the second embodiment, in order to avoid process flapping when a user moves between MEC areas or between their boundaries, a mechanism is provided for storing biometric information of the same user in multiple MEC servers until a certain period of time has elapsed. The operation of the second embodiment will be described with reference to the flowchart of FIG.
 <S201>
 S201において、生体情報配備場所決定部30は、ユーザ情報管理DB20における、いずれかのユーザの位置関連情報が更新されたか否かを判断する。更新された場合(Yesの場合)、S202に進む。
<S201>
In S201, the biometric information deployment location determination unit 30 judges whether or not the location-related information of any user has been updated in the user information management DB 20. If it has been updated (Yes), the process proceeds to S202.
 <S202>
 S202において、生体情報配備場所決定部30は、更新された位置関連情報と、更新に係るユーザ(ユーザAと呼ぶ)の生体情報が現在格納されている第1のMECサーバの識別情報をユーザ情報管理DB20から取得する。
<S202>
In S202, the biometric information deployment location determination unit 30 obtains from the user information management DB 20 the updated location-related information and the identification information of the first MEC server in which the biometric information of the user related to the update (called User A) is currently stored.
 <S203>
 S203において、生体情報配備場所決定部30は、更新された位置関連情報に基づいてユーザAの現在又は将来の位置であるユーザ位置を特定又は予測する。
<S203>
In S203, the biometric information deployment location determination unit 30 identifies or predicts the user location, which is the current or future location of user A, based on the updated location related information.
 <S204>
 S204において、生体情報配備場所決定部30は、特定又は予測されたユーザ位置を含む地域のソーシャル端末を配下に有する第2のMECサーバの識別情報をMECサーバテーブルから取得する。
<S204>
In S204, the biometric information deployment location determination unit 30 acquires, from the MEC server table, identification information of a second MEC server that has under its control a social terminal in an area that includes the identified or predicted user location.
 <S205>
 S205において、生体情報配備場所決定部30は、第1のMECサーバと第2のMECサーバの識別情報は同一か否かを判断し、同一であればS201に戻り、同一でなければS206に進む。
<S205>
In S205, the biological information deployment location determination unit 30 judges whether the identification information of the first MEC server and the second MEC server is the same or not, and if it is the same, the process returns to S201, and if it is not the same, the process proceeds to S206.
 <S206>
 S206において、生体情報配備場所決定部30は、ユーザAの識別情報と生体情報をユーザ情報管理DB20から取得し、第2のMECサーバに対して、取得したユーザAの識別情報と生体情報を送信し、これらの情報の生体情報DBへの追加を要求する。
<S206>
In S206, the biometric information deployment location determination unit 30 acquires user A's identification information and biometric information from the user information management DB 20, transmits the acquired identification information and biometric information of user A to the second MEC server, and requests that this information be added to the biometric information DB.
 <S207>
 S207において、生体情報配備場所決定部30は、ユーザ情報管理DB20におけるユーザの生体情報が現在格納されているMECサーバの識別情報に第2のMECサーバの識別情報を追加する。
<S207>
In S207, the biometric information deployment location determination unit 30 adds the identification information of the second MEC server to the identification information of the MEC server in which the user's biometric information is currently stored in the user information management DB 20.
 <S208>
 S208において、生体情報配備場所決定部30は、所定時間が経過した後、第1のMECサーバに対して、ユーザAの生体情報の削除を要求する。この所定時間の計測の開始時点は、例えば第2のMECサーバに対して情報の生体情報DBへの追加を要求した時点であってもよい。
<S208>
In S208, after a predetermined time has elapsed, the biometric information deployment location determination unit 30 requests the first MEC server to delete the biometric information of user A. The start point of measurement of this predetermined time may be, for example, the point of time when the second MEC server is requested to add the information to the biometric information DB.
 また、所定時間は、全てのユーザに共通に予め設定した時間であってもよいし、個々のユーザごとに予め設定した時間であってもよいし、対象のユーザ(ここではユーザA)の位置関連情報から推定される当該ユーザの速度などに応じて動的に決定した時間であってもよい。 The specified time may be a time that is preset commonly for all users, a time that is preset for each individual user, or a time that is dynamically determined according to the speed of the target user (here, user A) estimated from the location-related information of the user.
 上記所定時間を動的に決定する場合、例えば、ユーザが低速度(速度Aとする)で移動する場合、ユーザはMECエリアの境界付近にいる時間が長いと推定できるので、速度Aよりも高速で移動する場合の所定時間よりも長い時間を上記所定時間として決定する。 When the above-mentioned specified time is dynamically determined, for example, when the user moves at a low speed (speed A), it can be estimated that the user will spend a long time near the boundary of the MEC area, so the above-mentioned specified time is determined to be longer than the specified time when moving at a speed faster than speed A.
 <S209>
 S209において、生体情報配備場所決定部30は、ユーザ情報管理DB20におけるユーザAの生体情報が現在格納されているMECサーバの識別情報から第1のMECサーバの識別情報を削除する。
<S209>
In S209, the biometric information deployment location determination unit 30 deletes the identification information of the first MEC server from the identification information of the MEC server in which the biometric information of user A in the user information management DB 20 is currently stored.
 (実施例3)
 実施例3では、ユーザがMECエリア間やその境界を行ったり来たりした場合の処理のフラッピングを避けるために、ユーザの現在位置や予測位置が一定範囲を超えるまでの間、複数個所のMECサーバに同じユーザの生体情報を保持する仕組みを備える。図7のフローチャートを参照して実施例3の動作を説明する。
Example 3
In the third embodiment, in order to avoid process flapping when a user moves between MEC areas or between their boundaries, a mechanism is provided for storing biometric information of the same user in multiple MEC servers until the user's current location or predicted location exceeds a certain range. The operation of the third embodiment will be described with reference to the flowchart in FIG.
 <S301>
 S301において、生体情報配備場所決定部30は、ユーザ情報管理DB20におけるユーザの位置関連情報が更新されたか否かを判断する。更新された場合(Yesの場合)、S302に進む。
<S301>
In S301, the biometric information deployment location determination unit 30 judges whether or not the user's location related information has been updated in the user information management DB 20. If it has been updated (Yes), the process proceeds to S302.
 <S302>
 S302において、生体情報配備場所決定部30は、更新された位置関連情報と、更新に係るユーザ(ユーザAと呼ぶ)の生体情報が現在格納されている第1のMECサーバの識別情報をユーザ情報管理DB20から取得する。
<S302>
In S302, the biometric information deployment location determination unit 30 obtains from the user information management DB 20 the updated location-related information and the identification information of the first MEC server in which the biometric information of the user related to the update (called User A) is currently stored.
 <S303>
 S303において、生体情報配備場所決定部30は、更新された位置関連情報に基づいてユーザAの現在又は将来の位置であるユーザ位置を特定又は予測する。
<S303>
In S303, the biometric information deployment location determination unit 30 identifies or predicts the user location, which is the current or future location of user A, based on the updated location related information.
 <S304>
 S304において、生体情報配備場所決定部30は、特定又は予測されたユーザ位置を含む地域のソーシャル端末を配下に有する第2のMECサーバの識別情報をMECサーバテーブルから取得する。
<S304>
In S304, the biometric information deployment location determination unit 30 acquires, from the MEC server table, identification information of a second MEC server that has under its control a social terminal in an area that includes the identified or predicted user location.
 <S305>
 S305において、生体情報配備場所決定部30は、第1のMECサーバの識別情報に第2のMECサーバの識別情報が含まれるか否かを判断する。含まれる場合(Yesの場合)はS301に戻り、含まれない場合(Noの場合)はS306に進む。なお、「第1のMECサーバの識別情報に第2のMECサーバの識別情報が含まれる」とは、第1のMECサーバの識別情報と第2のMECサーバの識別情報が同一の場合、あるいは、複数の「第1のMECサーバの識別情報」があり、そのうちのいずれかが第2のMECサーバの識別情報と同一の場合である。
<S305>
In S305, the biometric information deployment location determination unit 30 judges whether the identification information of the first MEC server includes the identification information of the second MEC server. If it does (Yes), the process returns to S301, and if it does not (No), the process proceeds to S306. Note that "the identification information of the first MEC server includes the identification information of the second MEC server" means that the identification information of the first MEC server and the identification information of the second MEC server are the same, or there are multiple "identification information of the first MEC server", and any one of them is the same as the identification information of the second MEC server.
 <S306>
 S306において、生体情報配備場所決定部30は、ユーザAの識別情報と生体情報をユーザ情報管理DB20から取得し、第2のMECサーバに対して、取得したユーザAの識別情報と生体情報を送信し、これらの情報の生体情報DBへの追加を要求する。
<S306>
In S306, the biometric information deployment location determination unit 30 acquires user A's identification information and biometric information from the user information management DB 20, transmits the acquired identification information and biometric information of user A to the second MEC server, and requests that this information be added to the biometric information DB.
 <S307>
 S307において、生体情報配備場所決定部30は、ユーザ情報管理DB20におけるユーザの生体情報が現在格納されているMECサーバの識別情報に第2のMECサーバの識別情報を追加する。
<S307>
In S307, the biometric information deployment location determination unit 30 adds the identification information of the second MEC server to the identification information of the MEC server in which the user's biometric information is currently stored in the user information management DB 20.
 <S308>
 S308において、生体情報配備場所決定部30は、ユーザAの特定又は予測されたユーザ位置から所定距離以上離れた地域に対応する第1のMECサーバが存在するか否かを判断する。存在する場合はS309に進み、存在しない場合はS301に戻る。
<S308>
In S308, the biometric information deployment location determination unit 30 judges whether or not there is a first MEC server corresponding to an area that is a predetermined distance or more away from the specified or predicted user location of user A. If there is, the process proceeds to S309, and if there is no first MEC server, the process returns to S301.
 なお、特定又は予測されたユーザ位置と、ある地域との間の距離は、例えば、特定又は予測されたユーザ位置とその位置から最も近い当該地域の境界との間の距離であってもよいし、特定又は予測されたユーザ位置と当該地域の重心位置との間の距離であってもよい。 The distance between the identified or predicted user position and a certain area may be, for example, the distance between the identified or predicted user position and the nearest boundary of the area, or the distance between the identified or predicted user position and the center of gravity of the area.
 また、所定距離は、全てのユーザに共通に予め設定した距離であってもよいし、個々のユーザごとに予め設定した距離であってもよいし、対象のユーザ(ここではユーザA)の位置関連情報から推定される当該ユーザの速度などに応じて動的に決定した距離であってもよい。 The specified distance may be a distance that is set in advance for all users, a distance that is set in advance for each individual user, or a distance that is dynamically determined based on the speed of the target user (user A in this case) estimated from the position-related information of the user.
 上記所定距離を動的に決定する場合、例えば、低速度(速度Aとする)で移動するユーザに対して、速度Aよりも高速で移動する場合の所定距離よりも短い距離を上記所定距離として決定する。 When the above-mentioned specified distance is dynamically determined, for example, for a user moving at a low speed (speed A), the above-mentioned specified distance is determined to be a distance shorter than the specified distance when moving at a speed faster than speed A.
 <S309>
 S309において、生体情報配備場所決定部30は、特定又は予測されたユーザ位置から所定距離以上離れた地域に対応する第1のMECサーバに対して、ユーザAの生体情報の削除を要求する。
<S309>
In S309, the biometric information deployment location determination unit 30 requests the first MEC server corresponding to the area that is a predetermined distance or more away from the identified or predicted user position to delete the biometric information of user A.
 <S310>
 S310において、生体情報配備場所決定部30は、ユーザ情報管理DB20におけるユーザAの生体情報が現在格納されているMECサーバの識別情報から当該第1のMECサーバの識別情報を削除する。
<S310>
In S310, the biometric information deployment location determination unit 30 deletes the identification information of the first MEC server from the identification information of the MEC server in which the biometric information of user A is currently stored in the user information management DB 20.
 (実施例4)
 次に、図8のフローチャートを参照して、生体情報更新の実施例である実施例4を説明する。
Example 4
Next, a fourth embodiment of biometric information updating will be described with reference to the flowchart of FIG.
 <S401>
 S401において、生体情報配備場所決定部30は、ユーザ情報管理DB20において、いずれかのユーザの生体情報が更新されたか否かを判断する。更新された場合はS402に進む。なお、いずれかのユーザの生体情報が更新されたか否かのチェックについては、例えば定期的に実行する。
<S401>
In S401, the biometric information placement location determination unit 30 judges whether or not the biometric information of any user has been updated in the user information management DB 20. If it has been updated, the process proceeds to S402. Note that the check as to whether or not the biometric information of any user has been updated is performed, for example, periodically.
 <S402>
 S402において、生体情報配備場所決定部30は、生体情報が更新されたユーザ(ユーザAと呼ぶ)の生体情報が現在格納されている第1のMECサーバの識別情報をユーザ情報管理DB20から取得する。
<S402>
In S402, the biometric information deployment location determination unit 30 acquires, from the user information management DB 20, identification information of the first MEC server in which the biometric information of the user (referred to as user A) whose biometric information has been updated is currently stored.
 <S403>
 S403において、生体情報配備場所決定部30は、ユーザAの識別情報と生体情報をユーザ情報管理DB20から取得し、第1のMECサーバに対して、取得したユーザAの識別情報と生体情報を送信し、これらの情報の生体情報DBにおける更新を要求する。
<S403>
In S403, the biometric information deployment location determination unit 30 acquires user A's identification information and biometric information from the user information management DB 20, transmits the acquired identification information and biometric information of user A to the first MEC server, and requests that this information be updated in the biometric information DB.
 (ハードウェア構成例)
 本実施の形態で説明したいずれの装置(生体情報配備場所決定装置100、MECサーバなど)も、例えば、コンピュータにプログラムを実行させることにより実現できる。このコンピュータは、物理的なコンピュータであってもよいし、クラウド上の仮想マシンであってもよい。
(Hardware configuration example)
Any of the devices described in this embodiment (such as the biological information deployment location determination device 100 and the MEC server) can be realized by, for example, causing a computer to execute a program. This computer may be a physical computer or a virtual machine on the cloud.
 すなわち、当該装置は、コンピュータに内蔵されるCPUやメモリ等のハードウェア資源を用いて、当該装置で実施される処理に対応するプログラムを実行することによって実現することが可能である。上記プログラムは、コンピュータが読み取り可能な記録媒体(可搬メモリ等)に記録して、保存したり、配布したりすることが可能である。また、上記プログラムをインターネットや電子メール等、ネットワークを通して提供することも可能である。 In other words, the device can be realized by using hardware resources such as a CPU and memory built into a computer to execute a program corresponding to the processing performed by the device. The program can be recorded on a computer-readable recording medium (such as a portable memory) and then stored or distributed. The program can also be provided via a network such as the Internet or email.
 図9は、上記コンピュータのハードウェア構成例を示す図である。図9のコンピュータは、それぞれバスBで相互に接続されているドライブ装置1000、補助記憶装置1002、メモリ装置1003、CPU1004、インタフェース装置1005、表示装置1006、入力装置1007、出力装置1008等を有する。なお、当該コンピュータは、更にGPUを備えてもよい。 FIG. 9 is a diagram showing an example of the hardware configuration of the computer. The computer in FIG. 9 has a drive device 1000, an auxiliary storage device 1002, a memory device 1003, a CPU 1004, an interface device 1005, a display device 1006, an input device 1007, an output device 1008, etc., all of which are connected to each other via a bus B. The computer may further include a GPU.
 当該コンピュータでの処理を実現するプログラムは、例えば、CD-ROM又はメモリカード等の記録媒体1001によって提供される。プログラムを記憶した記録媒体1001がドライブ装置1000にセットされると、プログラムが記録媒体1001からドライブ装置1000を介して補助記憶装置1002にインストールされる。但し、プログラムのインストールは必ずしも記録媒体1001より行う必要はなく、ネットワークを介して他のコンピュータよりダウンロードするようにしてもよい。補助記憶装置1002は、インストールされたプログラムを格納すると共に、必要なファイルやデータ等を格納する。 The program that realizes the processing on the computer is provided by a recording medium 1001, such as a CD-ROM or a memory card. When the recording medium 1001 storing the program is set in the drive device 1000, the program is installed from the recording medium 1001 via the drive device 1000 into the auxiliary storage device 1002. However, the program does not necessarily have to be installed from the recording medium 1001, but may be downloaded from another computer via a network. The auxiliary storage device 1002 stores the installed program as well as necessary files, data, etc.
 メモリ装置1003は、プログラムの起動指示があった場合に、補助記憶装置1002からプログラムを読み出して格納する。CPU1004は、メモリ装置1003に格納されたプログラムに従って、当該装置に係る機能を実現する。インタフェース装置1005は、ネットワーク等に接続するためのインタフェースとして用いられる。表示装置1006はプログラムによるGUI(Graphical User Interface)等を表示する。入力装置1007はキーボード及びマウス、ボタン、又はタッチパネル等で構成され、様々な操作指示を入力させるために用いられる。出力装置1008は演算結果を出力する。 When an instruction to start a program is received, the memory device 1003 reads out and stores the program from the auxiliary storage device 1002. The CPU 1004 realizes the functions related to the device in accordance with the program stored in the memory device 1003. The interface device 1005 is used as an interface for connecting to a network, etc. The display device 1006 displays a GUI (Graphical User Interface) based on a program, etc. The input device 1007 is composed of a keyboard and mouse, buttons, a touch panel, etc., and is used to input various operational instructions. The output device 1008 outputs the results of calculations.
 (実施の形態のまとめ、効果等)
 以上説明したとおり、本実施の形態の生体認証システムにおいて、それぞれ生体認証部を備える複数のMECサーバが、互いに異なる地域に配置される。また、生体情報配備場所決定部30が備えられる。生体情報配備場所決定部30は、ユーザの現在又は将来の位置を特定又は予測するための位置関連情報に基づいて、各ユーザの生体認証に用いるための生体情報を保持するMECサーバを選択し、選択したMECサーバに当該ユーザの生体情報を保持させる。
(Summary of the embodiment, effects, etc.)
As described above, in the biometric authentication system of this embodiment, a plurality of MEC servers each equipped with a biometric authentication unit are arranged in different regions. Also, a biometric information deployment location determination unit 30 is provided. The biometric information deployment location determination unit 30 selects an MEC server that holds biometric information to be used for biometric authentication of each user based on location-related information for identifying or predicting the current or future location of the user, and causes the selected MEC server to hold the biometric information of the user.
 本実施の形態に係る技術により、MECサーバごとの生体認証部がマッチング処理で読みに行く際の生体データの総量を減らしたり、処理を効率化したりすることができる。その結果、探索総数を減らして処理を高速化できる。また、類似した特徴の生体データの絶対数も減ることが想定されるため誤検知も改善し、検知精度が向上する。 The technology according to this embodiment makes it possible to reduce the total amount of biometric data that the biometric authentication unit of each MEC server reads in the matching process and to make the process more efficient. As a result, the total number of searches can be reduced and the processing can be sped up. In addition, it is expected that the absolute number of biometric data with similar characteristics will also be reduced, improving false positives and detection accuracy.
 以上の実施形態に関し、更に以下の付記を開示する。 The following notes are further provided with respect to the above embodiment.
 <付記>
(付記項1)
 それぞれ生体認証部を備える複数のサーバであって、2以上の異なる場所に配置された複数のサーバと、
 ユーザの位置関連情報から特定又は予測される前記ユーザの位置に基づいて、前記ユーザの生体認証に用いる生体情報を格納するための特定のサーバを前記複数のサーバから選択し、選択した前記特定のサーバに対して前記生体情報の格納を要求する生体情報配備場所決定部と
 を備える生体認証システム。
(付記項2)
 前記生体情報配備場所決定部は、前記ユーザの位置を含む場所を配下に持つサーバを前記特定のサーバとして選択する
 付記項1に記載の生体認証システム。
(付記項3)
 前記特定のサーバと異なる他のサーバに前記生体情報が格納されている場合において、前記生体情報配備場所決定部は、ある時間が経過したことを検知した後に、前記他のサーバに前記生体情報の削除を要求する
 付記項1又は2に記載の生体認証システム。
(付記項4)
 前記特定のサーバと異なる他のサーバに前記生体情報が格納されている場合において、前記生体情報配備場所決定部は、前記他のサーバの配下の場所が前記ユーザの位置からある距離以上離れていることを検知した場合に、前記他のサーバに前記生体情報の削除を要求する
 付記項1又は2に記載の生体認証システム。
(付記項5)
 それぞれ生体認証部を備える複数のサーバであって、2以上の異なる場所に配置された複数のサーバを備える生体認証システムに対して使用される生体情報配備場所決定装置であって、
 ユーザの位置関連情報から特定又は予測される前記ユーザの位置に基づいて、前記ユーザの生体認証に用いる生体情報を格納するための特定のサーバを前記複数のサーバから選択する選択部と、
 選択した前記特定のサーバに対して前記生体情報の格納を要求する制御部と
 を備える生体情報配備場所決定装置。
(付記項6)
 それぞれ生体認証部を備える複数のサーバであって、2以上の異なる場所に配置された複数のサーバを備える生体認証システムに対してコンピュータが実行する生体情報配備場所決定方法であって、
 ユーザの位置関連情報から特定又は予測される前記ユーザの位置に基づいて、前記ユーザの生体認証に用いる生体情報を格納するための特定のサーバを前記複数のサーバから選択し、
 選択した前記特定のサーバに対して前記生体情報の格納を要求する
 生体情報配備場所決定方法。
(付記項7)
 コンピュータを、付記項5に記載の生体情報配備場所決定装置における各部として機能させるためのプログラムを記憶した非一時的記憶媒体。
<Additional Notes>
(Additional Note 1)
A plurality of servers each having a biometric authentication unit, the plurality of servers being located at two or more different locations;
a biometric information deployment location determination unit that selects a specific server from the plurality of servers for storing biometric information to be used for biometric authentication of the user, based on a location of the user identified or predicted from location-related information of the user, and requests the selected specific server to store the biometric information.
(Additional Note 2)
The biometric authentication system according to claim 1, wherein the biometric information deployment location determination unit selects, as the specific server, a server that has a location including the user's location under its control.
(Additional Note 3)
The biometric authentication system according to claim 1 or 2, wherein, in a case where the biometric information is stored in a server other than the specific server, the biometric information deployment location determination unit requests the other server to delete the biometric information after detecting that a certain time has elapsed.
(Additional Note 4)
The biometric authentication system according to claim 1 or 2, wherein when the biometric information is stored in a server other than the specific server, the biometric information deployment location determination unit requests the other server to delete the biometric information when it detects that a location under the control of the other server is a certain distance or more away from the user's location.
(Additional Note 5)
A biometric information deployment location determination device used in a biometric authentication system including a plurality of servers each having a biometric authentication unit, the plurality of servers being located in two or more different locations, the device comprising:
a selection unit that selects a specific server from the plurality of servers for storing biometric information used for biometric authentication of the user based on a location of the user identified or predicted from location-related information of the user;
and a control unit that requests the selected specific server to store the biometric information.
(Additional Note 6)
A biometric information deployment location determination method executed by a computer for a biometric authentication system including a plurality of servers each having a biometric authentication unit, the plurality of servers being located in two or more different locations, the method comprising:
selecting a specific server from the plurality of servers for storing biometric information used for biometric authentication of the user based on a location of the user identified or predicted from location-related information of the user;
and requesting the selected specific server to store the biometric information.
(Additional Note 7)
A non-transitory storage medium storing a program for causing a computer to function as each unit in the biometric information deployment location determination device according to claim 5.
 以上、本実施の形態について説明したが、本発明はかかる特定の実施形態に限定されるものではなく、特許請求の範囲に記載された本発明の要旨の範囲内において、種々の変形・変更が可能である。 The present embodiment has been described above, but the present invention is not limited to this specific embodiment, and various modifications and variations are possible within the scope of the gist of the present invention as described in the claims.
10 ユーザ情報取得部
20 ユーザ情報管理DB
30 生体情報配備場所決定部
40、50 MECサーバ
41、51 生体情報DB
42、52 生体認証部
43、53 サービスサーバ
60、80 ソーシャル端末
70、90 生体情報取得装置
100 生体情報配備場所決定装置
110 選択部
120 制御部
1000 ドライブ装置
1001 記録媒体
1002 補助記憶装置
1003 メモリ装置
1004 CPU
1005 インタフェース装置
1006 表示装置
1007 入力装置
1008 出力装置
10 User information acquisition unit 20 User information management DB
30 Biometric information placement location determination unit 40, 50 MEC server 41, 51 Biometric information DB
42, 52 Biometric authentication unit 43, 53 Service server 60, 80 Social terminal 70, 90 Biometric information acquisition device 100 Biometric information deployment location determination device 110 Selection unit 120 Control unit 1000 Drive device 1001 Recording medium 1002 Auxiliary storage device 1003 Memory device 1004 CPU
1005 Interface device 1006 Display device 1007 Input device 1008 Output device

Claims (7)

  1.  それぞれ生体認証部を備える複数のサーバであって、2以上の異なる場所に配置された複数のサーバと、
     ユーザの位置関連情報から特定又は予測される前記ユーザの位置に基づいて、前記ユーザの生体認証に用いる生体情報を格納するための特定のサーバを前記複数のサーバから選択し、選択した前記特定のサーバに対して前記生体情報の格納を要求する生体情報配備場所決定部と
     を備える生体認証システム。
    A plurality of servers each having a biometric authentication unit, the plurality of servers being located at two or more different locations;
    a biometric information deployment location determination unit that selects a specific server from the plurality of servers for storing biometric information to be used for biometric authentication of the user, based on a location of the user identified or predicted from location-related information of the user, and requests the selected specific server to store the biometric information.
  2.  前記生体情報配備場所決定部は、前記ユーザの位置を含む場所を配下に持つサーバを前記特定のサーバとして選択する
     請求項1に記載の生体認証システム。
    The biometric authentication system according to claim 1 , wherein the biometric information deployment location determination unit selects, as the specific server, a server that has a location including the user's location under its control.
  3.  前記特定のサーバと異なる他のサーバに前記生体情報が格納されている場合において、前記生体情報配備場所決定部は、ある時間が経過したことを検知した後に、前記他のサーバに前記生体情報の削除を要求する
     請求項1又は2に記載の生体認証システム。
    3. The biometric authentication system according to claim 1, wherein, when the biometric information is stored in a server other than the specific server, the biometric information deployment location determination unit requests the other server to delete the biometric information after detecting that a certain time has elapsed.
  4.  前記特定のサーバと異なる他のサーバに前記生体情報が格納されている場合において、前記生体情報配備場所決定部は、前記他のサーバの配下の場所が前記ユーザの位置からある距離以上離れていることを検知した場合に、前記他のサーバに前記生体情報の削除を要求する
     請求項1又は2に記載の生体認証システム。
    3. The biometric authentication system according to claim 1, wherein, when the biometric information is stored in a server other than the specific server, the biometric information deployment location determination unit requests the other server to delete the biometric information when it detects that a location under the other server is away from a location of the user by a certain distance or more.
  5.  それぞれ生体認証部を備える複数のサーバであって、2以上の異なる場所に配置された複数のサーバを備える生体認証システムに対して使用される生体情報配備場所決定装置であって、
     ユーザの位置関連情報から特定又は予測される前記ユーザの位置に基づいて、前記ユーザの生体認証に用いる生体情報を格納するための特定のサーバを前記複数のサーバから選択する選択部と、
     選択した前記特定のサーバに対して前記生体情報の格納を要求する制御部と
     を備える生体情報配備場所決定装置。
    A biometric information deployment location determination device used in a biometric authentication system including a plurality of servers each having a biometric authentication unit, the plurality of servers being located in two or more different locations, the device comprising:
    a selection unit that selects a specific server from the plurality of servers for storing biometric information used for biometric authentication of the user based on a location of the user identified or predicted from location-related information of the user;
    and a control unit that requests the selected specific server to store the biometric information.
  6.  それぞれ生体認証部を備える複数のサーバであって、2以上の異なる場所に配置された複数のサーバを備える生体認証システムに対してコンピュータが実行する生体情報配備場所決定方法であって、
     ユーザの位置関連情報から特定又は予測される前記ユーザの位置に基づいて、前記ユーザの生体認証に用いる生体情報を格納するための特定のサーバを前記複数のサーバから選択し、
     選択した前記特定のサーバに対して前記生体情報の格納を要求する
     生体情報配備場所決定方法。
    A biometric information deployment location determination method executed by a computer for a biometric authentication system including a plurality of servers each having a biometric authentication unit, the plurality of servers being located in two or more different locations, the method comprising:
    selecting a specific server from the plurality of servers for storing biometric information used for biometric authentication of the user based on a location of the user identified or predicted from location-related information of the user;
    and requesting the selected specific server to store the biometric information.
  7.  コンピュータを、請求項5に記載の生体情報配備場所決定装置における各部として機能させるためのプログラム。 A program for causing a computer to function as each unit in the biometric information deployment location determination device described in claim 5.
PCT/JP2023/010738 2023-03-17 2023-03-17 Biometric authentication system, biometric information distribution location determination device, biometric information distribution location determination method, and program WO2024194962A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2023/010738 WO2024194962A1 (en) 2023-03-17 2023-03-17 Biometric authentication system, biometric information distribution location determination device, biometric information distribution location determination method, and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2023/010738 WO2024194962A1 (en) 2023-03-17 2023-03-17 Biometric authentication system, biometric information distribution location determination device, biometric information distribution location determination method, and program

Publications (1)

Publication Number Publication Date
WO2024194962A1 true WO2024194962A1 (en) 2024-09-26

Family

ID=92841119

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2023/010738 WO2024194962A1 (en) 2023-03-17 2023-03-17 Biometric authentication system, biometric information distribution location determination device, biometric information distribution location determination method, and program

Country Status (1)

Country Link
WO (1) WO2024194962A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010108112A (en) * 2008-10-29 2010-05-13 Hitachi Software Eng Co Ltd Method and system for authenticating biological information
WO2020208745A1 (en) * 2019-04-10 2020-10-15 楽天株式会社 Authentication system, authentication terminal, user terminal, authentication method, and program
JP2021051754A (en) * 2016-03-01 2021-04-01 グーグル エルエルシーGoogle LLC Facial profile modification for hands-free transactions
WO2021214968A1 (en) * 2020-04-24 2021-10-28 日本電気株式会社 Authentication server, authentication system, and authentication server control method and storage medium
WO2022254654A1 (en) * 2021-06-03 2022-12-08 富士通株式会社 Memory control method, information processing device, memory control system, and memory control program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010108112A (en) * 2008-10-29 2010-05-13 Hitachi Software Eng Co Ltd Method and system for authenticating biological information
JP2021051754A (en) * 2016-03-01 2021-04-01 グーグル エルエルシーGoogle LLC Facial profile modification for hands-free transactions
WO2020208745A1 (en) * 2019-04-10 2020-10-15 楽天株式会社 Authentication system, authentication terminal, user terminal, authentication method, and program
WO2021214968A1 (en) * 2020-04-24 2021-10-28 日本電気株式会社 Authentication server, authentication system, and authentication server control method and storage medium
WO2022254654A1 (en) * 2021-06-03 2022-12-08 富士通株式会社 Memory control method, information processing device, memory control system, and memory control program

Similar Documents

Publication Publication Date Title
CN101202763B (en) Method and system for network processing node cache data in a communication network
CA2511639C (en) Proximity-based authorization
US10911888B1 (en) Pattern matching in point-of-interest (POI) traffic analysis
CN110213714B (en) Terminal positioning method and device
KR101134883B1 (en) System and method for registering open type poi
JP7084971B2 (en) Systems, servers, programs, and information processing methods
AU2020412338B2 (en) Method and device for improving the searchability of incident-specific social media content posted via particularly identified communication devices
JP6698728B2 (en) Judgment device, judgment method and judgment program
WO2024194962A1 (en) Biometric authentication system, biometric information distribution location determination device, biometric information distribution location determination method, and program
JP2008250930A (en) Data access control system, user information management device, data access determining device, mobile unit, and data access control method
US20150215955A1 (en) Method and apparatus for network based positioning (nbp)
CN111400520A (en) Construction method of face recognition library, face payment method, device and system
CN107205229B (en) Method and device for issuing information at wireless routing equipment end
US11644316B2 (en) Navigation in an establishment site for a user using a mobile electronic device
US10757623B2 (en) Cognitive analysis of temporal obstructions
KR101820043B1 (en) Mobile terminal identification, and business model using mobile terminal identification
US11864079B2 (en) System for communicating information relating to long period ground motion, server for communicating information relating to long period ground motion, mobile terminal, and method for communicating information relating to long period ground motion
JP2010273086A (en) Communication system and communication method
KR101104066B1 (en) Authentication system and method for wireless fidelity connection authentication
JP6313019B2 (en) Terminal management system and method
JP2014171032A (en) Server device, communication system, method, and program
US12088548B2 (en) Systems and methods for edge device discovery
KR101308607B1 (en) Name card management system using social network service and method therefor
US12127094B2 (en) Incident reporting method and structure
CN111954201B (en) Mobile terminal identification method and device based on cellular network and computer equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23928545

Country of ref document: EP

Kind code of ref document: A1