JP2018113504A - Secure element, UIM card, authentication method, and authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a secure element and the like capable of performing biometric authentication on a user without reducing authentication accuracy as well as personally managing biological information so that a server does not need to manage the biological information, and capable of safely transmitting a result of the biometric authentication to an external device.SOLUTION: Before authentication, feature amount data externally extracted from a user's biological information is previously registered and a public key of a public key cryptosystem is previously transmitted to an external device. At the time of the authentication, biometric authentication is performed by collating feature amount data externally extracted from biological information on a user to be an authentication target with the previously registered feature amount data and a result of the authentication is transmitted to the external device together with signature data generated using a secret key.SELECTED DRAWING: Figure 8

Description

  The present invention relates to the technical field of secure elements such as IC chips.

  In recent years, biosensors for acquiring biometric information such as fingerprints, irises, and veins are increasingly built in smartphones and the like. By mounting the biometric sensor on a smartphone or the like, biometric authentication based on biometric information can be realized instead of or in addition to conventional password authentication.

  On the other hand, in many cases of biometric authentication, biometric information is managed by a server, and authentication (verification of biometric information) is often performed at the server. In this case, there is no need to store biometric information in a smartphone or the like, and there is an advantage that it can be centrally managed by a secure server. However, every time the number of services using biometric authentication increases, it becomes necessary to manage the biometric information in the server on the service provider side. Therefore, there is a demerit that personal biometric information is managed everywhere. In addition, a server that manages biometric information in a unified manner is likely to be targeted by a targeted attack, and the risk and management burden on the service provider side that handles biometric information also increases.

  By the way, a UIM (User Identity Module) card as a secure element is inserted in a smartphone or the like, or an embedded secure element is built in, and confidential information such as a telephone number is managed in the secure element. . The secure element is resistant to failure analysis attacks, power analysis attacks, and the like, and is suitable for securely storing important data such as encryption keys or performing authentication processing using keys.

  Therefore, UIM (secure element) is effective for use as a storage for storing biological information. For example, Patent Document 1 discloses that UIM manages biometric information and performs authentication processing.

JP 2010-140174 A

  However, since UIM (secure element) has inferior CPU performance compared to that of a smartphone, it is difficult to perform processing such as feature amount extraction necessary for biometric authentication. In order to solve such a problem, it is conceivable to perform authentication by lowering the quality of biometric information, but there is a problem that authentication accuracy is lowered.

  Therefore, the present invention can manage biometric information on its own so that it is not necessary to manage biometric information on a server, and can perform biometric authentication without lowering the authentication accuracy, and can securely transmit the result of biometric authentication to an external device. It aims at providing the secure element etc. which can be transmitted to.

  In order to solve the above problem, the invention described in claim 1 is a secure element that includes a processing unit and a storage unit, and transmits a result of user authentication to an external device, wherein the storage unit performs the authentication. An authentication program to be stored is stored, and the authentication program acquires, for each user, the feature amount data extracted from the user's biometric information and the user ID of the user. Means for generating a secret key and a public key by public key cryptography for each user, user ID and feature amount data acquired by the acquiring means for each user, and generating by the generating means A registration means for associating the stored secret key in the storage unit, a first transmission means for sending the public key generated for the user to the external device for each user, from the external device The user ID corresponding to the user who is the authentication target and the feature amount data extracted from the biometric information of the user who is the authentication target are received, and the usage corresponding to the user who is the authentication target is received in the storage unit Authentication means for authenticating the user by comparing the feature amount data registered in association with the same user ID as the user ID and the received feature amount data, corresponding to the user who is the authentication target Creating means for creating signature data by using a secret key registered in association with the same user ID as the user ID to be transmitted, the transmission source of the user ID corresponding to the user to be authenticated It is made to function as a 2nd transmission means which transmits the said authentication result and the said signature data with respect to an external device.

  The invention according to claim 2 is the secure element according to claim 1, wherein the acquisition unit further acquires a service ID for identifying a service provided by the external device, and the registration unit includes: The service ID is further registered in association with the user ID, the feature amount data, and the secret key, and the first transmission unit transmits the public key to a program operating on the external device, and The authentication means further receives the service ID of the program from the program operating on the external device and registers it in the storage unit in association with the same user ID and service ID as the received user ID and service ID. The feature data and the received feature data are collated to authenticate the user, and the creation means receives the received user ID and server. The signature data is created using a secret key registered in the storage unit in association with the same user ID and service ID as the service ID, and the second transmission means corresponds to the user to be authenticated The authentication result and the signature data are transmitted to the program that is a transmission source of the user ID to be transmitted.

  A third aspect of the present invention is the secure element according to the first or second aspect, wherein the generation unit uses elliptic curve cryptography as the public key cryptosystem.

  Invention of Claim 4 is the secure element as described in any one of Claim 1 thru | or 3, Comprising: The said authentication program carries out the said process part in the secure application program run in an external secure area, and the said It further functions as an opening means for establishing a secure channel for performing communication between authentication programs, and the acquisition means uses the secure application program to extract feature quantity data extracted from the user's biometric information by the secure application program. Acquired from the secure application program via the secure channel, and the authentication means receives the feature data extracted from the biometric information of the user who is the authentication target by the secure application program via the secure channel. Special to do To.

  A fifth aspect of the present invention is a UIM card on which the secure element according to any one of the first to fourth aspects is mounted.

  The invention according to claim 6 includes a processing unit and a storage unit, and in a secure element that transmits a result of user authentication to an external device, the processing unit performs the authentication stored in the storage unit. An authentication method performed based on an authentication program, for each user, an acquisition step of acquiring feature amount data extracted from the biometric information of the user and a user ID of the user, and the user For each user, a generation step for generating a secret key and a public key by a public key cryptosystem, a user ID and feature amount data acquired by the acquisition step for each user, and a secret key generated by the generation unit A registration step of storing in the storage unit in association with each other, a first transmission step of transmitting, for each user, a public key generated for the user to the external device, and from the external device The user ID corresponding to the user who is the authentication target and the feature amount data extracted from the biometric information of the user who is the authentication target are received, and the usage corresponding to the user who is the authentication target is received in the storage unit A feature amount data registered in association with the same user ID as the user ID, an authentication process for verifying the user by collating the received feature amount data, and a user who is the authentication target A creation step of creating signature data using a secret key registered in association with the same user ID as the corresponding user ID, and a transmission source of the user ID corresponding to the user to be authenticated And a second transmission step of transmitting the signature data and the signature data to a certain external device.

  The invention according to claim 7 is an authentication program for performing the authentication stored in the storage unit in a secure element that includes a processing unit and a storage unit and transmits a result of user authentication to an external device. The processing unit is configured to obtain, for each user, feature amount data extracted from the biometric information of the user and a user ID of the user, public key encryption for each user. A generating unit that generates a secret key and a public key by a method, and for each user, the user ID and feature amount data acquired by the acquiring unit and the secret key generated by the generating unit are associated with each other in the storage unit Registration means for storing, first transmission means for transmitting a public key generated for the user to the external device for each user, use corresponding to the user to be authenticated from the external device The feature amount data extracted from the ID and the biometric information of the user who is the authentication target is received, and the same user ID corresponding to the user ID corresponding to the user who is the authentication target is associated with the storage unit Registered with the feature amount data, authentication means for verifying the user by collating the received feature amount data, a user ID identical to the user ID corresponding to the user to be authenticated, and Creating means for creating signature data using a secret key registered in association with the signature data and the signature for the external device that is a transmission source of a user ID corresponding to the user to be authenticated; It functions as a second transmission means for transmitting data.

  According to the present invention, before the authentication, the feature amount data extracted from the user's biometric information is stored in the storage unit, and the public key of the public key cryptosystem is transmitted to the external device. By authenticating the feature quantity data extracted from the biometric information of the user who is the object of authentication with the registered feature quantity data, without accessing the server that manages the biometric information, and Biometric authentication can be performed without lowering the authentication accuracy. In addition, the authentication result can be transmitted safely to the external device by transmitting the signature data created with the private key paired with the public key transmitted earlier together with the authentication result.

It is a block diagram which shows the example of a schematic structure of the portable terminal 1 which concerns on this embodiment. It is a block diagram which shows the example of a schematic structure of IC chip C mounted in UIM card 2 which concerns on this embodiment. It is a block diagram which shows the structural example relevant to the fingerprint authentication in the portable terminal 1 which concerns on this embodiment. It is a figure which shows the example of a schematic structure of the feature-value table T provided on the flash memory 23 which concerns on this embodiment. It is a sequence diagram which shows an example of the secure channel establishment process which concerns on this embodiment. It is a conceptual diagram which shows an example of the flow at the time of fingerprint registration which concerns on this embodiment. It is a flowchart which shows an example of the process in Trust Zone at the time of fingerprint registration which concerns on this embodiment. It is a conceptual diagram which shows an example of the flow at the time of the fingerprint authentication which concerns on this embodiment. It is a flowchart which shows an example of the process in Trust Zone at the time of the fingerprint authentication which concerns on this embodiment.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. The embodiment described below is an embodiment when the present invention is applied to an IC chip (secure element) mounted on a UIM card inserted in a mobile terminal such as a smartphone.

[1. Configuration of mobile terminal 1]
FIG. 1 is a block diagram illustrating a schematic configuration example of the mobile terminal 1 according to the present embodiment. As shown in FIG. 1, the mobile terminal 1 includes a control unit 11, a storage unit 12, a wireless communication unit 13, a display unit 14, an input unit 15, a CLF interface 16a, an IC card interface 16b, a fingerprint sensor 18, a CLF 19, and the like. These components are connected to each other via a bus 17. Further, the UIM card 2 is inserted into the portable terminal 1 and is connected to the IC card interface 16b and the CLF 19. The mobile terminal 1 is, for example, a mobile phone, a smartphone, a tablet terminal, or the like.

  The control unit 11 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like. The storage unit 12 is configured by a nonvolatile memory such as a flash memory, for example. The ROM or storage unit 12 stores a general-purpose OS (Operating System) and middleware. In addition, the storage unit 12 is an application program that provides services such as API (Application Program Interface) and service applications (net banking, online trade, shopping cart) installed in the mobile terminal 1, and provides a service for normal completion of fingerprint authentication Application software (software configured from an application program language) and the like are stored. The API is an interface for using operating system functions from application software. The application software is a program that can be downloaded from a predetermined server, for example.

  The control unit 11 forms a so-called trust zone. The Trust Zone is a secure area that is a memory space physically separate from the memory space in which the general-purpose OS operates. In the Trust Zone, a dedicated OS called Secure OS runs and performs secure information management. While the operation of a general-purpose OS can be seen from the Trust Zone side, the inside of the Trust Zone cannot be recognized from the general-purpose OS side. This mechanism can prevent external attacks. In the present embodiment, a first fingerprint application for performing fingerprint authentication described later operates in the trust zone. The Trust Zone was developed by ARM, but the same mechanism was developed and standardized as a “TEE (Trusted Execution Environment)” by the Global Platform. Other TEEs are used instead of the Trust Zone. Can also be adopted.

  The wireless communication unit 13 includes an antenna and controls wireless communication performed with a base station in the mobile communication network. The display unit 14 includes, for example, a touch panel type display panel, and performs display control on the display panel and reception of an operation instruction from the user U. The input unit 15 has an operation button for inputting an operation instruction from the user U, and outputs a signal corresponding to the operation button to the control unit 11. The CLF interface serves as an interface between the control unit 11 and the CLF 19, and the IC card interface 16b serves as an interface between the control unit 11 and the UIM card 2.

  The UIM card 2 is one of UICCs (Universal Integrated Circuits) and, for example, includes a contact IC chip whose functions are expanded based on a conventional SIM (Subscriber Identity Module).

  The fingerprint sensor 18 detects a fingerprint image indicating a fingerprint of a finger placed on the fingerprint sensor 18.

  The CLF 19 is a non-contact type IC chip that performs non-contact communication defined by the NFC standard, and is an antenna for transmitting and receiving various signals to and from a reading device (not shown) in the field of non-contact communication. It is connected to the. Then, when the user U holds the portable terminal 1 over the reading device, the command transmitted from the reading device is transmitted to the UIM card 2 via the interface (not shown), and is transmitted from the UIM card 2. A response to the command is returned to the reader. The CLF 19 can be operated by the OS of the mobile terminal 1.

[2. Configuration of IC chip C]
FIG. 2 is a block diagram illustrating a schematic configuration example of the IC chip C mounted on the UIM card 2 according to the present embodiment. As shown in FIG. 2, the IC chip C (an example of a “secure element”) includes a CPU 21 (an example of a “processing unit”), a RAM 22, a flash memory 23, an I / O circuit 24, and the like. They are connected to each other via a bus 25.

  The IC chip C is a so-called secure element, which is designed to withstand a malicious analysis attack from the outside, and forms a secure environment.

  The RAM 22 stores data temporarily necessary for the functioning of the OS, middleware, and various applications, for example.

  The flash memory 23 (an example of a “storage unit”) is, for example, a NOR flash memory, and stores an OS, middleware, an application (TEL application), and the like. In the present embodiment, a second fingerprint application for performing fingerprint authentication is installed in the flash memory 23 and is executed by the CPU 21.

  The I / O circuit 24 has eight connection terminals C1 to C8 defined by ISO7816 or the like. Here, the C1 terminal is a power supply terminal (VCC), and the C5 terminal is a ground terminal (GND). The C2 terminal is a reset terminal (RST), and the C3 terminal is a clock terminal (CLK). The C7 terminal is used for communication between the CPU 21 and the control unit 11. The C6 terminal is used for communication between the CPU 21 and the CLF 19. Note that SWP (Single Wire Protocol) is applied as a communication protocol between the CPU 21 and the CLF 19.

  Next, a configuration related to fingerprint authentication in the mobile terminal 2 will be described. FIG. 3 is a block diagram illustrating a configuration example related to biometric authentication in the mobile terminal 1 according to the present embodiment. First, when providing the service, the service application 31 performs a fingerprint authentication between the first fingerprint application 33 operating in the Trust Zone 32 and the second fingerprint application 29 operating in the IC chip C (secure element). A logical secure channel is constructed (the flow when constructing a secure channel will be described later). The fingerprint sensor 18 detects the fingerprint of the user of the mobile terminal 1 and outputs a fingerprint image. The first fingerprint application 33 and the second fingerprint application 29 execute processing related to fingerprint authentication based on the fingerprint image.

  Next, the feature amount table T provided in the area allocated to the second fingerprint application 29 in the flash memory 23 will be described with reference to FIG. The feature amount table T is created when the second fingerprint application 29 is installed in the IC chip C (secure element), and stores a predetermined number (“3” in this embodiment) of authentication information related to fingerprint authentication processing. To do. The authentication information is information registered for each service application 31 and user, and is managed by an index.

  The authentication information includes an AID, a user ID for identifying the user, feature amount data (data obtained by digitizing feature points of a fingerprint image), and information indicating a secret key. AID is information for identifying a service application that requires fingerprint authentication. By holding AID, fingerprint authentication can be performed for a plurality of service applications, and there is no need to install an authentication application for each service application. The secret key is one of the key pairs (secret key and public key) that the second fingerprint application 29 creates for each combination of AID and user ID using the public key cryptosystem. The public key that is another key of the key pair is transmitted to the service application 31 and held. The feature amount data is information obtained by executing feature point extraction processing on the fingerprint image for each combination of AID and user ID.

  When receiving a command from the CLF 19, the CPU 21 executes command processing according to the command and sends a response to the command to the CLF 19. Further, when receiving a command from the control unit 11, the CPU 21 executes a command process corresponding to the command and sends a response to the command to the control unit 11.

[3. Secure channel establishment process]
Here, the secure channel establishment process will be described with reference to FIG. The process for establishing a secure channel (secure communication channel) is performed according to a secure channel protocol (hereinafter referred to as “SCP”).

  First, the first fingerprint application 33 transmits a SELECT command to form a communication path with the second fingerprint application 29 (step S1). The SELECT command includes an AID (ID indicating the second fingerprint application 29) that identifies an application that is a communication path partner, and a logical channel number that identifies a communication path (logical channel) with the application. Including. In response to this, the second fingerprint application 29 executes a process for forming a communication path in response to the command and responds (step S2). Thereby, a communication channel (logical channel) identified by the logical channel number is formed, and thereafter, the first fingerprint application 33 includes the logical channel number in the command, thereby identifying the communication channel identified by the logical channel number. It is possible to communicate with the second fingerprint application 29 via. Next, the first fingerprint application 33 performs secure processing (mutual authentication processing for protecting commands with the SCP) to make the communication channel (logical channel) formed so far secure to improve the confidentiality of the communication channel. ).

  The mutual authentication is based on the premise that each of the keys (Key ID01, Key ID02, and Key ID03) that is the source of the cryptographic operation is known according to the algorithm determined by the protocol. The second fingerprint application 29 authenticates each other. Specifically, the first fingerprint application 33 transmits an INITIALIZE UPDATE command and an EXTERNAL AUTHENTICATE command, which are commands for mutual authentication, and the second fingerprint application 29 executes processing according to each command.

  First, the first fingerprint application 33 generates a random number called Host challenge, and receives a second INITIALIZE UPDATE command including Host challenge and key version information (which may be referred to as “key version number”) indicating a key version. It transmits to the fingerprint application 29 (step S3). It should be noted that the second fingerprint application 29 and the first fingerprint application 33 hold a plurality of key versions (sometimes referred to as “key version”) of key combinations including three keys used for mutual authentication. The key version number included in the INITIALIZE UPDATE command indicates the key version used for secure processing among the multiple key versions held by each other (that is, the key version used by the first fingerprint application 33 for secure processing is specified) To do).

  On the other hand, the second fingerprint application 29 generates a random number called Card challenge and uses the Card challenge and the key of the key version specified by the key version number (three keys of Key ID01, Key ID02, and Key ID03). Next, three session keys corresponding to each Key ID are generated. For example, a session key for Key ID01 is generated based on Key ID01. Each session key is used in accordance with each protocol (for example, a MAC generation session key, a data encryption session key, and a key encryption session key are generated). The second fingerprint application 29 calculates a ciphertext called Card cryptogram using the session key using the generated Card challenge and the received Host challenge as materials, and transmits the Card challenge and Card cryptogram to the first fingerprint application 33. (Step S4).

  Next, the first fingerprint application 33 generates a session key based on the key version key (the key held by the first fingerprint application 33) specified by Card challenge and key version number, as in the second fingerprint application 29 side. Then, using the card challenge and host challenge as materials, a card cryptogram is generated using the session key. The first fingerprint application 33 compares the card cryptogram generated by itself with the card cryptogram received from the second fingerprint application 29 side, and confirms whether or not they match, so that the second fingerprint application 29 knows the key value. Make sure that there is. Upon confirming this, the first fingerprint application 33 calculates a ciphertext called Host cryptogram using the session challenge using the Card challenge and Host challenge as materials, and sends an EXTERNAL AUTHENTICATE command including the Host cryptogram to the second fingerprint application 29. Transmit (step S5).

  On the other hand, the second fingerprint application 29 generates a host cryptogram using the session key using the card challenge and the host challenge as in the first fingerprint application 33 side, and generates the host cryptogram and the first fingerprint application generated by itself. By comparing the Host cryptograms received from the 33 side and confirming whether they match, it is confirmed that the first fingerprint application 33 is a legitimate partner who knows the key value. Upon confirming this, the second fingerprint application 29 notifies the first fingerprint application 33 that the mutual authentication has been completed (step S6).

  After mutual authentication is completed, the command is protected by generating and verifying a check code called MAC (Message Authentication Code) using session keys generated mutually (steps S7 to S10).

[4. Fingerprint authentication process]
Next, fingerprint authentication processing by the service application 31, the first fingerprint application 33, and the second fingerprint application 29 will be described. In addition, in order to perform fingerprint authentication processing between the service application 31 and the first fingerprint application 33 and the second fingerprint application 29, registration processing for registering information necessary for performing fingerprint authentication processing between the two is performed. Must be done in advance. Therefore, after first describing the registration process, the authentication process will be described.

  The registration process will be described with reference to FIGS. FIG. 6 is a diagram showing a rough flow at the time of fingerprint registration, and FIG. 7 is a flowchart showing an operation example of registration processing by the second fingerprint application at the time of fingerprint registration.

  As shown in FIG. 6, first, when the fingerprint sensor 18 detects the fingerprint image of the user, it passes it to the first fingerprint application 33 in the Trust Zone 32. Note that the fingerprint image here is detected by placing the finger on the fingerprint sensor 18 in accordance with a message such as “Please place your finger on the fingerprint sensor 18 because a fingerprint is registered” in advance. In parallel with this, the service application 31 passes the AID for identifying the service application 31 and the user ID for identifying the user who placed the finger on the fingerprint sensor 18 to the first fingerprint application 33.

  Next, the first fingerprint application 33 (the control unit 11 that executes the first fingerprint application 33) performs preprocessing such as filter processing for performing feature point extraction processing on the fingerprint image received from the fingerprint sensor 18, and then performs feature processing. A point extraction process is performed to obtain feature data based on the fingerprint image.

  Next, the first fingerprint application 33 (the control unit 11 that executes the application) passes the AID and user ID received from the service application 31 and the feature amount data to the second fingerprint application 29 of the IC chip C (secure element). .

  Next, the second fingerprint application 29 (the CPU 21 that executes it) creates a key pair (private key / public key) by a public key cryptosystem.

  Next, the second fingerprint application 29 (the CPU 21 that executes it) registers the AID, user ID, and feature amount data received from the first fingerprint application 33 in association with the secret key in the feature amount table T.

  Next, the second fingerprint application 29 (which executes the CPU 21) passes a public key to the service application 31 together with a response indicating that fingerprint registration has been normally completed, or a response indicating that fingerprint registration has been abnormally terminated. Pass it to the service application 31. The above is a rough flow at the time of fingerprint registration.

  Next, an operation example of registration processing by the second fingerprint application 29 will be described with reference to FIG. The registration process by the second fingerprint application 29 is executed when receiving the AID, user ID, and feature amount data from the first fingerprint application 33.

  As shown in FIG. 7, first, the second fingerprint application 29 (the CPU 21 that executes it) creates a key pair (private key / public key) by a public key cryptosystem (step S111). As a method for creating a key pair by a public key cryptosystem, a conventionally known method can be adopted. However, it is preferable that the time required for the creation process is elliptic curve cryptography which is shorter than RSA cryptography.

  Next, the second fingerprint application 29 (which executes the CPU 21) registers the same combination of AID and user ID as the combination of AID and user ID received from the first fingerprint application 33 in the feature amount table T. It is determined whether or not (step S112). At this time, if it is determined that the second fingerprint application 29 (the CPU 21 that executes it) is registered (step S112: YES), the feature amount data received from the first fingerprint application 33 and the process of step S111 are performed. With the created private key, overwrite registration is performed (step S113), and the process proceeds to step S117. That is, in the feature amount table T, newly acquired feature data and a newly created secret key are registered. The reason for overwriting and registering the same combination of AID and user ID is to cope with changes in biological information over time. As a weak point of biometric authentication, if it becomes thin or scratched due to aging, changes in body shape, or fingerprints, the accuracy of authentication will be reduced even for the same person. End up). Therefore, it is preferable to register biometric information again when the authentication accuracy decreases or when a certain period of time has passed since the previous registration. Therefore, it is necessary to allow re-registration of feature quantities even for the same person.

  On the other hand, if it is determined that the second fingerprint application 29 (which executes the CPU 21) is not registered (step S112: NO), it is then determined whether or not the number of registered cases in the feature amount table T is the maximum. (Step S114). At this time, if the second fingerprint application 29 (which executes the CPU 21) determines that the number of registered cases in the feature amount table T is the maximum (step S114: YES), the registration of the feature amount data has ended abnormally. A response (NG) indicating this is output to the service application 31 (step S116), and the registration process by the second fingerprint application 29 is terminated.

  On the other hand, if the second fingerprint application 29 (which executes the CPU 21) determines that the number of registered features in the feature table T is not the maximum (step S114: NO), the second fingerprint application 29 in the free area of the feature table T The AID, user ID, and feature amount data received from one fingerprint application 33 and the secret key created in step S111 are registered in the feature amount table T in association with each other (step S115), and the process proceeds to step S117. .

  When the second fingerprint application 29 (which executes the CPU 21) ends the process of step S113 or step S115, the response (OK) indicating that the registration of the feature amount data has ended normally, and the process of step S111 are performed. The public key created in step S3 is output to the service application 31 (step S117), and the registration process by the second fingerprint application 29 is terminated.

  The service application 31 retains the public key received from the second fingerprint application 29 in association with the user ID that has been passed to the second fingerprint application 29 previously.

  The authentication process will be described with reference to FIGS. FIG. 8 is a diagram showing a rough flow at the time of fingerprint authentication, and FIG. 9 is a flowchart showing an operation example of authentication processing by the second fingerprint application at the time of fingerprint authentication.

  As shown in FIG. 8, first, when the fingerprint sensor 18 detects a fingerprint image of the user, the fingerprint image is transferred to the first fingerprint application 33 in the Trust Zone 32. The fingerprint image here is detected in advance based on the finger being placed according to a message such as “Please place your finger on the fingerprint sensor 18 for fingerprint authentication”. In parallel with this, the service application 31 passes the AID for identifying the service application 31 and the user ID for identifying the user who placed the finger on the fingerprint sensor 18 to the first fingerprint application 33.

  Next, the first fingerprint application 33 (the control unit 11 that executes the first fingerprint application 33) performs preprocessing such as filter processing for performing feature point extraction processing on the fingerprint image received from the fingerprint sensor 18, and then performs feature processing. A point extraction process is performed to obtain feature data based on the fingerprint image.

  Next, the first fingerprint application 33 (the control unit 11 that executes the application) passes the AID and user ID received from the service application 31 and the feature amount data to the second fingerprint application 29 of the IC chip C (secure element). .

  Next, the second fingerprint application 29 (the CPU 21 that executes it), the feature amount data associated with the same combination as the combination of the AID and the user ID received from the first fingerprint application 33 from the feature amount table T. And get the private key. Next, the second fingerprint application 29 (which executes the CPU 21) calculates the score by comparing the acquired feature amount data with the feature amount data received from the first fingerprint application 33, and the score is preset. It is determined whether the threshold value is exceeded. At this time, when the score exceeds the threshold value, it is determined as authentication OK, and when the score does not exceed the threshold value, it is determined as authentication NG. If the authentication is OK, signature data is created using the secret key acquired from the feature table T.

  Next, the second fingerprint application 29 (which executes the CPU 21) passes the signature data together with the response indicating authentication OK to the service application 31, or passes the response indicating authentication NG to the service application 31. The above is a rough flow at the time of fingerprint authentication.

  Next, an operation example of authentication processing by the second fingerprint application 29 will be described with reference to FIG. Note that the authentication processing by the second fingerprint application 29 receives feature amount data from the first fingerprint application 33 based on the AID, the user ID corresponding to the user to be authenticated, and the fingerprint image of the user to be authenticated. Executed when triggered.

  As shown in FIG. 9, first, the second fingerprint application 29 (the CPU 21 that executes it) has the same combination of AID and user ID as the combination of AID and user ID received from the first fingerprint application 33 as the feature amount. It is determined whether it is registered in the table T (step S131). At this time, if it is determined that the second fingerprint application 29 (the CPU 21 that executes it) is not registered (step S131: NO), a response (NG) indicating that fingerprint authentication has ended abnormally is sent to the service application 31. In step S132, the second fingerprint application 29 completes the authentication process.

  On the other hand, if it is determined that the second fingerprint application 29 (the CPU 21 that executes it) is registered (step S131: YES), the second fingerprint application 29 is associated with the combination of the AID and the user ID received from the first fingerprint application 33. The feature amount data and the secret key registered in the feature amount table T are acquired (step S133).

  Next, the second fingerprint application 29 (the CPU 21 that executes it) compares the feature amount data received from the first fingerprint application 33 with the feature amount data acquired in the process of step S133, and calculates a score (step S134). ). As a score calculation method, a conventionally known method can be employed.

  Next, the second fingerprint application 29 (which executes the CPU 21) can arbitrarily set the score calculated in the process of step S134 according to a preset threshold (how strictly fingerprint authentication is performed). ) Is exceeded (step S135). At this time, if the second fingerprint application 29 (which executes the CPU 21) determines that the score does not exceed a preset threshold (step S135: NO), a response indicating that the fingerprint authentication has ended abnormally (NG) is output to the service application 31 (step S132), and the authentication processing by the second fingerprint application 29 is terminated.

  On the other hand, if the second fingerprint application 29 (which executes the CPU 21) determines that the score exceeds a preset threshold value (step S135: YES), the signature is obtained using the secret key acquired in the process of step S133. Data is created (step S136). For example, the second fingerprint application 29 (which executes the CPU 21) creates signature data by encrypting a random number generated by the second fingerprint application 29 using a secret key. Next, the second fingerprint application 29 (the CPU 21 that executes it) outputs a response (OK) indicating that the fingerprint authentication has been completed normally and the signature data created in the process of step S136 to the service application 31 (step S137). Then, the registration process by the second fingerprint application 29 is terminated.

  The service application 31 receives the response (OK), and associates the signature data received from the second fingerprint application 29 with the user ID that has been passed to the second fingerprint application 29 first. Decryption is performed using the public key held, and if the decryption is successful, the user is determined to be a valid user and service provision is started.

  As described above, the IC chip C (secure element) of the present embodiment includes the CPU 21 (an example of “processing unit”) and the flash memory 23 (an example of “storage unit”), and carries the result of user authentication. The data is transmitted to the service application 31 of the terminal 1 (an example of “external device”), and the flash memory 23 stores a second fingerprint application 29 (an example of “authentication program”), and the CPU 21 (“acquisition means”, An example of “generation means”, “registration means”, “first transmission means”, “authentication means”, “creation means”, “second transmission means”) is based on the second fingerprint application 29 for each user. In addition, the feature amount data extracted from the fingerprint image (an example of “biological information”) of the user and the user ID of the user are acquired, and the secret key and the public are disclosed by public key cryptography for each user. Generate a key for each user, The obtained user ID and feature amount data and the generated secret key are stored in the flash memory 23 in association with each other, and the public key generated for the user is transmitted to the portable terminal 1 for each user, The user ID corresponding to the user who is the authentication target and the feature amount data extracted from the fingerprint image of the user who is the authentication target are received from the terminal 1, and the user who is the authentication target is received in the flash memory 23. The feature amount data registered in association with the same user ID as that corresponding to the user ID is compared with the received feature amount data to authenticate the user, and The signature data is created using a secret key registered in association with the same user ID as the corresponding user ID, and the mobile terminal 1 that is the transmission source of the user ID corresponding to the user to be authenticated Vs. Te, and it transmits the result of authentication and signature data.

  Therefore, according to the IC chip C (secure element) of the present embodiment, the feature amount data extracted from the fingerprint image of the user externally (first fingerprint application 33 in the Trust Zone 32) is stored in the flash memory 23 before authentication. At the same time, the public key of the public key cryptosystem is transmitted to the portable terminal 1, and the feature amount extracted from the fingerprint image of the user who is the authentication target in the outside (first fingerprint application 33 of the Trust Zone 32) at the time of authentication. By performing authentication by comparing the data with the registered feature data, biometric authentication can be performed without accessing the server that manages the fingerprint image and without lowering the authentication accuracy. In addition, the authentication result can be safely transmitted to the mobile terminal 1 by transmitting the signature data created with the public key paired with the previously transmitted public key together with the authentication result.

  In addition, the CPU 21 of the present embodiment further acquires an AID for identifying the service application 31 (an example of “service ID for identifying a service provided by an external device”), and obtains a user ID, feature amount data, and AID is further registered in association with the secret key, and at the time of authentication, the AID is further received from the service application 31 in addition to the user ID and the feature amount data, and the same user ID and AID as the received user ID and AID The feature amount data registered in the flash memory 23 in association with the received feature amount data is verified to authenticate the user, and the same user ID and AID as the received user ID and AID The signature data is created by using the secret key registered in the flash memory 23 in association with the user ID corresponding to the user to be authenticated. The service application 31, which is the original, sends the result of authentication and the signature data. As described above, by further associating and registering AIDs in the feature amount table T, fingerprint authentication can be performed for a plurality of service applications 31, and there is no need to install an authentication application for each service application 31. .

  Furthermore, the CPU 21 of this embodiment uses elliptic curve cryptography as a public key cryptosystem. As a result, a key pair can be generated at a higher speed than when RSA encryption is used.

  Furthermore, communication is performed between the second fingerprint application 29 of the present embodiment and the first fingerprint application 33 (an example of the “secure application program”) executed in the Trust Zone 32 (an example of the “external secure area”). A secure channel for performing the operation is established, and the CPU 21 acquires the feature amount data extracted from the fingerprint image of the user by the first fingerprint application 33 from the first fingerprint application 33 via the secure channel, and the first fingerprint application 33 The feature amount data extracted from the fingerprint image of the user who is the authentication target is received from the first fingerprint application 33 via the secure channel. Thereby, the second fingerprint application 29 can safely acquire the feature amount data from the first fingerprint application 33, and can improve the security level at the time of authentication.

[5. Modified example]
Next, a modification of the above embodiment will be described. Note that the modifications described below can be combined as appropriate.

[5.1. Modification 1]
In the above embodiment, the UIM card including the IC chip C (secure element) is inserted into the mobile terminal 1, but the IC chip C (secure element) is embedded on the substrate of the mobile terminal 1. (It may be so-called embedded Secure Element).

[5.2. Modification 2]
In the above embodiment, the AID and the user ID are transferred from the service application 31 to the second fingerprint application via the first fingerprint application 33 (see FIGS. 6 and 8). Instead, the service application 31 may directly pass to the second fingerprint application.

[5.3. Modification 3]
In the above embodiment, only fingerprint authentication has been described, but the present invention can also be applied to other biometric authentication such as iris authentication and vein authentication.

DESCRIPTION OF SYMBOLS 1 Portable terminal 11 Control part 12 Storage part 13 Wireless communication part 14 Display part 15 Input part 16a CLF interface 16b IC card interface 17 Bus 18 Fingerprint sensor 19 CLF
2 UIM card C IC chip (secure element)
21 CPU
22 RAM
23 Flash memory 24 I / O circuit 25 Bus

Claims (7)

A secure element that includes a processing unit and a storage unit and transmits a result of user authentication to an external device,
The storage unit stores an authentication program for performing the authentication,
The authentication program causes the processing unit to
Acquisition means for acquiring feature amount data extracted from the user's biometric information and the user ID of the user for each user;
Generating means for generating a secret key and a public key by public key cryptosystem for each user;
Registration means for associating the user ID and feature amount data acquired by the acquisition means with the private key generated by the generation means in the storage unit for each user;
First transmission means for transmitting, for each user, a public key generated for the user to the external device;
The user ID corresponding to the user who is the authentication target and the feature data extracted from the biometric information of the user who is the authentication target are received from the external device, and the authentication target is used in the storage unit Authentication means for authenticating the user by collating the feature amount data registered in association with the same user ID as the user ID corresponding to the user and the received feature amount data;
Creating means for creating signature data by using a secret key registered in association with the same user ID as the user ID corresponding to the user to be authenticated;
A second transmission means for transmitting the authentication result and the signature data to the external device that is a transmission source of a user ID corresponding to the user to be authenticated;
Secure element characterized by functioning as The secure element according to claim 1,
The acquisition means further acquires a service ID for identifying a service provided by the external device,
The registration unit further registers the service ID in association with the user ID, the feature amount data, and the secret key,
The first transmission means transmits the public key to a program operating on the external device;
The authentication means further receives a service ID of the program from a program operating on the external device, and registers it in the storage unit in association with the same user ID and service ID as the received user ID and service ID. To verify the user by comparing the received feature data and the received feature data,
The creation means creates signature data using a secret key registered in the storage unit in association with the same user ID and service ID as the received user ID and service ID,
The secure element, wherein the second transmission means transmits the authentication result and the signature data to the program that is a transmission source of a user ID corresponding to the user to be authenticated. The secure element according to claim 1 or 2,
The secure element is characterized in that the generating means uses elliptic curve cryptography as the public key cryptosystem. The secure element according to any one of claims 1 to 3,
A secure channel is established for communication between the authentication program and a secure application program executed in an external secure area,
The acquisition means acquires the feature data extracted from the user's biometric information by the secure application program from the secure application program via the secure channel,
The secure element, wherein the authentication means receives feature amount data extracted from the biometric information of a user who is the authentication target by the secure application program from the secure application program via the secure channel.   The UIM card carrying the secure element as described in any one of Claims 1 thru | or 4. An authentication method comprising a processing unit and a storage unit, wherein the processing unit is based on an authentication program for performing the authentication stored in the storage unit in a secure element that transmits a result of user authentication to an external device. There,
For each user, an acquisition step of acquiring feature amount data extracted from the biometric information of the user and a user ID of the user;
For each user, a generating step of generating a secret key and a public key by a public key cryptosystem,
For each user, a registration step in which the user ID and feature amount data acquired by the acquisition step and the secret key generated by the generation unit are associated with each other and stored in the storage unit;
A first transmission step of transmitting, for each user, a public key generated for the user to the external device;
The user ID corresponding to the user who is the authentication target and the feature data extracted from the biometric information of the user who is the authentication target are received from the external device, and the authentication target is used in the storage unit A feature amount data registered in association with the same user ID as the user ID corresponding to the user, and an authentication process for authenticating the user by collating the received feature amount data;
A creation step of creating signature data using a secret key registered in association with the same user ID as the user ID corresponding to the user to be authenticated;
A second transmission step of transmitting the signature data and the signature data to the external device that is a transmission source of a user ID corresponding to the user to be authenticated;
An authentication method comprising: An authentication program for performing the authentication stored in the storage unit in a secure element that includes a processing unit and a storage unit and transmits a result of user authentication to an external device,
The processing unit is
Acquisition means for acquiring feature amount data extracted from the user's biometric information and the user ID of the user for each user;
Generating means for generating a secret key and a public key by public key cryptosystem for each user;
Registration means for associating the user ID and feature amount data acquired by the acquisition means with the private key generated by the generation means in the storage unit for each user;
First transmission means for transmitting, for each user, a public key generated for the user to the external device;
The user ID corresponding to the user who is the authentication target and the feature data extracted from the biometric information of the user who is the authentication target are received from the external device, and the authentication target is used in the storage unit Authentication means for authenticating the user by collating the feature amount data registered in association with the same user ID as the user ID corresponding to the user and the received feature amount data;
Creating means for creating signature data by using a secret key registered in association with the same user ID as the user ID corresponding to the user to be authenticated;
Second transmission means for transmitting the signature data and the signature data to the external device that is a transmission source of a user ID corresponding to the user to be authenticated;
An authentication program characterized by causing it to function as