JP2001052182A - Personal authenticating method and recording medium recording personal authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a convinient authentication environment in which any security hole does not exist, a service providing side can check an authentication system and authentication algorithm is easily updated. SOLUTION: In the system connecting a user side terminal 1 and a center side device 7 through a network 11, when performing personal authentication by using human body information, the user side terminal 1 extracts features from the human body information and transmits data showing the features to the center side device 7 and the center side device 7 performs authentication by using the data and previously registered data. In this case, a program for feature extracting processing in the user side terminal is enciphered and transmitted to the user side terminal by the center side device. Besides, the data showing the features are scrambled and transmitted to the center side device by the user side terminal. As human body information, a fingerprint or handwriting can be used.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a personal authentication method and apparatus, and more particularly, to a method and apparatus for performing authentication using physical characteristic information obtained from a sensor.

[0002]

2. Description of the Related Art Prior to describing a conventional personal authentication method, security assurance in a service via a communication network will be described first. As a means of ensuring security, public key encryption (PKI);
nfrastructure) has been well known. FIG.
FIG. 14 is a diagram for explaining an outline of the method and a problem.

In communication between site A and site B, site B is a service providing side, specifically, a bank, a credit company, a content providing company, or the like. site
A is the person who receives the service, specifically, a bank automatic teller machine, a terminal at a credit store, or a personal terminal.
Here, the service provider needs to confirm whether the user at site A is the user himself or herself.

In the conventional public key cryptosystem, first, before starting communication, a user issues a certificate issuance request to site B, and site B issues a certificate. Specifically, for the public key selected by the user, site B issues a private key for the user at site A and delivers it to the user, for example, by mail. The processing in the communication is as follows.

[0005] The user transmits the public key of the certificate as a communication request from site A (step 1). site
B generates a random number (step 2) and sends it to site A (step 3). The user encrypts the random number using his or her private key and transmits it to site B (step 4). Site B decrypts the data using the user's public key (step 5). Site B checks the random number transmitted to site A and the random number obtained by decrypting the code, and if they match, authenticates the user as the user (step 6).

In this process, if a person other than the user cannot use the secret key, the random number is always sent from the user, so that the site B can authenticate the user. Here, since the secret key is difficult to memorize as the number of digits increases, the user usually stores the secret key in a storage device of site A (a personal computer or the like) and manages it. But in this case,
A problem arises that a person other than the user may have a chance to see the secret key. If the private key is seen, the threat of receiving a service arises as a third party impersonating a legitimate user.

In order to prevent a third party from accessing the storage device at the site A, a method of locking the storage area using, for example, a password is used. However, there is a threat that passwords can be stolen. Also, since the system administrator of Site A can know the password,
There is a threat of plagiarism as well. In other words, the public key cryptosystem is excellent in security measures between site B and site A, but the security between the user and site A is insufficient, and there is a security hole here.

[0008] In order to compensate for this, attempts have been made for personal authentication using human body information such as fingerprints instead of passwords. One of the personal authentication methods that have been studied so far
One known method is to use a card with a fingerprint authentication sensor called an all-in-one card. In this card, a fingerprint input sensor is incorporated in a thin card. When a user touches the sensor with a finger, the image is stored in a temporary storage device in the card, and feature extraction is performed by image processing. The feature is collated with a fingerprint feature collected from the user in advance in the same manner, and it is determined whether or not they match. The authentication result is output from the card. According to this method, since the fingerprint is a characteristic of the individual's body and differs from individual to individual, the threat of being stolen as soon as it is seen like a password is eliminated. When this method is combined with the conventional public key encryption method, the problem of the security hole seems to be solved at a glance.

[0009]

However, the above method has several problems. The first problem is a threat at the interface between the card and the personal computer. That is,
Since access to the area where the secret key is stored depends on 1-bit information output from the card indicating whether or not the user has been authenticated, there is a threat that a signal is stolen between the card and the personal computer (interface). . If this interface information is stolen, it is possible for a third party to impersonate the user.

[0010] The second problem is a threat that a secret key is stolen directly from a personal computer. That is, since there are persons who can access the storage area of the secret key, such as a system administrator of the personal computer, there is a possibility that the secret key is stolen through these persons. This is a problem that cannot be solved simply by changing the password to fingerprint input. A third problem is the problem of the authentication accuracy evaluation depending on the card manufacturer. That is, the authentication is closed within the card, and the reliability of the authentication depends on the card manufacturer. However, originally, it is desirable that the service provider determines the authentication accuracy in consideration of the risk of the service. For example, in a bank automatic payment service or the like, there may be a case where it is desired to control the accuracy of personal authentication according to the amount of withdrawal of a deposit. In the case of expensive withdrawals, the accuracy of personal identification is high, and in the case of low-cost withdrawals, ease of use is prioritized.

[0011] In some cases, the service provider wants to check (evaluate) the reliability of authentication by itself or by a third party, but it is difficult to evaluate the accuracy because the authentication is performed entirely in a card. That is, there is a problem that it is difficult to evaluate an authentication algorithm or to compare it with another algorithm. The fourth problem is the threat of content decryption due to terminal theft. In the case of the conventional method of performing fingerprint authentication on the site A side, there is a threat that the authentication device (terminal) of the site A is stolen by a third party, the authentication program is decrypted, and the contents are illegally rewritten or copied. . Such a threat is actually occurring in card-type public telephones and card-type pachinko machines. Although these devices are not intended for personal authentication, they write secret information such as fee information on a card and perform usage fee processing. Once the device is stolen and the process inside is decrypted, a large number of counterfeit cards are issued, which can be a social problem.

The fifth problem is a problem of upgrading the authentication algorithm. Although related to the second and fourth issues, if the authentication algorithm is decrypted by a third party or a similar authentication device (terminal or authentication card) is forged, the service provider immediately prompts the individual. I want to change the authentication method, but updating the software to each site A terminal requires a lot of effort. Furthermore, if the authentication device is composed of hardware called a card, the authentication algorithm must be updated and the card itself must be changed. The card distributed to the user is collected and a new authentication card is distributed. The labor and cost for doing so are extremely enormous.

[0013] The sixth problem is the problem of ease of use of authentication. From the viewpoint of improving the convenience of the user and the serviceability of the service providing side, it is desirable that the personal authentication method can be selected from a plurality of personal authentication methods if predetermined reliability is ensured.
Although a modality selection function is desired for a future personal authentication system, there has been no personal authentication method having such flexibility in the past.

The present invention has been made in view of the above points. It has the following objectives: First, a first object is to realize personal authentication of a user without a security hole in a communication environment. That is, in the communication environment between the site A and the site B, the user and the site
There is a security hole between A and A, but in the present invention, this is eliminated, and reliable authentication between the user and site B is realized.

A second object is to enable the service provider to check the authentication accuracy. That is, an environment in which authentication processing based on human body information is closed from the service provider side as in the related art, for example, an environment in which the service provider can evaluate, rather than realizing the site A or a card owned by the user, etc. Is realized. A third purpose is to facilitate updating of the authentication algorithm. That is, if there is a threat such as decryption by a third party in the authentication algorithm,
Alternatively, an environment is provided in which the authentication algorithm can be immediately updated when, for example, it is desired to make the authentication more flexible due to a service change.

A fourth object is to make authentication easier to use. That is, a plurality of pieces of human body information can be selected on the premise that predetermined authentication reliability is secured from the viewpoint of improving the convenience of the user and the serviceability of the service providing side.

[0017]

To achieve the above object, the present invention is configured as follows. The present invention relates to a personal authentication method for performing personal authentication using human body information in a system in which a user terminal and a center device are connected via a network, wherein the processing means for performing personal authentication comprises at least one processing means. The set is divided into a pre-process and a post-process, and the boundary between the pre-process and the post-process is configured to be adaptively fluctuable. In the personal authentication process, the user-side terminal The human body information is input by the human body information input means (BioIN), and the preprocess processing is performed by the preprocess processing means (ProFow) using the information from the human body information input means (BioIN) as input. Is transmitted to the center-side device, and the center-side device transmits the feature data (Ka
z) is input, post-process processing is performed by the post-process processing means (ProLat), and the user verification data (Aki) generated by the post-process processing means (ProLat) is determined using the determination processing means (ProCOM). It is determined whether or not the user is the principal by comparing with user registration data (AKI) registered in advance.

In the above arrangement, the characteristic data (Kaz) at the boundary between the at least one set of the pre-process and the post-process.
), The center device includes a new pre-process processing means (new ProFow) and a new post-process processing means (new ProLow).
at) and the new pre-process processing means (new ProF
ow) to the user side terminal, and the user side terminal
The new front-end processing means (new ProFow) is used to generate new characteristic data (new Kaz) different from the previous one,
The user verification data (Aki) can also be generated using the new feature data (new Kaz) as input and using the new post-process processing means (new ProLat).

Further, in the above-mentioned configuration, the present invention relates to the above-mentioned center-side device, wherein the center-side device is adapted to execute the pre-process processing means with respect to the adaptive variation of the characteristic data (Kaz) at the boundary between the at least one set of pre-process and the post-process. Data conversion means (SXPro, etc.) that performs data conversion such as scrambling on the feature data (Kaz) by linking to (ProFow)
And linked to the post-process processing means (ProLat) to obtain the characteristic data (Kaz ^-1 ) to which the data conversion has been applied.
, And as a set, data decryption calculation means (SXPro- ¹ etc.) for calculating user collation data (Aki) are generated as a set, and the data conversion means (SXPro etc.) is transmitted to the user side terminal, The user side terminal links the data conversion means (SXPro etc.) to the pre-process processing means (ProFow) to generate new characteristic data (new Kaz) different from the previous time, and the center side apparatus With the new feature data (new Kaz) as input, the post-process processing means (ProLat) is operated by the processing means linked with the data decryption calculation means (SXPro- ¹ etc.) to generate user verification data (Aki). You may do so.

Further, in the above configuration, with respect to the storage of the user registration data (AKI), the center-side device is provided with an encryption means (such as ProProj) for mapping conversion of the user registration data (AKI) and mapping. Decryption means such as decryption (ProP
roj- ¹ etc.) as a set, and the encryption means (ProProj
), The encrypted data (AKI ^-1 ) obtained by performing mapping conversion etc. on the user registration data (AKI) is transmitted to the user side terminal, and the encrypted data (AKI ^-1 etc.) After confirming that the user registration data (AKI) has been transmitted to the center side, the user registration data (AKI) is deleted from the center side recording medium, and the user side terminal transmits the encrypted user registration data transmitted from the center side device. The data (AKI- ¹ etc.) is recorded on a recording medium, and the user terminal transmits the encrypted user registration data to the center device with respect to the use of the user registration data (AKI) at the time of personal authentication. (AKI- ^1, etc.), and the center-side device decrypts the encrypted data (AKI- ^1, etc.) for the mapping conversion, etc., using encryption means for mapping, etc. (ProProj- ¹ etc.). After the user registration data (AKI) is obtained, it is compared with the user verification data (Aki) using the determination processing means (ProCOM). You may do it.

Further, regarding the storage of the user registration data (AKI), the user side terminal is provided with encryption means (ProProj, etc.) for mapping conversion of the user registration data (AKI) and encryption for mapping decoding. A set of decryption means (ProProj- ^1, etc.) is prepared, and the encryption means (ProProj, etc.) is transmitted to the center device. The center device receives the encryption means (ProProj-1).
Etc.), storing encrypted data (AKI- ^1, etc.) obtained by performing mapping conversion or the like on the user registration data (AKI), and erasing the user registration data (AKI). Regarding the use of the user registration data (AKI) at the time of personal authentication, the user side terminal transmits the decryption means (ProProj- ^1, etc.) to the center side device, and the center side device
The encrypted user registration data (AKI- ¹ or the like) is decrypted by using the decryption means (ProProj- ¹ or the like), and the user registration data (AKI) is obtained. )
Can be compared with the user collation data (Aki).

Further, in the above configuration, the set of the encryption means such as the mapping conversion (ProProj etc.) and the decryption means such as the mapping decryption (ProProj- ¹ etc.) can be updated as necessary. May be recorded as a program (ProSET). In the above configuration, transmission of various processing means from the center-side device to the user-side terminal and transmission of characteristic data (Kaz) indicating characteristics of the user from the user-side terminal to the center-side device The center device transmits the pre-process processing means (ProFow) to the user terminal using the public key Pk (siteA) of the user terminal, and the user terminal Secret key Sk (si
Using teA), take out the pretreatment means (ProFow),
By operating the pre-process processing means (ProFow), the characteristic data (Kaz) is calculated, the characteristic data (Kaz) is encrypted using the secret key Sk (siteA), and transmitted to the center-side device. Then, the center device receives the public key Pk (si
Using teA), the feature data (Kaz) can be extracted and the post-process can be performed.

[0023] In the above configuration, the user terminal uses the password PW of the user UA as a key and a secret key Sk (si
teA) is stored and managed in a folder on the user side terminal, and the user UA inputs the password PW, so that the secret key Sk (si
teA) may be made available. Further, in the above configuration, the human body information input means (BioIN) for inputting the human body information of the user UA is a card type fingerprint input device, which stores a fingerprint image and sends the fingerprint image to the user side terminal. The pre-process processing means (ProFow) possessed by the user terminal has a function of transmitting an image and is a feature element disclosure program, and the user feature element Kaz calculated by the program is a Ridge direction field vector, the post-processing means (ProLat) held by the center-side device
Is an authentication data generation secret program, and the user registration data (AKI) and the user verification data (Aki) calculated by the program may be numerically converted multidimensional vectors.

Further, in the above configuration, with respect to the division of at least one set of the pre-process and the post-process of the processing means for performing the personal authentication, each processing means is divided into a plurality of n (n is a natural number) sets. The client-side terminal transmits a first pre-process result to the center-side device, and the center-side device
Performing the first post-process using the processing result as input, transmitting the result to the user side terminal, and performing the n-th pre-process using the result as input, The result may be transmitted to the center-side device, and the center-side device may execute the n-th post-process using the result as an input to calculate the user verification data.

As described above, according to the present invention, the personal authentication process is divided into processing on the terminal side and processing on the center side, and data indicating characteristics is transmitted from the terminal side. In this case, the amount of data transmission can be reduced as compared with the case where the authentication result is transmitted, and higher security can be obtained than when the authentication result is transmitted. Further, it is possible to further enhance security by encrypting or scrambling the transmission data. In addition, the service provider can check the authentication accuracy. In addition, the registration data can be stored in the user terminal, thereby further improving security and convenience for the user.

Further, the center-side device can send an optimum program to the terminal side, and can easily update the authentication algorithm. Further, there is no security hole between the user and the user terminal, and reliable authentication can be performed. In order to achieve the above object, the present invention can be configured as follows.

The present invention relates to a personal authentication processing system for performing personal authentication using human body information in which a user terminal and a center apparatus are connected via a network. A recording medium on which a personal authentication program to be functioned as an apparatus is recorded, wherein the means for performing the personal authentication processing is divided into a pre-process and a post-process, and the boundary between the pre-process and the post-process varies adaptively. The user-side terminal has a pre-process processing means for performing the pre-process, and the personal authentication program is characterized in that the user-side terminal has characteristics of human body information generated by the pre-process. Post-process processing means for performing post-process processing using the data (Kaz) as input, and user collation data (Aki) generated by the post-process processing means as pre-registered user registration data (AKI And a determination processing means for determining whether or not the person (ProCOM) by comparison with.

[0028] In the above configuration, regarding the adaptive variation of the characteristic data (Kaz) at the boundary between the pre-process and the post-process, the personal authentication program includes a new pre-process processing means (new ProFow) and the user side. Means for generating a set of new post-process processing means (new ProLat) for processing in the terminal, means for transmitting the new pre-process processing means (new ProFow) to the user side terminal, The terminal receives the new feature data (new Kaz) generated using the new pre-process processing means (new ProFow) as input, and inputs the new post-process processing means (new ProLaw).
means for generating the user collation data (Aki) using (t).

[0029] In the above configuration, the personal authentication program may include a scramble unit (SXPro) for scrambling the characteristic data (Kaz) by linking to the pre-process processing unit (ProFow); Linking to the processing means (ProLat), the scrambled feature data (Kaz ^-1 ) is used as an input to calculate user verification data (Aki) (SX)
Pro- ¹ ) as a set, and means for transmitting the scrambling means (SXPro) to the user terminal.
A process in which the user side terminal inputs the new feature data (new Kaz) generated using the scramble means (SXPro) and links the calculation means (SXPro ^-1 ) to the post-process processing means (ProLat) Activate the user verification data (Ak
i).

[0030] In the above configuration, regarding the storage of the user registration data (AKI), the personal authentication program includes a mapping conversion means (ProP) for the user registration data (AKI).
means for providing mapping decrypting means (ProProj ^-1) as a set and Roj), using該写image converting means (ProProj), mapping transform data (AKI subjected to mapping converted into the user registration data (AKI) ^{- 1} ) means for transmitting to the user side terminal, and after confirming that the mapping conversion data (AKI ^-1 ) has been normally transmitted, deletes the user registration data (AKI) from the center side recording medium. Means and the mapping decoding means (ProProj ^-1 ) when user registration data (AKI) is used at the time of personal authentication.
Means for decrypting the mapping conversion data (AKI ^-1 ) transmitted by the user side terminal, and user registration data (AKI) obtained by decryption, and then using the determination processing means (ProCOM). It is also possible to have means for comparing the user collation data (Aki) with the user registration data (AKI).

Further, in the above configuration, the human body information is a fingerprint, and the pre-process processing means (ProFow) held by the user terminal is a feature element disclosure program, which is calculated by the program. The feature data (Ka
z) is a ridge direction field vector of the fingerprint, and the post-processing means (ProLat) is an authentication data generation secret program, and user registration data (AKI) calculated by the program and user The collation data (Aki)
It may be a multidimensional vector that has been numerically converted.

The personal authentication method of the present invention can be executed by installing the program recorded on the recording medium into a computer. In order to achieve the above object, the present invention can be further configured as follows. The present invention is directed to a personal authentication processing system in which a user terminal and a center apparatus are connected via a network and performs personal authentication using human body information, wherein a computer is used as the user terminal for performing the personal authentication processing. A recording medium on which a personal authentication program to be operated is recorded, wherein the means for performing the personal authentication process is divided into a pre-process and a post-process, and a boundary between the pre-process and the post-process is configured to be adaptively variable. The personal authentication program has a pre-process processing means for performing the pre-process processing, and the pre-process processing means includes a human body information input means (BioI
N) performs pre-process processing using the human body information as input, generates characteristic data (Kaz) indicating the characteristics of the user, and transmits the characteristic data (Kaz) to the center-side device. Feature data (Kaz) and user registration data (AK
Use I) to determine if the person is the person.

[0033] In the above configuration, regarding the adaptive fluctuation of the characteristic data (Kaz) at the boundary between the pre-process and the post-process, the personal authentication program executes the new pre-process processing means (new ProFow) may be used to generate new feature data (new Kaz) different from the previous time. In the above configuration, regarding the storage of the user registration data (AKI), the personal authentication program includes a mapping conversion unit (ProProj) and a mapping decoding unit (ProProj ⁻¹ ) for the user registration data (AKI). A set for transmitting the mapping conversion means (ProProj) to the center-side device, wherein the center-side device uses the mapping conversion means (ProProj) to perform mapping conversion on the AKI. Store the converted data (AKI- ¹ ),
The user registration data (AKI) is erased, and the personal authentication program further transmits the mapping decoding means (Pr) to the center-side device when the user registration data (AKI) is used for personal authentication.
oProj ^-1 ), and the center-side device uses the mapping decoding means (ProProj ^-1 ) to convert the mapping conversion data (AKI ^-1 ).
May be decoded.

Further, in the above configuration, the human body information input means (BioIN) for inputting the human body information is a card type fingerprint input device, which stores a fingerprint image and stores the fingerprint image in the user terminal. The pre-process processing means (ProFow) is a feature element disclosure program, and the feature data (Ka
z) may be the ridge field vector of the fingerprint.

The personal authentication method of the present invention can also be executed by installing the program recorded on the above-mentioned recording medium into a computer. Further functions and features of the present invention will be described in detail in embodiments of the present invention with reference to the accompanying drawings.

[0036]

Next, a personal authentication system according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 shows a basic configuration of a personal authentication system according to an embodiment of the present invention. FIG. 1 shows main components, and details will be described in each embodiment.

In this embodiment, the site A includes a processing device 1 such as a personal computer for executing processing according to a predetermined program, and a means for inputting human body information of the user UA BioIN.
Is provided. BioIN is connected to the processing equipment. Further, a monitor 3 for displaying a screen is connected to the processing device 1. The processing apparatus includes a pre-process program ProFow for extracting characteristic elements, a program GUI indicating guide information such as a method of acquiring bio data on the monitor 3, and a communication unit 5 for communicating with other apparatuses. In addition,
BioIN, ProFow and the like are symbols indicating each component, and hereinafter, the component may be referred to only by the symbol. The same applies to the elements newly described below.

As an example of BioIN, there is a fingerprint input sensor. Fingerprint detection methods include optical and capacitance methods, such as 300x300 pixels, 8-bit gradation, 500dpi
A fingerprint image with about the same performance is output. ProFow, GUI
May be transmitted from Site B, or recorded on CD-ROM or floppy disk, and mailed to Site A.
You may install it.

The site B is provided with a processing device 7 such as a computer for executing processing according to a predetermined program. The processing device 7 may be referred to as a center device or an authentication server. The processing device 7 has a service providing site
A biometric registration data AKI or authentication data Ak
A post-process program ProLat for calculating i and an authentication data comparison program ProCom for comparing AKI and Aki are provided. It also has a communication means 9 for communicating with the processing device 1 at site A via the network 11.

The outline of the operation is as follows. The detailed operation will be described later. When the service request Req is sent from site A to site B by the operation of user UA, site B
Instructs the user to put a finger on the sensor through the screen of site A. Specifically, when the GUI program is operated, the type and direction of the finger placed on the sensor are instructed in the form of dialogue with the user. A finger image can be obtained by placing a finger as instructed. Site A is a characteristic element
Extract Kaz and transmit to Site B. As a transmission method, for example, a method in which the site A has a public key and a secret key based on a public key cryptosystem in advance, and the characteristic element Kaz is encrypted using the secret key and transmitted is considered. Regarding the management of the secret key, a method is conceivable in which a folder for storing the secret key is provided in the site A, and the password PW is used as a storage key for opening and closing this folder. In other words, the user is a GU
I After placing your finger on the sensor according to the program instructions,
The secret key is taken out by inputting the PW, encrypted using this secret key, and transmitted to site B.

When site B receives the encrypted Kaz, it decrypts it using the public key to obtain Kaz. next
The post-process program ProLat is operated with Kaz as input, and the authentication data Aki is calculated with the characteristic element Kaz as input. The data that has been processed by ProLat is referred to as authentication data Aki in the sense that it is data that allows user authentication.

The authentication data Aki is compared with the bio authentication registration data AKI calculated in a similar manner prior to the communication. This program is the authentication data comparison program ProC
OM. A specific processing example of ProCOM is threshold processing. If Aki satisfies a predetermined threshold condition as compared with AKI, the user UA is authenticated as the user, and if not, authentication is not performed.

Next, the function of ProFow for performing characteristic element extraction processing among the above-mentioned constituent elements will be described in more detail.
The output from the fingerprint input sensor is taken into a processing device such as a personal computer, where noise removal processing and thinning processing of the fingerprint image are performed as image processing, and small block division processing and small block processing are performed as feature element extraction processing. , A ridge vector detection process in a small block, and the like. Here, a cut / branch point map in a small block (this is called a minutia), or
The ridge vector in the small block is called a user feature element Kaz.

FIG. 2 shows an example where Kaz is a ridge vector. If 300x300 pixels are divided into blocks of 10x10 pixels, 30x30 small blocks can be created. Since it is not known where the finger touches the sensor, first, after capturing the image, rough alignment is performed (translation and rotation). For position alignment, the error minimization method using shifted matching, or
Matching of minutiae information may be used. After alignment, fingerprint ridges are detected for each small block,
If the direction is represented by 4 bits, for example, in 16 directions, Ka
z is a 900-dimensional (4 bits for each dimension) vector as shown in FIG.

Even if the position of the finger is roughly adjusted, the ridge vector changes depending on the timing at which the finger is put on the sensor, the pressing pressure, the elasticity of the skin, and the like. In other words, each individual has a characteristic with a certain fluctuation. Next, calculation processing for obtaining the authentication data Aki by the post-processing program ProLat will be described. As a calculation to obtain Aki from Kaz, variable conversion and expansion to different dimension feature space can be considered.

First, a specific example of variable conversion will be described below. It is assumed that a ridge vector is obtained as shown in FIG.
Each dimension indicates the directionality of the fingerprint, but is a discrete value.
FIG. 4A illustrates the concept of calculating the sum of two fingerprint ridges. Here, the fingerprint may be detected clearly or blurred. When the upper ridge is blurred and not clear, the sum of the two fingerprint ridges is calculated as shown in FIG.
The vector becomes larger in the right rotation than in the case of (a). The portion that is easy to shave may be common to individuals or may be closed within the individual.

In either case, conversion is possible if the tendency is known. Specifically, if the bias of the direction to be taken in a certain vector dimension is known (if statistically obtained), the discrete value can be changed by multiplying by this coefficient. Such processing must be performed on the basis of a large database of fingerprints, and is easy to perform on the site B server.

Next, a specific example of expansion into a different-dimensional feature space will be described. For each dimension (or a predetermined partial dimension sequence) of the ridge vector, the reliability may be different. If the fingerprint is clearly detected and its direction is stable, the discrete value in that direction can be said to be high.However, if a plurality of ridges are mixed in the partial small block of the sensor and the line is not clear, It can be said that the reliability of the discrete value of the direction is low.

Therefore, the reliability may be obtained for each block as described above, and the matching processing may be performed by multiplying the detected ridge vector by the reliability. Since the feature space multiplied by the reliability is distorted with respect to the feature space multiplied by the reliability, it can be said that it is a kind of different-dimensional feature space. Furthermore, when there are a plurality of sensors and different characteristics can be obtained from each sensor, this integration process is also performed by the post-process program ProLat. The details will be described later.

Among the series of processing in the personal authentication system of the present invention, there are "a; image input processing", "a; noise removal processing", "c; thinning processing", "d; ridge extraction processing" and "e". Ridge block processing (ridge vector extraction processing) "F; Ridge end point / branch point extraction processing (minutiae extraction processing)"
"G: Feature data scramble processing""G: Feature data scramble decoding processing""G: Feature data weighting processing""K: Multiple feature integration processing""S: User verification data generation processing""S: Registration data verification Data comparison determination process ". In the present invention, not only the pre-process up to “G” and the post-process from “C”, but also “A, C,
"O, Ki, Ke, Sa" in the previous process, "I, D, Ka, Ku, Ko,
It is also possible to carry out the process "S". Other combinations are also possible. The term “adaptably dividable” includes such a division.

Next, the operation of the personal authentication system will be described.
Three embodiments will be described with reference to the drawings. First, a user registration process performed prior to the start of communication in the first embodiment will be described with reference to the flowchart of FIG. A request for certificate issuance from the user UA who uses Site A,
That is, when there is a public key certification request (step 0-
1) Site B generates a secret key for site A (step 1-1), and sends the information to site A as a certificate issuance (step 2). Up to this point, the authentication method is the same as the conventional authentication method using the public key encryption method.

In the present invention, in order to receive the service, it is necessary to issue a bio certificate. It is performed by the following processing. When site A issues a request for issuing a bio certificate, site B generates a bio certification program. Specifically, a GUI control program ProGUI, a pre-process program ProFow for extracting characteristic elements, a post-process program ProLat for generating authentication data, and an authentication data comparison program ProCOM are generated (step 1-2).

ProGUI and ProFow communicate with the public key Pk (s
iteA) and transmitted from site B to site A (step 3). Site A decrypts this using the secret key Sk (siteA) and extracts ProGUI and ProFow (step 5). Here, regarding the use of the secret key Sk (siteA),
The password PW may be used together (step 4). ProGUI
Is installed in the site A and instructs the user UA to input a fingerprint or the like in an interactive manner with the screen (step 6).
Subsequently, ProFow performs a feature element extraction process (step 7).

Specifically, when the finger is put on the sensor (step 7-1), the sensor acquires the fingerprint image FIN-Ima (step 7).
-2) Transmit to the processing device at site A. Next, the feature element extraction program ProFow is activated (7-3), and the resulting user feature element Kaz ₀ is extracted (step 7-).
4). Here, ₀ in the symbol Kaz ₀ means the time of registration, that is, the first time.

FIG. 5 shows the information amount as a specific example of Kaz ₀ . The raw data is 300K300 pixels and 90KByte, the direction field vector of the ridge is 5KByte, and the minutiae information which collects the bifurcation and end points of the fingerprint pattern is about 300Byte.
All of these are feasible. Here, a ridge direction field vector is mainly considered as a specific example of Kaz ₀ . In the case of the same vector, since there are usually more than 1000 dimensions, it is thought that it changes each time a finger is pressed. The details of the characteristic element extraction processing will be described later.

Subsequently, Kaz ₀ is encrypted with the secret key Sk (siteA) and transmitted to site B (step 8-1). This means that it is transmitted to site B with the signature of the site A user. At site B, the public key Pk (sit
Kaz ₀ is obtained using eA) (step 8-2). site
It can be seen that B was transmitted from A with certainty. Next, operate the process program ProLat after for authentication data generation, it calculates the authentication registration data AKI ₀ (step 10).
Then, AKI ₀ locks and stores it at site B (step 20).

Next, processing during communication in the first embodiment will be described with reference to FIG. Upon receiving a service request from the user UA (step 1), site B requests password input and fingerprint input. Thereafter, Kaz _m (meaning the m-th Kaz) is calculated, encrypted, transmitted to site B, and encrypted at site B by the processing of steps 4 to 8-2 similar to the user registration process. And get Kaz _m . Next, operate the process program PloLat after for authentication data generation, it calculates the authentication data Aki _m (step 10). Then, removed AKI ₀ from safe (step 11), actuates the ProCom, Aki _m and AK
Comparing I _0, Aki _m authenticates if the allowable range of AKI ₀ (step 12).

Here, regarding the storage of AKI ₀ , if there is a psychological resistance to being stored at site B, data AKI ₀ ^-1 obtained by encrypting AKI ₀ with the secret key of site B is stored in site B.
A is encrypted with A's public key, transmitted to Site A, and Site A
Then, solve this with the secret key of Site A, and set AKI ₀ ^-1
It may be stored in A. When using AKI ₀ on Site B,
From Site B Site A, asked to transmit the AKI ₀ ^-1, is solved by the private key of the site B, it may be used to play the AKI _0.

After the identity of the user has been confirmed, the site B
Encrypts the content using the public key Pk (siteA) of site A and transmits it to site A (step 30). Further, at the site A, the contents can be obtained by decrypting the data using the secret key Sk (siteA) (step 3).
1). Next, a second embodiment will be described. The second embodiment is an embodiment of the invention for preventing the characteristic element Kaz of the user UA from being stolen by a third party at the site A. In the process of calculating the Kaz at the site A, the site A Kaz is scrambled so that it can be decrypted only by B's scramble decryption program.

In order to prevent the third party at site B from easily reading the AKI calculated at site B, the AKI is mapped and transmitted to site A, and the converted AKI is converted to site A. Store in. Here, the mapping conversion means, for example, when there is an n-dimensional feature space, makes the feature data meaningless by multiplying each dimension by a coefficient such as a random number. In addition, mapping decoding includes a method of dividing by a multiplied random number and returning to the original state.

In addition, encryption and decryption (or decryption) mean that the feature codes of each dimension are further protected by a common key cryptosystem, a public key cryptosystem, or the like. A user registration process according to the second embodiment will be described with reference to FIG. Hereinafter, only different points from FIG. 5 will be described. In the figure, it is shown by a lower double line. When site A issues a request for issuing a bio-certificate to site B (step 0-1), site B, together with the feature element extraction program ProFow, links to ProFow and a scramble program SXPro that scrambles the Kaz permutation. Decrypt this scramble, Kaz
Generate a SXPro- ¹ scramble decryption program to restore Furthermore, along with the authentication data generation program ProLat,
A mapping conversion program ProProj that makes it impossible to easily decipher the AKI by linking to the ProLat, a program ProProj- ¹ that deciphers this mapping, and a program ProCom that compares authentication data are generated (step 1-2). Site A sends a ProFow
And SXPro are transmitted. The two programs are linked and the scrambled Kaz is calculated.

In the figure (step 7), when the user inputs a fingerprint, scrambled Kaz _{0, n} ^-1 is calculated by ProFow and SXPro (step 7-5).
Here, n indicates SXPro transmitted at the nth time. Here, ProFow does not change frequently because it is the first half of the program directly related to the fingerprint authentication algorithm that calculates Kaz. On the other hand, since SXPro is a scramble function of Kaz and is not directly related to the authentication algorithm, it changes frequently. For example, it may be changed every time an authentication request is made.

In step 8-1, Kaz _{0, n} ^-1 is encrypted with the secret key Sk (siteA) of site A and transmitted to site B. This is the site A signed by the user UA of site A
B means that the public key Pk (site
(A) to obtain Kaz _{0, n} ^-1 (step 8-
2). By decrypting using Site A's public key, you can be sure that it was sent from Site A.

In step 9, the user characteristic element Kaz ₀ is restored using the scramble decoding program SXPro _n ^-1 . In step 10, it operates the authentication data generation program (private) ProLat, calculates the authentication registration data AKI _0. In step 11, using a mapping transform program ProProj _n of n-th, to calculate the mapping AKI _{0, n} ^-1 of AKI _0. Since different mapping data is used each time, it is difficult to forge regardless of whether the data is stored in site A or B.

Here, ProLat is operated to calculate AKI ₀ ,
Using this result as input for ProProj _n , instead of calculating AkI0, n-1, linking ProLat and ProProj _n , and inputting Kaz ₀ to this, directly calculating AKI _{0, n} ^-1 May be used. In step 12, AKI _{0, n} ^-1 is encrypted with the public key Pk (siteA) of site A and transmitted to site A. By using the public key, the encrypted data cannot be decrypted by anyone other than the user UA of the site A, and thus can be reliably sent to the site A. In step 13, decryption is performed with the secret key Sk (siteA), and AKI _{0, n} ^-1 is calculated.
In step 14, for the next processing during communication shown in FIG. 8, n is replaced with n-1 and AKI _{0, n-1} ^{-1 is changed} to site A.
Store (accumulate).

In steps 15 to 17, after confirming that AKI _{0, n-1} ^-1 has been securely transmitted from site B to site A, AKI ₀ of site B is deleted. By doing so, AKI ₀ will not remain on Site B or Site A,
Safe against theft. Next, processing during communication in the second embodiment will be described with reference to FIG. Hereinafter, FIG.
Only the parts different from the above will be described.

In step 1, when a service request is issued to site B, site B executes the scramble program SX
Pro _n , a decoding program SXPro _n ^-1 , a mapping conversion program ProProj _n , and a mapping decoding program ProProj _n ^-1 are generated. In steps 7 and 8, when the user presses the m-th finger, Kazm is obtained and scrambled,
Obtain Kazm-1. This and the previously registered authentication registration data AKI _{0, n-1} ^-1 are transmitted to the site B by the public key cryptosystem. Site B solves this in step 8-2 to obtain Kazm-1 and AKI _{0, n-1} ^-1 .

In step 10, using ProLat,
Aki_mIs calculated, and in step 11, the previously used
ProProj, a program for decoding image transformations_n-1 ^-1Using AK
I_{0, n} ^-1AKI as input₀Is calculated. To step 12
Aki using ProCom_mAnd AKI₀Compare with
If Aki_mIs AKI₀If it is within the allowable range, authentication is performed.

[0069] In step 13, using this mapping conversion program ProProj _n, to calculate the mapping AKI _{0, n} ^-1 of AKI _0. This is used as registration data for the next authentication. Here, AKI ₀ may be modified to reflect the value of Aki _m (updated). In this case, AKI ₀ is AKI ₁ . In step 14, transmitted to AKI _0, site _n ^-1 by the public key cryptosystem A, the site A, where n is the n-1, and accumulates as AKI _{0, n-1} ^-1.

At the stage where the user UA has been successfully authenticated,
In (30), the content is transmitted using public key cryptography.
You. Next, a third embodiment will be described. Third fruit
In the embodiment, the authentication registration data AKI₀Site A
It doesn't even have Bit. AKI transformed_{0, n} ^-1The site
B and store the mapping transformation decryption program at Site A.
Owns and provides a mapping conversion decryption program for each authentication
A transmits to Site B, and the program performs mapping conversion.
Decrypt and AKI₀Take out the Aki _mCompare with

Next, a user registration process according to the third embodiment will be described with reference to FIG. Hereinafter, only portions different from FIG. 5 and FIG. 7 will be described. In step 0-2, if there is a bio certificate issuance request, ProF
ow, SXPro _n , SXPro _n ^-1 and authentication data generation program (secret) ProLat, mapping program set generation program ProSET, authentication data comparison program ProC
Generate om.

ProSET is the same as ProProj, Pr described in FIG.
Generate a set of oProj ^-1 . In step 50,
Using ProSET, this mapping conversion program ProProj
_n , generate the next mapping decoding program ProProj _n ^-1 . In step 8-1, Kaz _{0, n} ^-1 and ProProj _n are transmitted using the public key cryptosystem.

[0073] In step 11, using ProProj _n, registered to calculate the mapping AKI _{0, n} ^-1 of AKI _0, in step 12, the n as n-1, the AKI _{0, n-1} ^-1 in Site B store. Next, processing during communication in the third embodiment will be described with reference to FIG. In step 50, Pr
ProProj _n and ProProj _n ^-1 are generated using oSET.
Also, in step 51, the “map decoding program ProPro used this time”
j _n-1 ^-1 ".

In step 11, the AKI stored by using the previous mapping decoding program ProProj _n-1 ^-1
Decode _{0, n-1} ^-1 and calculate AKI ₀ . In step 12, using ProComn, Aki _m is compared with AKI ₀ , and Aki _m
If AKI ₀ is within the permissible range, authenticate. In step 13, using this mapping conversion program ProProj _n,
Calculating a mapping AKI _{0, n} ^-1 of AKI _0.

In step 14, n is set to n-1.
Register AKI _{0, n-1} ^-1 . By steps 15 and 16,
Site A knows that AKI _{0, n-1} ^-1 has been registered with site B. In step 51, n is set to n-1 and ProProj
Store _n-1 ^-1 . In the above description, communication between site A and site B has been described.

However, the present invention is not limited to the configuration including site A and site B. For example, site A and site B
And a third station (certificate authority) may be provided between them. That is, in providing the service, the user performs personal registration (certificate issuance request) at the site C (certificate authority). A program similar to that transmitted from site B to site A in each of the above embodiments, for example, ProFow, SXPro, etc., is transmitted from site C to user A of site A.

Also, from site C to site B,
A program similar to the one generated at Site B, for example
ProLat, SXPro- ¹ and ProCom are transmitted. The subsequent processing may be the flow performed between the site A and the site B in each embodiment, or the calculation and storage of the AKI may be performed at the site C. By making Site C (certificate authority) a highly reliable and neutral institution, a more secure system can be constructed for managing personal characteristic information.

Next, the security of the present invention against various threats as described in the related art will be described. (1) First, security against threats during communication according to the present invention will be described. As described above, in the present invention, various programs for performing authentication processing between sites A and B, Kaz,
Transmit AKI etc. The threat of data being stolen during transmission can be dealt with by using a combination of public key cryptosystems.

For example, when site B wants to reliably transmit the pre-processing program ProFow to site A,
Site B encrypts with site A's public key Sk (siteA) and transmits it to site A. At Site A, your private key Sk (sit
Decrypt this in eA) and get ProFow. Also, if you want to transmit Kaz from Site A to Site B,
A encrypts the data with the secret key Sk (siteA) and transmits it.
Then, decrypt it with the public key Sk (siteA) to obtain it. This allows Site B to know that Kaz has been sent from Site A.

(2) Regarding the security against threats between the user and site A in the present invention, in the case of the authentication method using both the password and the fingerprint, if the fingerprint cannot be authenticated even if the password is stolen, Site B does not authenticate users, so there is little threat. (3) Next, security against threats when the ProFow in the site A terminal is decrypted will be described.

When ProFow is decrypted and copied, an environment in which a ridge vector, which is one of Kaz, can be calculated is created by creating a pseudo terminal and connecting a fingerprint sensor to the pseudo terminal. However, even if someone other than the user presses his finger on the sensor,
Since the calculated Kaz is different from an authorized user, even if this Kaz is transmitted to Site B, Aki is different and authentication is not possible.

(4) The threat that the spoofing may be established by reading Kaz when a finger is pressed by a legitimate user sensor from ProFow in some way and transmitting this to Site B. About Site B
In, the suspiciousness can be detected by detecting the fluctuation of Kaz or detecting the fluctuation of Aki calculated by inputting Kaz.

That is, as described above, when the legitimate user UA presses the finger against the sensor, Kaz or Aki
Has a predetermined fluctuation. It is unlikely that Kaz with several hundred dimensions will be input with exactly the same numerical value. So Kaz and
If the value of Aki is compared with the previous time and an “abnormally high identity” is recognized, a threat of impersonation is detected, and an evasion process can be performed as described later.

(5) Kaz As means for countering the threat of stealing and forgery, as described above, in the present invention, it is possible to scramble the Kaz in the calculation of Kaz. To do this, we use the program SXPro and the program SXPro- ¹ that decodes it. As mentioned above, when Site B tries to authenticate a user, SXPro and SXPr
o Prepare ^-1 set and transmit SXPro to Site A.
Site A links ProFow and SXPro to generate a pre-process program newProFow for extracting new feature elements. The program changes each time there is an authentication request.

Similarly, at site B, SXPro- ¹ and ProLat
To generate a new post-process program newProLat. newProLat calculates Aki or AKI by taking the scrambled Kaz as input. newPro
Fow operates (1) ProFow and outputs its output Kaz
And (2) acting to scramble the
A configuration is possible in which the permutation of Kaz is scrambled while Kaz is calculated in the process of ProFow.

In the former configuration, the link between the two programs is simple, but there is a problem that the scrambling method is easily deciphered. The latter is difficult to forge Kaz unless the scrambling algorithm is completely deciphered.
Site B has half of the scrambled program, so by adopting the configuration of (2), the threat of Kaz counterfeiting at Site A can be avoided.

Next, the threat at the site B will be described. Also on the site B side that provides the service, there is a threat of fraudulent acts in the impersonation of system administrators, employees, etc. Impersonation is the acquisition and forgery of Kaz or AK
Possible by acquisition of I and Aki forgery. this house,
Regarding the acquisition of Kaz, the aforementioned nec
By using wProLat, Kaz does not become the input data of the same program as it is, so it is difficult to read Kaz easily.

The problem is that the authentication data Aki output from the newProLat or the bio-authentication registration data AKI as the data to be verified is stolen. This is because if the AKI is stolen, the same authentication data Aki is forged, and if both are input to ProCOM, the authentication is established. Therefore,
Some users are reluctant to place AKI on the service provider side.

(6) As a countermeasure, there is a method in which the authentication and registration data AKI is managed not at the site B but at the site A after ensuring security. The details are as described above. (7) As another means to avoid the threat of AKI theft, AK
Although the I is stored at the site B, the method of the present invention in which the AKI is mapped (a type of encryption is performed using a key) and the inverse mapping key is stored at the site A is effective.

(8) Next, a description will be given of avoiding means when a threat such as impersonation is detected. Site B, which is the service provider, is in an environment where Kaz and AKI can be managed, so it is possible to detect this fluctuation and estimate impersonation. In the present invention, since the pre-processing of the authentication is performed using the program transmitted to the site A, the threat can be countered by replacing this program. The replacement of the program can be performed without burdening the user by using JAVA or the like.

When a threat such as spoofing is detected by authentication using a certain sensor (for example, fingerprint), it is possible to instruct the user to input other human body information from another sensor using the GUI. it can. Other sensors may include handwriting, voice, facial images, eye irises, and the like. FIGS. 11A to 11D show examples of handwriting as an example.

FIG. 11A is a diagram showing an example of handwriting input tablet output, in which the X axis, the Y axis, and the pen pressure (P axis) are shown.
Is output. FIGS. 11B to 11D show the time t on the horizontal axis.
The vertical axis shows the output when the Y axis, X axis, and pen pressure (P axis) are taken. The output is about 1500 bytes of information, and the handwriting characteristics vary depending on the start position, character size, and speed on the tablet, so the position, character size, and time Needs to be normalized.

Since the position and the size of the character correspond to the values of the X axis and the Y axis, they are normalized by adjusting the width of the maximum and minimum values. The time is normalized so that the time from start to end is constant. The normalized data is compared in advance with authentication registration data similarly obtained from the same user.

FIG. 12 is a comparative example. FIG. 12 (c)
The solid line indicates the authentication registration data AKI, and the broken line indicates the authentication data.
Aki. For comparison between the two, for example, DP matching processing can be performed. As shown in the enlarged view of the square frame in FIG.
The distance between the sample points of the two lines is obtained while sequentially moving the corresponding candidate points, and converged where the sum of the distances is minimized. As a result, a parameter representing the gap between the two lines is obtained. The same processing is performed for the Y axis, X axis, and pen pressure (P axis), and the sum of the error of each axis is obtained.

Since the manner in which the error appears differs for each axis, it is possible to weight an axis having a large difference between individuals. Specifically, when considering the threat of impersonation, it is easy to forge the output of the character form, that is, the output of the Y-axis and the X-axis, but it is difficult to forge the pressure P because it is a hidden feature. Therefore, the authentication may be performed by weighting the features of the P axis.

If the sum of the errors obtained in this way is below a predetermined threshold value, it is verified as a person. When applying the handwriting to the present invention, the pre-process of the program, the division of the post-process can be various, for example, as the processing of ProFow,
Until the signal sequence (Kaz) of Y axis, X axis and pen pressure (P axis) is taken out, normalization,
DP matching processing, error sum processing, threshold processing, and the like can be performed.

Further, the process up to the normalization process is defined as the previous process, and the DP
Matching, error summation processing for each axis, and threshold processing can also be performed in subsequent steps. As described above, multiple biosensors can be used, and in this case, ProL
The at integration process is important, but various integration methods are possible. For example, (1) a method in which the distance between the authentication registration data AKI and the authentication data Aki is calculated in a multidimensional space having various feature elements Kaz as dimensions, and if the distance is within a predetermined threshold, authentication is established. . Specifically, for example, a method of authenticating with m + n dimensions by combining the ridge vector m dimension of the fingerprint and the n-dimension of the X-axis foot + Y-axis + P-axis of the handwriting, (2) the similarity obtained from each sensor ( It is possible to calculate each difference between the registered authentication data and the authentication data, multiply the likelihood of the data by weight, and perform threshold processing.

A program for realizing each of the above-described components can be stored in a recording medium such as a CD-ROM or a floppy disk. The processing of each processing device of the present invention can be performed by installing a program stored in a recording medium into a computer. Further, it is also possible to pre-install the above program on a computer.

The present invention is not limited to the above embodiment, but can be variously modified and applied within the scope of the claims.

[0100]

According to the present invention, the following various effects can be obtained. (1) Fewer security holes and higher security In a personal authentication method using physical characteristics of an individual, the feature of the present invention is that the entire authentication process is performed by, for example, any one of biosensor, site A, site B, etc. Not in one place. That is, the program for personal characteristic extraction is divided into a plurality of programs, and the site A has a pre-process program, which is activated to extract the user's characteristic elements. The feature element is sent to site B. Site B has a post-process program, and performs numerical conversion, normalization, and matching processing with the reference feature of the feature element.

In the present invention, since the authentication processing is divided and the management of the authentication data is devised, the user and the biosensor, the biosensor and the site A, the site A and the site
It is possible to adopt a configuration in which there is no security hole in B, Site B and any part of Site B administrator. Therefore, there is little threat that the algorithm can be easily deciphered if any one of the locations is attacked.

As described above, there is an effect that many of the security hole problems pointed out conventionally can be solved. (2) A series of programs for the pre-process and post-process of the authentication process that can realize the authentication process consistent with the service contents
Since site B can prepare the algorithm, Site B evaluates the algorithm by itself, or has the algorithm evaluated by a public third party such as a certificate authority, and after consenting to itself, part of the site A can be provided. On the service side, there is an effect that an algorithm with authentication accuracy suitable for the service can be selected.

(3) Updating of the authentication method and maintenance are easy. Since the program of the pre-processing step is transmitted from the site B to the site A side, there is a threat of decryption by the third party on the site A side. In such a case, the program can be updated immediately, so that the threat can be eliminated quickly. (4) Improved convenience of authentication A sensor is connected to site A, and a pre-process program for processing the raw data of the sensor and calculating the user characteristic elements is transmitted from site B.

Therefore, the user can connect various sensors to the site A at his / her own discretion, and have the service provider send the preceding process program. Also, when starting the new service, site B can connect the biosensor to site A and transmit its pre-process program to make it available. That is, it is possible to easily expand various biosensors. As more biosensors are available, combinations can be selected.

For example, it is difficult to remember the password, the elderly,
Instead of a password, a fingerprint can be used for a care recipient such as a dementia, a child, or the like. Furthermore, for a person who has a psychological resistance to fingerprints, for example, a combination of a face image, a voice, a handwriting, an iris image of an eye, a password, and the like is provided on the assumption that a desired authentication accuracy is secured. Is possible.

Further, from the service provider side, for example, if the service is currently being implemented with a 4-digit password,
If the user is requesting a service with a higher risk (specifically, a high-value cash withdrawal service), and increasing the number of digits in the password is considered to degrade the service, the password Fingerprint authentication can be performed in addition to the four digits. If four digits of accuracy can be obtained by fingerprint authentication, by combining the two, eight digits of authentication accuracy can be realized, and the service side can provide the service with peace of mind.

(5) Communication cost is low Information transmitted between the user and the service side is a personal characteristic element Kaz and means for scrambling it, authentication registration data AKI and means for mapping and transforming this. Communication costs are lower than when raw data of human body information is sent as it is. (6) Crime Prevention Effect The service providing side or the authentication acting side (certificate authority side) according to the service providing side's intention is in a situation where the personal characteristic element Kaz, the authentication data Aki, and the like can be known. The feature of the biometrics information is that there is fluctuation. For example,
In the case of a fingerprint, even the same person slightly changes depending on the force, timing, and the like of applying a finger to the sensor. Since this fluctuation is reflected in Kaz and Aki, the service provider that detects this can grasp this fluctuation.

When performing authentication by biometrics, as a threat of fraud by impersonation, it is conceivable to take a fingerprint and bring it close to the sensor. In this case, no fluctuation occurs because the living body does not directly touch the sensor, or
The fluctuation is different from that of a living body. Therefore, by detecting this fluctuation, it is possible to estimate use by impersonation. If a suspicion such as spoofing is found, countermeasures such as changing from fingerprints to other biometrics such as handwriting and voice are possible, and the security is high.

When a suspicious individual is estimated, a crime prevention effect can be expected by switching to using a face image or using voice. In other words, when the face image or the voice information is used, the suspicious individual becomes more likely to carry out a criminal investigation, and thus has a risk of a crime, which is considered to be effective in avoiding impersonation.

[Brief description of the drawings]

FIG. 1 is a diagram showing a basic configuration of a personal authentication system according to the present invention.

FIG. 2 is a diagram showing an example of extraction when a feature element of a fingerprint is a ridge vector.

FIG. 3 is a diagram illustrating an example of a ridge vector.

FIG. 4 is a diagram showing a concept of calculating a sum of two fingerprint ridges.

FIG. 5 is a diagram illustrating a user registration process according to the first embodiment.

FIG. 6 is a diagram illustrating processing during communication in the first embodiment.

FIG. 7 is a diagram illustrating a user registration process according to the second embodiment.

FIG. 8 is a diagram illustrating processing during communication in the second embodiment.

FIG. 9 is a diagram illustrating a user registration process according to the third embodiment.

FIG. 10 is a diagram illustrating a process during communication in the third embodiment.

FIG. 11 is a diagram illustrating a case where handwriting is used as human body information.

FIG. 12 is a diagram for explaining a comparison method when handwriting is used as human body information.

FIG. 13 is a diagram for explaining a public key cryptosystem in a conventional technique.

FIG. 14 is a diagram for explaining a public key cryptosystem in a conventional technique.

[Explanation of symbols]

 1, 7 processing unit 3 monitor 5, 9 communication means 11 network

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Toru Wakahara 2-3-1 Otemachi, Chiyoda-ku, Tokyo Within Nippon Telegraph and Telephone Corporation (72) Inventor Masafumi Tonami 2--3, Otemachi, Chiyoda-ku, Tokyo No. 1 Nippon Telegraph and Telephone Corporation (72) Inventor Horioka Riki 2-3-1 Otemachi, Chiyoda-ku, Tokyo Nippon Telegraph and Telephone Corporation (72) Inventor Yoshiyoshi Yamanaka Otemachi, Chiyoda-ku, Tokyo (3-1) Nippon Telegraph and Telephone Co., Ltd. (72) Inventor Kiyoto Tanaka 2-3-1, Otemachi, Chiyoda-ku, Tokyo Nippon Telegraph and Telephone Co., Ltd. (72) Inventor Naohisa Komatsu Kokubunji, Tokyo 1-26-24 Hikarimachi F-term (reference) 5B043 AA09 BA01 BA02 BA05 BA06 CA09 FA02 FA07 GA17 5B085 AE23 AE25 AE26 AE29

Claims (19)

[Claims] 1. A personal authentication method for performing personal authentication using human body information in a system in which a user terminal and a center device are connected via a network, wherein the processing means for performing personal authentication includes at least The user terminal is divided into a set of a pre-process and a post-process, and the boundary between the pre-process and the post-process is configured to be adaptively fluctuable. The human body information is input by the human body information input means, the pre-process processing is performed by the pre-process processing means using the information from the human body information input means as input, and the characteristic indicating the characteristic of the user generated by the pre-process processing means The center-side device transmits the data to the center-side device, performs the post-process processing by the post-process processing means using the characteristic data as input, and outputs the user verification data generated by the post-process processing device. Using the determination processing unit, personal authentication method characterized by determining whether the person by comparing the user registration data registered in advance. 2. The personal authentication method according to claim 1, wherein, with respect to an adaptive change of feature data at a boundary between the at least one set of the pre-process and the post-process, the center-side device includes a new pre-process processing unit. A new post-process processing means is generated as a set, and the new pre-process processing means is transmitted to the user terminal. The user terminal uses the new pre-process processing means to generate new feature data different from the previous one. And the center-side device generates the user verification data using the new characteristic data as input and using the new post-process processing means. 3. The personal authentication method according to claim 1, wherein, regarding the adaptive variation of the feature data at a boundary between the at least one set of the pre-process and the post-process, the center-side device includes: Data conversion means for performing data conversion such as scrambling on the feature data by linking; and linking to the post-process processing means, calculating the user verification data using the converted feature data as input. And the data conversion means are transmitted to the user terminal, and the user terminal links the data conversion means to the pre-process processing means, and The center-side device receives the new feature data as input, and sends the data decryption calculation means to the post-process processing means. Reacted with click and processing means, the personal authentication method characterized by generating a user verification data. 4. The personal authentication method according to claim 1, wherein, with respect to the storage of the user registration data, the center-side device encrypts the user registration data with an encryption unit such as mapping conversion, and encrypts the user registration data with encryption. A set of decryption means was prepared, and the encrypted data obtained by subjecting the user registration data to mapping conversion and the like was transmitted to the user terminal using the encryption means, and the encrypted data was transmitted normally. After confirming that, the user registration data is deleted from the center side recording medium, and the user side terminal records the encrypted user registration data transmitted from the center side device on the recording medium. Regarding the use of the user registration data at the time of personal authentication, the user side terminal transmits the encrypted user registration data to the center side device, and the center side device transmits the encryption such as the mapping decryption. Using the decoding means And the like. After decrypting encrypted data such as the above and obtaining user registration data, the personal authentication method is compared with the user verification data using the determination processing means. 5. The personal authentication method according to claim 1, wherein, with respect to storage of the user registration data, the user side terminal includes an encryption unit for performing mapping conversion of the user registration data and a decryption unit for performing mapping decoding and the like. A set of decryption means is provided, and the encryption means is transmitted to the center-side device. The center-side device uses the encryption means to perform encryption conversion or the like on the user registration data. And means for erasing the user registration data, and regarding the use of the user registration data at the time of personal authentication, the user side terminal transmits the decryption means to the center side device. The center-side device decrypts the encrypted user registration data using the decryption unit and obtains the user registration data, and then uses the determination processing unit to obtain the user verification data and Characterized by comparing Personal authentication method. 6. The personal authentication method according to claim 5, wherein the set of the encryption means such as the mapping conversion and the decryption means such as the mapping decryption is recorded as a program so that the set can be updated as necessary. Personal authentication method characterized by being performed. 7. The personal authentication method according to claim 1, wherein transmission of various processing means from the center-side device to the user-side terminal and characteristics of a user from the user-side terminal to the center-side device. The center-side device transmits the pre-process processing means to the user-side terminal using the public key of the user-side terminal, and the user-side terminal transmits the secret data to the user-side terminal. The pre-process processing means is taken out using the key, the pre-process processing means is operated, the characteristic data is calculated, and the characteristic data is encrypted using the secret key and transmitted to the center-side device. The center device uses the public key of the user terminal,
A personal authentication method, comprising extracting the characteristic data and performing the post-processing. 8. The personal authentication method according to claim 7, wherein the user terminal uses a user password as a key,
A personal authentication method comprising storing and managing a secret key in a folder of the user terminal, and enabling the user to use the secret key by inputting a password. 9. The personal authentication method according to claim 1, wherein the human body information input means for inputting human body information of the user comprises:
A card-type fingerprint input device, having a function of storing a fingerprint image and transmitting the image to the user side terminal, wherein the pre-process processing means held by the user side terminal is a feature element A public program, wherein the user characteristic element calculated by the program is a ridge direction field vector of the fingerprint; the post-processing means held by the center-side device is an authentication data generation secret program; A personal authentication method wherein the user registration data and the user verification data calculated by the program are numerically converted multidimensional vectors. 10. The personal authentication method according to claim 1, wherein at least one set of the processing means for performing the personal authentication is divided into a plurality of n (n is a natural number) sets in each of the pre-process and the post-process. The user terminal transmits the first pre-process result to the center device, and the center device performs the first post-process using the processing result as an input, The result is transmitted to the user side terminal, the user side terminal performs the n-th pre-process using the result as an input, transmits the result to the center side device, and the center side device And an n-th post-process using the result as an input to calculate user verification data. 11. A personal authentication processing system in which a user terminal and a center device are connected via a network and performs personal authentication using human body information, wherein a computer is used as the center device for performing the personal authentication process. A recording medium on which a personal authentication program to be operated is recorded, wherein the means for performing the personal authentication processing is divided into a pre-process and a post-process, and the boundary between the pre-process and the post-process can be adaptively changed. The user side terminal has a pre-process processing means for performing the pre-process process, and the personal authentication program stores the characteristic data of the human body information generated by the user side terminal by the pre-process process. Post-process processing means for performing post-process processing as input, and user verification data generated by the post-process processing means are compared with pre-registered user registration data. Recording medium for recording a personal authentication program characterized by comprising a determination processing means for determining whether or not. 12. A recording medium on which the personal authentication program according to claim 11 is recorded, wherein the personal authentication program comprises: a new pre-process processing means for adaptively changing characteristic data at a boundary between the pre-process and the post-process. Means for generating a set of new post-processing means for processing in the user terminal,
Means for transmitting the new pre-process processing means to the user terminal; and inputting new feature data generated by the user terminal using the new pre-process processing means, using the new post-process processing means. Means for generating user verification data. A recording medium recording a personal authentication program. 13. A recording medium on which the personal authentication program according to claim 11 is recorded, wherein the personal authentication program is adapted to execute the pre-process processing means with respect to an adaptive change of characteristic data at a boundary between the pre-process and the post-process. A scrambling means for scrambling the feature data by linking
By linking to the post-process processing means, the scrambled feature data is input, and a calculation means for calculating user verification data is generated as a set, and the scramble means is provided to the user side terminal. Means for transmitting, and inputting the new feature data generated by the user side terminal using the scrambling means, processing means linking the calculating means to the post-processing means, and user verification data Recording means for recording a personal authentication program. 14. A recording medium storing the personal authentication personal authentication program according to claim 11, wherein the storage of the user registration data is performed by: the personal authentication program; Means for preparing a set of means, means for transmitting mapping conversion data obtained by performing mapping conversion on the user registration data using the mapping conversion means to a user terminal, and transmission of the mapping conversion data normally. Means for erasing the user registration data from the recording medium on the center side after confirming that the registration has been performed, and using the mapping decoding means for using the user registration data at the time of personal authentication. Means for decoding the mapping conversion data transmitted by the user, and obtaining the user registration data by decoding, and comparing the user verification data with the user registration data using the determination processing means. Recording medium on which a personal authentication program is recorded. 15. The recording medium on which the personal authentication program according to claim 11 is recorded, wherein said human body information is a fingerprint, and said pre-process processing means held by said user terminal is a feature element disclosure program. The feature data calculated by the program is a ridge field vector of a fingerprint. The post-processing unit is an authentication data generation secret program, and user registration data calculated by the program. A recording medium storing a personal authentication program, wherein the user verification data is a numerically converted multidimensional vector. 16. A personal authentication processing system in which a user terminal and a center device are connected via a network and performs personal authentication using human body information, wherein the user terminal performs a personal authentication process on a computer. A recording medium recording a personal authentication program to function as a, the means for performing the personal authentication processing is divided into a pre-process and a post-process,
The boundary between the pre-process and the post-process is configured to be adaptively changeable, the personal authentication program has pre-process processing means for performing the pre-process, and the pre-process processing means is provided for the user. The pre-process is performed by using the human body information input from the human body information input means for inputting the human body information to generate characteristic data indicating the characteristics of the user, and the characteristic data is transmitted to the center-side device. And a recording medium storing a personal authentication program characterized by determining whether or not the user is a person using the characteristic data and the user registration data. 17. A recording medium on which the personal authentication program according to claim 16 is recorded, wherein the personal authentication program is transmitted from the center device with respect to an adaptive change of characteristic data at a boundary between the pre-process and the post-process. A recording medium on which a personal authentication program is recorded, comprising means for generating new characteristic data different from the last time using the transmitted new pre-process processing means. 18. A storage medium on which the personal authentication program according to claim 16 is recorded, wherein the storage of the user registration data is performed by the personal authentication program by mapping conversion means and mapping decoding means for the user registration data. Prepared as a set, having means for transmitting the mapping conversion means to the center-side device, wherein the center-side device uses the mapping conversion means to convert mapping conversion data obtained by performing mapping conversion on the user registration data. Storing and erasing the user registration data; the personal authentication program further transmits the mapping decoding means to the center device when the user registration data is used for personal authentication; Is a recording medium on which a personal authentication program is recorded, wherein the mapping conversion data is decoded by using the mapping decoding means. 19. A recording medium on which the personal authentication program according to claim 16 is recorded, wherein said human body information input means for inputting human body information is a card type fingerprint input device, and stores a fingerprint image. Has a function of transmitting the image to the user side terminal, wherein the pre-process processing means is a feature element disclosure program, wherein the feature data calculated by the program is:
A recording medium recording a personal authentication program, characterized by being a ridge direction field vector of a fingerprint.