JP2001144748A - Device and method for generating cryptographic key, device and method for enciphering and deciphering, and program providing medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a cryptographic key generating device and an encoding and decoding device which eliminate the necessity of registering user's bionic information and whose security management is easy. SOLUTION: A cryptographic key is generated on the basis of not only the bionic information but a synthetic code obtained by combining an optional password with the bionic information. An intermediate code is generated on the basis of a code acquired by reading the bionic information such as a fingerprint pattern and the password inputted by the user, the cryptographic key such as an encryption key and a decryption key is generated on the basis of the generated intermediate code, and enciphering and deciphering are carried out. Meanwhile, the user's bionic information does not have to be preliminarily registered in a storage device, etc., and it is further possible to generate an infinite number of different encryption or decryption keys by changing passwords.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to an encryption key generation device, an encryption / decryption device, an encryption key generation method, an encryption / decryption method, and a program providing medium. More specifically, the present invention relates to an encryption key generation apparatus and method for generating an encryption key and a decryption key based on data obtained by combining biometric information unique to an individual such as a fingerprint and a password, and further requests for confidentiality. Encryption that performs encryption and decryption of various types of information, such as document data, audio data, image data, and various programs, using an encryption key and a decryption key based on data that combines biometric information and a password. The present invention relates to an encryption / decryption device and an encryption / decryption method.

[0002]

2. Description of the Related Art In recent years, information transfer via various network systems such as the Internet has become popular, and electronic settlement and use of electronic money on a network have been rapidly increasing. Further, many companies and individuals frequently store confidential documents using various storage media such as hard disks and optical disks. An important issue is how to secure security of data transferred via such a network or data stored in various storage media.

[0003] There are various methods for ensuring security, one of which is to limit the use of computers to authorized users. A typical example of this method is a configuration in which a password is given to an authorized user in advance, and only a person who has input a correct password can access data. Further, there is a data encryption process as a process for the data itself for enhancing security. By encrypting a document transferred via a network and encrypting information stored in a storage medium, the security of transfer information and stored information can be improved.

[0004] Encrypted data can be returned to a decipherable document (plaintext) by decryption according to a predetermined procedure. 2. Description of the Related Art Data encryption and decryption methods using an encryption key for information encryption and a decryption key for decryption have been conventionally known.

There are various types of data encryption / decryption methods using an encryption key and a decryption key. One example is a so-called common key encryption method. In the common key encryption method, an encryption key used for data encryption processing and a decryption key used for data decryption are shared, and a common user used for these encryption processing and decryption is assigned to a regular user. Thus, data access by an unauthorized user without a key is eliminated. A representative method of this method is DES (Data Encryption Standard: Data).
Encryption standard).

[0006] A method using a different algorithm for processing using an encryption key used for encryption and processing for a decryption key used for decryption is a so-called public key encryption method. Public key encryption is
This is a method using a public key that can be used by an unspecified user, and encrypts an encrypted document for a specific individual using a public key issued by the specific individual. A document encrypted with a public key can be decrypted only with a private key corresponding to the public key used for the encryption processing. Since the private key is owned only by the individual who issued the public key, a document encrypted with the public key can be decrypted only by the individual having the private key. A representative public key encryption method is RSA (Rivest-Sham).
ir-Adleman) encryption.

The common key encryption method described above is not suitable for an unspecified number of communications, because the number of keys becomes enormous when the number of assumed communication partners increases. In addition, the public key encryption method has an advantage that the number of keys to be managed is small. But,
The public key encryption method has a disadvantage that encryption processing and decryption become complicated.

A hybrid encryption system is a system in which the above-mentioned common key encryption system and the public key encryption system are combined. In the hybrid encryption method, a common key is used for encrypting information, and the common key used for encryption is encrypted by a public key encryption method. According to this hybrid encryption method, a fast-processing common key encryption method is applied to a document having a large data amount, and a public key encryption method having a slow processing is used only for encrypting a common key having a small data amount. And the advantages of both can be used effectively.

The encryption key and the decryption key used for the above-mentioned encryption processing and decryption can be obtained by applying a one-way function such as a hash function based on a certain password or the like. A one-way function is a function that makes it very difficult to obtain an input from its output. For example, user I
A one-way function is applied with a password such as D as an input, and an encryption key and a decryption key are generated based on the output. From the encryption key and the decryption key obtained in this way, the user ID which is the original data
It is virtually impossible to ask for a password such as

In view of the above, in a configuration using an encryption key and a decryption key, password management is a very important issue in security management. However, at present, there are various problems in personally managing passwords such as user IDs. While it may be advantageous to have a complex password to increase security,
It is difficult for a human to remember a complicated password.
It is also possible to store and save the password in some storage device such as a hard disk to supplement human memory, but if a password is stored in such a storage device, a third party steals the password from the storage device There is a problem with safety.

As one method for solving the problem of password management, there is a method of using an individual's biometric information, for example, a fundus image, a fingerprint, or the like, to verify whether or not the user is an authorized user. As an example of a security management system using personal biometric information, there is a personal information management apparatus and method disclosed in Japanese Patent Application Laid-Open No. H11-215119.

The system described in Japanese Patent Application Laid-Open No. 11-215119 has a configuration in which biometric information of an authorized user, for example, code information obtained from a fundus image is registered and stored in the system in advance. In this system, a user who wants to perform document encryption processing first causes the system to read biometric information such as his / her own fundus information. Next, the system compares the biometric information read from the user with the registered biometric information to confirm whether or not the user is an authorized registered user. Only when the legitimacy of the user is confirmed by this collation processing, the processing shifts to the encryption processing using the key based on the biometric information. According to this method, since the encryption process is executed using the secret key based on the biometric information unique to the individual, there is an effect that the secret key is prevented from being copied or misused by another person.

[0013]

However, in order to realize the individual validity confirmation processing using such biological information, it is necessary to compare the newly read biological information such as the fundus image and fingerprint of the individual with the comparison object. It is necessary to store such collation information in a storage device in the system. That is, it is necessary to previously store image information obtained by electronically photographing a fundus image, a fingerprint, and the like of each individual who is an authorized user, or a code string obtained from this image information in a storage device in advance. Japanese Patent Application Laid-Open No. H11-215119 enhances security by storing a secondary code obtained by converting a code obtained from biometric information, but such a system is used when the stored information is stolen. However, the encryption key may be duplicated based on the stolen information, and the reliability of the system is not always sufficient.

Further, in the conventional code generation method relying only on biometric information, when biometric information codes read from fingerprints of different individuals become the same, the same encryption key is generated based on the same code. there is a possibility. In order to eliminate such a possibility, the pattern reading accuracy of the biometric information reading means such as a scanner must be extremely high so that the biometric information code of each individual is surely different. However, in reality, it is difficult to realize such high-precision reading, and when trying to realize high-precision reading, a different code is generated for each reading even if the same person is used. However, it is difficult to realize a system that is practically usable.

Further, in the conventional system configuration, in a system having no storage device for storing image information obtained by electronically photographing biological information such as a fundus image of an authorized user or a code string obtained from the image information, Collation processing is not possible. Therefore, when the above configuration is applied to a cryptographic information distribution system via a network, only devices equipped with a memory storing collation information can participate in communication, and devices not storing collation information can communicate. Will not be able to participate. Therefore, the above configuration is effective only in a very limited system, and has a drawback of poor expandability.

Further, when an encryption key is to be generated based on fundus image information as in the personal information management apparatus and method disclosed in Japanese Patent Application Laid-Open No. 11-215119, fundus image information obtained from an individual is Even when the left and right eyes are used, the number is two, and the number of code strings obtained from the fundus image information is extremely small, so that it is difficult to increase the types of encryption keys. If another cryptographic key is to be created, it is conceivable to use other biometric information, for example, a fingerprint. However, even if ten fingers are used, only up to ten types of codes can be obtained. There is a problem that an encryption key generated in an encryption key generation method using only information is limited to a very limited finite number.

An encryption / decryption device, an encryption / decryption method, and a program providing medium according to the present invention have been made in view of the above-mentioned problems in the prior art.

According to the present invention, not only the biometric information but also a cryptographic key is generated based on a synthetic code in which an arbitrary password is combined with the biometric information. Even if there is, an encryption key generation device that eliminates the possibility of a code generated in combination with a password and enables a code obtained by reading biometric information such as a fingerprint pattern to have an extremely simple configuration, An object of the present invention is to provide an encryption / decryption device, an encryption key generation method, and an encryption / decryption method.

Further, the encryption key generation device, the encryption / decryption device, the encryption key generation method, and the encryption / decryption method of the present invention use an encryption key or a decryption key generation method using biometric information. It is an object of the present invention to provide a system in which the necessity of registering the biometric information of an authorized user in a storage device or the like in advance is eliminated and the expandability of the system is ensured.

Further, according to the present invention, an encryption key or a decryption key is generated based on a code string in which biometric information is combined with a password, so that an infinite number of different encryption keys or decryption keys are generated. It is an object of the present invention to provide an encryption key generation device, an encryption / decryption device, an encryption key generation method, and an encryption / decryption method capable of generation.

[0021]

SUMMARY OF THE INVENTION A first aspect of the present invention is as follows.
Biological information reading means for obtaining biometric information, generating and outputting a biometric code based on the biometric information, password input means for inputting a password, the biometric code read and generated by the biometric information reading means, and the password An intermediate code generation unit that generates an intermediate code based on a password input from the input unit, and an encryption key generation unit that generates an encryption key to be applied to an encryption process or a decryption process based on the intermediate code, An encryption key generation device characterized by having:

Further, in the encryption key generating apparatus according to the present invention, the biometric information read by the biometric information reading means is:
It is characterized by being one of a fingerprint, a fundus image, a voiceprint, and a DNA pattern, or a combination of two or more biometric information of a fingerprint, a fundus image, a voiceprint, and a DNA pattern.

Further, in the encryption key generating apparatus of the present invention, the biometric information read by the biometric information reading means is fingerprint information, and the biometric information reading means forms a fingerprint uneven pattern in a plurality of areas obtained by dividing a fingerprint image. The ridge direction is identified, and a code corresponding to the ridge direction is associated with each of the plurality of regions to generate and output a biometric code.

Further, in the encryption key generation device of the present invention, the intermediate code generation means may include one of a biometric code read and generated by the biometric information reading means and a password input from the password input means. It is characterized in that an intermediate code is generated by executing data connection processing of a biometric code and a password in which upper bits are used and the other is lower bits.

Further, in the encryption key generation device of the present invention, the intermediate code generation means applies a function to the biometric code read and generated by the biometric information reading means and the password input from the password input means. And generating a new intermediate code.

Further, in the encryption key generation device of the present invention, the encryption key generated by the encryption key generation means may be any of a common key in a common key encryption system, a public key in a public key encryption system, and a secret key. There is a feature.

Furthermore, a second aspect of the present invention is a biometric information reading means for acquiring biometric information, generating and outputting a biometric code based on the biometric information, a password input means for inputting a password, Intermediate code generation means for generating an intermediate code based on the biometric code read and generated by the information reading means and the password input from the password input means; and encryption or decryption processing based on the intermediate code Encryption key generation means for generating an encryption key applied to data, data input means for inputting data to be encrypted, and encryption of data input from the data input means based on the encryption key generated by the encryption key generation means Having encryption means for executing processing, and output means for outputting data encrypted by the encryption means; In the encryption apparatus characterized.

Further, in the encryption apparatus of the present invention, the biological information read by the biological information reading means is any one of a fingerprint, a fundus image, a voiceprint, and a DNA pattern, or two or more of a fingerprint, a fundus image, a voiceprint, and a DNA pattern. It is a combination of biological information.

Further, in the encryption device according to the present invention, the biometric information read by the biometric information reading means is fingerprint information, and the biometric information reading means forms a fingerprint uneven pattern in a plurality of areas obtained by dividing a fingerprint image. The ridge direction is identified, and a code corresponding to the ridge direction is associated with each of the plurality of regions to generate and output a biometric code.

Further, in the encryption device according to the present invention, the intermediate code generation means may place one of the biometric code read and generated by the biometric information reading means and the password input from the password input means on a higher level. It is characterized in that the intermediate code is generated by executing data connection processing of a biometric code and a password with the bits being the lower bits and the other being the lower bits.

Further, in the encryption device of the present invention, the intermediate code generation means applies a function to the biometric code read and generated by the biometric information reading means and the password input from the password input means. And generating a new intermediate code.

Further, a third aspect of the present invention is a biometric information reading means for acquiring biometric information, generating and outputting a biometric code based on the biometric information, a password input means for inputting a password, Intermediate code generation means for generating an intermediate code based on the biometric code read and generated by the information reading means and the password input from the password input means; and encryption or decryption processing based on the intermediate code Encryption key generation means for generating an encryption key applied to the data, data input means for inputting data to be decrypted, and decryption of data input from the data input means based on the encryption key generated by the encryption key generation means Decoding means for executing processing, and output means for outputting data decoded by the decoding means In decoding apparatus characterized.

Further, in the decoding device of the present invention, the biological information read by the biological information reading means is any one of a fingerprint, a fundus image, a voiceprint, and a DNA pattern, or two or more of a fingerprint, a fundus image, a voiceprint, and a DNA pattern. It is a combination of biological information.

Further, in the decoding apparatus according to the present invention, the biometric information read by the biometric information reading means is fingerprint information, and the biometric information reading means forms a fingerprint uneven pattern in a plurality of areas obtained by dividing a fingerprint image. The ridge direction is identified, and a code corresponding to the ridge direction is associated with each of the plurality of regions to generate and output a biometric code.

Further, in the decryption device of the present invention, the intermediate code generation means places one of the biometric code read and generated by the biometric information reading means and the password input from the password input means on the upper level. It is characterized in that the intermediate code is generated by executing data connection processing of a biometric code and a password with the bits being the lower bits and the other being the lower bits.

Further, in the decoding apparatus of the present invention, the intermediate code generation means applies a function to the biometric code read and generated by the biometric information reading means and the password input from the password input means. And generating a new intermediate code.

Further, according to a fourth aspect of the present invention, there is provided an encryption key generation method for generating an encryption key used for an encryption process or a decryption process, wherein biometric information is obtained and a biometric code based on the biometric information is generated. A biometric information reading step to output the password, a password input step to input a password, and an intermediate code to generate an intermediate code based on the biometric code read in the biometric information reading step and the password input in the password input step. An encryption key generation method, comprising: a generation step; and an encryption key generation step of generating an encryption key to be applied to an encryption process or a decryption process based on the intermediate code.

Further, in the encryption key generation method of the present invention, the biometric information read in the biometric information reading step is any one of a fingerprint, a fundus image, a voiceprint and a DNA pattern, or two or more of a fingerprint, a fundus image, a voiceprint and a DNA pattern. Characterized by a combination of biological information.

Further, in the encryption key generation method according to the present invention, the biometric information read in the biometric information reading step is fingerprint information, and the biometric information reading step includes a step of forming a concavo-convex pattern of the fingerprint in a plurality of areas obtained by dividing the fingerprint image. A ridge direction to be formed is identified, and a biometric code is generated and output by associating a code corresponding to the ridge direction with each of the plurality of regions.

Further, in the encryption key generating method according to the present invention, the intermediate code generating step includes the step of setting one of the biometric code read in the biometric information reading step and the password input in the password input step to an upper bit. And performing a data concatenation process of a biometric code and a password using the other as lower bits to generate an intermediate code.

Further, in the encryption key generating method of the present invention, the intermediate code generating step applies a function to the biometric code read in the biometric information reading step and the password input in the password input step. Generating a new intermediate code.

Furthermore, a fifth aspect of the present invention is a biometric information reading step for acquiring biometric information, generating and outputting a biometric code based on the biometric information, a password inputting step for inputting a password, An intermediate code generating step of generating an intermediate code based on the biometric code read in the information reading step and the password input in the password input step; and applying an encryption process or a decryption process based on the intermediate code. An encryption key generation step of generating an encryption key to be encrypted, a data input step of inputting data to be encrypted, and an encryption process of the data input in the data input step based on the encryption key generated in the encryption key generation step. Performing an encryption step, and encrypting in the encryption step. And outputting the data, in the encryption method characterized by having a.

Further, a sixth aspect of the present invention is a biometric information reading step for acquiring biometric information, generating and outputting a biometric code based on the biometric information, a password inputting step for inputting a password, An intermediate code generating step of generating an intermediate code based on the biometric code read in the information reading step and the password input in the password input step; and applying the encryption or decryption processing based on the intermediate code. An encryption key generation step of generating an encryption key to be encrypted, a data input step of inputting data to be decrypted, and a decryption process of the data input in the data input step based on the encryption key generated by the encryption key generation means. A decoding step to be performed, and data decoded in the decoding step. In decoding method characterized by and an output step of outputting.

Further, a seventh aspect of the present invention is a program providing medium for tangibly providing a computer program for causing a computer system to execute an encryption key generation process, wherein the computer program includes biometric information A biometric information reading step of generating and outputting a biometric code based on the biometric information, a password input step of inputting a password, and inputting the biometric code read in the biometric information reading step and the password input step. An intermediate code generating step of generating an intermediate code based on the password, and an encryption key generating step of generating an encryption key to be applied to an encryption process or a decryption process based on the intermediate code. Characteristic program providing medium.

The program providing medium according to the seventh aspect of the present invention is, for example, a medium for providing a computer program in a computer-readable format to a general-purpose computer system capable of executing various program codes. . The form of the medium is not particularly limited, such as a storage medium such as a CD, an FD, and an MO, and a transmission medium such as a network.

Such a program providing medium defines a structural or functional cooperative relationship between the computer program and the providing medium for realizing the functions of a predetermined computer program on a computer system. Things. In other words, by installing the computer program into the computer system via the providing medium, a cooperative operation is exerted on the computer system, and the same operation and effect as the other aspects of the present invention can be obtained. You can do it.

[0047]

According to the configuration of the present invention, a composite code is generated by combining various biometric information such as a fingerprint code and a password, and an encryption key is generated based on the composite code. It is possible to enhance the uniqueness of the synthetic code, and even if the read biometric information matches between different individuals,
Codes generated in combination with passwords can be different, and codes obtained by reading biometric information such as fingerprint patterns can be extremely simple codes, requiring a high-precision reading device , An encryption / decryption device configuration is realized.

Further, according to the configuration of the present invention, the same encryption key cannot be generated only from the password,
The password can be stored and managed in the storage device,
Therefore, generation of the encryption key and confidentiality management become easy. Here, the shared encryption key (shared key) refers to a key that the user wants to share, and the key itself may be a common key or a public key. That is, in the case of a common key system such as DES encryption, a common key is used.
In the case of a public key system such as the RSA encryption, it means a secret key (a secret decryption key, and in the case of authentication, a secret message inspection key). In the public key method, it can be said that the encryption key and the message generation key are already shared by the public file.

Still other objects, features and advantages of the present invention are:
It will become apparent from the following more detailed description based on the embodiments of the present invention and the accompanying drawings.

[0050]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, an encryption key generation device according to the present invention will be described.
Embodiments of an encryption / decryption device, an encryption key generation method, and an encryption / decryption method will be described with reference to the drawings.
This will be described in detail.

[0051]

FIG. 1 is a block diagram showing the configuration of an encryption device according to the present invention, FIG. 2 is a block diagram showing the configuration of a decryption device, and FIG. FIG. 4 shows an example of a hardware configuration in each configuration. Hereinafter, description will be made sequentially according to each drawing.

FIG. 1 is a block diagram showing an encryption device according to an embodiment of the encryption / decryption device of the present invention.

As shown in FIG. 1, the encryption device includes a fingerprint reading unit 101, a password input unit 102, an encryption key generation unit 103, a data input unit 104, and an encryption unit 10.
5. It has data output means 106. In the following description of the embodiment, as shown in the encryption device of FIG.
The following description focuses on an example in which a fingerprint is used as biometric information. However, the biometric information used in the encryption / decryption device and the encryption / decryption method of the present invention is not limited to fingerprints, but also includes fundus images, voice prints, DNA patterns, and other information related to an individual's living body or these Any combination can be used and is not limited to the configuration shown in the embodiment. When using a fundus image, voiceprint, or DNA pattern,
A reading device and an analyzing device for each biological information are used. For example, biometric information is read using a fundus camera when using a fundus image, a voice recognition device when using a voice print, and a DNA analyzer when using a DNA pattern. However, in the following, an example in which a fingerprint is used as biometric information will be described in order to avoid a complicated description.

The fingerprint reading means 101 in the encryption device shown in FIG. 1 reads a fingerprint pattern when a user's (user) finger is pressed, and extracts features of the fingerprint pattern.
A fingerprint code is output based on the extracted feature data,
Output to the encryption key generation means 103. The reading of the fingerprint pattern can be realized by various reading configurations such as a scanner that optically reads a fingerprint or a pressure sensor that detects a pressure generated by pressing a finger for each minute portion and reads an uneven pattern.

The password input means 102 is means for inputting a password by a user such as a keyboard. The password input from the password input unit 102 is output to the encryption key generation unit 103.

The encryption key generation means 103 generates an encryption key according to a combination of the fingerprint code read from the fingerprint reading means 101 and the password input from the password input means 102, and outputs the generated encryption key to the encryption means 105.
The encryption key generated by the encryption key generation means 103 includes an encryption key for encryption and a decryption key for decryption. The type of key to be generated is determined depending on which of various encryption methods such as the encryption method and the hybrid encryption method is applied. The present invention can be applied to any encryption method, and the key to be generated is data encryption or decryption processing, or, when the above-described hybrid method is applied, encryption of the key itself. It is also used in processing or decoding processing. In FIG. 1, description will be given below assuming that an encryption key used for data encryption processing is generated. A specific example of the encryption key generation means will be described later.

The data input means 104 is a data input means for inputting data to be encrypted, such as a hard disk, a network interface, etc., and outputs the data to be encrypted to the encryption means 105. The encryption means 105 converts the data to be encrypted input from the data input means 104 with the encryption key generation means 103
The data output means 10 encrypts with the encryption key generated in
Output to 6.

The data output means 106 is constituted by a storage means such as a network interface or a hard disk, and outputs the data encrypted by the encryption means 105.

In the encryption device shown in FIG. 1, a feature code obtained from a fingerprint by
The encryption key generation means 103 generates an encryption key in accordance with a combination of passwords input from the password input means 102, and the data input means 104 is generated by the encryption key.
Data input means 106 for encrypting the data input from
Can be output to the fingerprint reading means 101.
Even if the code based on the biometric information read by the user is uniform data, the code string can be combined with an arbitrary password input from the password input unit 102 to form an encryption key generation code. By doing so, countless different code strings can be generated, and different encryption keys can be generated indefinitely.

Further, in the encryption device shown in FIG. 1, since the collation data for collating the fingerprint read data is not stored in the storage means, there is no possibility that the collation data is stolen by a third party, and the data is illegally transmitted. There is no danger of the encryption key being duplicated.

Next, the configuration of the decoding apparatus according to the present invention will be described with reference to FIG. FIG. 2 is a block diagram showing a configuration of the decoding device according to the present invention. As shown in FIG. 2, the decryption device includes a fingerprint reading unit 201, a password input unit 202, an encryption key generation unit 203, a data input unit 2
04, a decoding unit 205, and a data output unit 206.

[0062] Fingerprint reading means 201, password input means 202, encryption key generating means 203, data input means 2
04, the basic configuration of the data output means 206 is the same as that shown in FIG.
Since the means are the same as those of the encryption device described in the above, the description of the same configuration will be omitted, and the description will focus on the different parts.

In the decryption device shown in FIG. 2, the encryption key generation means 203 outputs an encryption key according to a combination of the fingerprint code read from the fingerprint reading means 201 and the password input from the password input means 202. Generates a decryption key used for decrypting the encrypted data, and outputs it to the decrypting means 205.

The data input means 204 inputs the encrypted data to be decrypted and outputs it to the decrypting means 205. The decryption means 205 decrypts the encrypted data to be decrypted input from the data input means 204 with the decryption key generated by the encryption key generation means 203, and outputs the decrypted data to the data output means 206. The data output means 206 includes a decryption means 205
Output the decrypted data.

If the decryption device shown in FIG. 2 is used, it is possible to decrypt the encrypted data with a decryption key generated according to the combination of the password and the characteristic code obtained from the fingerprint, and to output the decrypted data. Even if the code based on the biometric information read by the fingerprint reading means is uniform data, the code string can be combined with an arbitrary password and used as the original data of the decryption key. Can be generated, so that countless different decryption keys can be generated.

Further, since the collation data for collating the fingerprint read data is not stored in the storage means, there is no danger of theft of the collation data by a third party, and there is no danger of illegally duplicating the encryption key. .

Next, with reference to FIG.
The configuration of the decoding device will be described. FIG. 3 is a block diagram showing the configuration of the encryption / decryption device according to the present invention. As shown in FIG. 3, the encryption / decryption device includes a fingerprint reading unit 301, a password input unit 302, an encryption key generation unit 303, a data input unit 304, and an encryption / decryption unit 3.
05, a data output means 306.

[0068] Fingerprint reading means 301, password input means 302, encryption key generating means 303, data input means 3
04, the basic configuration of the data output unit 306 is the same as each unit in the encryption device and the decryption device described with reference to FIGS. 1 and 2, and thus the description of the same configuration will be omitted, and different parts will be mainly described. explain.

In the encryption / decryption device shown in FIG.
The encryption key generation unit 303 generates an encryption key, in this case, an encryption key used for encrypting data, according to a combination of the fingerprint code read from the fingerprint reading unit 301 and the password input from the password input unit 302. A decryption key used for decrypting the encrypted data is generated and output to the encryption / decryption unit 305.

Data input means 304 inputs data to be encrypted or encrypted data to be decrypted, and outputs the data to encryption / decryption means 305. The encryption / decryption unit 305 encrypts the data to be encrypted or the encrypted data input from the data input unit 304 with the encryption key generated by the encryption key generation unit 303,
Alternatively, the data is decrypted with the decryption key and output to the data output unit 306. The data output unit 306 outputs the data encrypted by the encryption unit 305 or the decrypted data.

In the encryption / decryption device shown in FIG. 3, similarly to the above-described encryption device or decryption device,
An encryption key or a decryption key generated according to a combination of a feature code and a password obtained from a fingerprint enables data to be encrypted or decrypted, and a code based on biometric information read by fingerprint reading means. Can be used as the original data of the encryption key and the decryption key by combining an arbitrary password with the code string, so that countless different code strings are generated by changing the password. It is possible,
It is possible to generate an infinite number of different encryption keys and decryption keys.

Further, since the collation data for collating the fingerprint read data is not stored in the storage means, there is no danger of theft of the collation data by a third party, and there is no danger of illegally duplicating the encryption key. .

Next, with reference to FIG.
A hardware configuration of a decryption device and an encryption / decryption device will be described.

FIG. 4 is a block diagram showing an example of a hardware configuration relating to the encryption device, the decryption device, and the encryption / decryption device described with reference to FIGS.

The fingerprint reading means 400 includes a scanner 402 as an optical fingerprint pattern reading means and a microcomputer # 1: 403. Microcomputer # 1: 403 has CPU 405, RO
M406, RAM407, input output
An interface (I / O) 408 is connected.

The ROM 406 constituting the microcomputer # 1: 403 is provided with the microcomputer # 1: 40.
3 and stores a basic program for starting an operating system (OS).
Is used as a main storage memory, and has a work area for various processes such as a code generation process by the CPU 405. Various programs, for example, a fingerprint code generation program are stored in a storage medium (not shown) such as a floppy (registered trademark) disk or a hard disk.
M407 may be loaded.

The fingerprint image data read by the scanner 402 is input to the microcomputer # 1: 403 via the I / O 408, and a process for generating a fingerprint code is executed.

The process in the fingerprint reading means 400, that is, the process of generating a fingerprint code from the fingerprint image data read by the scanner 402 will be described with reference to FIG.

In the encryption / decryption device and the encryption / decryption method of the present invention, the code as the source of the encryption key is formed based on both the biometric information code such as a fingerprint and the input password. You. Therefore, since the code generated by synthesis by changing the input password can be complicated, the biometric information code itself such as a fingerprint is not required to be a complicated code. Even if the code obtained from the biometric information is a simple short data string, there is almost no possibility that the same code is generated in the code string combined with the password. Therefore, an advanced scanning device is not required without increasing the fingerprint reading accuracy.

In the conventional code generation method relying only on biometric information, if biometric information codes read from fingerprints of different individuals become the same, the same encryption key may be generated based on the same code. There is. In order to eliminate such a possibility, there has been a demand for making the reading accuracy of the scanner extremely high so that the biometric information codes of each individual are surely different. But in reality,
When high-precision reading is performed, there is a problem that a different fingerprint code is generated each time reading is performed even by the same person, and a system that can be used at present has not been realized.

In the encryption / decryption device and the encryption / decryption method according to the present invention, unlike the conventional system as described above, not only the biometric information but also the encryption key based on a code combining an arbitrary password. Is generated, even if the biometric information matches in different individuals, there is little possibility that the codes generated in combination with the password match. Therefore, a code obtained by reading biometric information such as a fingerprint pattern can have a very simple configuration. An example of fingerprint pattern reading and code generation applicable to the encryption / decryption device of the present invention will be described with reference to FIG.

In order to generate a code from a fingerprint pattern, first, as shown in FIG. 5A, a fingerprint image formed when a finger is touched on the scanner is divided into a plurality of areas. The image is divided into four regions of regions 1 to 4 by orthogonal lines at the center of the finger, and a code is generated in each of the divided regions.

FIG. 5B shows that the ridge directions of fingerprints (flow of fingerprint lines) are classified into four patterns, and codes are assigned to the respective patterns. Set horizontal ridges to 0 (0
0), ridges rising to the right are 1 (01), ridges in the vertical direction are 2 (10), and ridges falling to the right are 3 (11), and codes are associated with each other.

FIG. 5C shows the ridge pattern in each region of the fingerprint pattern of FIG. 5A, that is, the ridge direction (flow of the fingerprint line) of the fingerprint in each region.
FIG. 4B is a diagram showing a fingerprint pattern and a selected pattern together by selecting the most similar pattern among the patterns shown in FIG.

In each area of FIG. 5C, the code of the selection pattern most similar to the fingerprint pattern is stored in area 1
Data generated by arranging in the order of ~ 4 was used as a fingerprint code. That is, in the example of FIG. 5, as shown in FIG. 5D, 11011101 (binary number) or dd (hexadecimal number) is output as a code based on a fingerprint pattern, that is, a fingerprint code.

The example of code generation shown in FIG. 5 is just one example of generating a code from biological information. In FIG. 5, the number of area divisions is set to 4 (see FIG. 5A), and four types of code corresponding patterns (FIG.
(See (b)), the number of area divisions may be increased to 4 or more, such as 8 or 16, and the code corresponding pattern may be further finely divided to increase the code. It is possible to perform fine classification and code generation processing according to each fingerprint pattern.

FIG. 6 shows the fingerprint reading means 400 shown in FIG.
5 shows a processing flow for generating a fingerprint code from read fingerprint image data, which is the processing in. FIG. 6 is a flowchart specifically showing a processing algorithm for reading a fingerprint code by the microcomputer # 1: 403 in the fingerprint reading means 400 of FIG.

Step 601 is performed by the scanner 4 shown in FIG.
02 is a step of expanding the fingerprint data read in 02 into two-dimensional image data and executing pre-processing such as direction correction and noise processing.

Step 602 is a step of executing processing of dividing the image data preprocessed in step 601 into n regions. Each divided area is defined as (I1, I2,..., In).

Step 603 is a step of extracting a feature of the image data for each area divided in step 602 and coding the feature amount. The code string output from each area I1, I2, ..., In) is (C1, C2, ..., Cn).

At step 604, the codes output from the respective areas are combined and combined into one code. One example of the combining method is a method of simply connecting the codes of the respective areas, that is, connecting them. If the synthesized code is A,
A = C1C2... Cn.

Step 605 is the same as step 604 described above.
The code A obtained in is output as a fingerprint code.

The fingerprint reading means 400 generates a fingerprint code required for generating an encryption key by executing such a procedure.

The code obtained from the fingerprint pattern generated in this manner is output to the encryption key generation means 420 in FIG.

The encryption key generation means 420 includes a microcomputer # 2: 423. Microcomputer #
2: 423: CPU 425, ROM 42 on bus 424
6, a RAM 427, and an input / output interface (I / O) 428.

The ROM 426 constituting the microcomputer # 2: 423 is provided with the microcomputer # 2: 42.
3 and stores a basic program for starting an operating system (OS).
Is used as a main storage memory, and has a work area for various processes such as an encryption key generation process by the CPU 425. Various programs, for example, an encryption key generation program may be stored in a storage medium (not shown) such as a floppy disk or a hard disk, and may be loaded into the RAM 427 at the time of execution.

The code read and generated by fingerprint reading means 400 is input to microcomputer # 2: 423 via I / O 428, and encryption key generation processing is executed.

The encryption key generating means 420 inputs the code read and generated by the fingerprint reading means 400 and the password input from the password input means 410. Password input means 410
Has a keyboard 411 for inputting characters, and the user can input an arbitrary password.

The encryption key generation means 420 generates an encryption key based on the code read and generated by the fingerprint reading means 400 and the password input from the password input means 410.

The encryption key generation means 420 has, for example, a functional configuration shown in FIG. FIG. 7 is a functional block diagram showing processing executed by microcomputer # 2: 423 shown in FIG. 4 divided into functional components according to an encryption key generation algorithm. As shown in FIG. 7, the encryption key generation unit 701 has an intermediate code generation unit 7 as its processing function.
11 and an encryption key generation unit 712.

The intermediate code generator 711 generates an intermediate code according to a combination of the fingerprint code read from the fingerprint reader and the password input from the password input unit, and outputs the intermediate code to the encryption generator 712.

The encryption key generation section 712 generates an encryption key by applying a predetermined function to the intermediate code output from the intermediate code generation section 711, and outputs the generated encryption key to the encryption / decryption means. The key generated by the encryption key generation unit 712 is a common key when the encryption method used by the system is a common key method such as DES encryption, and uses a public key method such as RSA encryption. In this case, the secret key and the public key are used.

The intermediate code generation unit 711 performs the processing shown in FIG.
The intermediate code is generated by combining the fingerprint code generated based on the fingerprint pattern read by the fingerprint reading means and the password input from the password input means by the method described with reference to FIG.

FIG. 8 shows an example of the generation of the intermediate code executed by the intermediate code generation section 711. The fingerprint code read by the fingerprint reading means is, for example, 16 bits, FE26 (fingerprint code)... (1), and the password input from the password input means is, for example, 16 bits, 35 BA (password). )... (2).

The intermediate code generation unit 611 generates the 32-bit intermediate code of FE2635BA... (3) by synthesizing the fingerprint code of (1) and the password of (2).

The intermediate code generated by intermediate code generation section 711 shown in FIG. 7 is output to encryption key generation section 712.

The example of generating the intermediate code shown in FIG.
For example, the intermediate code is acceptable as long as it is data generated based on a fingerprint code generated by the fingerprint reading means and a password input by the password inputting means, as shown in FIG. It is only necessary to generate a new code based on the fingerprint code and the password without being limited to the simple code connection processing. For example, a configuration may be adopted in which an intermediate code is obtained by applying a function to a fingerprint code and a password, or a new code may be generated by processing such as a table search using the fingerprint code and the password as addresses.

The intermediate code generated by intermediate code generation section 711 is output to encryption key generation section 712, and encryption key generation section 712 generates an encryption key based on the intermediate code. The encryption key generation method includes RSA method, DES method, etc.
Processing is performed according to the system adopted by the system.

FIG. 9A shows a functional block configuration used for an encryption key generation process in the case of a common key encryption system as shown in FIG. 9A, and FIG. 9B shows a functional block configuration used for an encryption key generation process in the case of a public key encryption system. Each functional block configuration is shown.

The common key encryption method shown in FIG.
First, a description will be given. As described above, the common key encryption method is an encryption method in which a key used for encryption and a key used for decryption are shared.

The encryption key generation unit 901 in the common key encryption system shown in FIG. 9A has function processing means 902 for applying the function F, and applies the function F to the intermediate code received from the intermediate code generation unit. Then, an encryption key and a decryption key are generated and output to the encryption / decryption means. As an example of the function F,
For example, there is a one-way function such as an MD4 hash function or an MD5 hash function. As described above, it is difficult to derive the original data, in this case an intermediate code, based on the generated encryption key.

When the common key encryption method is adopted,
Using the encryption key or the decryption key generated in this way, data encryption or decryption is performed.

Next, the public key encryption method shown in FIG. 9B will be described. The encryption key generation process when the RSA method is adopted will be described with reference to FIG. FIG.
As shown in (b), the encryption key generation unit 903 has an intermediate code division unit 904, a prime number generator 905, and a public key / private key generation unit 906.

In order to generate a public key and a secret key in the RSA scheme, two prime numbers p and q are required. The intermediate code division unit 904 divides the intermediate code input from the intermediate code generation unit into two codes. For example, the intermediate code is divided on the way, and two codes of upper bits and lower bits are generated.

The two codes generated by intermediate code division section 904 are output to prime number generator 905. The prime number generator 805 has a random number generator. Intermediate code division unit 904
Are generated by the prime number generator 80
5 is used as a seed for the random number generator of which the prime number is determined based on the random number generated by the random number generator.
Are extracted. The extracted two prime numbers are output to the public key / private key generation unit 906 as prime numbers p and q for generating an encryption key.

The public key / private key generation unit 906 generates a prime number p,
A public key and a secret key are generated based on q. p and q are two prime numbers p and q output by the prime number generator 905 based on the biometric information code and the divided intermediate code based on the password, and are sufficiently large prime numbers (for example, 512 to 2048 bits).

The process of generating an encryption key in the public key / private key generation unit 906 is performed, for example, in the following procedure. First, f = (p−1) (q−1), and a value e that is relatively prime (the greatest common divisor is 1) is obtained from f. I.e. g
A value e that satisfies cd (e, (p-1), (q-1)) = 1 is obtained. Gcd means the greatest common divisor. Further, a value d for ed = 1 modf is obtained, and d is obtained.
Based on these values, the public key is determined as n, e, and the secret key is determined as p, q, d.

The public key and private key generated by the public key / private key generation unit 906 can be obtained by E if the prime numbers p and q are known. In order to obtain d, it is necessary to factor n, which requires a huge amount of calculation, and it is practically impossible to obtain the value d. The public key / private key generation unit 906 generates a public key / private key according to such a procedure. Note that a different encryption method applied to the system requires a different key generation method.

Returning to FIG. 4, the description of the configuration of the encryption / decryption device of the present invention will be continued. Encryption key generation means 420
Then, various encryption keys are generated according to the method described above.

The encryption key generated by the encryption key generation means 420 is sent to the encryption / decryption means 430. In the example shown in FIG. 4, the encryption / decryption means 430 performs encryption processing,
Although shown as a configuration that can be executed in any of the decryption processes, that is, the configuration of the encryption / decryption device corresponding to FIG. 3, as shown in FIG. 1 or FIG. In the case of a device, it is configured to execute either the encryption process or the decryption process.

As shown in FIG. 4, the encryption / decryption means 430 includes a microcomputer # 3: 433. The microcomputer # 3: 433 connects the bus 434 with the CP.
U435, ROM436, RAM437, input
It has a configuration in which an output interface (I / O) 438 is connected.

The ROM 436 constituting the microcomputer # 3: 433 is provided with the microcomputer # 3: 43.
RAM 337 for storing a basic program for starting the operating system (OS) 3 and for starting the operating system (OS).
Is used as a main storage memory, and has a work area for various processes such as an encryption process and a decryption process by the CPU 435. Various programs, for example, an encryption processing program or a decryption program may be stored in a storage medium (not shown) such as a floppy disk or a hard disk, and may be loaded into the RAM 437 at the time of execution.

The encryption key generated by the encryption key generation means 420 is input to the microcomputer # 3: 433 via the I / O 438, and the encryption or decryption processing is executed.

The encryption / decryption means 430 inputs data to be encrypted or encrypted data to be decrypted from the data input means 440. Data input means 4
In the example of FIG. 4, it is assumed that the hard disk drive 441 includes a hard disk 441 as a storage device and that data to be processed is stored in the hard disk, but data input is transferred via, for example, a network. It may be data.

The data subjected to the encryption processing or decryption by the encryption / decryption means 430 is output to the data output means 450. In FIG. 4, the data output means 4
Although the network interface 451 is described as 50, the network interface 45
1, or a configuration in which the processing data is stored in a hard disk, an optical disk, or another storage medium.

The encryption or decryption processing executed by the encryption / decryption means 430 is performed based on the above-described common key encryption method, public key encryption method, or the like.
The processing is executed by applying the A method, the DES method, or the like, and the generation of the encryption information or the generation of the decrypted data from the encrypted data is performed.

As is clear from the above description, in the encryption / decryption device and the encryption / decryption method of the present invention, both the common key encryption method and the public key encryption method can be used. An encryption key is generated by an encryption key generation unit 420 based on an individual-specific biometric information code generated from fingerprint information by the fingerprint reading unit 400 and a password input from the password input unit 410, and based on the encryption key. Since data encryption or decryption is performed, a key unique to an individual can be generated, and an infinite number of various keys can be generated by combining various passwords.

Further, according to the configuration of the present invention, the password constituting a part of the encryption key generation source data is stored in a storage device such as a hard disk, and the biometric information is obtained only when the encryption process and the decryption process are performed. And an intermediate code may be generated to generate an encryption key. Since the same encryption key cannot be generated from the password alone, even if the password is stolen from the storage device, it cannot be applied to data decryption processing. Therefore, when a complicated password is desired to be used, it can be stored and managed in a storage medium, and confidentiality management becomes easy.

In the example of the hardware configuration shown in FIG. 4, the fingerprint reading means 400, the encryption key generation means 420, and the encryption / decryption means 430 are shown as individual microcomputers. The encryption / decryption processing can be sequentially performed by one computer, and various configurations are possible in addition to the configuration using a plurality of computers as shown in FIG.

Further, in the above-described embodiment, an example in which fingerprint information is used as biometric information has been described. However, as described above, in addition to fingerprints, "personal information unique to the person", for example,
A configuration may be adopted in which a biometric code is generated based on a voiceprint, a fundus pattern, a DNA pattern, and the like, and encryption and decryption are performed based on a composite code obtained by combining the code and a password. Furthermore, the biometric code itself may be a composite code of a fingerprint code and a voiceprint code, a composite code of a fingerprint code and a fundus pattern, and a password may be combined with the composite code to generate an encryption key.

The present invention has been described in detail with reference to the specific embodiments. However, it is obvious that those skilled in the art can modify or substitute the embodiment without departing from the spirit of the present invention. That is, the present invention has been disclosed by way of example, and should not be construed as limiting. In order to determine the gist of the present invention, the claims described at the beginning should be considered.

[0132]

As described above, as described above, the encryption key generation device, the encryption / decryption device, and the encryption key generation method according to the present invention,
According to the encryption / decryption method, a composite code is generated by combining various types of biometric information such as a fingerprint code and a password, and an encryption key is generated based on the composite code. Therefore, it is possible to enhance the uniqueness of the composite code using the password and make it unique, and even if the biometric information read between different individuals matches, the code generated in combination with the password will not Since it can be different,
It is possible to make a code obtained by reading biometric information such as a fingerprint pattern an extremely simple code,
An encryption / decryption device configuration that does not require a high-precision reading device is realized.

Further, the encryption key generating apparatus of the present invention
In the decryption device, the encryption key generation method, and the encryption / decryption method, the biometric information of the authorized user is not registered in advance in the storage device or the like, and the matching process is not executed. A highly scalable configuration is realized without being limited to a system having the same.

Furthermore, in the encryption key generation device, the encryption / decryption device, the encryption key generation method, and the encryption / decryption method of the present invention, the encryption key, the encryption key, Alternatively, since the decryption key is generated, an infinite number of different encryption keys or decryption keys can be generated by changing the password.

Further, in the encryption key generation device, the encryption / decryption device, the encryption key generation method, and the encryption / decryption method of the present invention, the same encryption key cannot be generated only from the password, so The password can be stored and managed in the device, and confidentiality management becomes easy.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of an encryption device according to the present invention.

FIG. 2 is a block diagram illustrating a configuration of a decoding device according to the present invention.

FIG. 3 is a block diagram showing a configuration of an encryption / decryption device according to the present invention.

FIG. 4 is a block diagram illustrating a hardware configuration of an encryption device, a decryption device, and an encryption / decryption device according to the present invention.

FIG. 5 is a diagram illustrating an example of processing for generating a code from a fingerprint pattern in the encryption / decryption device of the present invention.

FIG. 6 is a diagram showing a processing flow for generating a code from a fingerprint pattern in the encryption / decryption device of the present invention.

FIG. 7 is a diagram showing a processing block diagram of an encryption key generation means in the encryption / decryption device of the present invention.

FIG. 8 is a diagram showing an example of a fingerprint code, a password, and an intermediate code of the encryption key generation means in the encryption / decryption device of the present invention.

FIG. 9 is a block diagram showing a configuration of a common key encryption method and a public key encryption method of an encryption key generation means in the encryption / decryption device of the present invention.

[Explanation of symbols]

 101, 201, 301 Fingerprint reading means 102, 202, 302 Password input means 103. 203, 303 Encryption key generation means 104, 204, 304 Data input means 105 Encryption means 106, 206, 306 Output means 205 Decryption means 305 Encryption Encryption / decryption means 400 fingerprint reading means 402 scanner 403,423,433 microcomputer 404,424,434 bus 405,425,435 CPU 406,426,436 ROM 407,427,437 RAM 410 password input means 411 keyboard 420 encryption Key generation means 430 Encryption (decryption) means 440 Data input means 441 Hard disk 450 Data output means 451 Network interface 701 Encryption key generation means 711 Intermediate Code generation unit 712 encryption key generation unit 901 encryption key generation unit 902 function processing unit 903 encryption key generation unit 904 intermediate code division unit 905 prime number generator 906 public key / private key generation unit

Claims (24)

[Claims] 1. A biometric information reading unit that acquires biometric information, generates and outputs a biometric code based on the biometric information, a password input unit that inputs a password, and is read and generated by the biometric information reading unit. Intermediate code generation means for generating an intermediate code based on a biometric code and a password input from the password input means, and an encryption key for generating an encryption key to be applied to encryption or decryption processing based on the intermediate code An encryption key generation device, comprising: generation means. 2. The biological information read by the biological information reading means is any of a fingerprint, a fundus image, a voiceprint, and a DNA pattern, or a combination of two or more biological information of a fingerprint, a fundus image, a voiceprint, and a DNA pattern. The encryption key generation device according to claim 1, wherein: 3. The biometric information read by the biometric information reading means is fingerprint information. The biometric information reading means identifies a ridge direction of a concavo-convex pattern of a fingerprint in a plurality of areas obtained by dividing a fingerprint image. 2. The encryption key generation device according to claim 1, wherein a biometric code is generated and output by associating a code corresponding to a ridge direction for each of the plurality of regions. 4. The intermediate code generation means sets one of a biometric code read and generated by the biometric information reading means and a password input from the password input means as an upper bit and sets the other as a lower bit. 2. The encryption key generation apparatus according to claim 1, wherein the encryption key generation apparatus is configured to execute data concatenation processing of a biometric code and a password to generate an intermediate code. 5. The intermediate code generation means generates a new intermediate code by applying a function to a biometric code read and generated by the biometric information reading means and a password input from the password input means. The encryption key generation device according to claim 1, wherein the encryption key generation device has a configuration. 6. An encryption key generated by said encryption key generation means,
2. The encryption key generation device according to claim 1, wherein the encryption key generation device is one of a common key in a common key encryption system, a public key and a private key in a public key encryption system. 7. A biometric information reading means for acquiring biometric information, generating and outputting a biometric code based on the biometric information, a password inputting means for inputting a password, and a biometric information reading means which is read and generated by the biometric information reading means. Intermediate code generating means for generating an intermediate code based on a biometric code and a password input from the password input means, and encryption for generating an encryption key to be applied to an encryption process or a decryption process based on the intermediate code Key generation means, data input means for inputting data to be encrypted, encryption means for executing encryption processing of data input from the data input means based on the encryption key generated by the encryption key generation means, An output unit that outputs data encrypted by the encryption unit. 8. The biological information read by the biological information reading means is any one of a fingerprint, a fundus image, a voiceprint, and a DNA pattern, or a combination of two or more biological information of a fingerprint, a fundus image, a voiceprint, and a DNA pattern. The encryption device according to claim 7, wherein: 9. The biometric information read by the biometric information reading means is fingerprint information, and the biometric information reading means identifies a ridge direction in which a concavo-convex pattern of a fingerprint is formed in a plurality of areas obtained by dividing the fingerprint image. 8. The encryption apparatus according to claim 7, wherein a biometric code is generated and output by associating a code corresponding to the ridge direction for each of the plurality of regions. 10. The intermediate code generating means sets one of a biometric code read and generated by the biometric information reading means and a password input from the password input means as an upper bit and the other as a lower bit. 8. The encryption device according to claim 7, wherein the encryption device is configured to execute data connection processing of a biometric code and a password to generate an intermediate code. 11. The intermediate code generation means generates a new intermediate code by applying a function to a biometric code read and generated by the biometric information reading means and a password input from the password input means. The encryption device according to claim 7, wherein the encryption device has a configuration. 12. A biometric information reading means for acquiring biometric information, generating and outputting a biometric code based on the biometric information, a password inputting means for inputting a password, and a biometric information reading means. Intermediate code generating means for generating an intermediate code based on a biometric code and a password input from the password input means, and encryption for generating an encryption key to be applied to an encryption process or a decryption process based on the intermediate code Key generation means, data input means for inputting data to be decrypted, decryption means for performing a decryption process on the data input from the data input means based on the encryption key generated by the encryption key generation means, An output unit that outputs data decoded by the decoding unit. 13. The biological information read by the biological information reading means may be any one of a fingerprint, a fundus image, a voiceprint, and a DNA pattern, or two of a fingerprint, a fundus image, a voiceprint, and a DNA pattern.
13. The decoding device according to claim 12, wherein the combination is a combination of the biological information. 14. The biometric information read by the biometric information reading means is fingerprint information, and the biometric information reading means identifies a ridge direction in which a concavo-convex pattern of a fingerprint is formed in a plurality of areas obtained by dividing a fingerprint image. 13. The decoding apparatus according to claim 12, wherein a biometric code is generated and output by associating a code corresponding to the ridge direction for each of the plurality of regions. 15. The intermediate code generating means sets one of a biometric code read and generated by the biometric information reading means and a password input from the password input means as an upper bit and sets the other as a lower bit. 13. The decoding apparatus according to claim 12, wherein the decoding apparatus is configured to execute data connection processing of a biometric code and a password to generate an intermediate code. 16. The intermediate code generation means generates a new intermediate code by applying a function to the biometric code read and generated by the biometric information reading means and the password input from the password input means. 13. The decoding device according to claim 12, wherein the decoding device has a configuration. 17. An encryption key generation method for generating an encryption key for use in an encryption process or a decryption process, comprising: obtaining biometric information; generating a biometric code based on the biometric information; and outputting the biometric code. A password input step of inputting a password; an intermediate code generating step of generating an intermediate code based on the biometric code read in the biometric information reading step and the password input in the password input step; An encryption key generation step of generating an encryption key to be applied to the encryption processing or the decryption processing. 18. The biometric information read in the biometric information reading step is any of a fingerprint, a fundus image, a voiceprint, and a DNA pattern, or a combination of two or more biometric information of a fingerprint, a fundus image, a voiceprint, and a DNA pattern. The encryption key generation method according to claim 17, wherein: 19. The biometric information read in the biometric information reading step is fingerprint information, wherein the biometric information reading step identifies a ridge direction of a concavo-convex pattern of the fingerprint in a plurality of regions obtained by dividing the fingerprint image. 18. The encryption key generation method according to claim 17, wherein a biometric code is generated and output by associating a code corresponding to the ridge direction for each of the plurality of regions. 20. The intermediate code generation step, wherein one of a biometric code read in the biometric information reading step and a password input in the password input step is set as an upper bit and the other is a biometric code in which the other is set as a lower bit. 18. The encryption key generation method according to claim 17, further comprising the step of executing data connection processing of a code and a password to generate an intermediate code. 21. The intermediate code generating step includes generating a new intermediate code by applying a function to the biometric code read in the biometric information reading step and the password input in the password input step. The encryption key generation method according to claim 17, further comprising: 22. A biometric information reading step for acquiring biometric information, generating and outputting a biometric code based on the biometric information, a password inputting step for inputting a password, and a biometric code read in the biometric information reading step. And an intermediate code generation step of generating an intermediate code based on the password input in the password input step; and an encryption key generation for generating an encryption key to be applied to an encryption process or a decryption process based on the intermediate code. A data input step of inputting data to be encrypted; an encryption step of executing an encryption process of the data input in the data input step based on the encryption key generated in the encryption key generation step; Output to output the data encrypted in the encryption step Encryption method comprising: the step, the. 23. A biometric information reading step of acquiring biometric information, generating and outputting a biometric code based on the biometric information, a password input step of inputting a password, and a biometric code read in the biometric information reading step. And an intermediate code generation step for generating an intermediate code based on the password input in the password input step; and an encryption key generation for generating an encryption key applied to an encryption process or a decryption process based on the intermediate code. A data input step of inputting data to be decrypted; a decryption step of performing a decryption process on the data input in the data input step based on the encryption key generated by the encryption key generation means; An output step of outputting the data decoded in the Decoding method characterized by having a. 24. A program providing medium for tangibly providing a computer program for causing a cryptographic key generation process to be executed on a computer system, wherein the computer program acquires biometric information and uses the biometric information based on the biometric information. A biometric information reading step of generating and outputting a biometric code, a password input step of inputting a password, and an intermediate code based on the biometric code read in the biometric information reading step and the password input in the password input step. A program providing medium, comprising: an intermediate code generating step of generating; and an encryption key generating step of generating an encryption key to be applied to an encryption process or a decryption process based on the intermediate code.