JP2004199701A - User confirmation system by biological data, recording medium and ic card - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To protect biological data within a management range on a user's hand with high safety and to reduce user's resistance and risk of leakage of the biological data. <P>SOLUTION: This user confirmation system is provided with a module 1f and a computer 2f. The module 1f is provided with a sensor 11 for performing biological measurement. The computer 2f is provided with a biological data holding part 32a for holding the biological data encrypted by a log on password of the user himself as information indicating that the user has authority corresponding to a user request and a collation calculation part 31a for decoding the biological data of the biological data holding part 32a by the log on password when the user request and the logon password are inputted, for collating the decoded biological data with measurement information measured by the sensor and for outputting notification that the user request should be implemented when a principal and the authority are confirmed by its collation result. <P>COPYRIGHT: (C)2004,JPO&NCIPI

Description

  The present invention relates to a user confirmation system using biometric data, a recording medium, and an IC for conveniently and securely performing digital signature processing using an IC card, confirmation of use authority of computer software, confirmation of use authority of data encryption processing, and the like. About the card.

  Conventionally, magnetic cards such as credit cards and entry / exit management cards have been mainly used to identify users. On the other hand, recently, with the expectation of an effect of preventing counterfeiting of a card and information leakage, a high-security and high-performance IC card incorporating a semiconductor chip has begun to be used.

  However, even if an IC card is used, it is difficult to prevent it from being illegally used by another person due to loss or theft, or improperly misused as a loss.

  Attempts have been made to reduce unauthorized use by registering a password corresponding to the IC card, but it is cumbersome to memorize the password, there is a danger of forgetting, and memos may be read by others. There is a risk of leaking, which is far from convenient.

  In recent years, there has been a movement to perform access control and access control by combining biometrics, which is a technique for measuring biometric data such as a fingerprint or a palm type to confirm the identity of a person, and an IC card. This will solve various problems caused by loss, theft, leakage, forgetting, etc. of the card.

  However, on the other hand, if the user's resistance to the fact that his or her own physical information (biometric data) is not registered as something like a password but is registered somewhere, or if it leaks out However, the user remains uneasy about the weak point that the password cannot be changed and the leakage trouble. Therefore, when using biometrics for user confirmation, it is necessary to propose a technique that reduces the above-mentioned feeling of resistance and to construct a system that can effectively prevent leakage of biometric data.

Furthermore, in an environment in which the authority to use computer software is often checked without using an IC card, there is no medium for securely holding biometric data. When using biometrics, biometric data is stored Can only be stored in However, in this case, there is a risk that biometric data is leaked due to reverse engineering.
JP-A-9-218905 JP-A-5-46742 JP-A-8-221570 JP-A-61-199162 JP-A-1-15891 JP-A-3-189756 JP-A-2-40781

  As described above, the conventional technology using both an IC card and a password has problems such as annoyance, the risk of forgetting or leaking.

  In addition, when the IC card and the biometrics are used in combination, there remains a feeling of resistance to registration of information (biological data) of one's own body and a danger of leakage of the biological data to a third party.

  Furthermore, when using biometrics to confirm the use authority in an environment without using an IC card, there is no method for securely recording biometric data.

  The present invention has been made in consideration of the above circumstances, and can protect and protect biometric data with high security within a management range at the user's hand, thereby reducing user's resistance and danger of biometric data leakage. It is another object of the present invention to provide a user confirmation system, a recording medium, and an IC card using biometric data, which are less troublesome in use and have high reliability of user confirmation.

  In order to solve the above problems, a first embodiment of the present invention includes a sensor module, a computer, and communication means for performing communication between the sensor module and the computer, and the sensor module performs biometric measurement. A biometric data storage unit for storing biometric data encrypted by the user's own logon password, as information indicating that the user has the authority corresponding to the user request, When the logon password is input, the biometric data in the biometric data holding unit is decrypted with the logon password, and the decrypted biometric data is compared with the measurement information measured by the sensor. A collation meter that outputs a notification that a user request should be made when the authority is confirmed A user verification system according to biometric data and a section.

  In the first embodiment, since such means are provided, even if the biometric data encrypted with the password is leaked alone, the secret can be protected, and the right to use the software can be protected. it can. In addition, since user identification and authority confirmation using biometrics are performed, it is possible to reduce troublesome use and increase reliability of user identification.

  The second embodiment of the present invention includes a sensor module, an IC card, a computer, and communication means for performing communication between the sensor module, the IC card, and the computer, and the sensor module performs a biological measurement. A sensor is provided, and the IC card has a tamper-resistant structure and holds a biometric data holding unit that holds encrypted biometric data obtained by encrypting biometric data, and holds an encryption key for decrypting the encrypted biometric data. A computer that has an encryption key holding unit and a logon password holding unit that holds a logon password, wherein the computer reads the logon password in the IC card when the IC card is inserted, and requests a personal identification; Reads the encrypted biometric data and the encryption key in the IC card, and decrypts the encrypted biometric data with the encryption key. It was taken out biometric data, a user verification system comprising a matching calculator for collating the measured measurement information and biometric data by the sensor.

  A third embodiment of the present invention includes a sensor for performing biometric measurement, a computer, an IC card, and communication means for performing communication between the sensor, the IC card, and the computer. In a user authentication system using biometric data that performs encryption processing, an IC card has a tamper-resistant structure, and a biometric data holding unit that holds biometric data; A first cryptographic calculation unit that performs a partial process; and a cryptographic key holding unit that stores a cryptographic key used for processing in the first cryptographic calculation unit. A second encryption calculation unit that executes another process in the encryption process of the above, and compares the measurement information measured by the sensor with the biometric data in the biometric data holding unit. Both a user verification system according to biometric data and a matching calculation means for outputting a user acknowledgment to the second cryptographic computing portion and the first cryptographic calculation portion when it is confirmed that the person from the matching result.

  In the third embodiment, since such means are provided, it is possible to store the biometric data and the encryption key in an IC card having high tamper resistance, and execute the encryption process after the user is securely identified. it can. Further, since the encryption processing is shared between the IC card and the computer, it is possible to realize highly confidential encryption.

  A fourth embodiment of the present invention provides a computer with a biometric data holding function of holding biometric data encrypted by a user's own logon password as information indicating that the user has authority corresponding to a user request. When the user request and the logon password are entered, the biometric data is decrypted with the logon password, and the decrypted biometric data is collated with the biometric measurement information. A computer-readable recording medium that records a program for realizing a collation calculation function that outputs a notification that a user request should be performed when confirmed.

  In the fourth embodiment, since such means are provided, the operation of the computer in the user confirmation system based on the biological data described in the first embodiment can be realized.

  According to a fifth embodiment of the present invention, when a computer receives a user confirmation notification, the computer executes a part of the data encryption process and displays the processing results of other processes in the data encryption process. A cryptographic calculation function that receives from outside and completes the encryption process by using the processing result in part of the process, collates the biometric data and biometric data for user confirmation, and matches the user with the user based on the collation result. This is a computer-readable recording medium on which a program for realizing a cryptographic calculation function and a collation calculation function of notifying a user confirmation when confirmed is recorded.

  In the fifth embodiment, since such means are provided, the operation of the computer in the user confirmation system based on the biological data described in the third embodiment can be realized.

  A sixth embodiment of the present invention is a biometric data holding unit that holds biometric data, outputs biometric data to an external device that performs user confirmation using the biometric data, and a partial process in data encryption processing. Using an encryption key, and a cryptographic calculation unit that outputs a processing result of a partial process to an external device that performs another process in the data encryption process, and an encryption key holding unit that holds the encryption key. The IC card has a tamper-resistant structure.

  In the sixth embodiment, since such means are provided, the operation of the IC card in the user confirmation system using the biometric data described in the third embodiment can be realized.

  As described above in detail, according to the embodiment of the present invention, it is possible to protect biometric data with high security within a management range at the user's hand, thereby reducing user's resistance and danger of biometric data leakage. In addition, it is possible to provide a user confirmation system, a recording medium, and an IC card using biometric data with less troublesome use and high reliability of user confirmation.

  Hereinafter, embodiments of the present invention will be described.

  As described above, the present invention aims to 1) reduce the risk of leakage of biometric data and 2) reduce the user's resistance to storing their biometric data in an information device. And means for realizing either or both of the above 1) and 2).

  In particular, the present inventors have conducted various studies on what kind of system can be implemented to apply the biometrics to an IC card signature system as one form of a user confirmation system based on biometric data, in order to achieve the above object. Here, the IC card signature system uses an IC card having a function of operating a digital signature function inside the IC card, and realizes sending of confidential information by e-mail, shopping on the Internet, etc. by using the digital signature. It is a system to make. When biometrics is applied to this system, identity verification is performed based on the result of comparison with biometric data such as fingerprints and sensor measurement information, and then the digital signature function of the IC card is activated. .

  The present inventors have firstly made four modules as components that can constitute an IC card signature system to which biometrics are applied (hereinafter, also simply referred to as an IC card signature system or system), namely, an IC card, a sensor module, and a computer (PC). , IC card reader / writer) and server. Next, it was examined which module can perform the processes (biological (registered) data recording and collation calculation) performed in the IC card signature system to achieve the object of the present invention.

  FIG. 15 is a diagram showing components in an IC card signature system to which biometrics is applied and a combination result thereof.

  In consideration of the fact that there is a user who does not want to register the biometric data in the central processing unit which is not at hand of the user among the candidate systems shown in FIG. 15, the owner of the IC card is confirmed by local processing. Give priority to things. Therefore, those using servers were excluded at this point in the review. This is because a system that can protect biometric data by keeping it within the management range of the user can reduce the resistance of the user. However, in interpreting the invention which is the fruit of the technical achievement, if there is no particular problem regarding the above-mentioned user resistance, a technology using a server or the like is included in the scope of the invention as long as it is within the scope of the claims. It is what is done.

  Next, in consideration of the fact that the same terminal (sensor, PC) can be used by an unspecified number of people and the convenience that the same person can use the unspecified terminal, biometric data is stored in an IC card. What was retained was left as a candidate system.

  The biometric data holding and collation calculation unit in one tamper-resistant module (IC card or sensor module) was left as a candidate. In this case, the communication between the biometric data and the collation calculation unit becomes unnecessary, the protocol becomes simple, and the security can be increased. Here, the tamper resistance refers to a property having a mechanism such that an object or information inside cannot be easily taken out to the outside in its original form. Various methods are conceivable for realizing this tamper resistance. Specific examples of the methods will be described later.

  Thus, as shown in FIG. 15, five candidate systems considered to be particularly effective were found out of many combinations. It should be noted that in the figure, what is described as "PIN" is an identification code for performing device authentication between the IC card and the PC or the like, and is distinguished from the signature key.

  Hereinafter, an invention made in correspondence with the candidate system shown in FIG. 15 will be described in the first to fifth embodiments, and other systems not shown in FIG. 15 will be described in the sixth to eighth embodiments. An embodiment will be described.

(First Embodiment of the Invention)
FIG. 1 is a configuration diagram showing an example of a user confirmation system using biometric data according to the first embodiment of the present invention.

  This user confirmation system is a tamper-resistant module integrated type among the candidate systems of FIG. 15, and is composed of a sensor module 1a, a computer 2a, and an IC card 3a. In this system, the sensor module 1a that performs biometric data storage and collation calculation on the sensor module 1a side and performs only signature processing on the IC card 3a side includes a sensor 11, a biometric data storage unit 12, a collation processing unit 13, And an identification character string storage unit 14. Although not specifically shown, the sensor module 1a has a built-in CPU, memory, and the like, and can execute various types of information processing.

  Here, the sensor 11 is means for measuring a fingerprint as biometric measurement and converting the fingerprint into electronic information, and the biometric data holding unit 12 stores biometric data of each user. Further, the collation calculation unit 13 is a unit that collates the measured sensor information with the biometric data to determine whether the user is the user himself or not and, if the user is the user himself, notifies the output to that effect. In the present embodiment, the matching processing unit 13 outputs the identification character string (hereinafter, also simply referred to as a password) in the identification character string storage unit 14 to the IC card 3a via the computer 2a.

  Here, the sensor module 1a is a stand-alone type and has tamper resistance. The stand-alone type has at least the sensor 11 and the collation calculation unit 13 in the tamper-resistant sensor module. The security of this system mainly depends on the biometric data in the sensor module 1a and the tamper resistance of the matching calculation unit 13. To this end, each part of the sensor module 1a other than the sensor 11 is configured by a one-chip IC. Each component of the module is housed in a strong housing, and its lid is not opened. Furthermore, when the lid is forcibly opened, the IC chip itself storing the biometric data holding unit 12, the matching processing unit 13, and the identification character string storage unit 14 is destroyed. In the present embodiment, this housing is embedded in a wall to secure further tamper resistance.

  In addition, the fact that each of the parts 12, 13, and 14 other than the sensor 11 is constituted by a one-chip IC has itself led to securing tamper resistance. For example, when password information is stored on a magnetic card, the magnetic card holds the information as it is on the surface of the magnetic tape, so the password information can be easily read as long as the information holding structure is known, and the tamper resistance Is low. On the other hand, when information is stored in the IC chip, information is obtained from the terminal only after a command or the like is input as an electric signal from the chip terminal. Executing this operation requires a high technique, and it can be said that the tamper resistance is high.

  Further, in the case of the present embodiment, since the biometric data is used only in the same IC chip, external output is not required, and the biometric data is not externally output in order to improve tamper resistance.

  In this specification, in the case of having tamper resistance, any or all of the above mechanisms are combined, and other conceivable measures are taken. Although the case of the sensor module has been described here, the tamper resistance can be improved by the same measures in the case of an IC card or the like. In particular, in the case of an IC card, it is also possible to provide a mechanism in which, for example, when the case is opened, iron powder scatters on the wiring and all the held information is lost.

  As a minimum argument, when simply considering whether or not there is tamper resistance, it can be said that there is tamper resistance when, for example, the content to be protected is contained in one IC chip. .

  Next, the computer 2a is provided with a command output unit 15 and a message output unit 16. Further, the computer 2a includes an IC card reader & writer, and this point is the same in the following embodiments.

  Further, although not specifically shown, the computer 2a can execute various application programs such as a browser, and is connected to the Internet 4 in the present embodiment.

  The Internet 4 is further connected to a virtual mall so that online shopping can be performed from the computer 2a. The code "C" shown on the computer 2a is a message that has been computed (digital signature processing or the like), but in the operation example of the present embodiment described later, it indicates a request output such as the purchase of an article to a virtual mall.

  The IC card 3a includes a confirmation processing unit 17, an identification character string storage unit 18, an operation processing unit 19, and a secret key holding unit 20. Resources such as a CPU and a memory for realizing these units are one chip. IC.

  The confirmation processing unit 17 compares the identification character string from the sensor module 1a with the identification character string (password) stored in the identification character string storage unit 18 in the IC card, and notifies the arithmetic processing unit 19 of the confirmation result. . That is, the sensor module 1a and the IC card 3a share an identification character string for secretly transmitting information as to whether or not the identity has been confirmed from the sensor module to the IC card. Specifically, the identification character string on the IC card side is the same as the identification character string on the sensor module side, or the identification character string on the sensor module side is encrypted just like an encrypted password in UNIX. May be. In short, the only identification character string in the IC card corresponds to the identification character string sent from the sensor module.

  Upon receiving a confirmation notification from the confirmation processing unit 17 that the system user is the user himself, the computation processing unit 19 executes a predetermined computation process and outputs the computed message C. This message may be, for example, a door opening message for entry control, or may be, for example, a device activation command such as a computer. Here, as a specific example, the arithmetic processing unit 19 performs a digital signature using the secret key stored in the secret key holding unit 20 and purchases an article in a virtual mall on the Internet based on the information in the message output unit 16. The request is output as the calculated message C.

  Next, an operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  As described above, the user confirmation system based on the biometric data can be applied to various cases. Here, an operation example will be described taking as an example a case where an article purchase request is output to a virtual mall on the Internet.

  FIG. 2 is a flowchart showing an operation example of the present embodiment.

  In this operation example, it is assumed that a personal computer (personal computer) as the computer 2a is started at home or a company, browser software is started, and the user connects to the Internet 4 or a virtual mall to purchase an article.

  The user selects and determines a product and its purchase quantity in the virtual mall, and clicks a purchase button on a personal computer. By this operation, the command 15 is output from the computer 2a to the sensor module 1a and the IC card 3a as shown in FIG. 1, and various instructions and the like are displayed on the computer 2a (ST1).

  If the IC card 3a has not been inserted into the system, a message "Please insert an IC card" is output from the computer 2a, and the user inserts the IC card 3a (ST2). Note that the computer 2a notifies the card 3a that the article purchase process has started (command 15) with the insertion of the card.

  Next, when the user presses his / her finger against the sensor 11 of the sensor module 1a, the living body measurement by the sensor 11 is executed (ST3).

  Next, the measured sensor information is collated with the biometric data in the collation calculation unit 13 of the sensor module 1a (ST4), and if the identity is confirmed (ST5), the identification character string (password) in the identification character string storage unit 14 ) Is output to the IC card 3a (ST6). This process replaces the key input of the password in the conventional system. Further, in transmitting the identification character string from the sensor module 1a to the IC card 3a, in order to eliminate the risk of eavesdropping on the identification character string by a hacker, the identification character string may be encrypted instead of being sent raw.

  If the user cannot be confirmed in step ST5, a message that the system user is not the user is displayed, and the subsequent processing is stopped.

  In the confirmation processing unit 17 of the IC card 3a, the received identification character string is compared with the identification character string held in the card, and it is confirmed that the system user is the user himself (ST7). If the identity is confirmed, the fact is notified to the arithmetic processing unit 19.

  The arithmetic processing unit 19 that has received the notification of the identity confirmation creates a message C based on the article purchase information from the message output unit 16, and the message C includes a secret key held in the secret key holding unit 20. A digital signature is performed (ST8).

  The message C created and calculated in this way is output from the computer 2a to the Internet 4, and the purchase of the article at the virtual mall is realized.

  As described above, the user confirmation system based on biometric data according to the embodiment of the present invention stores the biometric data holding unit 12 and the collation calculation unit 13 for performing collation based on biometric data in the same sensor module 1a, and Since the data is not output to the outside of the sensor module 1a and the sensor module 1a itself has high tamper resistance, the danger of leakage of the biometric data can be almost eliminated. The resistance of the user to storing the information device can be reduced.

  In addition, when performing a digital signature or the like, the user is confirmed based on biometric measurement of the person instead of entering the password, so that the person can be confirmed with extremely high reliability. Therefore, for example, even if the IC card is lost or stolen, misuse by a third party can be prevented.

  Further, in the present system, after the collation by the collation calculation unit 13, the result is notified to the arithmetic processing unit 19 using a password, so that the process from confirming the identity to digital signature is performed safely. Thus, an IC card signature system with extremely high security can be realized. Therefore, even if the entire system including the IC card is stolen, for example, the thief cannot obtain biometric data or output a fake message C. In such a case, the IC card 3a itself is also provided with high tamper resistance so that the secret key and the identification character string do not leak.

  Further, since the system according to the present embodiment uses biometrics, it is not necessary to store a password or the like, and a system can be provided that does not have the trouble of inputting a password, forgetting the password, or leaking the password.

  Further, in the present embodiment, the sensor 11, the biometric data holding unit 12, the matching processing unit 13, the identification character string storage unit 14, the confirmation processing unit 17, the identification character string storage unit 18, the arithmetic processing unit 19, and the secret key holding unit 20 1 are arranged in the sensor module 1a and the IC card 3a as shown in FIG. 1, so that in addition to the above-described effects, advantages in using the IC card can be obtained. That is, the conventional signature IC card can be used almost as it is. In this sense, the present embodiment can be said to be a card-using type. Since there is no need to issue a special IC card with the fingerprint matching process in mind, the system can be introduced immediately simply by changing the software. Since the matching calculation unit 13 is not provided on the IC card 3a, the load on the IC card can be reduced.

  In the above operation example, the case of shopping in the virtual mall has been described. More specifically, for example, introduction to a purchase request of SET (Secure Electronic Transaction) can be considered. Although the SET is originally designed with a magnetic card in mind, an IC card (+ password) can be used as a practical form. It is considered that introducing the technology described in the present embodiment to the process of “signing with the member's private key” in the verification and purchase request by the card member will enhance its usefulness.

  Further, in the present embodiment, a fingerprint is used as biometric data. However, the present invention is not limited to this, and is also applied to a case where various other biometric data such as a palm type, a voiceprint, a retina, and a face photograph are used. be able to. Further, since the sensor 11 and the digital signature function portions 19 and 20 in the IC card are separated, the degree of freedom of the type of sensor used can be increased.

  Further, in the system according to the present embodiment, a plurality of biometric data can be stored in the biometric data holding unit 12 of the sensor module 1a, so that not only a personal system but also a large number of people can use the same system. It is also possible.

(Second embodiment of the invention)
FIG. 3 is a configuration diagram showing an example of a user confirmation system based on biometric data according to the second embodiment of the present invention. The same parts as those in FIG. Only the part will be described.

  This user confirmation system is a universal IC card type among the candidate systems shown in FIG. 15, and includes a sensor module 1b, a computer 2b, and an IC card 3b. In this system, the sensor module 1b performs only sensor input information transmission (performs simple scramble processing), and the IC card 3b performs biometric data retention and collation calculation in addition to signature processing.

  The functions of the sensor 11, the biometric data holding unit 12, the matching processing unit 13, the confirmation processing unit 17, the arithmetic processing unit 19, and the secret key holding unit 20 in each configuration shown in FIG. 3 are shown in FIG. 1 of the first embodiment. Same as the one. However, the location of each part is different.

  That is, in the present embodiment, only the sensor 11 is provided in the sensor module 1b. On the other hand, the IC card 1b is provided with a biometric data holding unit 12, a matching processing unit 13, a confirmation processing unit 17, an arithmetic processing unit 19, and a secret key holding unit 20, which are configured in the same IC chip. The configuration of the computer 2b is the same as that of the computer 2a of the first embodiment.

  Since the components are arranged in this manner, the sensor module 1b does not need to have high tamper resistance, but the IC card 3b requires high tamper resistance. Tamper resistance is ensured.

  Next, an operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  Here, similarly to the first embodiment, access to a virtual mall on the Internet 4 will be described as an example.

  FIG. 4 is a flowchart showing an operation example of the present embodiment.

  In the figure, the processing from step ST11 to ST13 is the same as the processing from step ST1 to ST3 in FIG. 2 of the first embodiment.

  Next, the measured sensor information is sent from the sensor module 1b to the IC card 3b (ST14). In the IC card 3b that has received the sensor information, the same collation as in the processing is executed in the sensor module 1a of the first embodiment (ST15). In addition, since the matching process is performed only in the IC card 3b, the biometric data of the biometric data holding unit 12 cannot be output from the IC card 3b to the outside in order to improve tamper resistance.

  When the identity is confirmed by the collation (ST16), the result of the confirmation is notified to the arithmetic processing unit 19 (ST17), and a digital signature or the like is performed (ST18) as in the first embodiment. Is output to the virtual mall (ST19).

  As described above, the biometric data-based user confirmation system according to the embodiment of the present invention stores the matching processing unit 13 and the biometric data holding unit 12 on the same IC card 3b, and reduces the tamper resistance of the card 3b. Since the height is increased, the risk of leakage of biometric data can be reduced, and the biometric data can be protected with high security within a management range (IC card) at hand of the user, and the biometric data of the user can be stored in an information device. Of the user can be greatly reduced. That is, since all the main elements other than the sensor are mounted on the IC card owned by the individual, there is a strong sense of security psychologically.

  Further, since the collation calculation unit 13 and the arithmetic processing unit 19 are configured in the same IC chip, the process from confirming the identity to digital signature can be performed safely, and an IC card signature system with extremely high security Can be realized.

  Further, in the system according to the present embodiment, only relatively primitive signal processing is performed on the sensor module side, so that the load on the sensor module 1b can be reduced.

  The universal IC card type has no special request for the collation device, and can be applied to any type of fingerprint collation device. The security of this system is based solely on the tamper resistance of the IC card, and has a simple structure since no contrivance using encrypted communication is made. Since the IC card 3b has many functions (biometric data storage, collation calculation unit, signature processing, signature key storage), the load on the IC card 3b is large. Therefore, if a dedicated IC card limited to this application is issued, more effective system operation becomes possible.

  The effect corresponding to the configuration common to the relationship between the present embodiment and each of the above embodiments can be naturally obtained also in the present embodiment, and the effects described in any of the above embodiments are not described here. Then, the description is omitted.

(Third Embodiment of the Invention)
FIG. 5 is a configuration diagram showing an example of a user confirmation system based on biometric data according to the third embodiment of the present invention. The same parts as those in FIG. Only the part will be described.

  This user confirmation system is of a data to sensor calculation type for an IC card among the candidate systems of FIG. 15, and is composed of a sensor module 1c, a computer 2c, and an IC card 3c. In this system, collation calculation is performed on the sensor module side, and biometric data is stored on the IC card side.

  The sensor module 1c is a stand-alone type, and includes a sensor 11, a collation calculation unit 13, an identification character string storage unit 14, a decryption processing unit 21, and a decryption key storage unit 22.

  The IC card 3c includes a confirmation processing unit 17, an identification character string holding unit 18, an arithmetic processing unit 19, a secret key holding unit 20, and an encrypted biometric data holding unit 12b. Here, the sensor module 1c and the IC card 3c have a configuration with high tamper resistance.

  In the encrypted biometric data holding unit 12b of the IC card 3c, the biometric data of the IC card holder is encrypted and held so that it can be decrypted with the decryption key stored in the decryption key holding unit 22.

  Further, the decryption processing unit 21 of the sensor module 1c decrypts the encrypted biometric data received from the IC card 3c using the decryption key stored in the decryption key holding unit 22 and provides the decrypted biometric data to the collation calculation unit 13. .

  The computer 2c is configured in the same manner as in the first embodiment.

  The user confirmation system based on biometric data according to the embodiment of the present invention configured as described above operates as described below.

  Here, similarly to the first embodiment, access to a virtual mall on the Internet 4 will be described as an example.

  FIG. 6 is a flowchart showing an operation example of the present embodiment.

  In the user confirmation system using biometric data according to the present embodiment shown in the figure, command output (ST21), insertion of an IC card (ST22), and biometric measurement by a sensor are performed (ST25), and sensor information and biometric data in a sensor module are obtained. (ST26 to ST31) are the same as those in the first embodiment shown in FIG. 2 (FIG. 2: ST1 to ST2 and ST3 to ST9). Therefore, the description of the processing of this part is omitted.

  The feature of this embodiment is that the encrypted biometric data held in the IC card 3c is sent from the IC card 3c to the sensor module 1c (ST23), and the biometric data is transmitted to the decryption processing unit 21 in the sensor module 1c. It is decrypted by the decryption key of the key holding unit 22 (ST24), and is provided to the collation calculation in step ST26.

  The effects of using a processing system such as identity verification and a digital signature in such a configuration operation will be described below.

  The user verification system using biometric data according to the embodiment of the present invention stores biometric data of an individual in an IC card 3c having an operation (for example, digital signature) function possessed by an individual and stores the encrypted biometric data in a specific location. The sensor module 1c is sent to the permanently installed sensor module 1c to perform the collation calculation, and the sensor module 1c and the IC card 3c have high tamper resistance. Can be safely operated (for example, digital signature) without being illegally used by others.

  Further, since the biometric data is encrypted and stored only in the IC card 3c, the risk of leakage of the biometric data can be reduced, and the biometric data can be stored with high security in the management range (IC card) at hand of the user. ), And the user's resistance to storing his / her biometric data in the information device can be greatly reduced.

  Furthermore, the system according to the present embodiment has a disadvantage that many biometric sensors (palm type, retina, etc.) cannot be mounted on an IC card due to their size and mechanism, and a relatively heavy load is required for performing collation calculation in the IC card. Considering that is large, it is a system that is easy to make and well-balanced among various combinations.

  However, since it is necessary to send the biometric data of the individual from the IC card to the collation calculation unit 13 of the sensor module every time the collation is performed, the above-described encryption processing is performed for maintaining security. FIG. 5 shows a system in which biometric data encrypted with a decryption key stored on the sensor side is stored in an IC card as an example that can maintain sufficient security while being as simple as possible. There is biometric data on the IC card 3c, and high security is maintained.

  Therefore, the system according to the present embodiment can be easily used by an unspecified number of people, that is, it can be used in many places (systems) corresponding to the present system, and is highly convenient. That is, since the personal biometric data is stored in the IC card, it is suitable when one system is used by an unspecified number of people. However, since it is necessary to store biometric data in the IC card, a memory dedicated to biometric data is further added to the IC card created for signature.

  Structurally, the memory and the signature processing are separated, so that the design change of the IC card is easier than the universal IC card type shown in the second embodiment. Further, since the collation calculation is performed by the sensor module 1c, the load on the IC card 3c is small, and a realistic system can be realized. As in the first embodiment, it is preferable to encrypt the identification character string and send it to the IC card in order to eliminate the risk of eavesdropping on the identification character string by a hacker.

  In addition, if the same encrypted biometric data is sent as it is from the IC card 3c to the sensor module 1c side every time, but a simple mechanism that does not accept sensor information that is exactly the same as the registered data is provided in the matching calculation unit 13, , Higher security is maintained. This is because information from a biometric sensor usually has an error, and it is almost impossible to obtain exactly the same data as registered data. By rejecting exactly the same data, it is expected that the use of an intruder who has acquired registered data (biometric data) by unauthorized copying or the like can be eliminated without hindering use of an authorized user.

  The effect corresponding to the configuration common to the relationship between the present embodiment and each of the above embodiments can be naturally obtained also in the present embodiment, and the effects described in any of the above embodiments are not described here. Then, the description is omitted.

(Fourth Embodiment of the Invention)
FIG. 7 is a configuration diagram showing an example of a user confirmation system using biometric data according to the fourth embodiment of the present invention. The same parts as those in FIG. Only the part will be described.

  This user confirmation system is of the data to PC calculation type in the IC card among the candidate systems in FIG. 15, and includes a sensor module 1d, a computer 2d, and an IC card 3d. In this system, the sensor module performs only sensor input information transmission (performs simple scramble processing), holds biometric data in the IC card 1d, and performs collation calculation by a computer (PC).

  In the user confirmation system of the present embodiment, the IC card 3d itself is configured similarly to the IC card 3c of the third embodiment, and the sensor module 1d is configured similarly to the sensor module 1b of the second embodiment. I have.

  Further, in the computer 2d, in addition to the configuration similar to that of the first embodiment, components other than the sensor 11 in the sensor module 1c of the third embodiment are provided as a collation function unit 23. The matching function unit 23 includes a matching calculation unit 13, an identification character string holding unit 14, a decryption processing unit 21, and a decryption key holding unit 22, and is configured as a DLL (Dynamic Link Library). Is also possible. The DLL is a program called for the first time when a command starts.

  The operation of the thus-configured user confirmation system based on biometric data according to the embodiment of the present invention will be described.

  FIG. 8 is a flowchart showing an operation example of the present embodiment.

  As shown in the drawing, the user confirmation system of the present embodiment is different from the third embodiment shown in FIG. 6 except that the processing of steps ST43 to ST48 is performed not by the sensor module 1d but by or on the computer 2d. It operates similarly to the system of the embodiment.

  As described above, in the user confirmation system based on biometric data according to the embodiment of the present invention, since the collation function unit 23 is provided inside the computer 2d, the danger of leakage of biometric data to some extent is reduced, and Highly reliable identity verification function, that is, economical and realizable by realizing these functions with simple hardware while preventing the misuse by a third party even if the IC card is lost or stolen High system.

  The effect corresponding to the configuration common to the relationship between the present embodiment and each of the above embodiments can be naturally obtained also in the present embodiment, and the effects described in any of the above embodiments are not described here. Then, the description is omitted.

(Fifth Embodiment of the Invention)
FIG. 9 is a configuration diagram showing an example of a user confirmation system based on biometric data according to the fifth embodiment of the present invention. The same parts as those in FIG. Only the part will be described.

  This user confirmation system is an IC card integrated type of the candidate systems shown in FIG. 15, and includes a computer 2e and an IC card 3e.

  The IC card 3e of the present embodiment is provided with a sensor 11, a biometric data holding unit 12, a collation processing unit 13, an arithmetic processing unit 19, and a secret key holding unit 20, and each of these components includes the sensor 11. It is contained in one IC chip. The biometric data is configured so as not to be output to the outside in order to enhance the tamper resistance, and the IC card 3e is provided with the above-described mechanisms for increasing the tamper resistance.

  The computer 2e has the same configuration as that of the first embodiment except that the access target is only the IC card 3e.

  The operation of the user confirmation system based on the biometric data configured in this way is the same as that of the sensor 11 except that the sensor 11 itself is provided in the IC card 2e, the biometric measurement is performed by the IC card 2e, and the sensor information does not move between devices. , And the second embodiment.

  As described above, the user confirmation system based on biometric data according to the embodiment of the present invention further includes the sensor 11 provided in the IC card having the configuration of the second embodiment, and all highly confidential information is stored in the IC card 3e. Since the processing is performed internally, the same effect can be obtained for the portion having the same configuration as that of the second embodiment, and a simple protocol structure can be achieved because there is no need to devise encryption communication. Further, the tamper resistance itself can be high.

(Sixth Embodiment of the Invention)
The present embodiment is a system for confirming the authority to use computer software by personal authentication based on biometrics using biometric data. This system safely permits the use of software without using a tamper-resistant portable object such as an IC card, and without any leakage of biometric data or unauthorized use by others. .

  FIG. 10 is a configuration diagram illustrating an example of a user confirmation system based on biometric data according to the sixth embodiment of the present invention. Components that are the same as those in FIG. Only the part will be described.

  This user confirmation system includes a sensor module 1f and a computer 2f.

  The sensor module 1f has the same configuration as that of the second embodiment, and includes the sensor 11.

  The computer 2f includes a collation calculation unit 31a, an encrypted biometric data holding unit 32a, and activation target software 34a such as a screen saver.

  The encrypted biometric data holding unit 32a holds biometric data of each user that has been encrypted in advance with the logon password of each user.

  The collation calculation unit 31a performs personal authentication based on the biometric data and the sensor measurement information, and outputs a start command to the target software 34a if it can be confirmed as the authorized user.

  Next, an operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  First, when starting to use the target software 34a, the user inputs the logon password 33a via an input device (not shown).

  Next, the collation calculation unit 31a reads the encrypted biometric data having the authority to use the target software 34a from the biometric data holding unit 32a, and performs decryption using the input logon password 33a.

  Next, living body measurement is performed in the sensor module 1f, and the measurement result is transmitted to the collation calculation unit 31a of the computer 2f. It should be noted that the transmission data is subjected to simple scrambling.

  The collation calculation unit 31a collates the decrypted biometric data with the received sensor information, and confirms whether or not the person using the system has the authority to use the software 34a to be activated. Note that the logon password 33a, the decrypted biometric data, and the received sensor information are recorded only on the volatile memory, and these information disappear after the session ends.

  When it is confirmed by the above-mentioned collation calculation that the person who has requested the software activation is a user who has valid use authority, the collation calculation unit 31a notifies the activation target software 34a of the fact. As a result, the boot processing of the boot target software is started.

  As described above, the user confirmation system based on the biometric data according to the embodiment of the present invention, when the logon password 33a is input, the biometric data encrypted with the logon password is decrypted, and the user using the biometrics is used. Because personal identification and authority confirmation are performed, biometric data encrypted with a password can be kept secret even if leaked alone, and the authority to use the software can be protected. .

  Furthermore, passwords and the like are recorded only on the volatile memory, and the information disappears when the session ends. Therefore, even if the nonvolatile information recorded on the hard disk or the like is read by any means, the password information or the like is stolen. Never.

  Although the present embodiment has been described in the case of software use authority, the present invention is not limited to the case of software activation, and the technology of the present embodiment is applied to, for example, activation of a computer itself and activation of various devices. Can be done.

  In addition, for example, when the computer is started while confirming the user and the authority using the technology of the present embodiment, a list of software to which the user has authority to use is displayed. Use may be made freely. By doing so, it is not necessary to measure the living body one by one at the time of starting the software, and the burden on the user can be reduced.

(Seventh Embodiment of the Invention)
FIG. 11 is a configuration diagram showing an example of a user confirmation system using biometric data according to the seventh embodiment of the present invention. The same parts as those in FIG. Only the part will be described.

  This user confirmation system includes a sensor module 1g, a computer 2g, and an IC card 3g.

  The sensor module 1g has the same configuration as that of the second embodiment, and includes the sensor 11.

  The computer 2g is provided with a collation calculation unit 31b and activation target software 34b.

  The IC card 3g has an encrypted biometric data holding unit 32b for holding the encrypted biometric data, an encryption key holding unit 35 for holding an encryption key for decrypting the encrypted biometric data, and a logon password. A logon password holding unit 36 is provided. The IC card 3g has high tamper resistance.

  The collation calculation unit 31b of the computer 2g confirms the user himself / herself from the biometric data and the biometric result of the sensor 11, and notifies the result to the activation target software 34b.

  Next, an operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  First, when the IC card 3g is inserted, the logon password in the IC card is read by the activation target software 34b, and a request for identification is made to the collation calculation unit 31.

  The biometric information is requested from the sensor 11 by the collation calculation unit 31b requested by the boot target software 34b, and the encrypted biometric data and its information are transmitted from the encrypted biometric data storage unit 32b and the encryption key storage unit 35 of the IC card 3g. The encryption key is read.

  The collation calculation unit 31b that has received these pieces of information decrypts the encrypted biometric data to extract the biometric data, receives the biometric information from the sensor 11, compares the two, and checks whether or not the two are the user.

  If it is confirmed that the user is the principal, the activation target software 34b is notified of the fact and the activation of the activation target software 34b is started.

  As described above, in the user verification system based on biometric data according to the embodiment of the present invention, biometric data encrypted with an encryption key is decrypted by simply inserting the IC card 3g into the computer 2g and using biometrics. The authentication of the user and the authorization of the authorized user are performed, so that even if the biometric data encrypted with the encryption key is leaked alone, the secret can be protected and the authority to use the software is also protected. be able to.

  Furthermore, in a computer, biometric data and the like are recorded only on a volatile memory, and the information disappears when the session ends, so that such information is not stolen.

  Although the present embodiment has been described in the case of software use authority, the present invention is not limited to the case of software activation, and the technology of the present embodiment is applied to, for example, activation of a computer itself and activation of various devices. Can be done.

  In addition, for example, when the computer is started while confirming the user and the authority using the technology of the present embodiment, a list of software to which the user has authority to use is displayed. Use may be made freely. By doing so, it is not necessary to measure the living body one by one at the time of starting the software, and the burden on the user can be reduced.

(Eighth Embodiment of the Invention)
The present embodiment provides a user confirmation system as a file encryption system that enhances the security of encryption processing by recording biometric data on an IC card that stores an encryption key for file encryption.

  FIG. 12 is a configuration diagram showing an example of a user confirmation system using biometric data according to the eighth embodiment of the present invention. The same parts as those in FIG. Only the part will be described.

  This user confirmation system includes a sensor module 1h, a computer 2h, an IC card 3h, and a hard disk 5 as a secondary storage device.

  The sensor module 1h has the same configuration as that of the second embodiment, and includes a sensor 11. The computer 2h is provided with a collation calculation unit 31c and an encryption program 37. Further, the IC card 3h is provided with a biometric data holding unit 32c, an encryption calculating unit 38, and an encryption key holding unit 39. Further, the hard disk 5 is provided with an input file 40 to be encrypted or decrypted and an output file 41 as a result of encryption or decryption.

  The collation calculation unit 31c confirms the user himself / herself from the biometric data and the sensor information, and notifies the encryption program 37 and the encryption calculation unit 38 of permission to start file encryption.

  The encryption program 37 reads the input file 40, encrypts or decrypts the information to be encrypted or decrypted in cooperation with the cryptographic calculator 38, and outputs the result to the output file 41.

  The encryption calculation unit 38 is responsible for part of the encryption or decryption processing performed by the encryption program 37, and uses the encryption key of the encryption key holding unit 39 in the encryption or decryption processing performed by itself.

  The IC card 3h has high tamper resistance.

  Next, an operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  FIG. 13 is a flowchart showing the overall operation of the present embodiment.

  First, the activation of the encryption program 37 is started (ST61). The encryption program 37 requests the collation calculation unit 31c to confirm whether or not the system user is the user.

  Next, biometric data is read from the inserted IC card 3h by the collation calculation unit 31c (ST62). Although not shown, the biometric data stored and transmitted in the biometric data holding unit 32c is encrypted by the method of the present embodiment or the method of the third embodiment, and is decrypted by the collation calculation unit 31c. It is used after being converted.

  Next, the living body measurement by the sensor 11 is performed, and the sensor information is sent to the matching calculation unit 31c (ST63). It should be noted that the transmission data is subjected to simple scrambling.

  Next, the matching calculation unit 31c checks the biometric data against the sensor information, and checks whether or not the system user is the user himself (ST64). Note that the decrypted biometric data and the received sensor information are recorded only on the volatile memory, and these information disappear after the session ends.

  As a result of the collation, if the user is not the user, an error message is displayed and the process is terminated.

  Thus, the activation of the encryption program 37 and the encryption calculator 38 is completed, and the file encryption process is started (ST66).

  That is, the input file 40 is read by the encryption program 37 (ST67), encryption or decryption processing is executed (ST68), and the result is output to an output file (ST69), and a series of processing ends.

  Next, the encryption processing in step ST68 will be described in detail.

  FIG. 14 is a flowchart showing the encryption processing in this embodiment.

  First, in the encryption program 37, a random number is generated as an encryption key (ST71), and the data to be encrypted (plaintext) read using the random number as a key is encrypted (ST72).

  This random number is sent to the encryption calculation unit 38 in the IC card 3h (ST73), and is encrypted by the encryption key in the encryption key holding unit 39 (ST74).

  The encrypted random number is sent to the encryption program 37 of the computer 2h by the encryption calculator 38 (ST75).

  The received encrypted random number is added by the encryption program 37 as a header of the ciphertext obtained by encrypting the plaintext in step ST72, and one ciphertext is formed as a whole (ST76). That is, a ciphertext is generated using the one encrypted in step ST72 as a ciphertext main body and the encrypted random number in step ST75 as a header.

  The ciphertext thus generated is output to the hard disk 5.

  On the other hand, in the decryption process in step ST68 of FIG. 13, the reverse process of the above-described encryption process is performed.

  That is, first, the encryption program 37 sends only the header of the ciphertext to be decrypted to the encryption calculator 38, and the encryption calculator 38 decrypts the header with the key in the encryption key holding unit 39.

  The information thus decrypted is a random number as a key used to encrypt the text of the ciphertext to be decrypted.

  The extracted random numbers are sent from the encryption calculator 38 to the encryption program 37. The encryption program 37 receiving this random number decrypts the cipher text body using the received random number and extracts the original plain text.

  The decrypted plaintext is output to the hard disk 5.

  As described above, the user confirmation system based on the biometric data according to the embodiment of the present invention stores the biometric data and the encryption key for the random number in the tamper-resistant IC card 3h. High encryption processing can be executed after the user's identity has been confirmed.

  Further, in the present embodiment, since indirect encryption processing using random numbers is performed, different random numbers are used each time encryption processing and decryption processing are performed, and even if one random number is decrypted, Thus, the secret of the next encryption process and decryption process is kept, and an encryption system having both secure user confirmation and high security can be realized.

  Further, the encryption key in the IC card 3h used for the above-mentioned encryption / decryption processing is used only by the encryption calculator 38 in the IC card, does not go out of the IC card 3h, and the encryption key is Since it is stored in the IC card 3h having a high tamper property, the confidentiality of the encryption can be further improved.

  The present invention is not limited to the above embodiments, and can be variously modified without departing from the gist thereof.

  The method described in the embodiment may be a program (software means) that can be executed by a computer (computer), for example, a magnetic disk (floppy disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a semiconductor memory. Etc., and can also be transmitted and distributed via a communication medium. The program stored on the medium side includes a setting program for causing the computer to execute software means (including not only an execution program but also a table and a data structure) to be executed in the computer. A computer that realizes the present apparatus reads a program recorded in a storage medium, and in some cases, constructs software means by using a setting program, and executes the above-described processing by controlling the operation of the software means.

  The present invention is effective in the field of authenticating a user using biometric data.

FIG. 1 is a configuration diagram illustrating an example of a user confirmation system based on biometric data according to a first embodiment of the present invention. 4 is a flowchart showing an operation example of the embodiment. The block diagram which shows an example of the user confirmation system by the biometric data which concerns on the 2nd Embodiment of this invention. 4 is a flowchart showing an operation example of the embodiment. FIG. 9 is a configuration diagram illustrating an example of a user confirmation system based on biometric data according to a third embodiment of the present invention. 4 is a flowchart showing an operation example of the embodiment. FIG. 13 is a configuration diagram showing an example of a user confirmation system based on biometric data according to a fourth embodiment of the present invention. 4 is a flowchart showing an operation example of the embodiment. FIG. 14 is a configuration diagram showing an example of a user confirmation system based on biometric data according to a fifth embodiment of the present invention. FIG. 14 is a configuration diagram illustrating an example of a user confirmation system based on biometric data according to a sixth embodiment of the present invention. FIG. 15 is a configuration diagram illustrating an example of a user confirmation system based on biometric data according to a seventh embodiment of the present invention. FIG. 19 is a configuration diagram illustrating an example of a user confirmation system based on biometric data according to an eighth embodiment of the present invention. 3 is a flowchart showing an overall operation of the embodiment. 5 is a flowchart showing an encryption process in the embodiment. The figure which shows the component in the IC card signature system to which biometrics was applied, and the combination result.

Explanation of reference numerals

  1a, 1b, 1c, 1d, 1f, 1g, 1h ... sensor module, 2a, 2b, 2c, 2d, 2e, 2f, 2g, 2h ... computer, 3a, 3b, 3c, 3d, 3e, 3g, 3h ... IC Card: 4 Internet, etc. 5: Hard disk, 11: Sensor, 12: Biometric data holding unit, 13: Matching processing unit, 14: Identification character string storage unit, 15: Command output unit, 16: Message output unit, 17 ... Confirmation processing unit, 18: identification character string storage unit, 19: arithmetic processing unit, 20: secret key storage unit, 21: decryption processing unit, 22: decryption key storage unit, 23: collation function unit, 31a: collation calculation unit, 32a: encrypted biometric data storage unit, 34: software to be started, 37: encryption program, 38: encryption calculation unit, 39: encryption key storage unit, 40: input file, 41: output file

Claims (8)

A sensor module, a computer, and a communication unit for performing communication between the sensor module and the computer,
The sensor module includes a sensor that performs biological measurement,
The computer is
A biometric data holding unit that holds biometric data encrypted by the user's own logon password as information indicating that the user has authority corresponding to the user request;
When the user request and the logon password are input, the biometric data in the biometric data holding unit is decrypted with the logon password, and the decrypted biometric data is compared with the measurement information measured by the sensor. And a collation calculation unit that outputs a notification that the user request is to be performed when the identity and authority are confirmed based on the collation result. A sensor module, an IC card, a computer, and communication means for performing communication between the sensor module, the IC card, and the computer,
The sensor module includes a sensor that performs biological measurement,
The IC card is
It has a tamper-resistant structure,
A biometric data holding unit that holds encrypted biometric data obtained by encrypting biometric data,
An encryption key holding unit that holds an encryption key for decrypting the encrypted biometric data,
A logon password holding unit for holding a logon password,
The computer is
When the IC card is inserted, the logon password in the IC card is read,
A program to request identity verification,
At the request of the program, the encrypted biometric data and the encryption key in the IC card are read, the encrypted biometric data is decrypted with the encryption key, the biometric data is taken out, and the measurement measured by the sensor is performed. A user verification system based on biometric data, comprising: a collation calculation unit for collating information with the biometric data. A living body that includes a sensor that performs biometric measurement, a computer, an IC card, and a communication unit that performs communication between the sensor, the IC card, and the computer, and that performs user confirmation and data encryption processing In the user confirmation system by data,
The IC card is
It has a tamper-resistant structure,
A biometric data holding unit that holds biometric data,
A first encryption calculation unit that executes a part of the data encryption process upon receiving the user confirmation notification;
An encryption key holding unit that holds an encryption key used for processing in the first encryption calculation unit,
The computer is
A second cryptographic calculation unit that executes another process in the data encryption process upon receiving the user confirmation notification;
The measurement information measured by the sensor is compared with the biometric data in the biometric data holding unit, and when it is confirmed from the matching result that the user is the user, the first cryptographic calculation unit and the second cryptographic calculation unit inform the user of the user. A user confirmation system using biometric data, comprising: a collation calculation unit that outputs a confirmation notice. The user confirmation system according to claim 3,
The second cryptographic calculation unit generates a random number as an encryption key, encrypts the data with the random number as a key, sends the random number to the first cryptographic calculation unit, Receiving the encrypted random number from the section, and the encrypted random number as a header of the encrypted data,
The first encryption calculation unit encrypts the random number from the first encryption calculation unit with the encryption key in the encryption key holding unit, and sends the encrypted random number to the second encryption calculation unit. A user confirmation system, characterized in that: The user confirmation system according to claim 4,
The second cryptographic calculation unit sends the encrypted random number of the header to the first cryptographic calculation unit, receives the random number from the first cryptographic calculation unit, and is encrypted by the random number. Decrypting the data,
The first cryptographic calculation unit decrypts the encrypted random number from the second cryptographic calculation unit with the cryptographic key in the cryptographic key holding unit, and transmits the random number to the second cryptographic calculation unit. A user confirmation system characterized by sending. On the computer,
A biometric data holding function of holding biometric data encrypted by the user's own logon password as information indicating that the user has authority corresponding to the user request;
When the user request and the logon password are input, the biometric data is decrypted with the logon password, and the decrypted biometric data is compared with biometric measurement information. And a computer-readable recording medium recording a program for realizing a collation calculation function for outputting a notification that the user request should be performed when the authority is confirmed. On the computer,
When the user confirmation notification is received, a partial process in the data encryption process is executed, and a processing result of another process in the data encryption process is received from outside, and the processing result is received by the partial process. A cryptographic calculation function that completes the encryption process using
A program for collating the biometrically measured information with biometric data for user confirmation, and realizing a collation calculation function of notifying the user of the cryptographic computation function when the user is confirmed from the collation result. A computer-readable recording medium on which is recorded. A biometric data holding unit that holds the biometric data and outputs the biometric data to an external device that performs user confirmation using the biometric data,
A cryptographic calculation unit that executes a partial process in the data encryption process using an encryption key, and outputs a processing result of the partial process to an external device that performs another process in the data encryption process;
An IC card comprising an encryption key holding means for holding the encryption key, and having a tamper-resistant structure.

Images