JP2008033949A - Biometric system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a fingerprint collation system with high safety and capable of reducing costs. <P>SOLUTION: This biometric system has an IC card 100 having tamper resistance and a reader/writer 110 having the tamper resistance which reads and writes information to the IC card 100, wherein the reader/writer 110 performs preprocessing of a fingerprint image read by a fingerprint input part 113 by a preprocessing part 112, transmits extracted intermediate information to the IC card 100, the IC card 100 collates the intermediate information and fingerprint information 104, when collation is matched, makes authentication information 105 to be used for electronic authentication usable to perform the electronic authentication with an application 131. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a biometric information matching technique used for management of entry / exit in an important facility and access management of an information system, and more particularly to a fingerprint matching technique.

  2. Description of the Related Art Conventionally, there is known an access control technique for permitting entry / exit into a facility and use of an information system only for a specific user registered in advance using biometric information such as a fingerprint. Examples of such access control techniques include the following.

(1) Client Authentication Type Device In Japanese Patent Application Laid-Open No. 09-198501 (hereinafter referred to as Document 1), the user's biometric information recorded in advance in the door management device is collated with the biometric information input at the time of entry / exit. Describes what prevents unauthorized entry into the controlled area.

(2) Server Authentication Type Fingerprint Verification Device In Japanese Patent Laid-Open No. 10-124668 (hereinafter referred to as Document 2), the server has a user's biometric information file, and the user's biometric information input at the client is stored on the server. A document that prevents unauthorized access to a computer system by collation is described.

(3) Portable Fingerprint Verification Device In Japanese Patent Application Laid-Open No. 10-149446 (hereinafter referred to as Document 3), a user's biometric information is recorded on a portable recording device such as an IC card, and the newly input user's information is recorded. A device that prevents unauthorized access to a computer system or the like by collating biometric information with a client is described.

  In the method described in the above-mentioned document 1, when the door management device is realized by a device that does not have tamper resistance, the user is prevented from being falsified, falsified, stolen, etc. There is a problem that impersonation is possible.

  On the other hand, in the method described in Document 2 described above, since the biometric information, which is user-specific information, is centrally managed by the server and fingerprint matching is performed, fingerprints that are problematic in the method described in Document 1 are used. It is difficult to forge, falsify or steal information and verification results. However, since personal information such as fingerprints is centrally managed, there is a risk that the user's psychological resistance is large, a large number of biometric information may be stolen at the same time, There is a problem that the cost for managing a file for recording biometric information increases.

  On the other hand, in the method described in Document 3, since biometric information is recorded in a tamper-resistant portable storage device such as an IC card, the psychological resistance of the user, which is a problem in the method described in Document 2, It is possible to solve the problem of the cost of theft of a large amount of biological information and the management of biological information. Moreover, since fingerprint input and verification are performed by the fingerprint input device and the CPU mounted on the IC card, forgery, falsification, theft, etc. of fingerprint information and verification results that are problematic in the method described in Document 1 can be prevented. It can be said that the nature is high. However, it is necessary to mount a biometric information input function and a biometric information collation function on the IC card, which increases the cost of the apparatus.

  An object of the present invention is to provide a fingerprint collation system that is highly safe and can reduce costs.

  A biometric authentication system according to the present invention includes a tamper-resistant portable storage device with an arithmetic function and a tamper-resistant reader / writer that reads and writes information from and to the portable storage device.

  The reader / writer includes a biometric information input device that inputs biometric information, performs preprocessing of the biometric information input by the biometric information input device, and stores the intermediate information subjected to the preprocessing in the portable storage device. Send.

  The portable storage device includes a biometric information template and a secret key used for electronic authentication. The portable information storage device compares the intermediate information with the template. Make it available.

  When the biometric information is fingerprint information, the reader / writer sequentially transmits fingerprint image information necessary for fingerprint verification to the portable storage device, and the portable storage device sequentially processes the fingerprint image information. Thus, fingerprint verification may be performed.

  Also, information for correcting the positional deviation between the registered fingerprint recorded in the template and the newly input fingerprint is calculated using the core position of the fingerprint, and a small area around the feature point of the registered fingerprint is calculated. The image may be searched by matching around the coordinates of the input fingerprint image where the positional deviation is corrected, and the identity between the template and the fingerprint image may be determined based on the number of matching small images. Further, when calculating the fingerprint core position, the ridge perpendicular vector may be searched, and the position where the perpendicular vector greatly changes may be determined as the fingerprint core.

  In addition, information for correcting the positional deviation between the registered fingerprint recorded in the template and the newly input fingerprint, and a specific luminance distribution around each feature point for each of the input fingerprint and the registered fingerprint It is also possible to create an image having, and calculate based on the cross-correlation of the image.

  As described above in detail, according to the present invention, user-specific information is personally managed by the portable recording device, so that the psychological resistance of the user can be reduced. Further, it is possible to reduce the possibility of a large number of biological information being stolen at a time, and to reduce the cost for recording management of biological information.

  In addition, by mounting the biometric information and biometric information collation function inside a tamper-resistant portable storage device, it is possible to prevent forgery, falsification, and theft of the biometric information and collation results of the user and prevent spoofing. .

  In addition, since the biometric information input function and the preprocessing function for biometric information collation are installed in the reader / writer, the biometric information collation can be performed by a CPU such as an IC card which is a portable storage device with a general calculation function, thereby reducing the system cost Can be reduced.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  Here, a case where a bank office system that requires high security is taken as an example and an IC card is used as a portable recording device and access management for a banking application running on a host computer will be described. A case where a fingerprint is used as the biometric information will be described.

  FIG. 1 is a diagram for explaining the outline of an access management system according to the present invention. As shown in the figure, this system includes a host computer 130, a terminal 120, a reader / writer 110, and an IC card 100.

  The host computer 130 is for performing banking operations, and an application 131 for executing banking operations by staff is executed. The application 131 can be used after confirming that the staff is a pre-registered correct user (person authentication).

  The terminal 120 is a terminal for using the application 131 and is connected to the host computer 130 via the network 140. The terminal 120 also serves as a relay when the host computer 130, the reader / writer 110, and the IC card 100 exchange information necessary for personal authentication.

  The reader / writer 110 is a device for reading and writing data with respect to the IC card 100 and is connected to the terminal 120. The reader / writer 110 includes an interface 111, a fingerprint input unit 113, and a preprocessing unit 112. The interface 111 transmits information between the terminal 120 and the IC card 100. The fingerprint input unit 113 reads a fingerprint from an employee's finger. The preprocessing unit 112 performs preprocessing of the read fingerprint image, and exchanges information necessary for fingerprint collation with the IC card 100.

  The IC card 100 is a portable storage device with a calculation function possessed by each staff member. The IC card 100 includes an interface 101, a fingerprint collation processing unit 102, an electronic authentication processing unit 103, fingerprint information 104, and authentication information 105. The interface 101 transmits information to and from the reader / writer 110. The fingerprint collation processing unit 102 collates the fingerprint information recorded in the fingerprint information 104 with the newly input fingerprint. The electronic authentication processing unit 103 performs electronic authentication with the host computer 130 using the authentication information 105.

  Next, an outline of access management for the application 131 in this system will be described.

  The staff member has the IC card 100 in which his / her fingerprint information 104 is recorded in advance, and when accessing the application 131, the IC card 100 is connected to the reader / writer 110, and the fingerprint input unit 113 of the reader / writer 110 is used. Enter your fingerprint.

  When a fingerprint is input, after pre-processing for fingerprint matching is performed by the pre-processing unit 112, new information is input while exchanging information necessary for matching between the pre-processing unit 112 and the fingerprint matching processing unit 102. It is determined whether the fingerprint and the fingerprint information 104 match.

  As a result, if they match, access to the authentication information 105 of the electronic authentication processing unit 103 is permitted, and electronic authentication is performed between the application 131 and the electronic authentication processing unit 103. When electronic authentication is performed, the terminal 120 can access the application 130, and the staff can use the application 131.

  Next, details of the components of the system will be described.

  First, the structure of the IC card 100 will be described.

  FIG. 2 is a diagram illustrating the structure of the IC card 100.

  As shown in the figure, the IC card 100 includes an I / O port 210, a CPU 220, a RAM 230, an EEPROM 240, and a ROM 250. Each component of the IC card 100 is connected to the bus 260 and exchanges data via the bus 260.

  The I / O port 210 is a port for exchanging data with the reader / writer 110. The CPU 220 is an arithmetic processing unit that performs four arithmetic operations, bit operations, and the like. The RAM 230 is a rewritable memory used for temporary data storage when the CPU 220 performs an operation.

  The ROM 250 is a read-only memory, and stores a fingerprint collation program 251, an electronic authentication program 252, other programs and data. The EEPROM 240 is an electrically rewritable non-volatile memory, and an electronic certificate 241 for proving the validity of the IC card 100, the private key 242 of the IC card 100, and the staff who owns the correct IC card. Fingerprint information 243 and the like for verifying the existence are recorded.

  The fingerprint information 243 includes the coordinates of the fingerprint core used for registration, the coordinates of a predetermined number of feature points, and a small image (chip image) around each feature point. Hereinafter, in the present embodiment, a case where the number of feature points included in the fingerprint information 243 is 30 will be described.

  FIG. 3 is a diagram illustrating a configuration example of the fingerprint information 243. As shown in the figure, the fingerprint information 243 includes the number of chips (images), the XY coordinates of the core, the XY coordinates of the chip image, and the image data (binary data) of the chip image. A method of using each information will be described later.

  The IC card 100 has tamper resistance to prevent data analysis due to unauthorized access from outside or destruction of the device, and is designed so that data and programs held inside cannot be referred to from outside by an unauthorized method. Yes. Further, it has an access control function to the data held inside, and in order to access the data inside the IC card 100, it is necessary to permit the CPU 220 such as performing authentication using a common key or the like. The secret key 242 of the IC card 100 is set to not permit access when the IC card 100 is turned on, and cannot be accessed from an external or internal program.

  Here, it is assumed that only one IC card 100 is issued to each staff member in order to identify the staff member, and each staff member can have only one card.

  In the present embodiment, the fingerprint collation program 251 and the electronic authentication program 252 are described as being recorded in the ROM 250. However, these programs can also be implemented in the EEPROM 240.

  Next, the structure of the reader / writer 110 will be described.

  FIG. 4 is a diagram illustrating the structure of the reader / writer 110.

  As shown in the figure, the reader / writer 110 includes an I / O port 310, a CPU 320, a RAM 330, a fingerprint sensor 340, and a ROM 350. Each component of the reader / writer 100 is connected to the bus 360 and exchanges data via the bus 360.

  The I / O port 310 is a port for exchanging data with the IC card 110 and the terminal 120. The CPU 320 is an arithmetic processing unit that performs arithmetic operations necessary for the reader / writer 110 such as four arithmetic operations and bit operations. The RAM 330 is a memory for storing data temporarily used when the CPU 320 performs calculations. The fingerprint sensor 340 reads a fingerprint electronically.

  The ROM 350 is a read-only memory, and performs a preprocessing of a fingerprint image and the like, a preprocessing program 351 that performs fingerprint collation while communicating with the IC card 100, a fingerprint reading program 352 that controls fingerprint reading, and other programs, Data is recorded.

  The reader / writer 110 has tamper resistance, and is designed so that data and programs held inside cannot be referred to from outside by an unauthorized method.

  Next, an outline of fingerprint matching in this embodiment will be described.

  FIG. 5 is a diagram showing a schematic flow of fingerprint matching in the present embodiment.

  First, when the staff member uses the application 131 of the host computer 130, the application 131 requests the terminal 120 for fingerprint verification of the staff member, and the terminal 120 issues a fingerprint verification request to the reader / writer 110 (S400).

  The reader / writer 110 that has received the fingerprint collation request from the terminal 120 executes the fingerprint reading program 352 and acquires the fingerprints of the staff from the fingerprint sensor 340 (S405). The read fingerprint is recorded in the RAM 330 as a fingerprint image having a density of 8 bits per pixel, for example. Fingerprint reading by the fingerprint sensor 340 is performed using a commonly used method, for example, the method described in Document 2 described above.

  Next, the pre-processing program 351 pre-processes the fingerprint image, extracts intermediate fingerprint information as information necessary for collation, and records it in the RAM 330 (S410). Details of the preprocessing will be described later.

  Next, the fingerprint collation program 251 collates the intermediate fingerprint information with the employee's fingerprint information 243 previously recorded on the IC card 100 (S415). Details of the verification process will be described later.

  As a result of the collation, when the two do not match (S415: NG), the process ends. On the other hand, if they match (S415: OK), the private key 242 of the IC card 100 is activated so that it can be accessed from the electronic authentication program 252 (S420).

  Then, the electronic authentication program 252 performs electronic authentication with the application 131 using the activated secret key 242 (S425). For example, ANSI / ITU X. The mutual authentication between the IC card 100 and the application 131 is performed by the method described in 509.

  Next, details of the above-described preprocessing will be described. In the preprocessing, the coordinates of the fingerprint core and feature points are calculated, and the binary image of the fingerprint is created, and these are recorded in the RAM 330 as intermediate fingerprint information after the preprocessing.

  FIG. 6 is a diagram illustrating an example of a fingerprint core and feature points. As shown in the figure, the fingerprint core indicates a characteristic structure of the fingerprint. A feature point refers to an end point or a branch point of a ridge (a series of convex portions) forming a fingerprint. Normally, each finger has one fingerprint core and a plurality of feature points.

  FIG. 7 is a diagram showing a schematic flow of preprocessing.

  First, the input fingerprint image is subjected to ridge enhancement and noise removal processing, and the processed 8-bit grayscale fingerprint image is recorded in the RAM 330 (S600). This process is performed using a commonly used method, for example, the method described in JP-A-11-134498.

  Next, the core which is the characteristic structure of the fingerprint is detected, and the coordinates are recorded in the intermediate fingerprint information (S605). Details of this processing will be described later.

  Next, the processed 8-bit grayscale fingerprint image such as ridge enhancement is binarized, converted to a 1-bit monochrome image per pixel, and recorded in the intermediate fingerprint information (S610). This process is performed using a commonly used method, for example, the method described in Document 2 described above.

  Next, the binarized fingerprint image is thinned to obtain a thinned image (S615). The thinned image is temporarily recorded in the RAM 330. This thinning process is performed using a commonly used method, for example, the method described in Document 2.

  Next, a maximum of 30 feature points that are end points or branch points of ridges are extracted from the thinned image, and the coordinates of the extracted feature points are recorded in the intermediate fingerprint information (S620). The extraction of feature points is performed using a commonly used method, for example, the method described in Document 2.

  Next, the core position detection process S605 described above will be described.

  FIG. 8 is a conceptual diagram for explaining the core position detection processing S605.

  As shown in the figure, in the core position detection process S605, first, an effective area 810 for calculating candidate points is set. The effective area 810 is set to an area that is estimated to include the core in the fingerprint image.

  Next, in the effective area 810, an appropriate initial position 800 is set, a ridge perpendicular direction vector 805 at the initial position is obtained, and the position obtained by adding the obtained perpendicular direction vector 805 to the initial position is the next candidate point. The process of obtaining the perpendicular direction vector of the ridge at the candidate point and further obtaining the next candidate point is performed, or the number of candidate points exceeds a predetermined number or the next candidate point is outside the effective area 810. Repeat until it comes out. Then, the curvature is calculated for each of the candidate points obtained as described above, and the candidate point having the maximum curvature is determined as the core position. Then, the initial position is changed, the above-described processing is repeated, and a final core position is obtained by averaging the obtained plurality of core positions.

  Here, it is assumed that a maximum of 20 candidate points are searched in one core search, and such a core search is performed 10 times.

  FIG. 9 is a diagram showing a detailed flow of the core position detection process S605.

  First, a counter i indicating the number of searches is initialized to “1” (S700), and a counter j indicating an index of candidate points in one search is initialized to “1” (S705).

  Next, the initial position of the candidate point is set according to the counter i indicating the number of searches (S710). The initial position is set to be different for each search. In the example of FIG. 8, an initial position 800 is set. The X and Y coordinates of the initial position are recorded at the corresponding positions in the candidate point calculation table provided in the RAM 330.

  FIG. 10 is a diagram illustrating a configuration example of a candidate point calculation table. As shown in the figure, the candidate point calculation table has “candidate point index”, “coordinates” of candidate points, and “curvature” at each candidate point. The figure shows the coordinates and curvature of seven candidate points in one search. For example, the coordinates of the candidate point of index 1 (initial position) are X coordinate 25 and Y coordinate 25.

  Next, the perpendicular direction vector 805 of the ridge at the initial position 800 is calculated (S715). A specific calculation method will be described later. The normal vector is normalized so as to have a preset length.

  Next, a new candidate point is calculated from the current candidate point position and the perpendicular direction vector (S720). Specifically, a new candidate point is obtained by adding a perpendicular direction vector to the position coordinates of the current candidate point, and the X coordinate and Y coordinate of the candidate point are recorded in the corresponding index of the candidate point calculation table.

  Next, the perpendicular direction vector of the ridge at the new candidate point is calculated (S725).

  Next, it is checked whether or not the new candidate point is within the preset effective area (area 810 in FIG. 8) (S730). As a result, if the candidate point is within the effective area (S730: OK), it is checked whether or not the number of candidate points has reached the preset number (= 20) (S740). As a result, if not reached (S740: NO), 1 is added to the index j indicating the candidate point (S743), the process returns to the process S720 for calculating a new candidate point, and the above-described process is repeated.

  On the other hand, when the number of candidate points reaches a preset number (S740: YES), or when a new candidate point is not within the preset effective area (S730: NG), each of the above calculated points The curvature of the candidate point is obtained, and the coordinates and curvature of the candidate point having the maximum curvature are recorded at the corresponding positions in the core search result table provided in the RAM 330 (S745).

  FIG. 11 is a diagram illustrating a configuration example of a core search result table. As shown in the figure, the core search result table includes “index of search frequency”, “coordinates of a point having the maximum curvature”, and “maximum curvature” in each search. FIG. 10 shows the result of completing 10 searches.

  The curvature may be obtained by any method, but here, the cosine of the angle formed by the adjacent candidate points is defined as the curvature. For example, the curvature of the fourth candidate point 820 shown in FIG. 8 is calculated by the cosine of the angle 830. In this way, the curvatures of all candidate points are calculated, and the coordinates of the candidate point having the maximum curvature among these are recorded at corresponding positions in the core search result table. In the example shown in FIG. 10, since the curvature -0.3 is the maximum, the coordinates of the fourth candidate point and the curvature are recorded at the position corresponding to the index 1 in FIG.

  Once the maximum curvature of the candidate points searched this time is obtained, it is next determined whether or not the number of searches i has exceeded a preset number (= 10) (S750). As a result, if not exceeded, 1 is added to the number of searches i (S753), the process returns to the process S710 for setting the initial position of the next search, and the process described above is repeated.

  On the other hand, if the number of searches exceeds the preset number (= 10), the coordinates of the core are calculated from all the search results (S755).

  To calculate the coordinates of the core, the coordinates of the core candidates obtained in all searches are averaged to obtain the core position, or only the candidate points having a threshold value of the predetermined maximum curvature or more are averaged. There is a method of setting the core position. For example, if the threshold value of the maximum curvature is −0.5 and a candidate having a maximum curvature equal to or less than the threshold value is invalid, in the example of FIG. 11, the candidate point by the tenth search has a maximum curvature of −0. 8 is invalid, and the core positions are calculated by averaging 1st to 9th.

  Next, a method for calculating the above-described ridge normal vector will be described. Here, first, a ridge direction vector of a ridge is calculated by calculating a ridge direction (a direction parallel to the ridge) at a candidate point and calculating a direction orthogonal thereto.

  Therefore, a calculation method of the ridge method will be described.

  FIG. 12 is a diagram showing the concept of the ridge direction calculation method of the present embodiment. This figure shows a part of the fingerprint image, and the ridges are represented by solid lines. The ridge direction at a point 2505 on a pixel of a fingerprint image can be calculated as follows. First, a plurality of points 2510 on a straight line passing through the point 2505 are set. Next, all the absolute values of the differences between the luminance at point 2505 and the luminance at each point 2510 are added. This operation is performed for a plurality of directions, and it is determined that the direction with the smallest value coincides with the direction of the ridge.

  FIG. 13 is a diagram illustrating a processing flow of ridge direction calculation processing.

  First, the angle is initialized to 0 degrees (S2600). Here, it is assumed that processing is performed for each angle from 0 degree to 160 degrees every 20 degrees. In addition, the evaluation value for each angle is initialized to zero.

  Next, the position of the reference point is initialized and its coordinates are calculated (S2605). Specifically, it is a point on a straight line that passes through a point (hereinafter referred to as a reference point) for which the ridge direction is to be calculated, like a point 2505 in FIG. Here, as shown in FIG. 12, four points are used as reference points.

  Next, the absolute value of the difference between the luminance of the reference point and the luminance of the reference point is calculated and added to the evaluation value assigned to the corresponding angle (S2610).

  Next, the reference point is moved, and its coordinates are calculated (S2615).

  Next, it is determined whether or not the processing has been completed for all the reference points (S2620). As a result, if the processing has not been completed for all the reference points (S2620: NO), the process returns to step S2610, and the processing described above is performed. repeat.

  On the other hand, if the processing has been completed for all reference points (S2620: YES), 20 degrees is added to the angle (S2625), and it is determined whether the angle has reached 180 degrees (S2630). As a result, if the angle has not reached 180 degrees (S2630: NO), the process returns to step S2605 and the above-described processing is repeated.

  On the other hand, if the angle has reached 180 degrees (S2630: YES), the angle having the smallest value among the evaluation values assigned to each angle is calculated (S2635). The angle with the smallest value is the direction of the ridge at the reference point.

  As described above, in the core position detection processing in the present embodiment, when detecting a core, the ridge perpendicular direction vector is searched, and the position where the perpendicular direction vector greatly changes is determined as the core by majority vote. The core position can be detected with a small amount of calculation.

  Next, the collation process in this embodiment will be described.

  FIG. 14 is a diagram showing a schematic flow of collation processing in the present embodiment. Since this processing is performed while the reader / writer 110 and the IC card 100 communicate with each other, the processing of the reader / writer 110 is described on the left side and the processing of the IC card 100 is described on the right side.

  As shown in the figure, the processes performed in the IC card 100 include a correction vector calculation process S1190, a chip position calculation process S1191, and a chip matching process S1192, each defined by ISO 7816-4 or the like. It is mounted on the IC card 100 as a command.

  First, the reader / writer 110 calls the correction vector calculation process S1190 of the IC card 100 (S1100). At this time, the coordinates of the core of the input fingerprint recorded in the intermediate fingerprint information are passed as parameters. Specifically, the process is called by transmitting an APDU (Application Protocol Data Unit) described in ISO 7816-4 to the IC card 100.

  FIG. 15 is a diagram illustrating an example of an APDU for calling the correction vector calculation process. As shown in the figure, the command ID of the correction vector calculation process is substituted into the INS field of the APDU 1500, the core X coordinate and Y coordinate are substituted into the data field, and the coordinate data length is substituted into the Lc field. ing.

  When receiving the APDU 1500 from the reader / writer 110, the IC card 100 activates the correction vector calculation process (S1190). The correction vector calculation process calculates a difference vector between the coordinates of the core of the input fingerprint received from the reader / writer 110 and the core position of the registered fingerprint recorded in advance on the IC card 100 as a correction vector representing the positional deviation between the two. Record in the RAM 230 of the IC card 100. Thereafter, it responds to the reader / writer 110. Specifically, the response is made by outputting a response application protocol data unit (APDU) described in ISO 7816-4 to the reader / writer 110.

  FIG. 16 is a diagram illustrating an example of a response APDU in the correction vector calculation process S1190. As shown in the figure, the response APDU 1510 includes a command status in the SW1 field, and a code indicating normal termination or abnormal termination is substituted here as the command processing result. Details of the correction vector calculation process S1190 will be described later.

  Upon receiving the response APDU 1510 from the IC card 100 (S1105), the reader / writer 110 checks the status of the response APDU 1510 (S1107). If the result is an error (S1107: YES), the process is terminated.

  On the other hand, if it is not an error (S1107: NO), a chip position calculation process is called in order to obtain coordinates for cutting out the partial image of the input fingerprint for performing chip matching (S1110).

  FIG. 17 is a diagram illustrating an example of an APDU transmitted to the IC card 100 to call the chip position calculation process. As shown in the figure, the command ID of the chip position calculation process is assigned to the INS field of the APDU 1520, and the data length of the coordinate serving as the return value is assigned to the Le field.

  When receiving the APDU 1520 from the reader / writer 110, the IC card 100 activates the chip position calculation process (S1191). In the chip position calculation process, the coordinates of the feature points in the input fingerprint are calculated from the coordinates of the feature points of the registered fingerprint recorded in advance and the correction vector calculated in step S1190. Specifically, the coordinates of the feature points in the input fingerprint are calculated by adding a correction vector to the coordinates of the feature points of the registered fingerprint. Thereafter, the response APDU is used to respond to the reader / writer 110.

  FIG. 18 is a diagram illustrating an example of a response APDU of the chip position calculation process S1191. As shown in the figure, the coordinates of the feature points are substituted into the data field of the response APDU 1530, and the status of the command is substituted into the SW1 field. Details of the chip position calculation process S1191 will be described later.

  When the reader / writer 110 receives the response APDU 1530 (S1115), the reader / writer 110 analyzes the content of the response APDU 1530, and checks whether it has ended abnormally or whether the position of the designated feature point is invalid (S1117). As a result, if the position of the designated feature point is invalid (S1117: YES), the process returns to step S1110 to call the chip position calculation process for another chip image. If the process has ended abnormally (S1117: abnormal end), the process ends.

  On the other hand, if an appropriate feature point position is obtained (S1117: NO), a partial image around the coordinates designated by the chip position calculation process is cut out (S1120). The partial image is a slightly larger image than the chip image, and its size and shape are determined in advance.

  Next, the chip matching process of the IC card 100 is called (S1125). At this time, the partial image extracted in step S1120 is transmitted as data. A specific calling method is the same as that in step S1100.

  FIG. 19 is a diagram illustrating an example of an APDU for calling a chip matching process. As shown in the figure, the command ID of the chip matching process is substituted for the INS field of the APDU 1540, the data length of the partial image is substituted for the Lc field, and the partial image is substituted for the data field.

  When receiving the APDU 1540 from the reader / writer 110, the IC card 100 activates a chip matching process (S1192). In the chip matching process, a chip matching process is performed between the received partial image of the input fingerprint and a chip image recorded in advance on the IC card 100. If they match, the number of matching chips is incremented. When matching is completed for all feature points, a status indicating the fingerprint match or mismatch is returned. Otherwise, a status for matching the next feature point is returned.

  FIG. 20 is a diagram illustrating an example of a response APDU of the chip matching process. As shown in the figure, the status of the command is substituted into the SW1 field of the response APDU 1550. Specifically, a code indicating fingerprint matching, mismatching, or processing continuation is substituted as a command processing result. Details of the chip matching processing S1192 will be described later.

  When the reader / writer 110 receives the response APDU 1550 of the chip matching process, the reader / writer 110 analyzes the status of the response APDU 1550 and determines whether or not to end the process (S1135). As a result, if a fingerprint match or mismatch result is obtained (S1135: YES), the process ends. On the other hand, the process returns to step S1110 to perform matching for the remaining feature points.

  Next, the correction vector calculation process S1190 described above will be described.

  FIG. 21 is a diagram showing a detailed flow of the correction vector calculation process S1190.

  When receiving the APDU 1500 from the reader / writer 110, the IC card 100 records the X coordinate and the Y coordinate indicating the core position of the collation image included in the APDU 1500 in the RAM 230 (S1900).

  Next, a chip image index (chip image index) k for chip matching is initialized to 0 (S1905), and a variable M indicating the number of matching chips is initialized to 0 (S1907).

  Next, a correction vector is calculated using the core position of the collation image sent from the reader / writer 110 and the coordinates of the core of the fingerprint information (FIG. 3) recorded in advance on the IC card 100 (S1910). Specifically, the correction vector is calculated by subtracting the core coordinate of the fingerprint information from the coordinate of the core of the collation image.

  Next, the validity of the calculated correction vector is verified (S1915). As a result, if an appropriate correction vector is obtained (S1915: YES), a code indicating normal termination is substituted for the status of the response APDU (S1920), and the response APDU is transmitted to the reader / writer 110 (S1925). On the other hand, if an illegal correction vector is obtained (S1915: NO), a code indicating abnormal termination is substituted for the status of the response APDU (S1917), and the response APDU is transmitted to the reader / writer 110 (S1925).

  As described above, the correction vector calculation process S1190 is performed.

  Next, the above-described chip position calculation process S1191 will be described.

  FIG. 22 is a diagram showing a detailed flow of the chip position calculation process S1191.

  When the IC card 100 receives the APDU 1520 for starting the chip position calculation process S1191 from the reader / writer 110 (S2000), the IC card 100 increments the chip image index k (S2002), and the number of chips in which the chip image index k is recorded in the fingerprint information. It is determined whether or not (= 30) or less (S2005). As a result, if k is larger than the number of chips recorded in the fingerprint information (S2005: NO), a code indicating abnormal termination is substituted for the status of the response APDU (S2045), and the response APDU is transferred to the reader / writer 110. Transmit (S2035), and the process ends.

  On the other hand, if the chip image index k is less than or equal to the number of chip images recorded in the fingerprint information (S2005: YES), the coordinates of the kth chip image recorded in the fingerprint information are corrected (S2010). Specifically, correction is performed by adding a correction vector to the coordinates of the kth chip image.

  Next, it is verified whether or not the corrected coordinates of the chip are included in the collation image (S2015). As a result, if it is not included (S2015: NO), a code indicating the incorrect position of the feature point is substituted for the status of the response APDU (S2040), and the response APDU is transmitted to the reader / writer 110 (S2035). Exit.

  On the other hand, if the corrected chip coordinates are included in the collation image (S2015: YES), the corrected chip coordinates are substituted into the data field of the response APDU (S2025). Further, a code indicating normal termination is substituted for the status of the response APDU (S2030), the response APDU is transmitted to the reader / writer 110 (S2035), and the processing is terminated.

  As described above, the chip position calculation process S1191 is performed.

  Next, the above-described chip matching process S1192 will be described.

  FIG. 23 is a diagram illustrating a detailed flow of the chip matching processing S1192.

  When the IC card 100 receives the APDU 1540 that activates the chip matching process S1192 from the reader / writer 110, the IC card 100 records the partial image recorded in the data field in the RAM 230 (S2100).

  Next, it is verified whether or not the chip image index k is equal to or less than the number of chips (= 30) recorded in advance in the fingerprint information (S2105). As a result, if the index k is larger than the number of chips (S2105: NO), a code indicating that the fingerprint does not match is substituted for the status of the response APDU (S2150), and the response APDU is transmitted to the reader / writer 110 ( S2140).

  On the other hand, if the index k is less than or equal to the number of chip images (S2105: YES), the partial image and the kth chip image are matched (chip matching), and a code indicating whether or not the partial image matches the chip image is obtained. Output (S2110). A specific method of this matching will be described later.

  Next, it is checked whether or not the chip image and the partial image match (S2115). If they do not match (S2115: NO), a code indicating that matching is continued is substituted for the status of the response APDU (S2145). The response APDU is transmitted to the reader / writer 110 (S2140).

  On the other hand, if the chip image and the partial image match (S2115: YES), the matching chip number M is incremented (S2120), and whether or not the matching chip number M is larger than a predetermined threshold (= 20). Determination is made (S2125). As a result, if M is equal to or less than the threshold value (S2125: NO), a code indicating that the verification is continued is substituted for the status of the response APDU (S2145), and the response APDU is transmitted to the reader / writer 110 ( S2140).

  On the other hand, if M is larger than the threshold value (S2125: YES), it is determined that the collation image and the fingerprint information recorded in advance on the IC card 100 match, and the secret key 242 for the IC card 100 to perform mutual authentication is determined. Is made available (S2130).

  Next, a code indicating that the fingerprint matches the status of the response APDU is substituted (S2135), the response APDU is transmitted to the reader / writer 110 (S2140), and the process ends.

  Next, details of the matching processing S2110 performed in the above-described chip matching processing S1192 will be described.

  In this processing, as shown in FIG. 24, it is determined whether or not a part of the partial image matches the chip image while moving along the spiral trajectory on the partial image. The trajectory need not be spiral.

  In the present embodiment, a mismatch bit number search table is prepared in advance in the ROM 250 or the EEPROM 240, and the mismatch bit number search table is used when counting the number of bits that do not match when the chip image and the partial image are compared. To do.

  FIG. 25 is a diagram illustrating a configuration example of a mismatch bit number search table. As shown in the figure, this table records the number of 1 when the index is expressed in binary. For example, 2 is recorded for index 3 (= 11b), and 1 is recorded for index 4 (= 100b). Here, a table of 256 elements from 0 to 255 is prepared corresponding to the comparison between the chip image and the partial image in units of 8 bits.

  FIG. 26 is a diagram showing a detailed flow of the matching process S2110.

  First, the collation position on the partial image is initialized (S2200). For example, the position where the chip image is at the center of the partial image is set as the first collation position.

  Next, an image having the same size as the chip image is cut out from the partial image according to the collation position, and copied to the collation image buffer secured on the RAM 230 (S2205). For example, if the chip image is 16 pixels square, since one pixel corresponds to 1 bit, the required image buffer for verification is 256 bits, that is, 32 bytes. In this case, the chip image similarly has a 32-byte area and is stored in the EEPROM 240 as a part of fingerprint information.

  Next, the number of mismatch bits indicating the number of bits that do not match between the chip image and the verification image buffer is initialized to 0 (S2210), and the offset indicating the comparison target position between the chip image and the verification image buffer is initialized to 0. (S2215).

  Next, an exclusive OR of the chip image and the data at the offset position of the collation image buffer is taken, and the result is stored in the RAM 230 (S2220). Here, it is assumed that exclusive OR is taken in units of 1 byte.

  Next, using the result of the exclusive OR as an index, the mismatch bit number search table is referred to, and the obtained number is added to the mismatch bit number (S2230).

  Next, it is determined whether or not the number of mismatch bits is equal to or greater than a predetermined threshold value (= 30) (S2235). As a result, when the number of mismatch bits is less than a predetermined threshold value (S2235: NO), calculation is performed for all data in the chip image and the image buffer for verification, and it is checked whether the offset has reached the end. (S2240) If it has not reached the end (S2240: NO), 1 is added to the offset (S2243), and the process returns to the processing S2220 to obtain the exclusive OR of the chip image indicated by the offset and the image buffer for collation. Repeat the process.

  On the other hand, if the offset has reached the end (S2240: YES), a code indicating that the chip image matches the partial image is output (S2245), and the process ends.

  If the number of mismatched bits is equal to or greater than a predetermined threshold as a result of the determination in step S2235 (S2235: YES), it is checked whether or not the entire partial image has been collated (S2237). If there is no collation position (S2237: NO), the collation position is moved (S2238), the process returns to step S2205, and the above-described processing is repeated.

  On the other hand, if collation is completed to the end (S2237: YES), a code indicating that the chip does not match the partial image is output (S2239), and the process ends.

  The chip matching process is performed as described above.

  In the above description, in the collation process, the correction vector is calculated using the position of the fingerprint core, but the correction vector may be calculated by other methods.

  Next, a method for calculating the correction vector using the cross-correlation of the feature point distribution will be described. In this case, it is not necessary to detect the core position or the like in the preprocessing described above.

  Hereinafter, a case where the correction vector is calculated in the IC card 100 and a case where the correction vector is calculated in the reader / writer 110 will be described. First, a case where the correction vector is calculated in the IC card 100 will be described.

  In this case, the difference from the above-described collation process is only the APDU that the reader / writer 110 transmits to the IC card 100 in step S1100 of FIG.

  FIG. 27 is a diagram illustrating an example of an APDU that the reader / writer 110 transmits to the IC card 100 in order to call the correction vector calculation process S1190 in step S1100 illustrated in FIG. As shown in the figure, the corresponding command ID is substituted in the INS field of the APDU 2700, and the coordinates of all the feature points of the input fingerprint extracted in the preprocessing are substituted in the data field.

  FIG. 28 is a diagram showing a detailed flow of the correction vector calculation process S1190 called by the APDU 2700.

  Upon receiving the APDU 2700 (S2800), the IC card 100 generates a feature point map of the input fingerprint using the sent coordinates of the feature points of the input fingerprint (S2805). The feature point map is an image having a specific luminance distribution around the coordinates of each feature point. FIG. 29 is a diagram illustrating an example of a feature point map. For the shape and size of the luminance distribution around the feature point coordinates, an appropriate one is selected according to the mounting conditions.

  Once the feature point map is generated for the input fingerprint, the feature point map is similarly generated from the coordinates of the feature points of the registered fingerprint recorded in the fingerprint information (S2810).

  Then, a normalized cross-correlation is calculated by regarding the feature point map of the input fingerprint and the registered fingerprint as a two-dimensional signal (S2815). The cross-correlation is calculated by a commonly used method, for example, the method described in “Digital Image Processing” (Rosenfeld et al., Modern Science, 1978), page 306.

  Next, the position with the largest normalized cross-correlation value is detected, and the position shift at this time is recorded in the RAM 230 of the IC card 100 as a correction vector (S2820).

  Then, an appropriate status is substituted into the response APDU 1510 shown in FIG. 16, and is transmitted to the reader / writer 110 (S2825).

  Next, a case where the correction vector is calculated by the reader / writer 110 will be described.

  In this case, steps S1100, S1190, and S1105 shown in FIG. 14 are replaced with the processing shown in FIG.

  Hereinafter, the processing illustrated in FIG. 30 will be described.

  When the collation process is started, the reader / writer 110 first transmits an APDU requesting transmission of the coordinates of the feature points of the registered fingerprint to the IC card 100 (S3000).

  FIG. 31 is a diagram illustrating an example of an APDU that requests transmission of the coordinates of feature points of a registered fingerprint. As shown in the figure, an appropriate command ID is assigned to the INS field of the APDU 2710, and the length of coordinate data of feature points returned from the IC card 100 is stored in the Le field.

  When receiving the APDU 2710, the IC card 100 stores the coordinates of the feature points recorded in the fingerprint information of the IC card 100 in the data field of the response APDU as shown in FIG. 32 and transmits it to the reader / writer 110 (S3090). .

  When the reader / writer 110 receives the response APDU 2720 from the IC card 100 (S3005), the correction vector is calculated by generating a feature point map and recorded in the RAM 320 of the reader / writer 110, as in the method shown in FIG. (S3010).

  Next, the reader / writer 110 issues a command for causing the IC card 100 to record the correction vector (S3015). Specifically, an APDU having the same format as the APDU 1500 shown in FIG. 15 is transmitted to the IC card 100.

  When the IC card receives the APDU, it records the correction vector stored in the APDU in the RAM 230 of the IC card 100, and transmits a response APDU as shown in FIG. 16 to the reader / writer 110 (S3095).

  Upon receiving the response APDU (S3020), the reader / writer 110 proceeds to processing S1107 for checking the status of the response APDU.

  As described above, even when the correction vector is obtained from the feature point map instead of the core position, the correction vector is obtained at a higher speed than when matching is performed on the entire fingerprint image (or a part thereof). be able to. Furthermore, by adjusting the size of the luminance distribution provided around the feature points, accurate position correction can be performed even if the fingerprint is distorted or rotated.

  As described above in detail, according to the user authentication system of the present invention, user-specific information is personally managed by an IC card, so that the user's acceptability is improved compared to the case of centralized management by a server or the like. can do. Further, it is possible to reduce the possibility of a large number of biological information being stolen at a time, and to reduce the cost for recording management of biological information.

  In addition, the fingerprint information and fingerprint verification function are installed inside the IC card, and access to the fingerprint information and fingerprint verification function from outside is prohibited, so that the user's fingerprint information and verification results are counterfeited, falsified, and stolen. Can prevent impersonation.

  In addition, by mounting a fingerprint input function and a fingerprint collation pre-processing function on a reader / writer, fingerprint collation can be performed by a general IC card CPU.

  Furthermore, since the fingerprint collation function is separately implemented for the IC card and the reader / writer, the collation process is difficult to analyze.

  In addition, the core coordinates, which are the characteristic structure of the fingerprint, are recorded in the fingerprint information of the IC card, and the core coordinates are detected from the fingerprint image newly input by the preprocessing, so that the feature points recorded in the fingerprint information are recorded. The chip image recorded in the fingerprint information is searched by chip matching around the corrected coordinates on the fingerprint image, and the identity of the fingerprint information and the fingerprint image is determined by the number of matching chip images. Thus, fingerprint verification can be performed even with an IC card having a small RAM capacity.

  In chip matching, the number of mismatched bits is calculated using a mismatched bit number search table in which the number of mismatched bits is recorded in advance, and the number of bits exceeds a preset threshold. In such a case, by completing the chip matching and proceeding to the next process, it is possible to perform fingerprint collation using an IC card with a slow calculation speed.

  In the above embodiment, the case where a fingerprint is used as the biometric information has been described. However, other biometric information can be used.

  For example, when an iris is used as biometric information, the reader / writer 110 of FIG. 1 includes an iris information input unit for inputting iris information instead of the fingerprint input unit 113, and the preprocessing unit 112 receives the input. The iris image is preprocessed and an iris code necessary for iris matching is calculated. The iris code is calculated, for example, by the method described in the document: IEEE Transactions on pattern analysis and machine intelligence, Vol.15, No.11, Nov.1993, pp.1148-1161 (hereinafter referred to as document 4). Use it.

  The iris code calculated in this way is transmitted to the IC card 100. Note that the transmission of the iris code to the IC card 100 may be performed by a single transmission.

  In the IC card 100 of FIG. 1, an iris code is recorded as a template of biometric information instead of the fingerprint information 104. When the iris code is received from the reader / writer 110, the iris collation program in the IC card 100 collates the iris code transmitted from the reader / writer 110 with the iris code recorded in the EEPROM or the like in the IC card 100. . The collation is performed by, for example, calculating the Hamming distance of the iris code by the method described in Document 4 and determining whether the calculated Hamming distance is equal to or less than a predetermined threshold value. If the calculated Hamming distance is equal to or less than the threshold value, it is determined that the iris codes match, and access to the authentication information 105 of the electronic authentication processing unit 103 is permitted, as in the case of the fingerprint, and the application Electronic authentication is performed between 131 and the electronic authentication unit 103.

It is a figure for demonstrating the outline of the access management system by this invention. It is a figure which shows the structure of the IC card by this invention. It is a figure which shows the structural example of the fingerprint information 243. FIG. It is a figure which shows the structure of the reader / writer by this invention. It is a figure which shows the general | schematic flow of fingerprint collation. It is a figure which shows the example of the core of a fingerprint, and a feature point. It is a figure which shows the general | schematic flow of pre-processing. It is a conceptual diagram for demonstrating a core position detection process. It is a figure which shows the detailed flow of a core search process. It is a figure which shows the structural example of the candidate point calculation table in a core search process. It is a figure which shows the structural example of the core search result table in a core search process. It is a conceptual diagram of the ridge direction calculation method. It is a figure which shows the detailed flow of a ridge direction calculation process. It is a figure which shows the schematic flow of a collation process. It is a figure which shows the example of APDU which calls a correction vector calculation process. It is a figure which shows the example of the response APDU from a correction vector calculation process. It is a figure which shows the example of APDU which calls a chip | tip position calculation process. It is a figure which shows the example of the response APDU from a chip position calculation process. It is a figure which shows the example of APDU which calls a chip matching process. It is a figure which shows the example of the response APDU from a chip matching process. It is a figure which shows the detailed flow of a correction vector calculation process. It is a figure which shows the detailed flow of a chip position calculation process. It is a figure which shows the detailed flow of a chip matching process. It is a figure which shows the concept of a chip matching process. It is a figure which shows the structural example of a mismatch bit number search table. It is a figure which shows the detailed flow of a matching process. It is a figure which shows the example of APDU which calls a 2nd correction vector calculation process. It is a figure which shows the detailed flow of a 2nd correction vector calculation process. It is a figure which shows the example of a feature point map. It is a figure which shows the processing flow in the case of calculating a correction vector with the reader / writer. It is a figure which shows the example of APDU which requests | requires transmission of the coordinate of the feature point of a registered fingerprint. It is a figure which shows the example of the response APDU from a feature point position transmission process.

Explanation of symbols

100 IC card 110 reader / writer 120 terminal 130 host computer 140 network

Claims (10)

A portable storage device with a calculation function having tamper resistance;
A biometric authentication system including a tamper-resistant reader / writer that reads and writes information from and to the portable storage device,
The reader / writer is
A biological information input device for inputting biological information;
Perform preprocessing of biological information input by the biological information input device,
Transmitting the preprocessed intermediate information to the portable storage device;
The portable storage device includes:
A template for biometric information and a secret key used for electronic authentication are provided.
The intermediate information is compared with the template,
A biometric authentication system, wherein the secret key is usable when the verification is matched. The biological information is fingerprint information,
The reader / writer sequentially transmits fingerprint image information necessary for fingerprint verification to the portable storage device,
The biometric authentication system according to claim 1, wherein the portable storage device performs fingerprint collation by sequentially processing the fingerprint image information. The biological information is fingerprint information,
Information for correcting the positional deviation between the registered fingerprint recorded in the template and the newly input fingerprint is calculated using the core position of the fingerprint,
Search for a small image around the feature point of the registered fingerprint by matching around the coordinates corrected for misalignment on the image of the input fingerprint,
The biometric authentication system according to claim 1, wherein the identity of the template and the fingerprint image is determined based on the number of matched small images. Search the ridge normal vector,
The biometric authentication system according to claim 3, wherein a position where the perpendicular vector greatly changes is determined as a fingerprint core. The biological information is fingerprint information,
Information for correcting misalignment between the registered fingerprint recorded in the template and the newly input fingerprint has a specific luminance distribution around each feature point for each of the input fingerprint and the registered fingerprint. Create an image, calculate by cross-correlation of the image,
Search for a small image around the feature point of the registered fingerprint by matching around the coordinates corrected for misalignment on the image of the input fingerprint,
The biometric authentication system according to claim 1, wherein the identity of the template and the fingerprint image is determined based on the number of matched small images. A biometric authentication system comprising a portable storage device and a reader / writer that reads and writes information from and to the portable storage device,
The reader / writer is
Biometric information input means for receiving input of biometric information;
Preprocessing means for generating image data by performing preprocessing on the biological information input via the biological information input means;
Transmitting means for cutting out one partial image requested from the portable storage device from the image data generated by the preprocessing means and transmitting the image data of the cut out partial image to the portable storage device; Prepared,
The portable storage device includes:
Biometric template,
Collation means for collating the image data of the one partial image transmitted from the reader / writer with the template;
The collating unit repeatedly requests one piece of image data of a partial image different from the image data of the partial image transmitted so far when the collation result does not satisfy a predetermined criterion. Authentication system. The biometric authentication system according to claim 6,
The biological information is fingerprint information,
The pre-processing means of the reader / writer generates fingerprint image information necessary for fingerprint verification as the image data,
The biometric authentication system, wherein the collation means of the portable storage device performs fingerprint collation by processing the fingerprint image information. The biometric authentication system according to claim 7, wherein
The preprocessing means calculates the core position of the fingerprint from fingerprint information that is the input biometric information, and sends the coordinates of the core position to the portable storage device,
The template has coordinates of a plurality of feature points of a fingerprint registered in the template, and a small image around the coordinates,
The verification means is
Information for correcting a positional deviation between the registered fingerprint and a newly input fingerprint, the coordinates of the core position of the fingerprint registered in the template, and the coordinates of the core position received from the preprocessing means Correction information calculation means for calculating using
Request means for requesting the reader / writer as fingerprint image information around the coordinates by transmitting coordinates calculated from the coordinates of the feature points and information for correcting the positional deviation;
Matching means for matching the small image around the coordinates with fingerprint image information transmitted from the transmitting means in response to a request from the requesting means;
A biometric authentication system comprising: a determination unit that determines the identity between the template and the fingerprint image according to a plurality of matching results. The biometric authentication system according to claim 8, wherein
The preprocessing means includes
A biometric authentication system, wherein a perpendicular vector of a plurality of ridges is sequentially searched, and a position where the direction of the perpendicular vector changes from a predetermined value is set as the core position of the fingerprint. The biometric authentication system according to claim 7, wherein
Information for correcting misregistration between a registered fingerprint, which is a fingerprint registered in the template, and an input fingerprint, which is a newly input fingerprint, around each feature point for each of the input fingerprint and the registered fingerprint. A feature point map generating means for creating an image having a specific luminance distribution and calculating the cross correlation of the images;
Search means for searching for a small image around the feature point of the registered fingerprint by matching around the coordinates corrected for misalignment on the image of the input fingerprint;
The biometric authentication system according to claim 1, further comprising: a determination unit that determines the identity of the template and the fingerprint image based on the number of the small images that are matched by the search.

Images