JP2008048263A - Challenge/response biometrics authentication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a challenge/response biometrics authentication method that can realize safe and convenient on-line biometrics authentication. <P>SOLUTION: The challenge/response biometrics authentication method for realizing on-line biometrics used in an environment wherein a user terminal that a user uses and an authentication server authenticating the user are connected to each other via a network. A phase only correlation (POC) image including biological information regarding the person himself is registered as a POC image for registration in the authentication server, in advance. The POC image, containing biological information regarding the user, is used as the POC image for authentication. The user terminal sends a POC image of a challenge code image sent from the authentication server and the POC image for authentication, as a response code, to the authentication server. The authentication server uses a POC image of the POC image for registration and the challenge code image as a POC image for collation, to perform convolution integrating operation between the POC image for collation and the response code, to authenticate the user. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a challenge / response authentication method capable of realizing safe and convenient online biometric authentication.

  Currently, in the ubiquitous information-oriented society, for example, electronic commerce via a network such as the Internet has been actively performed. In order to provide services in electronic commerce and to settle transactions, it is necessary to perform personal authentication via a network. As a mainstream of such personal authentication technology (hereinafter also referred to as online authentication technology) via a network, there is a challenge / response type authentication method.

  The challenge-response type authentication method is that a user who is a person to be authenticated in advance (the side to be authenticated) and an authentication server (a server side that authenticates the user, hereinafter simply referred to as a server) each have an encryption key. In addition, the user side encrypts a “challenge code” (usually, the challenge code is often a random number) sent from the server side using the encryption key that the user owns. To generate a “response code” and send it to the server side. Next, the server side decrypts the “response code” sent from the user side using the encryption key that it owns. , If the data obtained by decrypting the "response code" matches the "challenge code" that you generated, that is, the encryption key you have and the key you have When you are in the match, but that it was able to confirm the validity of the person.

  In the challenge-response type authentication method described above, when the common key cryptosystem is used, the user and the server share the same encryption key, and when the public key cryptosystem is used, the user and the server Each have a different encryption key.

  However, with the above-described existing challenge / response authentication technology (hereinafter simply referred to as “conventional challenge / response authentication technology”), even if the encryption key is different even by one bit, the challenge code is encrypted and the response code is decrypted. Since authentication cannot be performed accurately, there is a problem that authentication fails.

  That is, the conventional challenge-response authentication method has the inconvenience that the user needs to have a completely correct encryption key in order to succeed in authentication.

  Further, in the conventional challenge / response authentication method, there is a problem of “spoofing” when an encryption key is guessed or stolen by a non-person.

  On the other hand, in the conventional personal authentication technology, personal authentication is performed using a key / IC card that is possessed by the person who is the person to be authenticated and a password / password that is the knowledge possessed by the person. Therefore, there are problems such as “losing” or “stolen” the key / IC card, and “forgetting” or “guessing” the password / password.

  In order to solve this problem existing in the conventional personal authentication technology, instead of the key, IC card, password, PIN number, etc. used in the conventional personal authentication technology, the physical characteristics and behavior of the person to be authenticated Is a technique for authenticating an individual by using a characteristic characteristic or the like, that is, a characteristic unique to each individual (hereinafter also simply referred to as biometric information), “Bio-STRIX authentication technology (hereinafter also simply referred to as biometric authentication technology)” ”Has been developed and researched and is currently attracting the most attention as one of the leading personal authentication technologies.

  Such biometric authentication technology uses the physical characteristics, behavioral characteristics, etc. of the person to be authenticated, such as storing passwords / passwords used in conventional personal authentication technologies, possessing keys / IC cards, etc. Is an extremely convenient authentication technique and more reliable than conventional personal authentication techniques.

  In this biometric authentication technique, for example, biometric information of the person to be authenticated such as a fingerprint, a palm shape, a face, a blood vessel pattern (finger, back of hand, palm), iris, retina, voice print, handwriting, and the like is used. Among them, biometric authentication using fingerprints is often used because of its convenience.

  Biometric authentication technology that has the advantage of being convenient and having high reliability has already been introduced as a means for verifying the identity of customers required for financial services in the financial field including major banks.

Focusing on the high reliability of the biometric authentication technology mentioned above, as a personal authentication technology that combines this biometric authentication technology and the conventional challenge-response authentication technology that is the mainstream of online authentication technology, When the encryption key possessed by the user required for the challenge-response authentication technology is stored in a secure storage medium such as an IC card, for example, when accessing the encryption key stored in the IC card or the like, There is a technique for performing biometric authentication based on user biometric information (hereinafter, also simply referred to as online biometric authentication technique or online biometric authentication method) (see Patent Document 1 and Non-Patent Document 1).
JP 2001-344213 A Hiroyuki Suzuki, Yasuga Yamatani, Takashi Oo, Masahiro Yamaguchi, Nagaaki Oyama, "Fingerprint verification based on optical encryption for IC card holder authentication", Optics, Vol.33, No.1, p.37-44 , 2004

  However, even if the above-described online biometric authentication technology exists, it cannot be said that a technology for safely performing personal authentication using biometric information has already been established in the online personal authentication field.

  The cause is that it is difficult to safely send biometric information about the user who is the person to be authenticated to the authentication server, and it is difficult to cancel or exchange the biometric information of the user once registered in the authentication server. by.

  In other words, the “safe and convenient online biometric technology” needs to satisfy the following three requirements.

  The first requirement is that biometric information used for authentication does not leak.

  As a second requirement, biometric information (registered biometric information) registered in the authentication server can be canceled / exchanged.

  A third requirement is that the authentication does not require a storage medium for safely storing information such as an IC card. That is, convenience is required.

  The present invention has been made for the above-mentioned circumstances, and the object of the present invention is to meet all the above three requirements, that is, to realize a safe and convenient online biometric authentication. It is to provide a method.

  The present invention relates to a challenge-response biometric authentication method used in an environment in which a user terminal used by a user and an authentication server for authenticating the user are connected via a network to realize online biometric authentication. The object of the present invention is to have a phase-only correlation (POC) image including biometric information relating to the person as a registration POC image registered in advance in the authentication server, and a POC image including biometric information related to the user as an authentication POC image. The user terminal sends a POC image of the challenge code image and the authentication POC image sent from the authentication server as a response code to the authentication server, and the authentication server sends the registration POC image and the registration POC image to the authentication server. The POC image with the challenge code image is used as a verification POC image, and the verification POC image By performing the convolution integral operation with the response code is achieved by authenticating the user.

  In addition, the object of the present invention is to provide a POC image of a first personal information image for registration obtained based on the biometric information of the principal and a second personal information image for registration obtained based on the personal information of the principal. Is registered in the registration database of the authentication server in advance as a registration POC image, and obtained based on the first personal information image for verification obtained based on the biometric information of the user and the personal information of the user A POC image with the second personal information image for verification is set as an authentication POC image, and the user terminal uses the challenge code image sent from the authentication server and the POC image with the authentication POC image as a response code. And the authentication server uses the POC image of the registration POC image and the challenge code image as a verification POC image, and the verification POC image The authentication result image is generated by performing a convolution integral operation with the response code, and the user is authenticated by the peak value of the intensity pattern of the generated authentication result image, or the first individual for registration The information image is a fingerprint image for registration obtained from the person, the second personal information image for registration is a key image for registration generated from a password determined by the person, and the first personal information image for verification Is a fingerprint image for verification obtained from the user, the second personal information image for verification is a key image for verification generated from a password determined by the user, and the challenge code image is generated by the authentication server A challenge code is generated and the image is generated from the generated challenge code, or the authentication result image is strong. When the peak value of the pattern has a value equal to or greater than a predetermined threshold, the user is determined as the person, and when the peak value of the intensity pattern of the authentication result image is smaller than the predetermined threshold, the user is determined as another person. Is achieved more effectively.

  Furthermore, the object of the present invention is to allow the information obtained by performing the first calculation based on a plurality of pieces of personal information including biometric information about the person to be registered in the authentication server in advance as personal composition information for registration, Information obtained by performing the first calculation based on a plurality of personal information including biometric information about the user is used as personal composite information for authentication, and the user terminal receives the challenge code sent from the authentication server, Information obtained by performing the second calculation based on the authentication personal composite information is sent as a response code to the authentication server, and the authentication server is based on the registration personal composite information and the challenge code. The information obtained by performing the second calculation is used as personal composite information for verification, and the personal composite information for verification and the response A third operation based on the user ID, authenticating the user, or the first operation and the second operation as phase-only correlation (POC), and the third operation as a convolution integral. Is achieved more effectively.

  The challenge-response biometric authentication method according to the present invention is a personal authentication method capable of realizing safe and convenient online biometric authentication. An image including biometric information of a person to be authenticated is directly encrypted by challenge-response authentication. It is characterized by being used as a key.

  According to the present invention having the above-described features, the person to be authenticated does not need to store an encryption key for authentication stored in a secure storage medium such as an IC card as in the prior art, You can safely send your biometric information to the authentication server without worrying about dropping or stealing the storage medium that stores the encryption key, and secure online biometric authentication without leaking biometric information used for authentication. There is an excellent effect that can be performed.

  In the present invention, it is also a great feature that an image generated from a plurality of types of images including biometric information of the person to be authenticated is used as an authentication encryption key.

  Therefore, according to the present invention having this feature, since individual images cannot be inferred from registered images registered in the authentication server, it is possible to realize high security with respect to the secrecy of personal information, and registration. By changing the combination of a plurality of images for generating an image, there is an excellent effect that the registered image registered in the authentication server can be canceled or changed. That is, according to the present invention, there is an excellent effect that the biometric information included in the registered image can be easily canceled or changed.

  The present invention relates to a challenge-response biometric authentication method capable of realizing safe and convenient online biometric authentication. Specifically, the present invention relates to a cipher used in a conventional challenge-response authentication technique using a common key cryptosystem. Instead of a key (hereinafter, also simply referred to as “conventional encryption key”), an image including biometric information (for example, fingerprint information) of the person who is the person to be authenticated is used in the challenge-response biometric authentication method of the present invention. As an encryption key (hereinafter, also simply referred to as “the present invention encryption key” or “encryption key”), the user side and the authentication server side possess a challenge-applied image pattern matching including biometric information. It relates to the response authentication method.

  That is, in the present invention, the biometric information of the person who is the person to be authenticated (hereinafter also simply referred to as first personal information) and the second personal information of the person (for example, the biometric information of the person or the person himself / herself is determined. And an encryption key is generated based on personal information such as a password.

  In other words, in the present invention, by using an image including the biometric information of the user who is the user to be authenticated as an encryption key for the challenge response, the biometric information is kept secret without leaking the biometric information of the user. Online biometric authentication can be performed.

  Further, in the present invention, at least two kinds of images can be superimposed by using multiple phase-only correlation (POC) to generate an encryption key, and registered in the authentication server. Individual images cannot be estimated from existing registered images. Therefore, in the present invention, the registered image registered in the authentication server can be easily canceled or the registered image can be easily changed by changing the combination of a plurality of images used for generating the encryption key.

  The best mode for carrying out the present invention will be described below in detail with reference to the drawings.

  Here, the flow of online biometric authentication by the challenge-response biometric authentication method of the present invention will be described based on the schematic diagram of FIG.

  Before online biometric authentication according to the present invention, first, as pre-registration, a phase-only correlation image (hereinafter also simply referred to as a registration POC image) between the first personal information image and the second personal information image of the user himself / herself is used. “Registration information” for personal authentication is sent from the user side to the authentication server. In the authentication server, “registration information” sent from the user, that is, “registration POC image” is stored in, for example, a database.

  Here, the “first personal information image” is an image obtained from the biometric information of the user himself / herself, and in the present embodiment, is a “fingerprint image” obtained from the fingerprint obtained from the user himself / herself. The “second personal information image” is another personal information image related to the user different from the first personal information image, and may be an image obtained from another biological information of the user himself / herself, However, in this embodiment, it is a “password image” obtained from the password determined by the user himself / herself.

  Further, “phase-only correlation” means Phase Only Correction, and hereinafter simply referred to as “POC”. The “phase-only correlation image” means an image obtained by POC calculation between images, and is simply referred to as “POC image” hereinafter.

  As illustrated in FIG. 1, for example, a “user terminal” used by a user who is a person to be authenticated and an “authentication server” for authenticating the user are connected to a network such as the Internet. As a specific authentication procedure, the user makes an access request to the authentication server from the user terminal in order to receive the service provided by the authentication server (step A1). Upon receiving the access request, the authentication server generates a challenge code and sends the generated challenge code to the user terminal (step A2).

  On the other hand, a user who is a person to be authenticated needs to create an “authentication POC image” in order to perform online personal authentication. The “authentication POC image” is a POC image of a first personal information image (fingerprint image) and a second personal information image (password image) of a user who is an authenticated person, and the first personal information of the user. It is an image generated from the POC calculation of the image (fingerprint image) and the second personal information image (password image).

  The user terminal that has received the challenge code sent from the authentication server generates a “response code”. That is, in the present invention, the POC image generated by the POC calculation of the “authentication POC image” and the “challenge code” in the user terminal is set as the “response code”.

  Next, the user terminal sends the generated “response code” to the authentication server (step A3).

  On the other hand, the authentication server that has received the “response code” from the user terminal generates a “verification POC image”. In other words, in the present invention, the “challenge code” generated by the authentication server and the “registration information” for personal authentication preregistered in the authentication server database (registration database), that is, the “registration POC image”. A POC image is generated, and the generated POC image is set as a “collation POC image”.

  As described above, when the “response code” is sent from the user terminal to the authentication server, and the authentication server generates the verification POC image, the personal authentication is performed. In other words, the authentication server verifies the “response code” and, specifically, performs identity authentication, that is, collation, by performing a convolution integral operation between the “collation POC image” and the “response code”.

  As a result of personal authentication, that is, as a result of collation, “registration POC image” and “authentication POC image” are generated from the same pair images (“fingerprint image” and “password image”), respectively. In other words, if the registered “fingerprint image” / “password image” matches the “fingerprint image” / “password image” obtained from the person to be authenticated, the result is a convolution integral image. A sharp peak appears in the intensity pattern, and an authentication result that the person to be authenticated is the registered person is obtained, and the service is provided from the authentication server to the user terminal (step A4).

  On the other hand, if the person to be authenticated is not the registered person, the registered “fingerprint image” and “password image” do not match the “fingerprint image” and “password image” obtained from the person to be authenticated. As a result, no peak appears in the intensity pattern of the convolution integral image.

  As described above, online biometric authentication by the challenge-response biometric authentication method of the present invention is performed according to the flow shown in FIG. That is, it is a major feature of the present invention that an image including the user's own biometric information is used as an encryption key for the challenge / response.

  That is, in the user terminal, an “authentication POC image” which is a POC image of the fingerprint image of the user who is the user to be authenticated and the password image is used as an encryption key on the user side. The “registration POC image” that is the POC image with the password image is used as the encryption key on the authentication server side.

  In the embodiment described above, the fingerprint image and the password image are used for generating the encryption key. For example, if another image is used instead of the fingerprint image or the password image, “ Both “fingerprint image” and “password image” can be easily canceled or changed.

The above has described the challenge-response biometric authentication method of the present invention along the embodiments. Hereinafter, the principle and the procedure of each process in the online biometric authentication according to the present invention will be described in detail.

<1> Phase only correlation (POC)
The present invention focuses on the use of multiple phase-only correlations (POC), and firstly, a biometric authentication method (hereinafter referred to as “registration image”) that can cancel / change a registered image (registration POC image) including the user's own biometric information. (Also referred to simply as biometric authentication method that can cancel registered image cancellation), and by applying this method to challenge-response authentication, which is online authentication, a safe and convenient online biometric that has not been realized so far Realize authentication.

  Here, first, the phase only correlation (POC) will be described.

  POC is a correlation method that can perform image collation with higher accuracy than a normal correlation method. Specifically, by multiplying Fourier images with constant amplitude components, and performing inverse Fourier transform on them. If the obtained images are similar, their POCs show a sharp peak, otherwise a random pattern is generated.

  That is, the height of the POC peak is an index for examining the similarity between images. In particular, it has been shown that the POC of a fingerprint image, which is a kind of biometric information, has sufficient performance to distinguish the person from others.

  The Fourier transform of the images g (x, y) and h (x, y) is expressed by the following equations 1 and 2.

ここで、

は画像ｇ(ｘ,ｙ)のフーリエ変換を、

は画像ｈ(ｘ,ｙ)のフーリエ変換をそれぞれ表す。また、

はそれぞれ画像ｇ(ｘ,ｙ)及びｈ(ｘ,ｙ)の振幅成分で、

は、それぞれ画像ｇ(ｘ,ｙ)及びｈ(ｘ,ｙ)の位相成分である。

here,

Is the Fourier transform of the image g (x, y),

Represents the Fourier transform of the image h (x, y). Also,

Are the amplitude components of the images g (x, y) and h (x, y), respectively.

Are phase components of the images g (x, y) and h (x, y), respectively.

  A POC image is obtained by multiplying the Fourier images with the above amplitude components made constant. When expressed by a mathematical formula, the following equation 3 is established.

ここで、

は、画像ｇ(ｘ,ｙ)とｈ(ｘ,ｙ)のＰＯＣ画像を表す。

＜２＞ 登録画像取消変更可能な生体認証方法
登録画像取消変更可能な生体認証とは、登録時には、本人の生体情報（登録用指紋画像）と、本人が決めたパスワードから生成される「キー画像」（登録用キー画像）とのＰＯＣ画像（以下、単に登録画像とも称する）をテンプレートとして登録しておく。

here,

Represents a POC image of images g (x, y) and h (x, y).

<2> Biometric authentication method capable of canceling / changing registered image Biometric authentication capable of canceling / changing registered image refers to a “key image” generated from the biometric information (fingerprint image for registration) of a person and a password determined by the person at the time of registration. "(A registration key image) and a POC image (hereinafter also simply referred to as a registered image) are registered as templates.

  At the time of verification, first, a POC image (hereinafter referred to as a “key image” (verification key image) generated from the biometric information (verification fingerprint image) of the user who is the person to be authenticated and a password determined by the user. Next, convolution integration of the generated matching POC image and the registered image registered as a template is performed.

  Here, when the convolution integral image of the registered image and the matching POC image is X, the following equation 4 is established.

ここで、

は登録用指紋画像を、

は照合用指紋画像をそれぞれ表す。また、

は登録用キー画像を、

は照合用キー画像をそれぞれ表す。そして、☆は位相限定相関を示し、＊は畳み込み積分を示す。

は登録画像を表し、

は照合用ＰＯＣ画像を表す。

here,

Is a fingerprint image for registration,

Represents a fingerprint image for verification. Also,

Is the registration key image,

Represents a collation key image. * Indicates a phase-only correlation, and * indicates a convolution integral.

Represents a registered image,

Represents a matching POC image.

  On the other hand, if Y is a convolution integral image of POC images of fingerprint images (registration fingerprint image and verification fingerprint image) and POC images of key images (registration key image and verification key image), Is established.

ここで、

は、指紋画像同士（登録用指紋画像と照合用指紋画像）のＰＯＣ画像を表し、

は、キー画像同士（登録用キー画像と照合用キー画像）のＰＯＣ画像を表す。

here,

Represents a POC image of fingerprint images (a fingerprint image for registration and a fingerprint image for verification),

Represents a POC image of key images (registration key image and collation key image).

  Here, according to the combination rule and exchange rule of phase-only correlation and convolution integral, the following equation 6 is established in the above equations 4 and 5. That is, the convolution integral image X of the registered image and the matching POC image is equivalent to the convolution integral image Y of the POC image between the fingerprint images and the POC image between the key images.

ここで、登録画像と照合用ＰＯＣ画像がそれぞれ同一のペア画像（指紋画像及びキー画像）から生成されたものである場合には、指紋画像同士のＰＯＣ画像とキー画像同士のＰＯＣ画像との畳み込み積分画像Ｙは、ピーク画像同士の畳み込み積分となるため、鋭いピークが現れるが、登録画像と照合用ＰＯＣ画像がそれぞれ同一のペア画像（指紋画像及びキー画像）から生成されたものでない場合に、畳み込み積分画像の強度パターンにピークが現れない。

Here, when the registered image and the matching POC image are generated from the same pair image (fingerprint image and key image), convolution of the POC image between the fingerprint images and the POC image between the key images is performed. Since the integral image Y is a convolution integral between peak images, a sharp peak appears, but when the registered image and the matching POC image are not generated from the same pair image (fingerprint image and key image), No peak appears in the intensity pattern of the convolution integral image.

Therefore, personal authentication can be performed by looking at the peak value of the intensity pattern of the convolution integral image X of the registered image and the matching POC image.

<3> Evaluation Experiment for Biometric Authentication Method Described in <2> An experiment was performed to evaluate the accuracy of the biometric authentication method capable of canceling a registered image described in <2>. In the evaluation experiment, a user's fingerprint and a 4-digit password decided by the user himself were used as inputs.

  A random number was generated from a 4-digit password determined by the user, a random image was generated from the generated random number, and the generated random image was used as a “key image” for registration and verification. As for the “fingerprint image”, four fingerprint images for registration and 2 to 6 fingerprint images for registration were obtained from the index fingers of the right or left hand of eight users, and used for experiments.

  Images having three sizes of 128 × 128 [pixel], 256 × 256 [pixel], and 512 × 512 [pixel] were prepared, and an evaluation experiment was performed on each size image. Further, since POC has a property of being greatly affected by rotation, at the time of collation, collation was performed while rotating the obtained fingerprint image by 3 degrees within a range of ± 9 °.

  The personal authentication accuracy evaluation results when the image size is 256 × 256 [pixel] and 128 × 128 [pixel] are shown in FIGS. 2 and 3, respectively. 2 and 3, the horizontal axis indicates a threshold value, and the vertical axis indicates FRR (False Rejection Rate) and FAR (False Acceptance Rate). It represents changes in FRR (person rejection rate) and FAR (other person acceptance rate) when the threshold is changed.

  The “threshold value” here means the peak value of the intensity pattern of the authentication result image, that is, the peak value of the intensity pattern of the authentication result image obtained by actually performing authentication is lower than this threshold value. Therefore, the user is determined to be another person.

  From FIG. 2 and FIG. 3, it is clear that by setting an appropriate threshold value, it is possible to realize authentication that prevents both the rejection of the principal and the acceptance of the other person. Similar results were obtained not only when the image size was 256 × 256 [pixel] and 128 × 128 [pixel], but also when the image size was 512 × 512 [pixel].

  In the evaluation experiment, the processing time from when the user's fingerprint and password were input until the result of identity determination was obtained was also measured.

  The registered image cancellation changeable biometric authentication method described in <2> is a personal computer (main memory: 1.99 GB, CPU: Intel Pentium D (registered trademark) equipped with an operating system called Microsoft Windows XP Professional (registered trademark). ) When mounted at 2.80 GHz), the processing time measurement results are shown in Table 1 below.

表１から、画像サイズが５１２×５１２[pixel]の場合は、５０秒の処理時間が必要であるが、画像サイズが１２８×１２８[pixel]、２５６×２５６[pixel]の場合は、現在既存の認証システムに比べて劣ることは全くなくて、十分実用的な処理時間を得られたことは明らかである。

From Table 1, when the image size is 512 × 512 [pixel], a processing time of 50 seconds is required. However, when the image size is 128 × 128 [pixel], 256 × 256 [pixel], it is currently existing. It is clear that a sufficiently practical processing time was obtained without any inferiority to the authentication system.

That is, it is clear that a safe and convenient practical authentication system can be constructed if the biometric authentication method capable of canceling the registered image described in <2> is implemented on a personal computer that is currently most widely used.

<4> Application of the biometric authentication method described in <2> to challenge-response type authentication In the present invention, the biometric authentication method capable of canceling the registered image cancellation described in <2> is used for online authentication using temporary information. By extending to challenge-response type authentication, online secure and convenient biometric authentication is realized.

  Specifically, the present invention focuses on the following and realizes safe and convenient biometric authentication online.

  The biometric authentication method capable of canceling and changing the registered image described in <2> means that two images (a “fingerprint image” that is biometric information and a “key image” that is generated from a password that is personal information) are subjected to multiple correlation calculations. In the present invention, the present invention further multiplexes the two images obtained by imaging the “challenge code” necessary for challenge-response type authentication on the two images. Realize safe and convenient biometric authentication.

  That is, two pieces of personalized information (“fingerprint image” which is biometric information and “key image” generated from a password) and an imaged “challenge code” (hereinafter also simply referred to as “challenge code image”) These three images are referred to as “response codes”.

  The “response code” is generated on the user terminal side and the authentication server side, and the generated response codes are subjected to a convolution integral operation to perform online personal authentication using biometric information.

  That is, as the authentication result image, an image X represented by the following formula 7 (convolution integration image of generated response codes) is obtained.

ここで、

は登録用指紋画像を、

は照合用指紋画像をそれぞれ表す。また、

は登録用キー画像を、

は照合用キー画像をそれぞれ表す。

は画像化したチャレンジコード、すなわち、チャレンジコード画像を表す。そして、☆は位相限定相関を示し、＊は畳み込み積分を示す。

here,

Is a fingerprint image for registration,

Represents a fingerprint image for verification. Also,

Is the registration key image,

Represents a collation key image.

Represents an imaged challenge code, that is, a challenge code image. * Indicates a phase-only correlation, and * indicates a convolution integral.

は、登録画像とチャレンジコード画像とのＰＯＣ画像を表し、即ち、ユーザ端末側で生成された「レスポンスコード」を表す。一方、

は、照合用ＰＯＣ画像とチャレンジコード画像とのＰＯＣ画像を表し、即ち、認証サーバ側で生成された「レスポンスコード」を表す。 And

Represents a POC image of a registered image and a challenge code image, that is, a “response code” generated on the user terminal side. on the other hand,

Represents a POC image of a matching POC image and a challenge code image, that is, a “response code” generated on the authentication server side.

  Here, considering the registered image cancellation changeable biometric authentication method described in <2>, the image X represented by Equation 7 (the convolution integral image of the generated response codes) is the image Y represented by Equation 8 below. Is equivalent to

  When the registered image and the matching POC image are generated from the same pair image (fingerprint image and key image), a sharp peak appears in the intensity pattern of the image X (authentication result image). If the matching POC images are not generated from the same pair images (fingerprint image and key image), no peak appears in the intensity pattern of the image X (authentication result image).

  Therefore, personal authentication (person identification) can be performed by looking at the peak value of the intensity pattern of the image X (authentication result image).

＜５＞ 本発明で利用される指紋画像
ここで、本発明で利用される指紋画像の一例を図４に示す。図４に示す指紋画像は、センサにより取得され、０〜２５５までの階調を有しており、その画像サイズは２５６×２５６[pixel]である。

＜６＞ 本発明における「キー画像」の生成方法
ここで、本発明で用いられる「キー画像」の生成方法について詳細に説明する。

<5> Fingerprint Image Used in the Present Invention An example of a fingerprint image used in the present invention is shown in FIG. The fingerprint image shown in FIG. 4 is acquired by a sensor and has gradations from 0 to 255, and the image size is 256 × 256 [pixel].

<6> Method for Generating “Key Image” in the Present Invention Here, a method for generating a “key image” used in the present invention will be described in detail.

  The “key image” of the present invention is generated from personal information. As one specific example, a “key image” is generated from a password determined by the user himself (for example, a four-digit password).

  Specifically, as shown in the flowchart of FIG. 5, first, the password p determined by the user himself is input (step S10). Next, an integer pseudo-random number sequence r [0, 255] having a pixel number length is generated using the input password p as a seed (step S11). Then, the generated pseudo-random number sequence r [0, 255] is input to the array as a pixel value (step S12). A key image is obtained based on the input pixel value (step S13).

A specific example of the “key image” generated as described above is shown in FIG. The “key image” shown in FIG. 6 has an image size of 256 × 256 [pixel] and has gradations from 0 to 255.

<7> Image Reduction Method Used in the Present Invention As shown in Table 1, the processing time from when the user's fingerprint and password are input until the result of personal authentication (identity determination) is obtained is as follows. (Fingerprint image and key image) There is a tendency to become longer as the size increases.

  Therefore, in the present invention, in order to shorten the processing time, 256 × 256 [pixel], 128 × 128 [pixel] fingerprint images and key images are used. In this case, the fingerprint image obtained by the sensor, It is necessary to reduce the original “key image” generated by the procedure described in <6> above.

  As a specific example, for example, a Lanczos 2 filter or a Lanczos 3 filter as shown in FIG. 7 can be used for image reduction. Incidentally, FIG. 7A shows a Lanczos2 filter, and FIG. 7B shows a Lanczos3 filter.

  Here, the case where a Lanczos3 filter is used for image reduction in the present invention will be considered.

  When Lanczos3 filter is used, the formula shown in Fig. 7 (B) is applied to the range from -3 to 3 on the horizontal axis (X axis) of Lanczos3 filter shown in Fig. 7 (B). One pixel after the reduction is determined. At this time, the problem is a unit in the range of -3 to 3.

  FIG. 7C shows a reference pixel sample of the Lanczos3 filter in the case of a reduction ratio of 11: 5 (same as 704 → 320). In FIG. 7C, the upper part corresponds to the original image, and the lower part corresponds to the reduced image.

  In FIG. 7C, first, the unit of the X axis is the width of one pixel in the reduced image. In the reduced image shown in the lower part of FIG. 7C, when obtaining the pixel value of the coordinates with the red circle at the center, the range of -3 to 3 is the range indicated by the arrow.

From the expression representing the Lanczos3 filter shown in FIG. 7B, the pixels (coordinates with gray circles) of the original image (shown in the upper part of FIG. 7C) within this range. Multiply with the calculated weight.

<8> Method for Generating Input Image in Present Invention A specific example of a fingerprint image acquired by a sensor is shown in FIG. However, when the fingerprint image shown in FIG. 4 is used as an input image as it is, when the POC is obtained using the input image, the fingerprint image is affected by the repeated Discrete Fourier Transform (DFT). Crossing of irrelevant sites occurs, and the peak when shifted is expected to be thick.

  Therefore, in the present invention, the fingerprint image acquired by the sensor is not directly used as the input image, that is, the image is enlarged by filling the periphery of the fingerprint image acquired by the sensor with a constant image value, and the enlarged image As an input image, the POC is obtained using the input image, thereby achieving the effect of narrowing the peak.

  In the present invention, the “key image” generated by the “key image” generation method described in <6> above is not directly used as an input image, but is generated as in the case of a fingerprint image acquired by a sensor. The image is enlarged by filling the periphery of the “key image” with a constant image value, and the enlarged image is used as an input image, and the POC is obtained using the input image, thereby reducing the peak. I try to achieve it.

  FIG. 8 shows an example of a fingerprint image that is an actual input image generated by the above method, and FIG. 9 shows an example of a key image that is an actual input image generated by the above method. . Both FIG. 8 and FIG. 9 have an image size of 256 × 256 [pixel], and have gradations from 0 to 255.

Incidentally, the input images of FIGS. 8 and 9 are generated in this way. That is, in order to reduce the image size of the input image to 256 × 256 [pixel], first, the image size of the acquired fingerprint image and the generated key image is reduced to ½, and the surroundings are set to a certain pixel value. Fill with. In the case of FIGS. 8 and 9, black and white are reversed.

<9> Method for Generating “Challenge Code Image” in the Present Invention In the present invention, “challenge code image” is also generated by the same method as the method for generating “key image” described in <6> above.

  The “challenge code image” of the present invention is generated by the authentication server by the procedure shown in FIG.

  Specifically, as shown in the flowchart of FIG. 10, first, the authentication server generates an integer having a predetermined number of digits (here, a 4-digit integer c) (step S20). Next, an integer pseudo-random number sequence s [0, 255] having a pixel number length is generated using the generated integer c as a seed (step S21). Then, the generated pseudo random number sequence s [0, 255] is input to the array as a pixel value (step S22). Based on the input pixel value, a “challenge code image” is obtained (step S23).

A specific example of the “challenge code image” generated as described above is shown in FIG. The “challenge code image” shown in FIG. 11 has an image size of 256 × 256 [pixel] and has gradations from 0 to 255.

<10> Registration Image and Authentication Result Image in Biometric Authentication According to the Present Invention Specific example of a registered image (registered POC image generated from a fingerprint image and a key image) registered in an authentication server in biometric authentication according to the present invention An example is shown in FIG. The “registered image” shown in FIG. 12 has an image size of 256 × 256 [pixel] and has gradations from 0 to 255.

  Further, in the biometric authentication according to the present invention, FIG. 13 shows an authentication result image (convolution integral image) and its intensity pattern when it is determined that the person to be authenticated (user) is the “person” registered in the authentication server. Show. That is, FIG. 13A represents a convolution integral image, and FIG. 13B represents an intensity pattern of the convolution integral image.

  In addition, when it is determined that the person to be authenticated (user) is not the “person” registered in the authentication server, that is, the authentication result image (convolution integral image) when the person to be authenticated (user) is another person and its The intensity pattern is shown in FIG. 14A shows the convolution integral image, and FIG. 14B shows the intensity pattern of the convolution integral image.

The “authentication result image” shown in FIGS. 13A and 14A has an image size of 256 × 256 [pixel] and has gradations from 0 to 255.

<11> “Registration process” in the present invention
FIG. 15 shows a flowchart for registering a “registration POC image” which is registration information for personal authentication of a person who is a registration object in the present invention.

  As shown in FIG. 15, on the user terminal side, the fingerprint image a (x, y) of the principal to be registered and the password p determined by the principal are acquired (step S30). From the acquired password p, the original key image b (x, y) is generated by the image generation method described in <6> (step S31).

  By the image reduction method described in <7>, the acquired fingerprint image a (x, y) and the generated original key image b (x, y) are respectively reduced, and the surroundings are set to a constant pixel value. The registration fingerprint image A (x, y) and the registration key image B (x, y) are generated (step S32).

  By performing a POC operation on the generated registration fingerprint image A (x, y) and the generated registration key image B (x, y), a “registration POC image” A (x, y) ☆ B (x, y) is obtained (step S33).

  “POC image for registration” A (x, y) ☆ B (x, y) generated on the user terminal side is sent to the authentication server and registered in the registration database of the authentication server as the personal authentication registration information (Step S34).

In the present invention, when registering registration information, safety is ensured by, for example, carrying registered biometric information (registration POC image) through a secure communication path to the registration database.

<12> “Authentication process” in online biometric authentication according to the present invention
FIG. 16 shows a series of “authentication processing” in online biometric authentication according to the present invention.

  As shown in FIG. 16, when receiving an online authentication request such as access from a user terminal, the authentication server first generates a challenge code image C (x, y), and generates the generated challenge code image C ( x, y) is sent to the user terminal (step S40).

  On the other hand, on the user terminal side, the fingerprint image a ′ (x, y) of the user (user) who is the person to be authenticated and the password p ′ determined by the user are acquired (step S41). From the acquired password p ', the original key image b' (x, y) is generated by the image generation method described in <6> (step S42).

  The acquired fingerprint image a ′ (x, y) and the generated original key image b ′ (x, y) are respectively reduced by the image reduction method described in <7>, and the surroundings are fixed pixels. The fingerprint image A ′ (x, y) for verification and the key image B ′ (x, y) for verification are generated by embedding with values (step S43).

  By performing a POC operation on the generated fingerprint image for verification A ′ (x, y) and the generated key image for verification B ′ (x, y), a “verification POC image” A ′ (x, y, y) ☆ B '(x, y) is obtained (step S44). The POC image A ′ (x, y) is generated by performing a POC operation on the generated “matching POC image” A ′ (x, y) * B ′ (x, y) and the challenge code image C (x, y). , y) * B '(x, y) * C (x, y) is obtained (step S45).

  Next, the user terminal sends the generated POC image A '(x, y) * B' (x, y) * C (x, y) to the authentication server (step S46).

  On the other hand, the authentication server obtains “registration POC image” A (x, y) * B (x, y), which is the registration information of the person, from the registration database (step S47), and “registration POC image” A ( POC image A (x, y) ☆ B (x, y) ☆ C (x) by performing POC operation on x, y) ☆ B (x, y) and challenge code image C (x, y) , y) is obtained (step S48).

  Next, the authentication server uses the POC image A ′ (x, y) ☆ B ′ (x, y) ☆ C (x, y) and the POC image A (x, y) ☆ B (x, y) ☆ C. Authentication result image (A (x, y) * B (x, y) * C (x, y)) * (A '(x, y) *) by performing a convolution integral operation with (x, y) B ′ (x, y) * C (x, y)) is obtained, and the peak value Z of the intensity pattern of the obtained authentication result image is calculated (step S49).

When the calculated peak value Z of the intensity pattern of the authentication result image is compared with an appropriate threshold value set in advance (step S50), and the peak value Z of the intensity pattern of the authentication result image has a value equal to or greater than the threshold value On the other hand, if the user (user) is authenticated (step S51), and the peak value Z of the intensity pattern of the authentication result image is smaller than the threshold value, the user (user) is not the person, that is, someone else Is determined (step S52).

<13> “Authentication process” performed by the user terminal according to the present invention.
FIG. 17 shows the procedure of “authentication processing” performed by the user terminal side in online biometric authentication according to the present invention.

  As shown in FIG. 17, the user terminal issues an online authentication request such as access to the authentication server, and then receives the challenge code image C (x, y) sent from the authentication server (step S60).

  On the user terminal side, the fingerprint image a ′ (x, y) of the user (user) who is the person to be authenticated and the password p ′ determined by the user are acquired (step S61). From the acquired password p ', the original key image b' (x, y) is generated by the image generation method described in <6> (step S62).

  The acquired fingerprint image a ′ (x, y) and the generated original key image b ′ (x, y) are respectively reduced by the image reduction method described in <7>, and the surroundings are fixed pixels. The fingerprint image A ′ (x, y) for verification and the key image B ′ (x, y) for verification are generated by embedding with values (step S63).

  By performing a POC operation on the generated fingerprint image for verification A ′ (x, y) and the generated key image for verification B ′ (x, y), a “verification POC image” A ′ (x, y, y) ☆ B ′ (x, y) is obtained (step S64). The POC image A ′ (x, y) is generated by performing a POC operation on the generated “matching POC image” A ′ (x, y) * B ′ (x, y) and the challenge code image C (x, y). , y) * B '(x, y) * C (x, y) is obtained (step S65).

  Next, the user terminal sends the generated POC image A ′ (x, y) * B ′ (x, y) * C (x, y) to the authentication server (step S66).

Finally, the user terminal receives the authentication result sent from the authentication server (step S67).

<14> “Authentication process” performed by the authentication server in the present invention
FIG. 18 shows a procedure of “authentication processing” performed by the authentication server in the online biometric authentication according to the present invention.

  As shown in FIG. 18, when receiving an online authentication request such as access from a user terminal, the authentication server first generates a challenge code image C (x, y), and generates the generated challenge code image C ( x, y) is sent to the user terminal (step S70).

  Next, the authentication server receives the POC image A ′ (x, y) * B ′ (x, y) * C (x, y) sent from the user terminal (step S71).

  Next, the authentication server obtains “registration POC image” A (x, y) * B (x, y), which is the registration information of the person, from the registration database (step S72), and “registration POC image” A By performing a POC operation on (x, y) * B (x, y) and the challenge code image C (x, y), a POC image A (x, y) * B (x, y) * C ( x, y) is obtained (step S73).

  Next, the authentication server uses the POC image A ′ (x, y) ☆ B ′ (x, y) ☆ C (x, y) and the POC image A (x, y) ☆ B (x, y) ☆ C. Authentication result image (A (x, y) * B (x, y) * C (x, y)) * (A '(x, y) *) by performing a convolution integral operation with (x, y) B ′ (x, y) * C (x, y)) is obtained, and the peak value Z of the intensity pattern of the obtained authentication result image is calculated (step S74).

  When the calculated peak value Z of the intensity pattern of the authentication result image is compared with an appropriate threshold value set in advance (step S75), and the peak value Z of the intensity pattern of the authentication result image has a value equal to or greater than the threshold value On the other hand, if the user (user) is authenticated (step S76), and the peak value Z of the intensity pattern of the authentication result image is smaller than the threshold value, the user (user) is not the person, that is, someone else Is determined (step S77).

Finally, the authentication server transmits an authentication result that the user (user) is the user or the user (user) is another person to the user terminal (step S78).

Although the embodiment of the challenge-response biometric authentication method of the present invention (hereinafter simply referred to as the first embodiment) has been specifically described above, another embodiment of the present invention will be described as follows.

  In other words, another embodiment of the present invention (hereinafter simply referred to as the second embodiment) is characterized in that a challenge / response encryption key is generated based on a plurality of personal information of the person who is the person to be authenticated. Say).

  In short, in the online biometric authentication according to the second embodiment of the present invention, the procedures of “registration processing” and “authentication processing” are the same as those in the first embodiment described above. Regarding the “registration POC image”, “verification POC image”, “authentication POC image”, and “response code” used, different information is used in the second embodiment.

  That is, the “registration POC image” in the first embodiment becomes “registration personal composite information” in the second embodiment. The “matching POC image” in the first embodiment becomes “matching personal composition information” in the second embodiment. The “authentication POC image” in the first embodiment is “authentication personal composite information” in the second embodiment. The information content of “response code” in the second embodiment is different from the information content of “response code” in the first embodiment.

  Here, a method of generating “registration personal composite information”, “verification personal composite information”, “authentication personal composite information”, and “response code” in the second embodiment will be described.

（Ｎは２以上の自然数である）とする。「登録用個人合成情報」は、下記数１０で表すことができる。 First, multiple personal information including biometric information about the person used at the time of pre-registration

(N is a natural number of 2 or more). “Personal composite information for registration” can be expressed by the following formula 10.

ただし、

は個人情報

を結合させるための演算子を表す。また、

は「登録用個人合成情報」を表す。なお、数１０のように生成された「登録用個人合成情報」

は、認証サーバの登録データベースに事前登録されておく。

However,

Is personal information

Represents an operator for combining. Also,

Represents “registration personal composite information”. “Personal composite information for registration” generated as shown in Equation 10

Is pre-registered in the registration database of the authentication server.

（Ｎは２以上の自然数である）とする。「認証用個人合成情報」は、下記数１１で表すことができる。 A plurality of personal information including biometric information about a user who is a person to be authenticated used at the time of personal authentication

(N is a natural number of 2 or more). “Personal composite information for authentication” can be expressed by the following equation (11).

ただし、

は個人情報

を結合させるための演算子を表す。また、

は「認証用個人合成情報」を表す。

However,

Is personal information

Represents an operator for combining. Also,

Represents “personal composite information for authentication”.

を生成し、生成したチャレンジコード

をユーザ端末に送付する。 The authentication server that receives the authentication request such as an access request from the user terminal

And the generated challenge code

Is sent to the user terminal.

とする。 Here, the challenge code received by the user terminal

And

を認証サーバに送付する。 After receiving the challenge code, the user terminal generates a “response code” as shown in Equation 12 below, and generates the generated “response code”.

Is sent to the authentication server.

ただし、

はユーザ端末が生成した「レスポンスコード」を表す。

はユーザ端末が受け取った「チャレンジコード」を表す。

は「レスポンスコード」

を生成するための演算子を表す。また、

は数１１に示されたように生成された「認証用個人合成情報」である。

However,

Represents a “response code” generated by the user terminal.

Represents a “challenge code” received by the user terminal.

Is "response code"

Represents an operator for generating. Also,

Is “personal composite information for authentication” generated as shown in Expression 11.

を受け取った認証サーバは、登録データベースから「登録用個人合成情報」

を取り出し、その

と認証サーバ自身が生成した「チャレンジコード」

とに基づいて、下記数１３のように「照合用個人合成情報」を生成する。 And the “response code” sent from the user terminal

The authentication server that received the "Personal composition information for registration" from the registration database

Take out that

"Challenge code" generated by the authentication server itself

Based on the above, the “personal composite information for verification” is generated as shown in the following equation (13).

ただし、

は認証サーバ側で生成した「照合用個人合成情報」を表す。

は「照合用個人合成情報」

を生成するための演算子を表す。

However,

Represents “personal composite information for verification” generated on the authentication server side.

"Personal composite information for verification"

Represents an operator for generating.

と、ユーザ端末から送付されてきた「レスポンスコード」

を検証する。 Next, the authentication server determines whether or not the user who is the person to be authenticated is the registered person, and generates “personal composite information for verification”.

"Response code" sent from the user terminal

To verify.

ただし、

はユーザ端末から送付されてきた「レスポンスコード」を表す。

は認証サーバが生成した「照合用個人合成情報」を表す。また、

は「レスポンスコード」

と「照合用個人合成情報」

を検証するための演算子を表す。

However,

Represents a “response code” sent from the user terminal.

Represents the “personal composite information for verification” generated by the authentication server. Also,

Is "response code"

And "Personal composite information for verification"

Represents an operator for validating.

と「照合用個人合成情報」

について

の演算を行い、この演算結果によって、被認証者であるユーザが、認証サーバに事前登録された「登録用個人合成情報」の持主である本人であるか否かを判定する。 That is, as shown in Equation 14, the “response code”

And "Personal composite information for verification"

about

It is determined whether or not the user who is the person to be authenticated is the person who owns the “personal composite information for registration” pre-registered in the authentication server based on the calculation result.

に求められる要件は、以下の３つである。
要件その１：
下記数１５が成り立つこと。 Where the above operator

The following three requirements are required.
Requirement # 1:
The following formula 15 holds.

ただし、演算子

は、被認証者であるユーザ及び認証サーバに登録された本人に関する二つの個人情報（即ち、

ここで、ｋ＝１,…,Ｎ、以下、単に個人情報ペアとも称する。）が類似する場合にのみにある出力値（例えばデルタ関数）を得られるものである。

However, the operator

Is the personal information (i.e., the user who is to be authenticated and the personal information registered with the authentication server)

Here, k = 1,..., N, hereinafter, also simply referred to as a personal information pair. ) Can be obtained only when they are similar (for example, a delta function).

は、被演算子のＡＮＤを出力させるものであり、つまり、すべての個人情報ペアが一致した場合のみある出力値を得られるものである。 operator

Is to output an AND of operands, that is, an output value can be obtained only when all personal information pairs match.

は、被演算子のＡＮＤを出力させるものであり、つまり、すべての個人情報ペアが一致した場合、且つ、二つのチャレンジコード

が一致した場合のみある出力値を得られるものである。 operator

Is to output the AND of the operands, that is, when all personal information pairs match, and two challenge codes

An output value can be obtained only when the two match.

は、二つのチャレンジコード

が一致する場合にのみにある出力値（例えばデルタ関数）を得られるものである。

要件その２：

が推定困難なこと。同様に、

が推定困難なこと。

要件その３：

が推定困難なこと。同様に、

が推定困難なこと。 operator

Has two challenge codes

An output value (for example, a delta function) can be obtained only when the two match.

Requirement # 2:

Is difficult to estimate. Similarly,

Is difficult to estimate.

Requirement # 3:

Is difficult to estimate. Similarly,

Is difficult to estimate.

とすることができる。また、例えば、畳み込み積分を演算子

とすることができる。 As a specific example of the above-described operator, for example, a phase-only correlation is expressed as an operator.

It can be. Also, for example, the convolution integral is the operator

It can be.

It is a schematic diagram for demonstrating the flow of online biometric authentication by this invention. When the image size is 256 × 256 [pixel], it is a graph showing a personal authentication accuracy evaluation result by biometric authentication that can cancel and change a registered image. When an image size is 128x128 [pixel], it is a graph which shows the personal authentication precision evaluation result by biometric authentication which can cancel registration image cancellation. It is a figure which shows an example of the fingerprint image utilized by this invention. It is a flowchart which shows the production | generation procedure of the "key image" in this invention. It is a figure which shows a specific example of the "key image" used by this invention. FIG. 3 is a schematic diagram for explaining a Lanczos2 filter and a Lanczos3 filter used for image reduction in the present invention. It is a figure which shows a specific example of the "fingerprint image" used as an actual input image by this invention. It is a figure which shows an example of the "key image" used as an actual input image by this invention. It is a flowchart which shows the production | generation procedure of the "challenge code image" in this invention. It is a figure which shows one specific example of the "challenge code image" produced | generated by this invention. In this invention, it is a figure which shows a specific example of the "registration image" registered into the authentication server. In this invention, it is a figure which shows the specific example of the "authentication result image" at the time of determining with the person and its intensity pattern. In this invention, it is a figure which shows a specific example of the "authentication result image" at the time of determining with others and its intensity pattern. It is a flowchart which shows the procedure of the "registration process" of the user who is the principal in this invention. 7 is a flowchart showing a procedure of “authentication processing” in online biometric authentication according to the present invention. It is a flowchart which shows the procedure of the "authentication process" which a user terminal performs in the online biometric authentication by this invention. 7 is a flowchart showing a procedure of “authentication processing” performed by an authentication server in online biometric authentication according to the present invention.

Claims (6)

A user terminal used by a user and an authentication server for authenticating the user are used in an environment connected via a network, and is a challenge-response biometric authentication method for realizing online biometric authentication,
A phase-only correlation (POC) image containing biometric information about the person is registered as a registration POC image in the authentication server in advance,
A POC image including biometric information about the user is used as an authentication POC image,
The user terminal sends a POC image of the challenge code image and the authentication POC image sent from the authentication server to the authentication server as a response code,
The authentication server authenticates the user by performing a convolution integral operation of the verification POC image and the response code, using a POC image of the registration POC image and the challenge code image as a verification POC image. A challenge-response biometric authentication method. A user terminal used by a user and an authentication server for authenticating the user are used in an environment connected via a network, and is a challenge-response biometric authentication method for realizing online biometric authentication,
A POC image of the first personal information image for registration obtained based on the biometric information of the principal and the second personal information image for registration obtained based on the personal information of the principal is used as a registration POC image in advance. Register it in the registration database of the authentication server,
A POC image of the first personal information image for verification obtained based on the biometric information of the user and the second personal information image for verification obtained based on the personal information of the user is used as an authentication POC image,
The user terminal sends a POC image of the challenge code image and the authentication POC image sent from the authentication server to the authentication server as a response code,
The authentication server uses the POC image of the registration POC image and the challenge code image as a verification POC image, and generates an authentication result image by performing a convolution integral operation of the verification POC image and the response code A challenge-response biometric authentication method, wherein the user is authenticated by a peak value of an intensity pattern of the generated authentication result image. The first personal information image for registration is a fingerprint image for registration obtained from the principal, and the second personal information image for registration is a key image for registration generated from a password determined by the principal;
The first personal information image for verification is a fingerprint image for verification obtained from the user, and the second personal information image for verification is a key image for verification generated from a password determined by the user,
The challenge-response biometric authentication method according to claim 2, wherein the challenge code image is an image generated from the challenge code generated by the authentication server generating a challenge code. When the peak value of the intensity pattern of the authentication result image has a value equal to or greater than a predetermined threshold, the user is determined as the person,
The challenge-response biometric authentication method according to claim 2 or 3, wherein when the peak value of the intensity pattern of the authentication result image is smaller than a predetermined threshold, the user is determined to be another person. A user terminal used by a user and an authentication server for authenticating the user are used in an environment connected via a network, and is a challenge-response biometric authentication method for realizing online biometric authentication,
Information obtained by performing the first calculation based on a plurality of personal information including biometric information about the person as personal registration information for registration is registered in the authentication server in advance,
Information obtained by performing the first calculation based on a plurality of personal information including biometric information about the user is personal authentication information for authentication,
The user terminal sends, as a response code, information obtained by performing a second operation based on the challenge code sent from the authentication server and the personal composite information for authentication to the authentication server,
The authentication server uses the information obtained by performing the second calculation based on the registration personal composition information and the challenge code as collation personal composition information, the collation personal composition information, the response code, A challenge-response biometric authentication method for authenticating the user by performing a third calculation based on the method.   The challenge-response biometric authentication method according to claim 5, wherein the first calculation and the second calculation are phase-only correlations (POC), and the third calculation is a convolution integral.

Images