JP2008153799A - Electronic signature system using biological information - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an electronic signature system which enables a user to electronically sign electronic data, data, etc., by using characteristic biological information that an individual's body has. <P>SOLUTION: The electronic signature system includes a storage device 203 in which a plurality of pieces of information on a biological feature point group comprising information of a plurality of biological feature points associated with the biological information of the user are generated, and the generated information on the biological feature point group and the biological information are registered, a managing program 202 which selects information at random from information of a plurality of biological feature point groups registered in the recording device 203 on the basis of an individual number of the user when an electronic signature is generated, and a signature program 108 which generates a first electronic signature 111 using biological information 109 collected for electronic signature generation from the user on the basis of the biological management information selected at random and electronic data to be signed. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an electronic signature system using biometric information, and in particular, use of biometric feature points having a shooting angle, selection of a random biometric feature point group, use of a hash function, creation of an electronic signature using biometric feature points And regarding confirmation.

  Biometric information is unique to an individual's body, is not stolen like a key, and can be prevented from impersonating, so in general, the security of devices and systems that use biometric information is high. It is believed that.

  However, the possibility of mathematical errors in any system cannot be denied. There is a problem of reducing the error occurrence probability.

In order to solve such problems, for example, as described in Japanese Patent Application Laid-Open No. Sho 61-175865 (Patent Document 1), when the biometric information is a fingerprint pattern, the type and order of the fingers to be collated are determined. In addition, there has been a technique in which the biometric information recognition device is read by the person in the order determined.
Further, in the fingerprint collation device in Patent Document 1, since the types and order of a plurality of fingers to be collated are fixedly set, for example, as described in JP-A-11-1053540 (Patent Document 2), A collation method in which a plurality of biometric information is registered in advance for each type, at least one of the registered biometric information is randomly selected, and input of biometric information of the randomly selected type is instructed. there were.

As for the biometric information authentication device, for example, as described in JP-A-2005-316750 (Patent Document 3), “By generating and adding an electronic signature to biometric information using an electronic key” “Generate biometric information for authentication”, “Receive biometric information of the user and biometric information for authentication with an electronic signature added to the biometric from the user terminal”, “Decrypted biometric information for authentication, and the user There was a biometric authentication device that collates the biometric information of
JP-A-61-175865 JP 11-1053540 A JP 2005-316750 A

However, among the above-described conventional techniques, the technique described in Patent Document 1 causes the biometric matching device to recognize a plurality of specific fingers in the order in which the person recognizes, and is described in Patent Document 2. In this technique, at least one of a plurality of pieces of biological information in which the device is registered is randomly selected, the input of the selected type of biological information is instructed, and personal verification is performed. It does not relate to electronic signatures using information.
In addition, the technique described in Patent Document 3 generates biometric information for authentication by generating and adding an electronic signature to biometric information using an electronic key. It is not a technology to sign electronically.

  Accordingly, a first object of the present invention is to provide an electronic signature system that allows a user to electronically sign electronic data, data, and the like using unique biometric information provided in an individual's body. There is. If an electronic signature can be made using unique biometric information that the user has, unlike the electronic certificate stored on the medium, there is no theft or misplacement, and there is no need to carry the medium. Convenience is improved.

On the other hand, even in the case where an electronic signature is performed using biometric information, prevention of impersonation is important as in the technique described in Patent Document 1 and the technique described in Patent Document 2.
Therefore, a second object of the present invention is to provide an electronic signature system that can realize an effective countermeasure against impersonation.

  A feature of the present application is that an electronic book name is given using the biological information of the user. In particular, it is characterized by using biological information indicated by three-dimensional information. Further, the present invention includes using each of biological information captured at a plurality of imaging (input) angles as the biological information.

  Of the inventions disclosed in the present application, the outline of typical ones will be briefly described as follows.

An electronic signature system according to the present invention is an electronic signature system that generates an electronic signature to be attached to electronic data using biometric information of a user, and collects biometric information from a user in advance, A plurality of biometric feature point group information composed of information on a plurality of biometric feature points related to biometric information, and means for registering the biometric feature point group information and biometric information created in the storage device;
When generating an electronic signature, a user's personal number and instructions regarding the electronic data to be digitally signed are input, and an electronic signature is obtained from information on a plurality of biometric feature point groups registered in the storage device based on the input personal number Means for randomly selecting a biometric feature point group to be used for,
Means for creating a first electronic signature to be attached to electronic data using information and electronic data belonging to a biometric feature point group of biometric information collected from a user to generate an electronic signature is there.
An electronic signature system according to the present invention is an electronic signature system that generates an electronic signature to be attached to electronic data using a user's biometric information, and previously collects a plurality of biometric information about the user from different angles. Based on the collected biometric information, information on a plurality of biometric feature point groups including information on a plurality of biometric feature points related to biometric information is created, and information on the biometric feature point group having the created angle as an attribute And means for registering biometric information in the storage device;
When generating an electronic signature, a user's personal number and instructions regarding electronic data to be digitally signed are input and used for electronic signature from information of a plurality of biometric feature point groups registered in the storage device based on the input personal number. Means for randomly selecting a biometric feature point group having a specific angle;
Means for creating a first electronic signature attached to the electronic data using information and electronic data belonging to the biometric feature point group having a specific angle selected from the biometric information collected from the user;
Means for creating a second electronic signature using information and electronic data belonging to a biometric feature point group having a specific angle selected from the biometric information of the user registered in the storage device, and the first electronic Means for comparing a signature with a second electronic signature and confirming the signature of the first electronic signature.

An electronic signature system according to the present invention is an electronic signature system that generates an electronic signature to be attached to electronic data using a user's biometric information, and previously collects a plurality of biometric information about the user from different angles. Based on the collected biometric information, information on a plurality of biometric feature point groups including information on a plurality of biometric feature points related to biometric information is created, and information on the biometric feature point group having the created angle as an attribute And means for registering biometric information in the storage device;
When generating an electronic signature, a user's personal number and instructions regarding electronic data to be digitally signed are input and used for electronic signature from information of a plurality of biometric feature point groups registered in the storage device based on the input personal number. Means for randomly selecting a biometric feature point group having a specific angle;
Means for creating a first electronic time stamp using information belonging to a biometric feature point group having a specific angle selected from biometric information collected from a user, and a date and time of creating an electronic signature;
A second electronic time stamp is created using information belonging to a biometric feature point group having a specific angle selected from the biometric information of the user registered in the storage device, and the date and time when the electronic signature was created And means for comparing the first electronic time stamp and the second electronic time stamp to confirm the date and time of the first electronic time stamp.

  Note that the present invention includes processing the acquired biometric information (or its feature value) and the master biometric information (or its feature value) by performing a conversion process such as encryption. That is, the signature may be created using the converted one.

  The effects obtained by typical ones of the inventions disclosed in the present invention will be briefly described as follows.

  According to the present invention, since the electronic data is signed using the unique biometric information attached to the user, the electronic data is stolen unlike the case where the electronic data is signed using the electronic certificate registered in the external storage medium. In addition, since troublesome external storage media is not required, convenience is improved.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted.

<Basic concept of electronic signature system>
First, the basic concept of an electronic signature system according to an embodiment of the present invention will be described.

The present invention relates to a technique for electronically signing electronic data using unique biometric information such as fingerprints and veins.
The procedure for creating an electronic signature is to first repeat the function processing of extracting a part by inputting the binary representation of the electronic data to be signed into a hash function such as MD4, MD5, or SHA. Thus, a first hash value of 128 to 512 bits is created.
Next, a biometric feature point included in a fingerprint image, fingerprint pattern, vein image, vein pattern, or the like is collected, and an intermediate numerical value calculated by multiplying the characteristic value of the collected biometric feature point by the first hash value, Furthermore, the hash result created by inputting to the hash function is handled as electronic signature data.

  The characteristic value of the biometric feature point may be a unique numerical value formed by a plurality of biometric feature points. For example, the shortest side of the three sides of the triangle formed by the three feature points on the two-dimensional plane There is a mathematical formula that calculates by multiplying the length of the middle side by the maximum side length, but this is not necessarily limited to this formula. Other characteristic values such as the calculated value may be used.

In addition, when calculating the characteristic value of the biometric feature point, it is not always necessary to use a triangle, and in order to improve accuracy, a polygon more than a quadrangle may be used, and a plurality of two-dimensional images with different shooting angles may be used. You may combine the intrinsic | native numerical value which the polygon on a plane forms.
In the present embodiment, since the electronic signature is performed using the characteristic value of the biometric feature point, unlike the electronic certificate stored in the medium as described above, there is no theft or misplacement. Convenience and safety are improved because there is no need to carry it.

The biometric feature points will be described. The feature points in the fingerprint image include a center point representing the center of the fingerprint pattern, a triangle representing a gathering from three directions, an end point representing the dead end of the fingerprint convex pattern, and a fingerprint convex part. In the present invention, these feature points are treated as two-dimensional coordinate information and used for creating and checking an electronic signature.
In addition, when describing the fingerprint pattern, there are a center point that represents the center of the fingerprint pattern, a triangle that represents a gathering from three directions, an end point that represents the dead end of the fingerprint convex pattern, a branch point that represents the branching of the fingerprint convex pattern, etc. The feature points of the pattern to be formed are handled as two-dimensional coordinate information and used to create and confirm an electronic signature.

Further, in this embodiment, the electronic signature is performed using the two-dimensional biological information, but the reference center point is set according to the type of the biological body. The coordinate of the biometric feature point is measured with the center point of the fingerprint as the center of the two-dimensional coordinate.
Biometric feature points in vein images include vein branch points, the positional relationship between a certain vein branch point and another vein branch point, the relative positional relationship between a specific vein line and another vein line, and the thickness of the vein There are refracting points and refraction angles of veins, and these feature points are treated as two-dimensional coordinates and used to create and confirm electronic signatures.

  In addition, regarding the fingerprint pattern, the vein branch point, the positional relationship between one vein branch point and another vein branch point, the relative positional relationship between a specific vein line and another vein line, the vein thickness, vein refraction The feature points of the pattern formed by the dots and the refraction angle are used for creating and confirming the electronic signature.

  A hash function is a function that creates a 128- to 512-bit hash value by repeating function processing that extracts a part from a binary representation of a character string such as a document or a number. Examples include MD4, MD5, and SHA. One of the features of this hash function is unidirectionality, and it has been devised to make it difficult to generate an original document or number from a hash value stochastically.

<Configuration of electronic signature system>
Next, the configuration of an electronic signature system according to an embodiment of the present invention will be described with reference to FIGS.

  FIG. 1 is a block diagram showing a configuration of an electronic signature system according to an embodiment of the present invention, FIG. 2 is an explanatory diagram for explaining a biometric information recognition apparatus of the electronic signature system according to an embodiment of the present invention, and FIG. It is explanatory drawing for demonstrating the fingerprint sensor of the electronic signature system in one Embodiment of this invention.

In FIG. 1, the electronic signature system includes an electronic signature subsystem 100 and a biological information management subsystem 200, and the electronic signature subsystem 100 and the biological information management system 200 are connected by a network 10.
First, the electronic signature subsystem 100 will be described.
The electronic signature subsystem 100 includes a biometric information recognition device 101 for reading biometric information of a user, a near infrared light source 102, a photographing device 104, a storage device 106, a calculation device 107, and a terminal 118.

Inside the computing device 107, the signature program 108 operates.
The storage device 106 stores biometric information 109, electronic data 110, an electronic signature 111, biometric master management information 205, and biometric management information 206.

  The biometric information recognition apparatus 101 includes a movable near-infrared light source 102 and a photographing device 104 for photographing a finger vein.

Next, the biological information management subsystem 200 will be described.
The biological information management subsystem 200 includes a server 201 and a storage device 203.
In addition, the management program 202 operates inside the server 201.
The storage device 203 stores biological information 109, electronic data 110, an electronic signature 111, biological master information 204, biological master management information 205, and biological management information 206.

  In FIG. 2, a biological information recognition device 101 is composed of a movable near infrared light source 102 and a photographing device 104 for photographing a finger vein. The near infrared light source 102 and the photographing device 104 are inserted into a cylinder as a pair of devices. It is structured to rotate around the finger that is linked.

When the near-infrared light source 102 is positioned at 180 degrees, the near-infrared light radiated from the near-infrared light source 102 in the direction of 0 degrees is transmitted through the finger to be collated and is generated when the finger is transmitted through the finger. The shadow of the vein is photographed by the photographing device 104 located at 0 degree, and the photographing angle is 0 degree.
At that time, the photographing device 104 photographs a finger vein as a three-dimensional image as a two-dimensional image projected on the A plane.

  In the case of the near-infrared light source 103 in which the near-infrared light source 102 moves 45 degrees and is positioned at 135 degrees, the near-infrared light emitted from the near-infrared light source 103 in the direction of 135 degrees The shadow of the finger vein that occurs when passing through the inside of the finger and passing through the inside of the finger is photographed by the photographing machine 105 located at 315 degrees, and the photographing angle becomes 315 degrees.

  At this time, the photographing device 105 photographs the finger vein as a three-dimensional image as a two-dimensional image projected on the B surface.

  In the example shown in FIG. 2, only two shooting angles of 315 degrees and O degrees are displayed, but may be any number of times as long as it is originally in the range of O degrees to 360 degrees. However, two or more angles may be used.

Next, a mechanism for dealing with impersonation in the biometric information recognition apparatus 101 will be described.
For example, in the method of digital signature based on a single vein photograph taken from a fixed angle, it is sufficient for biological counterfeiting that causes a bio-information recognition device to read a film created based on a near-infrared photograph. It is hard to say that it has a strong resistance.

Therefore, in the present embodiment, a plurality of biological images obtained by photographing finger veins from different angles using the imaging device 104 are registered in advance as the reference information in the biological master information 204, and the biological master information 204 is further stored. Biometric master management information 205 is created and registered for management.
When the user signs an electronic signature, the electronic signature subsystem 100 requests the biological information management system 200 to select an imaging angle, and the management program 202 of the biological information management system 200 that receives the request registers the biological master information 204. One is randomly selected from a plurality of biological images, and biological management information 206 is created based on the biological master management information 205 corresponding to the selected biological master information 204, and transmitted to the electronic signature subsystem.

Next, the biometric information recognition apparatus 101 of the electronic signature subsystem 100 captures and captures a finger vein biometric image using the imaging angle included in the biometric management information 206 transmitted from the biometric information management system 200. Impersonation is dealt with by creating the electronic signature 111 using the characteristic value of the biometric feature point extracted from the biometric image.
Next, a mechanism for collecting a living body pattern using a fingerprint sensor as shown in FIG. 3 instead of the near infrared light source 102 and the photographing machine 104 as shown in FIG. 2 will be described.

  First, the fingerprint sensor 116 has an electrode 117 therein, and when the finger 113 is placed on the protective film 115, the fingerprint sensor 116 is based on the distance between the surface of the skin formed by the unevenness of the fingerprint 114 and the protective film 115. An image is created by converting the amount of charge generated between the protective film 115 and the electrode 117.

<Example of data setting items used in the electronic signature system>
Next, an example of data setting items used in the electronic signature system according to the embodiment of the present invention will be described with reference to FIG.

  The biometric information 109 stored in the storage device 203 is a user's vein photograph image or vein pattern, and the format of the image conforms to the file format adopted by the system developer for storing the image data.

  For example, when JPEG2000 is adopted as a file format for storing image data, the format conforms to the standard established by ITU (International Telecommunication Union), and when BMP / DIB is adopted, Microsoft Corporation Complies with Bitmap / Microsoft Windows Device Independent Bitmap established by. (Windows is a registered trademark)

  The file format for saving image data is not limited to JPEG2000 and BMP / DIB, but PNG (Portable Network Graphics), TIFF (Tag Image File Format), etc. may be used. The format conforms to the format established by each standard maker.

  Also, 'G' is set in the first digit of the file name, and the biometric master management number is set in the second and subsequent digits of the file name.

The first two digits of the biometric management number or the biometric master management number are the last two digits of the year, and the number of digits below the third digit is set to be greater than the number of data generated in the year.
The biometric master information 204 stores biometric information as reference information for confirming an electronic signature created by a user. The biometric master management number is used as the file name.

  The biometric master management information 205 is a file stored in the storage device 203 as information for managing the biometric master information 204. Data items include a personal number, a biometric master, as shown in FIG. Management number, shooting angle, feature point group number 1 (feature point number 1, feature point number 2, feature point number 3) to feature point group number n (feature point number a, feature point number b, feature point number c), Creation date is set.

  In the biometric master management information 205, the biometric master management number is a key for making individual data unique.

  The biometric master management number is a series of unique management numbers assigned to the biometric master information, and 'M' is set in the first digit.

In addition, the shooting angle of the camera 104 is set in the shooting angle item.
The biometric management information 206 is information for instructing the imaging information to the biometric information recognition device 101 and managing the biometric information 109 created based on the captured biometric image, and the data items include those shown in FIG. As shown in b), personal number, biometric management number, biometric master management number, imaging angle, creation date, etc. are set as items.

  In the biometric management information 206, the biometric management number is a key that makes each data unique.

  The biological management number is a series of unique management numbers assigned to biological images and biological patterns, and 'D' is set in the first digit. In addition, the shooting angle of the camera 104 is set in the shooting angle item.

  In addition, the electronic signature 111 is created by further processing with a hash function a numerical value created by combining the characteristics of the biometric feature points included in the biometric information with the result of processing the electronic data 110 to be signed with the hash function. As shown in Fig. 4 (c), the data items include personal number, biometric management number, biometric master management number, shooting angle, electronic signature, creation date, etc. Is set as

  In addition, the time stamp 112 further processes a numerical value created by combining the characteristic value of the biometric feature point included in the biometric information with the result of processing the date and time when the electronic signature 111 was created with the hash function, using the hash function. As shown in Fig. 4 (d), the data items include information including the time stamp 112 created as described above, and the personal number, biometric management number, biometric master management number, shooting angle, time stamp, creation date Etc. are set as items.

<Operation of electronic signature system>
Next, with reference to FIG. 5 and FIG. 6, an operation for performing an electronic signature using biometric information related to finger veins in the electronic signature system according to the embodiment of the present invention will be described. FIG. 5 is a flowchart showing the biometric master registration operation of the electronic signature system according to the embodiment of the present invention, and FIG. 6 is a flowchart showing the biometric verification operation of the electronic signature system according to the embodiment of the present invention. .

  In the following, two biometric master management information 205 created based on two vein photographs taken from different angles are registered, but it is not necessarily limited to the minimum two, Three or more pieces of biometric master management information 205 may be registered in order to improve the security level.

The biometric master registration operation will be described. As shown in FIG. 5, in the electronic signature subsystem 100, first, the biometric information recognition device 101 transmits the personal number input by the user to the calculation device 107 to A request is made to select the angle at which the vein used for the signature is imaged (S100).
Next, in the computing device 107, the signature program 108 transmits the personal number received from the biometric information recognition device 101 to the server 201 operating in the biometric information management system 200, and requests selection of an imaging angle (S101). ).

  Next, in the server 201, the management program 202 sets the personal number received from the signature program 108 in the “personal number” item of the biometric master management information 205, and sets the “biometric master management number” item of the biometric master management information 205. A numerical value obtained by adding 1 to the maximum biological master management number in the biological master management information 205 stored in the storage device 203 is set, and an imaging angle randomly selected in the “imaging angle” item of the biological master management information 205 is set. The first biometric master management information 205 created by setting and setting the system date in the “creation date” item of the biometric master management information 205 is registered in the storage device 203 (S102).

  Next, in the server 201, the management program 202 sets the personal number received from the signature program 108 in the “personal number” item of the biometric master management information 205, and sets the “biometric master management number” item of the biometric master management information 205. A value obtained by adding 1 to the maximum biometric master management number in the biometric master management information 205 stored in the storage device 203 is set, and the first is selected in the “imaging angle” item of the biometric master management information 205 The second biometric master management information 205 created by randomly selecting a shooting angle different from the shooting angle and setting it and setting the system date in the “Created Date” item of the biometric master management information 205 Registration is performed in the storage device 203 (S103).

  Next, in the server 201, the management program 202 transmits the two created biometric master management information 205 to the electronic signature subsystem 100 to notify the imaging angle (S104).

  Next, in the computing device 107 of the electronic signature subsystem 100, the signature program 108 receives two pieces of biometric master management information 205 from the biometric information management subsystem 200 (S105).

  Next, in the electronic signature subsystem 100, the signature program 108 operating on the computing device 107 sets the imaging angle included in the first biological master management information 205 received from the biological information management subsystem 200 to the biological information. It transmits to the information recognition apparatus 101 to instruct the collection of a biological image. (S106).

  Next, in the electronic signature subsystem 100, the biometric information recognition apparatus 101 is provided based on the imaging angle included in the biometric master management information 205 received from the signature program 108 operating on the calculation apparatus 107. The infrared light source 102 and the photographing device 104 are moved to photograph a biometric image of the registrant's finger vein from a specified angle, and the captured biometric image and personal number are transmitted to the computing device 107 as first data (S107). ).

  Next, in the computing device 107, the signature program 108 is included in the first biometric master management information 205 received from the biometric information management subsystem 200 as the file name of the biometric image received from the biometric information recognition device 101. After the biometric master management number is assigned and the biometric information 109 is created, the first biometric master management information 205 is updated (S108).

  Next, in the electronic signature subsystem 100, the signature program 108 operating on the computing device 107 sets the imaging angle included in the second biological master management information 205 received from the biological information management subsystem 200 to the biological information. It transmits to the information recognition apparatus 101 to instruct the collection of a biological image. (S109).

  Next, in the electronic signature subsystem 100, the biometric information recognition apparatus 101 is provided based on the imaging angle included in the biometric master management information 205 received from the signature program 108 operating on the calculation apparatus 107. The infrared light source 103 and the photographing device 105 are moved, and a biometric image of the registrant's finger vein is taken from the designated angle, and the taken biometric image and personal number are transmitted as second data to the computing device 107 (S110). ).

  Next, in the computing device 107, the signature program 108 is included in the second biological master management information 205 received from the biological information management subsystem 200 as the file name of the biological image received from the biological information recognition device 101. After the biometric master management number is assigned to create the biometric information 109, the second biometric master management information 205 is updated (S111).

Next, in the computing device 107, the signature program 108 transmits the two created biometric information 109 and the two updated biometric master management information 205 to the biometric information management subsystem 200 (S112).
Next, in the server 201, the management program 202 creates two pieces of biological master information 204 based on the two pieces of biological information 109 received from the electronic signature subsystem 100, registers them in the storage device 203, and then creates an electronic signature. The two biometric master management information 205 stored in the storage device 203 is updated using the two biometric master management information 205 received from the subsystem 100 (S113).

  As shown in FIG. 6, in the electronic signature subsystem 100, the biometric information recognition apparatus 101 performs an operation regarding the personal number input from the terminal 118 by the user and the electronic data 110 to be signed. And the received personal number is transmitted to the management program 108 of the computing device 107 (S120).

  Next, in the computing device 107, the signature program 108 transmits the personal number received from the biometric information recognition device 101 to the server 201 operating in the biometric information management system 200, and requests selection of an imaging angle (S121). ).

  Next, in the server 201, the management program 202 randomly selects one piece of data that matches the personal number received from the signature program 108 from the data stored in the biological master management information 205, The personal number received from the signature program 108 is set in the “personal number” item of the management information 206, and the maximum of the biological management information 206 stored in the storage device 203 in the “biological management number” item of the biological management information 206 A value obtained by adding 1 to the “biological management number” item is set, and the biological master management number of the biological master management information 205 selected at random in the “biological master management number” item and the “imaging angle” item of the biological management information 206 And the shooting angle, and set a group extracted at random from the feature point group of the biometric master management information 205 in the “feature point group number A” item of the biometric management information 206. Furthermore, it registers the biometric management information 206 created by setting the system date to "creation date" item of biometric management information 206 in the storage unit 203 (S122).

Next, in the server 201, the management program 202 transmits the created biometric management information 206 to the electronic signature subsystem 100 to notify the selected imaging angle (S123).
Next, in the electronic signature subsystem 100, the signature program 108 operating on the computing device 107 receives the biological management information 206 from the biological information management subsystem 200 (S124).

Next, in the computing device 107, the signature program 108 transmits the imaging angle included in the biological management information 206 received from the biological information management system 200 to the biological information recognition device 101 to instruct the collection of the biological image ( S125)
Next, in the electronic signature subsystem 100, the biometric information recognition apparatus 101 moves the imaging device 104 based on the imaging angle received from the signature program 108, and uses the newly positioned imaging device 105 to perform the finger vein biometrics. The image is taken from the specified angle, and the biological image taken by the photographing machine 105 is transmitted to the calculation device 107 (S126).

  In the computing device 107, the signature program 108 assigns the biometric management number included in the biometric management information 206 received from the management program 202 to the biometric image received from the biometric information recognition device 101 as a file name. After creating and registering 109, the imaging angle of the biological image received from the biological information recognition apparatus 101 is set in the “imaging angle” item of the biological management information 206, and the biological management information 206 is updated.

  Next, the signature program 108 first processes the electronic data 110 with a hash function to calculate the first hash value, and then the biometric image received from the biometric information recognition apparatus 101 and the biometric feature received from the management program 202 In a triangle created by combining point numbers, calculate the characteristic value by dividing the length of the shortest side by the length of the middle side and dividing it by the length of the maximum side. A first digital signature 111 is created by processing the intermediate numerical value calculated by multiplying the first hash value by a hash function.

  Next, the signature program 108 first extracts the year / month / day / hour / minute / second from the system date of the computing device 107, calculates the second hash value by processing the retrieved year / month / day / hour / minute / second with a hash function, In the triangle created by combining the biometric image received from the biometric information recognition device 101 and the biometric feature point number received from the management program 202, the maximum side is a numerical value obtained by multiplying the length of the shortest side by the length of the middle side. Then, the characteristic value is calculated by dividing by the length of, and the intermediate value calculated by multiplying the calculated characteristic value by the second hash value is processed by the hash function to create the first time stamp 112. (S127).

  Next, in the computing device 107, the signature program 108 transmits the biological information 109, the electronic data 110, the electronic signature 111, the first time stamp 112, and the biological management information 206 to the biological information management subsystem 200 (S128). .

Next, in the server 201, the management program 202 stores the biometric information 109, the electronic data 110, the first electronic signature 111, the first time stamp 112, and the biometric management information 206 received from the signature program 108 in the storage device 203. Store. (S129)
Next, in the server 201, the management program 202 first processes the electronic data 110 received from the signature program 108 with a hash function to calculate a third hash value, and then is included in the biological management information 206. A biometric image is extracted from the biometric master information file 204 using the personal number and the biometric master management number. Next, in the triangle formed by combining the extracted biological image and the three biological feature points included in the biological management information 206, the numerical value obtained by multiplying the length of the shortest side by the length of the middle side is the maximum. A characteristic value is calculated by dividing by the length of the side, and a second electronic signature is created by processing the intermediate value calculated by multiplying the calculated characteristic value by the third hash value with a hash function.

  Next, the management program 202 first extracts the creation date / time / hour / minute / second of the time stamp 112, processes the retrieved creation date / month / date / time / minute / second with a hash function to calculate a fourth hash value, A biometric image is extracted from the biometric master information file 204 using the personal number and biometric master management number included in the management information 206. Next, in the triangle formed by combining the extracted biological image and the three biological feature points included in the biological management information 206, the numerical value obtained by multiplying the length of the shortest side by the length of the middle side is the maximum. A characteristic value is calculated by dividing by the length of the side, and a second time stamp is created by processing the intermediate value calculated by multiplying the calculated characteristic value by the fourth hash value with a hash function (S130).

  Next, the created second electronic signature and the second time stamp are respectively compared with the first electronic signature 111 and the first time stamp 112 (S131). Is generated and transmitted to the electronic signature subsystem 100 (S132). If they are different, a denial message is generated and transmitted to the electronic signature subsystem 100 (S133).

<Process for creating an electronic signature using biometric information collected from different angles of the same biometric feature point>
In the following, using FIG. 6, in a form that partially supplements the processing steps, digitally sign using a plurality of biological information related to the same biological feature points collected from different angles with a unique angle difference, A processing procedure for confirming a signature using a plurality of pieces of biometric information in which the same biometric feature points collected from different angles are related with a specific angle difference will be described based on S127.

  In the computing device 107, the signature program 108 receives two (two types) of biological images obtained by photographing the same biological feature point from different angles from the biological information recognition device 101, and receives the two received biological images from the management program 202. The biometric information included in the received biometric management information 206 is assigned as a file name and the biometric information 109 is created and registered. The imaging angle of the image is set, and the biological management information 206 is updated.

Next, the signature program 108 first processes the electronic data 110 with a hash function to calculate a first hash value, and then from the first biometric image received from the biometric information recognition apparatus 101 and the management program 202. In the triangle created by combining the received biometric feature point numbers, the characteristic value is calculated by dividing the numerical value obtained by multiplying the length of the shortest side by the length of the middle side by the length of the maximum side,
Next, in the triangle created by combining the calculated characteristic value with the second biometric image received from the biometric information recognition device 101 and the biometric feature point number received from the management program 202, the length of the shortest side is intermediate The characteristic value is calculated by dividing the numerical value multiplied by the length of the side by the maximum side length, and further, the intermediate value calculated by multiplying the calculated characteristic value by the first hash value is processed by the hash function. A first electronic signature 111 is created.

  Next, the signature program 108 first extracts the year / month / day / hour / minute / second from the system date of the computing device 107, calculates the second hash value by processing the retrieved year / month / day / hour / minute / second with a hash function, In the triangle created by combining the biometric image received from the biometric information recognition device 101 and the biometric feature point number received from the management program 202, the maximum side is a numerical value obtained by multiplying the length of the shortest side by the length of the middle side. Then, the characteristic value is calculated by dividing by the length of, and the intermediate value calculated by multiplying the calculated characteristic value by the second hash value is processed by the hash function to create the first time stamp 112 (S127).

<Processing by vein pattern>
Next, the processing procedure in the case of using a vein pattern will be described in a form that partially supplements the processing procedure in the case of using a biological image.

First, referring to FIG. 5, a procedure for digital signature using a vein pattern will be described.
In the computing device 107, the signature program 108 extracts the vein pattern by processing the first biological image received from the biological information recognition device 101, and receives the file name of the extracted vein pattern from the biological information management subsystem 200. After creating the biometric information 109 by assigning the biometric master management number included in the first biometric master management information 205, the biometric information is recognized in the “imaging angle” item of the first biometric master management information 205. The imaging angle of the first biological image received from the device 101 is set, and the first biological master management information 205 is updated (S108).

  Next, in the computing device 107, the signature program 108 processes the second biometric image received from the biometric information recognition device 101 to extract a vein pattern, and the biometric information management subsystem is added to the file name of the extracted vein pattern. After creating biometric information 109 by assigning the biometric master management number included in the second biometric master management information 205 received from 200, the “imaging angle” item of the second biometric master management information 205 The imaging angle of the second biological image received from the biological information recognition apparatus 101 is set and the second biological master management information 205 is updated (S111).

Next, with reference to FIG. 6, a processing procedure in the case of digital signature using a vein pattern will be described.
In the computing device 107, the signature program 108 files the biometric management number included in the biometric management information 206 received from the management program 202 in the vein pattern extracted by processing the biometric image received from the biometric information recognition device 101. After creating and registering the biometric information 109 with a name, the imaging angle of the biometric image received from the biometric information recognition device 101 is set in the “imaging angle” item of the biometric management information 206, and the biometric management information 206 is set. Update.

  Next, the signature program 108 first processes the electronic data 110 with a hash function to calculate the first hash value, and then the biometric image received from the biometric information recognition apparatus 101 and the biometric feature received from the management program 202 In a triangle created by combining point numbers, calculate the characteristic value by dividing the length of the shortest side by the length of the middle side and dividing it by the length of the maximum side. An intermediate numerical value calculated by multiplying the first hash value is processed by a hash function to generate a first electronic signature 111 (S127).

Next, in the server 201, the management program 202 stores the electronic data 110, the first electronic signature 111, the biological information 109, and the biological management information 206 received from the signature program 108 in the storage device 203. (S129)
Next, in the server 201, the management program 202 first calculates the second hash value by processing the electronic data 110 received from the signature program 108 with a hash function, and then included in the biological management information 206. A biometric pattern is extracted by processing the biometric image extracted from the biometric master information file 204 using the personal number and the biometric master management number. Next, in the triangle formed by combining the extracted biological pattern and the three biological feature points included in the biological management information 206, the numerical value obtained by multiplying the length of the shortest side by the length of the middle side is the maximum. A characteristic value is calculated by dividing by the length of the side, and a second electronic signature is generated by processing the intermediate value calculated by multiplying the calculated characteristic value by the second hash value with a hash function. (S130)
The generated second electronic signature and the first electronic signature 111 are compared (S131) .If they are the same, an approval message is created and sent to the electronic signature subsystem 100 (S132). A message is created and transmitted to the electronic signature subsystem 100 (S133).

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiments. However, the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the invention. Needless to say.

  For example, the veins in the present embodiment are not limited to fingers, but include palms, wrists, ankles, and the like. In addition, the biological pattern in the present invention is not limited to a fingerprint, but includes a palm pattern, a frame pattern, an iris, and the like.

In addition, the biological information in the present embodiment may be information relating to a living body and includes an image, a pattern, and a pattern, but is not limited thereto.
The storage device may be any device having a data holding function, and includes, for example, a magnetic disk, a magnetic drum, a semiconductor storage device, and the like.

  In addition, the instruction method related to electronic data to be signed input by the user may be input of an electronic data name or an operation such as clicking on the target electronic data using a mouse. .

  In addition, the present embodiment is not limited to a form in which the electronic signature subsystem and the biological information management subsystem are connected via a network. For example, biological information related to vein photographs, vein patterns, and the like is stored in the biological information recognition apparatus. It may be stored in an external storage medium such as a storage device or an IC card, the signature program and the management program are operated by a single device, and the electronic signature processing may be performed independently without using a network. In this case, an electronic certificate that is proved by a third party who is the certifying subject is sent to the recipient separately, and the electronic signature using the biometric information of the user is correct.

  In addition, a part of the functions performed by the signature program in the present embodiment, for example, a function of creating a vein pattern based on a biological image of a vein, is shared by other apparatuses and systems other than the calculation apparatus. Also good.

In addition, a part of the functions performed by the signature program in the present embodiment, for example, the calculation of the characteristic value of the biometric feature point may be shared by other apparatuses and systems other than the calculation apparatus.
Further, the “electronic data” to be electronically signed by the user may be electronic data, and includes text, tables, patterns, mathematical expressions, images, biometric information, and the like.

  The present invention relates to an electronic signature system and an electronic signature apparatus, and a more suitable application field is applicable to an electronic signature system in a financial field or a commercial transaction field where a high-level electronic signature is required.

It is a block diagram which shows the structure of the electronic signature system concerning one Embodiment of this invention. It is explanatory drawing for demonstrating the biometric information recognition apparatus of the electronic signature system concerning one Embodiment of this invention. It is explanatory drawing for demonstrating the fingerprint sensor of the electronic signature system concerning one Embodiment of this invention. It is the figure which showed an example of the setting item of the data used with the electronic signature system concerning one Embodiment of this invention. It is a flowchart which shows the operation | movement of biometric master registration of the electronic signature system concerning one embodiment of this invention. It is a flowchart which shows the operation | movement of the biometric verification of the electronic signature system concerning one embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Network, 100 ... Electronic signature subsystem, 101 ... Biometric information recognition device, 102 ... Near infrared light source, 103 ... Near infrared light source, 104, 105 ... Camera, 106 ... Storage device, 107 ... Calculation device, 108 ... Signature Program 109 109 Biometric information 110 Electronic data 111 Digital signature 112 Time stamp 113 Finger 114 Fingerprint 115 Protective film 116 Fingerprint sensor 117 Electrode 118 118 Terminal 200 Biological information management subsystem, 201 ... server, 202 ... management program, 203 ... storage device, 204 ... biological master information, 205 ... biological master management information, 206 ... biological management information.

Claims (7)

An electronic signature system for generating an electronic signature to be attached to electronic data using a user's biological information,
The biometric information is collected from the user in advance, and based on the collected biometric information, information on a plurality of biometric feature point groups including information on a plurality of biometric feature points related to the biometric information is created, and the creation Means for registering the biometric feature point group information and the biometric information in a storage device;
When generating the electronic signature, the personal number of the user and an instruction regarding the electronic data to be digitally signed are input, and the plurality of biometric feature point groups registered in the storage device based on the input personal number Means for randomly selecting the biometric feature point group used for the electronic signature from the information of
A first electronic signature to be attached to the electronic data is created using the information belonging to the selected biometric feature point group and the electronic data among the biological information collected from the user to generate the electronic signature. And an electronic signature system. The electronic signature system according to claim 1,
Means for creating a second electronic signature using information belonging to the selected biometric feature point group of the biometric information of the user registered in the storage device and the electronic data;
An electronic signature system comprising: means for comparing the first electronic signature with the second electronic signature and confirming the signature of the first electronic signature. An electronic signature system for generating an electronic signature to be attached to electronic data using a user's biological information,
Information on a plurality of biometric feature point groups consisting of information on a plurality of biometric feature points related to the biometric information based on the plurality of biometric information collected from the plurality of biometric information related to the user in advance. Means for registering information on the biometric feature point group having the created angle as an attribute and the biometric information in a storage device;
When generating the electronic signature, the personal number of the user and an instruction regarding the electronic data to be digitally signed are input, and the plurality of biometric feature point groups registered in the storage device based on the input personal number Means for randomly selecting the biometric feature point group having a specific angle used for the electronic signature from the information of
First information attached to the electronic data using the electronic data and the information belonging to the biological feature point group having the selected specific angle among the biological information collected from the user to generate the electronic signature Means for creating an electronic signature and a second electronic signature using the electronic data and the information belonging to the biometric feature point group having the selected specific angle among the biometric information of the user registered in the storage device And a means to create
An electronic signature system comprising: means for comparing the first electronic signature with the second electronic signature and confirming the signature of the first electronic signature. In the electronic signature system according to claim 2 or claim 3,
The generation of the first electronic signature is performed by processing the electronic data to be digitally signed with a hash function to calculate a first hash value, and selecting the selected biometric feature point group from the biometric information collected from the user. Based on the belonging information, the characteristic value of the biometric feature point used for the electronic signature is extracted, and the intermediate value calculated by multiplying the characteristic value of the extracted biometric feature point by the first hash value is further processed by the hash function And generate
The generation of the second electronic signature is performed by processing the electronic data to be digitally signed with a hash function to calculate a second hash value, and the selected biometric information of the user registered in the storage device is selected. Based on the information belonging to the biometric feature point group, the characteristic value of the biometric feature point used for the electronic signature is extracted, and the intermediate value calculated by multiplying the extracted characteristic value of the biometric feature point by the second hash value, Further, an electronic signature system characterized by being generated by processing with a hash function. In the electronic signature system according to claim 3,
A plurality of biometric information including the same biometric feature point of the user is collected in advance from different angles, and a plurality of biometric information consisting of information on a plurality of biometric feature points related to the biometric information based on the collected biometric information Means for creating feature point group information, and registering the biometric feature point group information having the created angle as an attribute and the biometric information in a storage device;
In selecting the biometric feature point group, information on the biometric feature point group obtained by sampling the same biometric feature point from different angles is randomly selected, and the user uses the angle of the selected biometric feature point group. Among the collected biometric information, a plurality of biometric information in which the same biometric feature points belonging to the biometric feature point group are related with a unique angle difference and a first electronic signature attached to the electronic data using the electronic data Means to create,
The biometric information and the electronic data relating the biometric information of the user registered in the storage device to the same biometric feature point belonging to the biometric feature point group having the selected specific angle with a specific angle difference Means for creating a second electronic signature using
An electronic signature system comprising: means for comparing the first electronic signature with the second electronic signature and confirming the signature of the first electronic signature. In the electronic signature system according to any one of claim 2, claim 3, and claim 5,
Means for creating a first electronic time stamp using the date and time of creating the electronic signature and information belonging to the biometric feature point group having the selected specific angle among the biometric information collected from the user;
A second electronic time stamp is obtained by using information belonging to the biometric feature point group having the selected specific angle among the biometric information of the user registered in the storage device and the date and time when the electronic signature is created. Means to create,
An electronic signature system comprising: means for comparing the first electronic time stamp with the second electronic time stamp and confirming a date and time when the first electronic time stamp was created. The electronic signature system according to any one of claims 1 to 6,
The electronic signature system according to claim 1, wherein the biometric information of the user is information related to a biometric pattern extracted from a biometric image collected from the user.

Images