JP2010160749A - System and method for authenticating biological information - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a biological information authentication system and a biological information authentication method that can prevent "spoofing" in which biological information data obtained in an unauthorized manner from biological information registered in a database is input via a network or the like to fake the biological information. <P>SOLUTION: The biological information authentication system 10 includes a client side apparatus 12 having a biological information acquisition device 11, and a center side apparatus 14 connected to the client side apparatus 12 via a network 15. The center side apparatus 14 has a means A for comparing a first piece of biological information obtained at personal authentication by the biological information acquisition device 11 and input into the system with a second piece of biological information stored beforehand, and a means C for asserting impersonation if determining that the first piece of biological information is the same as the second piece of biological information according to the result of discrimination by the means A. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a biometric information authentication system and a biometric information authentication method, and more specifically, authenticates a person using biometric information such as a fingerprint, a vein, and an iris, and uses illegally biometric information registered in a database. The present invention relates to a biometric information authentication system and a biometric information authentication method for preventing “spoofing”.

Conventionally, the fingerprint database, which is biometric information obtained by a fingerprint scanner, is collated with fingerprint data stored in advance on an IC card, or is collated with fingerprint data stored in advance on a fingerprint database of a host computer. An automatic transaction system that performs confirmation processing, that is, personal authentication is disclosed (for example, see Patent Document 1).
Also, by comparing the fingerprint data, which is biometric information obtained by the fingerprint scanner, with the fingerprint feature point data stored in advance on the IC card and the fingerprint feature point data stored in advance in the fingerprint feature point database of the center system, A system for performing authentication is disclosed (see, for example, Patent Document 2).

Also, there is a personal authentication method that encrypts and eliminates security holes when sending characteristic data indicating user characteristics generated from human body information input means connected to a user side terminal to a center side device via a network. It is disclosed (for example, see Patent Document 3).
Moreover, an example of the iris authentication apparatus is disclosed as a personal authentication apparatus (for example, refer patent document 4). This iris authentication apparatus also includes a living body detection means.
Furthermore, an example of a vein authentication device is disclosed as a personal authentication device (see, for example, Patent Document 4).

In the personal authentication system, it is an important issue to prevent “spoofing” in which another person spoofs information by some intentional operation and causes the system to misidentify the user.
However, in the conventional techniques as described above, biological information accumulated in advance may flow out of the IC card or the center side database and be illegally acquired. In addition, when the person performs a valid authentication act, newly acquired biometric information may be illegally acquired by a person other than the person through the network. Furthermore, the client-side device may be remodeled, or a spoofing device imitating the client-side device may be connected to the network to take over the authentication communication session. When a person other than the person uses the biometric information due to such an illegal act, the unauthorized use cannot be detected by the center side device.

Any of the conventional techniques is one of the following configurations or a combination of them.
In the following description, the biometric information feature data is data extracted from the biometric information data by some numerical calculation and can be authenticated by a collation operation.

  In the first configuration example, biometric information is stored in advance in an IC card or the like, and the client side device compares the biometric information acquired by the biometric information acquisition device at the time of authentication with the stored biometric information. And pass / fail information is transmitted to the center side device via the network.

  In the second configuration example, biometric information is stored in advance in the biometric information database of the center side device, and the biometric information acquired by the biometric information acquisition device at the time of authentication is stored in the client side device via the network. The data is transmitted to the side device, and the center side device determines whether or not the user is the person by comparing with the stored biometric information.

  In the third configuration example, biometric information feature data is accumulated in advance in an IC card or the like, and biometric information feature data generated from biometric information acquired by a biometric information acquisition device at the time of authentication is accumulated in the client side device. The biometric information feature data is compared to determine whether or not the person is the person, and pass / fail information is transmitted to the center side device via the network.

  In a fourth configuration example, biometric information or biometric information feature data is stored in advance in the biometric information database of the center side device, and the biometric information generated from the biometric information acquired by the biometric information acquisition device at the time of authentication in the client side device. The information feature data is transmitted to the center side device via the network, and the center side device determines whether or not the person is the person by comparing with the stored biometric information feature data.

Japanese Patent Laid-Open No. 10-134229 Japanese Patent No. 2872176 JP 2001-52182 A JP 2001-34754 A JP 2006-120026 JP

In any of the above configurations, it is considered that so-called “spoofing” occurs due to the following two spoofing means, and this could not be detected by the center side device.
The first spoofing means is that when the client-side device is modified, the spoofing device is illegally connected to the circuit to which the biometric information acquisition device of the client-side device is connected, and the biological information obtained illegally is It is poured into information acquisition equipment. In this case, the data output from the biometric information acquisition device is the same as the biometric information stored in advance, or the same as the biometric information newly acquired when the person performs a valid authentication act. Therefore, the system will judge this as the person.

  The second spoofing means that a spoofing device imitating a client-side device is connected to a network such as a TCP / IP network, the authentication communication session is taken over, and illegally acquired biological information is poured into this Is. In this case, the biometric information or biometric information feature data transmitted from the client-side device to the center-side device is the same as the biometric information stored in advance, or is newly added when the person performs a valid authentication act. Since the biometric information is the same as the acquired biometric information, or is biometric information feature data generated based on these pieces of information, the system is determined to be the person from this data.

By the way, in Patent Document 4, there is provided a living body detecting means for detecting that the state of the iris is a living body state, but when the client side device itself is modified, the output signal of the living body detecting means is also misrepresented. Therefore, the fact that the misrepresentation cannot be detected in the center side device has not changed.
As described above, in the conventional technology, when the improperly acquired biometric information is used as it is and is misrepresented, the center side device has a defect that it is determined to be the person, and “spoofing” is performed. There was a risk that it could not be prevented.

  The present invention has been made in view of the above circumstances, and misrepresents biometric information by flowing biometric data obtained illegally from biometric information registered in a database via a network or the like. It is an object of the present invention to provide a biometric information authentication system and a biometric information authentication method that can prevent “spoofing”.

  The biometric information authentication system of the present invention is a biometric information authentication system that includes a biometric information acquisition device for acquiring biometric information and a biometric information database in which biometric information is stored in advance, Means A for comparing a part or all of the first biometric information acquired at the time of authentication and input to the system with a corresponding part of the second biometric information stored in advance in the biometric information database; Means B for comparing the biometric feature point data extracted from part or all of the biometric feature point data extracted from the second biometric information, and the provider of the first biometric information based on the result of discrimination by the means B; Even if it is determined that the provider of the second biometric information is the same person, a part or all of the first biometric information is based on the result of the determination by the means A, and the second biometric information is a phase of the second biometric information. The first biometric information is not the biometric information newly input from the biometric information acquisition device. It is characterized by having a means C for judging that the input is fraudulent by the second biometric information stolen by using an unjust means, and judging that the person is not the person himself / herself.

  The biometric information authentication system includes a client side device having a biometric information acquisition device for acquiring biometric information, and a center side device connected to the client side device via a network. Means D for transmitting a part or all of the first biological information to the center side device via the network, and the center side device has a biological information database in which the second biological information is stored; The means A compares the part or all of the first biological information with the corresponding part of the second biological information in the center side device, and the means B is the center side device. Comparing biometric feature point data extracted from part or all of the first biometric information with biometric feature point data extracted from the second biometric information There, it is preferable that the center side device is one having the means C.

  In addition to the second biometric information, the biometric information authentication system stores part or all of the first biometric information input to the system every time personal authentication is performed in the biometric information database. As a result of discrimination by means F, means F for comparing the part of the first biometric information with part or all of the first biometric information; If it is determined that a part or all of the first biological information is a data byte sequence that is completely the same as the third biological information and is a copy of the third biological information, It may have means G for determining that the person is not the person himself / herself by assuming that the input is not the biometric information newly input from the biometric information acquisition device but the spoofed input by the third biometric information stolen by using an unjust means. Like .

  The biometric information authentication system, in addition to the second biometric information, a checksum value or hash value generated based on a part or all of the first biometric information input to the system every time personal authentication is performed And means for storing the fourth biometric information in addition to the biometric information database, and the fourth biometric information already accumulated at the time of the previous personal authentication based on part or all of the first biometric information. The first biometric information is newly input from the biometric information acquisition device when the checksum value or the hash value matches with the generated checksum value or hash value when the checksum value or the hash value is matched. It is considered that the input was misappropriated by stealing part or all of the first biometric information that was input at the time of previous personal authentication using unfair means instead of the biometric information that was provided. , It is preferable to have a means J for determining not a person.

  The center-side device has means K for designating a region α constituting a part of the first biological information with respect to the client-side device, and the client-side device transfers only the region α to the center side. It is preferable to have means L for transmitting to the device.

  The center side device designates the region α so as not to select the same region as the previously designated region with reference to the means M for accumulating the history of the region α in the biological information database. And means N.

  The biometric information authentication method of the present invention includes a first step of acquiring first biometric information by a biometric information acquisition device, and a part or all of the first biometric information in the second biometric information stored in advance. A second step of comparing corresponding parts, and a third step of comparing the first biometric feature point data extracted from the first biometric information and the second biometric feature point data extracted from the second biometric information And comparing the first biometric feature point data and the second biometric feature point data with a fourth step of authenticating the person based on the conformity rate of the biometric features, and the comparison in the third step Even if it is a case where it is discriminate | determined in the said 4th process based on the result of said, in said 2nd process, a part or all of said 1st biometric information and said 2nd biometric information The corresponding data part is completely the same If it is determined that the bets column, characterized in that it is determined that not person.

  According to the biometric information authentication system of the present invention, a part or all of the first biometric information acquired at the time of personal authentication by the biometric information acquisition device and input to the system, and the second biometric information stored in advance in the biometric information database. The part A or part of the first biological information is the same data byte string as the corresponding part of the second biological information based on the result of the determination by means A and the corresponding part of the second biological information. If the second biometric information is determined to be a copy of the second biometric information, the first biometric information is not the biometric information newly input from the biometric information acquisition device, but the second biometric information that has been stolen using unjust means. Because it has a means C that considers that the information is a spoofed input and determines that it is not the identity of the person, it detects the identity fraud caused by improperly obtained biometric data flow and prevents spoofing. Kill.

  According to the biometric information authentication method of the present invention, the first step of acquiring the first biometric information by the biometric information acquisition device, a part or all of the first biometric information, and the second biometric information stored in advance. A second step of comparing the corresponding portion with the second portion, and in the second step, a part or all of the first biological information and a portion corresponding to the second biological information are completely If it is determined that they are the same data byte sequence, it is determined that the person is not the person, so that the person can be detected by improperly collecting the improperly acquired biometric information data and spoofing can be prevented.

It is a schematic block diagram which shows an example of the biometric information authentication system of this invention. It is a schematic block diagram which shows the other example of the biometric information authentication system of this invention.

  Hereinafter, the present invention will be described in detail.

(1) First Embodiment FIG. 1 is a schematic configuration diagram showing an example of a biometric information authentication system of the present invention.
The biometric information authentication system 10 is connected to a client side device 12 having a biometric information acquisition device 11 and a client side device 12 via a network 15 such as a TCP / IP network, and stores a biometric information database (biological information) in advance. And a center side device 14 having a database 13.

The client side device 12 includes means D for transmitting part or all of the first biological information acquired by the biological information acquisition device 11 to the center side device 14 via the network 15.
Further, the center side device 14 is acquired at the time of personal authentication by the biometric information acquisition device 11, and part or all of the first biometric information input to the biometric information authentication system 10 and the first prestored in the biometric information database 13. Means A for comparing corresponding parts of the two pieces of biometric information, means B for comparing biometric feature point data extracted from part or all of the first biometric information and biometric feature point data extracted from the second biometric information Even if it is determined that the provider of the first biological information and the provider of the second biological information are the same person based on the determination result by the means B, based on the determination result by the means A If it is determined that a part or all of the first biometric information is a data byte string that is completely the same as the corresponding part of the second biometric information and is a copy of the second biometric information, Biological information A means C for determining that the person is not the person himself / herself by assuming that the input is not the biometric information newly input from the biometric information acquisition apparatus but the second biometric information that has been stolen by using illegal means. .

A biometric information authentication method using this biometric information authentication system 10 will be described.
When the user 20 acquires the right to use the biometric information authentication system 10, biometric information representing biometric features such as fingerprints, veins, and irises is registered in advance in the biometric information database 13 of the center side device 14 and accumulated. .

  When carrying out a transaction requiring some kind of personal authentication, the user 20 inserts a storage medium such as a magnetic card or an IC card into the client side device 12, or enters a client name, ID number, etc. into the client side device 12. Information for identifying an individual (personal identification information) is input, and biological information such as a fingerprint, a vein, and an iris is input using the biological information acquisition device 11. The client side device 12 transmits the input biometric information (authentication input biometric information) as the first biometric information to the center side device 14 via the network 15 by means D.

Here, when the first spoofing means is executed by a third party, it is illegally acquired in advance and stored in the database of the spoofing device instead of the biological information acquired using the biological information acquisition device 11. The biometric information thus made is poured into the client side device 12.
Then, the client side device 12 receives the authentication input biometric information (authentication input biometric information) input by the user 20 or introduced by the first spoofing means via the network 15 by the means D. To the center side device 14.

  Further, when the second spoofing means is executed by a third party, the spoofing device imitating the client-side device 12 uses the biometric information acquired in advance and stored in the database of the spoofing device as the center. To the side device 14.

Upon receiving the authentication input biometric information which is the first biometric information, the center side device 14 uses the part A to receive part or all of the received first biometric information and the second prestored in the biometric information database 13. The corresponding portion of the biological information is compared.
In this comparison, in addition to the method of directly comparing the whole data, a method of calculating and comparing the checksum values for each, a method of obtaining a hash value using some hash function and comparing it, etc. Also good.

Moreover, the center side apparatus 14 performs the numerical calculation which extracts biometric feature point data from the one part or all part of the received 1st biometric information by the means B, and produces | generates the biometric feature point data a.
Subsequently, a numerical calculation for extracting biometric feature point data from the second biometric information stored in advance in the biometric information database 13 is performed to generate biometric feature point data b. The biometric feature point data a and the biometric feature point data b are compared, and if the relevance rate exceeds a certain standard, the means B determines that this is the person. In addition, the operation | work which produces | generates the biometric feature point data b from 2nd biometric information may be implemented previously, and this biometric feature point data b may be registered into the biometric information database 13. FIG.

  Further, the center side device 14 determines that part or all of the first biological information is the same data byte string as the corresponding part of the second biological information based on the result of determination by means C by means C. If the second biometric information is determined to be a copy of the second biometric information, the first biometric information is not the biometric information newly input from the biometric information acquisition device 11, but the second one that has been stolen using unjust means. It is assumed that the input is spoofed by biometric information. In this case, even if it is determined by the means B that the person is the person, the person is determined not to be the person.

  When the first biometric information that is the authentication input information is normally obtained from the principal by the biometric information acquisition device 11, regardless of whether the type of the first biometric information is fingerprint, vein, or iris, In the data output from the biometric information acquisition device 11, it is considered that a difference due to a positional deviation or noise at the time of acquisition occurs every time.

  Therefore, even if the means A compares the so-called “raw data”, that is, the input biometric information for authentication just inputted to the client side device 12 and the second biometric information, no difference is found, and it is completely found. If it is determined that they are the same data byte sequence, this authentication input biometric information is not newly acquired from the principal by the biometric information acquisition device 11, and the second biometric information is illegally stolen, or It can be judged that it was fraudulent.

  Either the comparison by means A or the comparison by means B may be executed first, or may be executed simultaneously in parallel. Furthermore, as a procedure for comparing by means A, determining whether the input is a spoofed by means C, and determining whether it is the identity by means B only when it is determined that the input is not a spoofed input Also good.

  In addition, despite the fact that the person has performed a normal authentication act, it is determined that the input biometric information for authentication and the second biometric information are the same, and the possibility that the person is not the person is not zero. In the unlikely event that such a situation occurs, it is unlikely that it will occur twice in a row, so it will be authenticated as the person by performing the authentication act again. no problem.

  In addition, when the misrepresentation is performed, it is determined that the input biometric information for authentication and the second biometric information are the same every time the authentication act is performed many times. In general, there is an upper limit such as 3 times that the authentication action can be performed, and when this number is exceeded, the authority itself for executing the authentication action is frozen and crime damage can be prevented.

According to the biometric information authentication method of this embodiment, it is determined whether or not the first biometric information acquired at the time of personal authentication is the same as the second biometric information stored in advance. Therefore, it is possible to detect impersonation by improperly obtained biometric information flow and prevent impersonation.
Further, since the center side device 14 performs the comparison between the first biological information and the second biological information and determines the identity of these biological information, a spoofing device imitating the client side device 12 is connected to the network 15. Even so, it is possible to detect impersonation by improperly obtained biometric information data and prevent spoofing.

(2) Second Embodiment In this embodiment, in addition to the first embodiment, the center-side device 14 may include a part of the first biological information input to the system each time personal authentication is performed or The means E for storing all the third biometric information added to the biometric information database as a third biometric information and the third biometric information already accumulated at the time of previous personal authentication are compared with a part or all of the first biometric information. Based on means F and the result of discrimination by means F, it is determined that a part or all of the first biological information is a data byte sequence completely identical to the third biological information and is a copy of the third biological information. In such a case, the first biometric information is not the biometric information newly input from the biometric information acquisition device 11, but is regarded as a misrepresented input by the third biometric information stolen by using illegal means, Judgment is not true Means G.

  In the first embodiment, when the second biometric information is used for misrepresentation, this can be detected, but the first biometric information newly acquired when the person performed a valid authentication act at a later date. However, it cannot be detected when it is illegally acquired by means such as eavesdropping via a network and used for misrepresentation.

  Therefore, in this embodiment, the third biometric information transmitted from the client side device 12 to the center side device 14 is additionally accumulated in the biometric information database 13 every time the authentication action is performed by the means E. The added third biometric information is used as a comparison target in the next authentication action by means F. This makes it possible to detect misrepresentation even in such a case.

  Moreover, there is a concern that the first biometric information such as the personal fingerprint and veins may change over time. According to this embodiment, the first biometric information that has succeeded in the personal authentication is sequentially accumulated in the biometric information database 13, and the database is sequentially updated so that the first biometric information that has been accumulated recently is also used for the personal authentication. Accordingly, it is possible to prevent a decrease in the fitness rate due to the secular change of the biological information.

  According to the biometric information authentication method of this embodiment, not only the second biometric information but also the first biometric information transmitted from the client side device 12 to the center side device 14 at the time of previous personal authentication is stored in the biometric information database 13. Since the third biometric information is also subject to comparison, even if the first biometric information that has been eavesdropped and illegally acquired through the network 15 at the time of the previous authentication is used, the biometric information data It is possible to detect spoofing by misappropriation and prevent spoofing.

(3) Third Embodiment In this embodiment, in addition to the first embodiment, the center-side device 14 may include a part of the first biometric information input to the system every time personal authentication is performed or Means H for accumulating the fourth biometric information consisting of the checksum value or hash value generated based on the whole in the biometric information database 13 and the fourth biometric information already accumulated at the time of previous personal authentication. When the checksum value or hash value matches with the checksum value or hash value generated based on a part or all of the first biometric information, and as a result of determination by the means I, The first biometric information is not the biometric information newly input from the biometric information acquisition device 11, but is illegally used to steal part or all of the first biometric information input at the time of previous authentication. It is considered that the input has been misrepresented using this, and a means J for judging that the input is not the person is provided.

  According to this embodiment, as in the second embodiment, even if the first biometric information that was eavesdropped and illegally acquired through the network 15 at the time of the previous personal authentication is used, It is possible to detect impersonation by pouring and prevent impersonation. Furthermore, compared with the second embodiment, not all of the first biological information is added to the biological information database 13, but only the checksum value or hash value of the first biological information is accumulated. The problem that the scale of the biological information database 13 becomes too large is unlikely to occur.

(4) Fourth Embodiment In this embodiment, in addition to the first to third embodiments, the center side device 14 constitutes a part of the first biological information with respect to the client side device 12. Means K for designating α is provided. Further, the client side device 12 includes means L for transmitting only the designated area α to the center side device 14.

Therefore, in this embodiment, the client side device 12 does not transmit the entire first biological information to the center side device 14. The center side device 14 designates the area α to the client side device 12 by means K, and the client side device 12 transmits only the area α to the center side device 14 by means L.
And the center side apparatus 14 compares the area | region (alpha) transmitted from the client side apparatus 12 by the means A with the corresponding part of 2nd biometric information, and when these biometric information is the same, impersonation is carried out. It is determined that there is, and means C determines that the person is not the person.

  For the means B, the client side device as well as the method in which the center side device 14 compares the biometric feature point data generated from the region α with the biometric feature point data generated from the portion corresponding to the region α of the second biometric information. 12 generates biometric feature point data from the entire first biometric information and transmits it to the center side device 14, and the center side device 14 generates biometric feature data from the received biometric feature point data and the second biometric information. The feature point data may be compared by means B.

Whether the biometric information is a fingerprint, a vein, or an iris, the biometric information obtained from the biometric information acquisition device 11 is a two-dimensional image.
The designation of the area α for the client-side device 12 by means K of the center-side device 14 is performed by designating four parameters of the coordinates (X, Y) of one rectangular reference point, width, and height. If four parameters are used in this way, even if all of them are specified by random numbers, it is unlikely that the same area will be specified again, and if part of this biological information is wiretapped via the network 15. Even if it is illegally acquired, the next time it is attempted to misrepresent using the biometric information that has been illegally acquired, the specified area is different from the previous one, so the misrepresentation will not succeed.

  According to the biometric information authentication method of this embodiment, the center side device 14 designates the region α in advance for a part of the first biometric information to be transmitted to the client side device 12 and sends only that portion. Therefore, the loads on the network 15 and the center side device 14 can be kept low. Further, since all of the first biometric information is not transmitted / received via the network 15, it is possible to prevent the biometric information data that has been eavesdropped and illegally acquired via the network 15 from being used for misrepresentation next time. The possibility increases. Furthermore, since the region α constituting a part of the designated first biological information is a different region every time, the biological information data that has been wiretapped and illegally acquired via the network 15 is used for the next time misrepresentation. There is a high possibility that this can be prevented.

(5) Fifth Embodiment In this embodiment, in addition to the fourth embodiment, the center side device 14 refers to the means M for storing the history of the region α in the biological information database 13 and the history. And means N for designating the area α so as not to select the same area as the previously designated area.
In the third embodiment, since the parameter specifying the region α is specified by a random number, the possibility that the same region is specified again is low, but it is not zero. On the other hand, in order to further reduce the possibility that the same area is designated twice, the history of the area α is accumulated in the biological information database 13 by means M of the center side device 14, and this area is obtained by means N. If the same area as the previously specified area is selected as a result of specifying the random number and confirming the random number, the selection of this area is stopped and another area is specified again.

  According to the biometric information authentication method of this embodiment, the center side device 14 registers the history of the region α in the biometric information database 13 so that the same region is not specified twice. It is possible to completely prevent biometric information data that has been eavesdropped and illegally acquired through the use of for the next misrepresentation.

(6) Sixth Embodiment FIG. 2 is a schematic configuration diagram showing another example of the biometric information authentication system of the present invention.
This biometric information authentication system 30 includes a biometric information acquisition device 31 and a client side device 33 having an IC card reader 32 that reads an IC card in which biometric information is stored in advance, and a client side via a network 35 such as a TCP / IP network. The center side apparatus 34 connected to the apparatus 33 is schematically configured.
The biometric information authentication system 30 is different from the biometric information authentication system 10 used in the first to fifth embodiments in that an IC card is used instead of the biometric information database 13.

A biometric information authentication method using this biometric information authentication system 30 will be described.
When the user 40 acquires the right to use the biometric information authentication system 30, biometric information such as fingerprints, veins, and irises is stored in the IC card in advance.

  When carrying out a transaction requiring some kind of personal authentication, the user 40 inserts an IC card into the client side device 33 and uses the biometric information acquisition device 31 of the client side device 33 to make a first fingerprint, vein, iris, etc. Enter biometric information.

  Here, when the first spoofing means is executed by a third party, instead of the first biometric information, the biometric information acquired in advance and stored in the database of the spoofing device is stored in the client side device. Pour into 33.

  When the first spoofing means is executed, the client side device 33 performs a numerical calculation to extract the biometric information feature data from the authentication input biometric information by means similar to the means A of the center side device 14, The biometric feature point data c generated as a result is compared with the biometric feature point data d generated from the second biometric information stored in advance in the IC card.

  As a result of comparing the biometric feature point data c and the biometric feature point data d by means similar to the means B of the center side device 14, the center side device 34 Authenticate that you are the person.

The biometric information authentication method of this embodiment further includes means A that compares the input biometric information for authentication with the second biometric information.
If the input biometric information for authentication and the second biometric information are compared and no difference is found and it is determined that they are the same, the biometric information authentication system 30 recognizes this even if the matching rate is high. Judge that is not.

DESCRIPTION OF SYMBOLS 10 ... Biometric information authentication system, 11 ... Biometric information acquisition apparatus, 12 ... Client side apparatus, 13 ... Biometric information database, 14 ... Center side apparatus, 15 ... Network, 20. ···, 30 ... biometric information authentication system, 31 ··· biometric information acquisition device, 32 ··· IC card reader, 33 ··· client side device, 34 ··· center side device, 35 ··· -Network, 40 ... user.

Claims (7)

A biometric information authentication system comprising a biometric information acquisition device for acquiring biometric information and a biometric information database in which biometric information is stored in advance,
Means for comparing a part or all of the first biometric information acquired at the time of personal authentication by the biometric information acquisition device and input to the system with a corresponding portion of the second biometric information stored in advance in the database. A, means B for comparing the biometric feature point data extracted from part or all of the first biometric information with the biometric feature point data extracted from the second biometric information, and the result of discrimination by the means B Even if it is determined that the provider of the first biological information and the provider of the second biological information are the same person, a part or all of the first biological information is based on the result of determination by the means A. When it is determined that the data byte sequence is completely the same as the corresponding portion of the second biological information and is a copy of the second biological information, the first biological information is newly input from the biological information acquisition device. Biological information Rather considered to be spoofed by the second biometric information stolen using undue means inputs biometric information authentication system characterized by having means C for determining not a person. A client side device having a biometric information acquisition device for acquiring biometric information, and a center side device connected to the client side device via a network,
The client side device has means D for transmitting part or all of the first biological information to the center side device via the network,
The center side device has a biological information database in which the second biological information is stored,
The means A compares the part or the whole of the first biological information with the corresponding part of the second biological information in the center side device,
The means B compares the biometric feature point data extracted from part or all of the first biometric information with the biometric feature point data extracted from the second biometric information in the center side device,
The biometric authentication system according to claim 1, wherein the center side device includes the means C. In addition to the second biometric information, means for accumulating a part or all of the first biometric information input to the system every time the personal authentication is performed as third biometric information in the biometric information database. E and
Means F for comparing third biometric information already accumulated at the time of the previous personal authentication with part or all of the first biometric information;
Based on the result of discrimination by the means F, a part or all of the first biometric information is the same data byte string as the third biometric information and it is determined that it is a copy of the third biometric information. Therefore, it is determined that the first biometric information is not the biometric information newly input from the biometric information acquisition device but the misrepresented input by the third biometric information stolen by using illegal means and is not the person The biometric information authentication system according to claim 1 or 2, further comprising means G for performing the operation. In addition to the second biometric information, fourth biometric information consisting of a checksum value or a hash value generated based on a part or all of the first biometric information input to the system every time personal authentication is performed. , Means H for additionally storing in the biological information database;
Means I for comparing the fourth biometric information already accumulated at the time of the previous personal authentication with a checksum value or a hash value generated based on a part or all of the first biometric information;
If the checksum value or the hash value matches as a result of the determination by the means I, the first biometric information is not the biometric information newly input from the biometric information acquisition device, but the unjustified means. And a means (J) for stealing part or all of the first biometric information input at the time of personal authentication, considering that the input is a fraudulent input, and determining that it is not a personal identity. The biometric information authentication system according to 1 or 2. The center side device has means K for designating a region α constituting a part of the first biological information to the client side device,
The biometric information authentication system according to claim 2, wherein the client side device includes means L for transmitting only the area α to the center side device.   The center side device designates the region α so as not to select the same region as the previously designated region with reference to the means M for accumulating the history of the region α in the biological information database. 6. The biometric authentication system according to claim 5, further comprising means N. A second step of comparing the first step of acquiring the first biological information by the biological information acquisition device with a portion corresponding to this part of the second biological information accumulated in part or all of the first biological information. And the process of
A third step of comparing the first biometric feature point data extracted from the first biometric information and the second biometric feature point data extracted from the second biometric information, the first biometric feature point data and the second biometric feature point data As a result of comparing the biometric feature point data, it has a fourth step of authenticating the person by the conformity rate of the biometric features,
Based on the result of the comparison in the third step, even if it is determined that the person is the person in the fourth step, in the second step, part or all of the first biological information A biometric information authentication method, wherein when it is determined that the corresponding portion of the second biometric information is the same data byte string, it is determined that it is not the person.

Images