JP2011096270A - Automatic teller system and device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To attain high security of biological information and reduction in authentication processing time in a biometrics authentication system and method using IC card. <P>SOLUTION: A biometrics authentication system for individual authentication includes a storage part which stores a plurality of prioritized preprocessing data; a biological information obtaining part which obtains biological information on a user; a biological information collation part which compares authentication data generated by high-priority preprocessing data of the plurality of prioritized preprocessing data and biological information obtained by the biological information obtaining part with registration data according to the priority of a plurality of registration data preliminarily stored in the storage part to obtain a collation result; and a control part which counts success of collation result for each execution of collation by the biological information collation part, and changes the priority added to the plurality of preprocessing data preliminarily stored in the storage part. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a biometric authentication system used in an automatic teller machine (ATM) or the like.

  Conventional biometric authentication systems that have been performed with an automatic teller machine (ATM) include the following.

  Patent Document 1 describes a priority processing device in a biometrics personal identification device. In this technique, a plurality of pieces of personal identification information are registered in advance in a database with priorities and collated according to priorities. And since it is likely that the finger used last time is most likely to be used next time, this priority order is rearranged based on the usage record, so that the speed of personal authentication can be improved compared to collation in a fixed order. it can.

JP 2002-140707 A

  However, the method of Patent Document 1 is a priority changing technique that rearranges the priorities based on the usage record that the finger used last time is most likely to be used next time, and thus the following problem occurs. To do.

  When five pieces of biometric information (five different fingers) are registered and the number of past successful authentications is different for each finger (number of successful authentications: 0 thumbs, 70 index fingers, 15 middle fingers, 10 ring fingers, little finger Assuming 5 times), when authentication is performed with a thumb that has been registered but has not been used for authentication in the past, the priority prior to thumb authentication is the 1st index finger, 2nd middle finger, 3rd ring finger 4th place little finger, 5th place thumb, which are changed to 1st thumb, 2nd index finger, 3rd middle finger, 4th ring finger, 5th place little finger after authentication. Further, if authentication is performed with a ring finger that has not been used much for authentication, after the ring finger authentication, the first ring finger, the second thumb, the third index finger, the fourth middle finger, and the fifth little finger are changed. And if you want to authenticate with the index finger next time, the priority is lowered to the third in this situation, so it takes time to collate with the ring finger and thumb with a little successful authentication before reaching the index finger. End up.

  In other words, in the method of Patent Document 1, if a finger with a small number of past successful authentications is used for authentication once, the authentication is always successful before the finger that is frequently used next time is verified. This is inconvenient because the finger must be checked less frequently.

  SUMMARY OF THE INVENTION An object of the present invention is to solve the above-described problems, and to realize high confidentiality of biometric information and shortening of authentication processing time in a biometric authentication system and method using an IC card.

  The present invention employs the following means in order to solve the above problems.

  In a biometric authentication system that performs personal authentication, a storage unit that stores a plurality of preprocessing data to which priority is added, a biometric information acquisition unit that acquires biometric information of a user, and a plurality of fronts to which the priority is added According to the priority order among the authentication data generated by the pre-process data with high priority among the processing data and the biometric information acquired by the biometric information acquisition unit, and a plurality of registration data stored in advance in the storage unit Each time collation is performed by the biometric information collation unit that collates with registered data and obtains a collation result, and the collation result is counted by the biometric information collation unit, and the storage unit And a control unit for changing the priority order added to the plurality of preprocessed data stored in advance.

  In a biometric authentication system and apparatus using an IC card, the present invention adds priority to a plurality of pieces of biometric information, and performs authentication processing from biometric information with a high priority to keep security high and in a short processing time. Identity authentication can be performed.

The example of the schematic diagram of a biometric information registration processing system. The example of the block diagram of a biometric information registration processing system. Explanatory drawing of a biometric information registration process. The example of the flowchart of a biometric information registration process. The example of the schematic diagram of a biometrics processing system. The example of the block diagram of a biometrics processing system. The example of a block diagram of authentication control software. Explanatory drawing of a biometrics authentication process. The example of the flowchart of the transaction containing the biometrics authentication process using the authentication system in IC card. The example of the flowchart of an authentication transaction start process. The example of the flowchart of a biometrics authentication process. The example of the flowchart of an authentication transaction end process. The example of data which shows the relationship between a priority and biometric information.

  Hereinafter, an embodiment using the present invention will be described.

  In this embodiment, a user's biological information (eg, finger vein) is registered in a portable electronic device owned by the user, particularly an IC card, between the operator (contact person) and the user at the sales office of the financial institution. The biometric information registration process, which is installed in financial institutions, convenience stores, etc., and automatically uses cash automatic transaction devices and automatic teller machines (ATMs) to automatically handle transactions involving cash. The biometric authentication process to be used and authenticated is roughly divided into two. The biometric information registration process will be described with reference to FIGS. 1 to 4, and the biometric authentication process will be described with reference to FIGS.

  First, an outline of biometric information registration processing and authentication processing will be briefly described.

  In the biometric information registration process, feature quantities are extracted from the user's finger veins and generated as preprocess data, and registration data is also generated and registered in the IC card. The window terminal used in the process is connected to the biometric information registration apparatus with an IC card device, and biometric information for registration (preprocess data, registration data) is encrypted and does not pass through the window terminal. In addition, data is directly transferred and written from the biometric information registration device to the IC card.

  On the other hand, in the biometric authentication process, the characteristic amount from the finger vein of the user, the preprocess data registered in the IC card, and the registered data are executed based on a specific authentication and verification technique. In the course of this processing, authentication data is generated from biometric information newly acquired by the biometric authentication mechanism connected to the ATM and preprocessed data read from the IC card, and transferred to the IC card. Authentication processing in the IC card.

  In the description of the present invention, the biometric information registration process uses a branch office system and the authentication process uses an ATM. However, the authentication process is also performed in the branch office system, and the registration process is also performed in the ATM. good. However, it is desirable that the biometric information registration process is executed in the store system where the operator is present in order to ensure the identity of the person. An IC card is used as an example of a medium for registering biometric information. However, the present invention is not limited to this, and is a portable electronic medium (portable electronic device) such as a mobile phone or an RFID (Radio-Frequency-Identification) tag. However, an IC card in which an IC chip is mounted on a cash card that is currently most popular with users is desirable, and system changes can be suppressed.

  FIG. 1 is a schematic diagram showing a biometric information registration processing system related to registration of biometric information, among business office systems used by operators in a financial institution. This biometric information registration system is configured by connecting a biometric information registration device 101 having a biometric information reading device 102 and a registration terminal device 104 that controls the biometric information registration device 101. In this system, an operator of a financial institution (a person in charge of a window) operates the registration terminal device 104 to register the user's biometric information in the IC card 105. Specifically, the person in charge of the window operates the operation unit 107, selects from various menus displayed on the display unit 106, and enables various transactions in financial institutions in addition to registration of biometric information.

  The person in charge of the window inserts the IC card 105 into the IC card device 103 which is one component of the biometric information registration device 101 to make the IC card 105 writable. On the other hand, the user places his / her finger on the biological information reading apparatus 102 along the shape shown in the figure. By the operation of the person in charge at the window, the biological information reading apparatus 102 transmits the near-infrared finger to the finger, and captures the finger vein pattern with the camera to obtain the image. A biometric feature amount is extracted from this image, processing described later is added to the extracted biometric feature amount, and recording and writing processing is executed on the IC card 105 by the IC card device 103. The biometric feature amount is data that can identify an individual obtained from finger vein data (vein pattern).

  The IC card device 103 has a function of writing information to the IC card 105 as described above, and also has a function of reading information stored in the IC card 105. That is, although it has a reading or writing function, an example in which biological information is written in the IC card 105 will be described below.

  FIG. 2 is a block diagram showing the configuration of an embodiment of the biometric information registration processing system described in FIG.

  The biometric information registration apparatus 101 includes a CPU 201 that controls the biometric information registration apparatus 101 as a whole, a main storage unit 202 that stores various information, a biometric information reading apparatus 102 that reads biometric information, and an IC card apparatus that writes biometric information to an IC card 105 103 and a communication unit 215 connected to the registration terminal device 104.

  The main storage unit 202 is divided into a ROM 203 that stores various programs and a RAM 204 that mainly stores data and can rewrite the stored data. Here, a main storage unit (also simply referred to as a storage unit) 202 including a ROM 203 and a RAM 204 will be described, but a configuration including a hard disk and various semiconductor memories may be used. The ROM 203 includes a registration processing program 205 for biometric information registration processing, a registration data creation program 206 for creating registration data used during authentication, a biometric information reader control program 207 for controlling the biometric information reader 102, An IC card apparatus control program 208 for writing information to the IC card 105 and a communication control program 209 for controlling the communication unit 215 are provided.

  The biometric information reading apparatus 102 acquires a biometric image (finger vein pattern), and an image sensor (image acquisition unit) 210 configured with a CCD camera or the like, and whether or not a finger is placed in an image acquisition area of the image sensor 210. A living body presence / absence detection illumination LED 211 and a living body obtaining illumination LED (biological irradiation unit) 212 that irradiates a finger with near infrared rays when a biological image (finger vein pattern) is acquired. The IC card device 103 includes an IC card writing unit 213 for writing information to the IC card 105 and a contact terminal 214 for connecting to the IC card 105.

  The IC card 105 includes a CPU 221 that controls the entire IC card 105, a storage unit 222 that stores data related to biometric information, programs related to financial transactions, and the like, and a contact terminal 223 for connection to the biometric information registration apparatus 101. ing. The IC card device 103 and the IC card 105 are not limited to the contact type using the contact terminals, but can be configured as a non-contact type.

  The registration terminal device 104 includes a CPU 231 that controls the entire registration terminal device 104, a main storage unit 232 that stores data and programs, a CRT, a liquid crystal display, and the like, a display unit 106 that displays operation guidance, and a contact person And the communication unit 235 connected to the biometric information registration device 101 and the biometric registration terminal device 104. In addition to the biometric information registration apparatus control program 233 for controlling the biometric information registration apparatus 101, the main storage unit 232 stores various financial transaction programs that are traded at a window.

  A process of creating registration data to be registered in the IC card 105 in the biometric information registration process will be described with reference to FIG. However, the disclosure of the algorithm and the like in the creation process is omitted from the viewpoint of security, that is, forgery due to information leakage or the like. The same applies to the biometric information authentication process.

  First, based on the biometric image (finger vein pattern) obtained by the image sensor 210, a biometric feature amount representing the feature is extracted using a certain algorithm (step 301). Then, preprocessing data is created from the biometric feature using a certain algorithm. Further, registration data is created by combining the biometric feature quantity and the preprocess data (step 302).

  Here, the preprocess data can be interpreted as an encryption key used for creating registration data. Further, as is apparent from the above and the drawings, the registration data is data that cannot be directly created from the biometric feature amount. The preprocess data and the registration data are data created from biometric features that clearly represent the user's own characteristics. In this creation process, an algorithm based on irreversible transformation is used. Therefore, as creation processing by inverse transformation, it is not possible to create biometric feature quantities or preprocess data from registered data, and to create biometric feature quantities from two data of preprocess data and registration data. It is desirable that the preprocess data is information created by extracting a portion where the user cannot be identified, and the registration data is information created by extracting the portion where the individual can be identified. In addition, both pre-processing data and registration data are unique information that can only be obtained by the cardholder. As will be described later, preprocessing data and registration data exist for each finger, and priorities are added to the number of fingers to be registered and stored in the IC card 105. For example, if a vein of three fingers (priority is given in the order of the right index finger, right middle finger, and left hand index finger) is registered, preprocessing data / authentication of the right index finger with priority 1 as shown in FIG. Data, pre-processing data / authentication data of the right hand middle finger of priority 2 and pre-processing data / authentication data of the left index finger of priority 3 are registered.

  As shown in FIG. 13, reference numeral 1301 indicates a priority when a user registers biometric information in an IC card, and is a value (fixed value) set for each finger type 1302. Pre-processing data 1303 and registration data 1304 are registered in the IC card for the finger type 1302, respectively. Further, as another example, the number of successes at the time of authentication described later is accumulated for each finger type 1302 and stored in the reference numeral 1305. Then, a setting value (change value, not shown) of priority order change data for changing the priority order based on the number of successful authentications 1305 is added and stored in the IC card.

  Finally, the created preprocessing data and registration data are stored in the IC card 105 (step 303). These data stored in the IC card 105 are stored in an encrypted state, and as described above, they are stored in a state where a creation process by reverse conversion is impossible. Therefore, even if pre-processed data and registered data are read by a malicious person and both data are decoded, it is impossible to generate a biometric feature. As described above, data in the IC card is protected by double security such as data encryption and data generation incapable of reverse conversion.

  The above data creation algorithm is represented by mathematical formulas below.

   If the biometric feature amount is x, the preprocess data y can be expressed as “y = f (x)” using a certain function f (corresponding to an algorithm).

  Since the registered data z is created by a combination of the biometric feature quantity x and the preprocess data y, it can be expressed as “x + y → z = g (x, y)” using a certain function g.

  And since this creation process is irreversible, z = g (x, y) → x, z = g (x, y) → y, z = g (x, y) → x + y As described above, the biometric feature amount and the preprocess data cannot be restored from the registered data.

  FIG. 4 is a flowchart example of biometric information registration processing executed by each mechanism and each unit (including a program) by the CPU 201 of the biometric information registration apparatus 101 or based on an instruction from the CPU 201.

  An IC card 105 is inserted in the IC card device 103, and the IC card is connected (data can be written to the IC card 105). In order to establish the IC card connection, it is necessary to bring the contact terminal 214 of the IC card device 103 into contact with the contact terminal 223 of the IC card 105. In the following, a process in which the person in charge handles the registration terminal device 104 to register the user's biometric information in the IC card 105 and processes and controls executed by each mechanism based on the operation will be described. The communication control program 209 described with reference to FIG. 2 controls data transmission / reception between the biometric information registration apparatus 101 and the biometric registration terminal apparatus 104 in particular, but will be omitted below.

  The registration terminal device 104 displays a menu screen (a screen for guiding selection of processing such as registration, authentication, change, and termination) on the display unit 106, and accepts an input operation of the person in charge at the window by the operation unit 107. When a registration process is selected from the displayed transaction items by the operation unit 107, the CPU 231 of the registration terminal device 104 executes the registration processing program 205 and the biometric information registration apparatus control program 233 to the biometric information registration apparatus 101. An instruction to start the registration process is issued. The CPU 201 of the biometric information registration apparatus 101 that has received an instruction to start the registration process executes the registration process program 205 and performs the registration process as the entire system.

  A guidance for inserting the IC card 105 into the biometric information registration apparatus 101 is displayed on the display unit 106 of the registration terminal apparatus 104. When the IC card 105 is inserted into the IC card device 103 (step 401), the contact terminal 223 of the IC card 105 and the contact terminal 214 of the IC card device 103 are brought into contact with each other to connect the biometric information registration device 101 and the IC card 105. (Step 402). At this time, the presence / absence of a program related to biometric information in the storage unit 222 of the inserted IC card 105 is determined (step 403). If there is no program (if the card cannot register data), the IC card 105 is returned ( Step 414). On the other hand, when there is a program related to biometric information in the storage unit 222 of the inserted IC card 105 (in the case of a card capable of registering data), the priority N is set to “1” (step 404), and the display unit 106 is set. Guidance is displayed to place the finger to be registered on the biometric information reader 102. In response to this, the user places a finger to be registered on the biological information reader 102. The CPU 201 of the biometric information registration apparatus 101 executes the biometric information reader control program 207 and issues a biometric information reading start instruction to the biometric information reader 102. When the object (finger) is placed in the image acquisition area of the image sensor 210, the biological information reader 102 detects the entry of the object (finger) by the living body presence / absence detection illumination LED 211 (step 405). It is checked whether or not it is a living body (step 406). If the inserted object (finger) is not a living body, the IC card 105 is returned without writing any information on the IC card 105 (step 414). When the inserted object (finger) is a living body, the object (finger) is irradiated with near-infrared rays by the living body acquisition illumination LED 212, and a biological image (finger vein pattern) of priority N (N = 1) by the image sensor 210 ) And is stored in the RAM 204 (step 407). Next, a biometric feature quantity with priority N (N = 1) is extracted from a biometric image (finger vein pattern) with priority N (N = 1) (step 408). Then, by executing the registered data creation program 206, the pre-process data of the priority order N (N = 1) is created from the biometric features of the priority order N (N = 1) as shown in FIG. 3 (step 409). ), Registration data of priority N (N = 1) is created from the biometric feature quantity of priority N (N = 1) and pre-processed data of priority N (N = 1) (step 410). Subsequently, the IC card device control program 208 is executed, and the created pre-process data with priority N (N = 1) and authentication data with priority N (N = 1) in the RAM 204 are stored in the IC card writing unit 213. Further, the CPU 221 in the IC card 105 stores it in the storage unit 222 of the IC card 105 (step 411). It is determined whether the registration of the number of fingers to be registered is completed (step 412). If completed, the biometric information registration is completed and the IC card 105 is returned (step 414). If not completed, 1 is added to the priority order N (N = 1) to set the priority order N (N = 2) (step 413), and the process proceeds again to steps 405 to 411, where the priority order N (N = The pre-processing data of the finger 2) and the authentication data of the finger with the priority N (N = 2) are stored in the storage unit 222 of the IC card 105. In this way, steps 405 to 411 are repeated, and registration is continued until the number to be registered is completed. The number of fingers to be registered may be determined freely by the financial institution side and the user side.

  Further, the priority order is not added at the time of registration as shown in FIG. 4, but can be added / changed in any order according to the user's declaration after all fingers are registered. As a result, it is possible to give the user time to think about the priority order.

  Furthermore, even if priorities are not added in advance registration, it is possible to automatically add / change the finger used by the user when performing the authentication process according to the order of use frequency. The usage frequency is registered in the IC card in association with the preprocess data and registration data. In the order of use frequency, it is possible to save time and effort for adding priorities and improve usability for the user. There are various types of priority definitions, including numerical values in descending and ascending order and those using character strings. Note that the frequency of use may simply count (account) the number of successful biometric authentications as shown in FIG. 13 or use the number of failures such as the usage rate for each finger in the total number of biometric authentications performed. Various statistics can be considered as long as the object of the present invention can be achieved.

  The biometric information registration processing and control have been described based on the processing and control of each program stored in each of the CPUs 201, 2221, and 231, but each program has already been in the initial stage of shifting to registration processing. Needless to say, these hardware and software configurations may be regarded as a control unit, and the above-described various controls and processes are functions and means of the control unit. The same applies to the biometric information authentication process described below.

  In executing the biometric information authentication process, the authentication process is performed using the information registered by the above-described registration process, that is, the preprocess data stored, registered, and written in the IC card 105 and the registration data. This will be described on the assumption.

  FIG. 5 is a schematic diagram of the biometric authentication processing system. The biometric authentication system is necessary for an automatic cash transaction or a depositing device (ATM) 501 having a function of reading biometric information and a function of reading (or writing) information on the IC card 105 and a transaction related to a financial product. It is configured by connecting to a server 502 that stores various information. The ATM 501 is a device that automatically executes various transactions desired by the user, such as payment, payment, and transfer. The user inserts the IC card 105 into the card / detail slip mechanism unit 504 and uses the operation unit 503 to request it. A transaction can be performed by inputting a transaction, an amount of money, and the like, and successful authentication by the biometric authentication mechanism 508. In particular, in cash transactions, banknotes are deposited or withdrawn by the banknote depositing / withdrawing mechanism unit 506, coins are deposited or withdrawn by the coin depositing / withdrawing mechanism unit 507, and the ATM 501 exchanges cash desired by the user. When the user wishes to fill in the bankbook, the bankbook mechanism unit 505 can enter and print the transaction contents in the bankbook. In addition, since the biometric authentication system demonstrated by this embodiment is used with an automatic cash transaction or a deposit device, it can also be called an automatic cash transaction or a deposit system as a whole.

  FIG. 6 is a block diagram showing the configuration of an embodiment of the biometric authentication processing system. The ATM 501 is a CPU 601 that controls the entire ATM, a screen display of transaction items and key input detection, specifically, an operation unit 503 configured by a user's operation and a touch panel that accepts key input pressed by a finger, Card / detail with functions of inserting and ejecting, reading / writing to the magnetic stripe of the card or IC card 105, reading the image of the card embossed part, printing the transaction contents on the statement slip, and ejecting from the device A slip mechanism unit 504 has a passbook mechanism unit 505 having a user's passbook insertion / ejection operation, a magnetic stripe read / write operation, a printing function by a printing unit for the passbook, and the like.

  Furthermore, it has a bill discrimination / conveyance / storage function, etc., and a bill deposit / withdrawal mechanism 506 for depositing / withdrawing bills, a coin discrimination / conveyance / storage function, etc. Coin deposit / withdrawal mechanism unit 507 for processing, biometric authentication mechanism unit 508 (also referred to as a biometric information acquisition unit) that acquires biometric information and supports the authentication, and main storage unit (also simply referred to as a storage unit) that stores data and programs ) 602 and a communication unit 610 connected to the server 502.

  The operation unit 107 of the registration terminal device 104 described with reference to FIGS. 1 and 2 is used when the person in charge of the window performs an input operation when registering the user's biometric information in the IC card 105, such as a keyboard and a mouse. On the other hand, the operation unit 503 of the ATM 501 in FIGS. 5 and 6 is used for input operation when a user conducts a transaction with the ATM 501, and is configured by a touch panel or the like. These two are the same. The operation unit also has a different configuration and use.

  The card / detail slip mechanism unit 504 includes an IC card reading unit 603 that reads information on the IC card 105, a statement slip printing unit 604 that prints transaction contents on the statement slip, and a contact terminal 605 for connecting to the IC card 105. I have.

  The biometric authentication mechanism unit 508 includes a storage unit 606 that stores various data, an image sensor (image acquisition unit) 607 configured to obtain a user's biometric image (finger vein pattern) and configured with a CCD camera, and the like. A living body presence / absence detection illumination LED 608 that detects whether or not a finger is placed in the image acquirable area of the image sensor 607, and an illumination LED that irradiates the finger with near infrared rays when a biological image (finger vein pattern) is acquired (biological irradiation unit) 609). That is, the biometric authentication mechanism unit 508 has a function of acquiring biometric information that is almost the same as that of the biometric information reading apparatus 102 shown in FIGS.

  The main storage unit (also simply referred to as a storage unit) 602 includes, in hardware, a ROM 620 that stores various programs, and a RAM 621 that mainly stores data and can rewrite the stored data. As described in the above registration process, each may be configured by a hard disk or various semiconductor memories, and is also referred to as first and second storage units. The ROM 620 includes authentication control software 622 for performing processing such as biometric image acquisition and authentication described below in accordance with instructions from the CPU 601 and the like and controlling the biometric authentication mechanism unit 508. In addition, although not shown, screen data to the operation unit 503 of the ATM 501, programs and software necessary for cash transactions and transfer transactions in the ATM 501 are also stored. A server 502 connected to the ATM 501 via a communication network includes a CPU 611 that controls the entire server 502, a storage unit 612, and a communication unit 613 that connects to the ATM 501.

  FIG. 7 shows control related to authentication of biometric information in the ATM 501, in particular, a main storage unit 602 centered on authentication control software 622 for controlling the biometric authentication mechanism unit 508, a biometric authentication mechanism unit 508, a card / detail slip mechanism unit. A control block (software configuration) related to the IC card 105 in 504 is illustrated.

The authentication control software 622 is roughly divided into an authentication control application 701 and an authentication control middleware 702. Software can be referred to as software, an application as an application, and middleware as middle.
The authentication control application 701 is a program having individual functions such as a financial institution that introduces the ATM 501 equipped with the biometric authentication mechanism unit 508. The authentication procedure and method, the screen display at the time of authentication, etc. Create and change specifications. In particular, the authentication control application 701 issues an authentication processing start instruction to the authentication middle 702.

  The authentication control middle 702 is a program having a common function necessary for authentication processing even if the financial institution is different and the biometric information is different. The biometric authentication mechanism control program 703 for controlling the biometric authentication mechanism 508, the IC card 105 Are the programs that control and process various programs related to authentication of biometric information such as an IC card control program 704 that controls the exchange of data with the card and the execution of programs in the IC card 105.

  In addition, the data obtained and executed by the authentication control middle 702 is temporarily stored in the RAM 621. The RAM 621 includes data buffers such as an authentication result data buffer 705, an authentication data buffer 706, and a preprocessing data buffer 707, which are buffer areas for exchanging data between the biometric authentication mechanism unit 508 and the IC card 105. Although these data are stored in the RAM 621 in terms of hardware, it can also be said that they are stored in the authentication control software 622, particularly the authentication control middle 702, in terms of software.

  The authentication control middle 702 operates the card / detail slip mechanism unit 504 and the biometric authentication mechanism unit 508 via a driver (not shown) according to an instruction from the authentication control application 701. And as above-mentioned, the process of these each site | part is controlled by CPU601 of ATM501. The driver is control software for using a computer peripheral device / device (device).

  The storage unit 606 of the biometric authentication mechanism unit 508 controlled by the authentication control software 622 includes an authentication data creation program 709 for creating authentication data and an authentication result determination program 710 for determining success or failure of authentication from the authentication result data. Have. The card / detail slip mechanism unit 504 has an authentication program 711 for performing authentication processing.

  The authentication mechanism and data exchange in the biometric authentication process will be described with reference to FIG. It is also used as a supplement to the description of the biometric authentication flow of FIG. The main body of the following operation is the authentication control middle 702 that has received an execution command from the authentication control application 701. However, since the authentication control application 701 and the authentication control middle 702 jointly perform the operation, the authentication control software 622 operates. I can say that. Also, reception and transmission can be said to be input and output, respectively.

  When authentication of biometric information is executed in the ATM 501 transaction, preprocessing data out of preprocessing data and registration data stored in advance in the IC card 105 is transmitted to the authentication control middle 702. The authentication control middle 702 receives preprocessing data from the IC card 105, temporarily stores it in the preprocessing data buffer 707 of the RAM 621 (including the authentication control software 622 and the authentication control middle 702), and then stores it in the biometric authentication mechanism unit 508. Transmit (step 801). On the other hand, the biometric authentication mechanism unit 508 receives preprocessing data from the authentication control software 622, and thereafter or in parallel acquires user biometric information and extracts biometric feature values from the biometric information. Then, authentication data is created by combining the received preprocessing data with the acquired and extracted biometric feature (step 802).

  Thus, in the biometric information authentication process, the preprocess data also has a function as an encryption key for creating authentication data. Further, even if this authentication data can be acquired, it is not possible to create a biometric feature directly from this data. Authentication data is data created from biometric features, but since this algorithm uses an algorithm based on irreversible conversion processing, biometric features cannot be created from authentication data. The biometric feature quantity cannot be created from the two data, i.e., authentication data. Pre-processing data is information created by extracting a part where an individual cannot be specified, and authentication data is information created by extracting a part where an individual can be specified.

  Here, the above data creation algorithm is expressed by a mathematical formula as in the case of biometric information registration.

  Information obtained at the time of authentication by the biometric authentication mechanism unit 508, that is, a newly obtained biometric feature amount is assumed to be x ′. Since the preprocess data y is not different from that at the time of registration, “y = f (x)”.

  Since the authentication data z ′ is created by the combination of the biometric feature quantity x ′ and the preprocessing data y, it can be expressed as “x ′ + y → z ′ = g (x ′, y)” using a certain function g. Since this creation process is an irreversible process, it is not possible to restore biometric features and preprocessing data from the registered data as in z ′ → x ′, z ′ → y, z ′ → x ′ + y.

  After creating the authentication data in S802, the authentication data created by the biometric authentication mechanism unit 508 is temporarily stored in the authentication data buffer 706 by the instruction and control of the authentication control software 622, and then transmitted to the IC card 105 (step 803). The IC card 105 receives the authentication data, collates the registration data stored in the IC card 105 with the authentication data by a certain algorithm (also referred to as biometric authentication processing), and creates authentication result data (step 804). Further, the created authentication result data is transmitted to the authentication control middle 702. The authentication control middle 702 receives the authentication result data from the IC card 105, temporarily stores it in the authentication result data buffer 705 of the authentication control software 622, and transmits it to the biometric authentication mechanism unit 508. Then, the biometric authentication mechanism unit 508 determines (analyzes) the authentication result data in the biometric authentication mechanism unit 508 (step 805), and notifies the authentication control middle 702 of the authentication result data and the authentication success site / authentication failure cause ( Step 806), the biometric authentication process ends.

  In this way, in the biometric authentication process, the biometric feature closest to the user's biometric information itself is not stored in the IC card 105, and the biometric feature is acquired and extracted by the biometric authentication mechanism unit 508. It has the feature which does not come out from a biometric authentication mechanism part.

  Further, the data exchanged between the IC card 105 and the biometric authentication mechanism unit 508 via the authentication control software 622 and based on the control are three pieces of preprocess data, authentication data, and authentication result data. As described above, there is a feature that a biometric feature cannot be created by combining these data in any way.

  Further, in biometric authentication processing such as creation of each data related to biometric information, the IC card 105 and the biometric authentication mechanism unit 508 share the authentication results to obtain authentication results. Therefore, even if the IC card or the biometric authentication mechanism unit is stolen and the inside thereof is decrypted, the biometric authentication process cannot be executed. That is, it is theoretically possible to create new preprocessing data from the biometric feature amount acquired by the biometric authentication mechanism unit 508 at the time of authentication and create authentication data from the preprocessed data and the biometric feature amount. In the embodiment, the authentication data is created based on the preprocess data and the biometric feature value stored in the IC card 105 without doing so, and security is kept high.

  Further, the authentication control middle 702 stores the preprocess data in the biometric authentication mechanism unit 508, and it is preferable to delete the authentication data after it is created. A mode of transmitting to the authentication mechanism unit 508 is desirable. That is, preprocessing data is stored in the preprocessing data buffer 707 in the authentication control software 622 until the transaction by the ATM 501 is completed. By doing so, there is an effect that it is possible to perform faster processing by transmitting from the preprocessing data buffer 707 in the authentication control software 622 than when transmitting the preprocessing data from the IC card 105.

  Since the biometric authentication process is performed in the IC card 105 as described above, the IC card 105 itself or the CPU 221 of the IC card 105 is also referred to as a biometric information matching unit or a biometric authentication processing unit.

  9 to 12 will be used to explain processing when an automatic cash transaction apparatus and automatic teller machine (ATM) 501 use an IC card 105 to execute a payment transaction including biometric authentication processing by an IC card authentication method. To do.

  FIG. 9 is an example of a flowchart showing transactions on the ATM by the biometric authentication process executed by the CPU 601 of the ATM 501, the authentication control software 622, etc. (control unit), in particular, using the IC card internal authentication method.

  Before performing biometric authentication processing, processing necessary for executing transaction at ATM 501 such as transaction selection, password input, and card insertion is performed. Transaction selection guidance such as payment, payment, balance inquiry, and transfer is read from the ROM 620 and displayed on the operation unit 503, and a transaction selection is received from the user (step 901). When a transaction requiring biometric authentication, such as a payment transaction, is selected, a guidance to insert the IC card is displayed on the operation unit 503 to prompt the user to insert the IC card 105. When the IC card 105 is inserted into the card / detail slip mechanism 504 by the user, it is detected (step 902), and the account number is read from the IC card 105 by the IC card reader 603 of the card / detail slip mechanism 504. . The IC card 105 may be provided with a magnetic stripe, and at that time, data such as an account number other than biological information can be read from the magnetic stripe of the IC card 105.

  Next, a guidance to input the password is displayed on the operation unit 503. When a password is input to the operation unit 503 by the user, it is detected (step 903), and the read account number and the input password are transmitted to the server 502 via the communication units 610 and 613. On the other hand, the CPU 611 of the server 502 receives the input personal identification number via the communication units 610 and 613, and the personal identification number corresponding to the input personal identification number and the account number registered in the storage unit 612 in advance. The verification result is transmitted to the ATM 501 via the communication units 610 and 613. The ATM 501 receives the verification result via the communication units 610 and 613, checks whether the security code is correct (step 904), and counts the number of times the security code is input if the entered security code is not correct (step 904). Step 905). At this time, if the number of input of the personal identification number is within the prescribed number, the user is prompted to input the personal identification number again. If the number of input PINs exceeds the specified number, the transaction is stopped (step 906).

  In step S904, if the input password is correct, it is determined whether the inserted IC card 105 is a biometric authentication target card (step 907). In this case, the biometric authentication target card is a card having information and programs necessary for performing biometric authentication.

  If the inserted IC card 105 is not a biometric authentication target card, the biometric authentication process is not performed, and a transaction such as payment is subsequently executed (step 915). When the inserted IC card 105 is a biometric authentication target card, an authentication transaction start process is performed as a preliminary preparation for the biometric authentication process (step 908). The authentication transaction start process will be described in detail with reference to FIG.

  When the authentication transaction start process ends, the CPU 601 of the ATM 501 takes the authentication control software 622 into the RAM 621 and expands it. Next, the CPU 601 of the ATM 501 executes the authentication control application 701. In response to this, the authentication control application 701 issues a registration information acquisition instruction to the authentication control middle 702. Upon receiving the registration information acquisition instruction, the authentication control middle 702 executes the IC card control program 704 and acquires information (registrant information) necessary for processing instructed by the authentication control application 701 from the IC card 105 (step 909). ). Information necessary for processing includes transaction information such as account number, store number, and subject, user information such as the user name, presence / absence of a certificate such as a driver's license and insurance card that can be used for identity verification. At this time, the authentication control middle 702 acquires preprocessing data registered in advance in the IC card 105 in addition to information instructed to be acquired by the authentication control application 701, and stores it in the preprocessing data buffer 707. This is because the number of accesses to the IC card 105 is reduced and the processing time is improved by acquiring preprocessing data at the same time as the information specified by the authentication control application 701. This data is transmitted to the authentication control middle 702 and stored in the preprocessing data buffer 707. As described above, the CPU 501 of the ATM 501 mainly executes the various programs in the authentication control software 622 to perform the respective processes. However, in the following, this process is omitted to simplify the description, and the authentication control middle 702 is omitted. Will be explained mainly. Further, as described above, these are collectively referred to as control and processing by the control unit (means).

  After acquiring the registration information from the IC card 105, the authentication control middle 702 executes the biometric authentication mechanism control program 703 to perform biometric authentication processing (step 910). That is, the preprocess data stored in the preprocess data buffer 707 is transmitted to the biometric authentication mechanism unit 508, and at the same time, the biometric authentication mechanism unit 508 is instructed to acquire biometric information. This biometric authentication process has been described with reference to FIG. 8, but will also be described in detail with reference to FIG.

  Next, the success or failure of the biometric authentication is checked (step 911). If the biometric authentication is unsuccessful, the number of times of biometric authentication is counted (step 912). If the number of biometric authentications performed at this time is within the prescribed number, the pre-processing data stored and stored in the RAM 621 or the program is retransmitted to the biometric authentication mechanism unit 508, and a re-authentication start screen is displayed on the operation unit 503 of the ATM 501. The user is prompted to perform biometric authentication again (step 917). If the number of biometric authentications exceeds the specified number, the transaction is stopped (step 913). At this time, the preprocess data and the like stored in the RAM 621 are deleted to enhance security. If the biometric authentication is successful in S911, an authentication transaction end process is performed as a post-process of the biometric authentication process (step 914). This authentication transaction end process will be described in detail with reference to FIG.

  When the authentication transaction end process ends, the transaction desired by the user, that is, the transaction selected in S901 is executed (step 915). Specifically, if the transaction desired by the user is a payment transaction, the operation unit 503 accepts an input of the payment amount. When the payment amount is input by the user, a message prompting the user to press the confirmation key as to whether or not the input amount and the amount is correct is displayed on the operation unit 503. When the confirmation key on the operation unit 503 is pressed, transaction data is communicated with the server 502. After the communication, the CPU 601 of the ATM 501 discharges bills and coins for the requested amount from the banknote deposit / withdrawal mechanism unit 506 and the coin deposit / withdrawal mechanism unit 507, respectively, and trades with the statement slip printing unit 604 of the card / detail slip mechanism unit 504. Print data. Then, the IC card 105 is returned from the card / detail slip mechanism unit 504, and the transaction data is printed / sent on the detail slip, thereby completing the transaction (step 916).

  If the transaction desired by the user is a balance inquiry, the transaction data is exchanged with the server 502, and the deposit or borrowing balance is displayed on the operation unit 503 after the exchange. After the display, the user is instructed whether he / she wants to end the transaction or continue another transaction. When it is desired to end the transaction, the IC card 105 is returned from the card / detail slip mechanism unit 504, and the transaction data is printed / sent on the statement slip according to the user's request, and the transaction ends (step 916). . If the user wishes to conduct another transaction, the following processing is performed.

  If a transaction requiring biometric authentication such as the above-described payment transaction is desired after the balance inquiry, biometric authentication is performed again and the transaction is executed only when biometric authentication is successful. By performing biometric authentication for each transaction, if the user confirms the deposit / borrowing balance by the balance inquiry but leaves the ATM without receiving the IC card 105, the transaction is performed by a third party. Since scenes are also conceivable, such a danger can be eliminated and a highly secure ATM system can be realized.

  In this flow, the biometric authentication is performed after the password is input, but the order may be reversed and the password may be input after the biometric authentication is performed. When the password is entered first, the user enters the password immediately after selecting the first transaction after inserting the card, as in general transactions. However, there is an advantage that the device is easy to handle near the current situation. On the other hand, if biometric authentication is performed before authentication with a personal identification number, if someone else performs biometric authentication and the biometric authentication fails and the transaction is rejected, the transaction is terminated without entering the personal identification number. Therefore, there is an advantage that it is not necessary to communicate with a server for useless password collation, and the burden on the server can be reduced.

  The authentication transaction start process in S908 of FIG. 9 will be described with reference to FIG. Upon receiving an authentication transaction start instruction from the authentication control application 701, the authentication control middle 702 executes the IC card control program 704 to connect to the IC card 105 (step 1001). As described above, this enables data reading from the IC card 105. However, in the case of an IC card that does not have data related to biometric information and does not support authentication within the IC card, for example, it is possible to perform a desired transaction at an ATM even with only the authentication process using the above-mentioned personal identification number. It is desirable that the IC card control program 704 is executed by ATM software other than the authentication control middle 702 at almost the same timing as the card insertion in S902 of FIG. 9 and the connection with the IC card 105 is performed at least before the processing of S908. It is better to finish it.

  In addition, in the IC card 105 inserted in the card / detail slip mechanism unit 504, user-specific registration data and pre-processing data are registered in advance by the biometric information registration apparatus 101 in FIG. An authentication program 711 for performing authentication is installed and stored. This authentication program 711 is an application written in advance to the IC card 105 in a non-rewritable format, and specifies registration data pre-registered in the IC card and authentication data obtained by the ATM control unit. It is a program that performs matching and collation according to the algorithm.

  When the connection between the card / detail slip mechanism unit 504 and the IC card 105 is successful in S1001, the authentication control middle 702 acquires the support authentication method (or support authentication information) registered in the IC card 105 (step 1002). . The support authentication method is registered in advance in the IC card 105 and is information that can uniquely determine in which control procedure authentication processing can be performed on information such as authentication data and biometric features. For example, in finger vein authentication, in-device authentication processing for authentication (verification) in the biometric authentication mechanism unit 508 and in-IC card authentication processing for authentication in the IC card 105 are supported. By acquiring, the authentication control procedure can be switched to enable two authentication methods with one authentication control program.

  An authentication method registered in an IC card or the like, such as this support authentication method acquisition, or a method for switching the authentication control procedure or method using information that uniquely determines the authentication control procedure is a terminal equipped with a biometric authentication device such as an ATM. Even when multiple authentication devices (for example, vein authentication devices such as fingers and palms, iris authentication devices for eyes, etc.) are installed, it is possible to control multiple biometric authentication devices by switching the control method of the authentication control program It will be possible.

  Next, it is determined whether or not the authentication method obtained in step 1002 is in-IC card authentication (step 1003). If it is not in-IC card authentication, the IC card 105 is returned without performing transaction processing (step 916). . On the other hand, in the case of the IC card internal authentication method, mutual authentication is performed between the ATM 501 and the IC card 105, and the authentication transaction start process is completed (step 1004). Mutual authentication refers to whether the authentication data creation program 709 in the biometric authentication mechanism unit 508 or the authentication program 711 installed in the IC card 105 has been altered to an unauthorized program, or between the ATM 501 and the IC card 105. This is a process for confirming the validity of the program.

  The biometric authentication process in S908 of FIG. 9 will be described with reference to FIG. As described with reference to FIG. 8, this biometric authentication process finally performs authentication (collation) between registration data previously recorded in the IC card 105 and authentication data newly created during the biometric authentication process. And a process for obtaining the collation result is performed, and the process related to the basis of authentication itself is performed in the IC card 105.

  In step S909 of FIG. 9, data is received from the IC card 105. At the same time, during this biometric authentication, pre-processed data corresponding to the number of registrations stored in advance from the IC card 105 is transmitted to the authentication control middle 702. The authentication control middle 702 receives the preprocess data stored in the IC card 105 and stores it in the preprocess data buffer 707. Further, the preprocess data corresponding to the number of registrations stored in the preprocess data buffer 707 is transmitted to the biometric authentication mechanism unit 508 (step 1101). When the biometric authentication mechanism unit 508 receives the preprocessed data for the number of registrations, the biometric information of the user is read again as parallel processing.

  The processing from step 1102 to step 1106 in FIG. 11 performs substantially the same processing as step 405 to step 408 in FIG. When a finger is placed in the image acquirable area of the image sensor 607, the living body presence / absence detection illumination LED 608 detects that the object (finger) is placed (step 1102), and determines whether the object (finger) is a living body. Check (step 1103). If the inserted object (finger) is not a biometric, biometric authentication fails (step 1104). If the inserted object (finger) is a living body, the living body obtaining illumination LED 609 irradiates the living body with near infrared rays, and the image sensor 607 obtains a living body image (finger vein pattern) and stores it in the storage unit 606 ( Step 1105).

  Next, a biometric feature amount representing characteristic data is extracted from the biometric image (finger vein pattern) (step 1106). Here, the priority order N is set to “1” (step 1107). Then, the authentication data creation program 709 is executed in response to an instruction from the authentication control middle 702, thereby creating the authentication data of the priority order N (N = 1) described with reference to FIG. 8 (step 1108). Then, the created authentication data of priority N (N = 1) is transmitted to the authentication control middle 702 and stored in the authentication data buffer 706.

  The authentication control middle 702 executes the IC card control program 704 to transmit the authentication data of priority N (N = 1) stored in the authentication data buffer 706 to the IC card 105 and simultaneously to the authentication program 711 in the IC card 105. A biometric authentication instruction is issued (step 1109). On the other hand, the IC card 105 executes the authentication program 711 stored in the card, and the registration data of priority N (N = 1) registered in advance in the IC card 105 and the authentication data of the authentication control middle 702 described above. Biometric authentication processing is performed by comparing with authentication data with priority N (N = 1) stored in the buffer 706, and authentication result data with priority N (N = 1) is created.

  Then, the IC card 105 transmits authentication result data of priority N (N = 1) to the authentication control middle 702, and the authentication control middle 702 is an authentication result data buffer 705 in the authentication control middle 702 (in RAM as hardware). To store. As described above, in the data transmission / reception control between the biometric authentication mechanism unit 508 and the IC card 105 performed by the authentication control middle 702, the biometric feature amount acquired from the biometric image (finger vein pattern) is outside the biometric authentication mechanism unit 508. The authentication data registered in the IC card 105 does not appear outside. Therefore, since personal information can be prevented from leaking outside the apparatus, the confidentiality of personal information is protected and security is improved.

  The authentication control middle 702 executes the biometric authentication mechanism unit control program 703 and transmits the authentication result data of the priority N (N = 1) stored in the authentication result data buffer 705 to the biometric authentication mechanism unit 508 (step 1110). At the same time, an authentication result determination instruction is issued to the authentication result determination program 710. Next, whether the biometric authentication is successful from the authentication result data of priority N (N = 1) stored in the authentication result data buffer 705, which is the result of authentication performed in the IC card 105 by executing the authentication result determination program 710. Determine if it failed.

  Here, as an output, when the authentication is successful, the biometric authentication mechanism unit 508 notifies the authentication control middle 702 which part of the biometric is successful. For example, if the part of biometric authentication is a finger vein or a fingerprint, which finger (eg, right hand, middle finger, etc.) has been successfully authenticated, if it is a palm vein, the right hand or left hand, or the iris of the eye For example, the authentication control middle 702 is notified of whether the right eye or the left eye has succeeded in the authentication. On the other hand, if the authentication fails, the authentication result determination program 710 determines the cause of the failure of the in-IC card authentication and notifies the authentication control middle 702 of the cause. For example, the authentication control middle 702 is notified with accompanying information such as whether the finger is placed in a wrong way or another registered finger is placed, and an operation is performed by the authentication control application 701 based on the information. It is desirable to display the cause on the unit 503, so that an apparatus with good operability can be provided. As described above, the example in which the biometric authentication mechanism unit 508 discriminates the authentication result has been described, but the success or failure of the authentication process and the authentication success have been achieved even in the authentication program 711 in the IC card or the authentication control middle 702 that has acquired the authentication result data. The form which can discriminate | determine authentication results, such as a site | part and an authentication failure cause, may be sufficient.

  Next, the authentication control middle 702 matches the registration data of the priority N (N = 1) with the authentication data of the priority N (N = 1), and the authentication result of the priority N (N = 1) that is the collation result. Data is transmitted to the authentication control application 701. The authentication control application 701 determines whether the authentication result data with the priority order N (N = 1) is success or failure (step 1111). If the authentication result data is successful, the biometric authentication process is terminated. If the authentication result data is unsuccessful, it is determined whether biometric authentication for the number registered in the IC card 105 has been completed (step 1112). If biometric authentication for the registered number has been completed, the biometric authentication process is terminated. If biometric authentication for the registered number has not been completed, 1 is added to priority N (N = 1) to give priority N (N = 2) (step 1113), and steps 1108 to step again. Proceeding to 1112, it is determined whether the authentication result data of the finger with the priority N (N = 2) is successful or unsuccessful, and if it is unsuccessful, whether biometric authentication for the registered number has been completed or not. Judging. In this manner, Step 1108 to Step 1112 are repeated, and authentication is continued until the registered number is completed in descending order of priority. At this time, the authentication control middle 702 desirably keeps the preprocess data acquired in the registration information acquisition process of the IC card 105 in the preprocess data buffer 707, and omits the registration information acquisition process of the IC card 105. As a result, the authentication processing time is improved. This is because preprocessing data acquired from the IC card 105 is also used when performing authentication processing a plurality of times in order to perform transactions that require continuous identity verification at a single visit, such as from a balance inquiry to a payment transaction. Is not deleted from the preprocessing data buffer 707, the registration information acquisition process of the IC card 105 can be omitted, and the authentication process in the continuous transaction can be executed.

  Here, an example in which the priority order in FIG. 13 is not changed has been described as an example when the authentication result data is successful in step 1111. Furthermore, as described in the biometric registration process, data indicating the number of successful authentications may be added to the data in FIG. At this time, if the authentication result data is successful, the number of successes is counted as one count (counting, counting), and added to the number of successful authentications 1305 in FIG. 13 to change the priority order. The process is executed and controlled in accordance with an instruction from the authentication control middle 702. As a result, it is possible to construct a device and a system that are even easier to use than an example in which the priority order is not changed at all (when only 1301 in FIG. 13 is used). However, when the number of successful authentications becomes exactly the same, authentication processing is performed based on the priority order 1301 of the one registered first.

  In this embodiment, “Please insert your right index finger.”, “Authentication succeeded with right index finger.”, “Authentication failed with right index finger. Next, please insert the right middle finger.” , Instead of instructions / results that specify the finger type, the finger type such as “Please insert your finger.” “Authentication succeeded.” “Authentication failed. Please insert your finger again.” Authentication is performed by displaying instructions / results not mentioned. When the authentication control application 701 receives the result of the authentication failure, it automatically designates different registration fingers in descending order of priority and requests authentication processing from the authentication control middle 702 again. When authentication fails, the user is notified of authentication failure for the first time. As a result, since the type of finger used for authentication is not displayed on the screen of the operation unit 503, a third party who is not the owner of the card should know which finger has been registered for criminal purposes such as counterfeiting. You can prevent it if you do.

  However, an instruction including a finger type and an authentication result may be displayed on the screen of the operation unit 503. In this way, the user can always operate while confirming which finger is registered and which finger is used for authentication, so that it is easy to use and psychologically safe for the user. .

  The authentication transaction end process shown in S914 of FIG. 9 will be described with reference to FIG.

  If the authentication result data is successful, the authentication control application 701 issues an authentication transaction end instruction to the authentication control middle 702. The authentication control middle 702 executes the IC card control program 704 and executes a disconnection process with the IC card 105. The disconnection with the IC card 105 is a state in which the IC card 105 cannot be accessed. After disconnecting from the IC card 105, the biometric authentication device control program 703 is created based on personal information used for biometric authentication, such as biometric features in the biometric authentication mechanism unit 508, based on an instruction from the authentication control middle 702. All information related to authentication is deleted from the storage unit.

  This is also an effective feature for preventing personal information from leaking to the outside and improving security. After clearing the data in the biometric authentication mechanism 508, the authentication control middle 702 deletes the information stored in the authentication result data buffer 705, the authentication data buffer 706, and the preprocess data buffer 707 owned by itself (excluding continuous transactions). ) To prevent information leakage. When the authentication transaction end processing ends, the payment amount is input, communication with the server 502 is performed, and the payment transaction is ended.

  As described above, the biometric information registration process using FIGS. 1 to 4 and the biometric information authentication process using FIGS. 5 to 12 are performed by control and processing of the CPU 601 and the main storage unit 602, for example, in hardware. In terms of software, authentication of biometric information is executed by the control and processing of the authentication control software 622, the authentication control application 701, and the authentication control middle 702. Therefore, as described above, these can be collectively referred to as control and processing by the control unit and control means, and the function of each program can be achieved by hardware such as LSI. The various programs shown in FIG. 7 are not only activated and executed for the first time when necessary for the processing, but the processing time is shortened by starting each program when starting ATM and executing the necessary program for each processing. it can.

  In FIG. 3, the preprocessing data is created from the biometric feature quantity, and the registration data used at the time of authentication is created from the created preprocess data and the biometric feature quantity. Is not related to the biometric feature at all, and may be created independently. As described above, pre-processing data has the function of an encryption key (or algorithm) for creating registration data at the time of biometric information registration, and the function and role of the encryption key for creating authentication data at the time of biometric authentication. Have. Therefore, if preprocessing data is created from biometric features, that is, data corresponding to each user becomes a high security data creation algorithm, but on the other hand, if preprocessing data is created independently of biometric features The preprocessing data itself, which serves as an encryption key, can be created in advance, and the overall program structure is simple, saving time and shortening the registration and authentication processing time.

  In addition, the preprocessing data is created in one step from the biometric feature amount, but it may be created after considering several steps. As a result, even if a third party tries to analyze the preprocess data creation process, the creation process is complicated and difficult to analyze, and the analysis takes time.

  Pre-processing data, registration data, and authentication data (including authentication data created when authentication fails or during continuous transactions) are information originally created and generated from biometric features (including image patterns) such as the user's finger. Therefore, it can be referred to as first, second,... (Biological) information. That is, it can be said that these first, second,... (Biological information) are information obtained from the biometric information, which is a concept including biometric features.

  As described above, in the in-IC card authentication method of the present invention, information that can identify an individual registered in the IC card and biometric information (biometric feature) itself acquired by the authentication device are not taken into the authentication device-equipped terminal. The confidentiality of personal information is protected, and biometric authentication with high security becomes possible.

  In the registered biometric information priority addition authentication method of the present invention, the user adds priority to a plurality of pre-registered biometric information, and shortens the authentication process by executing the authentication process in descending order of priority. can do.

  Also, for biometric authentication that adds priorities to biometric information so far, priority change technology that rearranges these priorities based on actual usage that the finger used last time is most likely to be used next time was there. However, in this change technique, when five pieces of biometric information (five different fingers) are registered and the number of past successful authentications is different for each finger (the number of successful authentications: 0 thumbs, 70 index fingers, 15 middle fingers). If you use a finger (thumb etc.) with a small number of previous successful authentications for authentication once for the ring finger (10 times, little finger 5 times), you will usually use it for the next time you use the finger (index finger, etc.) It is inconvenient because it is necessary to collate fingers with a small number of successful authentications before collating fingers.

  On the other hand, in the present invention, the number of successful authentications is the same as in the above-described problem (number of successful authentications: 0 thumbs, 70 index fingers, 15 middle fingers, 10 ring fingers, 5 little fingers). Since the priority order is added based on the above, before and after thumb authentication, before and after ring finger authentication, it is always the first index finger, the second middle finger, the third ring finger, the fourth place little finger, and the fifth place thumb. Here, if it is desired to authenticate with the index finger next time, the priority is the first, so it is not necessary to perform unnecessary finger collation, and authentication can be performed in a short time.

DESCRIPTION OF SYMBOLS 101 ... Biometric information registration apparatus, 102 ... Biometric information reader, 103 ... IC card apparatus, 104 ... Registration terminal apparatus, 105 ... IC card, 201 ... CPU (biometric information registration apparatus), 202 ... Main memory (Biometric information) Registration device), 203 ... ROM (biological information registration device), 204 ... RAM (biological information registration device), 205 ... registration processing program, 206 ... registration data creation program, 207 ... biological information reader control program, 208 ... IC card Device control program, 209 ... Communication control program, 210 ... Image sensor (biological information registration device), 221 ... CPU (IC card), 222 ... Storage unit (IC card), 231 ... CPU (registration terminal device), 232 ... Main storage unit (registration terminal device), 233... Biometric information registration device control program, 501. , 502 ... Server, 503 ... Operation unit (automatic teller machine), 504 ... Card / detail slip mechanism part, 508 ... Biometric authentication mechanism part, 601 ... CPU (automatic teller machine), 602 ... Main memory part ( Automatic cash dispenser), 607 ... Image sensor (automatic cash dispenser), 611 ... CPU (server), 612 ... Storage unit (server), 620 ... ROM (automatic cash dispenser), 621 ... RAM (cash Automatic depositing device), 622 ... authentication control software, 701 ... authentication control application, 702 ... authentication control middleware, 703 ... biometric authentication mechanism control program, 704 ... IC card control program, 705 ... authentication result data buffer, 706 ... authentication Data buffer, 707 ... Pre-processing data buffer, 709 ... Authentication data creation program, 710 ... Authentication result determination program 711 ... certification program

Claims (5)

In a biometric authentication system that authenticates individuals,
A storage unit for storing a plurality of preprocessing data with priorities added thereto;
A biometric information acquisition unit for acquiring biometric information of the user;
Among the plurality of preprocessing data to which the priority is added, the authentication data generated by the preprocessing data having a high priority and the biometric information acquired by the biometric information acquisition unit, and the plurality of prestored data in the storage unit A biometric information matching unit that matches the registered data according to the priority order from the registered data and obtains a matching result;
Each time collation is performed by the biometric information collating unit, the number of successful collation results is counted and added to a plurality of preprocessed data stored in advance in the storage unit according to the number of successful collations. A control unit for changing the priority order,
A biometric authentication system comprising: The biometric authentication system according to claim 1,
A biometric authentication system comprising the storage unit and the biometric information matching unit in an IC card. The biometric authentication system according to claim 2, wherein
Banknote deposit / withdrawal unit for depositing / withdrawing banknotes,
An operation unit that displays the operation content to the user and receives an input from the user;
The control unit accepts a payment transaction desired by the user through the operation unit, and when the result is successful in response to the verification process by the biometric information verification unit of the IC card, from the banknote deposit / withdrawal unit A biometric authentication system for dispensing banknotes. In automatic cash transaction equipment that automatically performs cash transactions,
A card mechanism unit that reads a plurality of preprocessing data to which the priority order stored in the IC card is added;
A biometric authentication mechanism for acquiring a biometric feature of the user;
The plurality of preprocessing data to which the priority order read by the card mechanism unit is added is received, and the plurality of preprocessing data to which the priority order is added is transmitted to the biometric authentication mechanism unit and transmitted. The first authentication data generated by the pre-processing data having a high priority among the plurality of pre-processing data to which the priority is added and the biometric feature obtained from the biometric authentication mechanism unit are received and received By transmitting the authentication data to the IC card via the card mechanism, the first authentication data and registration data having a high priority among a plurality of registration data stored in advance in the IC card. A control unit that executes collation,
The control unit processes a transaction desired by a user when the collation result is successful, and when the collation result is unsuccessful, a plurality of preprocessed data to which the transmitted priority order is added. The second authentication data generated by the pre-processing data having the next highest priority and the biometric feature amount acquired from the biometric authentication mechanism unit is received, and the second authentication data is received by the card mechanism unit. And transmitting the second authentication data to the IC card via a plurality of pieces of registration data stored in advance in the IC card. Automatic cash transaction equipment. In an automatic transaction device that automatically performs cash transactions,
A card mechanism unit that reads a plurality of preprocessing data to which the priority order stored in the IC card is added;
A biometric authentication mechanism for acquiring a biometric feature of the user;
The plurality of preprocessing data to which the priority order read by the card mechanism unit is added is received, and the plurality of preprocessing data to which the priority order is added is transmitted to the biometric authentication mechanism unit and transmitted. The first authentication data generated by the pre-processing data having a high priority among the plurality of pre-processing data to which the priority is added and the biometric feature obtained from the biometric authentication mechanism unit are received and received By transmitting the first authentication data to the IC card via the card mechanism unit, the first authentication data and registration data having a high priority among the plurality of registration data stored in advance in the IC card A control unit that executes collation with the control unit, when the collation is performed, the control unit counts the number of successful collation results for each type of living body, An automatic transaction apparatus characterized in that, according to the number of times, the priority order added to the preprocess data and registration data stored in advance in the IC card is changed.

Images