JP2012064147A - Biometric authentication system, information processor, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To reduce a risk that information concerning biometric authentication is illegally used even if the information is leaked.SOLUTION: A reference information management device 200 stores reference information indicating the characteristics of individual living bodies and reference information identification information in association with each other. A user identification information management device 300 stores user identification information and second confidential information in association with each other. A terminal device 100 transmits biological information indicating the characteristics of individual living bodies and the reference information identification information to the reference information management device 200, and the reference information management device 200 checks reference information associated with the reference information identification information against biological information. When determining that the reference information and the biological information matches with each other, the reference information management device 200 generates matching information by using first confidential information and transmits the matching information to the terminal device 100. The terminal device 100 transmits the matching information and the user identification information to the user identification information management device 300, and the user identification information management device 300 determines the authenticity of the matching information by using the second confidential information .

Description

  The present invention relates to a biometric authentication system, an information processing apparatus, and a program.

In biometric authentication, information representing physical features such as fingerprints is registered in advance as reference information, and authentication is performed by comparing newly collected physical features with registered reference information. While physical features such as fingerprints have the advantage of being difficult to counterfeit, it is very difficult to deal with information leaks.
Regarding management of reference information, for example, in Patent Documents 1 to 5, instead of centrally managing reference information by a server device, reference information is stored in a storage medium such as an IC card for each user, and this storage medium is stored in the storage medium. It has been proposed that the user carry it.

JP 2006-323691 A JP 2007-310904 A JP 2010-020785 A JP 2005-115800 A JP 2009-026235 A

  Even if the information regarding biometric authentication leaks, this invention aims at reducing the risk that the information will be used illegally.

  The invention according to claim 1 associates a terminal device having an input unit and a communication unit, reference information representing characteristics of each living body, and reference information identification information for uniquely identifying the reference information. Reference information management device comprising storage means for storing, acquisition means for acquiring first secret information, communication means, user identification information for uniquely identifying a user, and the first secret information And a user identification information management device having a storage means for storing the second secret information for determining the authenticity of the information generated by using the association, and a communication means, the terminal device If the input means inputs the biological information representing the characteristics of each living body, the reference information identification information, and the user identification information, the communication means transmits the biological information and the reference information identification information. Reference information management by And the reference information management device receives the biometric information and the reference information identification information transmitted from the terminal device by the communication means, the reference information associated with the reference information identification information is received. When it is determined that the biometric information and the reference information match as a result of collation by the collation unit that reads out from the storage unit and collates the biometric information with the reference information, and collates by the collation unit, Using the acquired first secret information, generating verification information indicating that the biometric information is authentic, and having verification information transmission means for transmitting the verification information to the terminal device by the communication means, If the terminal device receives the collation information transmitted from the reference information management device by the communication unit, the terminal device uses the collation information and the usage input by the input unit. User identification information is transmitted to the user identification information management device by the communication means, and the user identification information management device receives the verification information and user identification information transmitted from the terminal device by the communication means. If so, the second secret information associated with the user identification information is read from the storage means, the authenticity of the verification information is determined using the second secret information, and the verification information is authentic. If it is determined that the verification information is authentic, the communication means includes determination information transmitting means for transmitting the determination information to the terminal apparatus, and the terminal apparatus includes the user identification information. Provided is a biometric authentication system comprising execution means for executing predetermined processing when the communication means receives determination information transmitted from a management apparatus.

  The invention according to claim 2 has a plurality of the reference information management devices in which the storage contents of the storage means do not overlap each other, and the terminal device is a first device for uniquely identifying the reference information management device The identification information is input by the input unit, and the biological information and the reference information identification information are transmitted to a reference information management device corresponding to the first device identification information. A biometric authentication system is provided.

  The invention according to claim 3 has a plurality of the user identification information management devices in which the storage contents of the storage means do not overlap each other, and the terminal device uniquely identifies the user identification information management device If the second device identification information is input by the input means, the verification information and the user identification information are transmitted to a user identification information management device corresponding to the second device identification information. A biometric authentication system according to claim 1 or 2 is provided.

  In the invention according to claim 4, the first secret information is encrypted with a first encryption key, stored in the storage means in association with the reference information, and the terminal device includes the first secret information. And the first encryption key is transmitted to the reference information management device by the communication means together with the biometric information and the reference information identification information, and the verification information transmitting means The means decrypts the first secret information read from the storage means by using the first encryption key received from the terminal device, and generates the verification information by using the decrypted first secret information. A biometric authentication system according to any one of claims 1 to 3 is provided.

  In the invention according to claim 5, the second secret information is encrypted with a second encryption key, and the terminal device inputs the second encryption key with the input means, And the biometric information and the reference information identification information are transmitted to the reference information management device by the communication unit, and the determination information transmission unit transmits the second secret information read from the storage unit to the terminal device. The decryption is performed using the second encryption key received from the server, and the authenticity of the verification information is determined using the decrypted second secret information. A biometric authentication system is provided.

  According to a sixth aspect of the present invention, the first secret information and the second secret information are hash values of the reference information, and the acquisition unit calculates the hash value of the reference information by calculating the hash value of the reference information. The biometric authentication system according to any one of claims 1, 2, 3, and 5 is provided.

  In the invention according to claim 7, the first secret information and the second secret information are a common key in a common key cryptosystem, and the verification information transmitting means uses the first secret information to The verification information is encrypted, and the determination information transmitting means decrypts the verification information using the second secret information, and determines whether the verification information is true or false. A biometric authentication system according to any of the above is provided.

  In the invention according to claim 8, the first secret information is a public key or a secret key in a public key cryptosystem, and the second secret information is paired with the first secret information in a public key cryptosystem. The verification information transmission means encrypts the verification information using the first secret information, and the determination information transmission means uses the second secret information. 6. The biometric authentication system according to claim 1, wherein the verification information is decrypted and then the authenticity of the verification information is determined.

  The invention according to claim 9 is characterized in that the verification information transmission means generates the verification information based on the authentication identification information generated according to a predetermined rule and the first secret information, and the determination information transmission means The authenticity of the verification information transmitted from the terminal device and whether or not the verification information is reused are determined using the second secret information, and the verification information is authentic, The biometric authentication system according to any one of claims 1 to 5, wherein the determination information is transmitted to the terminal device when the collation information is not reused.

  According to a tenth aspect of the present invention, if the terminal device inputs biometric information representing individual biometric features, the reference information identification information, and the user identification information by the input means, authentication identification information is provided. Is transmitted to the user identification information management device, and the user identification information management device generates the authentication identification information according to a predetermined rule, stores the authentication identification information in the storage unit, and When the terminal device receives the authentication identification information transmitted from the user identification information management device, the reference information includes the authentication identification information, the biological information, and the reference information identification information. The verification information transmitting means generates the verification information based on the authentication identification information received from the terminal device and the first secret information. Providing biometric authentication system according to any of Motomeko 1 to 5.

  According to an eleventh aspect of the present invention, there is provided a plurality of the reference information management devices in which the storage contents of the storage means do not overlap each other, first device identification information for uniquely identifying the reference information management device, an account number, The authentication identification information management device having a storage means, a storage means, and a communication means, and a service providing device for providing a service in response to a request from the terminal device, the reference information When the communication device receives the biometric information and the reference information identification information transmitted from the terminal device, the management device requests the authentication identification information management device to transmit authentication identification information, and manages the authentication identification information management. The apparatus generates the authentication identification information according to a predetermined rule, stores the authentication identification information in association with the first apparatus identification information in the storage unit, and the authentication unit. The identification information is transmitted to the reference information management device, and the verification information transmission means generates the verification information based on the authentication identification information received from the authentication identification information management device and the first secret information, and The determination information transmitting means determines whether the verification information transmitted from the terminal device is authentic and whether the verification information is reused using the second secret information, and When the providing apparatus receives the determination information transmitted from the determination information transmitting means via the terminal apparatus, the providing apparatus transmits a use notification to the authentication identification information management apparatus, and the authentication identification information management apparatus 6. When receiving the usage notification from a providing device, a process for depositing into an account corresponding to the authentication identification information stored in the storage means is executed. Providing biometric authentication system according to.

  According to a twelfth aspect of the present invention, there is provided storage means for storing the reference information representing the characteristics of each living body and the reference information identification information for uniquely identifying the reference information, and the first secret information. If the acquisition unit, the communication unit, and the biological information and the reference information identification information transmitted from the terminal device are received by the communication unit, the storage unit stores the reference information associated with the reference information identification information. And when the biometric information and the reference information match with each other as a result of the collation by the collation means, the biometric information and the reference information are obtained by the obtaining means. Using collation information transmitting means for generating collation information indicating that the biometric information is authentic using the secret information of one and transmitting the collation information to the terminal device by the communication means. Providing biometric authentication system characterized Rukoto.

  The invention according to claim 13 includes user identification information for uniquely identifying a user, and second secret information for determining the authenticity of information generated using the first secret information. If the communication unit receives the collation information generated using the first secret information and the user identification information transmitted from the terminal device, the storage unit that stores the information in association with each other, and the communication unit. The second secret information associated with the user identification information is read from the storage means, the authenticity of the verification information is determined using the second secret information, and the verification information is authentic. When the determination is made, a biometric authentication system is provided that includes determination information transmission means for transmitting determination information indicating that the verification information is authentic to the terminal device by the communication means.

  According to the fourteenth aspect of the present invention, there is provided a storage unit that stores, in association with each other, reference information representing characteristics of each living body and reference information identification information for uniquely identifying the reference information; When the communication means receives the biometric information and the reference information identification information transmitted from the terminal device, the acquisition means for acquiring the secret information, the reference information associated with the reference information identification information is obtained. When it is determined that the biometric information and the reference information match as a result of collation by the collation unit that reads out from the storage unit and collates the biometric information with the reference information, and collates by the collation unit, Using the acquired first secret information, collation information indicating that the biometric information is authentic is generated, and the collation information is transmitted to the terminal device by the communication unit. Providing program for functioning as a transmitting means.

  According to a fifteenth aspect of the present invention, there is provided a second secret for determining authenticity of information generated by using the user identification information for uniquely identifying the user and the first secret information. Storage means for associating and storing information, communication means, verification information generated using the first secret information transmitted from the terminal device, and user identification information are received by the communication means. If so, the second secret information associated with the user identification information is read from the storage means, the authenticity of the verification information is determined using the second secret information, and the verification information is authentic. If it is determined that the verification information is authentic, a program for causing the communication means to function as determination information transmission means for transmitting the determination information to the terminal device is provided.

According to the inventions according to claims 1, 12, 13, 14, and 15, even if information related to biometric authentication is leaked, the information is illegal compared to the case where information related to biometric authentication is stored in a single device. It is possible to reduce the risk of being used in the process.
According to the second aspect of the present invention, it is possible to make it difficult to associate the reference information with the user identification information as compared with the case where all the reference information is stored in only one reference information management device.
According to the invention of claim 3, it is difficult to associate the reference information with the user identification information as compared with the case where all the user identification information is stored in only one user identification information management device. be able to.
According to the invention which concerns on Claim 4, compared with the case where 1st secret information is not encrypted, the danger that collation information will be produced | generated illegally can be reduced.
According to the invention which concerns on Claim 5, compared with the case where 2nd secret information is not encrypted, the risk that determination information is produced | generated illegally can be reduced.
According to the invention of claim 6, forgery of the first secret information and the second secret information can be prevented.
According to the invention which concerns on Claim 7, compared with the case where collation information is not encrypted, the danger that collation information is forged can be reduced.
According to the eighth aspect of the present invention, even if either the first secret information or the second secret information is leaked, it is possible to prevent forgery and illegal decryption of the verification information.
According to the ninth aspect of the invention, unauthorized reuse of verification information can be prevented.
According to the invention which concerns on Claim 10, use of one collation information can be made only once.
According to the invention which concerns on Claim 11, the payment procedure of the charge to a reference information management apparatus can be performed using the existing information.

It is a figure which shows the whole structure of 1st Embodiment. 2 is a diagram illustrating a hardware configuration of a terminal device 100. FIG. 3 is a diagram showing information stored in a cash card 10. FIG. 2 is a diagram illustrating a hardware configuration of a reference information management apparatus 200. FIG. It is a figure which shows the content of the reference information table. 2 is a diagram illustrating a hardware configuration of a user identification information management apparatus 300. FIG. It is a figure which shows the content of the user identification information table. 2 is a diagram illustrating a hardware configuration of a service providing apparatus 400. FIG. It is a figure which shows operation | movement of the biometrics authentication system 1 in 1st Embodiment. It is a figure which shows operation | movement of the biometrics authentication system 1 in 2nd Embodiment. It is a figure which shows operation | movement of the biometrics authentication system 1 in 3rd Embodiment. It is a figure which shows the whole structure of 4th Embodiment. It is a figure which shows the hardware constitutions of the authentication identification information management apparatus 600. It is a figure which shows the account number table 610. It is a figure which shows the account number table 620. FIG. It is a figure which shows operation | movement of the biometrics authentication system 2 in 4th Embodiment.

(1) Configuration of First Embodiment (1.1) FIG. 1 is a diagram showing an overall configuration of the first embodiment. This embodiment is an example of an information processing system for executing biometric authentication in an automated teller machine at a bank. The biometric authentication system 1 includes a terminal device 100, reference information management devices 200A, 200B, and 200C, user identification information management devices 300A, 300B, and 300C, a service providing device 400, and a communication network 500.
In the following description, the reference information management devices 200A, 200B, and 200C are collectively referred to as the reference information management device 200 when it is not necessary to distinguish them. Similarly, the user identification information management devices 300A, 300b, and 300C are collectively referred to as the user identification information management device 300. The terminal device 100 is an automatic teller machine installed in a large number at the head office or branch of a bank, but only one is shown for convenience. Further, any number of reference information management devices 200 and user identification information management devices 300 may be used as long as they are plural. A person who holds an account in the bank and uses the terminal device 100 is referred to as a user.

FIG. 2 is a diagram illustrating a hardware configuration of the terminal device 100. The terminal device 100 includes a central processing unit (CPU) 101, a read only memory (ROM) 102, a random access memory (RAM) 103, a storage unit 104, a communication unit 105, a display unit 106, a fingerprint reading unit 107, and a card reading unit 108. , A safe 109 and a transport unit 110.
The storage unit 104 is an auxiliary storage device such as a hard disk storage device, and stores an OS (Operating System), application programs, and the like. The ROM 102 stores a program representing the procedure for reading and executing the OS. The RAM 103 is used as a work area when the CPU 101 executes various programs.

The communication unit 105 is connected to the communication network 500, and according to a predetermined communication protocol, information communication between the terminal device 100 and the reference information management device 200, the user identification information management device 300, and the service providing device 400. Mediate the exchange.
The display unit 106 is, for example, a liquid crystal display device, and displays an operator on the screen for a user to input an instruction regarding deposit or withdrawal, and identifies an operator touched by the user with a sensor. An instruction corresponding to the operator is given to the CPU 101.

The fingerprint reading unit 107 includes, for example, an optical reading unit, reads the fingerprint by the reading unit, and generates image information representing an image of the fingerprint. The image information generated in this way is information representing the characteristics of each living body and is referred to as living body information in this specification.
The card reading unit 108 reads information stored in the cash card 10. The cash card 10 is, for example, a resin plate in which an integrated circuit that functions as a storage medium is embedded.
The transport unit 110 transports the cash stored in the safe 109 to an opening (not shown) of the casing of the terminal device 100. Also, the cash put into the opening is transported to the safe 109.
In short, the terminal device 100 is an example of a terminal device having an input unit and a communication unit.

FIG. 3 is a diagram showing information stored in the cash card 10. The cash card 10 stores reference information identification information, user identification information, first device identification information, second device identification information, and an encryption key. These pieces of information are information written in the cash card 10 when the user applies for the use of the biometric authentication system 1 to the bank.
The reference information identification information is information for uniquely identifying the reference information. The reference information is information representing the characteristics of each individual living body, and is image information representing a fingerprint image, for example. The reference information is generated in advance by, for example, reading the fingerprint of the right index finger by a reading unit similar to the fingerprint reading unit 107 at a bank store. When the reference information is generated, unique reference information identification information is assigned to the reference information, and the reference information identification information is stored in the cash card 10. Further, the reference information and the reference information identification information are associated with each other and stored in any of the reference information management devices 200A, 200B, and 200C.

The user identification information is information for uniquely identifying the user, and is specifically an account number associated with the cash card 10. The user identification information is stored in the cash card 10 and is stored in any of the user identification information management devices 300A, 300B, 300C.
The first device identification information is information for uniquely identifying each reference information management device 200. For example, if the reference information of the user is stored in the reference information management device 200B, “200B” is stored in the cash card 10 as the first device identification information.
The second device identification information is information for uniquely identifying each user identification information management device 300. For example, if the user identification information of the user is stored in the user identification information management device 300C, “300C” is stored in the cash card 10 as the second device identification information.
The encryption key is an encryption key used for encryption and decryption of second secret information described later.

FIG. 4 is a diagram illustrating a hardware configuration of the reference information management device 200. The reference information management apparatus 200 includes a CPU 201, a ROM 202, a RAM 203, a storage unit 204, a communication unit 205, and a time measuring unit 206.
The communication unit 205 is connected to the communication network 500 and mediates exchange of information between the reference information management device 200 and the terminal device 100.
The timer unit 206 outputs the current date and time.

The storage unit 204 stores an OS, application programs, and the like. In addition, the storage unit 204 stores a reference information table 210. FIG. 5 is a diagram showing the contents of the reference information table 210. In the reference information table 210, reference information identification information and reference information are stored in association with each other for each user. The reference information and the reference information identification information are as described above. The reference information identification information and the reference information are written in one of the storage units 204 of the reference information management devices 200A, 200B, and 200C when the user applies for the use of the biometric authentication system 1 to the bank. That is, the storage contents of the storage units 204 of the reference information management devices 200A, 200B, and 200C do not overlap each other.
The CPU 201 calculates the hash value of the reference information by substituting the reference information stored in the reference information table 210 into a specific hash function. This hash value is referred to as first secret information.
In short, the reference information management device 200 includes a storage unit that stores reference information representing the characteristics of each living body and reference information identification information for uniquely identifying the reference information, and first secret information. It is an example of the reference information management apparatus which has an acquisition means which acquires, and a communication means.

FIG. 6 is a diagram illustrating a hardware configuration of the user identification information management apparatus 300. The user identification information management apparatus 300 includes a CPU 301, a ROM 302, a RAM 303, a storage unit 304, a communication unit 305, and a timer unit 306.
The communication unit 305 is connected to the communication network 500 and mediates exchange of information between the user identification information management device 300 and the terminal device 100.
The timer unit 306 outputs the current date and time.

The storage unit 304 stores an OS, application programs, and the like. The storage unit 304 stores a user identification information table 310 shown in FIG. The user identification information table 310 stores user identification information and second secret information in association with each other for each user. The user identification information is as described above. For the second secret information, the hash value obtained by substituting the reference information into the same hash function used by the CPU 201 of the reference information management apparatus 200 for calculating the first secret information is an encryption key (cash card 10 The ciphertext is encrypted with the encryption key stored in (1). That is, when the second secret information is decrypted with the encryption key, the same hash value as that of the first secret information is obtained. The user identification information and the second secret information are written in one of the storage units 304 of the user identification information management devices 300A, 300B, and 300C when the user applies for the use of the biometric authentication system 1 to the bank. . That is, the contents stored in the storage unit 304 of the user identification information management devices 300A, 300B, and 300C do not overlap each other.
In short, the user identification information management apparatus 300 includes the user identification information for uniquely identifying the user and the second for determining the authenticity of the information generated using the first secret information. It is an example of the user identification information management apparatus which has a memory | storage means which matches and memorize | stores secret information, and a communication means.

FIG. 8 is a diagram illustrating a hardware configuration of the service providing apparatus 400. The service providing apparatus 400 includes a CPU 401, a ROM 402, a RAM 403, a storage unit 404, and a communication unit 405.
The communication unit 405 is connected to the communication network 500 and mediates exchange of information between the service providing apparatus 400 and the terminal apparatus 100.
The storage unit 404 stores an OS, application programs, and the like. In addition, the storage unit 404 stores information related to deposit and withdrawal of all accounts opened in the bank in association with user identification information for each account. Each account is uniquely identified by user identification information.

(1.2) Operation Next, the operation of the biometric authentication system 1 in the present embodiment will be described. FIG. 9 is a diagram illustrating the operation of the biometric authentication system 1 in the present embodiment. Here, as an example, an operation in the case where the user X, one of the users who holds an account in the bank A, withdraws cash from the terminal device 100 will be described. The reference information of the user X is stored in the reference information management apparatus 200B, and the user identification information of the user X is stored in the user identification information management apparatus 300C. In this case, the first device identification information is “200B”, and the second device identification information is “300C”.
In the processing described below, the CPU 101 of the terminal device 100, the CPU 201 of the reference information management device 200, the CPU 301 of the user identification information management device 300, and the CPU 401 of the service providing device 400 are respectively stored in the storage units 104, 204, 304, and 404. This is performed by executing the OS and application programs stored in the computer.

  First, the user X goes to the bank A store, touches the “drawer” operator displayed on the display unit 106 of the terminal device 100, and inserts the cash card 10 into the card reading unit 108. Then, the terminal device 100 performs the process of step A01 shown in FIG. Specifically, the card reading unit 108 reads reference information identification information, user identification information, first device identification information, second device identification information, and an encryption key stored in the cash card 10. Then, a text prompting reading of the fingerprint is displayed on the display unit 106. When the user X touches the fingerprint reading unit 107 with a finger, the fingerprint reading unit 107 reads the fingerprint and digitizes the shape of the fingerprint to generate biometric information.

In step A02, the CPU 101 transmits the reference information identification information and the biological information to the reference information management device 200B corresponding to the first device identification information via the communication unit 105.
In short, the processing in steps A01 and A02 is performed when the terminal device inputs biometric information representing individual biometric features, the reference information identification information, and the user identification information by the input means. It is an example of the process which transmits information and the said reference information identification information to the said reference information management apparatus by the said communication means.

In step A03, the communication unit 205 of the reference information management device 200B receives the reference information identification information and biometric information transmitted from the terminal device 100. Then, the CPU 201 reads the reference information associated with the reference information identification information from the storage unit 204, collates the biometric information and the reference information using a known method such as a feature point method, and the similarity between the two is numerically determined. Turn into.
In short, when the CPU 201 receives the biological information and the reference information identification information transmitted from the terminal device, the CPU 201 reads the reference information associated with the reference information identification information from the storage unit, and It is an example of the collation means which collates biometric information and the said reference information.

In step A04, the CPU 201 compares the similarity with a predetermined threshold value. This threshold is obtained by comparing two pieces of biological information obtained from fingerprints that are different from each other when the two pieces of biological information obtained from the same fingerprint are compared with each other. When compared, the probability that the degree of similarity exceeds the threshold value is determined to be a certain value or less.
If the similarity exceeds the threshold (step A04: YES), the CPU 201 determines that the biometric information matches the reference information, and proceeds to step A05. If the similarity does not exceed the threshold (step A04: NO), the CPU 201 determines that the biometric information and the reference information do not match, and notifies the terminal device 100 that the fingerprints do not match. Upon receiving this notification, the terminal device 100 displays a text indicating that the fingerprints do not match on the display unit 106, and ends the process.

In step A05, the CPU 201 generates collation information using the first secret information. Specifically, the CPU 201 obtains the first secret information by calculating a hash value of the reference information. Next, the CPU 201 encrypts specific information using the first secret information as a common key in the common key cryptosystem. The specific information is information representing the current date and time output from the time measuring unit 206, for example. The specific information thus encrypted is called collation information.
In step A06, the CPU 201 transmits verification information to the terminal device 100 via the communication unit 205.
In short, when the CPU 201 determines that the biometric information and the reference information match as a result of the collation by the collating unit, the CPU 201 uses the first secret information acquired by the acquiring unit to authenticate the biometric information. It is an example of the collation information transmission means which produces | generates the collation information showing that it is, and transmits the said collation information to the said terminal device by the said communication means.

In Step A07, the communication unit 105 of the terminal device 100 receives the collation information transmitted from the reference information management device 200B. Then, the CPU 101 transmits the collation information, the user identification information, and the encryption key to the user identification information management apparatus 300C corresponding to the second apparatus identification information via the communication unit 105.
In short, if the terminal device receives the collation information transmitted from the reference information management device by the communication unit, the process of step A07 is performed by using the collation information and the user identification information input by the input unit. It is an example of the process which transmits to the said user identification information management apparatus by the said communication means.

  In step A08, the communication unit 305 of the user identification information management device 300C receives the collation information, the user identification information, and the encryption key transmitted from the terminal device 100. Then, the CPU 301 reads out the second secret information associated with the user identification information from the storage unit 304, and decrypts the second secret information using the encryption key. Then, a hash value of reference information is obtained. This hash value is the same hash value as the first secret information. The CPU 301 decrypts the collation information using this hash value as a common key. Then, information indicating the date and time when the CPU 201 of the reference information management apparatus 200B generates the collation information is obtained.

In step A09, the CPU 301 determines whether or not the collation information is authentic. For example, the date and time obtained by decoding the collation information is compared with the current date and time output from the timer 306, and if the difference between the two is less than a predetermined threshold, the collation information is authentic. Determination is made (step A09: YES), and the process proceeds to step A10. If the difference between the two is greater than or equal to the threshold value, it is determined that the collation information is not authentic (step A09: NO), and the terminal device 100 is notified that the collation information is not authentic. Receiving this notification, the terminal device 100 displays a text indicating that the authentication has failed on the display unit 106, and ends the process.
In step A <b> 10, the CPU 301 transmits determination information indicating that the verification information is authentic to the terminal device 100 via the communication unit 305.
In short, when the CPU 301 receives the collation information and the user identification information transmitted from the terminal device by the communication unit, the CPU 301 stores the second secret information associated with the user identification information from the storage unit. Reading, determining the authenticity of the verification information using the second secret information, and determining that the verification information is authentic when the verification information is determined to be authentic It is an example of the determination information transmission means which transmits to the said terminal device by a means.

In step A11, the communication unit 105 of the terminal device 100 receives the determination information transmitted from the user identification information management device 300C. Then, the CPU 101 causes the display unit 106 to display an operation element for inputting the amount of money. When the user X inputs the amount, the process proceeds to step A <b> 12, and the CPU 101 transmits amount information representing the input amount, user identification information, and determination information to the service providing apparatus 400 via the communication unit 105.
In short, the CPU 101 is an example of an execution unit that executes a predetermined process when the communication unit receives the determination information transmitted from the user identification information management device.

In step A13, the communication unit 405 of the service providing apparatus 400 receives the money amount information, user identification information, and determination information transmitted from the terminal device 100. Then, the CPU 401 determines that the authentication is successful based on this determination information, compares the balance of the account corresponding to the user identification information with the amount information, and if the amount represented by the amount information is less than the balance, step A14 Then, the terminal device 100 is notified together with the user identification information that the withdrawal is permitted.
In step A15, the transport unit 110 of the terminal device 100 transports the cash corresponding to the amount represented by the amount information from the safe 109 to the opening, and when the cash is taken out, the process ends.
The above is the operation of the biometric authentication system 1.

Here, a case where information is stolen from the reference information management apparatus 200 or the user identification information management apparatus 300 will be described.
For example, if someone removes the storage unit 204 from one of the reference information management devices 200 and takes it away, the criminal has obtained reference information, but the criminal does not have user identification information. Therefore, the reference information management apparatus 200 cannot perform biometric information collation.
On the other hand, even if the user identification information is stolen from one of the user identification information management devices 300, the criminal does not have the reference information, and therefore the biometric information cannot be collated by the reference information management device 200.

Next, it is assumed that information is stolen from the reference information management device 200A and the user identification information management device 300A. In this case, the criminal has obtained reference information and user identification information. However, as described above, one reference information is stored in any one of the reference information management devices 200A, 200B, and 200C, and the user identification information corresponding to this reference information is stored in the user identification information management devices 300A, 300B, and 300C. Therefore, the user identification information corresponding to the reference information stored in the reference information management apparatus 200A is not necessarily stored in the user identification information management apparatus 300A. Further, since the information for associating the specific user's reference information with the user identification information is not stored in either the reference information management device 200A or the user identification information management device 300A, the criminal is assigned to the specific user. In order to obtain a combination of reference information and user identification information, a combination of all reference information stolen from the reference information management apparatus 200A and all user identification information stolen from the user identification information management apparatus 300A is used. There is no other way but to try authentication brute force. Moreover, it goes without saying that this trial requires obtaining an encryption key for decrypting the second secret information. In addition, the brute force trial takes a lot of time, but the correct combinations available are very few for the total number of registrations. In this case, since the reference information of the user X is stored in the reference information management apparatus 200B and the user identification information is stored in the user identification information management apparatus 300C, it goes without saying that the user X is not damaged. .
Even if the information is stolen from all the reference information management devices 200 and all the user identification information management devices 300, since the brute force trial takes much more labor, the obtained profit is less labor. And very small.

(2) Second Embodiment The overall configuration of the second embodiment and the configuration of each device are the same as those of the first embodiment.
Next, the operation of the biometric authentication system 1 in this embodiment will be described. FIG. 10 is a diagram illustrating an operation of the biometric authentication system 1 in the present embodiment.
The operations from step A01 to A04 are the same as in the first embodiment.

In step B05, the CPU 201 of the reference information management apparatus 200B generates verification information based on the authentication identification information generated according to a predetermined rule and the first secret information. Specifically, it is as follows. The CPU 201 acquires the first secret information by calculating a hash value of the reference information. Next, the CPU 201 generates authentication identification information. The authentication identification information is information generated according to a predetermined rule, for example, information indicating the current date and time output from the time measuring unit 206. Next, the CPU 201 calculates a hash value by substituting the authentication identification information into a specific hash function, and encrypts the hash value of the authentication identification information using the first secret information as a common key in the common key cryptosystem. Turn into. In the present embodiment, the combination of the ciphertext and authentication identification information obtained in this way is called collation information.
In step B06, the CPU 201 transmits verification information to the terminal device 100 via the communication unit 205.

In step B07, the communication unit 105 of the terminal device 100 receives the collation information transmitted from the reference information management device 200B. Then, the CPU 101 transmits the collation information, the user identification information, and the encryption key to the user identification information management apparatus 300C corresponding to the second apparatus identification information via the communication unit 105.
In step B08, the collation information, user identification information, and encryption key transmitted from the terminal device 100 are received by the communication unit 305 of the user identification information management device 300C. Then, the CPU 301 reads out the second secret information associated with the user identification information from the storage unit 304, and decrypts the second secret information using the encryption key. Then, a hash value of reference information is obtained. This hash value is the same hash value as the first secret information. The CPU 301 decrypts the ciphertext included in the collation information using this hash value as a common key. Then, the hash value of the authentication identification information is obtained. Next, the CPU 301 calculates the hash value of the authentication identification information received from the terminal device 100 using the same hash function that the reference information management device 200B used to calculate the hash value of the authentication identification information in step A05. . Then, the hash value is compared with the hash value obtained by decrypting the ciphertext included in the collation information.

In step B09, if the two hash values compared in step B08 match and the authentication identification information is an expected value, the CPU 301 determines that the verification information is authentic (step B09: YES). ), Go to Step A10. On the other hand, if the two hash values do not match or the authentication identification information is not an expected value, it is determined that the verification information is not authentic (step B09: NO), and the terminal device 100 indicates that the verification information is not authentic. Notify Receiving this notification, the terminal device 100 displays a text indicating that the authentication has failed on the display unit 106, and ends the process.
Here, the “expected value” is, for example, a value whose difference from the current date and time is within a predetermined range. An example of specific processing is as follows. The maximum value of the time required from the generation of the authentication identification information in step B05 to the determination process in step B09 is obtained in advance, and this maximum value is set in the application program as the threshold value for the determination process in step B09. In the determination process of step B09, the CPU 301 compares the difference between the date and time indicated by the authentication identification information and the current date and time acquired from the time measuring unit 306 with this threshold value. If the authentication identification information used in biometric authentication processing in the past is illegally reused, the difference between the date and time represented by the authentication identification information and the current date and time will exceed the threshold. Reuse of identification information is revealed. On the other hand, if the authentication identification information is not reused, the difference between the date and time represented by the authentication identification information and the current date and time is equal to or smaller than the threshold value. Prove.
The operations after Step A10 are the same as those in the first embodiment.

(3) Third Embodiment The overall configuration of the third embodiment and the configuration of each device are the same as those of the second embodiment.
Next, the operation of the biometric authentication system 1 in this embodiment will be described. FIG. 11 is a diagram illustrating an operation of the biometric authentication system 1 in the present embodiment.
The operation in step A01 is the same as in the second embodiment.

In step C001, the CPU 101 of the terminal device 100 transmits a message representing a request for authentication identification information to the user identification information management device 300C via the communication unit 105. The authentication identification information is information generated according to a predetermined rule, for example, information indicating the current date and time.
In step C002, the communication unit 305 of the user identification information management apparatus 300C receives this message, and the CPU 301 generates authentication identification information from the date and time output from the timing unit 306, and stores the authentication identification information in the storage unit 304. To do.
In step C003, the CPU 301 transmits authentication identification information to the terminal device 100 via the communication unit 305.
In step C02, the communication unit 105 of the terminal device 100 receives the authentication identification information transmitted from the reference information management device 200B, and the CPU 101 receives the reference information corresponding to the first device identification information via the communication unit 105. Reference information identification information, an encryption key, biometric information, and authentication identification information are transmitted to the management apparatus 200B.

In step C03, the communication unit 205 of the reference information management device 200B receives the reference information identification information, the encryption key, the biometric information, and the authentication identification information transmitted from the terminal device 100. Then, CPU201 reads the reference information matched with the reference information identification information from the memory | storage part 204, collates biometric information and reference information, and digitizes both similarity.
In step C04, the CPU 201 compares the similarity with a predetermined threshold value. This threshold value is the same as the threshold value used for collation of biometric information and reference information in the first embodiment.
If the similarity exceeds the threshold (step C04: YES), the CPU 201 determines that the biometric information matches the reference information, and proceeds to step C05. If the similarity does not exceed the threshold value (step C04: NO), the CPU 201 determines that the biometric information and the reference information do not match, and notifies the terminal device 100 that the fingerprints do not match. Upon receiving this notification, the terminal device 100 displays a text indicating that the fingerprints do not match on the display unit 106, and ends the process.

In step C05, the CPU 201 of the reference information management device 200B generates collation information in the same procedure as in the second embodiment. That is, the CPU 201 obtains the first secret information by calculating a hash value of the reference information, generates authentication identification information (for example, information indicating the current date and time output from the time measuring unit 206), Is used as a common key in the common key cryptosystem, and the hash value of the authentication identification information is encrypted. In the present embodiment, the combination of the ciphertext and authentication identification information obtained in this way is called collation information.
In step C06, the CPU 201 transmits verification information to the terminal device 100 via the communication unit 205.

  In step C07, the communication unit 105 of the terminal device 100 receives the collation information transmitted from the reference information management device 200B. Then, the CPU 101 transmits the collation information, the user identification information, and the second encryption key to the user identification information management apparatus 300C corresponding to the second apparatus identification information via the communication unit 105.

  In step C08, the communication unit 305 of the user identification information management device 300C receives the collation information, the user identification information, and the second encryption key transmitted from the terminal device 100. Then, the CPU 301 reads out the second secret information associated with the user identification information from the storage unit 304, and decrypts the second secret information using the second encryption key. Then, a hash value of reference information is obtained. This hash value is the same hash value as the first secret information. The CPU 301 decrypts the ciphertext included in the collation information using this hash value as a common key. Then, the hash value of the authentication identification information is obtained. Next, the CPU 301 calculates the hash value of the authentication identification information received from the terminal device 100 using the same hash function that the reference information management device 200B used for calculating the hash value of the authentication identification information in step C05. . And the authenticity of collation information is determined by the following two methods. In the first method, the hash value of the authentication identification information is compared with the hash value obtained by decrypting the ciphertext included in the verification information. In the second method, the authentication identification information included in the verification information is compared with the authentication identification information stored in the storage unit 304.

In Step C09, if the two hash values match in the comparison by the first method and the two authentication identification information matches in the comparison by the second method, it is determined that the verification information is authentic (Step S09). (C09: YES), the process proceeds to step A10. If the comparison result of at least one of the first method and the second method does not match, it is determined that the collation information is not authentic (step C09: NO), and the terminal device 100 is notified that the collation information is not authentic. Receiving this notification, the terminal device 100 displays a text indicating that the authentication has failed on the display unit 106, and ends the process.
The operations after Step A10 are the same as those in the first embodiment.

(4) Fourth Embodiment FIG. 12 is a diagram showing an overall configuration of the fourth embodiment. In addition to the configuration of the first embodiment, the biometric authentication system 2 includes an authentication identification information management device 600 and service providing devices 400A, 400B, and 400C. In this embodiment, each reference information management device 200 is operated by different operators. In addition, when it is not necessary to distinguish between the service providing apparatuses 400A, 400B, and 400C, they are collectively referred to as the service providing apparatus 400.

FIG. 13 is a diagram illustrating a hardware configuration of the authentication identification information management apparatus 600. The authentication identification information management apparatus 600 includes a CPU 601, a ROM 602, a RAM 603, a storage unit 604, a communication unit 605, and a time measuring unit 606.
The communication unit 605 is connected to the communication network 500 and mediates the exchange of information between the authentication identification information management device 600 and the reference information management device 200, the user identification information management device 300, and the service providing device 400.
The timer unit 606 outputs the current date and time.

The storage unit 604 stores an OS, application programs, and the like. The storage unit 604 stores an account number table 610 shown in FIG. 14 and an account number table 620 shown in FIG.
In the account number table 610, the first device identification information, the account number, the authentication identification information, and the status are stored in association with each other for each reference information management device 300. The first device identification information is as described above. The account number is a bank account number of a business operator that operates each reference information management device 300. The authentication identification information is information generated according to a predetermined rule, for example, information indicating the current date and time output from the timer unit 606. The status is information indicating the status of authentication, and details thereof will be described later.
In the account number table 620, the third device identification information and the account number are stored in association with each other for each service providing device 400. The third device identification information is information for uniquely identifying each service providing device 400. The third device identification information is also stored in the cash card 10.

Next, the operation of the biometric authentication system 2 in this embodiment will be described. FIG. 16 is a diagram illustrating the operation of the biometric authentication system 2 in the present embodiment.
The operations of Steps D01 and D02 are the same as Steps A01 and A02 of the first embodiment.

In step D03, the CPU 201 of the reference information management apparatus 200B transmits a message indicating a request for authentication identification information and the first apparatus identification information to the authentication identification information management apparatus 600 via the communication unit 205.
In step D04, the communication unit 605 of the authentication identification information management device 600 receives this message and the first device identification information, and the CPU 601 generates authentication identification information from the date and time output from the time measuring unit 606, and this authentication The identification information is stored in the account number table 610 in association with the first device identification information and the account number. Further, the CPU 601 initializes the status. The initialized status represents unauthenticated, that is, biometric authentication is not completed.
In step D05, the CPU 601 transmits authentication identification information to the reference information management device 200B via the communication unit 605.

In step D06, the communication identification unit 205 of the reference information management apparatus 200B receives the authentication identification information transmitted from the authentication identification information management apparatus 600. Then, CPU201 reads the reference information matched with the reference information identification information from the memory | storage part 204, collates biometric information and reference information, and digitizes both similarity. Then, the CPU 201 compares the similarity with a predetermined threshold value. This threshold value is the same as the threshold value used for collation of biometric information and reference information in the first embodiment.
If the similarity exceeds the threshold value, the CPU 201 generates collation information in the same procedure as in the second embodiment. That is, the CPU 201 obtains the first secret information by calculating a hash value of the reference information, generates authentication identification information (for example, information indicating the current date and time output from the time measuring unit 206), Is used as a common key in the common key cryptosystem, and the hash value of the authentication identification information is encrypted. In the present embodiment, the combination of the ciphertext and authentication identification information obtained in this way is called collation information.
In step D07, the CPU 201 transmits verification information to the terminal device 100 via the communication unit 205.

  In step D08, the communication unit 105 of the terminal device 100 receives the collation information transmitted from the reference information management device 200B. Then, the CPU 101 transmits the collation information, the user identification information, and the encryption key to the user identification information management apparatus 300C corresponding to the second apparatus identification information via the communication unit 105.

  In step D09, the communication unit 305 of the user identification information management device 300C receives the collation information, user identification information, and encryption key transmitted from the terminal device 100. Then, the CPU 301 reads out the second secret information associated with the user identification information from the storage unit 304, and decrypts the second secret information using the encryption key. Then, a hash value of reference information is obtained. This hash value is the same hash value as the first secret information. The CPU 301 decrypts the ciphertext included in the collation information using this hash value as a common key. Then, the hash value of the authentication identification information is obtained. Next, the CPU 301 calculates the hash value of the authentication identification information received from the terminal device 100 using the same hash function that the reference information management device 200B used to calculate the hash value of the authentication identification information in step C05. . Next, the CPU 301 compares the hash value of the authentication identification information with the hash value obtained by decrypting the ciphertext included in the verification information. When the CPU 301 matches the two hash values and the authentication identification information is expected (for example, a value within a predetermined range from the current date and time), the verification information is It determines with authenticity and progresses to step D10. On the other hand, if the two hash values do not match or the authentication identification information is not an expected value, it is determined that the verification information is not authentic, and notifies the terminal device 100 that the verification information is not authentic. Receiving this notification, the terminal device 100 displays a text indicating that the authentication has failed on the display unit 106, and ends the process.

In step D <b> 10, the CPU 301 requests the authentication identification information management apparatus 600 to update the status.
In step D11, the CPU 601 of the authentication identification information management apparatus 600 updates the status to authenticated.
In step D <b> 12, the CPU 601 transmits a status update response to the user identification information management apparatus 300.
In step D <b> 13, the CPU 301 transmits determination information indicating that the verification information is authentic and authentication identification information to the terminal device 100 via the communication unit 305.

  In step D14, the communication unit 105 of the terminal device 100 receives the determination information and authentication identification information transmitted from the user identification information management device 300C. Then, the CPU 101 causes the display unit 106 to display an operation element for inputting the amount of money. When the user X inputs the amount, the process proceeds to step D15, and the CPU 101 transmits the amount information, the user identification information, the determination information, and the authentication identification information representing the input amount via the communication unit 105 to the third device identification. The information is transmitted to the service providing apparatus 400 (for example, the service providing apparatus 400A) corresponding to the information.

In step D16, the communication unit 405 of the service providing apparatus 400A receives the money amount information, user identification information, determination information, and authentication identification information transmitted from the terminal apparatus 100. Then, the CPU 401 determines that the authentication is successful based on this determination information, compares the balance of the account corresponding to the user identification information with the amount information, and if the amount represented by the amount information is less than the balance, step D17 Then, the terminal device 100 is notified together with the user identification information that the withdrawal is permitted.
In step D18, the transport unit 110 of the terminal device 100 transports cash corresponding to the amount represented by the amount information from the safe 109 to the opening, and if the cash is taken out, the process ends.
In step D19, the CPU 401 of the service providing apparatus 400A transmits to the authentication identification information management apparatus 600 a usage notification including the third apparatus identification information and authentication identification information corresponding to the service providing apparatus 400A.
In Step D20, the authentication identification information management apparatus 600 receives the usage notification transmitted from the service providing apparatus 400A, and the CPU 601 specifies the account number corresponding to the authentication identification information from the account number table 610, and from the account number table 620. A process for identifying an account number corresponding to the third device identification information and transferring an amount corresponding to the provided service from an account corresponding to the service providing device 400A to an account corresponding to the reference information management device 200B I do.

(5) Modifications Modifications shown below may be combined with each other.
(5.1) Modification 1
In the first embodiment, when the verification information is encrypted and decrypted, the common key in the common key cryptosystem is used, but a public key cryptosystem may be used. That is, the first secret information is a public key or a secret key in the public key cryptosystem, and the second secret information is a secret key or a public key that is paired with the first secret information in the public key cryptosystem. The reference information management device 200 encrypts the verification information using the first secret information, and the user identification information management device 300 decrypts the verification information using the second secret information, and then Judgment of authenticity.
However, it is not necessary to actually publish the public key. In short, the only encryption key that can decrypt the verification information encrypted using the first secret information may be the second secret information.

(5.2) Modification 2
In the first embodiment, the example in which the first device identification information and the second device identification information are stored in the cash card 10 has been described. However, the first device identification information and the second device identification information are stored in the cash card. The first device identification information and the second device identification information may be manually input to the terminal device 100 without being stored in the terminal 10. In this case, even if the cash card 10 is stolen, the first device identification information and the second device identification information are not leaked. Therefore, which device has the reference information and the user identification information of the user of the cash card 10 It is not possible to specify what is stored in

(5.3) Modification 3
The first secret information and the second secret information may not be the hash value of the reference information. For example, the first secret information and the second secret information are determined so that the sum of the first secret information and the second secret information becomes a specific value z. Are stored in the reference information management device 200 and the user identification information management device 300, respectively, and the reference information management device 200 transmits the first secret information itself to the terminal device 100 as verification information. The user identification information management device 300 that has received the verification information via the ID obtains the sum of the verification information and the second secret information, and if this sum is equal to z, it is determined that the reference information is authentic. It may be. In short, the second secret information may be any information as long as it is information essential for determining the authenticity of information generated using the first secret information.
In this case, either the first secret information or the second secret information may be encrypted and stored in the reference information management device 200 and the user identification information management device 300, respectively. In this case, an encryption key corresponding to the encrypted secret information is stored in the cash card 10.
Further, both the first secret information and the second secret information may be stored in the reference information management device 200 and the user identification information management device 300 without being encrypted. In this case, no encryption key is required.
Further, the reference information management device 200 may transmit the verification information to the terminal device 100 without encrypting the verification information.

(5.4) Modification 4
In the second and third embodiments, the service providing apparatus 400 may determine whether the determination information is true or false. For example, the user identification information management apparatus 300 generates a ciphertext of the hash value of the authentication identification information, and transmits determination information including the ciphertext and the authentication identification information to the service providing apparatus 400 via the terminal apparatus 100. To do. The service providing apparatus 400 determines the authenticity of the determination information by comparing the hash value of the authentication identification information with the hash value obtained by decrypting the ciphertext, and if the determination information is authentic, The service requested from the apparatus 100 is provided.

(5.5) Modification 5
The biometric authentication system 1 may have only one reference information management device 200. In this case, the first device identification information is not necessary.
The biometric authentication system 1 may have only one user identification information management device 300. In this case, the second device identification information is not necessary.
The biometric authentication system 1 may include only one reference information management device 200 and only one user identification information management device 300. In this case, the first device identification information and the second device identification information are unnecessary.

(5.6) Modification 6
In each embodiment, although the example of the biometric authentication in the automatic teller machine of a bank was shown, you may apply this invention to another information processing system. For example, a home personal computer is used as the terminal device 100, a WWW (World Wide Web) server is used as the service providing device 400, and a TCP / IP (Transmission Control Protocol / Internet Protocol) is used as the communication protocol of the communication network 500. The present invention may be applied to a system that performs commercial transactions with the service providing apparatus 400 or a system that exchanges confidential documents.
Moreover, in each embodiment, although the example of the authentication using a fingerprint was shown, you may use the authentication by other biometric information. For example, authentication using an eyeball iris, a palm vein, or the like may be used. In addition, authentication based on human motion characteristics such as handwriting may be used.
In addition, the present invention may be applied to authentication of organisms other than humans. For example, the present invention may be applied to a system in which authentication is performed using a cow's nose print and the terminal device 100 searches for the cow's genetic information stored in the service providing apparatus 400.

(5.7) Modification 7
When the authentication identification information management apparatus 600 periodically inspects the operation state of the reference information management apparatus 200, stores the inspection result, and receives a request for authentication identification information from the reference information management apparatus 200, the reference information management The authentication identification information may be transmitted only when the inspection result of the apparatus 200 is good. In the inspection of the operating state, for example, reference information for inspection is registered in the reference information management apparatus 200, and two types of biological information are transmitted to the reference information management apparatus 200. One of the two types of biometric information is biometric information created so that the similarity exceeds the threshold when collated with the reference information, and the other is created so that the similarity does not exceed the threshold. Biometric information.

(5.8) Modification 8
In the third embodiment, the user identification information management device 300 generates the authentication identification information. However, another device trusted by the user identification information management device 300 may generate the authentication identification information.

(5.9) Modification 9
In each embodiment, an example is shown in which the CPU of each device executes a process related to biometric authentication by executing a program, but a similar function may be implemented in an electronic circuit.

(5.10) Modification 10
In the second, third, and fourth embodiments, verification information including authentication identification information and a ciphertext of a hash value of the authentication identification information is shown as an example of the verification information generated by the reference information management device 200. The verification information may be configured as follows. For example, the verification information may be a combination of a hash value of the authentication identification information and a ciphertext obtained by encrypting the authentication identification information with arbitrary information added thereto using the first secret information, or the authentication identification information May be composed only of a ciphertext encrypted with the first secret information. In short, the verification information may be generated based on the authentication identification information generated according to a predetermined rule and the first secret information.

DESCRIPTION OF SYMBOLS 1, 2 ... Biometric authentication system, 100 ... Terminal device, 101 ... CPU, 102 ... ROM, 103 ... RAM, 104 ... Memory | storage part, 105 ... Communication part, 106 ... Display part, 107 ... Fingerprint reading part, 108 ... Card reading 109, safe, 110, transport unit, 10 ... cash card, 200A, 200B, 200C ... reference information management device, 201 ... CPU, 202 ... ROM, 203 ... RAM, 204 ... storage unit, 205 ... communication unit, 206 ... Timekeeping unit, 210 ... Reference information table, 300A, 300B, 300C ... User identification information management device, 301 ... CPU, 302 ... ROM, 303 ... RAM, 304 ... Storage unit, 305 ... Communication unit, 306 ... Timer unit, 310 ... User identification information table, 400, 400A, 400B, 400C ... Service providing device, 401 ... CPU, 402 ROM, 403 ... RAM, 404 ... storage unit, 405 ... communication unit, 500 ... communication network, 600 ... authentication identification information management device, 601 ... CPU, 602 ... ROM, 603 ... RAM, 604 ... storage unit, 605 ... communication unit 606: Timekeeping unit 610: Account number table 620: Account number table

Claims (15)

A terminal device having input means and communication means;
Storage means for storing reference information representing individual biological features and reference information identification information for uniquely identifying the reference information, storage means for acquiring first secret information, and communication means A reference information management device comprising:
Storage means for storing user identification information for uniquely identifying a user and second secret information for determining authenticity of information generated using the first secret information in association with each other And a user identification information management device having communication means,
The terminal device
If biometric information representing individual biometric features, the reference information identification information, and the user identification information are input by the input unit, the biometric information and the reference information identification information are input by the communication unit. Sent to the reference information management device,
The reference information management device includes:
If the communication means receives the biological information and the reference information identification information transmitted from the terminal device, the reference information associated with the reference information identification information is read from the storage means, and the biological information and the reference Collation means for collating information;
When it is determined that the biometric information matches the reference information as a result of collation by the collating means, the first secret information acquired by the acquiring means is used to indicate that the biometric information is authentic. Generating collation information, and collation information transmitting means for transmitting the collation information to the terminal device by the communication means,
The terminal device
If the collation information transmitted from the reference information management device is received by the communication unit, the collation information and the user identification information input by the input unit are transmitted by the communication unit to the user identification information management device. To
The user identification information management device includes:
If the communication means receives the collation information and user identification information transmitted from the terminal device, the second secret information associated with the user identification information is read from the storage means, and the second The authentication information is used to determine whether the verification information is authentic, and when the verification information is determined to be authentic, the communication device transmits determination information indicating that the verification information is authentic. Determination information transmission means for transmitting to
The terminal device
A biometric authentication system comprising: an execution unit that executes a predetermined process when the communication unit receives the determination information transmitted from the user identification information management device. A plurality of the reference information management devices in which the storage contents of the storage means do not overlap each other;
If the terminal device inputs the first device identification information for uniquely identifying the reference information management device by the input means, the terminal device identifies the biological information and the reference information identification information. It transmits to the reference information management apparatus corresponding to information. The biometric authentication system of Claim 1 characterized by the above-mentioned. A plurality of the user identification information management devices that do not overlap the storage contents of the storage means,
When the terminal device has input the second device identification information for uniquely identifying the user identification information management device by the input means, the terminal device receives the verification information and the user identification information. It transmits to the user identification information management apparatus corresponding to apparatus identification information. The biometric authentication system of Claim 1 or 2 characterized by the above-mentioned. The first secret information is encrypted with a first encryption key, stored in the storage means in association with the reference information,
The terminal device inputs the first encryption key by the input means, transmits the first encryption key to the reference information management device by the communication means together with the biological information and the reference information identification information,
The collation information transmitting unit decrypts the first secret information read from the storage unit by the acquiring unit using the first encryption key received from the terminal device, and the decrypted first secret information is obtained. The biometric authentication system according to claim 1, wherein the verification information is generated by using the biometric authentication system. The second secret information is encrypted with a second encryption key;
The terminal device inputs the second encryption key by the input unit, and transmits the second encryption key to the reference information management device by the communication unit together with the biological information and the reference information identification information,
The determination information transmitting unit decrypts the second secret information read from the storage unit using the second encryption key received from the terminal device, and uses the decrypted second secret information to perform the verification The biometric authentication system according to any one of claims 1 to 3, wherein authenticity of information is determined. The first secret information and the second secret information are hash values of the reference information,
The biometric authentication system according to any one of claims 1, 2, 3, and 5, wherein the acquisition unit acquires the first secret information by calculating a hash value of the reference information. The first secret information and the second secret information are a common key in a common key cryptosystem,
The verification information transmitting means encrypts the verification information using the first secret information,
The living body according to any one of claims 1 to 6, wherein the determination information transmission means determines the authenticity of the verification information after decrypting the verification information using the second secret information. Authentication system. The first secret information is a public key or a secret key in a public key cryptosystem,
The second secret information is a secret key or a public key that is paired with the first secret information in a public key cryptosystem.
The verification information transmitting means encrypts the verification information using the first secret information,
The living body according to any one of claims 1 to 5, wherein the determination information transmitting means determines the authenticity of the verification information after decrypting the verification information using the second secret information. Authentication system. The verification information transmitting means generates the verification information based on authentication identification information generated according to a predetermined rule and the first secret information,
The determination information transmitting means determines whether the verification information transmitted from the terminal device is authentic and whether the verification information is reused using second secret information, and The biometric authentication system according to any one of claims 1 to 5, wherein the determination information is transmitted to the terminal device when the information is authentic and the verification information is not reused. . The terminal device
If biometric information representing individual biometric features, the reference information identification information, and the user identification information are input by the input means, the user identification information management apparatus is requested to transmit authentication identification information. ,
The user identification information management device generates the authentication identification information according to a predetermined rule, stores the authentication identification information in the storage unit and transmits the information to the terminal device,
When the terminal device receives the authentication identification information transmitted from the user identification information management device, the terminal device transmits the authentication identification information, the biological information, and the reference information identification information to the reference information management device,
The biological information according to claim 1, wherein the verification information transmission unit generates the verification information based on authentication identification information received from the terminal device and the first secret information. Authentication system. A plurality of the reference information management devices in which the storage contents of the storage means do not overlap each other;
An authentication identification information management device comprising: storage means for storing first device identification information for uniquely identifying the reference information management device; and an account number; storage means; and communication means;
A service providing device that provides a service in response to a request from the terminal device;
The reference information management device requests the authentication identification information management device to transmit authentication identification information if the communication means receives the biological information and reference information identification information transmitted from the terminal device,
The authentication identification information management device generates the authentication identification information according to a predetermined rule, stores the authentication identification information in the storage unit in association with the first device identification information, and stores the authentication identification information. Sent to the reference information management device,
The verification information transmission means generates the verification information based on the authentication identification information received from the authentication identification information management device and the first secret information,
The determination information transmission means determines whether the verification information transmitted from the terminal device is true and false, and whether the verification information is reused, using the second secret information,
If the service providing device receives the determination information transmitted from the determination information transmitting means via the terminal device, the service providing device transmits a use notification to the authentication identification information management device,
The authentication identification information management device, when receiving the usage notification from the service providing device, executes a process for depositing into an account corresponding to the authentication identification information stored in the storage means. The biometric authentication system according to any one of claims 1 to 5. Storage means for storing reference information representing individual biological features and reference information identification information for uniquely identifying the reference information in association with each other;
Obtaining means for obtaining first secret information;
Communication means;
If the communication means receives the biological information and the reference information identification information transmitted from the terminal device, the reference information associated with the reference information identification information is read from the storage means, and the biological information and the reference information A matching means for matching
When it is determined that the biometric information matches the reference information as a result of collation by the collating means, the first secret information acquired by the acquiring means is used to indicate that the biometric information is authentic. An information processing apparatus comprising: collation information transmitting means for generating collation information and transmitting the collation information to the terminal device by the communication means. Storage means for storing user identification information for uniquely identifying a user and second secret information for determining authenticity of information generated using the first secret information in association with each other; ,
Communication means;
If the communication means receives the collation information generated using the first secret information and the user identification information transmitted from the terminal device, the second associated with the user identification information The secret information is read from the storage means, the authenticity of the verification information is determined using the second secret information, and the verification information is authentic when it is determined that the verification information is authentic An information processing apparatus comprising: determination information transmission means for transmitting determination information representing the information to the terminal device by the communication means. Computer
Storage means for storing reference information representing individual biological features and reference information identification information for uniquely identifying the reference information in association with each other;
Obtaining means for obtaining first secret information;
Communication means;
If the communication means receives the biological information and the reference information identification information transmitted from the terminal device, the reference information associated with the reference information identification information is read from the storage means, and the biological information and the reference information A matching means for matching
When it is determined that the biometric information matches the reference information as a result of collation by the collating means, the first secret information acquired by the acquiring means is used to indicate that the biometric information is authentic. A program for generating collation information and causing the collation information to be transmitted to the terminal device by the communication unit. Computer
Storage means for storing user identification information for uniquely identifying a user and second secret information for determining authenticity of information generated using the first secret information in association with each other; ,
Communication means;
If the communication means receives the collation information generated using the first secret information and the user identification information transmitted from the terminal device, the second associated with the user identification information The secret information is read from the storage means, the authenticity of the verification information is determined using the second secret information, and the verification information is authentic when it is determined that the verification information is authentic A program for causing the communication device to function as determination information transmission means for transmitting to the terminal device by the communication means.

Images