JP2019208133A - Biometric authentication system and biometric authentication method - Google Patents

Abstract

To realize high-speed 1:N biometric authentication where impersonation is difficult.SOLUTION: A biometric authentication system determines a first template that is different from the second registration feature quantity from the first registration feature quantity on the basis of a first matching method, and determines a second template from the second registration feature quantity based on a second matching scheme, holds the first template and the second template in association with each other, search for the first template on the basis of the first matching method, identifies the first template corresponding to the search data, identifies the second template corresponding to the identified first template, generates an authentication token from the second authentication feature quantity on the basis of the second matching method, and determines the success or failure of the authentication of a person to be authenticated on the basis of the second matching method, the identified second template, and the authentication token, and a first template matching process is faster than a process obtained by combining the generation of the authentication token and the determination of the success or failure of the authentication.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a biometric authentication system and a biometric authentication method.

  In recent years, biometric authentication for identifying individuals based on biometric information such as fingerprints, veins, and faces has been spreading. In biometric authentication, a registration terminal acquires biometric information at the time of registration, generates data (hereinafter referred to as a template) to be used for authentication based on a registration feature amount extracted from the biometric information, and stores it in a server or the like. . Further, at the time of authentication, the authentication terminal acquires the biometric information, and the server performs an authentication process using the authentication feature amount extracted from the biometric information and the stored template.

  As a method of preventing impersonation of the system in biometric authentication, for example, there is a method of generating a template by encrypting a registration feature amount at the time of registration and decrypting and collating at the time of authentication. In addition, a method called cancelable biometrics is known in which encryption and collation are performed using the same random number (cancellable parameter) at the time of registration and authentication. However, in these methods, information such as a secret key for decryption and parameters in cancelable biometrics is stored in an authentication terminal, a server, etc., and if the template and the information leak at the same time, registered biometric information Can be restored, and impersonation using the restored biological information becomes possible.

  Therefore, as an authentication method that makes it difficult to impersonate using data required for authentication such as templates, secret keys, and parameters, past authentication messages, and signatures, biometric signature methods such as fuzzy signature In addition, there is a biometric encryption method such as fuzzy extractor described in Non-Patent Document 1.

  An example of biometric authentication is 1: N authentication. In the 1: N authentication, at the time of authentication, an ID for identifying an individual is not accepted but an input of biometric information is accepted, and a registered user who is trying to authenticate is identified from the input biometric information.

Y. Dodis, et al., “Fuzzy extractors: How to generate strong keys,” In Eurocrypt 2004, Vol. 3027 of LNCS, pp. 523-540, 2004.

  Biometric encryption methods such as fuzzy signature and biometric encryption methods such as fuzzy extractor require more processing time than the verification in normal biometric authentication, so if there are many registered users, all N registered users Simple 1: N authentication that matches a template cannot be performed in a practical time. Accordingly, an object of the present invention is to realize high-speed 1: N biometric authentication that is difficult to impersonate.

  In order to solve the above problems, one embodiment of the present invention employs the following configuration. The biometric authentication system includes a registration terminal, an authentication terminal, and a server, and the registration terminal extracts a first registration feature amount and a second registration feature amount from biometric information of a registration target person, and the authentication terminal includes: A first authentication feature quantity and a second authentication feature quantity are extracted from the biometric information of the person to be authenticated, and the registration terminal uses the first registration feature quantity to calculate the second registration based on a first verification method. A first template different from the feature quantity for use is determined, a second template is determined from the second registration feature quantity based on a second matching method, and the first template and the second template are stored in the server. And the server holds the first template and the second template in association with each other, and the authentication terminal obtains the search data from the first authentication feature quantity based on the first verification method. Determine and search The data is transmitted to the server, and the server searches the first template held by the server based on the first collation method, specifies the first template corresponding to the search data, and specifies the specification A second template corresponding to the first template is generated, the authentication terminal generates an authentication token from the second authentication feature amount based on the second verification method, and the server is configured to generate the second verification Based on the method, the identified second template, and the authentication token, a process for executing the authentication success / failure determination of the person to be authenticated and combining the generation of the authentication token and the authentication success / failure In comparison, the template matching process in the search for the first template is faster.

  According to one embodiment of the present invention, spoofing is difficult and high-speed 1: N biometric authentication can be realized.

  Problems, configurations, and effects other than those described above will be clarified by the following description of embodiments.

It is a block diagram which shows the structural example of the biometrics authentication system in Example 1. FIG. 3 is a block diagram illustrating a hardware configuration example of a computer that configures each of a registration terminal, an authentication terminal, and a server in Embodiment 1. FIG. 6 is a sequence diagram illustrating an example of a registration process and an authentication process in Embodiment 1. FIG. It is a block diagram which shows the structural example of the biometrics authentication system in Example 2. FIG. 10 is a sequence diagram illustrating an example of a registration process and an authentication process in Embodiment 2. FIG. FIG. 10 is a sequence diagram illustrating an example of a registration process and an authentication process in the third embodiment. FIG. 10 is a sequence diagram illustrating an example of a registration process and an authentication process in the fourth embodiment. It is a block diagram which shows the structural example of the biometrics authentication system in Example 5. FIG. FIG. 10 is a sequence diagram illustrating an example of a registration process and an authentication process in the fifth embodiment.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the present embodiment, the same components are denoted by the same reference symbols in principle, and repeated description is omitted. It should be noted that this embodiment is merely an example for realizing the present invention and does not limit the technical scope of the present invention.

  In the first embodiment, a biometric authentication system will be described. FIG. 1 is a block diagram illustrating a configuration example of a biometric authentication system. The biometric authentication system includes, for example, a registration terminal 100, an authentication terminal 200, and a server 300 that are connected to each other via a network 401.

  The registration terminal 100 is a computer that generates a template based on biometric information for user registration. The authentication terminal 200 is a computer that performs an authentication process based on a user authentication feature. The server 300 is a computer that stores a template at the time of registration and performs a template search process at the time of authentication.

  The registration terminal 100 may be a computer such as a PC (Personal Computer) installed in a user's home or the like, or a PC used by a plurality or an unspecified number of users installed in an office, a university, or the like. Etc. may be used. Further, the registration terminal 100 and the authentication terminal 200 may be integrated, that is, configured as one terminal.

  The registration terminal 100 includes, for example, a first biological information acquisition unit 101, a second biological information acquisition unit 102, a first feature extraction unit 103, a second feature extraction unit 104, a first template generation unit 105, and a second template generation unit 106. And a communication unit 107. The first biometric information acquisition unit 101 acquires biometric information for first registration. The second biometric information acquisition unit 102 acquires second biometric information for registration.

  The first feature extraction unit 103 extracts a first registration feature amount from the first registration biometric information acquired by the first biometric information acquisition unit 101. The second feature extraction unit 104 extracts a second registration feature amount from the second registration biometric information acquired by the second biometric information acquisition unit 102. The first template generation unit 105 generates a first template from the first registration feature amount extracted by the first feature extraction unit 103. The second template generation unit 106 generates a second template from the second registration feature amount extracted by the second feature extraction unit 104. The communication unit 107 communicates with other devices.

  The authentication terminal 200 includes, for example, a first biometric information acquisition unit 201, a second biometric information acquisition unit 202, a first feature extraction unit 203, a second feature extraction unit 204, a search data generation unit 205, an authentication token generation unit 207, And a communication unit 208. The first biometric information acquisition unit 201 acquires biometric information for first authentication. The second biometric information acquisition unit 202 acquires second biometric information for authentication.

  The first feature extraction unit 203 extracts a first authentication feature amount from the first authentication biometric information acquired by the first biometric information acquisition unit 201. The second feature extraction unit 204 extracts a second authentication feature amount from the second authentication biometric information acquired by the second biometric information acquisition unit 202. Note that the first registration feature quantity and the first authentication feature quantity are collectively referred to as a first feature quantity, and the second registration feature quantity and the second authentication feature quantity are collectively referred to as a second feature quantity. Call.

  The search data generation unit 205 generates search data from the first authentication feature amount extracted by the first feature extraction unit 203. The authentication token generation unit 207 generates an authentication token based on the second feature amount extracted by the second feature extraction unit 204 and the second template and message received from the server 300. The communication unit 208 communicates with other devices.

  The server 300 includes a storage unit 301, a template DB (Database) 302, a template search unit 303, a message generation unit 304, a verification unit 305, and a communication unit 306. The storage unit 301 performs processing for associating the first template and the second template transmitted from the registration terminal 100 and storing them in the template DB 302. The template DB 302 holds the first template and the second template.

  The template search unit 303 searches the template DB 302 using the search data received from the authentication terminal 200 as a key, and specifies the second template corresponding to the first template. The message generator 304 generates a message. The verification unit 305 performs verification based on the message, the second template, and the authentication token transmitted from the authentication terminal 200. The communication unit 306 communicates with other devices.

  FIG. 2 is a block diagram illustrating a hardware configuration example of a computer configuring each of the registration terminal 100, the authentication terminal 200, and the server 300 in the present embodiment. The computer includes, for example, a CPU 1001, a memory 1002, an auxiliary storage device 1003, an input device 1004, an output device 1005, and a communication device 1006.

  Note that the registration terminal 100 and the authentication terminal 200 are connected to a sensor (for example, a fingerprint sensor, a vein sensor, a camera, and a microphone) for acquiring the first biological information and the second biological information, or a device including the sensor. It may also include a sensor.

  The CPU 1001 includes a processor and executes a program stored in the memory 1002. The memory 1002 includes a ROM that is a nonvolatile storage element and a RAM that is a volatile storage element. The ROM stores an immutable program (for example, BIOS). The RAM is a high-speed and volatile storage element such as a DRAM (Dynamic Random Access Memory), and temporarily stores a program executed by the CPU 1001 and data used when the program is executed.

  The auxiliary storage device 1003 is a large-capacity and non-volatile storage device such as an HDD (Hard Disk Drive) and an SSD (Solid State Drive), and stores a program executed by the processor and data used when the program is executed. To do. That is, the program is read from the auxiliary storage device 1003, loaded into the memory 1002, and executed by the processor.

  The computer has an input interface and an output interface. The input interface is an interface to which an input device 1004 such as a keyboard, a mouse, a camera, and a scanner is connected and receives an input from an operator. The output interface is an interface that is connected to an output device 1005 such as a display device or a printer, and outputs the execution result of the program in a form that can be visually recognized by the operator.

  The communication device 1006 is a network interface device that controls communication with other devices according to a predetermined protocol, and is used for communication by a communication unit. The communication device 1006 includes a serial interface such as USB.

  A program executed by the CPU 1001 is provided to a computer via a removable medium (CD-ROM, flash memory, etc.) or a network, and stored in a nonvolatile auxiliary storage device 1003 that is a non-temporary storage medium. For this reason, the computer may have an interface for reading data from a removable medium.

  Each of the registration terminal 100, the authentication terminal 200, and the server 300 is a computer system that is configured on one computer physically or on a plurality of computers that are logically or physically configured. It may operate on a separate thread on the computer, or may operate on a virtual computer constructed on a plurality of physical computer resources.

  The CPU 1001 of the registration terminal 100 includes, for example, a first biological information acquisition unit 101, a second biological information acquisition unit 102, a first feature extraction unit 103, a second feature extraction unit 104, a first template generation unit 105, and a second template generation. Unit 106, second template generation unit 106, and communication unit 107. The CPU 1001 of the authentication terminal 200 includes a first biometric information acquisition unit 201, a second biometric information acquisition unit 202, a first feature extraction unit 203, a second feature extraction unit 204, a search data generation unit 205, an authentication token generation unit 207, And a communication unit 208. The CPU 1001 of the server 300 includes a storage unit 301, a template search unit 303, a message generation unit 304, a verification unit 305, and a communication unit 306. The auxiliary storage device 1003 of the server 300 holds a template DB 302.

  For example, the CPU 1001 of the registration terminal 100 operates as the first biometric information acquisition unit 101 by operating according to the first biometric information acquisition program loaded in the memory 1002 of the registration terminal 100 and loads it into the memory 1002 of the registration terminal 100. By operating according to the second biometric information acquisition program, it functions as the second biometric information acquisition unit 102. The same applies to other units included in the CPU 1001 of the registration terminal 100 and each unit included in the CPU 1001 of another computer included in the biometric authentication system.

  In the present embodiment, the information used by the biometric authentication system may be expressed in any data structure without depending on the data structure. For example, a data structure appropriately selected from a table, list, database or queue can store the information.

  FIG. 3 is a sequence diagram illustrating an example of a registration process and an authentication process. First, an outline of processing by the authentication system will be described. The process by the biometric authentication system includes a registration process (S1000) and an authentication process (S2000).

  In the registration process, the registration terminal 100 acquires the user's biometric information and generates a template from the acquired biometric information. The server 300 stores the template in the template DB 302. In the authentication process, the authentication terminal 200 acquires biometric information of a person who attempts authentication (also referred to as an authenticator), and the server 300 specifies the authenticator from the registered users.

  First, processing included in the registration processing in step S1000 will be described. In step S1101, the first biometric information acquisition unit 101 acquires biometric information for first registration. The first registration biometric information includes arbitrary biometric information that can identify an individual, such as a fingerprint, finger vein, iris, face, or voiceprint.

  In step S1102, the first feature extraction unit 103 extracts the first registration feature amount from the first registration biometric information. For example, when the first registration biometric information is a fingerprint, the first registration feature amount is the frequency information of the fingerprint, the position of the feature point, or the like.

  In step S1103, the first template generation unit 105 generates a first template from the first registration feature amount. Specifically, for example, the first template generation unit 105 generates random numbers (cancellable parameters) in arbitrary cancelable biometrics such as correlation invariant random filtering, and conceals biometric information using the generated random numbers. The first template is generated by applying the conversion (cancellable conversion for registration) to the first registration feature amount. An example of conversion performed by the first template generation unit 105 and details of the effect of the conversion will be described later.

  In step S1104, the second biometric information acquisition unit 102 acquires second biometric information for registration. As a set of biometric information for first registration and biometric information for second registration, for example, a set of different types of biometric information such as (face, fingerprint) and (iris, finger vein) can be selected. Also, for example, when the finger vein of the right index finger is the first biometric information for registration and the finger vein of the middle finger of the right hand is the second biometric information for registration, biometric information of different parts of the same type is used. Also good.

  The first registration biometric information and the second registration biometric information may be biometric information that can be acquired from one device. Specifically, for example, fingerprints and finger veins are biological information that can be simultaneously acquired by one device. The same biometric information may be used as the first biometric information for registration and the second biometric information for registration.

  In step S1105, the second feature extraction unit 104 extracts a second registration feature amount from the second registration biometric information. As will be described later, it is desirable that the second registration feature quantity has a low correlation with the first registration feature quantity. This has the effect of improving the safety against impersonation. Further, the second registration feature quantity needs to be at least different from the first template, and it is desirable that the correlation is particularly low. Thereby, even if the first template is leaked, it is difficult to estimate the second registration feature amount from the first template.

  In step S1106, the second template generation unit 106 generates a second template from the second registration feature amount. In step S <b> 1106, the second template generation unit 106 performs template generation processing in an arbitrary biometric encryption method such as a fuzzy extractor or a fuzzy commitment.

  In the template generation process, the second template generation unit 106 first performs a concealment process based on the second registration feature amount and the secret key, and generates auxiliary information (auxiliary data). Further, the second template generation unit 106 generates data called a pseudo identifier for verifying the secret key and signature. For example, the public key corresponding to the secret key and the hash value of the secret key are examples of pseudo identifiers. In this case, the second template generation unit 106 determines, for example, a set of auxiliary information and pseudo identifier as the second template.

  As another example of the processing in step S1106, the second template generation unit 106 may generate the second template by performing some irreversible conversion on the second registration feature amount. Examples of irreversible transformation include using a hash function and realizing irreversibility by deleting part of information. Subsequently, in step S <b> 1107, the communication unit 107 transmits the first template and the second template to the server 300.

  In step S1301, the storage unit 301 stores the first template and the second template in association with each other in the template DB 302. For example, the storage unit 301 may issue an ID that uniquely identifies a registered user, and associate the first template with the second template using the ID. A plurality of template DBs 302 may exist. In this case, one server 300 may hold a plurality of template DBs 302, or a plurality of template DBs 302 may be held in a distributed manner by a plurality of servers 300 included in the biometric authentication system.

  When there are a plurality of template DBs 302, for example, the first template and the second template may be stored in different template DBs 302. Further, the internal data may be divided and stored in a plurality of template DBs 302 for at least one of the first template and the second template. Specifically, for example, when the second template is generated by template generation processing in biometric encryption, the auxiliary information and the pseudo identifier may be stored in different template DBs 302.

  Next, processing included in the authentication processing in step S2000 will be described. In step S2201, the first biometric information acquisition unit 201 acquires first biometric information for authentication. The first authentication biometric information is the same part and the same type of biometric information as the first registration biometric information. For example, when the first registration biometric information is the finger vein of the right index finger, the first authentication biometric information is also the finger vein of the right index finger.

  In step S2202, the first feature extraction unit 203 extracts a first authentication feature amount from the first authentication biometric information. The process performed by the first feature extraction unit 203 is the same as the process performed by the first feature extraction unit 103 in step S1102, for example.

  Note that part of the processing contents may be different between the first feature extraction processing by the first feature extraction unit 203 and the first feature amount extraction processing by the first feature extraction unit 103. Specifically, for example, the first feature extraction unit 203 converts the first authentication biometric information into a size different from the first registration biometric information, and then converts the first authentication biometric information from the first authentication biometric information. May be extracted. In addition, for example, at least one of the first registration biometric information acquisition and the first authentication biometric information acquisition, biometric information of the same type and the same part is acquired a plurality of times, and the first is based on the acquired plurality of biometric information. A feature amount may be extracted (for example, an average of the plurality of pieces of biological information is set as a first feature amount).

  In step S2203, the search data generation unit 205 generates search data based on the first authentication feature amount. The search data generation method in step S2203 depends on the algorithm in which the first template is generated in step S1103. Specifically, the first template generation process, the search data generation process, and the template search process described later are performed under the same matching method (for example, cancelable biometrics).

  For example, when the first template is generated by the registration cancelable conversion, the search data generation unit 205 uses the same cancelable parameters as those used during the registration process for biometric information for the first authentication feature amount. Search data is generated by performing concealment conversion (authentication cancelable conversion). In order to perform this process, it is assumed that the registration terminal 100 and the authentication terminal 200 share the cancelable parameter by, for example, transmitting a cancelable parameter to the authentication terminal 200 in advance.

  In step S <b> 2204, the communication unit 208 transmits search data to the server 300. In step S2205, the second biometric information acquisition unit 202 acquires second biometric information for authentication. The second authentication biometric information is the same part and the same type of biometric information as the second registration biometric information.

  In step S2206, the second feature extraction unit 204 extracts a second authentication feature amount from the second authentication biometric information. As in the case of the extraction of the first feature amount, the contents of the second feature amount extraction process by the second feature extraction unit 104 and the second feature extraction unit second feature amount extraction process by the second feature extraction unit 204 May be the same or partially different.

  In step S2301, the template search unit 303 searches for the first template included in the template DB 302 using the search data received from the authentication terminal 200 as a key, and specifies the second template corresponding to the first template. For example, the first template generation unit 105 generates a first template by registration cancelable conversion, and the search data generation unit 205 performs search by performing authentication cancelable conversion on the first authentication feature amount. When the business data is generated, an example of the process performed in step S2301 is as follows.

  First, the template search unit 303 performs cancelable collation with the search data received from the authentication terminal 200 for each first template stored in the template DB 302, and calculates a similarity score. For example, the template search unit 303 identifies the second template corresponding to the first template having a similarity score exceeding a predetermined threshold.

  However, when there are a plurality of first templates having a similarity score exceeding the threshold, the first template is specified by, for example, one of the following methods. The template search unit 303 specifies the second template corresponding to the first template that has the maximum similarity score among the plurality of first templates. Moreover, the template search part 303 may specify the 2nd template corresponding to the 1st template in which the similarity score exceeded the threshold value initially in calculating a similarity score sequentially. Further, the template search unit 303 may specify all the second templates corresponding to the plurality of first templates.

  Note that the template matching process in the template search process in step S2301 combines an authentication token generation process, which will be described later, and an authentication token verification process (that is, a process for verifying whether the specified second template belongs to the authenticator). It is desirable to be fast compared to processing. When cancelable collation is performed in the template search process, for example, a collation algorithm based on a fast Fourier transform, a distance index method, or the like is used, so that high-speed collation can be realized.

  In step S2302, the message generation unit 304 generates a message. When the biometric authentication system is a system for authentication only, for example, random numbers, time information, or one-time information such as a counter can be used. The one-time information is information that takes a different value depending on the timing of generation (for example, every fixed period). It is desirable that the generated message does not overlap with messages generated in the past. Therefore, for example, when a random number is used as a message, it is desirable that the random number be generated by an algorithm having a collision probability equal to or less than a predetermined value.

  Further, part or all of the message may be specific information such as transaction information or an electronic document, or may be processing information such as a hash value of the specific information. Further, part or all of the message may be information generated by combining the specific information and the processing information. Since it is desirable that even a message including the specific information does not overlap with a past message, for example, when the specific information is transaction information, the transaction information preferably includes time information.

  When specific information is included in the message, in addition to the authentication of the person who generated the message (that is, the user of the authentication terminal 200) in the verification step in step S2304, which will be described later, the message has not been tampered with. It can be confirmed that the specific information included in the message has not been tampered with.

  In step S2303, the communication unit 306 transmits the one or more second templates and messages specified in step S2301 to the authentication terminal 200. In step S <b> 2207, the authentication token generating unit 207 generates an authentication token based on the second authentication feature amount and the second template and message received from the server 300. Note that the authentication token generation method in step S2207 depends on the algorithm in which the second template is generated in step S1106. Specifically, the second template generation process, the authentication token generation process, and an authentication token verification process (authentication process) described later are performed under the same verification method (for example, biometric encryption).

  For example, when the second template is generated by the template generation process in the biometric encryption in step S1106, for example, the following process is performed in step S2207. First, the authentication token generating unit 307 performs a restoration process for restoring the secret key from the second authentication feature quantity and the second template. When receiving a plurality of second templates from the server 300, for example, the authentication token generating unit 307 performs a restoration process on each of the plurality of second templates, and receives one or a plurality of secret keys successfully restored. Used for subsequent processing.

  Note that the authentication token generation unit 307 performs processing for determining whether or not the secret key extracted using the pseudo-identifier in the second template is correct, and uses the secret key determined to be correct for subsequent processing. Good.

  Next, the authentication token generation unit 307 generates an authentication token based on the restored secret key and the message transmitted from the server 300. An electronic signature generated by using a secret key for a message, a MAC (Message Authentication Code), and the like are examples of an authentication token. In the case of using an electronic signature, any signature algorithm such as RSA, DSA, Schnorr signature, etc. can be used. When MAC is used, any MAC algorithm such as HMAC or CMAC can be used.

  The restoration process in the biometric encryption method requires processing time compared with the verification process in the normal authentication. However, by narrowing down the second template candidates in step S2301, the number of restoration processes performed in step S2207 is reduced, and the authentication process is performed. Time can be shortened.

  Further, the authentication token generation unit 307 may generate, as an authentication token, data obtained from a secret key such as a hash value of the restored secret key without using the message received from the server 300. As in this example, when the authentication token generation unit 307 generates an authentication token without using the message received from the server 300, the message generation processing in step S2302 may not be performed. If a second template for performing irreversible conversion on the second registration feature amount is obtained in step S1106, the authentication token generating unit 307 performs, for example, the same irreversible conversion as step S1106 in the second authentication in step S2207. An authentication token is generated by performing the processing on the feature amount.

  In step S2209, the communication unit 208 transmits the generated authentication token to the server 300. In step S2304, when the verification unit 305 performs verification based on the message and the authentication token transmitted from the authentication terminal 200 and succeeds in verification, the biometric authentication system (specifically, for example, the authentication terminal 200) For example, a message indicating “authentication success” is output, and an ID of a user who has succeeded in authentication (that is, an ID corresponding to the second template that has been successfully authenticated) is output. If the verification fails, the biometric authentication system outputs a message indicating “authentication failure”, for example.

  However, the verification unit 305 may output all the IDs corresponding to each of the plurality of second templates when the verification is successful with respect to the plurality of second templates, or the second template that is successfully verified first. For example, a part of the ID that has been successfully verified may be output, for example, an ID corresponding to may be output, or it may be considered that the verification has failed.

  For example, if the authentication token generated in S2208 is an electronic signature, in step S2304, the verification unit 305 includes a pseudo identifier included in the second template identified in step S2301 (in this case, the pseudo identifier is a public key). And the message and the authentication token received from the authentication terminal 200 are verified by a verification algorithm corresponding to the signature algorithm in step S2208.

  For example, when the authentication token generated in step S2208 is a hash value of the secret key, the authentication token generation unit 207 generates the second template so that the pseudo identifier in the second template includes the hash value of the secret key. In this case, the verification unit 305 can verify the authentication token by comparing the hash values.

  For example, when the authentication token generated in step S2208 is a MAC generated based on the secret key and the message, or a MAC generated based on the hash value of the secret key and the message, the authentication token generation unit 207 displays the second template. If the second template is generated so that the pseudo-identifier in the file includes the secret key or the hash value of the secret key, the verification unit 305 can verify the authentication token by using the MAC verification algorithm.

  In the biometric authentication system of the present embodiment, by extracting the feature quantity so that the correlation between the first registration feature quantity and the second registration feature quantity is low, and using biometric encryption as the second template generation process, It has the effect of making it difficult to impersonate the system. The relationship between the first registration feature quantity and the second registration feature quantity will be described.

  As an example of extracting feature quantities so that the correlation is low, as a combination of biometric information for first registration and biometric information for second registration, another type of biometrics such as (face, fingerprint) or (face, finger vein) There are examples of information, and examples of the same type of information (vein of right index finger, right finger middle finger), but different parts of biometric information.

  Moreover, the same biometric information (at least one of a part or a type) may be selected as the first registration biometric information and the second registration biometric information, and two feature amounts having low correlation may be extracted from the same biometric information. . For example, when both the first registration feature quantity and the second registration feature quantity are fingerprints of the right index finger, the position of the feature point of the fingerprint is used as the first registration feature quantity, and the second registration feature quantity As described above, frequency information of the fingerprint image is used.

  Further, for example, even when the first registration biometric information and the second registration biometric information are the same type of biometric information obtained from the same part, the first registration feature quantity and the second registration feature quantity are generated. In this process, by performing predetermined conversion (for example, addition of predetermined noise) on at least one of the two, the correlation between the first registration feature quantity and the second registration feature quantity can be lowered.

  In order to explain the effect of making it difficult to impersonate the biometric authentication system, as an example, the registration terminal 100 extracts feature quantities so that the correlation between the first registration feature quantity and the second registration feature quantity is low, Consider an example in which registration cancelable conversion is performed as the first template generation process and biometric encryption is used as the second template generation process.

  In this case, if the stored first template and cancelable parameters are leaked to a third party at the same time, the third party can restore the first registration feature amount. However, since the correlation between the first registration feature quantity and the second registration feature quantity is low, it is difficult to estimate the second registration feature quantity from the first registration feature quantity.

  On the other hand, by using a biometric cryptography as authentication based on the second registration feature quantity, a third party who has not succeeded in estimating the second registration feature quantity (second template, past authentication message, and signature) However, it is difficult to generate an authentication token that succeeds in the authentication token verification process in step S2304. Therefore, in the biometric authentication system of the present embodiment, by extracting the feature quantity so that the correlation between the first registration feature quantity and the second registration feature quantity is low, it is possible to authenticate registered templates and parameters. Even if necessary information, past authentication messages, and signatures are leaked, impersonation using them becomes difficult.

  In order to obtain such a spoofing difficulty, in the first template generation process, the first template generation unit 105 performs arbitrary conversion on the first registration feature amount instead of the registration cancelable conversion. Alternatively, the first registration feature value itself may be determined as the first template (that is, equal to the result of the identity conversion performed on the first registration feature value).

  Further, even when the correlation between the first registration feature quantity and the second registration feature quantity is not necessarily low, for example, registration cancelable conversion is performed as the first template generation process, and biotechnology is used as the second template generation process. When metric encryption is performed, the correlation between the first template and the second registration feature amount becomes low. Thereby, even if the first template is leaked to a third party, it is difficult to estimate the second registration feature amount directly from the first template unless the cancelable parameter is leaked. Impersonation of a biometric authentication system becomes difficult. Thus, even when the correlation between the first registration feature quantity and the second registration feature quantity is not necessarily low, it has safety equal to or higher than that of the conventional cancelable biometrics, and the conventional cancelable biometrics. The system has a signature generation function that was not included in the metrics.

  Although an example in which cancelable biometrics is used has been described, in this case, the cancelable parameters are stored in the authentication terminal 200, the server 300, or any device connected to these computers.

  In addition, after cancelable parameters are stored in a DB for storing parameters, predetermined data is transmitted to the registration terminal 100, the authentication terminal 200, and the server 300 at each registration process and authentication process. A method for performing predetermined cancelable conversion (see, for example, JP 2010-146245 A) may be used.

  In the present embodiment, processing for preventing information leakage, such as further encrypting the first template, the second template, and the network communication, may be further performed. In the present embodiment, the template DB 302 may be held by a storage device other than the server 300.

  In the present embodiment, a part of the processing order may be changed. For example, the processing of step S2205 and step S2206 is performed between step S2204 and step S2207, but the order may be changed so as to be performed at any time before step S2207 during the authentication processing.

  With the biometric authentication system of this embodiment, impersonation of the biometric authentication system is difficult even if data such as templates and parameters stored for authentication leak, and high-speed for large-scale users ID-less personal authentication via the network can be realized.

  With such 1: N personal authentication, it is possible to perform authentication and payment in net banking more safely, and application to a national ID is expected.

  Differences from the first embodiment will be described. In the biometric authentication system of the present embodiment, the message generation processing in step S2302 in the first embodiment is performed not by the server 300 but by the authentication terminal 200.

  FIG. 4 is a block diagram illustrating a configuration example of the biometric authentication system in the present embodiment. Authentication terminal 200 further includes a message generation unit 209. The server 300 does not include the message generation unit 304, but may include the message generation unit 304 as in the first embodiment.

  FIG. 5 is a sequence diagram illustrating an example of a registration process and an authentication process in the present embodiment. In the first embodiment, the server 300 performs the message generation process (S2302) after the template search process (S2301). However, in this embodiment, the server 300 does not generate a message and the authentication terminal 200 generates a message.

  Subsequent to step S2301, in step S2313, the communication unit 306 transmits only the second template without sending a message. Step S2313 is a process executed instead of step S2303 in the first embodiment.

  In step S2217, the message generation unit 209 generates a message. The message generation method is the same as in the first embodiment. Note that the authentication terminal 200 may acquire a message by receiving a message generated by an external device from the device.

  In step S2219 following step S2207, the communication unit 208 transmits a message in addition to the authentication token. Step S2219 is a process executed instead of step S2209 of the first embodiment.

  In the biometric authentication system of this embodiment, when the authentication terminal 200 generates a message, authentication is performed using information generated by the authentication terminal 200, or data such as a document generated by the authentication terminal 200 is signed. can do.

  Differences from the first embodiment will be described. In the authentication process of the authentication system of the present embodiment, the authentication terminal 200 does not receive the second template, and generates an authentication token from the second authentication feature amount and the message. The authentication token generation unit 207 uses, for example, a biometric signature in the authentication token generation process.

  FIG. 6 is a sequence diagram illustrating an example of a registration process and an authentication process in the present embodiment. In step S1106, the second template generation unit 106 generates a second template based on the second registration feature amount. As an example of step S1106, the second template generation unit 106 generates a biometric public key by converting the registration feature quantity in one direction in the biometric signature method based on the second registration feature quantity (biometric public key generation process). ) To set the biometric public key as the second template.

  Following step S2302, in step S2323, the communication unit 306 transmits a message. Step S2323 is a process executed instead of step S2303 in the first embodiment. That is, in this embodiment, the server 300 does not transmit the second template to the authentication terminal 200.

  In step S2207, the authentication token generating unit 207 generates a biometric signature for an arbitrary message using the signature feature amount in the biometric signature method based on the second authentication feature amount extracted in step S2206 and the message. Processing (biometric signature generation processing) is performed, and the generated biometric signature is used as an authentication token.

  In step S2304, the verification unit 305 performs verification based on the message, the authentication token, and the second template specified in step S2301. For example, if the second template generated in step S1126 is a biometric public key, in step S2304, a signature verification process using a biometric signature scheme is performed.

  When a plurality of second templates are identified in step S2301, the verification unit 305 may perform signature verification processing on all the plurality of second templates, or may be identified first in step S2301. A part of second templates may be selected by an arbitrary method such as selecting a second template, and signature verification processing may be performed on the selected second template. The signature verification process for the biometric signature requires more time than the verification process for normal authentication, but the overall authentication time can be shortened by reducing the number of second templates for performing the signature verification process.

  By using the biometric signature method, the authentication system of the present embodiment makes it difficult to impersonate the system even if data such as parameters and keys stored for authentication are leaked. An ID-less personal authentication system for large-scale users via a network can be realized.

  In the present embodiment, the authentication terminal 200, not the server 300, performs the message generation process in step S2302 in the third embodiment. Therefore, differences from the third embodiment will be described below. Since the configuration example of the biometric authentication system of the present embodiment is the same as that of the second embodiment (FIG. 4), description thereof is omitted.

  FIG. 7 is a sequence diagram illustrating an example of a registration process and an authentication process in the present embodiment. In the third embodiment, the server 300 executes the message generation process (S2302) and the message transmission process (S2323) after the template search process (S2301). However, in this embodiment, the server 300 does not perform message generation and message transmission. The authentication terminal 200 generates a message.

  Subsequent to step S2206, in step S2217, the message generation unit 209 generates a message. The message generation method is the same as in the second embodiment. Following step S2207, in step S2219, the communication unit 208 transmits a message and an authentication token. Step S2219 is a process executed instead of step S2209 of the third embodiment.

  In the biometric authentication system of this embodiment, when the authentication terminal 200 generates a message, authentication is performed using information generated by the authentication terminal 200, or data such as a document generated by the authentication terminal 200 is signed. can do. In particular, in the authentication system of the present embodiment, an authentication token for a message can be generated without communication from the server 300 to the authentication terminal 200.

  In this embodiment, one terminal (referred to as a client terminal) performs registration processing and authentication processing. FIG. 8 is a block diagram illustrating a configuration example of the biometric authentication system in the present embodiment. As described above, the biometric authentication system in this embodiment includes the client terminal 400. The client terminal 400 is configured by, for example, a computer having the hardware configuration shown in FIG.

  The CPU 1001 of the client terminal 400 includes a first biological information acquisition unit 101, a second biological information acquisition unit 102, a first feature extraction unit 103, a second feature extraction unit 104, a first template generation unit 105, and a second template generation unit 106. A search data generation unit 205, an authentication token generation unit 207, a storage unit 301, a template search unit 303, and a verification unit 305. The auxiliary storage device 1003 of the client terminal 400 includes a template DB 302.

  FIG. 9 is a sequence diagram illustrating an example of a registration process and an authentication process in the present embodiment. Processing by the client terminal 400 includes registration processing (S1000) and authentication processing (S2000).

  The registration process (S1000) includes the processes of step S1101, step S1102, step S1103, step S1104, step S1105, step S1106, and step S1301. The contents of each process are the same as those in the first embodiment.

  In the authentication process (S2000), the client terminal 400 first performs steps S2201, S2202, S2203, S2301, S2205, and S2206. The contents of each process are the same as those in the first embodiment.

  Subsequently, in step S2247, the authentication token generation unit 207 performs an authentication token generation process based on the second authentication feature amount and the second template specified in step S2301. In step S2247, the authentication token generation unit 207 may perform the message generation process and the authentication token generation process in the first or third embodiment. Note that when a message is not used to generate an authentication token, the message generation process may not be executed.

  In step S2248, the verification unit 305 performs verification based on the second template and the authentication token. In step S2248, the verification unit 305 performs, for example, the authentication token verification process in the first or third embodiment.

  A specific example of the processing in steps S2247 and S2248 will be described. However, it is assumed that a template generation process in the biometric cryptosystem is performed in S1105 and the pseudo identifier includes a hash value of the secret key.

  In step S2247, the authentication token generation unit 207 first performs a restoration process based on the second authentication feature amount and the second template specified in step S2341, thereby restoring the secret key. Then, the authentication token generation unit 207 determines the hash value of the restored secret key as an authentication token. In step S2248, the verification unit 305 verifies the authentication token by comparing the hash value of the secret key included in the pseudo identifier in the second template.

  Note that the authentication token generation unit 207 may generate an authentication token for a specific message using the extracted secret key. In this case, by verifying the signature, the client terminal 400 or another device can authenticate the identity of the message creator or approver and verify that the message has not been tampered with.

  With this embodiment, it is difficult to impersonate the system even if data such as templates and parameters stored for authentication leaks, and a high-speed IDless personal authentication system for large-scale users This can be realized in one terminal.

  In addition, this invention is not limited to an above-described Example, Various modifications are included. For example, the above-described embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described. Also, a part of the configuration of a certain embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of a certain embodiment. Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.

  Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function can be stored in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.

  Further, the control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.

  100 registration terminal, 103 first feature extraction unit, 104 second feature extraction unit, 105 first template generation unit, 106 second template generation unit, 200 authentication terminal, 203 first feature extraction unit, 204 second feature extraction unit, 205 search data generation unit, 207 authentication token generation unit, 209 message generation unit, 300 server, 302 template DB, 303 template search unit, 304 message generation unit, 305 verification unit, 400 client terminal, 1001 CPU, 1002 memory, 1003 Auxiliary storage device, 1004 input device, 1005 output device, 1006 communication device

Claims (13)

A biometric authentication system,
Including a registration terminal, an authentication terminal, and a server;
The registration terminal extracts the first registration feature quantity and the second registration feature quantity from the biometric information of the person to be registered,
The authentication terminal extracts the first authentication feature quantity and the second authentication feature quantity from the biometric information of the person to be authenticated,
The registered terminal
Based on the first matching method, a first template different from the second registration feature value is determined from the first registration feature value,
Based on the second matching method, a second template is determined from the second registration feature amount,
Sending the first template and the second template to the server;
The server holds the first template and the second template in association with each other,
The authentication terminal is
Based on the first verification method, determining search data from the first authentication feature amount,
Sending the search data to the server;
The server
Based on the first collation method, the first template held by the server is searched to identify the first template corresponding to the search data,
Identifying a second template corresponding to the identified first template;
The authentication terminal generates an authentication token from the second authentication feature amount based on the second verification method,
The server performs the authentication success / failure determination of the person to be authenticated based on the second verification method, the identified second template, and the authentication token,
A biometric authentication system in which a template matching process in the search for the first template is faster than a process that combines generation of the authentication token and determination of success or failure of the authentication. The biometric authentication system according to claim 1,
The first registration feature amount is obtained from the first biological information,
The biometric authentication system, wherein the second registration feature amount is obtained from different types of second biometric information from the first biometric information. The biometric authentication system according to claim 2,
The biometric authentication system, wherein the first biometric information and the second biometric information are biometric information obtained from different parts. The biometric authentication system according to claim 1,
The first registration feature quantity and the second registration feature quantity are obtained from the same biological information,
At least one of the first registration feature quantity and the second registration feature quantity is a biometric authentication system that has been subjected to predetermined conversion in the process of generation from the same biometric information. The biometric authentication system according to claim 1,
The registered terminal
In the second verification method,
Generate a secret key
A biometric authentication system that determines the second template using a concealment process of the second registration feature amount by the secret key. The biometric authentication system according to claim 5,
The server
Generate a message,
Sending the message and the identified second template to the authentication terminal;
The authentication terminal is
Restoring the secret key from the identified second template and the second authentication feature,
Using the signature generation process with the restored private key for the message, generating the authentication token,
The biometric authentication system, wherein the server performs the determination using the signature verification process. The biometric authentication system according to claim 5,
The server transmits the identified second template to the authentication terminal;
The authentication terminal is
Generate a message,
Restoring the secret key from the identified second template and the second authentication feature,
Using the signature generation process with the restored private key for the message, generating the authentication token,
The biometric authentication system, wherein the server performs the determination using the signature verification process. The authentication system according to claim 1,
The registered terminal
In the second verification method,
The biometric public key is generated by unidirectionally converting the second registration feature amount,
Determining the biometric public key as the second template;
The server
Generate a message,
Sending the message to the authentication terminal;
The authentication terminal generates the authentication token using a biometric signature generation process based on the second authentication feature amount and the message,
The biometric authentication system, wherein the server performs the determination using a verification process that verifies the biometric signature using the biometric public key. The authentication system according to claim 1,
The registered terminal
In the second verification method,
The biometric public key is generated by unidirectionally converting the second registration feature amount,
Determining the biometric public key as the second template;
The authentication terminal is
Generate a message,
Using the biometric signature generation process based on the second authentication feature amount and the message, generate the authentication token,
The biometric authentication system, wherein the server performs the determination using a verification process that verifies the biometric signature using the biometric public key. The biometric authentication system according to any one of claims 6 to 9,
The biometric authentication system, wherein the message is one-time information. The authentication system according to claim 1,
The registered terminal
In the first verification method,
Generate parameters,
The biometric authentication system which determines the said 1st template using the concealment process of the said 1st registration feature-value by the said parameter. A biometric authentication system,
A processor for executing a program; and a memory accessed by the processor;
The processor is
Extracting the first registration feature quantity and the second registration feature quantity from the biometric information of the person to be registered,
Extracting the first authentication feature quantity and the second authentication feature quantity from the biometric information of the person to be authenticated,
Based on the first matching method, a first template different from the second registration feature value is determined from the first registration feature value,
Based on the second matching method, a second template is determined from the second registration feature amount,
Storing the first template and the second template in the memory in association with each other;
Based on the first verification method, determining search data from the first authentication feature amount,
Based on the first collation method, the first template stored in the memory is searched to identify the first template corresponding to the search data,
Identifying a second template corresponding to the identified first template;
Based on the second verification method, an authentication token is generated from the second authentication feature amount,
Based on the second verification method, the identified second template, and the authentication token, a determination of the success or failure of the authentication target person is performed.
A biometric authentication system in which a template matching process in the search for the first template is faster than a process that combines generation of the authentication token and determination of success or failure of the authentication. A biometric authentication method using a biometric authentication system,
The biometric authentication system includes a processor that executes a program, and a memory that the processor accesses.
The biometric authentication method includes:
The processor extracts a first registration feature quantity and a second registration feature quantity from the biometric information of the person to be registered;
The processor extracts a first authentication feature quantity and a second authentication feature quantity from the biometric information of the person to be authenticated;
The processor determines a first template different from the second registration feature amount from the first registration feature amount based on a first matching method;
The processor determines a second template from the second registration feature amount based on a second matching method;
The processor associates the first template with the second template and stores them in the memory;
The processor determines search data from the first authentication feature amount based on the first matching method,
The processor searches the first template stored in the memory based on the first collation method to identify the first template corresponding to the search data;
The processor identifies a second template corresponding to the identified first template;
The processor generates an authentication token from the second authentication feature quantity based on the second matching method;
The processor includes determining whether the authentication target is successful based on the second verification method, the identified second template, and the authentication token;
The biometric authentication method, wherein the template matching process in the search for the first template is faster than the process that combines the generation of the authentication token and the determination of the success or failure of the authentication.

Images