JP2023014237A - Information processing system, information processing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing system which takes measures for reducing the risk of so-called "spoofing" while preventing leakage of biometric information.

SOLUTION: A one-time information acquisition unit 121 acquires transmitted one-time information and management server-side feature quantities. The one-time information acquisition unit 121 transmits the acquired one-time information to an operation terminal 3. A method inquiry receiving unit 122 which receives an inquiry for a conversion method to be used for converting biometric information for authentication of a user U, and presents a conversion method used in the acquired one-time information to the operation terminal 3. The method inquiry receiving unit 122 presents the conversion method used in the acquired one-time information to a method inquiry unit 514 of the operation terminal 3. An authentication biometric information acquisition unit 123 acquires transmitted operation terminal-side feature quantities. A collation unit 124 executes collation between the acquired management server-side feature quantities and the acquired operation terminal-side feature quantities.

SELECTED DRAWING: Figure 3

COPYRIGHT: (C)2023,JPO&INPIT

Description

The present invention relates to an information processing system, an information processing method, and a program.

In recent years, in authentication using authentication terminals (for example, smart phones, tablet terminals, etc.), development of biometric authentication technology using biometric information such as fingerprint authentication and iris authentication has been remarkable. An authentication technique that does not involve the input of a password, including a biometric authentication technique, is also called "FIDO (Fast Identity Online)" (registered trademark) and is attracting attention.
In the case of user authentication using FIDO (registered trademark), the user is not only freed from the trouble of entering a password each time he/she logs in, but also the password itself does not exist, so there is no problem of password leakage. Therefore, there is a great merit that security risks can be reduced.
For example, Patent Literature 1 describes an input device (mouse) that is capable of specifying the person who actually uses the computer device by performing fingerprint authentication even if there are multiple people who use the computer device. is described.

JP 2016-170549 A

Conventionally, FIDO (registered trademark) performs user authentication based on biometric information stored on the authentication terminal side from the viewpoint of preventing the leakage of biometric information that may occur due to communication interception. , the server side does not hold biometric information.
For example, in Patent Document 1, authentication data including a fingerprint image, name, identification information (site request information), etc. is pre-stored (registered) in an authentication data table in a storage device provided in an input device (mouse) as an authentication terminal. ).
However, if biometric information is not held on the server side, but is held only on the authentication terminal side, and user authentication is performed on the authentication terminal side, unauthorized rewriting of the biometric information held on the authentication terminal side may occur. There is a risk that the so-called "spoofing" problem may occur due to

The present invention has been made in view of such circumstances, and an object of the present invention is to provide an information processing system in which measures are taken to reduce the risk of so-called "spoofing" while preventing leakage of biometric information. .

In order to achieve the above object, an information processing system according to one aspect of the present invention includes:
a first acquisition means for acquiring biometric information to be authenticated;
a second acquiring means for acquiring part of the biometric information of the authentication target or information obtained by processing at least part of the biometric information as comparison information at the time of authentication;
a process execution means for executing a process related to authentication of the authentication target based on the biometric information acquired by the first acquisition means and the comparison information acquired by the second acquisition means;
Prepare.

An information processing method and program of one aspect of the present invention are provided as a method and program corresponding to the information processing system of one aspect of the present invention.

According to the present invention, it is possible to provide an information processing system in which measures are taken to reduce the risk of so-called "spoofing" while preventing leakage of biometric information.

1 is a configuration diagram of an authentication system that is an embodiment of an information processing system of the present invention; FIG. 2 is a block diagram showing the hardware configuration of an authentication server in the authentication system of FIG. 1; FIG. 3 is a functional block diagram showing an example of functional configurations of the authentication server of FIG. 2, the biometric information management server of FIG. 1, and an operation terminal; FIG. FIG. 4 is an arrow chart showing the flow of registration processing executed by cooperation between the authentication server and the biometric information management server shown in FIG. 3; FIG. 4 is an arrow chart showing the flow of authentication processing executed by cooperation between the authentication server and the biometric information management server shown in FIG. 3; 4 is a flow chart showing the flow of authentication processing executed by the authentication server shown in FIG. 3; 2 is a diagram showing a specific example of registration processing and authentication processing by the authentication system of FIG. 1; FIG.

An embodiment of the present invention will be described below with reference to the drawings.

FIG. 1 is a configuration diagram of an authentication system S, which is an embodiment of an information processing system of the present invention.

The authentication system S, as shown in FIG. 1, is configured to include an authentication server 1, a biometric information management server 2, and operation terminals 3-1 to 3-n. Hereinafter, when there is no need to distinguish between the operation terminals 3-1 to 3-n, they will be collectively referred to as the "operation terminal 3".
The authentication server 1 and the operation terminals 3-1 to 3-n are interconnected via a network N such as the Internet. On the other hand, the biometric information management server 2 is not directly connected to the network N. The biometric information management server 2 is connected to the authentication server 1 via a virtual private cloud (hereinafter referred to as "VPC"). A VPC is a system in which a rental server or the like is installed in a closed network such as a virtual private network (VPN) and used as a cloud.

FIG. 2 is a block diagram showing the hardware configuration of the authentication server 1 in the authentication system S of FIG. 1. As shown in FIG.

The authentication server 1 includes a CPU (Central Processing Unit) 11, a ROM (Read Only Memory) 12, a RAM (Random Access Memory) 13, a bus 14, an input/output interface 15, an output section 16, and an input section 17. , a storage unit 18 , a communication unit 19 , and a drive 20 .

The CPU 11 executes various processes according to programs recorded in the ROM 12 or programs loaded from the storage unit 18 to the RAM 13 .
The RAM 13 also stores data necessary for the CPU 11 to execute various processes.

The CPU 11 , ROM 12 and RAM 13 are interconnected via a bus 14 . An input/output interface 15 is also connected to this bus 14 . An output unit 16 , an input unit 17 , a storage unit 18 , a communication unit 19 and a drive 20 are connected to the input/output interface 15 .

The output unit 16 is composed of various liquid crystal displays and the like, and outputs various information.
The input unit 17 is composed of various hardware and the like, and inputs various information.
The storage unit 18 is composed of a hard disk, a DRAM (Dynamic Random Access Memory), or the like, and stores various data.
The communication unit 19 controls communication with other devices (in the example of FIG. 1, the biological information management server 2, the operation terminal 3, etc.) via a network N including the Internet.

A drive 20 is provided as required. The drive 20 consists of a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, and a removable medium 30 is mounted as appropriate. A program read from the removable medium 30 by the drive 20 is installed in the storage section 18 as necessary. The removable medium 30 can also store various data stored in the storage unit 18 in the same manner as the storage unit 18 .

Since the configuration of the biometric information management server 2 is basically the same as the configuration of the authentication server 1, description thereof will be omitted here. Note that FIG. 3, which will be described later, shows the functional configuration of the biometric information management server 2 as follows: a CPU 41 corresponding to the CPU 11 of the authentication server 1; A communication unit 49 corresponding to the communication unit 19 is shown.

Since the configuration of the operation terminal 3 is basically the same as that of the authentication server 1 except that it may have a touch panel, the description thereof will be omitted here. Note that FIG. 3, which will be described later, shows the functional configuration of the operation terminal 3 as an input unit 50 for acquiring biometric information, a CPU 51 corresponding to the CPU 11 of the authentication server 1, and a communication unit 19 of the authentication server 1. A communication unit 59, a touch operation input unit 56, and a display unit 57 are shown.

In cooperation with various hardware and software of the authentication server 1 shown in FIG. 2, the biological information management server 2 shown in FIG. Various processes can be executed.
That is, the authentication server 1, the biometric information management server 2, and the operation terminal 3 have a functional configuration as shown in FIG. 3 in executing various processes such as registration process and authentication process.

FIG. 3 is a functional block diagram showing an example of functional configurations of the authentication server 1 of FIG. 2, the biometric information management server 2 of FIG. 1, and the operation terminal 3. As shown in FIG.
Here, although not shown, for the sake of convenience, the information processing system in FIG. The following description will be given.

(authentication server)
In the CPU 11 of the authentication server 1, as shown in FIG. 3, a registration section 100 and an authentication section 200 function. Specifically, in the registration unit 100 that mainly functions in registration processing, an information acquisition unit 111 and a registered biometric information transfer unit 112 function. In the authentication unit 200 that mainly functions in authentication processing, a one-time information acquisition unit 121, a method inquiry reception unit 122, an authenticated biometric information acquisition unit 123, and a collation unit 124 function. Furthermore, in one area of the storage unit 18 of the authentication server 1, a terminal DB 701 and a user DB 702 are provided.

In the registration unit 100, a series of processes for registering various types of information including biometric information of the user U in the authentication system S are executed.
That is, in this service, biometric authentication is possible because various types of information including the biometric information of the user U are registered in the authentication system S in advance. The format of the biometric information of the user U is not particularly limited, and the biometric information can be registered in various formats. For example, it is possible to register using various formats such as image information, vector information, and information indicating feature amounts.

The information acquisition unit 111 of the registration unit 100 acquires various information (hereinafter referred to as “terminal information”) regarding each of the operation terminals 3-1 to 3-n, and information on operating each of the operation terminals 3-1 to 3-n. Various types of information (hereinafter referred to as “user information”) including biometric information about each human user U are acquired. The terminal information acquired by the information acquisition unit 111 is stored and managed in the terminal DB 701 . The terminal information includes, for example, an ID that uniquely identifies each of the operation terminals 3-1 to 3-n. User information acquired by the information acquisition unit 111 is stored and managed in the user DB 702 . The user information includes, for example, an ID that uniquely identifies each of the n users U-1 to Un. Furthermore, the information acquisition unit 111 presents the acquired user information and terminal information to the registered biometric information transfer unit 112 .

The registered biometric information transfer unit 112 of the registration unit 100 acquires the user information and terminal information acquired by the information acquisition unit 111, and transmits the acquired user information and terminal information to the biometric information management server 2 as registered biometric information. .
Here, the registered biometric information refers to biometric information registered in the biometric information management server 2 in advance, which is necessary for comparison with the biometric information of the user required for verification when executing authentication processing.
Since the biometric information management server 2 that holds the biometric information of the user U is configured to be isolated from the external communication environment, the biometric information of the user U can be held in an environment where security is ensured.

A series of processes for authenticating the user U are executed in the authentication unit 200 .
The one-time information acquisition unit 121 of the authentication unit 200 acquires the one-time information and the management server side feature amount transmitted from the biometric information management server 2 . Here, the timing at which the authentication server 1 acquires the one-time information is not particularly limited. For example, the biometric information management server 2 may periodically acquire the one-time information through batch processing.
Then, the onetime information acquisition unit 121 of the authentication unit 200 transmits the acquired onetime information to the operation terminal 3 .
Here, the one-time information is information for specifying a feature amount to be extracted each time authentication is performed among the biometric information registered by the user (that is, the registered biometric information). The management server side feature amount is a feature amount for authentication generated by the biometric information management server 2 based on this one-time information.
Authentication in this embodiment is performed by matching the management server side feature amount with the operation terminal side feature amount described later (hereinafter referred to as "one-time authentication"). converted to the method of Therefore, in one-time authentication, the biometric information to be authenticated needs to be converted according to the conversion method used for the one-time information. According to one-time authentication, the biometric information sent and received differs each time, so even if the biometric information is intercepted, it is impossible to restore the biometric information.

The method inquiry reception unit 122 of the authentication unit 200 receives an inquiry from the operation terminal 3 about the conversion method to be used when converting the biometric information of the user U at the time of authentication. 121 presents the conversion method used for the one-time information acquired by the operation terminal 3 .
Then, the method inquiry reception unit 122 presents the method inquiry unit 514 of the operation terminal 3 with the conversion method used for the onetime information acquired by the onetime information acquisition unit 121 .

The to-be-authenticated biometric information acquisition unit 123 of the authentication unit 200 acquires the operating terminal side feature amount transmitted from the operating terminal 3 . Here, the operating terminal side feature amount may be information converted by the conversion method presented by the method inquiry reception unit 122 .
In this way, by converting the biometric information of the user U who is going to be authenticated by the conversion method presented by the method inquiry receiving unit 122, authentication can be performed more safely.

The collation unit 124 of the authentication unit 200 collates the management server side feature amount acquired by the one-time information acquisition unit 121 with the operating terminal side feature amount acquired by the to-be-authenticated biometric information acquisition unit 123 . As a result of collation by the collation unit 124, when the management server side feature amount and the operation terminal side feature amount are confirmed to match, the user is authenticated as being the same as the user whose biometric information has been registered in advance.
Then, the collation unit 124 of the authentication unit 200 notifies the operation terminal 3 of the collation result as the authentication result.
That is, the matching unit 124 notifies the operation terminal 3 that the management server side feature amount and the operation terminal side feature amount match or do not match as a result of matching as an authentication result.
Note that the collation unit 124 includes information for uniquely identifying the user U (hereinafter referred to as "user ID") and information for uniquely identifying the operating terminal (hereinafter referred to as "terminal ID"). You may consider any other information, such as.
As for the method of matching the feature amount on the management server side and the feature amount on the operating terminal side, for example, the degree of similarity is calculated from each feature amount, and compared with an arbitrarily set threshold value in advance. If so, it is determined that the user is the same as the user who registered the biometric information in advance.

(Biological information management server)
In the CPU 41 of the biometric information management server 2, as shown in FIG. 3, a registered biometric information acquisition unit 411, a decryption unit 412, a onetime information generation unit 413, and a onetime information transmission unit 414 function. Furthermore, a biometric DB 801 is provided in one area of the storage unit 48 of the biometric information management server 2 .

The registered biometric information acquisition unit 411 acquires the user information and terminal information transferred from the registered biometric information transfer unit 112 of the authentication server 1 . The registered biometric information acquired by the registered biometric information acquisition unit 411 is information encrypted in the operation terminal 3 in order to ensure security.

The decoding unit 412 decodes the registered biometric information acquired by the registered biometric information acquisition unit 411 . The user information and terminal information decoded by the decoding unit 412 are stored and managed in the biometric DB 801 . Here, the user information and the terminal information are registered by being stored and managed in the biometric DB 801 .
Then, the decoding unit 412 notifies the operation terminal 3 of the registration.
Here, as described above, the biometric information management server 2 is isolated from the external communication environment, and is configured to form a VPC with the authentication server 1 having the external communication environment. That is, the biometric information management server 2 can hold these pieces of information in an environment in which security is ensured.

The one-time information generation unit 413 generates a part of the biometric information to be authenticated or information obtained by processing at least a part of the biometric information as information for comparison at the time of authentication.
That is, the one-time information generation unit 413 generates one-time information that can specify the feature amount used for authentication from among the user information.
Based on the generated one-time information, the one-time information generating unit 413 extracts the management server side feature amount used for authentication. Note that the method of generating this comparison information is not necessarily limited to the extraction of feature amounts. For example, as will be described later, the comparison information may be generated using a method of reducing the dimensions of vector information, a method of adding noise, a method of hashing information indicating feature amounts, or the like.

The one-time information transmission unit 414 transmits the one-time information generated by the one-time information generation unit 413 and the management server side feature amount to the authentication server 1 via the communication unit 49 .

(operation terminal)
The operation terminal 3 includes an input unit 50, a CPU 51, a touch operation input unit 56 forming a touch panel, and a display unit 57, as shown in FIG.
In the CPU 51 of the operation terminal 3, a biometric information acquisition unit 511, a biometric information encryption unit 512, a terminal information transmission unit 513, a method inquiry unit 514, a biometric information to be authenticated generation unit 515, and biometric information to be authenticated A transmission control unit 516 functions.

The biometric information acquisition unit 511 acquires user information of the user U via the input unit 50 . As described above, the user information acquired here includes, for example, information such as the user's name, weight, age, height, etc. input via a keyboard, etc., and fingerprint information input via a sensor, etc. , various information about the user U including biometric information such as image information.
Then, the biometric information acquisition unit 511 presents the acquired user information of the user U to the biometric information encryption unit 512 .
The touch operation input unit 56 and the display unit 57 constitute a touch panel as shown in FIG. The touch operation input unit 56 includes, for example, a capacitance type or resistive film type (pressure-sensitive) position input sensor laminated on the display unit 57, and detects the coordinates of the position where the touch operation is performed. The display unit 57 is configured by a display such as liquid crystal, and displays various images. Thus, in this embodiment, the touch operation input unit 56 and the display unit 57 constitute a touch panel.

The biometric information encryption unit 512 executes processing for encrypting various information acquired by the biometric information acquisition unit 511 . The biometric information encryption unit 512 then presents the encrypted various information to the terminal information transmission unit 513 . As a result, the encrypted biometric information can be transmitted to the authentication server 1 or the like, so authentication with higher security can be realized.

The terminal information transmission unit 513 transmits various types of information regarding the operation terminal 3 , that is, terminal information and user information to the authentication server 1 .
Here, the transmitted user information is encrypted by the biometric information encryption unit 512 . The terminal information also includes, for example, an ID that uniquely identifies the operation terminal 3 .

The method inquiry unit 514 inquires of the authentication server 1 about the conversion method to be used when converting the operating terminal side feature amount of the user U who is going to be authenticated. Even if the content of the inquiry about the conversion method is intercepted, the interceptor cannot restore the biometric information because the content of the inquiry is different each time. Also, if an interceptor sends the content of an intercepted inquiry, this can be determined as unauthorized access. In this case, it is possible to block the operation terminal 3 that is recognized to have made unauthorized access, and it is also possible to block the conversion method itself used in the operation terminal 3 that is recognized to have made unauthorized access.

Here, the transmitted user information is encrypted by the biometric information encryption unit 512 . Further, at the time of authentication, the biometric information generating unit 515 to be authenticated converts the biometric information acquired by the biometric information acquisition unit 511 according to the conversion method presented by the authentication server 1, thereby converting the user information into the operating terminal side feature amount. to extract As a result, at the time of authentication by the authentication server 1, the biometric information acquired by the biometric information acquiring unit 511 (that is, the operation terminal side feature amount) and the pre-registered biometric information (that is, the management server side feature amount) are combined. can be verified.

The biometric-to-be-authenticated-information transmission control unit 516 executes control to transmit the operating-terminal-side feature amount extracted by the biometric-to-be-authenticated-information generating unit 515 to the authentication server 1 .
That is, the authentication target biometric information transmission control unit 516 transmits the operating terminal side feature quantity extracted by the authentication target biometric information generation unit 515 to the authentication target biometric information acquisition unit 123 of the authentication server 1 via the communication unit 59 . Execute control.

Next, the flow of registration processing and authentication processing executed by at least one of the authentication server 1 and the biometric information management server 2 shown in FIG. 3 will be described with reference to FIGS. 4 to 6. FIG.

(registration process)
FIG. 4 is an arrow chart showing the flow of registration processing executed by cooperation between the authentication server 1 and the biometric information management server 2 shown in FIG.

First, the flow of processing on the operation terminal 3 side will be described.
In step S<b>1 , the biometric information acquisition unit 511 of the operation terminal 3 acquires user information of the user U via the input unit 50 .
Also, the biometric information acquisition unit 511 presents the acquired user information of the user U to the biometric information encryption unit 512 . The biometric information encryption unit 512 then executes a process of encrypting the user information.
In step S<b>2 , the terminal information transmission unit 513 of the operation terminal 3 transmits various information related to the operation terminal 3 acquired in step S<b>1 , that is, terminal information and user information to the authentication server 1 .
Here, the transmitted user information is encrypted by the biometric information encryption unit 512 . The terminal information also includes, for example, an ID that uniquely identifies the operation terminal 3 .

Next, the flow of processing on the side of the authentication server 1 corresponding to the processing on the side of the operation terminal 3 will be described.
In step S11, the information acquisition unit 111 of the authentication server 1 acquires terminal information and user information.
Terminal information acquired by the information acquisition unit 111 is stored and managed in the terminal DB 701 . Similarly, user information acquired by the information acquisition unit 111 is stored and managed in the user DB 702 .
Furthermore, the information acquisition unit 111 presents the acquired user information and terminal information to the registered biometric information transfer unit 112 .
In step S12, the registered biometric information transfer unit 112 acquires the user information and terminal information acquired in step S11, and transmits the acquired user information and terminal information to the biometric information management server 2 as registered biometric information.

Next, the flow of processing on the side of the biometric information management server 2 corresponding to the processing on the side of the authentication server 1 and the side of the operation terminal 3 will be described.
In step S21, the registered biometric information acquisition unit 411 of the biometric information management server 2 acquires the user information and terminal information transferred in step S12.
In step S22, the decoding unit 412 of the biological information management server 2 registers the user information and terminal information acquired in step S21.
That is, the decoding unit 412 of the biometric information management server 2 uses the user information and terminal information acquired in step S21 as registered biometric information, and stores the user information and terminal information acquired by being stored and managed in the biometric DB 801. is registered.
In step S23, the decoding unit 412 of the biological information management server 2 notifies the operation terminal 3 that the user U has been registered for this service.

(authentication process)
FIG. 5 is an arrow chart showing the flow of authentication processing executed by cooperation between the authentication server 1 and the biometric information management server 2 shown in FIG.

First, the flow of processing on the biological information management server 2 side will be described.
In step S41, the one-time information generation unit 413 of the biometric information management server 2 generates one-time information that can specify the feature amount used for authentication in the user information.
That is, in step S41, the one-time information generation unit 413 generates one-time information that can specify the feature amount used for authentication from among the user information.
In step S42, the one-time information generation unit 413 of the biometric information management server 2 extracts the management server-side feature amount used for authentication based on the one-time information generated in step S41.
In step S<b>43 , the one-time information transmission unit 414 transmits the one-time information generated in step S<b>41 and the management server side feature amount extracted in step S<b>42 to the authentication server 1 via the communication unit 49 .

Next, the flow of processing on the side of the biometric information management server 2 corresponding to the processing on the side of the authentication server 1 and the side of the operation terminal 3 will be described.
In step S51, the one-time information acquisition unit 121 of the authentication server 1 acquires the one-time information and the management server side feature amount transmitted from the biometric information management server 2 in step S43.
In step S<b>52 , the one-time information acquisition unit 121 of the authentication server 1 transmits the one-time information acquired in step S<b>51 to the authenticated biometric information generation unit 515 of the operation terminal 3 .
In step S53, the to-be-authenticated biometric information acquiring unit 123 of the authentication server 1 acquires the operating terminal side feature amount transmitted from the to-be-authenticated biometric information transmission control unit 516 of the operating terminal 3 (see step S63 described later).
In step S54, the matching unit 124 of the authentication server 1 performs matching between the management server side feature amount acquired in step S51 and the operating terminal side feature amount acquired in step S53.
In step S55, the matching unit 124 of the authentication server 1 notifies the operation terminal 3 of the result of the matching performed in step S54 as the authentication result.
That is, the collation unit 124 of the authentication server 1 notifies the operation terminal 3 as an authentication result that the management server side feature amount and the operation terminal side feature amount match or do not match as a result of the collation.

Next, the flow of processing on the side of the operation terminal 3 corresponding to the processing on the side of the authentication server 1 and the biometric information management server 2 will be described.
In step S61, the to-be-authenticated biometric information generator 515 of the operation terminal 3 acquires the one-time information transmitted in step S52.
In step S62, the to-be-authenticated biometric information generation unit 515 of the operation terminal 3 converts the biometric information acquired in step S61 according to the conversion method presented by the authentication server 1, thereby extracting the operating terminal side feature amount from the user information. do.
In step S<b>63 , the authenticated biometric information transmission control unit 516 of the operation terminal 3 performs control to transmit the operation terminal side feature quantity extracted in step S<b>62 to the authentication server 1 .

(authentication process)
FIG. 6 is a flow chart showing the flow of authentication processing executed by the authentication server 1 shown in FIG.

In step S51, the one-time information acquisition unit 121 of the authentication server 1 acquires the one-time information and the management server side feature amount transmitted from the biometric information management server 2 in step S43.
In step S<b>12 , the one-time information acquisition unit 121 of the authentication server 1 transmits the one-time information acquired in step S<b>51 to the authenticated biometric information generation unit 515 of the operation terminal 3 .
In step S<b>53 , the to-be-authenticated biometric information acquiring unit 123 of the authentication server 1 acquires the operating terminal-side feature amount transmitted from the to-be-authenticated biometric information transmission control unit 516 of the operating terminal 3 .
In step S54, the matching unit 124 of the authentication server 1 performs matching between the management server side feature amount acquired in step S51 and the operating terminal side feature amount acquired in step S53.
In step S55, the matching unit 124 of the authentication server 1 notifies the operation terminal 3 of the result of the matching performed in step S54 as the authentication result.
That is, the collation unit 124 of the authentication server 1 notifies the operation terminal 3 as an authentication result that the management server side feature amount and the operation terminal side feature amount match or do not match as a result of the collation.
Further, when new one-time information and management server side feature amount are transmitted, the process returns to step S51, and the subsequent processes are repeated.
On the other hand, if new one-time information and management server side feature amount are not transmitted, the authentication process ends.
It should be noted that, of course, the order of the steps described above is merely an example and is not limited.

(Concrete example)
Next, a specific example of registration processing and authentication processing by the authentication system S of FIG. 1 will be described.
FIG. 7 is a diagram showing a specific example of registration processing and authentication processing by the authentication system S of FIG.

FIG. 7 shows purchaser B purchasing beer from vending machine 4 . However, since beer is an alcoholic beverage, purchaser B cannot purchase it if he is a minor.
Currently, in order to prevent minors from drinking alcoholic beverages, it is required for those who sell alcoholic beverages to sell alcoholic beverages after confirming the age of the purchaser. Therefore, an example in which age authentication of the purchaser B is performed by providing the operation terminal 3 in the vending machine 4 will be described.
In this embodiment, it is assumed that purchaser B has registered his/her own user information in advance using a user terminal (not shown) owned by him/herself. In other words, user information including image information of purchaser B is stored and managed in the biometric DB 801 of the biometric information management server 2 . Furthermore, this user information is managed in association with a user ID or the like that uniquely identifies the purchaser B.

Specifically, in the example of FIG. 7, the operation terminal 3 first captures an image of the purchaser B's face, generates image information based on the image, and acquires this as purchaser B's user information.
Then, when the information (information that authentication has started) is transmitted to the biometric information management server 2 via the authentication server 1, the biometric information management server 2 receives the one-time information (for example, "110110"). and the management server side feature amount is generated. Specifically, for example, among pre-registered face image information (user information) of purchaser B, information that uniquely identifies that the feature amount used for authentication is the “right eye portion” is one It is an example of time information. This one-time information and the management server side feature amount are transmitted to the authentication server 1 .
The server 1 acquires this one-time information and the management server side feature amount, and transmits the one-time information among them to the operation terminal 3 . Then, the operation terminal 3 performs conversion processing to extract the "right eye portion" from the image of the purchaser B photographed earlier as a feature amount, thereby generating an operation terminal side feature amount, which is sent to the authentication server 1. and send.
Then, the server 1 acquires the transmitted operation terminal side feature amount, and performs authentication together with the management server side feature amount described above. That is, the authentication server 1 uses the feature amount (right eye portion) of the image information (biological information) of the face of the purchaser B captured by the operation terminal 3 and the pre-registered image information of the face of the purchaser B ( (Biometric information) is compared with the feature amount (right eye portion). In other words, since the purchaser B has registered his/her own date of birth etc. as user information in advance, if the user to be authenticated is found to be the purchaser B himself, the age of the user is specified. becomes possible.
For example, as a result of this authentication, if the purchaser B's age is recognized as an age at which there is no problem in purchasing alcoholic beverages, the vending machine 4 may sell alcoholic beverages to the purchaser B. . On the other hand, for example, if the purchaser B has not registered for this service in advance, alcoholic beverages may not be sold on the grounds that the age cannot be confirmed.
In summary, this service can be widely used, for example, in the form of the above example.

Although one embodiment of the present invention has been described above, the present invention is not limited to the above-described embodiment, and modifications, improvements, etc. within the scope of achieving the object of the present invention are included in the present invention. be.

Here, the information processing system according to the present invention will be briefly supplemented. In the information processing system according to the present invention, even if the authentication server 1 is attacked by external communication, the one-time information is By changing , the possibility of unauthorized use can be reduced, and at the same time, countermeasures can be taken against rewriting of biometric information in the terminal (for example, the operation terminal 3).
Also, since biometric information is handled at the time of transmission to the operation terminal 3 and at the time of authentication, even if the feature amount (management server side feature amount or operation terminal side feature amount) used at the time of authentication is illegally obtained, can reduce the possibility of spoofing. In other words, even if communication data is illegally obtained from the operation terminal 3, the risk of illegal analysis of the biometric information can be reduced by using a special form of encryption with mutual authentication such as a key.
In addition, one-time information is not limited to a format that uses only a part of the feature amount, but also a format that applies matrix transformation to vector information to create spatial curvature, and a format that extracts only some components of a vector such as Fourier transform. There is a method of retaining information for collation while converting this into meaningless information for humans by applying a hash function such as locality sensitive hashing (LSH).
Since these methods have a trade-off relationship between accuracy and difficulty of restoration, it is possible to select which method to use according to the biometric information handled by the system to which it is applied and the security requirements.

Further, for example, in the example of FIG. 7 described above, the terminal information of the operation terminal 3 is not taken into account in the age authentication, but the age authentication may be performed with the terminal information of the operation terminal 3 taken into account. That is, the server 1 may perform authentication by combining various information (for example, terminal ID) about the operation terminal 3 registered together with the user information. As a result, the authentication server 1 can achieve authentication with higher accuracy.
Furthermore, for example, by transmitting the terminal ID prior to authentication, by changing the wiretapping amount information required at the time of authentication accordingly, authentication can be completed on the terminal, or communication from the authentication server 1 can be performed. By limiting the information to be read to only specific feature amounts, it is possible to take countermeasures against interception of communication from the operation terminal 3 to the authentication server 1 .

Also, for example, the configuration of the system in the above-described embodiment (especially FIG. 1) is merely an example and is not limited.
That is, for example, instead of authentication on the authentication server 1, it may be realized by exchanging information between terminals (for example, the operation terminal 3). In this case, biometric information is not saved, but biometric authentication in the authentication server 1 may be added to one of the conditions for obtaining authority to perform authorization. This makes it possible to prevent fraud. Authentication by such a method is specifically realized in the following scenes.
For example, when paying for gasoline or parking at a gas station or parking lot, the user will need to go to a camera installed at the entrance, etc., and identify the ID with the vehicle number in advance, perform biometric authentication with the payment machine, and make the payment. It is a type of completion. In other words, in this example, the ID is specified by the license plate number of the car and used for biometric authentication thereafter.
Also, at that time, the payment machine can inquire about the method to the authentication server, for example, using a format such as that shown in FIG.
In addition, for example, when checking in at a hotel or paying a fee when entering a theme park, etc., the operation terminal 3 reads a QR code (registered trademark) indicating an ID number issued at the time of reservation, etc., and the payment machine biometrics to complete the transaction.
In addition, for example, when purchasing products such as alcoholic beverages that require personal identification at convenience stores, supermarkets, etc., the operation terminal 3 reads a QR code (registered trademark) or the like, performs biometric authentication with a payment machine, and completes payment. can be done.
Further, for example, the users U may authenticate each other using an application program or the like installed in the operation terminal 3 . Specifically, for the user U who applies for authentication, the name and part of the image information of the face photograph taken on the spot are notified to other users U using SMS or the like, and the notification is sent. Other users U who have received it may approve it.

Here, the above-described embodiment is further supplemented. In the information processing system according to the present invention, for example, part of biometric information or modified biometric information is used. In such a case, a transformation function for processing can be used for biometric information such as image data, vector data, and feature point data. It should be noted that the conversion function should preferably have a high degree of accuracy preservation and a high level of difficulty in restoration.

For example, when the format of biometric information is fingerprint image information, not all minutiae information used in general fingerprint authentication technology is used for authentication, but minutiae information included in a specific area is used. Partial information authentication may be performed using only minutiae information as partial information. For example, if the input unit 50 of the operation terminal 3 is provided with a fingerprint sensor capable of inputting image information represented by 320 pixels×480 pixels, the image information represented by 160 pixels×480 pixels in the upper left area The biometric information may be converted so that only the biometric information can be used for partial information authentication. In this way, when authentication is performed using the biometric information converted into partial information, it is possible to ensure accuracy integrity and difficulty of restoration at the time of conversion.

Further, for example, when the format of biometric information is vector information, the vector information may be distorted into another space by applying a transformation matrix. Specifically, when the format of biometric information is vector information, conversion to reduce the number of dimensions of multidimensional biometric information (hereinafter referred to as “dimensionality reduction”) while maintaining the information required for authentication is performed. you can go As a specific method for dimension reduction, for example, a method such as Principal Component Analysis (PCA) may be used. Also, noise may be added to the biological information. In this way, by performing authentication using dimension-reduced vector information or noise-added biometric information, it is possible to ensure accuracy integrity and restoration difficulty during conversion.

Further, for example, a method of hashing is also assumed. Hashing means, for example, obtaining a non-regular fixed-length value (hereinafter referred to as a "hash value") calculated based on a predetermined calculation method from the information indicating the feature amount, and hashing the information indicating the feature amount. It refers to conversion into a value (hereinafter referred to as "hashing").
Specifically, for example, when the biometric information is obtained by clustering the information indicating the feature amount around the core of the fingerprint, it is possible to determine whether or not there is a complete match. can be hashed. By performing authentication using the hashed biometric information in this way, it is possible to further increase the difficulty of restoring the biometric information at the time of conversion.
However, it may be difficult to achieve sufficient accuracy of authentication if the authentication is limited to exact match authentication. In such a case, by combining hashing with the partial information authentication and dimensionality reduction described above, it is possible to ensure a higher level of accuracy integrity and restoration difficulty during conversion.

Further, for example, in adopting the conversion method described above, it is necessary to transmit the conversion method to be adopted among various types of hardware (for example, the authentication server 1, the biometric information management server 2, and the operation terminal 3).
Therefore, for example, the operation terminal 3 may inquire of the authentication server 1 about the conversion method and the like before transmitting the user information to the authentication server 1 . In addition, if there is a connection to an unreliable Wi-F (registered trademark) or the like, the conversion method or the like may be set in advance for each operation terminal 3 .

In summary, in the information processing system according to the present invention, "measures against threats" include the following measures.
For example, in the information processing system according to the present invention, even if the biometric information acquisition sensor mounted on the operation terminal 3 is cracked by a third party, authentication fails only by transmitting the raw image data. , more secure authentication is possible.
For example, in the information processing system according to the present invention, even if memory monitoring or communication is intercepted, the feature values and the like that are transmitted are different each time. Moreover, since the biometric information itself cannot be restored, authentication with higher security becomes possible.
For example, in the information processing system according to the present invention, when an intercepted request is sent, it can be judged as an unauthorized access because it can be checked by a different variable function, and it is possible to block the operation terminal 3, so that it is more secure. high authentication is possible.

Further, in the above-described embodiment, the authentication server 1 and the biometric information management server 2 are connected via a VPC, but the authentication server 1 and the biometric information management server 2 are connected via a predetermined closed network. It is not limited to VPC, as long as it is set to VPC. That is, the authentication server 1 and the biometric information management server 2 may be connected via a private cloud in which a server dedicated to the company is installed in a predetermined closed network instead of VPC and used as a cloud.

Here, the series of processes described above can be executed by hardware or by software.
In other words, the functional configuration of FIG. 3 is merely an example and is not particularly limited.
That is, it is sufficient that the information processing system has a function capable of executing the above-described series of processes as a whole, and what kind of functional blocks are used to realize this function is not particularly limited to the example in FIG. Also, the locations of the functional blocks are not particularly limited to those shown in FIG. 3, and may be arbitrary. For example, at least part of the functional blocks of the authentication server 1 may be provided in the biometric information management server 2 or the operation terminal 3 . Also, for example, at least part of the functional blocks of the operation terminal 3 may be provided in the authentication server 1 or the biometric information management server 2 .
One functional block may be composed of hardware alone, or may be composed of a combination of software alone.
Also, one functional block may be composed of hardware alone, software alone, or a combination thereof.
Furthermore, part of the series of processes executed by hardware or software can also be executed by user's manual operation such as data input by the user.
Specifically, in the above-described embodiment, the description is given assuming that authentication is performed by the authentication server 1, but there is no particular limitation. For example, the operation terminal 3 may be used for authentication. In this case, a functional configuration different from the functional configuration in FIG. 3 may be employed as appropriate.
For example, when authentication is performed using the operation terminal 3, there may be a case where the number of registered users is limited and authentication with a relatively quick response is required, such as the door of an office. In such a case, it is useful for the operation terminal 3 to reduce the amount of communication as much as possible.
In such a case, for example, the one-time information of the registered user to the operation terminal 3 may be distributed while the operation terminal 3 periodically changes the method. As a result, since only the one-time information of the registered user is stored in the operation terminal 3, the amount of communication can be suppressed and verification can be performed. It is possible.

When a series of processes is to be executed by software, a program constituting the software is installed in a computer or the like from a network or a recording medium.
The computer may be a computer built into dedicated hardware.
Also, the computer may be a computer capable of executing various functions by installing various programs, such as a server, a general-purpose smart phone, or a personal computer.

A recording medium containing such a program not only consists of a removable medium (not shown) that is distributed separately from the device main body in order to provide the program to the user, but is also preinstalled in the device main body and delivered to the user. It consists of a provided recording medium, etc.

In this specification, the steps of writing a program recorded on a recording medium are not only processes that are performed chronologically in that order, but also processes that are not necessarily chronologically processed, and that are performed in parallel or individually. It also includes the processing to be executed.
Further, in this specification, the term "system" means an overall device composed of a plurality of devices, a plurality of means, or the like.

In other words, the information processing system to which the present invention is applied can take various embodiments having the following configurations.
That is, an information processing system to which the present invention is applied (for example, the authentication system S in FIG. 1) is
a first acquisition means for acquiring biometric information to be authenticated (for example, the biometric information acquisition unit 123 to be authenticated in FIG. 3);
a second acquisition unit (for example, the one-time information acquisition unit 121 in FIG. 3) that acquires a part of the biometric information to be authenticated or information obtained by processing at least a part of the biometric information as comparison information at the time of authentication;
Based on the biometric information acquired by the first acquisition means and the comparison information acquired by the second acquisition means, processing execution means (for example, the a matching unit 124);
Prepare.
As a result, it is possible to provide an authentication system that prevents leakage of authentication data and prevents so-called "spoofing" due to rewriting of authentication data.

Further, the second obtaining means obtains a part of the biometric information to be authenticated or information obtained by processing at least a part of the biometric information each time a predetermined condition is satisfied, and the pattern is changed from the previous acquisition time. It is possible to obtain the information obtained as the comparison information.
As a result, one-time information obtained by changing the feature amount of biometric information required for authentication processing for each authentication can be used for authentication.

In addition to the biometric information and the comparison information, the processing execution means further uses information relating to the authentication target, which is different from the biometric information and the comparison information, to perform authentication of the authentication target. The processing can be performed.
As a result, for example, in addition to the biometric information, information such as the terminal ID of the operation terminal 3 can be used as data for authentication together with the biometric information.

1... authentication server, 2... biometric information management server, 3, 3-1, 3-n... operation terminal, 4... vending machine, 11... CPU, 12... ROM , 13...RAM, 14...bus, 15...input/output interface, 16...output section, 17...input section, 18...storage section, 19...communication section, 20 ... drive, 30 ... removable medium, 41 ... CPU, 48 ... storage section, 49 ... communication section, 50 ... input section, 51 ... CPU, 56 ... touch Operation input unit 57 Display unit 100 Registration unit 111 Information acquisition unit 112 Registered biometric information transfer unit 121 One-time information acquisition unit 122 System inquiry reception unit 123 Authentication target biometric information acquisition unit 124 Verification unit 200 Authentication unit 411 Registered biometric information acquisition unit 412 Decryption unit 413. One-time information generation unit 414 One-time information transmission unit 511 Biometric information acquisition unit 512 Biometric information encryption unit 513 Terminal information transmission unit 514 Method inquiry unit 515 Authentication target biometric information generation unit 516 Information transmission control unit 512 Biometric information encryption unit 701 User DB 702 Terminal DB 801 ...Biological DB, B...Purchaser, N...Network, VPC...Virtual Private Cloud

Claims (5)

a first acquisition means for acquiring biometric information to be authenticated;
a second acquiring means for acquiring part of the biometric information of the authentication target or information obtained by processing at least part of the biometric information as comparison information at the time of authentication;
a process execution means for executing a process related to authentication of the authentication target based on the biometric information acquired by the first acquisition means and the comparison information acquired by the second acquisition means;
Information processing device. The second obtaining means obtains information obtained by processing a part of the biometric information of the authentication target or at least a part of the biometric information each time a predetermined condition is satisfied, and the pattern is changed from the previous acquisition time. obtaining information as the comparative information;
The information processing device according to claim 1 . The processing execution means performs the processing related to authentication of the authentication target using the biometric information and the comparison information, and further using information relating to the authentication target that is different from the biometric information and the comparison information. run the
The information processing apparatus according to claim 1 or 2. An information processing method for authentication, comprising:
a first acquisition step of acquiring biometric information to be authenticated;
a second acquisition step of acquiring part of the biometric information to be authenticated or information obtained by processing at least part of the biometric information as comparison information at the time of authentication;
a process execution step of executing a process related to authentication of the authentication target based on the biometric information acquired in the first acquisition step and the comparison information acquired in the second acquisition step;
Information processing method including. In the computer that performs authentication control processing,
a first acquisition step of acquiring biometric information to be authenticated;
a second acquisition step of acquiring part of the biometric information to be authenticated or information obtained by processing at least part of the biometric information as comparison information at the time of authentication;
a process execution step of executing a process related to authentication of the authentication target based on the biometric information acquired in the first acquisition step and the comparison information acquired in the second acquisition step;
An information processing program that executes control processing including

Images