JP4113112B2 - User confirmation system using biometric data and IC card - Google Patents

Description

The present invention relates to a biometric user confirmation system and an IC card for conveniently and safely performing digital signature processing using an IC card, confirmation of authority to use computer software, confirmation of authority to use data encryption, and the like.

  Conventionally, a magnetic card such as a credit card or an entrance / exit management card is mainly used to confirm a user. On the other hand, in recent years, high-security and high-function IC cards having a built-in semiconductor chip have begun to be used in anticipation of the effects of preventing counterfeiting of cards and information leakage.

  However, even if an IC card is used, it is difficult to prevent it from being illegally used by another person due to loss or theft, or being illegally used as if it was lost.

  It is attempted to reduce unauthorized use by registering a password corresponding to the IC card, but it is cumbersome to memorize the password, the risk of forgetting it, or someone else reading the memo There is a risk of leakage and it is never convenient.

  Recently, there is a movement to perform access management and access control by combining biometrics, which is a technology for confirming the identity by measuring biometric data such as fingerprints and palm shapes, and an IC card. This seems to solve various problems caused by card loss, theft, leakage, forgetting, and the like.

  However, on the other hand, it is not something that can be freely created like a password, but when the user's resistance to the fact that his / her own body information (biological data) is registered somewhere, or when it leaks However, there remains a weakness that passwords cannot be changed and a user's anxiety about leakage problems. Therefore, when using biometrics for user confirmation, it is necessary to propose a technique that reduces the above-mentioned resistance and to construct a system that can effectively prevent the leakage of biometric data.

Furthermore, in an environment where the authority to use computer software that normally does not use an IC card is confirmed, there is no medium for safely holding biometric data, and when biometrics are used, the biometric data is stored on the computer's storage medium. There is no choice but to store it. However, in this case, there is a risk that biometric data is leaked by reverse engineering.
JP-A-9-218905 Japanese Patent Laid-Open No. 5-46742 JP-A-8-221570 JP 61-199162 A Japanese Patent Laid-Open No. 1-15891 Japanese Patent Laid-Open No. 3-189756 JP-A-2-40781

  As described above, the conventional technology using both an IC card and a password has problems such as annoyance, risk of forgetting or leakage.

  In addition, with the combined use of an IC card and biometrics, there remains a risk of resistance to the registration of own body information (biological data) and the risk of leakage of biometric data to a third party.

  Furthermore, there has been no method for safely recording biometric data when using biometrics to confirm usage rights in an environment where no IC card is used.

The present invention has been made in consideration of the above circumstances, and can protect biometric data with high security in the management range at the user's hand, thereby reducing the user's sense of resistance and the risk of leakage of biometric data. It is another object of the present invention to provide a user confirmation system and an IC card using biometric data that can be used, and that are less cumbersome to use and have high reliability for user confirmation.

The first example of the present invention includes a sensor that performs biometric measurement, a computer, an IC card, and a communication unit that performs communication between the sensor, the IC card, and the computer, and performs user confirmation and encryption target information. In the user confirmation system using biometric data for performing the encryption process, the IC card has a tamper-resistant structure, a biometric data holding unit for holding the biometric data, and an encryption process for the encryption target information upon receiving the user confirmation notification A first cryptographic calculation unit that executes the partial processing using the cryptographic key, and a cryptographic key holding unit that holds an cryptographic key used only for processing in the first cryptographic calculation unit, When receiving the user confirmation notification, the second encryption calculation unit that executes other processing in the encryption processing of the encryption target information, the measurement information measured by the sensor, and the biometric data storage With collating the portion of the biometric data, the collation result from when it is confirmed by an original person; and a matching calculation means for outputting a user acknowledgment to the second cryptographic computing portion and the first encryption calculation unit, a first The cryptographic calculation unit is responsible for part of the processing performed by the second cryptographic calculation unit, and the second cryptographic calculation unit is a user confirmation system using biometric data that performs processing in cooperation with the first cryptographic calculation unit. It is.

Since the first example is provided with such a means, the biometric data and the encryption key are stored in the IC card having high tamper resistance, and the encryption process can be executed after the reliable user identity is confirmed. Further, since the encryption processing is shared between the IC card and the computer, it is possible to realize encryption with extremely high confidentiality.

The second example of the present invention includes biometric data holding means for holding biometric data and outputting biometric data to an external device that performs user confirmation using the biometric data, and partial processing in encryption processing of encryption target information Is executed using the encryption key, and the cryptographic calculation means for outputting the processing result of the partial processing to an external device that performs other processing in the encryption processing of the encryption target information, and the encryption key used only by the cryptographic calculation means An IC card having a tamper-resistant structure that performs part of the processing performed by the external device and executes the processing in cooperation with the external device. is there.

Since the second example is provided with such means, the operation of the IC card in the user confirmation system using the biometric data described in the first example can be realized.

As described in detail above, according to the embodiment of the present invention, it is possible to protect the biometric data with high safety in the management range of the user, thereby reducing the user's sense of resistance and the risk of leakage of the biometric data. In addition, it is possible to provide a user confirmation system and an IC card based on biometric data that can be used, and that is less troublesome to use and has a high degree of certainty for user confirmation.

  Embodiments of the present invention will be described below.

  As described above, an object of the present invention is to 1) reduce the risk of leakage of biometric data, and 2) reduce the user's resistance to storing his / her own biometric data in an information device. The present invention provides means capable of realizing either or both of the above 1) and 2).

  In particular, the inventors have made various studies on what system can be realized when biometrics are applied to an IC card signature system as one form of a user confirmation system using biometric data. Here, the IC card signature system uses an IC card that has a function to activate the digital signature function inside the IC card, and the digital signature enables the sending of confidential information by e-mail, shopping on the Internet, etc. It is a system to let you. When biometrics is applied to this system, identity verification is performed based on the result of collation with sensor measurement information about biometric data such as fingerprints, and then the digital signature function of the IC card is activated. .

  The inventors first have four modules as elements that can constitute an IC card signature system (hereinafter also simply referred to as an IC card signature system or system) to which biometrics are applied, that is, an IC card, a sensor module, and a computer (PC). , IC card reader / writer) and server. Next, it was examined in which module the processing (biological (registration) data recording, verification calculation) performed in the IC card signature system can be achieved.

  FIG. 15 is a diagram showing the components in the IC card signature system to which biometrics are applied and the combination results thereof.

  In consideration of the fact that among the candidate systems shown in FIG. 15, there is a user who does not want to register biometric data in a central processing unit that is not in the user's hand, the owner of the IC card is confirmed by local processing. Prioritize that. Therefore, servers that use servers were excluded at this point in the study. This is because it is considered that the resistance of the user can be reduced if the system can keep the biometric data within the management range of the user. However, in interpreting the invention that is the fruit of the technical results, if there is no particular problem with respect to the above-mentioned user resistance, a technology that uses a server or the like is also included in the scope of the invention as long as it is within the scope described in the claims. It is what

  Next, in consideration of the convenience that the same terminal (sensor, PC) can be used by an unspecified number of people and that the same person can be used by an unspecified terminal, biometric data is stored on the IC card. Those to be retained were left as candidate systems.

  A biometric data holding and verification calculation unit in one tamper-resistant module (IC card or sensor module) was left as a candidate. In this case, communication between the biometric data and the collation calculation unit is unnecessary, the protocol is simplified, and security can be increased. Here, the tamper resistance is a property having a mechanism in which internal objects and information cannot be easily taken out in their original form. Various methods are conceivable for realizing the tamper resistance, and specific examples of the method will be described later.

  Thus, as shown in FIG. 15, five candidate systems that are considered to be particularly effective are found out of many combinations. In the figure, “PIN” is an identification code for performing device authentication between an IC card and a PC, and is distinguished from a signature key.

  Hereinafter, the invention made corresponding to the candidate system shown in FIG. 15 will be described in the first to fifth embodiments, and the other systems not shown in FIG. 15 will be described in the sixth to eighth embodiments. The embodiment will be described.

(First Embodiment of the Invention)
FIG. 1 is a block diagram showing an example of a user confirmation system using biometric data according to the first embodiment of the present invention.

  This user confirmation system is a tamper-resistant module integrated type of the candidate systems of FIG. 15, and includes a sensor module 1a, a computer 2a, and an IC card 3a. In this system, the sensor module 1a that performs biometric data holding and collation calculation on the sensor module 1a side and performs only signature processing on the IC card 3a side includes the sensor 11, the biometric data holding unit 12, the collation processing unit 13, and the like. And an identification character string storage unit 14. Although not particularly illustrated, the sensor module 1a includes a CPU, a memory, and the like so that various information processing can be executed.

  Here, the sensor 11 is a means for measuring a fingerprint as biometric measurement and using it as computerized information. The biometric data holding unit 12 stores biometric data of each user. The collation calculation unit 13 is a unit that collates the measured sensor information with the biometric data to determine whether the user is the user himself / herself and, when the user is the user himself / herself, notifies the output to that effect. In the present embodiment, the collation processing unit 13 outputs the identification character string (hereinafter also simply referred to as a password) in the identification character string storage unit 14 to the IC card 3a via the computer 2a.

  Here, the sensor module 1a is a stand-alone type and has tamper resistance. The stand-alone type has at least the sensor 11 and the collation calculation unit 13 in the tamper resistant sensor module. The security of this system mainly depends on the biometric data in the sensor module 1a and the tamper resistance of the collation calculation unit 13. For this reason, each part other than the sensor 11 in the sensor module 1a is configured by a one-chip IC. Each component of the module is housed in a strong housing so that its lid does not open. Further, when the lid is forcibly opened, the IC chip itself storing the biometric data holding unit 12, the collation processing unit 13, and the identification character string storage unit 14 is destroyed. In this embodiment, this casing is embedded in a wall to ensure further tamper resistance.

  Further, the fact that each part 12, 13, and 14 other than the sensor 11 is constituted by a one-chip IC itself leads to ensuring tamper resistance. For example, when password information is stored in a magnetic card, the information is held on the magnetic tape as it is, so that the password information can be easily read as long as the information holding structure is known. Is low. On the other hand, when information is stored in an IC chip, information is obtained from the terminal only after a command or the like is input as an electric signal from the chip terminal. This operation requires a high level of technology and can be said to have high tamper resistance.

  In the case of this embodiment, since the biometric data is used only within the same IC chip, no external output is required, and the biometric data cannot be output externally in order to improve tamper resistance.

  In the present specification, in the case of having tamper resistance, any or all of the above mechanisms are combined, and other possible measures are taken. In addition, although the case of the sensor module has been described here, tamper resistance can be improved by the same measures even in the case of an IC card or the like. In particular, in the case of an IC card, for example, it is possible to provide a mechanism in which, when the housing is opened, iron powder scatters on the wiring and all stored information is lost.

  In addition, as a minimum discussion, when simply considering whether or not tamper resistance exists, it can be said that tamper resistance is present when, for example, the content to be protected is contained in one IC chip. .

  Next, the computer 2 a is provided with a command output unit 15 and a message output unit 16. Further, the computer 2a includes an IC card reader / writer, and this is the same in the following embodiments.

  Further, although not particularly shown, the computer 2a can execute various application programs such as a browser, and is connected to the Internet 4 in this embodiment.

  The Internet 4 is further connected to a virtual mall so that online shopping can be performed from the computer 2a. The symbol “C” shown in the computer 2a is a message that has been calculated (digital signature processing or the like), but in the operation example of the present embodiment described later, it indicates a request output such as purchase of goods to the virtual mall.

  The IC card 3a includes a confirmation processing unit 17, an identification character string storage unit 18, an arithmetic processing unit 19, and a secret key holding unit 20, and resources such as a CPU and a memory for realizing these units are one chip. It was stored in the IC.

  The confirmation processing unit 17 compares the identification character string from the sensor module 1a with the identification character string (password) stored in the identification character string storage unit 18 in the IC card, and notifies the arithmetic processing unit 19 of the confirmation result. . That is, the sensor module 1a and the IC card 3a share an identification character string for secretly transmitting information about whether or not the person has been confirmed from the sensor module to the IC card. Specifically, the identification character string on the IC card side is the same as the identification character string on the sensor module side, or the identification character string on the sensor module side is encrypted just like an encrypted password in UNIX. But you can. In short, only one identification character string in the IC card corresponds to the identification character string sent from the sensor module.

  When the arithmetic processing unit 19 receives a confirmation notification from the confirmation processing unit 17 that the system user is the user, the arithmetic processing unit 19 executes predetermined arithmetic processing and outputs the calculated message C. This message may be, for example, a door opening message for room entry management, or a device activation command such as a computer. Here, as a specific example, the arithmetic processing unit 19 performs a digital signature using a secret key stored in the secret key holding unit 20 and purchases an article in a virtual mall on the Internet based on information in the message output unit 16. The request is output as the calculated message C.

  Next, the operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  As described above, the user confirmation system using biometric data can be applied to various cases, but here, an example of operation will be described by taking as an example the case of outputting an article purchase request to a virtual mall on the Internet.

  FIG. 2 is a flowchart showing an operation example of this embodiment.

  In this operation example, it is assumed that a personal computer (personal computer) as a computer 2a is started up at home or at a company, browser software is started, and the user wants to purchase goods by connecting to the Internet 4 or a virtual mall.

  The user selects and decides a product and its purchase quantity in the virtual mall, and clicks a purchase button on the personal computer. By this operation, the command 15 is output from the computer 2a to the sensor module 1a and the IC card 3a as shown in FIG. 1, and various instructions are displayed on the computer 2a (ST1).

  Here, when the IC card 3a is not inserted into the system, the computer 2a issues a message “Please insert the IC card”, and the user inserts the IC card 3a (ST2). Note that the computer 2a notifies the card 3a that the article purchase processing has been started (command 15).

  Next, when the user presses his / her finger against the sensor 11 of the sensor module 1a, biometric measurement by the sensor 11 is executed (ST3).

  Next, the measured sensor information is collated with the biometric data in the collation calculation unit 13 of the sensor module 1a (ST4), and if the person is confirmed (ST5), the identification character string (password) in the identification character string storage unit 14 is confirmed. ) Is output to the IC card 3a (ST6). This process replaces password key input in the conventional system. Further, in order to eliminate the danger of eavesdropping of the identification character string by a hacker when sending the identification character string from the sensor module 1a to the IC card 3a, the identification character string may be encrypted instead of being sent live.

  In step ST5, if the user cannot be confirmed, it is displayed that the system user is not the user, and the subsequent processing is stopped.

  In the confirmation processing unit 17 of the IC card 3a, the received identification character string is compared with the identification character string held in the card, and it is confirmed that the system user is the user himself (ST7). If the identity is confirmed, the fact is notified to the arithmetic processing unit 19.

  The arithmetic processing unit 19 that has received the notification of identity verification creates a message C based on the article purchase information from the message output unit 16, and the message C includes a secret key held in the secret key holding unit 20. A digital signature is performed (ST8).

  The message C created and calculated in this way is output from the computer 2a to the Internet 4, and the purchase of goods at the virtual mall is realized.

  As described above, the user confirmation system using biometric data according to the embodiment of the present invention stores the biometric data holding unit 12 and the collation calculation unit 13 that performs collation using biometric data in the same sensor module 1a. Since the data is not output to the outside of the sensor module 1a and the sensor module 1a itself has a high tamper resistance, the risk of leakage of the biological data can be almost eliminated. The user's resistance to storing information equipment can be reduced.

  In addition, when performing a digital signature or the like, user verification is performed based on biometric measurement of the person rather than entering a password, so that highly accurate identity verification can be performed. Therefore, for example, even if an IC card is lost or stolen, misuse by a third party can be prevented.

  Furthermore, in the present system, after the collation by the collation calculation unit 13, the result is notified to the arithmetic processing unit 19 using a password, so that the processing from the confirmation of the person to the digital signature is safely performed. And an IC card signature system with extremely high security can be realized. Therefore, for example, even if the entire system including the IC card is stolen, the theft cannot obtain biometric data or output a fake message C. In such a case, the IC card 3a itself is also provided with high tamper resistance so that the secret key and the identification character string are not leaked.

  In addition, since the system according to the present embodiment uses biometrics, it is not necessary to store a password or the like, and it is possible to provide a system that does not have the trouble of inputting a password, forgetting it, or risk of leakage.

  Furthermore, in this embodiment, the sensor 11, the biometric data holding unit 12, the matching processing unit 13, the identification character string storage unit 14, the confirmation processing unit 17, the identification character string storage unit 18, the arithmetic processing unit 19, and the secret key holding unit 20. Since each component requirement is arranged in the sensor module 1a and the IC card 3a as shown in FIG. 1, in addition to the above effects, merit in using the IC card can be obtained. That is, the conventional IC card for signature can be used almost as it is. In this sense, this embodiment can be said to be an already-card use type. Since it is not necessary to issue a special IC card with the fingerprint verification process in mind, the system can be installed immediately by changing the software. Since the verification calculation unit 13 is not on the IC card 3a, the load on the IC card can be reduced.

  In the above operation example, the case of shopping at a virtual mall has been described. More specifically, for example, introduction into a purchase request for SET (Secure Electronic Transaction) is conceivable. SET is originally a specification with a magnetic card in mind, but an IC card (+ password) can also be used as a practical form. If the technique described in the present embodiment is introduced into the process of “signing with the secret key of the member” in the verification by the card member and the purchase request, it is considered that the usefulness is enhanced.

  In the present embodiment, fingerprints are used as the biometric data. However, the present invention is not limited to this, and the present invention is also applicable to the case of using various other biometric data such as a palm shape, a voiceprint, a retina, and a facial photograph. be able to. Further, since the sensor 11 and the digital signature function parts 19 and 20 in the IC card are separated, the degree of freedom of the sensor type to be used can be increased.

  Furthermore, in the system of the present embodiment, by allowing a plurality of pieces of biometric data to be generated in the biometric data holding unit 12 of the sensor module 1a, not only as a personal system but also for multiple people to use the same system. It is also possible to do.

(Second Embodiment of the Invention)
FIG. 3 is a block diagram showing an example of a user confirmation system using biometric data according to the second embodiment of the present invention. The same parts as those in FIG. Only the part is described.

  This user confirmation system is a universal IC card type of the candidate systems shown in FIG. 15, and includes a sensor module 1b, a computer 2b, and an IC card 3b. In this system, the sensor module 1b only transmits sensor input information (performs a simple scramble process), and performs biometric data holding and verification calculation on the IC card 3b side in addition to the signature process.

  Functions of the sensor 11, the biometric data holding unit 12, the verification processing unit 13, the confirmation processing unit 17, the arithmetic processing unit 19, and the secret key holding unit 20 in each configuration shown in FIG. 3 are shown in FIG. 1 of the first embodiment. It is the same as that. However, the location of each part is different.

  That is, in this embodiment, only the sensor 11 is provided in the sensor module 1b. On the other hand, the IC card 1b is provided with a biometric data holding unit 12, a verification processing unit 13, a confirmation processing unit 17, an arithmetic processing unit 19, and a secret key holding unit 20, which are configured in the same IC chip. The configuration of the computer 2b is the same as that of the computer 2a of the first embodiment.

  Since each part is arranged in this way, the sensor module 1b does not need to be so high in tamper resistance, but the IC card 3b is required to have high tamper resistance, and the means described in the first embodiment is used. Tamper resistance is ensured.

  Next, the operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  Here, as in the first embodiment, access to a virtual mall on the Internet 4 will be described as an example.

  FIG. 4 is a flowchart showing an operation example of this embodiment.

  In the figure, the processing from step ST11 to ST13 is the same as that from step ST1 to ST3 in FIG. 2 of the first embodiment.

  Next, the measured sensor information is sent from the sensor module 1b to the IC card 3b (ST14). The IC card 3b that has received the sensor information performs collation similar to the processing within the sensor module 1a of the first embodiment (ST15). In addition, since this collation process is performed only in the IC card 3b, in order to improve tamper resistance, the biometric data in the biometric data holding unit 12 cannot be output from the IC card 3b to the outside.

  When the identity is confirmed by the collation (ST16), the confirmation result is notified to the arithmetic processing unit 19 (ST17), and thereafter, as in the first embodiment, a digital signature is performed (ST18), and the calculated message C Is output to the virtual mall (ST19).

  As described above, the user confirmation system using biometric data according to the embodiment of the present invention stores the collation processing unit 13 and the biometric data holding unit 12 in the same IC card 3b, and the tamper resistance of the card 3b. Since it has been increased, the risk of leakage of biometric data can be reduced, and the biometric data can be protected by placing it in the management area (IC card) at the user's hand with high safety. The user's resistance to storing can be greatly reduced. In other words, since all the main elements other than the sensor are mounted on the personally owned IC card, there is a strong psychological sense of security.

  In addition, since the collation calculation unit 13 and the arithmetic processing unit 19 are configured in the same IC chip, it is possible to safely perform processing from confirming the person to the digital signature, and an extremely high security IC card signature system. Can be realized.

  Moreover, in the system of this embodiment, since only the relatively primitive signal processing is in charge on the sensor module side, the burden on the sensor module 1b can be reduced.

  The universal IC card type has no special request for the verification device, and can be applied to any type of fingerprint verification device. The security of this system is based solely on the tamper resistance of the IC card and has a simple structure because no ingenuity using cryptographic communication is made. Since the IC card 3b has many functions (biological data holding, verification calculation unit, signature processing, signature key holding), the load on the IC card 3b is large. Therefore, if a dedicated IC card limited to this application is issued, more effective system operation is possible.

  In addition, the effect corresponding to the common configuration in the relationship between the present embodiment and each of the above embodiments can be naturally obtained in the present embodiment, and the effect described in any of the above embodiments is here. Then, explanation is omitted.

(Third embodiment of the invention)
FIG. 5 is a block diagram showing an example of a user confirmation system using biometric data according to the third embodiment of the present invention. The same parts as those in FIG. Only the part is described.

  This user confirmation system is a data-sensor calculation type in the IC card in the candidate system of FIG. 15, and includes a sensor module 1c, a computer 2c, and an IC card 3c. In this system, collation calculation is performed on the sensor module side, and biometric data is held on the IC card side.

  The sensor module 1 c is a stand-alone type, and includes a sensor 11, a collation calculation unit 13, an identification character string holding unit 14, a decryption processing unit 21, and a decryption key holding unit 22.

  The IC card 3c includes a confirmation processing unit 17, an identification character string holding unit 18, an arithmetic processing unit 19, a secret key holding unit 20, and an encrypted biometric data holding unit 12b. Here, the sensor module 1c and the IC card 3c have a high tamper resistance.

  The encrypted biometric data holding unit 12b in the IC card 3c is encrypted and held so that the biometric data of the IC card holder can be decrypted with the decryption key stored in the decryption key holding unit 22.

  In addition, the decryption processing unit 21 of the sensor module 1c decrypts the encrypted biometric data received from the IC card 3c with the decryption key stored in the decryption key holding unit 22 and provides it to the collation calculation unit 13. .

  The computer 2c is configured similarly to the first embodiment.

  The user confirmation system using biometric data according to the embodiment of the present invention configured as described above operates as described below.

  Here, as in the first embodiment, access to a virtual mall on the Internet 4 will be described as an example.

  FIG. 6 is a flowchart showing an operation example of this embodiment.

  In the user confirmation system using biometric data of this embodiment shown in the figure, command output (ST21), IC card insertion (ST22), and biometric measurement by a sensor are performed (ST25). The processes after the verification (ST26 to ST31) are the same as in the case of the first embodiment shown in FIG. 2 (FIG. 2: ST1 to ST2 and ST3 to ST9). Therefore, the description of this part of the process is omitted.

  The feature of this embodiment is that the encrypted biometric data held in the IC card 3c is sent from the IC card 3c to the sensor module 1c (ST23), and the biometric data is decrypted by the decryption processing unit 21 and the decryption unit 21 in the sensor module 1c. It is decrypted with the decryption key of the key holding unit 22 (ST24) and is provided for the collation calculation in step ST26.

  The effect of having the processing system such as the personal identification and digital signature in such a configuration operation will be described below.

  In the user confirmation system using biometric data according to the embodiment of the present invention, the individual's biometric data is held in the IC card 3c with an operation (for example, digital signature) function owned by the individual, and the encrypted biometric data is stored in a specific location. Since the sensor module 1c and the IC card 3c are provided with high tamper resistance, the biometric data is leaked or the IC card is sent to the sensor module 1c that is permanently installed. Can be safely performed (for example, digital signature) without being illegally used by others.

  In addition, since the biometric data is encrypted and stored only in the IC card 3c, the risk of leakage of the biometric data can be reduced, and the biometric data can be managed with high security (IC card). ) And can greatly reduce the user's resistance to storing his / her own biometric data in the information device.

  Furthermore, the system according to the present embodiment has a relatively large load in that many biometric sensors (palm-shaped, retina, etc.) cannot be mounted on the IC card due to their size and structure, and the collation calculation is performed in the IC card. Considering that is large, it is a well-balanced system that is easy to make among various combinations.

  However, since it is necessary to send personal biometric data from the IC card to the collation calculation unit 13 of the sensor module every time collation is performed, the above-described encryption processing is performed to maintain security. FIG. 5 shows a system for holding biometric data encrypted with a decryption key held on the sensor side in an IC card as an example capable of maintaining sufficient security while being as simple as possible. There is biometric data in the IC card 3c, and high security is maintained.

  Therefore, the system of this embodiment can be easily used by an unspecified number, that is, it can be used in many places (systems) corresponding to this system, and is highly convenient. In other words, since the IC card has personal biometric data, it is suitable when one system is used by an unspecified number. However, since it is necessary to store biometric data in the IC card, a memory dedicated to biometric data is further added to the IC card made for signature.

  Structurally, the memory and signature processing parts are separated, so that the IC card design can be easily changed as compared with the universal IC card type shown in the second embodiment. Further, since the collation calculation is performed by the sensor module 1c, the load on the IC card 3c is small and a realistic system can be obtained. As in the first embodiment, it is preferable to encrypt the identification character string and send it to the IC card in order to eliminate the risk of eavesdropping on the identification character string by a hacker.

  Also, if the encrypted biometric data is sent as it is from the IC card 3c to the sensor module 1c side each time, a simple mechanism is provided in the collation calculation unit 13 that does not accept the same sensor information as the registered data. Higher security is maintained. This is because there is usually an error in information from the biometric sensor, and it is almost impossible to obtain exactly the same data as the registered data. It is expected that the use of an intruder who obtains registered data (biological data) by unauthorized copying or the like can be eliminated without interfering with the use of an authorized user by rejecting the same data.

  In addition, the effect corresponding to the common configuration in the relationship between the present embodiment and each of the above embodiments can be naturally obtained in the present embodiment, and the effect described in any of the above embodiments is here. Then, explanation is omitted.

(Fourth embodiment of the invention)
FIG. 7 is a block diagram showing an example of a user confirmation system using biometric data according to the fourth embodiment of the present invention. The same parts as those in FIG. Only the part is described.

  This user confirmation system is a data to PC calculation type in the IC card in the candidate system of FIG. 15, and includes a sensor module 1d, a computer 2d, and an IC card 3d. In this system, only sensor input information is transmitted on the sensor module side (simple scramble processing is performed), biometric data is held in the IC card 1d, and collation calculation is performed by a computer (PC).

  In the user confirmation system of this embodiment, the IC card 3d itself is configured in the same manner as the IC card 3c in the third embodiment, and the sensor module 1d is configured in the same manner as the sensor module 1b in the second embodiment. Yes.

  Further, in addition to the same configuration as that of the first embodiment, the computer 2d is provided with a component other than the sensor 11 in the sensor module 1c of the third embodiment as a verification function unit 23. The collation function unit 23 includes a collation calculation unit 13, an identification character string holding unit 14, a decryption processing unit 21, and a decryption key holding unit 22, and is configured as a DLL (dynamic link library). Is also possible. The DLL is a program called for the first time when a command is started.

  The operation of the user confirmation system using biometric data according to the embodiment of the present invention configured as described above will be described.

  FIG. 8 is a flowchart showing an operation example of this embodiment.

  As shown in the figure, the user confirmation system of the present embodiment is the same as the third example shown in FIG. 6 except that the processes of steps ST43 to ST48 are performed by the computer 2d or the computer 2d instead of the sensor module 1d. It operates similarly to the system of the embodiment.

  As described above, since the biometric data user confirmation system according to the embodiment of the present invention is provided with the collation function unit 23 in the computer 2d, the risk of leakage of biological data is reduced to some extent, and A highly reliable identity verification function, that is, even if an IC card is lost or stolen, it is possible to prevent misuse by a third party, and these functions are realized with simple hardware, making it economical and realistic. The system can be high.

  In addition, the effect corresponding to the common configuration in the relationship between the present embodiment and each of the above embodiments can be naturally obtained in the present embodiment, and the effect described in any of the above embodiments is here. Then, explanation is omitted.

(Fifth embodiment of the invention)
FIG. 9 is a block diagram showing an example of a user confirmation system using biometric data according to the fifth embodiment of the present invention. The same parts as those in FIG. Only the part is described.

  This user confirmation system is an IC card integrated type in the candidate system of FIG. 15, and is composed of a computer 2e and an IC card 3e.

  The IC card 3e of this embodiment is provided with a sensor 11, a biometric data holding unit 12, a verification processing unit 13, an arithmetic processing unit 19, and a secret key holding unit 20, and each of these components includes the sensor 11. It is stored in one chip of the IC. Further, the biometric data is configured not to be output to the outside in order to improve the tamper resistance, and the IC card 3e is provided with the above-described mechanisms for improving the tamper resistance.

  The computer 2e is configured in the same manner as in the first embodiment except that only the IC card 3e is accessed.

  The operation of the user confirmation system based on the biometric data configured as described above is except that the sensor 11 itself is provided in the IC card 2e, the biometric measurement is performed by the IC card 2e, and the sensor information does not move between devices. This is the same as the second embodiment.

  As described above, in the user confirmation system using biometric data according to the embodiment of the present invention, the sensor 11 is further provided on the IC card having the configuration of the second embodiment, and all confidential information is stored in the IC card 3e. Since the processing is performed internally, the same effect can be obtained with respect to a portion having the same configuration as that of the second embodiment, and a device using a cryptographic communication is unnecessary and a simple protocol structure can be obtained. Further, the tamper resistance itself can be high.

(Sixth embodiment of the invention)
This embodiment is a system for confirming the authority to use computer software by personal authentication using biometrics using biometric data. This system safely permits the use of software without using tamper-resistant portable items such as IC cards, and without leaking biometric data or using it illegally by others. .

  FIG. 10 is a block diagram showing an example of a user confirmation system using biometric data according to the sixth embodiment of the present invention. The same parts as those in FIG. Only the part is described.

  This user confirmation system includes a sensor module 1f and a computer 2f.

  The sensor module 1 f is configured in the same manner as in the second embodiment, and includes a sensor 11.

  The computer 2f is provided with a verification calculation unit 31a, an encrypted biometric data holding unit 32a, and activation target software 34a such as a screen saver.

  The encrypted biometric data holding unit 32a holds the biometric data of each user encrypted in advance with the logon password of each user.

  The collation calculation unit 31a performs personal authentication based on the biometric data and the sensor measurement information, and outputs an activation command to the target software 34a if it can be confirmed as the authorized user.

  Next, the operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  First, when starting to use the target software 34a, a logon password 33a is input by a user via an input device (not shown).

  Next, encrypted biometric data having the authority to use the target software 34a is read from the biometric data holding unit 32a by the verification calculation unit 31a, and decrypted by the input logon password 33a.

  Next, biometric measurement is performed in the sensor module 1f, and the measurement result is transmitted to the collation calculation unit 31a of the computer 2f. The transmission data is simply scrambled.

  The collation calculation unit 31a collates the decrypted biometric data with the received sensor information, and confirms whether the person using the system has the authority to use the software 34a to be activated. The logon password 33a, the decrypted biometric data, and the received sensor information are recorded only on the volatile memory, and these information are erased after the session ends.

  When it is confirmed by the above-mentioned collation calculation that the person who has requested software activation is the user who has a valid use authority, the verification calculation unit 31a notifies the activation target software 34a to that effect. Thereby, the activation process of the activation target software is started.

  As described above, in the user confirmation system using biometric data according to the embodiment of the present invention, by inputting the logon password 33a, the biometric data encrypted with the logon password is decrypted, and the user using the biometrics Since identity verification and authority confirmation are made, biometric data encrypted with a password can be protected even if it is leaked alone, and the authority to use the software can also be protected. .

  In addition, passwords are recorded only on volatile memory, and the information disappears when the session ends. Therefore, even if the nonvolatile information recorded on the hard disk or the like may be read by some means, the password information is stolen. There is nothing.

  In the present embodiment, the case of software use authority has been described. However, the present invention is not limited to the case of software activation. For example, the technology of the present embodiment is applied to the activation of the computer itself and the activation of various devices. Can be made.

  In addition, for example, when the computer is started while performing user confirmation and authority confirmation using the technology of the present embodiment, a list of software that the user has usage authority is displayed. You may make it free to use. In this way, it is not necessary to perform biometric measurement every time the software is started, and the burden on the user can be reduced.

(Seventh embodiment of the invention)
FIG. 11 is a block diagram showing an example of a user confirmation system using biometric data according to the seventh embodiment of the present invention. The same parts as those in FIG. Only the part is described.

  This user confirmation system includes a sensor module 1g, a computer 2g, and an IC card 3g.

  The sensor module 1g is configured similarly to the second embodiment, and includes a sensor 11.

  The computer 2g is provided with a collation calculation unit 31b and activation target software 34b.

  The IC card 3g holds an encrypted biometric data holding unit 32b that holds encrypted biometric data, an encryption key holding unit 35 that holds an encryption key for decrypting the encrypted biometric data, and a logon password. A logon password holding unit 36 is provided. The IC card 3g has high tamper resistance.

  The verification calculation unit 31b of the computer 2g confirms the user himself / herself from the biometric data and the biometric measurement result of the sensor 11, and notifies the activation target software 34b of the result.

  Next, the operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  First, when the IC card 3g is inserted, the logon password in the IC card is read by the activation target software 34b, and the verification calculation unit 31 is requested to confirm the identity.

  The biometric information is requested from the sensor 11 by the collation calculation unit 31b requested by the activation target software 34b, and the encrypted biometric data and the encrypted biometric data are received from the encrypted biometric data holding unit 32b and the encryption key holding unit 35 of the IC card 3g. The encryption key is read out.

  Upon receipt of these pieces of information, the collation calculation unit 31b decrypts the encrypted biometric data and extracts the biometric data, receives biometric information from the sensor 11, compares both of them, and confirms whether or not the user is the user himself / herself.

  If it is confirmed that the user is the person, the activation target software 34b is notified to that effect, and the activation of the activation target software 34b is started.

  As described above, the biometric data user confirmation system according to the embodiment of the present invention uses the biometrics by decrypting the biometric data encrypted with the encryption key only by inserting the IC card 3g into the computer 2g. The user's identity and authority are confirmed so that biometric data encrypted with the encryption key can be protected even if it is leaked alone, and the authority to use the software is also protected. be able to.

  Furthermore, since biometric data or the like is recorded only on the volatile memory in the computer and the information disappears when the session is ended, the information is not stolen.

  In the present embodiment, the case of software use authority has been described. However, the present invention is not limited to the case of software activation. For example, the technology of the present embodiment is applied to the activation of the computer itself and the activation of various devices. Can be made.

  In addition, for example, when the computer is started while performing user confirmation and authority confirmation using the technology of the present embodiment, a list of software that the user has usage authority is displayed. You may make it free to use. In this way, it is not necessary to perform biometric measurement every time the software is started, and the burden on the user can be reduced.

(Eighth Embodiment of the Invention)
The present embodiment provides a user confirmation system as a file encryption system in which the security of encryption processing is enhanced by recording biometric data on an IC card in which an encryption key for file encryption is recorded.

  FIG. 12 is a block diagram showing an example of a user confirmation system using biometric data according to the eighth embodiment of the present invention. The same parts as those in FIG. Only the part is described.

  This user confirmation system includes a sensor module 1h, a computer 2h, an IC card 3h, and a hard disk 5 as a secondary storage device.

  The sensor module 1h is configured in the same manner as in the second embodiment, and includes a sensor 11. The computer 2h is provided with a collation calculation unit 31c and an encryption program 37. Further, the IC card 3h is provided with a biometric data holding unit 32c, an encryption calculation unit 38, and an encryption key holding unit 39. Further, the hard disk 5 is provided with an input file 40 to be encrypted or decrypted and an output file 41 as a result of encryption or decryption.

  The verification calculation unit 31c confirms the user himself / herself from the biometric data and the sensor information, and notifies the encryption program 37 and the encryption calculation unit 38 of permission to start file encryption.

  The encryption program 37 reads the input file 40, encrypts or decrypts the encryption or decryption target information in cooperation with the encryption calculation unit 38, and outputs the result to the output file 41.

  The cryptographic calculation unit 38 is responsible for part of the encryption or decryption processing performed by the encryption program 37, and uses the encryption key of the encryption key holding unit 39 in the encryption or decryption processing portion performed by itself.

  The IC card 3h has high tamper resistance.

  Next, the operation of the user confirmation system based on biometric data according to the embodiment of the present invention configured as described above will be described.

  FIG. 13 is a flowchart showing the overall operation of this embodiment.

  First, activation of the encryption program 37 is started (ST61). The encryption program 37 requests the verification calculation unit 31c to confirm whether or not the system user is the user.

  Next, the biometric data is read from the inserted IC card 3h by the collation calculation unit 31c (ST62). Although not particularly illustrated, the biometric data stored and transmitted in the biometric data holding unit 32c is encrypted by the method of the present embodiment or the method of the third embodiment, and is decrypted by the collation calculation unit 31c. Is used.

  Next, biometric measurement is performed by the sensor 11, and sensor information is sent to the collation calculation unit 31c (ST63). The transmission data is simply scrambled.

  Next, the collation calculation unit 31c collates the biometric data with the sensor information, and confirms whether or not the system user is the user himself (ST64). Note that the decrypted biometric data and the received sensor information are recorded only on the volatile memory, and these information disappears after the session ends.

  As a result of the collation, if the user is not the user, an error is displayed and the process is terminated. If the user is confirmed, a notification to that effect is sent to the encryption program 37 and the encryption calculator 38 (ST65).

  As a result, the activation of the encryption program 37 and the encryption calculation unit 38 is completed, and the file encryption process is started (ST66).

  That is, the input file 40 is read into the encryption program 37 (ST67), encryption or decryption processing is executed (ST68), the result is output to the output file (ST69), and a series of processing ends.

  Next, the encryption process in step ST68 will be described in detail.

  FIG. 14 is a flowchart showing the encryption processing in this embodiment.

  First, in the encryption program 37, a random number is generated as an encryption key (ST71), and data to be encrypted (plain text) read using the random number as a key is encrypted (ST72).

  This random number is sent to the cryptographic calculation unit 38 in the IC card 3h (ST73), and is encrypted with the cryptographic key in the cryptographic key holding unit 39 (ST74).

  The encrypted random number is sent to the encryption program 37 of the computer 2h by the encryption calculator 38 (ST75).

  The received encrypted random number is added as a header of the ciphertext obtained by encrypting the plaintext in step ST72 by the encryption program 37, thereby forming one ciphertext as a whole (ST76). That is, a ciphertext is generated using the ciphertext body encrypted in step ST72 and the random number encrypted in step ST75 as a header.

  The ciphertext generated in this way is output to the hard disk 5.

  On the other hand, the decryption process in step ST68 of FIG. 13 is the reverse of the encryption process.

  That is, first, the encryption program 37 sends only the header in the ciphertext to be decrypted to the encryption calculation unit 38, and the encryption calculation unit 38 decrypts the header with the key in the encryption key holding unit 39.

  The information decrypted in this way is a random number as a key used to encrypt the body of the ciphertext to be decrypted.

  The extracted random number is sent from the cryptographic calculation unit 38 to the encryption program 37. The encryption program 37 that has received this random number decrypts the ciphertext body using the received random number and extracts the original plaintext.

  The decrypted plaintext is output to the hard disk 5.

  As described above, since the biometric data user confirmation system according to the embodiment of the present invention stores the biometric data and the random number encryption key in the IC card 3h having high tamper resistance, it is extremely confidential. High encryption processing can be executed after confirming the identity of the user.

  Further, in this embodiment, since indirect encryption processing using random numbers is performed, different random numbers are used every time encryption processing and decryption processing are performed, and even if one random number is decrypted, The secret of the next encryption process and decryption process is protected, and an encryption system having both reliable user confirmation and high security can be realized.

  Further, the encryption key in the IC card 3h used for the encryption / decryption process is used only by the encryption calculation unit 38 in the IC card, and does not go outside the IC card 3h. Since it is stored in the IC card 3h having a high tampering property, it is possible to further improve the encryption secrecy.

  In addition, this invention is not limited to said each embodiment, It can change variously in the range which does not deviate from the summary.

  In addition, the method described in the embodiment uses, as a program (software means) that can be executed by a computer (computer), for example, a magnetic disk (floppy disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), and a semiconductor memory. It can also be stored in a storage medium such as, or transmitted and distributed via a communication medium. The program stored on the medium side includes a setting program for configuring software means (including not only the execution program but also a table and data structure) to be executed in the computer. A computer that implements the present apparatus reads the program recorded in the storage medium, constructs software means by a setting program in some cases, and executes the processing described above by controlling the operation by the software means.

  The present invention is effective in the field of authenticating a user using biometric data.

The block diagram which shows an example of the user confirmation system by the biometric data which concerns on the 1st Embodiment of this invention. The flowchart which shows the operation example of the embodiment. The block diagram which shows an example of the user confirmation system by the biometric data which concerns on the 2nd Embodiment of this invention. The flowchart which shows the operation example of the embodiment. The block diagram which shows an example of the user confirmation system by the biometric data which concerns on the 3rd Embodiment of this invention. The flowchart which shows the operation example of the embodiment. The block diagram which shows an example of the user confirmation system by the biometric data which concerns on the 4th Embodiment of this invention. The flowchart which shows the operation example of the embodiment. The block diagram which shows an example of the user confirmation system by the biometric data which concerns on the 5th Embodiment of this invention. The block diagram which shows an example of the user confirmation system by the biometric data which concerns on the 6th Embodiment of this invention. The block diagram which shows an example of the user confirmation system by the biometric data which concerns on the 7th Embodiment of this invention. The block diagram which shows an example of the user confirmation system by the biometric data which concerns on the 8th Embodiment of this invention. The flowchart which shows the whole operation | movement of the embodiment. The flowchart which shows the encryption process in the embodiment. The figure which shows the component in the IC card signature system to which biometrics were applied, and its combination result.

Explanation of symbols

  1a, 1b, 1c, 1d, 1f, 1g, 1h ... sensor module, 2a, 2b, 2c, 2d, 2e, 2f, 2g, 2h ... computer, 3a, 3b, 3c, 3d, 3e, 3g, 3h ... IC Cards, 4 ... Internet, etc. 5 ... Hard disk, 11 ... Sensor, 12 ... Biometric data holding unit, 13 ... Collation processing unit, 14 ... Identification character string storage unit, 15 ... Command output unit, 16 ... Message output unit, 17 ... Confirmation processing unit, 18 ... identification character string storage unit, 19 ... calculation processing unit, 20 ... secret key holding unit, 21 ... decryption processing unit, 22 ... decryption key holding unit, 23 ... collation function unit, 31a ... collation calculation unit, 32a: Encrypted biometric data holding unit, 34 ... Activation target software, 37 ... Encryption program, 38 ... Cryptographic calculation unit, 39 ... Encryption key holding unit, 40 ... Input file, 41 ... Output file

Claims (4)

A sensor that performs biometric measurement, a computer, an IC card, and a communication unit that performs communication between the sensor, the IC card, and the computer are used to perform user confirmation and encrypt encryption target information. In the user confirmation system by biometric data to be performed,
The IC card is
Tamper resistant structure,
A biological data holding unit for holding the biological data;
Receiving a user confirmation notification, a first encryption calculation unit that executes a part of the encryption target information encryption process using an encryption key ;
Comprising an encryption key holding unit which holds the encryption key used only for processing by the first encryption calculation unit,
The computer
A second cryptographic calculator that executes other processing in the encryption processing of the encryption target information upon receiving the user confirmation notification;
The measurement information measured by the sensor and the biometric data in the biometric data holding unit are collated, and when the identity is confirmed by the collation result, the first cipher calculation unit and the second cipher calculation unit Collation calculation means for outputting a user confirmation notification ,
The first cryptographic calculation unit is responsible for part of the processing performed by the second cryptographic calculation unit,
The biometric data user confirmation system, wherein the second cryptographic calculation unit executes processing in cooperation with the first cryptographic calculation unit . The user confirmation system according to claim 1,
The second cryptographic calculation unit generates a random number as an encryption key, encrypts the encryption target information using the random number as a key, sends the random number to the first cryptographic calculation unit, The encrypted random number is received from the cryptographic calculation unit, and the encrypted random number is used as the encrypted header of the encryption target information.
The first cryptographic calculation unit encrypts the random number from the second cryptographic calculation unit with the cryptographic key in the cryptographic key holding unit, and sends the encrypted random number to the second cryptographic calculation unit The user confirmation system characterized by the above. In the user confirmation system according to claim 2,
The second cryptographic calculation unit sends the random number encrypted in the header to the first cryptographic calculation unit, receives the random number from the first cryptographic calculation unit, and is encrypted by the random number. And decrypting the encryption target information ,
The first cryptographic calculation unit decrypts the encrypted random number from the second cryptographic calculation unit with the cryptographic key in the cryptographic key holding unit, and sends the random number to the second cryptographic calculation unit. A user confirmation system characterized by being sent out. Biometric data holding means for holding the biometric data and outputting the biometric data to an external device that performs user confirmation using the biometric data;
Cryptographic calculation that executes part of the encryption target information encryption process using an encryption key and outputs the result of the partial process to an external device that performs another process of the encryption target information encryption process Means,
An encryption key holding means for holding the encryption key used only in the encryption calculation means ,
The cryptographic calculation means is responsible for part of the processing performed by the external device, and executes the processing in cooperation with the external device.
An IC card characterized by a tamper resistant structure.

Images