JP4616677B2 - Encryption key generation using biometric information and personal authentication system using biometric information - Google Patents

Description

  The present invention relates to an encryption key generation based on biometric information and a personal authentication system based on biometric information, and in particular, a method for registering an encryption key for authenticating an individual based on a feature point of a fingerprint, thereby performing authentication. The present invention relates to a cryptographic key generation based on biometric information and a personal authentication system based on biometric information that can achieve both stable generation of key generation and high security for an attacker.

  A user authentication system using biometric information acquires biometric information from a user at the time of registration, and extracts and registers information called feature values. This registration information is called a template. At the time of authentication, biometric information is acquired again from the user, the feature amount is extracted, and it is verified with the template whether it is the person himself or herself. When a server authenticates a user on the client side based on biometric information via a network, the server typically holds a template. The client acquires the user's biometric information at the time of authentication, extracts the feature value and transmits it to the server, and the server checks the feature value against the template to confirm whether or not the user is the person.

  However, since this template is information that can identify a user, it requires strict management as personal information and high management costs. Even if strict management is performed, many users feel psychological resistance to registering a template from the viewpoint of privacy. Furthermore, since there is a limit to the number of types of biometric information that a single user has (for example, fingerprints are only collected from 10 fingers), if there is a risk of counterfeiting due to a template leak, The template cannot be easily changed like a key, and when the same biometric information is registered for different systems, other systems are exposed to threats. Thus, privacy and security issues are always associated with biometric authentication via a network.

  There is an approach that combines authentication based on cryptographic technology such as PKI (Public Key Infrastructure) and biometric authentication in response to the above problems. This is because the template and secret key are stored in a tamper-proof device such as an IC card held by the user, the biometric information acquired at the time of authentication is checked against the template in the tamper-proof device, and the secret key is activated if they match. The server authenticates the tamper resistant device by a challenge and response. However, this method has a problem that a high cost is required in proportion to the number of users because each user needs to possess a tamper resistant device such as an IC card having a collation function and a PKI function.

  Therefore, an approach to solve the above-mentioned privacy and security problems without generating a tamper resistant device by generating a secret key directly from biometric information without storing a template or secret key has been proposed. ing. Specifically, auxiliary information that depends on each user's biometric information and secret key is created and recorded at the time of registration, and the secret key is restored from the newly acquired biometric information and auxiliary information at the time of authentication. For example, the server authenticates the client. By making it impossible to estimate the original biometric information and secret key from the auxiliary information, it is not necessary to store in the tamper-proof device, and biometric authentication and encryption technology can be linked at low cost.

JP 2002-217889 A T. Charles Clancy, et.al.Electric ecure Smartcard -Based Fingerprint Authentication Proc. ACM SIGMM Multimedia, Biometrics Methods and Workshop, pp. 45-52, 2003. Y. Dodis, L. Reyzin, and A. Smith, 擢 uzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data Proc. Advances in Cryptology-EuroCrypt, 2004. David D. Zhang, Nails IOMETRIC SOLUTIONS For Authentication In An E-World Kluwer Academic Publishers.

  As a method for generating a secret key from biometric information using the auxiliary information as described above, techniques described in Patent Document 1 and Non-Patent Document 1 have been proposed.

The technique described in Patent Document 1 encrypts a template using a secret key at the time of registration, and stores the encrypted template as auxiliary information. At the time of authentication, the auxiliary information is sequentially decrypted for all key candidates, the decrypted data and the newly acquired biometric information are collated, and if they match, the secret key is determined to be correct. In this method, the bit length n of the key to be searched needs to be verified 2 ⁿ (2 to the power of n) times during authentication. For this reason, in order to perform authentication in a realistic time, n must be sufficiently shortened by dividing the key. However, if n is short, if the encryption template that is auxiliary information leaks due to the template data format or the restriction condition for a valid biometric information template, only the auxiliary information is used without using new biometric information. There is a possibility that the key and the feature amount can be specified, which is problematic in terms of safety. That is, it is a problem to protect key information and biometric information that is personal information from a malicious attacker.

The technique described in Non-Patent Document 1 relates to a key generation method from a fingerprint. Specifically, the coordinates of the fingerprint image plane are expressed as elements of a finite field Fp ² (p: prime number), and the secret key is expressed as a coefficient of a k-th order polynomial f (x) with Fp ² as a coefficient. At the time of registration, each of f (x _i ) with respect to coordinates x _i (i = 1, 2,..., N) of n (> k) feature points (end points and branch points of ridges) in the fingerprint image of the user. ) And (x _i , f (x _i )) (i = 1, 2,..., N) are recorded as auxiliary information. Further, the original set (x _i , f (x _i )) (i = n + 1, n + 2,..., N) of Fp ² is randomly generated as false feature point information and added to the auxiliary information. At the time of authentication, n feature points are extracted from the newly acquired fingerprint image, and the closest point x _j is estimated from the feature point information (candidate feature point) in the auxiliary information for each feature point coordinate x ′ _i . Then, a polynomial f (x) that satisfies y _j = f (x _j ) is reconstructed with respect to (x _j , y _j ), and the coefficient is used as a secret key.

  In this method, a secret key is generated without assigning an order to each feature point. According to the non-patent document 2, the effective bit length of the secret key (the size of the key space to be attacked when auxiliary information is leaked) is estimated by the following (Equation 1).

log (C (N, n-2t) / C (n, n-2t)) (Formula 1)
Here, the bottom of the log is 2 (the same applies hereinafter). C (x, y) represents the number of combinations for selecting y elements from x elements, and t is the number of error feature points that occur at the time of authentication (the number that a feature point exists at an incorrect location) The maximum allowable value) (which is the sum of the numbers that the feature points do not exist at the correct location). If the number of error feature points is t or less, the key can be correctly restored.

  The number of feature points (n) varies depending on the individual and each finger, but there are about 10 to 30 points when a fingerprint image is acquired by a general fingerprint sensor. The larger the number of false feature points N−n, the longer the number of bits can be obtained. However, if the number is too large, the distribution of feature points becomes dense, and there is a possibility that the correct key cannot be reconstructed by erroneously locating feature points during authentication. Will increase.

  Considering errors due to differences in translation and rotation, distortion, pressure, and wet / dry of fingerprint images at the time of registration and authentication, for example, when N = 64, n = 20, and t = 8, The effective bit length is about 7 bits even if estimated to be large, and the total number of effective keys is only 131. Therefore, in the case of an authentication system that allows redoing up to three times, the probability of successful impersonation (acceptance rate of others) by an attacker is about 2%. In Non-Patent Document 1, it is said that a 69-bit correct key can be restored with a probability of 70% to 80% as a result of experiments. This is because the fingerprint images at the time of registration and authentication are accurately superimposed manually. This is a result of experiments conducted by eliminating errors due to translation and rotation, and is not a numerical value achievable when an algorithm is implemented by automating the overlay process.

  In the technique described in Non-Patent Document 1, when the Euclidean distance between two or more true feature points is small, there is a high probability that the feature point position is erroneously estimated during authentication, and the possibility that the key cannot be correctly restored increases. . For the same reason, when auxiliary information is created by adding a false feature point to a true feature point at the time of registration, it is false near the true feature point (for example, within a circle of radius r centered on the true feature point). A feature point cannot be added. Therefore, an attacker who tries to estimate a secret key using clues as auxiliary information indicates that a pair of adjacent feature points at a distance r or less is a (true, true) pair or a (false, false) pair. Know and limit the key space to be attacked. Therefore, the effective bit length of the actual key is further shorter than the estimated value according to the above equation (1). As described above, there is a trade-off relationship between the stability of key generation (probability of generating a correct key from a legitimate user) and security.

  The present invention has been made in order to solve the above-described problems, and an object of the present invention is to maintain both high key generation stability and security by a method of generating an encryption key from biometric information and thereby performing personal authentication. Another object of the present invention is to provide an encryption key generation and restoration method using biometric information and a personal authentication system using biometric information.

  In the encryption key generation and restoration method for generating and restoring the encryption key of the present invention, first, at the time of personal information registration, the client terminal side reads the fingerprint image of the person to be registered by the fingerprint sensor, and the feature point in the fingerprint is obtained. Extract. Then, the feature point images are aligned, numbered, and output as auxiliary information to a recording medium such as an IC card. On the other hand, the coordinates of the feature points are arranged in correspondence with the numbering of the feature point images, and an encryption key is generated based on the information. Information related to the encryption key, for example, a hash value, is registered in the server.

  At the time of personal authentication, the client terminal reads the fingerprint image of the person to be authenticated by the fingerprint sensor and extracts feature points in the fingerprint. Also, auxiliary information of an image of a feature point in a recording medium such as an IC card recorded at the time of registration is read. Then, the read image of the feature point for authentication and the image of the feature point of the auxiliary information are sequentially compared to obtain the coordinates of the image of the feature point for authentication that matches the image of the feature point of the auxiliary information, The encryption keys are restored in the order in which the images of the feature points of the auxiliary information are arranged. When information related to the encryption key of the server, for example, a hash value is registered, if the hash value of the restored encryption key matches the hash value registered in the server, authentication is made as the registered person.

  According to the present invention, a method for generating and restoring an encryption key based on biometric information that can keep both the stability and security of key generation high by a method for generating an encryption key from biometric information and thereby performing personal authentication, and biometric information A personal authentication system can be provided.

  Embodiments according to the present invention will be described below with reference to FIGS.

Embodiment 1
A first embodiment according to the present invention will be described below with reference to FIGS.

  The personal authentication system using biometric information according to the present embodiment is a client / server type user authentication system using a technique for generating / restoring encryption key information from a fingerprint.

First, the system configuration of the user authentication system according to the present embodiment will be described with reference to FIG.
FIG. 1 is a hardware configuration diagram of a user authentication system according to the first embodiment of the present invention.
FIG. 2 is a functional configuration diagram of the user authentication system according to the first embodiment of the present invention.

  As shown in FIG. 1, the user authentication system includes a client terminal 100 used when a user enjoys a service via a network, and an authentication server that confirms whether the user who wants to enjoy the service is a legitimate person. 120 and a network 130 connecting them. For example, when applied to a net banking service, the client terminal 100 may be a PC at the user's home, the authentication server 120 may be a server machine managed by a bank, and the network 130 may be the Internet.

  The client terminal 100 includes a CPU 101, a memory 102, and a network controller 103, and a display 104, a keyboard 105, a fingerprint sensor 106, and an IC card reader / writer 107 are connected to the client terminal 100.

  The fingerprint sensor 106 has a function of acquiring a user's fingerprint as image information, and the IC card reading / writing device 107 has a function of reading and writing data in the IC card 108 possessed by the user. It should be noted that a floppy (registered trademark) disk, a USB memory, a portable terminal, a magnetic card, paper (printing a two-dimensional bar code), etc., instead of an IC card, has only a function of recording data, and has tamper resistance, You may use the portable recording medium which does not have an access control function.

  The authentication server 120 includes a CPU 121, a memory 122, a network controller 123, and a hard disk 124, to which a display 125 and a keyboard 126 are connected.

  As shown in FIG. 2, the functional configuration of the user authentication system includes a fingerprint sensor control function 202, a feature amount extraction function 203, an auxiliary information creation function 204, and a key restoration function 205 as the client terminal 100. An IC card reading / writing device control function 206, a hash value generation function 208, and a communication function 209.

  The feature amount extraction function 203 is a function that extracts a feature amount from a fingerprint image. The auxiliary information creation function 204 is a function for creating auxiliary information for restoring the encryption key from the feature amount. The key restoration function 205 is a function for restoring the encryption key from the auxiliary information and the feature amount extracted from the fingerprint image newly acquired at the time of authentication. The IC card reader / writer control function 206 is a function for controlling the IC card reader / writer 107. The hash value generation function 208 is a function that generates a hash value from key data. The communication function 209 is a function for communicating with the authentication server 120 via the network 130.

  The IC card reader / writer 107 has a function of writing and reading auxiliary information to and from the IC card 108, and the IC card 108 has a function of storing auxiliary information.

  The authentication server 120 includes a communication function 241 that communicates with the client terminal 100 via the network 130, a database 242a that stores a hash value in association with a user ID, a registered hash value, and a hash value generated at the time of authentication. And a verification function 243a for comparing and verifying.

Next, an outline of encryption key registration and restoration processing of the authentication method using biometric information according to the present embodiment will be described with reference to FIG.
FIG. 3 is a schematic diagram of encryption key registration and restoration processing of the authentication method using biometric information according to the first embodiment of this invention.

When registering the encryption key according to the present embodiment, as shown in the upper part of FIG. 3, first, the fingerprint sensor 106 shown in FIG. As the feature quantity, a local image (chip image) L _i near each feature point and the coordinates (x _i , y _i ) of the feature point are extracted.

  Next, the chip images of feature points are aligned, numbered as auxiliary information, and written to the IC card 108 by the IC card reader / writer control function 206. On the other hand, the coordinates of the feature points numbered as auxiliary information are arranged in the same number order, and output as key data K of the encryption key in that order. For example, a procedure such as extracting the first 3 bits of each x coordinate and y coordinate may be performed. Then, a hash value H (K) is generated from the key data K and registered in the authentication server 120. In this embodiment, the hash value H (K) is registered in the authentication server 120, but the key data K may be registered as it is and used for authentication.

  When the encryption key is restored according to the present embodiment, the fingerprint sensor 106 reads the fingerprint image of the person to be authenticated, as shown in the lower part of FIG. A person who wants to authenticate inserts the IC card 108 that the user has into the IC card reader / writer 108 to read auxiliary information recorded therein.

  Here, if the person is a genuine person registered, the IC card 108 having the same fingerprint as the fingerprint at the time of registration and recording auxiliary information in which chip images of the feature points of the fingerprint are arranged is held. It is assumed that This is because fingerprints are considered to be one of the most difficult changes in human biological information.

Then, from the feature points of the read fingerprint image, images that match the chip image of the feature point included in the auxiliary information are sequentially searched, and their coordinates (x ′ _i , y ′ _i ) are obtained and aligned and registered. Sometimes key data K ′ is generated by the same algorithm as when key data K is generated from coordinates. Then, a hash value H (K ′) is generated from the key data K and transmitted to the authentication server 120. The authentication server 120 can verify whether or not the person is the person to be authenticated by comparing the registered hash value H (K) with the hash value H (K ′).

  Here, it should be noted that the key data K generated from a feature point of a person is not unique, and various patterns can be created depending on the arrangement of chip images of the feature point.

Next, a user registration process according to this embodiment will be described with reference to FIG.
FIG. 4 is a flowchart showing a user registration processing procedure according to the first embodiment of the present invention.

  The client terminal 100 requests the authentication server 120 to allocate an ID of a user who is newly registered (step 301).

  Upon receiving the ID request from the client terminal 100, the authentication server 120 searches for an unassigned ID that is not used, and transmits the found ID to the client terminal 100 (step 302).

  Next, the client terminal 100 acquires a fingerprint image of the user by the fingerprint sensor 106 (step 305).

  Then, the client terminal 100 extracts a feature amount from the fingerprint image (step 306). In the present embodiment, as described above, the coordinates of a plurality of feature points in the fingerprint image and the chip image near each feature point are used as the feature amount.

  Next, the client terminal 100 creates auxiliary information and key data from the feature amount (step 307). The auxiliary information is used when restoring the encryption key from the user's fingerprint at the time of authentication. Details of the procedure for creating auxiliary information and key data will be described later.

  Next, the client terminal 100 writes the ID and auxiliary information received from the authentication server 120 to the IC card 108 possessed by the user by the IC card reader / writer 107 (step 308).

  Then, the client terminal 100 generates a hash value from the key data and transmits it to the authentication server 120 (step 309).

  Finally, the authentication server 120 registers the hash value received from the client terminal 100 in association with the ID (step 310).

Next, a detailed processing procedure of feature quantity extraction (step 306), auxiliary information, and key data generation (step 307) in the user registration processing in the present embodiment will be described with reference to FIG.
FIG. 5 is a flowchart showing processing of feature quantity extraction (step 306) and auxiliary information / key data generation (step 307) according to the first embodiment of the present invention.

  The feature quantity extraction function 203 detects the core from the fingerprint image, and sets the position as the origin (0, 0) of the coordinate system (step 500). Here, the core refers to the center of the ridge of the fingerprint ridge. If the core does not exist, one of the feature points extracted in the next step may be used as the coordinate origin. In this case, information on the feature point is not included in the chip information 410, and only the chip image of the feature point is included in the auxiliary information separately.

  The feature quantity extraction function 203 detects all feature points from the fingerprint image (step 501). As a detailed algorithm of the feature point extraction process and the core detection process, for example, the method described in Non-Patent Document 3 is known.

  Then, as shown in FIG. 3, chip images are cut out from all feature points (step 502), and only appropriate feature points are selected from all the cut out feature points (step 503).

  Next, all the selected chip images are randomly ordered, and auxiliary information is generated from the ordered chip images (step 540).

  Next, the coordinates of the feature points are arranged in the same order as the ordering of all chip images, and key data of the encryption key is generated (step 541).

Next, a user authentication process procedure according to this embodiment will be described with reference to FIG.
FIG. 6 is a flowchart showing a procedure of user authentication processing according to the first embodiment of the present invention.

  This authentication process relates to a process in which the authentication server 120 performs fingerprint authentication of a user via the network when the user uses a service such as net banking.

  The client terminal 100 reads the ID and auxiliary information from the IC card 108 possessed by the user by the IC card reader / writer 107 (step 710).

  Next, the client terminal 100 acquires a fingerprint image of the user (step 711), and extracts a feature amount from the acquired fingerprint image (step 712).

  Next, the client terminal 100 restores the encryption key from the extracted feature amount and the auxiliary information (step 713). Details of the encryption key restoration processing will be described later.

  Then, a hash value is generated from the restored encryption key (step 714).

  Next, the client terminal 100 makes an authentication request to the authentication server 120 and transmits an ID and a hash value (step 715).

  The authentication server 120 receives the ID and hash value, searches the database 242a for a hash value corresponding to the ID (step 716), and collates it with the received hash value (step 717). If the hash values match, authentication succeeds, and if the hash values do not match, authentication fails.

Next, with reference to FIG. 7, a detailed processing procedure of feature amount extraction (step 712) and encryption key restoration (step 713) in the user authentication processing in the present embodiment will be described.
FIG. 7 is a flowchart showing a detailed processing procedure of feature amount extraction (step 712) and encryption key restoration (step 713) in the user authentication processing according to the first embodiment of the present invention.

  The feature amount extraction function 203 detects the core from the fingerprint image, and sets the position as the origin (0, 0) of the coordinate system (step 800). As for the origin of coordinates, a specific feature point may be defined as the origin, and other feature points may be represented by relative coordinates therefrom.

  The feature amount extraction function 203 detects all feature points from the fingerprint image (step 801).

  i = 1 is set (step 802).

  Here, it is assumed that the number of chip images included in the auxiliary information is n as shown in FIG.

  The feature point of the fingerprint image that matches the i-th chip image in the auxiliary information is searched (step 820).

  Then, the coordinates of the feature points of the found fingerprint image are output as the i-th key data (step 821).

  Next, i = i + 1 is set (step 822).

  It is determined whether i ≦ n holds. If not, the process ends. If it does, i returns to step 820 (step 823).

[Embodiment 2]
Hereinafter, a second embodiment according to the present invention will be described with reference to FIGS.

  In the first embodiment, the feature points of the fingerprint are aligned, and key data of the encryption key is generated from the corresponding coordinates.

  Compared with the first embodiment, this embodiment is a more precise implementation of the encryption key generation method and the restoration method based on the biometric information of the present invention, and provides key stability and resistance to attackers. Is greatly improved.

  Therefore, dummy data is included in the auxiliary information in order to make the correspondence between the chip image and the coordinate data have a two-dimensional structure and make it difficult for an attacker to decipher.

  In terms of hardware, the client / server type user authentication system shown in FIG. 1 of the first embodiment is used.

  In the first embodiment, a so-called secret key cryptosystem that uses the same key for encryption and decryption is used. However, in this embodiment, a public key scheme that uses non-target encryption keys and decryption keys is used. Then, the personal authentication is performed by verifying the signature by the secret key on the server.

First, the functional configuration of the user authentication system according to the second embodiment of the present invention will be described using FIG. 8 mainly focusing on differences from the first embodiment.
FIG. 8 is a functional configuration diagram of the user authentication system according to the second embodiment of the present invention.

  The client terminal 100 has a key pair generation function 201 and a signature function 207. The key pair generation function 201 is a function that generates a public / private key pair, and the signature function 207 is a function that generates a signature for the challenge code from the authentication server 120 using the secret key. The feature quantity extraction function 203 and the key restoration function 205 are also for realizing the algorithm of this embodiment.

The database 242b of the authentication server 120 stores a public key in association with the user ID. The authentication server 120 uses the public key held by the authentication server 120 to generate a secret generated by the client terminal 100 by challenge and response during authentication. Verify the key,
Next, the data structure of the secret key and auxiliary information according to the present embodiment will be described with reference to FIG.
FIG. 9 is a diagram showing a data structure of a secret key and auxiliary information according to the second embodiment of the present invention.

It is assumed that the secret key K400 is nM bits for a certain integer value parameter n, M (M ≦ 2 ⁿ −1). Increasing n and M increases the bit length of the key, but decreases the stability of key generation. When the probability that a correct private key is restored from a regular fingerprint is 80% to 90%, n is about 4 to 6. Here, N = ²ⁿ is set for ⁿ . If the data to be used as the secret key (L bits) is longer than nM bits, the information of the lower L-nM bits is fixed and included in the auxiliary information.

The private key K400 for the partial information for each n-bit and M equal parts, Numbering sequentially from the head as shown in _{FIG., K i (i = 1,2,} ..., M) respectively to.

  The auxiliary information includes feature point information 410, a code conversion table 420, and error correction information (ECC) 430. The feature point information 410 includes a feature point number, a chip image, and a candidate point table for each of the M feature points. Hereinafter, for the chip number i, the chip image is represented as C [i], and one record in the candidate point table (hereinafter referred to as “candidate point record”) is represented as T [i]. The candidate point record T [i] has coordinates of N points (candidate points) and includes only one feature point coordinate (correct answer coordinate) of the chip C [i] at the time of registration. Also, the jth candidate point of T [i] is represented as T [i, j]. The code conversion table 420 has N different n-bit partial key codes (for example, if n = 5, 00000, 00001, 00010, N) for the candidate point number j (j = 1, 2,..., N). .., 11110, 11111 (N = 32). The error correction information 430 is an nM bit code, and is used to correct an error of the restoration key using an RS code.

Next, a user registration process according to this embodiment will be described with reference to FIG.
FIG. 10 is a flowchart showing a user registration processing procedure according to the second embodiment of the present invention.

  The client terminal 100 requests the authentication server 120 to allocate an ID of a user who is newly registered (step 301).

  Upon receiving the ID request from the client terminal 100, the authentication server 120 searches for an unassigned ID that is not used, and transmits the found ID to the client terminal 100 (step 302).

  Next, the client terminal 100 generates a public key / private key pair based on public key encryption technology such as elliptical encryption, and transmits the public key to the authentication server 120 (step 303).

  The authentication server 120 registers the received public key in the database 242 in association with the ID (step 304).

  Next, the client terminal 100 acquires a fingerprint image of the user via the fingerprint sensor 106 (step 305), and extracts a feature amount from the fingerprint image (step 306). Also in this embodiment, the feature amount is the coordinates of a plurality of feature points in the fingerprint image and a local image (chip image) near each feature point.

  The client terminal 100 creates auxiliary information from the extracted feature quantity and the secret key (step 307). The auxiliary information is used when restoring the secret key from the user's fingerprint at the time of authentication. The details of the data structure of the auxiliary information are as shown in FIG. 9 as described above. Details of the method of creating auxiliary information will be described later.

  The client terminal 100 writes the ID and the auxiliary information on the IC card 108 owned by the user by the IC card reader / writer 107 (step 308).

Next, a detailed processing procedure for feature amount extraction (step 306) and auxiliary information creation (step 307) in the registration processing according to the present embodiment will be described with reference to FIGS.
FIG. 11 is a flowchart showing a detailed processing procedure of feature amount extraction (step 306) and auxiliary information creation (step 307) in the registration processing according to the second embodiment of the present invention.
FIG. 12 is a diagram showing a feature amount extraction process and auxiliary information creation process in the registration process according to the second embodiment of the present invention.

  First, the feature quantity extraction function 203 detects the core from the fingerprint image, and sets the position as the origin (0, 0) of the coordinate system (step 500). In the fingerprint image shown in the example of FIG. 12, the position of the circle near the center of the image is the core. If the core does not exist, one of the feature points extracted in the next step may be used as the coordinate origin. In this case, the information on the feature point is not included in the chip information 410, and only the chip image of the feature point is included in the auxiliary information separately to indicate that the feature point is taken.

  The feature quantity extraction function 203 detects all feature points from the fingerprint image (step 501). In the fingerprint image shown in the example of FIG. 12, the position of ● is a feature point. As described above, as the detailed algorithm of the feature point extraction process and the core detection process, the method of Non-Patent Document 3 and the like are known.

  Next, a chip image is cut out for all feature points (step 502). In the fingerprint image shown in the example of FIG. 12, □ centered on ● indicates the area of the chip image.

  Only appropriate feature points are selected from all the feature points, and the number of selected feature points is set to m (step 503). For example, when there are a plurality of feature points that are similar to each other in the chip image, if all of these feature points are used, the candidate point restriction condition described later (a candidate point is not created near a mismatch point (described later)) There is a possibility that an attacker who tries to estimate a key by using auxiliary information as a key can narrow down the key space. Therefore, when there are a plurality of feature points similar to each other, only one of the feature points is used. Similarly, when the distance between two feature points is short and chip images overlap, the relative positional relationship between the two feature points can be estimated from the auxiliary information, allowing the attacker to narrow down the key space. Sex occurs. Therefore, in this case, only one of the feature points is used.

  Next, M-m dummy chip images that are not similar to the m chip images are randomly generated (step 504).

  The M all chip images are randomly ordered (step 505). According to this order, each chip image is represented as C [i] (i = 1, 2,..., M). In the example of FIG. 12, the chip image of the feature point at the upper right of the fingerprint image is C [1].

  A code conversion table 420 is created (step 506). The creation method may be random assignment or may use a code conversion table fixed in advance. In the fixed case, for example, a method of assigning a binary representation (n bits) of j as a partial key code to the candidate point number j can be considered.

  The feature point information 410 is generated and C [i] (i = 1, 2,..., M) is recorded. In T [i, j] (i = 1, 2,..., M, j = 1, 2,..., N), a flag indicating that no allocation is performed is recorded. (Step 507).

The secret key K400 (nM bits) is divided into M equal parts, and n-bit partial key codes K _i (i = 1, 2,..., M) are created (step 508).

  i = 1 is set (step 510).

  If C [i] is a dummy chip image, the process jumps to step 515 (step 512).

Next, find the candidate point number corresponding to the partial key code _{K i} from the code conversion table 420, and j0 (step 513). In the example of FIG. 12, since the partial key code K ₁ is “11010” for i = 1, “11010” is searched from the code conversion table 420 to obtain the candidate point number “2”. Therefore, j0 = 2. Note that j0 generally takes different values for each i.

  The feature point coordinates (correct coordinates) of C [i] are recorded in T [i, j0] of the feature point information 410 (step 514). In the example of FIG. 12, since i0 = 2 when i = 1, correct coordinates are recorded in T [1,2].

  Apart from the correct coordinates of C [i], all positions (mismatch points) of partial images similar to C [i] are detected from the fingerprint image (step 515). In other words, the false coincidence point is similar to the feature point of the chip image, and may be erroneously determined. For example, when the fingerprint image is expressed as a binary image (black and white image), the similarity between images can be calculated as the number of points where the chip image and the partial image overlap and the colors match. In the example of FIG. 12, the mismatch point is represented by ×, and the figure shows that there are two mismatch points for C [1].

  Next, dummy coordinates are randomly generated (step 516).

  If there is a candidate point already recorded in the record T [i] of the candidate point table and whose distance from the dummy coordinate is equal to or smaller than the predetermined threshold value r1, the process returns to step 516 (step 516). 517).

  If any of the mismatch points has a distance between the dummy coordinates and a predetermined threshold value r2, the process returns to step 516 (step 518).

  In step 517, when a candidate point whose distance from the dummy coordinate is less than or equal to r1 is not recorded and in step 518 there is no false coincidence point whose distance from the dummy coordinate is r2 or less, The dummy coordinates are recorded in the unassigned candidate point T [i, j] of the candidate point table T [i] (step 519). In this way, when taking the dummy coordinates, erroneous recognition can be prevented by separating the candidate point from the erroneous match point by a predetermined distance.

  If any of the N candidate points T [i, j] in the candidate point table T [i] is unallocated, the process returns to step 516 (step 520). FIG. 12 shows a state in which Step 516 to Step 520 are repeated and 16 feature point candidates (including one correct coordinate) are created for C [1].

  i = i + 1 is set (step 521).

  If i ≦ M, the process returns to step 512 (step 522).

A codeword V is randomly selected from the RS code RS (M, M-2t) having the code length M and the number of information symbols M-2t on the finite field F2 ⁿ (step 530). The parameter t uses a necessary value as the number of correctable errors. When t is large, the error correction capability is high and the secret key key can be restored more stably, but the effective bit length of the secret key is shortened.

  It is assumed that the error correction code 430 is obtained by taking the exclusive OR of K and V as shown in the following (formula 2).

最後に、特徴点情報４１０、コード変換表４２０、誤り訂正符号（ＥＣＣ）４３０をまとめて、補助情報とする（ステップ５３３）。

Finally, the feature point information 410, the code conversion table 420, and the error correction code (ECC) 430 are collected as auxiliary information (step 533).

Next, a user authentication process procedure according to this embodiment will be described with reference to FIG.
FIG. 13 is a flowchart showing a procedure of user authentication processing according to the second embodiment of the present invention.

  Similarly to the first embodiment, the authentication processing of the present embodiment also relates to processing in which the authentication server 120 performs user fingerprint authentication via the network when the user uses services such as net banking.

  The client terminal 100 reads the ID and auxiliary information from the IC card 108 possessed by the user by the IC card reader / writer 107 (step 710).

  Next, the client terminal 100 acquires a fingerprint image of the user (step 711), and extracts a feature amount from the fingerprint image (step 712). In the first embodiment, the description has been made assuming that the fingerprints of the same person are the same. However, even if the actually acquired fingerprint image is acquired from the same finger of the same person, It is different from the fingerprint image acquired in step 305. This is caused by a positional deviation, rotation, distortion, pressure or wet / dry difference when the finger is placed on the sensor. Therefore, the number and coordinates of feature points extracted from the fingerprint image and the chip image are slightly different between the registration time and the authentication time. The present embodiment provides a method for absorbing such errors and stably restoring a correct secret key.

  The client terminal 100 restores the secret key from the extracted feature quantity and the auxiliary information (step 713). Details of the private key restoration process will be described later.

  Then, the client terminal 100 makes an authentication request to the authentication server 120 and transmits the ID (step 715).

  The authentication server 120 receives the transmitted ID and searches the database 242b for a public key corresponding to the ID (step 716).

  The authentication server 120 generates a random number and transmits it as a challenge code to the client terminal 100 (step 718).

  The client terminal 100 receives the sent random number, generates a signature with the secret key for the random number, and transmits it to the authentication server 120 (step 719).

  The authentication server 120 receives the signature and verifies the signature using the held public key (step 720). If the signature verification is successful, the authentication is successful. If the signature verification fails, the authentication is failed.

Next, a detailed processing procedure of feature amount extraction (step 712) and secret key restoration (step 713) in the authentication process will be described with reference to FIGS.
FIG. 14 is a flowchart showing a detailed processing procedure of feature amount extraction (step 712) and secret key recovery (step 713) in the authentication processing according to the second embodiment of the present invention.
FIG. 15 is a diagram showing the feature amount extraction and secret key restoration processing in the authentication processing according to the second embodiment of the present invention.

  First, the feature amount extraction function 203 detects the core from the fingerprint image, and sets the position as the origin (0, 0) of the coordinate system (step 800). In the fingerprint image shown in the example of FIG. 15, the position of the circle near the center of the image is the core. When there is no core at the time of registration and the chip image is included in the auxiliary information with one of the feature points as the origin of coordinates, the partial image that most closely matches the chip image is searched from the fingerprint image, The position is the coordinate origin.

  The feature amount extraction function 203 detects all feature points from the fingerprint image (step 801). In the fingerprint image shown in the example of FIG. 15, the position of ● is a feature point.

  i = 1 is set (step 802).

  For each of the detected feature points, a partial image having a similarity with C [i] equal to or greater than a predetermined threshold is searched in the vicinity (step 804). In the example of FIG. 15, the search area of the partial image for each feature point is indicated by a dotted line □. For example, when the fingerprint image is expressed as a binary image (black and white image), the similarity between the images can be calculated as the number of points where the chip image and the partial image overlap and the colors match.

  If a similar partial image is not found, the process jumps to step 811 (step 805).

The positions of the searched similar partial images are arranged in descending order of similarity, and are set as P ₁ , P ₂ ,... (Step 806). These are called similarities.

  k = 1 is set (step 807).

Of the N candidate points of T [i], the candidate point closest to P _K is T [i, j]. If there is a point where the distance between P _K and T [i, j] is less than or equal to r1 / 2, the process jumps to step 812 (step 808). In the example of FIG. 15, there are three similarities of C [1] (P ₁ , P ₂ , P ₃ ), and each is represented by x. Radius of the dotted circle around the respective P _K is r1 / 2. There are no candidate points in the circles P ₁ and P ₂ , but there are candidate points T [1,2] in the circle of P ₃ . Therefore, when i = 1, j = 2 and jump to step 812. It should be noted that there is at most one candidate point that falls within the circle having the radius r1 / 2 by the processing of step 516 in FIG.

  k = k + 1 is set (step 809).

If there is an unsearched similarity (P _K ), the process returns to step 808 (step 810).

When there is no unstudied similarity (P _K ), or when there is no similar partial image in step 805, K ′ _i is not known (step 811).

When a candidate point T [i, j] close to P _K is found, a partial key code corresponding to j is retrieved from the code conversion table 420 and set as K ′ _i (step 812). In the example of FIG. 15, since j = 2 when i = 1, the location where the candidate point number is 2 in the code conversion table is referred to as K ′ ₁ = 11010.

  i = i + 1 is set (step 813).

  If i ≦ M, the process returns to step 804 (step 814).

When all the K ′ _i values have been obtained through the loop, K ″ = K ′ ₁ | K ′ ₂ |... | K ′ _m is set (step 815). However, it is assumed that A | B is a concatenation of A and B bit strings.

  As shown in the following (formula 3), V ″ is an exclusive OR of K ″ and ECC.

そして、Ｖ′′をＲＳ符号として復号し、得られたコードをＶ′とする（ステップ８１７）。ＲＳ符号の復号化は、例えば、ＢＭ（Berlekamp-Massey）アルゴリズムを用いることで高速に実行することができる。

Then, V ″ is decoded as an RS code, and the obtained code is set as V ′ (step 817). The decoding of the RS code can be executed at high speed by using, for example, a BM (Berlekamp-Massey) algorithm.

  As shown in the following (formula 4), K ′ is an exclusive OR of V ′ and ECC (step 818).

ＲＳ（Ｍ，Ｍ−２ｔ）の符号を用いて誤り訂正をおこなうことで、Ｋ_ｉ≠Ｋ′_ｉであった（Ｃ［ｉ］に関してダミー座標を選択した）ところのｉの数をＥ１、Ｋ′_ｉが不明であったところのｉの数をＥ２としたとき、２・Ｅ１＋Ｅ２≦ｔならば正しく復号化され、Ｋ′＝Ｋ（登録時の秘密鍵）となる。

By performing error correction using the code of RS (M, M−2t), K _i ≠ K ′ _i (dummy coordinates are selected for C [i]), the number of i is E1, K When the number of i's where _i was unknown is E2, if 2 · E1 + E2 ≦ t, it is correctly decrypted and K ′ = K (secret key at the time of registration).

  As described above, in this embodiment, a chip image of a feature point of a fingerprint is used as label information, so that a number (order) is arbitrarily assigned to a plurality of feature points, and is extracted again from the fingerprint at the time of authentication. The feature points can be arranged according to this number. As a result, the key length can be significantly increased as compared with the prior art such as Non-Patent Document 1 where numbers cannot be assigned.

  The technique described in Non-Patent Document 1 plots all true feature point coordinates and all dummy coordinates on one plane as auxiliary information. For this reason, when the candidate points are close to each other, the stability of key generation is reduced, or when dummy coordinates are plotted at a distance greater than a certain value from the correct coordinates, a part of the key information from the arrangement of the candidate points There was a problem that leaked. On the other hand, in this embodiment, an individual plane is set for each feature point (chip image), and one correct coordinate and a plurality of dummy coordinates are plotted on each plane as auxiliary information. This makes it possible to configure auxiliary information so that candidate points (correct coordinates and dummy coordinates) are always separated from each other by a distance equal to or greater than a certain value on the plane, improving the key generation stability and at the same time arranging the candidate points. Prevents key information from leaking. In addition, on each plane, by not plotting dummy coordinates around the position that incorrectly matches the corresponding chip image, the similarity of the chip image is higher near the mismatched point than at the correct coordinate point during key restoration. Even in this case, it is possible to guide to the correct coordinates, and the stability of key generation is improved. The reason why individual planes can be set for each feature point in this way is that chip images are used as label information for feature points and numbers are assigned to the feature points.

[Evaluation of the present invention]
As is apparent from the above embodiments, when biometric feature information is expressed as a set of feature elements that are difficult to order, such as fingerprint feature points, information on a part of the feature elements is used as a label. By using it, it is possible to order and to stably generate a key having a long bit length.

  Specifically, a plurality of information included in the feature element, for example, the position, direction, type (endpoint or branch point) at the fingerprint feature point, chip image (local partial image centered on the feature point), relation (adjacent other 2 types of highly independent information (for example, position and chip image) are selected from the number of ridges between the feature points), and the other information (for example, chip image) is used as a feature point label (auxiliary information). The information is recorded in an appropriate order, and at the time of authentication, the feature points are rearranged with reference to this label, and the other information (for example, position) is output in order to restore the key information.

  Here, taking the generation and restoration of a key from a fingerprint as an example, the technique described in Non-Patent Document 1 is compared with the effective bit length of the key. Similarly to the above, n is the number of true feature points, N is the number of candidate feature points including false generated for each true feature point, and t is the maximum allowable number of error feature points generated during authentication. When error correction is used with the RS code, the effective bit length of the key is evaluated by the following (Equation 5).

(N-2t) log (N) (Formula 5)
Here, when N = 64, n = 20, and t = 8, it becomes 24 bits, and a key having an effective bit length that is significantly longer than the effective bit length (7 bits) of the key generated by the technique described in Non-Patent Document 1 is generated. be able to. At this time, the total number of valid keys is 16,770,000. Therefore, in the case of an authentication system that allows redoing up to three times, the acceptance rate of others is about 0.000018%.

  Further, the technique described in Non-Patent Document 1 plots all true feature points and all false feature points as candidate feature points on one plane and applies them to the newly acquired fingerprint feature points at the time of authentication. In contrast to searching for the nearest candidate feature point, the present invention sets a separate plane for each of the true feature points, and selects one true feature point and multiple false feature points on each plane. Plotting as feature points, and searching for the closest candidate feature point on the corresponding plane for each of the newly acquired fingerprint feature points during authentication. For this reason, the technique described in Non-Patent Document 1 allows the attacker to narrow down the key space (decreases the effective bit length of the key) at the same time as the stability of the key recovery is lowered due to the above-described reason. In the present invention, the stability of the key recovery is improved, and at the same time, the key space cannot be narrowed down by the above attack method.

  The present invention can be applied to any application that performs user authentication, and can particularly enhance security and privacy in authentication via a network. For example, it can be applied to information access control in an in-house network, identity verification in an Internet banking system or ATM, login to a member website, personal authentication when entering a protected area, login to a personal computer, and the like.

  It is also possible to encrypt confidential information using a secret key generated with biometric information. For example, a method of using a secret key generated from a user's biometric information for encryption when a user backs up data including confidential information to a server on an open network is also conceivable.

It is a hardware block diagram of the user authentication system which concerns on 1st embodiment of this invention. It is a functional lineblock diagram of a user authentication system concerning a first embodiment of the present invention. It is the schematic of the registration of the encryption key of the authentication method by the biometric information of 1st embodiment of this invention, and a restoration process. It is a flowchart which shows the registration processing procedure of the user which concerns on 1st embodiment of this invention. It is a flowchart which shows the process of the feature-value extraction (step 306) and auxiliary information, key data generation (step 307) which concern on 1st embodiment of this invention. It is a flowchart which shows the procedure of the user authentication process which concerns on 1st embodiment of this invention. It is a flowchart which shows the detailed process sequence of feature-value extraction (step 712) and encryption key decompression | restoration (step 713) among the user authentication processes in 1st embodiment of this invention. It is a functional block diagram of the user authentication system which concerns on 2nd embodiment of this invention. It is a figure which shows the data structure of the secret key and auxiliary information which concern on 2nd embodiment of this invention. It is a flowchart which shows the registration process procedure of the user which concerns on 2nd embodiment of this invention. It is a flowchart which shows the detailed process sequence of feature-value extraction (step 306) and auxiliary information preparation (step 307) in the registration process of 2nd embodiment of this invention. It is a figure which shows the mode of the process of feature-value extraction in the registration process of 2nd embodiment of this invention, and auxiliary information creation. It is a flowchart which shows the procedure of the authentication process of the user which concerns on 2nd embodiment of this invention. It is a flowchart which shows the detailed process sequence of feature-value extraction (step 712) and secret key restoration (step 713) in the authentication process of 2nd embodiment of this invention. It is a figure which shows the mode of the process of the feature-value extraction in the authentication process of 2nd embodiment of this invention, and a private key restoration | recovery.

Explanation of symbols

100 Client terminal 101 CPU
102 Memory 103 Network Controller 104 Display 105 Keyboard 106 Fingerprint Sensor 107 IC Card Reading / Writing Device 108 IC Card 120 Authentication Server 121 CPU
122 memory 123 network controller 124 hard disk 125 display 126 keyboard 130 network 201 key pair generation function 202 fingerprint sensor control function 203 feature quantity extraction function 204 auxiliary information creation function 205 key restoration function 206 IC card reading control function 207 signature function 208 communication function 241 Communication function 242 Database 243 Verification function 400 Private key 410 Feature point information 420 Code conversion table 430 Error correction code.

Claims (10)

In an encryption key generation and restoration method for receiving biometric feature information and generating and restoring an encryption key by a computer,
The calculator includes a calculation unit, a storage unit, and an output unit,
The biometric feature information includes a feature element, and the feature element includes a first feature amount and a second feature amount as attributes thereof, and the first feature amount and the second feature amount are respectively features. A feature that can measure the closeness of the quantities,
By the calculation unit,
When generating an encryption key,
A procedure for receiving biometric information as a reference for a person to be authenticated by the encryption key;
Aligning the first feature amount of the feature element included in the received biometric information as a reference,
A procedure for generating, for each feature element, a false feature quantity different from the normal feature quantity, with the second feature quantity corresponding to the feature element as a normal feature quantity,
Generating a candidate feature quantity record composed of the normal feature quantity and the fake feature quantity for the first feature quantity of each feature element, and aligning the candidate feature quantity records in the candidate feature quantity record;
A procedure for associating the first feature amount of each feature element with the candidate feature record, generating as a feature element information table, and storing in the storage unit;
The first feature amount of the aligned feature element is associated with partial key information that is a part of the encryption key, and the first feature amount of the feature element is associated with the first feature amount of the feature element. A procedure for generating a correspondence between partial key information corresponding to the number of the normal feature quantity and the first feature quantity of the feature element as a code conversion table and storing it in the storage unit;
  A procedure for outputting the feature element information table and the code conversion table from the output unit;
When the encryption key is restored, the calculation unit
Receiving the biometric information for restoring the encryption key of the person who authenticates with the encryption key and the auxiliary information;
For the first feature amount of each feature element of the feature element table of the auxiliary information, the closest feature element of the biometric information for encryption key restoration is searched, and the second feature of the feature element of the biometric information is searched. And the feature amount of the candidate feature record corresponding to the first feature amount of the feature element of the feature element table closest to the first feature amount of the feature element of the biometric information for encryption key restoration Then, a procedure for setting the closest one as a candidate for the normal feature amount in the candidate feature amount record,
The corresponding partial key information is extracted from the code conversion table by the number of the candidate for the normal feature amount in the candidate feature amount record corresponding to the first feature amount of each feature element, and the feature of the feature element table And a method of restoring the encryption key according to the order in which the first feature quantities of the elements are arranged. When the cryptographic key is generated by the arithmetic unit,
A false first feature quantity different from the first feature quantity of the feature element included in the received biometric information as the reference is generated, and the candidate feature quantity record associated with the first feature quantity includes the first feature quantity It consists only of fake features that do not include regular features of the second feature,
The biometric information encryption key according to claim 1, wherein the calculation unit generates a record in which the false first feature value and the candidate feature value record are associated with each other in the feature element information table. Generation and restoration method. In the procedure for generating a false feature amount different from the normal feature amount for each feature element by the arithmetic unit, the generated false feature amount is separated from the normal feature amount by a predetermined distance or more. The method for generating and restoring an encryption key using biometric information according to claim 2. When the cryptographic key is generated by the arithmetic unit,
In the procedure for generating a false feature quantity different from the normal feature quantity for each feature element, the calculation unit has a first feature quantity close to the feature element for each feature element. The feature element is a similar feature element with respect to the feature element, and the false feature quantity is generated so as to be separated from the second feature quantity of any similar feature element of the feature element by a predetermined distance or more. An encryption key generation method and a restoration method according to claim 1. When the cryptographic key is restored by the arithmetic unit,
For the first feature amount of each feature element of the feature element table of the auxiliary information, the closest feature element of the biometric information for encryption key restoration is searched, and the second feature of the feature element of the biometric information is searched. And the feature amount of the candidate feature record corresponding to the first feature amount of the feature element of the feature element table closest to the first feature amount of the feature element of the biometric information for encryption key restoration Then, the procedure for setting the closest one as a candidate for the normal feature amount in the candidate feature amount record is as follows:
With respect to the first feature amount of each feature element of the feature element table of the auxiliary information, the calculation unit sequentially selects the feature elements of the biometric information for encryption key restoration that is close to the first feature amount. Whether the first feature value is close to the second feature value is within a predetermined distance from any feature value in the feature value record corresponding to the first feature value of the feature element. The encryption key generation method and restoration method according to claim 1, wherein the encryption key generation method and the restoration method are a procedure for determining a candidate for the normal feature amount in the candidate feature amount record by determining. The method for generating and restoring an encryption key according to claim 1, wherein the partial key information of the encryption key is divided by the number of samples of feature elements included in the reference biometric information. By the calculation unit, when generating the encryption key information,
An error correction code is generated for the key information, and the error correction code is included in the auxiliary information,
When the key information is restored by the arithmetic unit,
2. The method for generating and restoring an encryption key according to claim 1, wherein the information obtained by restoring the encryption key is output by correcting an error using the error correction code. The feature element is a feature point defined by an end point or a branch point of a fingerprint ridge pattern,
The first feature amount includes a position of the feature point, a ridge direction at the feature point, a feature point type indicating whether the feature point is an end point or a branch point, a local partial image including the feature point, One or more feature quantities selected from relation information defined by the number of ridges between the feature points and other feature points,
The second feature amount includes a position of the feature point, a ridge direction at the feature point, a feature point type, a local partial image including the feature point, and the feature point and other feature points. The encryption key generation method and restoration method according to claim 1, wherein the encryption key generation method and the restoration method are one or more feature amounts selected so as not to overlap with the first feature amount. In a personal authentication system using biometric information using an encryption key,
A client terminal equipped with a fingerprint sensor and an IC card reader / writer;
An authentication server connected to the client terminal via a communication line;
At the time of personal authentication information registration, the client terminal generates a public key and a secret key that is paired with the public key, and registers them in the authentication server.
The client terminal reads a fingerprint image for personal authentication information registration by the fingerprint sensor,
Extracting feature points of the fingerprint image;
The client terminal numbers the image of the feature points of the fingerprint by the feature point number, sets the coordinates of the feature points as correct coordinates, and generates dummy coordinates different from the correct coordinates for each of them. Then, for each feature point number, generate a candidate point record consisting of the correct coordinates and the dummy coordinates, numbering in the candidate point record,
Generating a feature point table composed of a record of the fingerprint feature point image and the candidate point record;
The secret key is divided, and a code conversion table is generated in which the correct coordinate number in the candidate point record corresponding to the feature point number in the divided order is associated with the partial key code corresponding to the divided order. ,
Write auxiliary information consisting of the feature point table and the code conversion table to the IC card of the person who performs authentication by the IC card reader / writer,
At the time of personal authentication, the client terminal reads the auxiliary information from the IC card from the IC card reader / writer,
Read the fingerprint image for authentication from the fingerprint sensor,
Extracting feature points of the fingerprint image;
The feature points of the fingerprint image for performing authentication on the images of the feature points of the respective fingerprints of the feature point table included in the auxiliary information are arranged in the order closest to the feature points of the respective fingerprints, and From near order, it is determined whether there is a correct coordinate of the candidate point record corresponding to the image of the feature point of each fingerprint near the coordinate of the feature point of the fingerprint image for performing the authentication, When there is a correct coordinate nearby, the partial key code corresponding to the correct coordinate number in the candidate point record is obtained from the code conversion table, and a part of the secret key is restored,
The secret key is restored by performing this for all the image of the feature points of the fingerprint in the feature point table,
The client terminal signs the data from the authentication server with the restored secret key, and sends the data to the authentication server.
The personal authentication system using biometric information, wherein the authentication server performs authentication by verifying a transmitted signature with the public key. The feature point table generates a dummy image different from a feature point image of a fingerprint image for performing the authentication, and records a candidate point record consisting of the dummy image and all of the dummy coordinates. The personal authentication system using biometric information according to claim 9, wherein the system is added to a table.

Images