JP4749017B2 - Pseudo biometric authentication system and pseudo biometric authentication method - Google Patents

Description

  The present invention relates to a pseudo biometric authentication system, a pseudo biometric authentication method, and a pseudo biometric authentication program for performing authentication processing using a pseudo biometric key generated in advance based on biometric information of a person to be authenticated.

  Conventionally, a server authentication method in which an authentication server performs authentication processing and a client authentication method in which a client terminal performs authentication processing are used as authentication methods for performing personal authentication.

  As the server authentication method, for example, biometric information such as the fingerprint, face image, and iris of the person to be authenticated read by the biometric information reader is registered in the authentication server as a template, and the authentication server acts on behalf of the authenticator. In some cases, authentication processing based on a template is performed (see, for example, Patent Document 1).

  In addition, as a client authentication method, for example, there is a method in which the above template is registered in a tamper resistant device or a client terminal, and an authentication process based on the template is performed by the tamper resistant device or the client terminal.

  As a template generation method described above, there is a method in which a face image is slightly deformed and registered when the face image is registered as a template so that the template can be updated. Since the registered image is not equivalent to the original face image without deformation, it can be discarded, and a new face image with a different degree of deformation can be registered as a template.

Japanese Patent Laid-Open No. 6-262882

  In the conventional technology described above, the template stored in the tamper resistant device is kept highly secure, but the encrypted biometric information and template transmitted over the communication network are intercepted, and biometric information and There is a problem that there is a risk that the template will be deciphered.

  Furthermore, since the template indicates a fingerprint, a face image, an iris, or the like, the types of templates are limited. Therefore, when receiving authentication from a plurality of different certifiers that provide various different applications, the same template is often used as the template of the person to be authenticated. There is a problem that the damage suffered is enormous.

  As described above, some face images can be discarded or updated by deforming a face image and registering it as a template. However, if the degree of deformation increases, the verification error rate increases. There is a risk that.

  The present invention solves the above-described problems, can prevent biometric information from leaking in personal authentication based on biometric information, and increases the types of information used for personal authentication based on biometric information. It is possible to discard and update information used for authentication.

  The pseudo biometric authentication system of the present invention includes a client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and the pseudo biometric information. A pseudo biometric authentication system comprising: a pseudo biometric authentication system for authenticating the person to be authenticated using the first biometric information or registered biometric information and a first numerical value arbitrarily selected First pseudo biometric key storage means for storing in advance a pseudo biometric key generated by calculating a one-way function, and the pseudo biometric key stored in the first pseudo biometric key storage means and an arbitrary A first pseudo-biological information generating unit that generates first pseudo-biological information by calculating a second numerical value selected by using a one-way function, and the first pseudo-biological information generating unit. And the pseudo biometric information transmitting means for transmitting the first pseudo biometric information generated together with the second numerical value to the pseudo biometric authentication server, and the pseudo biometric authentication server stores the pseudo biometric key in advance. Second pseudo biometric key storage means for storing, pseudo biometric information receiving means for receiving the first pseudo biometric information and the second numerical value transmitted by the pseudo biometric information transmitting means, and the pseudo biometric information receiving means When the second numerical value is received, the pseudo biometric key stored in the second pseudo biometric key storage unit and the second numerical value received by the pseudo biometric information receiving unit are converted into the first pseudo value. Second pseudo biometric information generating means for generating second pseudo biometric information by calculating using the same one-way function as that used in the biometric information generating means, and the pseudo biometric information receiver The pseudo-biological information collating means for collating the first pseudo-biological information received by the second pseudo-biological information generated by the second pseudo-biological information generating means, and the first pseudo-biological information collating means And authenticating means for authenticating that the person is to be authenticated when it is determined that the biometric information matches the second pseudo-biometric information.

  As described above, according to the pseudo biometric authentication system according to the present invention, a pseudo biometric key is generated using the biometric information of the person to be authenticated and stored in advance in the client terminal and the pseudo biometric authentication server, respectively. Based on the biometric key, the pseudo biometric information generated by the client terminal and the pseudo biometric authentication server is collated, and if they match, the person to be authenticated is recognized and authenticated. In addition, the authentication process by the pseudo biometric authentication server can be performed without transmitting the registered biometric information itself. That is, the information transmitted on the communication network is not the biometric information or the registered biometric information itself, but is a pseudo biometric key or the second numerical value. It will never be done.

  Even if the biometric information and the registered biometric information are encrypted and transmitted, the biometric information and the registered biometric information may be known by decryption. However, the pseudo biometric key and the pseudo biometric information are both based on a one-way function. Since it has been processed, even if the pseudo biometric key or the pseudo biometric information is leaked, it is reliably prevented that the biometric information is known. Therefore, even when compared with the case where biometric information or registered biometric information is encrypted and transmitted, the safety can be significantly improved.

  In the present invention, the registered biometric information refers to a template, which is registered biometric information such as a fingerprint, a face image, and an iris in a raw state or processed by a predetermined algorithm.

  The first numerical value is a secret random number used only inside the client terminal, for example, and the second numerical value is a public random number used outside the client terminal, for example. The one-way function is, for example, a hash function. Furthermore, the client terminal is a tamper resistant device having tamper resistance, for example.

  A service providing server that provides a predetermined service based on a request from a client terminal, and the service providing server receives a request for service provision from the client terminal and It is configured to provide a predetermined service to the client terminal in response to the provision request on the condition that the authentication request is made and a notification to the effect that it is decided to authenticate the person to be authenticated is received from the pseudo biometric authentication server. May be.

  The pseudo biometric authentication system of the present invention includes a client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and the client A pseudo biometric authentication system comprising: a service providing server that provides a predetermined service based on a request from a terminal; and a pseudo biometric authentication server that can generate pseudo biometric information for authentication based on the pseudo biometric key. When the service providing server receives a service provision request from the client terminal, the service providing server collates a plurality of pieces of pseudo biometric information with information transmission means for generating pseudo biometric information that transmits a second numerical value to the client terminal. Pseudo-biological information collating means that performs the first selection arbitrarily selected from the biometric information or the registered biometric information. First pseudo biometric key storage means for storing in advance a pseudo biometric key generated by calculating a numerical value with a one-way function; and the pseudo biometric key stored in the first pseudo biometric key storage means; First pseudo biological information generating means for generating first pseudo biological information by calculating the second numerical value received from the service providing server using a one-way function, and the first pseudo biological information First pseudo biometric information transmitting means for transmitting the first pseudo biometric information generated by the generating means to the service providing server and transmitting the second numerical value to the pseudo biometric authentication server, The biometric authentication server receives from the client terminal the second pseudo biometric key storage unit that stores the pseudo biometric key in advance, the pseudo biometric key stored in the second pseudo biometric key storage unit, and Second pseudo biological information generating means for generating second pseudo biological information by calculating the second numerical value using the same one-way function as that used in the first pseudo biological information generating means. And second simulated biological information transmitting means for transmitting the second simulated biological information generated by the second simulated biological information generating means to the service providing server, wherein the simulated biological information collating means The first pseudo biometric information from the client terminal is collated with the second pseudo biometric information from the pseudo biometric authentication server.

  Furthermore, the pseudo biometric authentication system of the present invention includes a client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and the client A pseudo biometric authentication system comprising: a service providing server that provides a predetermined service based on a request from a terminal; and a pseudo biometric authentication server that can generate pseudo biometric information for authentication based on the pseudo biometric key. The service providing server transmits a second numerical value to each of the client terminal and the pseudo biometric authentication server when receiving a service provision request from the client terminal; Pseudo biometric information collating means for collating a plurality of pseudo biometric information, and the client terminal A first pseudo biometric key storage unit for preliminarily storing a pseudo biometric key generated by calculating registered biometric information and an arbitrarily selected first numerical value using a one-way function; and the first pseudo biometric key First pseudo biometric information is generated by calculating the pseudo biometric key stored in the storage means and the second numerical value received from the service providing server using a one-way function. Biometric information generation means, and first pseudo biometric information transmission means for transmitting the first pseudo biometric information generated by the first pseudo biometric information generation means to the service providing server, the pseudo biometric authentication server Includes a second pseudo biometric key storage unit that stores the pseudo biometric key in advance, the pseudo biometric key stored in the second pseudo biometric key storage unit, and a second received from the service providing server. Second pseudo biological information generating means for generating second pseudo biological information by calculating a value using the same one-way function as that used in the first pseudo biological information generating means; A second pseudo-biological information transmitting unit configured to transmit the second pseudo-biological information generated by the two pseudo-biological information generating unit to the service providing server, and the pseudo-biological information collating unit receives the information from the client terminal. The first pseudo biometric information is collated with the second pseudo biometric information from the pseudo biometric authentication server.

  The second numerical value transmitted by the service providing server may be generated by calculating a predetermined number such as an ID number of the service providing server and the third numerical value using a one-way function. . In this case, the third numerical value is a secret random number used only within the service providing server, for example. In the simulated biometric authentication system according to the present invention, the service providing server itself may authenticate the person to be authenticated based on the collation result performed by the service providing server, and the authentication result is stored in the pseudo biometric authentication server. The pseudo biometric authentication server may authenticate the person to be authenticated.

  The client terminal includes a pseudo biometric key generating unit that generates a pseudo biometric key by calculating biometric information or registered biometric information and an arbitrarily selected first numerical value using a one-way function, and the pseudo biometric key First pseudo biometric key registration means for registering the pseudo biometric key generated by the generation means in the first pseudo biometric key storage means, and the pseudo biometric key generated by the pseudo biometric key generation means to the pseudo biometric authentication server A pseudo biometric key transmitting means for transmitting, wherein the pseudo biometric authentication server receives the pseudo biometric key transmitted by the pseudo biometric key transmitting means, and the pseudo biometric key receiving means. And second pseudo biometric key registration means for registering the pseudo biometric key received by the second pseudo biometric key storage means.

  In the pseudo biometric authentication system according to the present invention, the client terminal includes biometric information reading means capable of reading biometric information, and biometric information storage means for preliminarily storing the biometric information read by the biometric information reading means as registered biometric information. And biometric information collating means for collating and authenticating biometric information read by the biometric information reading means and registered biometric information stored in advance by the biometric information storage means, When the biometric information read by the biometric information reading unit is authenticated by the biometric information collating unit with the registered biometric information stored in the biometric information storage unit within a predetermined range, the generating unit is authenticated. It is preferable that the first pseudo biological information is generated, and the biological information storage means is It is preferred to have a function.

  In the pseudo biometric authentication system according to the present invention, since the pseudo biometric key is generated based on the biometric information and the first numerical value, one biometric information or registered biometric can be obtained by making the first numerical value different. Any number of different pseudo biometric keys can be generated from the information. Therefore, it is possible to use different pseudo biometric keys depending on the application.

  Further, if there is a possibility that the pseudo biometric key has been leaked, the current status can be easily recovered by discarding it and newly generating and updating the pseudo biometric key. Regardless of whether it is leaked or not, if the pseudo biometric key is periodically updated, the safety can be more reliably maintained.

  Therefore, in the pseudo biometric authentication system according to the present invention, the first pseudo biometric key storage unit and the second pseudo biometric key storage unit store two or more types of pseudo biometric keys in association with pseudo biometric key numbers, and The biometric information transmission means further transmits one or more first pseudo biometric information to be authenticated together with a pseudo biometric key number associated therewith to the pseudo biometric authentication server, and the second pseudo biometric information generation means performs the authentication. One or more second pseudo biometric information is generated using one or more pseudo biometric keys stored in association with the one or more pseudo biometric numbers received, and the pseudo biometric information collating means It is preferable that the one or more pieces of the first simulated biological information and the one or more pieces of the second simulated biological information are collated.

  In this manner, two or more types of pseudo biometric information based on two or more types of pseudo biometric keys are generated by the client terminal and the pseudo biometric authentication server, respectively, and authentication processing is performed by comparing the two or more types of pseudo biometric information. Therefore, the security and accuracy of the authentication process can be dramatically improved. That is, by performing authentication for one service using two or more pieces of pseudo-biological information, the safety and accuracy of the authentication process can be greatly improved.

  Further, the pseudo biometric authentication method of the present invention includes a client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and the pseudo A pseudo biometric authentication method performed by a pseudo biometric authentication server that authenticates the person to be authenticated using biometric information, wherein the client terminal is a first numerical value arbitrarily selected from the biometric information or registered biometric information And the pseudo biometric key stored in the first pseudo biometric key storage means for preliminarily storing the pseudo biometric key generated by calculating with a one-way function, and a second numerical value selected arbitrarily. The first pseudo biometric information is generated by calculating using the one-way function, and the generated first pseudo biometric information is transmitted to the pseudo biometric authentication server together with the second numerical value. The pseudo biometric authentication server receives the first pseudo biometric information and the second numerical value from the client terminal, and upon receiving the second numerical value, a second pseudo biometric key storage that stores the pseudo biometric key in advance By calculating the pseudo biometric key stored in the means and the received second numerical value using the same one-way function used when generating the first pseudo biometric information The second simulated biological information is generated, the received first simulated biological information is compared with the generated second simulated biological information, and the first simulated biological information and the second simulated biological information match. If it is, the user is authenticated as the person to be authenticated.

  The pseudo biometric authentication method of the present invention includes a client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and the client A pseudo biometric authentication method performed by a service providing server that provides a predetermined service based on a request from a terminal, and a pseudo biometric authentication server that authenticates the person to be authenticated using the pseudo biometric information, When the service providing server receives a service provision request from the client terminal, the service providing server transmits a second numerical value to the client terminal, collates a plurality of pieces of pseudo biometric information, and transmits a collation result to the pseudo biometric authentication server. In the client terminal, the biometric information or the registered biometric information and an arbitrarily selected first numerical value are calculated by a one-way function. The pseudo biometric key stored in the first pseudo biometric key storage unit that stores the pseudo biometric key generated in advance and the second numerical value received from the service providing server using a one-way function To generate first pseudo biometric information, transmit the generated first pseudo biometric information to the service providing server, transmit the second numerical value to the pseudo biometric authentication server, and The biometric authentication server uses the first pseudo biometric information to store the pseudo biometric key stored in the second pseudo biometric key storage unit that stores the pseudo biometric key in advance and the second numerical value received from the client terminal. The second pseudo-biological information is generated by calculating using the same one-way function used when generating the second pseudo-biological information, and the generated second pseudo-biological information is sent to the service providing server. And the service providing server, a plurality of pseudo biometric information, characterized by checking the first pseudo biometric information from the client terminal, and a second pseudo biometric information from the pseudo-biometric authentication server.

  Furthermore, the pseudo biometric authentication method of the present invention includes a client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and the client A pseudo biometric authentication method performed by a service providing server that provides a predetermined service based on a request from a terminal, and a pseudo biometric authentication server that authenticates the person to be authenticated using the pseudo biometric information, When receiving a service provision request from the client terminal, the service providing server transmits a second numerical value to each of the client terminal and the pseudo biometric authentication server, collates a plurality of pseudo biometric information, and obtains a collation result. The pseudo-biometric authentication server transmits the first information arbitrarily selected with the biometric information or registered biometric information. The pseudo biometric key stored in the first pseudo biometric key storage unit that stores in advance a pseudo biometric key generated by calculating a numerical value using a one-way function, and the second received from the service providing server. Is calculated using a one-way function to generate first pseudo biometric information, and the generated first pseudo biometric information is transmitted to the service providing server. The first pseudo biometric information is generated from the pseudo biometric key stored in the second pseudo biometric key storage unit that stores the pseudo biometric key in advance and the second numerical value received from the service providing server. The second pseudo-biological information is generated by calculating using the same unidirectional function used at the time, and the generated second pseudo-biological information is transmitted to the service providing server, -Bis providing server, a plurality of pseudo biometric information, characterized by checking the first pseudo biometric information from the client terminal, and a second pseudo biometric information from the pseudo-biometric authentication server.

  Still further, the pseudo biometric authentication program of the present invention uses the biometric information generated based on the biometric information of the person to be authenticated or the pseudo biometric key generated from the registered biometric information. Is a pseudo biometric authentication program for performing authentication of a person, and is generated by computing the biometric information or registered biometric information and an arbitrarily selected first numerical value using a one-way function. First pseudo biometric information generated by calculating the pseudo biometric key stored in the pseudo biometric key storage means for storing the biometric key in advance and a second numerical value selected arbitrarily using a one-way function. Receiving the second numerical value, and receiving the second numerical value, the pseudo-biological key stored in the pseudo-biological key storage means, and the received second numerical value, Generating the second pseudo-biological information by calculating using the same unidirectional function used when the first pseudo-biological information is generated, and the received first pseudo-biological information And the step of collating the generated second simulated biological information, and the step of authenticating the person to be authenticated if the first simulated biological information and the second simulated biological information match, A pseudo biometric key generated by computing a biometric information or registered biometric information and an arbitrarily selected first numerical value using a one-way function. The step of receiving and the step of registering the received pseudo biometric key in the second pseudo biometric key storage means may be executed.

  According to the present invention, personal authentication based on biometric information can be performed more accurately, biometric information can be prevented from leaking, and the type of information used for personal authentication based on biometric information can be reduced. The information used for authentication can be discarded or updated.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram illustrating a configuration example of a pseudo biometric authentication system 100 according to an embodiment of the present invention.

  As shown in FIG. 1, the pseudo biometric authentication system 100 includes a tamper resistant device 10, an application server 30, and a pseudo biometric authentication server 40. The tamper resistant device 10, the application server 30, and the pseudo biometric authentication server 40 are connected by a communication network 50 such as the Internet or a dedicated line.

  The tamper resistant apparatus 10 is an information processing apparatus such as a personal computer and has a configuration in which tamper resistance is improved by software or hardware. “Tamper resistance” means the ability to prevent reading of confidential data from outside by unauthorized (unauthorized) means. In addition, as a method of improving tamper resistance, a method of increasing confidentiality so that it is difficult to read data etc. from outside by unauthorized means, and data etc. are likely to be read from outside by unauthorized means. A method is sometimes known that includes a mechanism for destroying the data.

  The tamper resistant device 10 is installed in a terminal device for receiving a service provided by the application server 30 or connected to the terminal device. The terminal device for receiving the service provided by the application server 30 is, for example, a terminal device provided with a billing function using electronic money installed in a convenience store or the like, an ATM device such as a bank (automatic cash deposit and withdrawal) Machine), personal computers and portable communication terminals managed by each individual.

  The application server 30 is configured by an information processing apparatus such as a WWW server or a workstation server, and has a function for executing various services provided after personal authentication such as provision of content. For example, when the application server 30 receives a content provision request from the tamper-resistant device 10, pseudo biometric authentication is performed to confirm whether or not the person A to be authenticated who has made the content acquisition request is the person himself / herself. Request the server 40.

  The pseudo biometric authentication server 40 is configured by an information processing device such as a WWW server or a workstation server, and is managed by, for example, a national organization or a reliable third party organization. The pseudo biometric authentication server 40 performs an authentication process for authenticating the person A to be authenticated on the tamper resistant apparatus 10 side, for example, in response to an authentication request from the application server 30.

FIG. 2 is a block diagram illustrating an example of the configuration of the tamper resistant apparatus 10.
As shown in FIG. 2, the tamper resistant apparatus 10 includes a biometric information reading unit 11, a template storage unit 12, a secret random number generation unit 13, a random number storage unit 14, a pseudo biometric key storage unit 15, and a collation determination unit. 16, a pseudo biometric key generation unit 17, a public random number generation unit 18, a hash value calculation unit 19, a data communication unit 20, and a pseudo biometric information generation unit 21.

  The biometric information reading unit 11 has a function of receiving biometric information read by the biometric information reading device 60 and executing various processes such as a process of storing the biometric information as a template in the template storage unit 12. The biometric information reading device 60 is a device that reads biometric information such as a fingerprint, a face, an iris, and a vein from an authenticated person.

  The template storage unit 12 is configured by an information storage medium such as a database device, and stores various types of information such as templates.

  The secret random number generation unit 13 has a function of executing various processes such as a process for generating a secret random number described later.

  The random number storage unit 14 is configured by an information storage medium such as a database device, and stores various types of information such as a secret random number generated by the secret random number generation unit 13.

  The pseudo biometric key storage unit 15 is configured by an information storage medium such as a database device, for example, and stores various information such as a pseudo biometric key described later generated by the pseudo biometric key generation unit 17.

  The collation determination unit 16 collates the two data to be compared, and determines whether or not to request the pseudo biometric authentication server 40 to perform an authentication process for authenticating the person to be authenticated based on the collation result. It has a function to execute various processes.

  The pseudo biometric key generation unit 17 has a function of executing various processes such as a process of generating a pseudo biometric key based on a template and a secret random number.

  The public random number generation unit 18 has a function of executing various processes such as a process for generating a public random number described later.

  The hash value calculation unit 19 has a function of executing various processes such as a process of calculating a hash value from given data using a hash function prepared in advance.

  The data communication unit 20 has a function for performing data communication with the application server 30 and the pseudo biometric authentication server 40 via the communication network 50.

  The pseudo biometric information generation unit 21 has a function of executing various processes such as a process of generating pseudo biometric information using a pseudo biometric key.

FIG. 3 is a block diagram illustrating an example of the configuration of the pseudo biometric authentication server 40.
As shown in FIG. 3, the pseudo biometric authentication server 40 includes a pseudo biometric key registration unit 41, a pseudo biometric key storage unit 42, a hash value calculation unit 43, a pseudo biometric information collation determination unit 44, and a data communication unit 45. A simulated biological information generation unit 46 and a simulated biological information storage unit 47.

  The pseudo biometric key registration unit 41 has a function of executing various processes such as a process of registering the pseudo biometric key in the pseudo biometric key storage unit 42 when a pseudo biometric key is sent from the tamper resistant device 10. .

  The pseudo biometric key storage unit 42 is configured by an information storage medium such as a database device, for example, and stores various kinds of information such as a pseudo biometric key by a registration process performed by the pseudo biometric key registration unit 41.

  The hash value calculation unit 43 has a function of executing various processes such as a process of calculating a hash value from given data using a hash function prepared in advance.

  The pseudo biometric information collation determination unit 44 collates two contrasted pseudo biometric information, which will be described later, and performs various processes such as a process of determining whether to authenticate the person to be authenticated based on the collation result. Has the function to execute.

  The data communication unit 45 has a function for performing data communication with the tamper resistant device 10, the pseudo biometric authentication server 40, and the like via the communication network 50.

  The pseudo biometric information generation unit 46 has a function of executing various processes such as a process of generating pseudo biometric information using a pseudo biometric key.

  The simulated biological information storage unit 47 is configured by an information storage medium such as a database device, for example, and stores various types of information such as simulated biological information generated by the simulated biological information generation unit 21 of the tamper resistant device 10. Note that since the pseudo biometric information is used only once in the authentication process, the pseudo biometric information is deleted from the pseudo biometric information storage unit 47 when the authentication process is completed.

Next, the operation of the pseudo biometric authentication system 100 of this example will be described.
FIG. 4 is a flowchart illustrating an example of a pseudo biometric key generation registration process executed by the tamper resistant apparatus 10 in the pseudo biometric authentication system 100 of the present example. FIG. 5 is a conceptual diagram showing an outline of the pseudo biometric key generation registration process. Here, a case where M pseudo biometric keys (pTempA (i): i = 1, 2,..., M) are generated and registered based on the biometric information of the person A to be authenticated will be described as an example.

  Here, it is assumed that the template (TempA) of the person A to be authenticated is registered in advance in the template storage unit 12 of the tamper resistant apparatus 10. TempA is, for example, at least one type of living body such as a fingerprint of the index finger of the right hand of the person A to be authenticated, a front photo of the face of the person A to be authenticated, a vein pattern of the person A to be authenticated, and an iris of the eye of the person A to be authenticated. Consists of information. Here, it is assumed that a user ID (UserID (A)) and a password are assigned in advance to the person A to be authenticated from the tamper resistant apparatus 10 side.

  The pseudo biometric key generation registration process is executed, for example, in response to the template being registered. The pseudo biometric key generation registration process is not performed immediately when the template is registered, but when a predetermined time comes after the template is registered, or when there is an instruction from the administrator of the apparatus 10. May be executed.

  In the pseudo biometric key generation registration process, the tamper resistant apparatus 10 first reads TempA stored in the template storage unit 12 (step S1).

  Next, the secret random number generation unit 13 of the tamper resistant apparatus 10 generates a secret random number (SR: Secret Random number) for TempA (step S2). In step S2, the secret random number generation unit 13 selects M numbers of random numbers within a predetermined numerical range, for example, so that M number of secret random numbers (SR (i): i = 1, 2,... M). The secret random number generation unit 13 stores the generated secret random number in the random number storage unit 14 in association with the user ID (UserID (A)) of the person A to be authenticated, for example.

  The “secret random number” is confidential data that is used only in the tamper resistant apparatus 10 and is prohibited from being output to the outside of the tamper resistant apparatus 10.

  When the secret random number is generated, the pseudo biometric key generation unit 17 of the tamper resistant apparatus 10 generates M pseudo biometric keys (pTempA) based on TempA and M secret random numbers (SR (1) to SR (M)). (i): A process for generating i = 1, 2,..., M) is performed (step S3).

  In step S <b> 3, the pseudo biometric key generation unit 17 gives a calculation instruction to the hash value calculation unit 19. In response to the calculation instruction from the pseudo biometric key generation unit 17, the hash value calculation unit 19 uses M hash values (h (TempA, SR (i)): i = 1, 2,..., M). The function used for calculating the pseudo biometric key may be a function other than the hash function as long as it is a one-way function having irreversibility.

  When the pseudo biometric key for the person to be authenticated A is generated, the pseudo biometric key generation unit 17 generates the generated M pseudo biometric keys (pTempA (i): i = 1, 2,..., M) as a pseudo biometric. Store in the key storage unit 15 (step S4).

  In addition, the data communication unit 19 of the tamper resistant apparatus 10 receives the M pseudo biometric keys (pTempA (i): i = 1, 2,..., M) generated by the pseudo biometric key generation unit 17. Along with the user ID (UserID (A)) and the pseudo biometric key number (i = 1, 2,..., M) of the certifier A, it is transmitted to the pseudo biometric authentication server 40 via the communication network 50 (step) S5).

  When the pseudo biometric authentication server 40 receives the pseudo biometric key or the like from the tamper resistant device 10 by the data communication unit 45, the pseudo biometric key registration unit 41 of the pseudo biometric authentication server 40 receives the M pseudo biometric keys (pTempA). (i): i = 1, 2,..., M) to the user ID (UserID (A)) and pseudo-biometric key number (i = 1, 2,..., M) of the person A to be authenticated. A process of associating and storing in the pseudo biometric key storage unit 42 is performed.

  As described above, the pseudo biometric key generated based on the biometric information about the person A to be authenticated is registered in the tamper resistant apparatus 10 and the pseudo biometric authentication server 40. That is, as shown in FIG. 5, the tamper resistant apparatus 10 performs an operation output by a hash function using TempA and M secret random numbers (SR (1) to SR (M)) for the person A to be authenticated as inputs. Are obtained as M pseudo-biometric keys. Then, the generated pseudo biometric key is transmitted to the pseudo biometric authentication server 40 together with the user ID and the pseudo biometric key number (i = 1, 2,..., M). In both cases, the pseudo biometric key for the person A to be authenticated is stored. Note that “pTemp (i) = h [Temp || SR (i)]” shown in FIG. 5 is equivalent to the pseudo biometric key “pTemp (i)”, “Temp” and “SR (i)”. This means that the hash value is calculated by.

  The M pseudo biometric keys are separately used in, for example, authentication processing in M different services (for example, ATM devices, entering / exiting rooms, convenience stores, etc.).

  A plurality of pseudo biometric keys may be used for one service authentication. For example, when accessing an ATM device at home or from a mobile phone terminal, if all three pseudo biometric keys can be verified, authentication is made so that one pseudo biometric key can be obtained. Compared with the case where it uses, it becomes possible to improve safety | security significantly.

  Next, an example of pseudo biometric information authentication processing in the pseudo biometric authentication system 100 of this example will be described. FIG. 6 is a flowchart illustrating an example of a portion executed by the tamper resistant apparatus 10 in the pseudo biometric authentication process in the pseudo biometric authentication system 100 of the present example. FIG. 7 is a flowchart illustrating an example of a portion executed by the pseudo biometric authentication server 40 in the pseudo biometric authentication process in the pseudo biometric authentication system 100 of the present example. FIG. 8 is a conceptual diagram showing an outline of the pseudo biometric information authentication process.

  Here, a case will be described as an example where pseudo biometric information is generated using three pseudo biometric keys for the person A to be authenticated, and whether or not to authenticate the person A to be authenticated is determined based on the pseudo biometric information. .

  Accordingly, here, it is assumed that at least three pseudo biometric keys for the person A to be authenticated are stored in the tamper resistant apparatus 10 and the pseudo biometric authentication server 40 by the above-described pseudo biometric key generation registration process.

  Here, when the person A to be authenticated operates the tamper resistant apparatus 10 and makes a service provision request to the application server 30, the pseudo biometric authentication server 40 that receives the request from the application server 30 is the person to be authenticated. Assume that processing for authenticating A is performed. Therefore, here, the biometric information is input to the biometric information reading device 60 by the person A to be authenticated in response to the biometric information input request from the application server 30 being displayed on the display device (not shown) of the tamper resistant device 10. Shall.

  In the pseudo biometric information authentication process, when the tamper resistant apparatus 10 acquires the biometric information (BioDataA) read from the person A to be authenticated from the biometric information reading apparatus 60 (step S21), the acquired biometric information is obtained. (BioDataA) and the template (TempA) of the person A to be authenticated stored in the template storage unit 12 are collated by the collation determination unit 16 (step S22).

  As a result of the collation, if BioData A and Temp A match within a predetermined range (Y in step S23), the collation determination unit 16 of the tamper resistant apparatus 10 indicates that the person who has input the biometric information indicated by BioData A is the person to be authenticated. It determines with it being A, and transfers to subsequent processing.

  On the other hand, as a result of the collation, if BioData A and Temp A do not match at a ratio equal to or higher than a predetermined ratio (N in step S23), the collation determining unit 16 of the tamper resistant apparatus 10 displays the biological information indicated by BioData A. It is determined that there is a high possibility that the input person is not the person to be authenticated A. For example, notifying the person who has input the biometric information to that effect and notifying the application server 30 that the person to be authenticated cannot be authenticated Exit.

  If it is determined as Y in step S23, the public random number generation unit 18 of the tamper resistant apparatus 10 generates a public random number (PR) for TempA (step S24). In step S24, the public random number generation unit 18 selects three numerical values within a predetermined numerical value range, for example, so that three public random numbers (PR (1), PR (2), PR (3)) are selected. Is generated. The public random number generation unit 18 associates the generated public random number with, for example, the user ID (UserID (A)) of the person A to be authenticated and the pseudo biometric key number (i = 1, 2,..., M). And stored in the random number storage unit 14.

  The “public random number” is non-confidential data that is permitted to be used outside the tamper resistant device 10 and is permitted to be output outside the tamper resistant device 10.

  When the public random number is generated, the pseudo biometric information generation unit 21 of the tamper resistant apparatus 10 includes three pseudo biometric keys (pTempA () stored in the pseudo biometric key storage unit 15 in association with the user ID of the person A to be authenticated. 1), pTempA (2), pTempA (3)) and the generated three public random numbers (PR (1), PR (2), PR (3)), three pieces of pseudo biological information ( Processing for generating h (1), h (2), h (3)) is performed (step S25).

  In step S <b> 25, the simulated biological information generation unit 21 issues a calculation instruction to the hash value calculation unit 19. In response to a calculation instruction from the pseudo-biological information generation unit 21, the hash value calculation unit 19 uses three hash values (h (pTempA (i), PR (i )): I = 1, 2, 3) is calculated. It should be noted that the function used for calculating the pseudo biological information may be a function other than the hash function as long as it is a one-way function having irreversibility.

  The data communication unit 19 of the tamper resistant apparatus 10 receives the three pieces of pseudo biometric information (h (1), h (2), h (3)) generated by the pseudo biometric information generation unit 21 from the person A to be authenticated. Along with the user ID (UserID (A)), the three public random numbers (PR (1), PR (2), PR (3)) and the pseudo biometric key numbers (1, 2, 3) via the communication network 50 It transmits toward the application server 30 (step S26).

  Upon receiving the user ID, the pseudo biometric information, the public random number, and the pseudo biometric key number, the application server 30 transmits the received information to the pseudo biometric authentication server 40 via the communication network 50.

  When the pseudo biometric authentication server 40 receives the user ID, pseudo biometric information, public random number, and pseudo biometric key number from the application server 30 in the data communication unit 45 (step S31), the received information is stored in the pseudo biometric information storage unit 47. Store.

  Next, the pseudo biometric information generation unit 46 of the pseudo biometric authentication server 40 is stored in the pseudo biometric key storage unit 42 in association with the user ID and pseudo biometric key number of the person A to be authenticated received in step S31. Pieces of pseudo biometric keys (pTempA (1), pTempA (2), pTempA (3)) and three public random numbers (PR (1), PR received in step S31 and stored in the pseudo biometric information storage unit 47) Based on (2), PR (3)), a process for generating three pieces of pseudo biological information (Bh (1), Bh (2), Bh (3)) is performed (step S32).

  In step S <b> 32, the simulated biological information generation unit 46 issues a calculation instruction to the hash value calculation unit 43. In response to a calculation instruction from the pseudo-biological information generation unit 46, the hash value calculation unit 43 uses three hash values (Bh (pTempA (i), PR (i )): I = 1, 2, 3) is calculated. It should be noted that the function used for calculating the pseudo biological information may be a function other than the hash function as long as it is a one-way function having irreversibility.

  In the calculation process in step S32, the same hash function as that used in the calculation process in step S25 described above is used. Therefore, if the pseudo biometric keys used for the arithmetic processing are the same, the processing results of the arithmetic processing in step S32 and the arithmetic processing in step S25 are the same.

  When the pseudo biometric information is generated, the pseudo biometric information collation determination unit 44 of the pseudo biometric authentication server 40 generates the three pieces of pseudo biometric information (Bh (1), Bh (2), Bh (3)) generated in step S32. And the three pieces of pseudo biometric information (h (1), h (2), h (3)) received in step S31 and stored in the pseudo biometric information storage unit 47 are respectively collated (step S33).

  If the simulated biological information (Bh (1), Bh (2), Bh (3)) and the simulated biological information (h (1), h (2), h (3)) all match each other (step In S34, the pseudo-biometric information collation determination unit 44 determines that the person A to be authenticated is the person himself and authenticates the person A to be authenticated. When authenticating the person A to be authenticated, the data communication unit 45 of the pseudo biometric authentication server 40 notifies the application server 30 that the person A to be authenticated has been authenticated (step S35).

  On the other hand, at least a part of the simulated biological information (Bh (1), Bh (2), Bh (3)) and the simulated biological information (h (1), h (2), h (3)) is one. If not (N in Step S34), the pseudo biometric information collation determination unit 44 determines that the person A to be authenticated is not likely to be the person, and determines not to authenticate the person A to be authenticated. If it is decided not to authenticate the person A to be authenticated, the data communication unit 45 of the pseudo biometric authentication server 40 notifies the application server 30 that the person A to be authenticated cannot be authenticated (step S36).

  When authenticated person A is authenticated by pseudo biometric authentication server 40, application server 30 provides various services in response to requests from authenticated person A. On the other hand, if the person A to be authenticated is not authenticated by the pseudo biometric authentication server 40, the application server 30 sends a notification that the request from the person A to be authenticated A cannot be satisfied. For example, for the tamper resistant device 10).

  As described above, in this example, the generation of the pseudo biometric information based on the pseudo biometric key and the public random number is executed by both the tamper resistant apparatus 10 and the pseudo biometric authentication server 40, and each pseudo biometric authentication server 40 executes the respective pseudo By checking the biometric information, it is determined whether or not the person A to be authenticated is the person himself / herself.

  As described above, a pseudo biometric key is generated using the biometric information of the person to be authenticated and stored in advance in the tamper resistant device 10 and the pseudo biometric authentication server 40, respectively. The pseudo biometric information generated by the tamper device 10 and the pseudo biometric authentication server 40 are collated, and if they match, the person to be authenticated is recognized and authenticated. The authentication process by the pseudo biometric authentication server 40 can be performed without being transmitted. That is, since the information transmitted on the communication network 50 is not a biometric information or a template itself, but a pseudo biometric key or a public random number, the biometric information is known even if it is intercepted by a third party. There is nothing.

  Even if the biometric information or template is encrypted and transmitted, the biometric information or template may be known by decryption, but both the pseudo biometric key and the pseudo biometric information are processed by a one-way function. Since it is a value, even if the pseudo biometric key or the pseudo biometric information is leaked, it is reliably prevented that the biometric information is known. Therefore, even when compared with the case where biometric information or a template is encrypted and transmitted, the safety can be significantly improved.

  In the above-described embodiment, the pseudo biometric key is generated from the biometric information and the secret random number. Therefore, any number of different pseudo biometric keys can be generated from one template by making the secret random number different. it can. Therefore, it is possible to use different pseudo biometric keys depending on the application. Further, if there is a possibility that the pseudo biometric key has been leaked, the current status can be easily recovered by discarding it and newly generating and updating the pseudo biometric key. Regardless of whether it is leaked or not, if the pseudo biometric key is periodically updated, the safety can be more reliably maintained.

  Further, in the above-described embodiment, a plurality of pieces of pseudo biometric information based on a plurality (three) of pseudo biometric keys are generated by the tamper resistant device 10 and the pseudo biometric authentication server 40, and the plurality of pieces of pseudo biometric information are collated. By doing so, the authentication process is performed, so that the safety and accuracy of the authentication process can be dramatically improved. That is, by performing authentication for one service using a plurality of pseudo-biological information, the safety and accuracy of the authentication process can be greatly improved.

  In the above-described embodiment, the pseudo biometric authentication server 40 that has received a request from the application server 30 performs the authentication process. However, the application server 30 includes the tamper resistant device 10 and the pseudo biometric authentication server 40. You may make it each acquire pseudo | simulation biometric information and perform an authentication process by itself.

  FIG. 9 is a flowchart illustrating an example of the pseudo biometric information authentication process of the pseudo biometric authentication system 100 when the application server 30 is configured to perform the authentication process. FIG. 10 is a conceptual diagram showing an outline of the pseudo biometric information authentication process shown in FIG.

  In this example, it is assumed that the application server 30 has a function of generating a secret random number, a function of calculating a hash value, and the like.

  The pseudo biometric information authentication processing here is, for example, the authenticated person A who has made a content acquisition request by the tamper resistant device 10 in response to a content acquisition request from the tamper resistant device 10 to the application server 30. This is executed when the pseudo biometric authentication server 40 is requested to perform the authentication.

  Here, for the sake of simplicity, the tamper-proof device 10 and the pseudo biometric authentication server 40 generate pseudo biometric information by using one pseudo biometric key for the person A to be authenticated, and the person A to be authenticated based on the pseudo biometric information. An example will be described in which the application server 30 determines whether or not to authenticate.

  Therefore, here, it is assumed that at least one pseudo biometric key for the person A to be authenticated is stored in the tamper resistant apparatus 10 and the pseudo biometric authentication server 40 by the above-described pseudo biometric key generation registration process.

  In the pseudo biometric information authentication process, the application server 30 generates a secret random number SR, and based on the generated secret random number SR and the ID of the authenticator (authenticator ID: UserID (C)), a hash value ( h (auth)) is generated (step S41). The secret random number SR is confidential data that is used only in the application server 30 and prohibited from being sent to the outside.

  In step S41, the application server 30 calculates a hash value (h (auth)) using a hash function. Note that this function may be a function other than a hash function as long as it is a one-way function having irreversibility. Since the hash value (h (auth)) calculated in step S41 is a value calculated by a one-way function using the secret random number SR, only the application server 30 can create it.

  Next, the application server 30 transmits the generated hash value (h (auth)) to the tamper resistant apparatus 10 via the communication network 50 (step S42).

  When the data communication unit 19 receives the hash value (h (auth)) from the application server 30, the tamper resistant device 10 is associated with the received hash value (h (auth)) and the user ID of the person A to be authenticated. Based on the pseudo biometric key (pTempA (1)) stored in the pseudo biometric key storage unit 15, the pseudo biometric information generation unit 21 generates a process for generating the pseudo biometric information (h (1)). This is performed (step S51).

  In step S <b> 51, the simulated biological information generation unit 21 issues a calculation instruction to the hash value calculation unit 19. In response to a calculation instruction from the simulated biological information generation unit 21, the hash value calculation unit 19 calculates a hash value (h (1)) as a simulated biological information using a hash function.

  Then, the data communication unit 19 of the tamper resistant apparatus 10 transmits the generated pseudo biological information (h (1)) to the application server 30 via the communication network 50 (step S51).

  Further, the data communication unit 19 of the tamper resistant apparatus 10 receives information indicating that authentication of the person A to be authenticated is requested in response to a request from the application server 30, for example, the user ID of the person A to be authenticated and the application server 30. Information including the hash value (h (auth)) for specifying, the pseudo biometric key number for specifying the pseudo biometric key to be used, and data indicating the authentication request is transmitted to the pseudo biometric authentication server 40 via the communication network 50. (Step S52).

  When the pseudo biometric authentication server 40 receives the authentication request from the tamper resistant apparatus 10, the pseudo biometric authentication server 40 associates the hash value (h (auth)) received from the tamper resistant apparatus 10 with the user ID and pseudo biometric authentication number of the person A to be authenticated. The pseudo biometric information generation unit 46 generates pseudo biometric information (Bh (1)) based on the pseudo biometric key (pTempA (1)) stored in the pseudo biometric key storage unit 42. Processing is performed (step S61).

  In step S <b> 61, the simulated biological information generation unit 46 gives a calculation instruction to the hash value calculation unit 43. In response to a calculation instruction from the simulated biological information generation unit 46, the hash value calculation unit 43 calculates a hash value (Bh (1)) using the hash function as the simulated biological information. This hash function is the same as the hash function used in step S51.

  Then, the data communication unit 45 of the pseudo biometric authentication server 40 transmits the generated pseudo biometric information (Bh (1)) to the application server 30 via the communication network 50 (step S61).

  When the pseudo biometric information (h (1)) is received from the tamper resistant apparatus 10 and the pseudo biometric information (Bh (1)) is received from the pseudo biometric authentication server 40, the application server 30 displays the pseudo biometric information (h (1)). ) And the simulated biological information (Bh (1)) are checked to see if they match (step S43).

  As a result of the collation, if the application server 30 confirms that the pseudo biometric information (h (1)) and the pseudo biometric information (Bh (1)) match, the application server 30 recognizes the person A to be authenticated as the person, The requested content is transmitted to the tamper device 10. On the other hand, if it is confirmed that the pseudo biometric information (h (1)) and the pseudo biometric information (Bh (1)) do not match, it is assumed that the person A to be authenticated is not likely to be authenticated and is not authenticated. Notifying that the content has not been provided and notifying the tamper resistant device 10 that the content cannot be provided.

  In the pseudo biometric authentication system according to the present embodiment, the application server 30 itself authenticates the person to be authenticated based on the collation result performed by the application server 30. The pseudo biometric authentication server 40 may authenticate the person to be authenticated.

  Furthermore, in the pseudo biometric authentication system according to the present embodiment, the application server 30 transmits the hash value (h (auth)) to the pseudo biometric authentication server 40 via the tamper resistant apparatus 10, but the hash value (h (Auth)) may be directly transmitted to the pseudo biometric authentication.

  With the configuration as described above, the application server 30 generates pseudo biometric information separately generated based on data (h (auth)) that only the self can know from the tamper resistant device 10 and the pseudo biometric authentication server 40. It is possible to determine whether or not to authenticate the person to be authenticated by acquiring and collating the pseudo biological information.

  In the above-described embodiment, the tamper resistant device 10 is configured to communicate with the application server 30 and the pseudo biometric authentication server 40. However, only the configuration related to management of confidential data is the tamper resistant device. Other configurations may be provided in the information processing terminal connected to the tamper resistant device.

  FIG. 11 is a block diagram showing an example of the configuration of the tamper resistant apparatus in the case described above. In the example shown in FIG. 11, an apparatus equivalent to the above-described tamper resistant apparatus 10 is realized by the tamper resistant apparatus 10A and the information processing terminal 10B.

  The tamper resistant apparatus 10A includes a biological information reading unit 11, a template storage unit 12, and a data communication unit 20A. That is, the tamper resistant device 10A performs template management and the like. The data communication unit 20A has a function for performing communication with the information processing terminal 10B.

  The information processing terminal 10B is configured by an information processing device such as a personal computer or a portable information communication terminal, for example, and includes a secret random number generation unit 13, a random number storage unit 14, a pseudo biometric key storage unit 15, a collation determination unit 16, A pseudo biometric key generation unit 17, a public random number generation unit 18, a hash value calculation unit 19, a data communication unit 20B, and a pseudo biometric information generation unit 21 are included. The secret random number generation unit 13, the random number storage unit 14, and the pseudo biometric key generation unit 17 may be included in the tamper resistant device 10A. The data communication unit 20B has the same function as that of the data communication unit 20A described above, and also has a function for performing communication with the tamper resistant apparatus 10A.

  Further, although not particularly mentioned in the above-described embodiment, the pseudo biometric key may be used as the content encryption key and decryption key. In this case, when the application server 30 distributes the content, the content is encrypted with the pseudo biometric key held in the destination user terminal (for example, the tamper resistant terminal 10) among the pseudo biokeys held by the application server 30 itself. The user terminal that has received the content may decrypt the content using the pseudo biometric key held by the user terminal. The application server 30 may acquire the pseudo biometric key from the tamper resistant terminal 10 in advance.

  Further, when the application server 30 multicasts the content to a plurality of user terminals (for example, the tamper resistant terminal 10), it is held at each destination user terminal among the pseudo biometric keys held by the server 30. It is only necessary to individually encrypt each transmission destination with each pseudo biometric key and transmit the contents to each user terminal collectively. In this case, each user terminal may decrypt the content with the pseudo biometric key held by itself.

  Further, although not particularly mentioned in the above-described embodiment, each unit (for example, the tamper resistant terminal 10, the application server 30, and the pseudo biometric authentication server 40) constituting the system 100 is controlled by the system 100. The various processes described above are executed by a program (for example, a pseudo biometric authentication program). This control program is a pseudo biometric authentication program that determines whether or not to authenticate a user to be authenticated using pseudo biometric information generated based on a template of the user to be authenticated. The pseudo biometric authentication server 40 hashes the pseudo biometric key generated by calculating the template and the arbitrarily selected secret random number based on the reception of the template with the hash function and the arbitrarily selected public random number. A step of receiving first pseudo-biological information generated by calculation using a function and a public random number; and a pseudo-biological key held by itself in response to receiving the first pseudo-biological information; The second pseudo-biological information is generated by calculating the received public random number using a hash function, and the received first pseudo-biological information A step of collating the information with the generated second pseudo-biological information and a step of deciding to authenticate the person to be authenticated if the first pseudo-biological information and the second pseudo-biological information match. It is for making it happen.

It is a block diagram which shows the structural example of the pseudo | simulation biometrics authentication system in one embodiment of this invention. It is a block diagram which shows the structural example of a tamper resistant apparatus. It is a block diagram which shows the structural example of a pseudo | simulation biometric authentication server. It is a flowchart which shows the example of the pseudo | simulation biometric key production | generation registration process in a pseudo biometric authentication system. It is a conceptual diagram which shows the outline | summary of a pseudo | simulation biometric key production | generation registration process. It is a flowchart which shows the example of the part which a tamper resistant apparatus performs among the pseudo | simulated biometric information authentication processes in a pseudo biometric authentication system. It is a flowchart which shows the example of the part which a pseudo | simulation biometric authentication server performs among the pseudo | simulation biometric information authentication processes in a pseudo | simulation biometric authentication system. It is a conceptual diagram which shows the outline | summary of a pseudo | simulation biometric information authentication process. It is a flowchart which shows the other example of the pseudo biometric information authentication process in a pseudo biometric authentication system. It is a conceptual diagram which shows the outline | summary of another pseudo | simulation biometric information authentication process. It is a block diagram which shows the other structural example of a tamper resistant apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Tamper resistant apparatus 11 Biometric information reading part 12 Template storage part 13 Secret random number generation part 14 Random number storage part 15,42 Pseudo biomedical key storage part 16 Collation determination part 17 Pseudo biological key generation part 18 Public random number generation part 19,43 Calculation unit 20, 45 Data communication unit 21, 46 Pseudo biometric information generation unit 30 Application server 40 Pseudo biometric authentication server 41 Pseudo biometric key registration unit 44 Pseudo biometric information collation determination unit 47 Pseudo bioinformation storage unit 50 Communication network

Claims (6)

A client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and a predetermined service based on a request from the client terminal A pseudo biometric authentication system comprising: a service providing server to provide; and a pseudo biometric authentication server capable of generating pseudo biometric information for authentication based on the pseudo biometric key,
The service providing server includes:
Pseudo biological information generation information transmitting means for transmitting a second numerical value to the client terminal when receiving a service provision request from the client terminal;
A plurality of pseudo-biological information matching means for matching a plurality of pseudo-biological information,
The client terminal is
First pseudo biometric key storage means for preliminarily storing a pseudo biometric key generated by calculating the biometric information or registered biometric information and an arbitrarily selected first numerical value using a one-way function;
First pseudo biometric information is obtained by calculating the pseudo biometric key stored in the first pseudo biometric key storage means and the second numerical value received from the service providing server using a one-way function. First pseudo biological information generating means for generating
First pseudo biometric information transmitting means for transmitting the first pseudo biometric information generated by the first pseudo biometric information generating means to the service providing server and transmitting the second numerical value to the pseudo biometric authentication server; Have
The pseudo biometric authentication server is
Second pseudo biometric key storage means for storing the pseudo biometric key in advance;
The pseudo biometric key stored in the second pseudo biometric key storage means and the second numerical value received from the client terminal are in the same direction as those used in the first pseudo biometric information generation means Second simulated biological information generating means for generating second simulated biological information by calculating using a sex function;
Second simulated biological information transmitting means for transmitting the second simulated biological information generated by the second simulated biological information generating means to the service providing server,
The pseudo biometric information collating unit collates the first pseudo biometric information from the client terminal with the second pseudo biometric information from the pseudo biometric authentication server. A client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and a predetermined service based on a request from the client terminal A pseudo biometric authentication system comprising: a service providing server to provide; and a pseudo biometric authentication server capable of generating pseudo biometric information for authentication based on the pseudo biometric key,
The service providing server includes:
When receiving a service provision request from the client terminal, pseudo-biological information generation information transmitting means for transmitting a second numerical value to each of the client terminal and the pseudo-biometric authentication server;
A plurality of pseudo-biological information matching means for matching a plurality of pseudo-biological information,
The client terminal is
First pseudo biometric key storage means for preliminarily storing a pseudo biometric key generated by calculating the biometric information or registered biometric information and an arbitrarily selected first numerical value using a one-way function;
First pseudo biometric information is obtained by calculating the pseudo biometric key stored in the first pseudo biometric key storage means and the second numerical value received from the service providing server using a one-way function. First pseudo biological information generating means for generating
First simulated biological information transmitting means for transmitting the first simulated biological information generated by the first simulated biological information generating means to the service providing server,
The pseudo biometric authentication server is
Second pseudo biometric key storage means for storing the pseudo biometric key in advance;
The pseudo biometric key stored in the second pseudo biometric key storage unit and the second numerical value received from the service providing server are the same as those used in the first pseudo biometric information generation unit. Second pseudo biological information generating means for generating second pseudo biological information by calculating using a directional function;
Second simulated biological information transmitting means for transmitting the second simulated biological information generated by the second simulated biological information generating means to the service providing server,
The pseudo biometric information collating unit collates the first pseudo biometric information from the client terminal with the second pseudo biometric information from the pseudo biometric authentication server. The client terminal
A pseudo biometric key generating means for generating a pseudo biometric key by calculating biometric information or registered biometric information and an arbitrarily selected first numerical value using a one-way function;
First pseudo biometric key registration means for registering the pseudo biometric key generated by the pseudo biometric key generation means in a first pseudo biometric key storage means;
Pseudo biometric key transmission means for transmitting the pseudo biometric key generated by the pseudo biometric key generation means to a pseudo biometric authentication server,
The pseudo biometric authentication server is
A pseudo biometric key receiving means for receiving the pseudo biometric key transmitted by the pseudo biometric key transmitting means;
Pseudo biometric authentication system according to claim 1 or 2, wherein a second pseudo biometric key registration means for registering the pseudo biological key received in the second pseudo biological key storage means, by said pseudo biological key receiving unit. A client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and a predetermined service based on a request from the client terminal A pseudo biometric authentication method performed by a service providing server to provide and a pseudo biometric authentication server that authenticates the person to be authenticated using the pseudo biometric information,
The service providing server includes:
When a service provision request is received from the client terminal, a second numerical value is transmitted to the client terminal,
Check multiple simulated biological information,
Send the verification result to the pseudo biometric authentication server,
The client terminal is
The biometric information or the registered biometric information and an arbitrarily selected first numerical value are stored in a first pseudo biometric key storage unit that prestores a pseudo biometric key generated by calculating a one-way function. The first pseudo biometric information is generated by calculating the pseudo biometric key and the second numerical value received from the service providing server using a one-way function,
Transmitting the generated first simulated biological information to the service providing server;
Sending the second numerical value to the pseudo-biometric authentication server;
The pseudo biometric authentication server is
When generating the first pseudo biometric information, the pseudo biometric key stored in the second pseudo biometric key storage unit that stores the pseudo biometric key in advance and the second numerical value received from the client terminal. By calculating using the same one-way function as used, the second pseudo biological information is generated,
Transmitting the generated second simulated biological information to the service providing server;
The service providing server includes:
A pseudo biometric authentication method comprising collating first pseudo biometric information from the client terminal and second pseudo biometric information from the pseudo biometric authentication server as a plurality of pseudo biometric information. A client terminal capable of generating pseudo biometric information based on a pseudo biometric key generated from biometric information or registered biometric information of a person to be authenticated, and a predetermined service based on a request from the client terminal A pseudo biometric authentication method performed by a service providing server to provide and a pseudo biometric authentication server that authenticates the person to be authenticated using the pseudo biometric information,
The service providing server includes:
When receiving a service provision request from the client terminal, the second numerical value is transmitted to each of the client terminal and the pseudo biometric authentication server,
Check multiple simulated biological information,
Send the verification result to the pseudo biometric authentication server,
The client terminal is
The biometric information or the registered biometric information and an arbitrarily selected first numerical value are stored in a first pseudo biometric key storage unit that prestores a pseudo biometric key generated by calculating a one-way function. The first pseudo biometric information is generated by calculating the pseudo biometric key and the second numerical value received from the service providing server using a one-way function,
Transmitting the generated first simulated biological information to the service providing server;
The pseudo biometric authentication server is
When generating the first pseudo biometric information by using the pseudo biometric key stored in the second pseudo biometric key storage unit that stores the pseudo biometric key in advance and the second numerical value received from the service providing server. To generate second pseudo-biological information by calculating using the same one-way function as used in
Transmitting the generated second simulated biological information to the service providing server;
The service providing server includes:
A pseudo biometric authentication method comprising collating first pseudo biometric information from the client terminal and second pseudo biometric information from the pseudo biometric authentication server as a plurality of pseudo biometric information. The client terminal
A pseudo biometric key is generated by calculating biometric information or registered biometric information and an arbitrarily selected first numerical value using a one-way function,
Register the generated pseudo biometric key in the first pseudo biometric key storage means;
Send the generated pseudo biometric key to the pseudo biometric authentication server,
The pseudo biometric authentication server is
Receiving the pseudo biometric key from the client terminal;
The pseudo biometric authentication method according to claim 4 or 5 , wherein the received pseudo biometric key is registered in a second pseudo biometric key storage unit.

Images