JP5305289B2 - User authentication method, user authentication system, user terminal, user authentication device, user terminal program, and user authentication device program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a user authentication method, a user authentication system, a user terminal, a user authentication device, a program for user terminal, and a program for user authentication device, which achieve user authentication of high security. <P>SOLUTION: An electric field communication device 100 stores auxiliary data having a secret key made secret in advance using biological information on a user 200 who owns the electric field communication device 100 through Fuzzy Vault Scheme. When receiving the biological information on the user 200 acquired by the user authentication device 300, the electric field communication device 100 restores the secret key from the auxiliary data using the biological information, and ciphers a random number character string for authentication transmitted from the user authentication device 300 using the secret key. The user authentication device 300 deciphers the random number character string having been ciphered, and transmitted from the electric field communication device using a previously stored open key corresponding to the ID of the electric field communication device, and authenticates whether the random number character string having been ciphered matches the random number character string before ciphered. <P>COPYRIGHT: (C)2010,JPO&amp;INPIT

Description

  The present invention relates to a user authentication method and user authentication system for performing user authentication using an ID of an electric field communication device (user terminal) and biometric information of a user who possesses the electric field communication device, the user authentication method and the user authentication. The present invention relates to a user terminal and a user authentication device that function in the system, and a user terminal program and a user authentication device program that execute each process required for user authentication in the user terminal and user authentication device.

  As a method of authenticating whether or not a user who has accessed a user authentication device capable of user authentication is a regular user, a method of biometric authentication using only biometric information acquired by a biometric information acquisition sensor of the user authentication device There is also a method for performing ID authentication using only an ID transmitted from an electric field communication device capable of communicating with the user authentication device by an electric field. Hereinafter, each process of such conventional biometric authentication and ID authentication will be briefly described.

  First, FIG. 9 shows a system configuration in the case of biometric authentication, and FIG. 10 shows a processing flow. The user authentication device 300 stores the biometric information of the user 200 in the biometric information storage unit 41 in advance, and when the user 200 approaches, the biometric information acquisition sensor 52 acquires the biometric information of the user 200 (S501). ). Next, the collation unit 37 receives the biometric information acquired by the biometric information acquisition sensor 3, performs collation processing with the biometric information stored in the biometric information storage unit 41, and if it matches, the user is an authorized user. Authentication is performed (S502).

  Next, FIG. 11 shows a system configuration in the case of ID authentication, and FIG. 12 shows a processing flow. The electric field communication device 100 possessed by the user 200 stores in advance an ID that can identify the electric field communication device 100 in the ID storage unit 15, while the user authentication device 300 has the same ID as the ID storage unit. 42 is stored in advance. When the ID stored in the ID storage unit 15 is transmitted through the predetermined electric field transmission medium by the electric field communication unit 17 of the electric field communication device 100, the electric field communication sensor 51 of the user authentication device 300 acquires the ID. (S601). Next, the collation unit 37 receives the ID acquired by the electric field communication sensor 51, performs collation processing with the ID stored in the ID storage unit 42, and authenticates that the user is an authorized user if they match (S602). ).

  A technique using such biometric authentication is disclosed in Non-Patent Document 1, and a technique related to an electric field communication device and an electric field communication sensor is disclosed in Non-Patent Document 2.

Toshinaga Yasunobu, “Exploring“ Now ”of Biometrics Authentication (Biometric Authentication)”, [online], September 30, 2005, Nikkei Business Publications, Inc. [Search January 13, 2009], Internet <URL: http://www.nikkeibp.co.jp/sj/2/special/43/ ＞ “RedTacton Usage Scene”, [online], 2008, Nippon Telegraph and Telephone Corporation, [Search January 13, 2009], Internet <URL: http://www.redtacton.com/jp/field/05. html> Yusuke Hoshi, 4 others, “Study on dummy data generation method in Fuzzy Fingerprint Vault Scheme”

  However, in the case of only electric field communication using ID authentication, for example, another person uses the electric field communication transmission module or the electric field communication apparatus 100 functioning as the electric field communication unit 17, or the stored ID is acquired by another person. In some cases, there was a risk of unauthorized use such as impersonation.

  In personal authentication using only biometric authentication, measures such as encryption of the template information may be taken in order to ensure the safety of the biometric information (template information). There was a risk of leaking (template information). For this reason, proposals have been made to use biometric encryption, which is template-protected biometric authentication. However, the use of only biometric encryption limits the increase in entropy that accompanies encryption, and there is a limit to ensuring safety. It was.

  The present invention has been made in view of the above, and provides a user authentication method, a user authentication system, a user terminal, a user authentication device, a user terminal program, and a user authentication device program capable of realizing highly secure user authentication. The issue is to provide.

  The present invention described in claim 1 is a user authentication method comprising a user terminal and a user authentication device, wherein user authentication is performed using terminal identification data of the user terminal and user biometric data. Storing auxiliary data in which an encryption key is previously concealed using data in auxiliary data storage means, storing the terminal identification data in terminal identification data storage means, and terminal identification data storage Reading the terminal identification data from the means and transmitting it to the user authentication device; receiving the biometric data acquired by the user authentication device; and using the biometric data, reading the auxiliary data storage means Restoring the encryption key concealed in auxiliary data, and transmitted from the user authentication device Receiving the authentication data, encrypting it using the restored encryption key, and transmitting the encrypted authentication data to the user authentication device, by the user authentication device, Storing a decryption key in correspondence table storage means in association with the terminal identification data; receiving the terminal identification data transmitted from the user terminal; and decoding the corresponding to the terminal identification data Searching the correspondence table storage means for a key, acquiring the biometric data by proximity of the user and transmitting it to the user terminal, generating the authentication data and transmitting it to the user terminal And receiving the encrypted authentication data transmitted from the user terminal and decrypting it into authentication data using the retrieved decryption key. And-up, decoded the authentication data includes the steps of checking whether matching the authentication data being generated, and summarized in that with.

  According to a second aspect of the present invention, there is provided a user authentication method including a user terminal and a user authentication device, wherein user authentication is performed using terminal identification data of the user terminal and user biometric data. Storing auxiliary data in which an encryption key is previously concealed using data in auxiliary data storage means, storing the terminal identification data in terminal identification data storage means, and terminal identification data storage Transmitting the terminal identification data read from the means and the auxiliary data read from the auxiliary data storage means to the user authentication device, and associating with the terminal identification data by the user authentication device Storing the decryption key in the correspondence table storage means, and the terminal transmitted from the user terminal. Receiving identification data, retrieving the decryption key corresponding to the terminal identification data from the correspondence table storage means, obtaining the biometric data by proximity of the user, and generating the authentication data Receiving the auxiliary data transmitted from the user terminal, using the acquired biometric data, restoring the encryption key concealed in the auxiliary data, and the restored Encrypting the generated authentication data using an encryption key and decrypting the encrypted authentication data into authentication data using the retrieved decryption key And a step of collating whether or not the decrypted authentication data matches the generated authentication data. .

  According to a third aspect of the present invention, there is provided a user authentication method including a user terminal and a user authentication device, wherein user authentication is performed using terminal identification data of the user terminal and user biometric data. Storing identification data in terminal identification data storage means; reading the terminal identification data from the terminal identification data storage means; and transmitting the identification data to the user authentication apparatus; and the biometric acquired by the user authentication apparatus Receiving data, receiving auxiliary data transmitted from the user authentication device, restoring the encryption key concealed in the auxiliary data using the biometric data, and transmitting from the user authentication device The encrypted authentication data is received and encrypted using the restored encryption key, and the encrypted authentication data is Transmitting to the user authentication device, and the user authentication device conceals the encryption key in advance using the decryption key and the biometric data in association with the terminal identification data. Storing the auxiliary data in the correspondence table storage means; receiving the terminal identification data transmitted from the user terminal; and receiving the decryption key and the auxiliary data corresponding to the terminal identification data. A step of searching from the correspondence table storage means; a step of transmitting the searched auxiliary data to the user terminal; a step of acquiring the biometric data by proximity of the user; and a step of transmitting to the user terminal; Generating data for transmission to the user terminal, and receiving the encrypted authentication data transmitted from the user terminal Decrypting the authentication data using the retrieved decryption key, and verifying whether the decrypted authentication data matches the generated authentication data The gist is to have.

  A fourth aspect of the present invention provides a user authentication method comprising a user terminal and a user authentication device, wherein user authentication is performed using terminal identification data of the user terminal and user biometric data. Storing the identification data in the terminal identification data storage means, and reading the terminal identification data from the terminal identification data storage means and transmitting it to the user authentication device. Storing the decryption key and auxiliary data in which the encryption key is concealed in advance using the biometric data in association with the terminal identification data in a correspondence table storage unit; The transmitted terminal identification data is received, and the decryption key corresponding to the terminal identification data and the auxiliary data are associated with each other. A search from a table storage means, a step of acquiring the biometric data by the proximity of the user, a step of generating the authentication data, and using the acquired biometric data to conceal the searched auxiliary data Using the restored encryption key, encrypting the generated authentication data using the restored encryption key, and using the retrieved decryption key A step of decrypting the encrypted authentication data into authentication data, and a step of verifying whether the decrypted authentication data matches the generated authentication data. The gist is to have.

  The gist of the present invention described in claim 5 is that the user terminal and the user authentication device are electric field communication devices that perform communication by an electric field induced in an electric field transmission medium from an electrode.

  The gist of the present invention described in claim 6 is that the user terminal is a transmission module and the user authentication device is a reception module.

  The gist of the present invention described in claim 7 is that the user terminal is built in an IC card or a USB memory.

  The present invention according to claim 8 is characterized in that the encryption key and the decryption key are a secret key or a public key used in a public key cryptosystem, or a common key used in a common key cryptosystem. And

  A ninth aspect of the present invention provides a user authentication system including a user terminal and a user authentication device, wherein user authentication is performed using terminal identification data of the user terminal and user biometric data. Auxiliary data storage means for storing auxiliary data in which the encryption key is concealed in advance using data, terminal identification data storage means for storing the terminal identification data, and the terminal identification data storage means to the terminal Transmitting means for reading identification data and transmitting it to the user authentication device; receiving the biometric data acquired by the user authentication device; and using the biometric data, the auxiliary data read from the auxiliary data storage means Restoring means for restoring the encryption key that is concealed; and receiving authentication data transmitted from the user authentication device. Encrypting using the restored encryption key and transmitting the encrypted authentication data to the user authentication device, the user authentication device including the terminal identification data Correspondence table storage means for storing a decryption key in association with the terminal identification data transmitted from the user terminal, and receiving the decryption key corresponding to the terminal identification data in the correspondence table storage Search means for searching from means, biometric data acquisition means for acquiring the biometric data by proximity of the user, and transmitting to the user terminal; and generating authentication data for generating the authentication data and transmitting to the user terminal Means, and decryption means for receiving the encrypted authentication data transmitted from the user terminal and decrypting it into authentication data using the retrieved decryption key; Decoded the authentication data, a collating means for collating whether matches the authentication data being generated, and summarized in that with.

  A tenth aspect of the present invention provides a user authentication system including a user terminal and a user authentication device, wherein user authentication is performed using terminal identification data of the user terminal and user biometric data. Auxiliary data storage means for storing auxiliary data in which an encryption key is concealed in advance using data, terminal identification data storage means for storing the terminal identification data, and read from the terminal identification data storage means Transmission means for transmitting the terminal identification data and the auxiliary data read from the auxiliary data storage means to the user authentication device, wherein the user authentication device decrypts the terminal identification data in association with the terminal identification data. A correspondence table storage means for storing a key for use, and the terminal identification data transmitted from the user terminal. Search means for searching the decryption key corresponding to data from the correspondence table storage means, biometric data acquisition means for acquiring the biometric data by the proximity of the user, and authentication data generation for generating the authentication data Means, receiving the auxiliary data transmitted from the user terminal, and using the acquired biometric data, restoring means for restoring the encryption key concealed in the auxiliary data, and the restored Using the encryption key, the encryption means for encrypting the generated authentication data, and using the retrieved decryption key, the encrypted authentication data is decrypted into the authentication data. The gist of the present invention is to include decrypting means for converting the authentication data and verification means for verifying whether or not the decrypted authentication data matches the generated authentication data.

  The present invention according to claim 11 is a user authentication system comprising a user terminal and a user authentication device, wherein user authentication is performed using terminal identification data of the user terminal and user biometric data, wherein the user terminal is the terminal Terminal identification data storage means for storing identification data; transmission means for reading out the terminal identification data from the terminal identification data storage means and transmitting it to the user authentication apparatus; and the biometric data acquired by the user authentication apparatus And receiving the auxiliary data transmitted from the user authentication device and using the biometric data to restore the encryption key concealed in the auxiliary data, and transmitting from the user authentication device The encrypted authentication data is received and encrypted using the restored encryption key, and the encrypted authentication data is transmitted to the user. Encryption means for transmitting to the authentication device, wherein the user authentication device conceals the encryption key in advance using the decryption key and the biometric data in association with the terminal identification data. Correspondence table storage means for storing the auxiliary data, the terminal identification data transmitted from the user terminal is received, and the decryption key corresponding to the terminal identification data and the auxiliary data are associated with each other. Search means for searching from the table storage means, transmission means for transmitting the searched auxiliary data to the user terminal, biometric data acquisition means for acquiring the biometric data by the proximity of the user, and transmitting to the user terminal Authentication data generation means for generating the authentication data and transmitting it to the user terminal; and receiving the encrypted authentication data transmitted from the user terminal. And decryption means for decrypting the authentication data using the retrieved decryption key, and whether the decrypted authentication data matches the generated authentication data. The gist is to have collating means for collating.

  The present invention according to claim 12 includes a user terminal and a user authentication device, and in a user authentication system for performing user authentication using terminal identification data of the user terminal and user biometric data, the user terminal is the terminal Terminal identification data storage means for storing identification data; and transmission means for reading the terminal identification data from the terminal identification data storage means and transmitting it to the user authentication device, wherein the user authentication device comprises: Correspondence table storage means for storing a decryption key and auxiliary data in which the encryption key is concealed in advance using the biometric data in association with the terminal identification data, and transmitted from the user terminal The terminal identification data is received, and the decryption key and the auxiliary data corresponding to the terminal identification data are detected from the correspondence table storage means. Search means, biometric data acquisition means for acquiring the biometric data by the proximity of the user, authentication data generation means for generating the authentication data, and the auxiliary data searched using the acquired biometric data A restoring means for restoring the encryption key concealed in the data; an encryption means for encrypting the generated authentication data using the restored encryption key; Decryption means for decrypting the encrypted authentication data into authentication data using a decryption key, and the decrypted authentication data matches the generated authentication data It is a gist to have a collating means for collating whether or not.

  The gist of the present invention described in claim 13 is that the user terminal and the user authentication device are electric field communication devices that perform communication by an electric field induced in an electric field transmission medium from an electrode.

  The gist of the present invention described in claim 14 is that the user terminal is a transmission module, and the user authentication device is a reception module.

  The gist of the present invention described in claim 15 is that the user terminal is built in an IC card or a USB memory.

  The invention according to claim 16 is characterized in that the encryption key and the decryption key are a secret key or a public key used in a public key cryptosystem, or a common key used in a common key cryptosystem. And

  The present invention according to claim 17 receives the biometric data acquired by the auxiliary data storage means for storing the auxiliary data in which the encryption key is concealed in advance using the biometric data, and the user authentication device, and the biometric data Using the restoration means for restoring the encryption key concealed in the auxiliary data read from the auxiliary data storage means, and the authentication data transmitted from the user authentication device is received and restored. The gist of the present invention is to include encryption means for encrypting using the encryption key and transmitting the encrypted authentication data to the user authentication device.

  The gist of the present invention described in claim 18 is an electric field communication device that communicates with the user authentication device by an electric field induced in an electric field transmission medium from an electrode.

  The gist of the present invention described in claim 19 is that it is built in an IC card or a USB memory.

  The present invention described in claim 20 receives correspondence table storage means for storing a decryption key in association with terminal identification data of a user terminal, and the terminal identification data transmitted from the user terminal, Search means for searching for the decryption key corresponding to the terminal identification data from the correspondence table storage means, biometric data acquisition means for acquiring the biometric data of the user by the proximity of the user, and authentication for generating authentication data Data generating means and auxiliary data in which an encryption key is concealed in advance using the biometric data is received from the user terminal, and the encryption is concealed in the auxiliary data using the acquired biometric data A restoring means for restoring the authentication key; an encryption means for encrypting the generated authentication data using the restored encryption key; and the retrieved decryption Decryption means for decrypting the encrypted authentication data into authentication data using a key for authentication, and whether the decrypted authentication data matches the generated authentication data The gist of the present invention is to have collation means for collating them.

  According to a twenty-first aspect of the present invention, a decryption key and auxiliary data in which the encryption key is concealed in advance using the user's biometric data are stored in association with the terminal identification data of the user terminal. Correspondence table storage means; and search means for receiving the terminal identification data transmitted from the user terminal and retrieving the decryption key and the auxiliary data corresponding to the terminal identification data from the correspondence table storage means; The biometric data acquiring means for acquiring the biometric data by the proximity of the user, the authentication data generating means for generating the authentication data, and the acquired biometric data are used to conceal the searched auxiliary data. A restoring means for restoring the encryption key, an encryption means for encrypting the generated authentication data using the restored encryption key, and a search Using the decryption key, the decryption means for decrypting the encrypted authentication data into the authentication data, and the decrypted authentication data in the generated authentication data The gist of the present invention is to have collation means for collating whether or not they match.

  The gist of the present invention described in claim 22 is an electric field communication device that communicates with the user terminal by an electric field induced in an electric field transmission medium from an electrode.

  According to a twenty-third aspect of the present invention, the computer stores the auxiliary data in which the encryption key is concealed in advance using the biometric data in the auxiliary data storage unit, and the biometric data acquired by the user authentication device is received by the computer. And using the biometric data to receive the encryption key concealed in the auxiliary data read from the auxiliary data storage means and the authentication data transmitted from the user authentication device. The gist of the present invention is to execute encryption processing using the restored encryption key and transmitting the encrypted authentication data to the user authentication device.

  According to a twenty-fourth aspect of the present invention, the computer stores the decryption key in association table storage means in association with the terminal identification data of the user terminal, and the terminal identification transmitted from the user terminal. Receiving data, processing for retrieving the decryption key corresponding to the terminal identification data from the correspondence table storage means, processing for obtaining biometric data of the user by proximity of the user, and generating authentication data Processing, receiving auxiliary data in which the encryption key is concealed in advance using the biometric data from the user terminal, and using the acquired biometric data, the encryption key concealed in the auxiliary data is received A process of restoring, a process of encrypting the generated authentication data using the restored encryption key, and an encryption using the retrieved decryption key And a process of decrypting the authentication data into authentication data and a process of verifying whether the decrypted authentication data matches the generated authentication data. Is the gist.

  The present invention according to claim 25 associates a decryption key with auxiliary data in which the encryption key is concealed in advance using the user's biometric data in association with the terminal identification data of the user terminal. The process stored in the table storage means, the terminal identification data transmitted from the user terminal is received, and the decryption key and the auxiliary data corresponding to the terminal identification data are received from the correspondence table storage means The search process, the process of acquiring the biometric data due to the proximity of the user, the process of generating the authentication data, and the acquired biometric data are used to conceal the searched auxiliary data. Processing for restoring the encryption key, processing for encrypting the generated authentication data using the restored encryption key, and using the retrieved decryption key A process of decrypting the encrypted authentication data into authentication data, and a process of verifying whether the decrypted authentication data matches the generated authentication data The gist is to execute.

  According to the present invention, it is possible to provide a user authentication method, a user authentication system, a user terminal, a user authentication device, a user terminal program, and a user authentication device program capable of realizing highly secure user authentication.

It is a figure showing the whole user authentication system composition concerning a 1st embodiment. It is a figure which shows the processing flow of the user authentication system which concerns on 1st Embodiment. It is a figure which shows the whole structure of the user authentication system which concerns on 2nd Embodiment. It is a figure which shows the processing flow of the user authentication system which concerns on 2nd Embodiment. It is a figure which shows the whole structure of the user authentication system which concerns on 3rd Embodiment. It is a figure which shows the processing flow of the user authentication system which concerns on 3rd Embodiment. It is a figure which shows the whole structure of the user authentication system which concerns on 4th Embodiment. It is a figure which shows the processing flow of the user authentication system which concerns on 4th Embodiment. It is a figure which shows the system configuration | structure in the case of biometric authentication. It is a figure which shows the processing flow in the case of biometric authentication. It is a figure which shows the system configuration | structure in the case of ID authentication. It is a figure which shows the processing flow in the case of ID authentication.

  Hereinafter, the present embodiment will be described with reference to the drawings.

[First Embodiment]
FIG. 1 shows the overall configuration of the user authentication system according to the first embodiment. This user authentication system includes an electric field communication device 100 possessed by a user 200 and a user authentication device 300 that authenticates whether or not the accessing user is a regular user. Hereinafter, configurations of the electric field communication device 100 and the user authentication device 300 will be described.

  First, the electric field communication device 100 includes a secret key restoration unit 11, an encryption unit 12, an electric field communication transmission unit 13, an electric field communication reception unit 14, an ID storage unit 15, and an auxiliary data storage unit 16. Yes.

  The auxiliary data storage unit 16 has a function of storing auxiliary data in which the secret key used in the public key cryptosystem is concealed in advance using the biometric information of the user 200 (corresponding to biometric data). The encryption method for concealing certain information (secret key) using arbitrary information (biological information) in this way is based on the Fuzzy Vault Scheme. Specifically, the secret information S is stored as arbitrary information P. In the unlocking process, a set Q of information in the same format as P is given, and it is possible to obtain secret information S if most of P and Q match (non-patent) Reference 3). Further, as such biological information, for example, fingerprints, irises, vein patterns, faces, voices, and the like can be used (hereinafter the same in all embodiments).

  The ID storage unit 15 has a function of storing an ID (corresponding to terminal identification data) that can identify the electric field communication device 100. Note that, as the auxiliary data storage unit 16, the ID storage unit 15, and the correspondence table storage unit 38 of the user authentication device 300 described later, a storage device such as a memory or a hard disk is generally used. It is possible to use not only the inside of the apparatus 100 but also an external storage device that can be electrically connected via a communication network such as the Internet or a telephone line (hereinafter, the same applies to all embodiments).

  The electric field communication transmitting unit 13 induces an electric field in a predetermined electric field transmission medium (not shown), and the electric field communication sensor 51 included in the user authentication device 300 receives arbitrary data (ID of the electric field communication device) by the electric field. And a random number character string after encryption). On the other hand, the electric field communication receiving unit 14 has a function of receiving arbitrary data (biological information and random number character strings) transmitted and transmitted from the electric field communication sensor 51 by an electric field. In addition, as the electric field communication apparatus 100 having the electric field communication transmission unit 13 and the electric field communication reception unit 14, for example, an electric field communication apparatus (referred to as “RedTacton”) described in Non-Patent Document 2 is used. It can be used (hereinafter the same in all embodiments).

  When receiving the biometric information of the user 200 acquired by the biometric information acquisition sensor 52 included in the user authentication device 300, the secret key restoration unit 11 reads the auxiliary data from the auxiliary data storage unit 16, and the auxiliary data It has a function to restore the secret key concealed in

  When the encryption unit 12 receives a random number character string (corresponding to authentication data) transmitted from the user authentication device 300, the encryption unit 12 encrypts the random number character string using the secret key restored by the secret key restoration unit 11. And a function of transmitting the encrypted random number character string to the user authentication device 300.

  On the other hand, the user authentication device 300 includes the electric field communication sensor 51 and the biometric information acquisition sensor 52, the correspondence table search unit 31, the biometric information acquisition unit 32, the random number character string generation unit 33, the reception unit 34, A transmission unit 35, a decryption unit 36, a collation unit 37, and a correspondence table storage unit 38 are provided.

  The electric field communication sensor 51 has a function of communicating with the electric field communication device 100 using an electric field. The biometric information acquisition sensor 52 has a function of acquiring biometric information of the user 200 that has approached. As such a biometric information acquisition sensor 52, for example, a door knob in which a fingerprint sensor is embedded, a dedicated sensor for collecting irises and veins, a camera capable of grasping the contour of the face and the shape of eyes and mouth, a microphone for recognizing sound Etc. can be used (hereinafter, the same applies to all the embodiments).

  The correspondence table storage unit 38 has a function of storing a public key in association with the ID of the electric field communication device.

  The receiving unit 34 receives arbitrary data transmitted from the electric field communication apparatus 100 to the electric field communication sensor 51 via a predetermined electric field transmission medium (not shown) (an ID of the electric field communication apparatus or an encrypted random number character string). ), A function of receiving the biological information acquired by the biological information acquisition sensor 52. On the other hand, the transmission unit 35 has a function of transmitting arbitrary data (biological information or random number character string) to the electric field communication device 100 via the electric field communication sensor 51.

  When the correspondence table search unit 31 receives the ID of the electric field communication device transmitted from the electric field communication device 100, the correspondence table search unit 31 has a function of searching and acquiring the public key corresponding to this ID from the correspondence table storage unit 38.

  The biometric information acquisition unit 32 has a function of acquiring biometric information of the user 200 close to the biometric information acquisition sensor 52.

  The random number character string generation unit 33 has a function of generating a random number character string (corresponding to authentication data) used when collation is performed by the collation unit 37.

  When receiving the encrypted authentication data transmitted from the electric field communication device 100, the decryption unit 36 has a function of decrypting the authentication data into the authentication data using the public key searched by the correspondence table search unit 31. I have.

  The collation unit 37 has a function of collating whether the random character string decrypted by the decryption unit 36 matches the random character string generated by the random character string generation unit 33.

  Next, FIG. 2 shows a processing flow of the user authentication system according to the first embodiment. First, the user authentication system generates a secret key and a public key for the public key cryptosystem (S101), generates auxiliary data concealing the secret key using the biometric information of the user 200 (S102), The auxiliary data is stored in the auxiliary data storage unit 16 of the electric field communication apparatus 100 (S103), and the public key is stored in the correspondence table storage unit 38 of the user authentication apparatus 300 in association with the ID of the electric field communication apparatus ( S104). The ID of the electric field communication device is stored in advance in the ID storage unit 15.

  Next, the electric field communication transmission unit 13 of the electric field communication device 100 reads the ID of the electric field communication device stored in the ID storage unit 15, and transmits and transmits the ID to the user authentication device 300 by the electric field (S105).

  Thereafter, in the user authentication device 300, the reception unit 34 receives the ID of the electric field communication device transmitted and transmitted via the electric field communication sensor 51 (S106), and the biometric information acquisition unit 32 further approaches the proximity of the user 200. After acquiring the user's biometric information via the biometric information acquisition sensor 52 (S107), the random number character string generation unit 33 generates a random number character string used for later verification (S108) and passes through the electric field communication sensor 51. The biometric information and the random number character string are transmitted and transmitted to the electric field communication device 100 (S109, S110). In addition, the correspondence table search unit 31 searches the correspondence table storage unit 38 for a public key corresponding to the received ID of the electric field communication device (S111).

  Next, in the electric field communication apparatus 100, after the transmitted and transmitted biometric information and random number character string are received by the electric field communication receiving unit 14, the secret key restoring unit 11 uses the received biometric information to store the auxiliary data storage unit 16. The private key is restored from the auxiliary data stored in (S112), and the encryption unit 12 encrypts the random number character string using the restored private key (S113). Then, the electric field communication transmitting unit 13 transmits the encrypted random number character string to the user authentication device 300 via the electric field communication sensor 51 (S114).

  Thereafter, in the user authentication device 300, the decryption unit 36 decrypts the encrypted random character string returned from the electric field communication device 100 using the public key retrieved and acquired by the correspondence table search unit 31 ( S115). Finally, the collation unit 37 collates (compares) the decrypted random number character string and the random number character string generated by the random number character string generation unit 33, and if they match, it is authenticated as a legitimate user ( S116).

  The above is the processing flow of the user authentication system according to the first embodiment. Note that the timing of acquiring the electric field communication device ID and the biometric information in S106 and S107 depends on the timing taken into the user authentication device 300 from the electric field communication sensor 51 and the biometric information acquisition sensor 52. There are variations including only combination patterns. Further, the same effect can be obtained even if the process of searching for and acquiring the public key in S111 is performed after the process of S106 and the process of generating a random character string in S108 is performed after the process of S106 or S107. is there.

  In addition, the timing at which the biometric information and the random number character string are transmitted in S109 and S110 has variations of only the combination pattern including the simultaneous timing.

  Furthermore, the process of extracting / generating the feature point information used for restoring the secret key in S112 from the biometric information acquired in S107 may be performed by the user authentication device 300 or the electric field communication device 100. Note that it may be.

  According to the first embodiment, in the electric field communication apparatus 100, auxiliary data in which the secret key is concealed in advance using the biometric information of the user 200 who owns the electric field communication apparatus 100 is stored based on the Fuzzy Value Scheme. When the biometric information of the user 200 acquired by the user authentication device 300 is received, the secret key is restored from the auxiliary data using the biometric information, and the authentication random character transmitted from the user authentication device 300 The public key corresponding to the ID of the electric field communication device that stores the encrypted random number character string transmitted from the electric field communication device 100 in advance in the user authentication device 300 is encrypted using the secret key. Using the decryption and authenticating whether the random number character string after decryption matches the random number character string before decryption, biometric information and ID are linked. It is possible to realize highly secure user authentication. That is, the authenticity of the electric field communication device owned by client authentication and user authentication by biometric authentication can be realized simultaneously. In addition, since biometric authentication and ID authentication can be integrated without impairing convenience, the advantages of both can be actively utilized.

[Second Embodiment]
The overall configuration of the user authentication system according to the second embodiment is shown in FIG. This user authentication system includes an electric field communication device 100 possessed by a user 200 and a user authentication device 300 that authenticates whether or not the accessing user is a regular user. Hereinafter, configurations of the electric field communication device 100 and the user authentication device 300 will be described.

  First, the electric field communication device 100 includes an electric field communication transmission unit 13, an ID storage unit 15, and an auxiliary data storage unit 16.

  The auxiliary data storage unit 16 has a function of storing auxiliary data in which the secret key used in the public key cryptosystem is concealed in advance using the biometric information of the user 200. Note that the encryption method for concealing certain information using arbitrary information in this way is based on the Fuzzy Vault Scheme described in the first embodiment.

  The ID storage unit 15 has a function of storing an ID that can identify the electric field communication device 100.

  The electric field communication transmitting unit 13 induces an electric field in a predetermined electric field transmission medium (not shown), and the electric field communication sensor 51 included in the user authentication device 300 receives arbitrary data (ID of the electric field communication device) by the electric field. And auxiliary data).

  On the other hand, the user authentication device 300 includes the electric field communication sensor 51 and the biometric information acquisition sensor 52, the correspondence table search unit 31, the biometric information acquisition unit 32, the random number character string generation unit 33, the reception unit 34, A decryption unit 36, a collation unit 37, a correspondence table storage unit 38, a secret key restoration unit 39, and an encryption unit 40 are provided.

  The electric field communication sensor 51 has a function of communicating with the electric field communication device 100 using an electric field. The biometric information acquisition sensor 52 has a function of acquiring biometric information of the user 200 that has approached.

  The correspondence table storage unit 38 has a function of storing a public key in association with the ID of the electric field communication device.

  The reception unit 34 has a function of receiving arbitrary data (an ID or auxiliary data of the electric field communication device) transmitted and transmitted from the electric field communication device 100 to the electric field communication sensor 51 via a predetermined electric field transmission medium (not shown). It has.

  When the correspondence table search unit 31 receives the ID of the electric field communication device transmitted from the electric field communication device 100, the correspondence table search unit 31 has a function of searching and acquiring the public key corresponding to this ID from the correspondence table storage unit 38.

  The biometric information acquisition unit 32 has a function of acquiring biometric information of the user 200 close to the biometric information acquisition sensor 52.

  The random number character string generation unit 33 has a function of generating a random number character string used when collation is performed by the collation unit 37.

  When the private key recovery unit 39 receives the auxiliary data transmitted from the electric field communication device 100 and further receives the biometric information of the user 200 acquired by the biometric information acquisition sensor 52, the secret key recovery unit 39 uses the received biometric information of the user. A function for restoring a secret key concealed in auxiliary data is provided.

  The encryption unit 40 has a function of encrypting the random number character string generated by the random number character string generation unit 33 using the secret key restored by the secret key restoration unit 39.

  The decryption unit 36 has a function of decrypting the encrypted random number character string into authentication data using the public key retrieved by the correspondence table retrieval unit 31.

  The collation unit 37 has a function of collating whether the random character string decrypted by the decryption unit 36 matches the random character string generated by the random character string generation unit 33.

  Next, FIG. 4 shows a processing flow of the user authentication system according to the second embodiment. First, the user authentication system generates a secret key and a public key for the public key cryptosystem (S201), generates auxiliary data concealing the secret key using the biometric information of the user 200 (S202), The auxiliary data is stored in the auxiliary data storage unit 16 of the electric field communication device 100 (S203), and the public key is stored in the correspondence table storage unit 38 of the user authentication device 300 in association with the ID of the electric field communication device ( S204). The ID of the electric field communication device is stored in advance in the ID storage unit 15.

  Next, the electric field communication transmission unit 13 of the electric field communication device 100 reads the ID of the electric field communication device stored in the ID storage unit 15, and transmits and transmits the ID to the user authentication device 300 by the electric field (S205).

  Thereafter, in the user authentication device 300, the reception unit 34 receives the ID of the electric field communication device transmitted and transmitted via the electric field communication sensor 51 (S206), and the biometric information acquisition unit 32 further approaches the proximity of the user 200. When the user's biometric information is acquired via the biometric information acquisition sensor 52 (S207), the electric field communication transmitting unit 13 reads the auxiliary data stored in the auxiliary data storage unit 16 in the electric field communication device 100, and The auxiliary data is transmitted and transmitted to the user authentication device 300 by the electric field (S208). In addition, the correspondence table search unit 31 of the user authentication device 300 searches and acquires the public key corresponding to the received ID of the electric field communication device from the correspondence table storage unit 38 (S209).

  Next, in the user authentication device 300, after the transmitted auxiliary data is received by the receiving unit 34, the secret key restoring unit 39 restores the secret key from the auxiliary data using the acquired biometric information (S210). . Then, the random number character string generation unit 33 generates a random number character string to be used in later verification (S211), and the encryption unit 40 encrypts the random number character string using the restored secret key (S212).

  Thereafter, the decryption unit 36 decrypts the encrypted random character string using the public key retrieved and acquired by the correspondence table search unit 31 (S213). Finally, the collation unit 37 collates (compares) the decrypted random number character string and the random number character string generated by the random number character string generation unit 33, and if they match, it is authenticated as a legitimate user ( S214).

  The above is the process flow of the user authentication system according to the second embodiment. Note that the timing at which the user authentication device 300 acquires the ID, biometric information, and auxiliary data of the electric field communication device in S206 to S208 depends on the timing at which the user authentication device 300 acquires the electric field communication sensor 51 and the biometric information acquisition sensor 52. There are variations of only the combination pattern including the timing when these three data are the same or any two data are the same.

  According to the second embodiment, in the electric field communication apparatus 100, auxiliary data in which the secret key is concealed in advance using the biometric information of the user 200 possessing the electric field communication apparatus 100 is stored based on the Fuzzy Value Scheme. In the user authentication device 300, when the biometric information of the user 200 is received, the secret key is restored from the auxiliary data transmitted from the electric field communication device 100 using the biometric information, and the random number character for authentication The sequence is encrypted using the secret key, the encrypted random number character string is decrypted using the public key corresponding to the electric field communication device ID stored in advance, and the decrypted random number character string is decrypted. Since it is authenticated whether it matches with the previous random number character string, it is possible to realize highly secure user authentication in which biometric information and ID are linked. That is, the authenticity of the electric field communication device owned by client authentication and user authentication by biometric authentication can be realized simultaneously. In addition, since biometric authentication and ID authentication can be integrated without impairing convenience, the advantages of both can be actively utilized.

[Third Embodiment]
FIG. 5 shows the overall configuration of a user authentication system according to the third embodiment. This user authentication system has substantially the same configuration as the user authentication system described in the first embodiment with reference to FIG. 1, but the electric field communication device 100 has an auxiliary data storage unit 16 instead. Thus, the correspondence table storage unit 38 of the user authentication device 300 is different in that the public key and auxiliary data are stored in association with the ID of the electric field communication device. The description of other configurations is omitted here.

  Subsequently, FIG. 6 shows a processing flow of the user authentication system according to the third embodiment. First, the user authentication system generates a secret key and a public key for the public key cryptosystem (S301), generates auxiliary data concealing the secret key using the biometric information of the user 200 (S302), The public key and auxiliary data are stored in the correspondence table storage unit 38 of the user authentication device 300 in association with the ID of the electric field communication device (S303, S304). The ID of the electric field communication device is stored in advance in the ID storage unit 15.

  Next, the electric field communication transmission unit 13 of the electric field communication device 100 reads the ID of the electric field communication device stored in the ID storage unit 15, and transmits and transmits the ID to the user authentication device 300 by the electric field (S305).

  Thereafter, in the user authentication device 300, the reception unit 34 receives the ID of the electric field communication device transmitted and transmitted via the electric field communication sensor 51 (S306), and the biometric information acquisition unit 32 further approaches the proximity of the user 200. When the biometric information of the user is acquired via the biometric information acquisition sensor 52 (S307), the correspondence table search unit 31 receives the auxiliary data and the public key corresponding to the received ID of the electric field communication device from the correspondence table storage unit 38. Search and obtain (S308, S309). Then, the random number character string generation unit 33 generates a random number character string used in later verification (S310), and the transmission unit 35 transmits the biometric information, the auxiliary data, and the random number character string via the electric field communication sensor 51. The transmission is transmitted to the apparatus 100 (S311 to S313).

  Next, the electric field communication apparatus 100 receives the transmitted biometric information, auxiliary data, and random number character string, and the secret key restoration unit 11 restores the secret key from the auxiliary data using the received biometric information. (S314) The encryption unit 12 encrypts the random number character string using the restored secret key (S315). Then, the electric field communication transmitting unit 13 transmits the encrypted random number character string to the user authentication device 300 via the electric field communication sensor 51 (S316).

  Thereafter, in the user authentication device 300, the decryption unit 36 decrypts the encrypted random character string returned from the electric field communication device 100 using the public key retrieved and acquired by the correspondence table search unit 31 ( S317). Finally, the collation unit 37 collates (compares) the decrypted random number character string and the random number character string generated by the random number character string generation unit 33, and if they match, it is authenticated as a legitimate user ( S318).

  The above is the processing flow of the user authentication system according to the third embodiment. Note that the timing of acquiring the electric field communication device ID and the biometric information in S306 and S307 depends on the timing taken into the user authentication device 300 from the electric field communication sensor 51 and the biometric information acquisition sensor 52. There are variations including only combination patterns. In addition, the same effect can be obtained by performing the process of searching for and acquiring auxiliary data and public key in S308 and S309 after the process of S306, and generating the random character string in S310 after the process of S306 or S307. It is possible to obtain.

  In addition, the timing at which the biometric information, the auxiliary data, and the random character string are transmitted in S311 to S313 is a variation of only the combination pattern including the timing when these three data are the same or any two data are the same. is there.

  Furthermore, the process of extracting / generating the feature point information used for restoring the secret key in S314 from the biometric information acquired in S307 may be performed by the user authentication device 300 or performed by the electric field communication device 100. Note that it may be.

  According to the third embodiment, the user authentication device 300 stores auxiliary data in which the secret key is concealed in advance using the biometric information of the user 200 who possesses the electric field communication device 100 based on the Fuzzy Value Scheme. In the electric field communication device 100, when the biometric information and auxiliary data of the user 200 acquired by the user authentication device 300 are received, the secret key is restored from the auxiliary data using the biometric information, and user authentication is performed. The authentication random number character string transmitted from the device 300 is encrypted using the secret key, and the encrypted random number character string transmitted from the electric field communication device 100 is stored in advance in the user authentication device 300. Decrypt using the public key corresponding to the ID of the electric field communication device, and the random character string after decryption matches the random character string before decryption Therefore, it is possible to realize highly secure user authentication in which biometric information and ID are linked. That is, the authenticity of the electric field communication device owned by client authentication and user authentication by biometric authentication can be realized simultaneously. In addition, since biometric authentication and ID authentication can be integrated without impairing convenience, the advantages of both can be actively utilized.

[Fourth Embodiment]
FIG. 7 shows an overall configuration of a user authentication system according to the fourth embodiment. This user authentication system has substantially the same configuration as the user authentication system described in the second embodiment with reference to FIG. 3, but the electric field communication device 100 has the auxiliary data storage unit 16 instead. Thus, the correspondence table storage unit 38 of the user authentication device 300 is different in that the public key and auxiliary data are stored in association with the ID of the electric field communication device. The description of other configurations is omitted here.

  Next, FIG. 8 shows a processing flow of the user authentication system according to the fourth embodiment. First, the user authentication system generates a secret key and a public key for the public key cryptosystem (S401), generates auxiliary data concealing the secret key using the biometric information of the user 200 (S402), The public key and auxiliary data are stored in the correspondence table storage unit 38 of the user authentication device 300 in association with the ID of the electric field communication device (S403, S404). The ID of the electric field communication device is stored in advance in the ID storage unit 15.

  Next, the electric field communication transmission unit 13 of the electric field communication device 100 reads the ID of the electric field communication device stored in the ID storage unit 15, and transmits and transmits the ID to the user authentication device 300 by the electric field (S405).

  Thereafter, in the user authentication device 300, the reception unit 34 receives the ID of the electric field communication device transmitted and transmitted via the electric field communication sensor 51 (S406), and the biometric information acquisition unit 32 further approaches the proximity of the user 200. When the biometric information of the user is acquired via the biometric information acquisition sensor 52 (S407), the correspondence table search unit 31 obtains the auxiliary data and the public key corresponding to the received ID of the electric field communication device from the correspondence table storage unit 38. Search and obtain (S408, S409).

  Next, the secret key restoration unit 39 restores the secret key from the retrieved auxiliary data using the obtained biometric information (S410). Then, the random number character string generation unit 33 generates a random number character string to be used in later verification (S411), and the encryption unit 40 encrypts the random number character string using the restored secret key (S412).

  Thereafter, the decryption unit 36 decrypts the encrypted random character string using the public key searched and acquired by the correspondence table search unit 31 (S413). Finally, the collation unit 37 collates (compares) the decrypted random number character string and the random number character string generated by the random number character string generation unit 33, and if they match, it is authenticated as a legitimate user ( S414).

  The above is the processing flow of the user authentication system according to the fourth embodiment. Note that the timing at which the user authentication device 300 acquires the ID and biometric information of the electric field communication device in S406 and S407 depends on the timing at which the user authentication device 300 takes in the electric field communication sensor 51 and the biometric information acquisition sensor 52, There are variations only in combination patterns, including the same timing. Further, the same effect can be obtained even if the processing for searching for and acquiring the auxiliary data and the public key in S408 and S409 is performed immediately after the processing in S406 and before the processing in S407.

  According to the fourth embodiment, the user authentication device 300 stores auxiliary data in which the secret key is concealed in advance using the biometric information of the user 200 who owns the electric field communication device 100 based on the Fuzzy Value Scheme. When the biometric information of the user 200 is received, the secret key is restored from the auxiliary data using the biometric information, and the random number character string for authentication is encrypted using the secret key. Since the random number character string is decrypted by using a public key corresponding to the ID of the electric field communication device stored in advance, it is verified whether the random number character string after decryption matches the random number character string before decryption. It is possible to realize highly secure user authentication in which biometric information and ID are linked. That is, the authenticity of the electric field communication device owned by client authentication and user authentication by biometric authentication can be realized simultaneously. In addition, since biometric authentication and ID authentication can be integrated without impairing convenience, the advantages of both can be actively utilized.

  The electric field communication device 100 and the user authentication device 300 described in the first embodiment and the third embodiment are devices that enable bidirectional electric field communication having both a transmission function and a reception function. On the other hand, the electric field communication apparatus 100 described in the second and fourth embodiments has only a transmission function, and the user authentication apparatus 300 performs one-way electric field communication having only a reception function. An electric field communication receiving module that exclusively performs transmission processing instead of the electric field communication device according to the fourth embodiment and the fourth embodiment, and an electric field communication reception module that exclusively performs reception processing instead of the user authentication device. It is also possible to use it.

  Moreover, although it demonstrated as what authenticates the access from the electric field communication apparatus 100 in all embodiment, the apparatus which the user 200 possesses is not restricted to such an electric field communication apparatus, In each embodiment. Any device (user terminal) may be used as long as it includes the described processes and storage units and can communicate with the user authentication device 300 through various communication means such as wired or wireless.

  Furthermore, in all the embodiments, the biometric information acquisition sensor 52 and / or the biometric information acquisition unit 32 has been described as being included in the user authentication device 300. However, these sensors and functional units are included in the electric field communication device 100. However, the same effect can be obtained.

  Furthermore, the electric field communication apparatus 100 described in all the embodiments can be incorporated in a small portable terminal such as an IC card, a USB memory, or a PDA that can be easily held by the user 200.

  Furthermore, in all the embodiments, the encryption key concealed inside the auxiliary data using the biometric information of the user 200 is used as the secret key used in the public key cryptosystem, and is stored in the correspondence table storage unit 38. However, instead of using a secret key and a public key, a common key used in a common key cryptosystem may be used as an encryption key and a decryption key. Is possible.

  In addition, as auxiliary data described in all the embodiments, template information used in biometric encryption can be used, and it is generated by using Fuzzy Committing and statistical AD conversion in addition to the application of Fuzzy Vault Scheme. It is also possible to use auxiliary data.

  Finally, the electric field communication apparatus 100 and the user authentication apparatus 300 described in each embodiment are configured by a computer, and each process of each functional block is executed by a program. In addition, each processing operation of the electric field communication apparatus 100 and the user authentication apparatus 300 described in each embodiment is recorded as a program on a recording medium such as a compact disk or a floppy (registered trademark) disk, and this recording medium is stored in a computer. A program stored in a recording medium or downloaded to a computer via an arbitrary communication line, or installed from a recording medium, and the computer is operated by the program, so that each processing operation described above can be performed with an electric field. Of course, it can function as the communication device 100 and the user authentication device 300.

DESCRIPTION OF SYMBOLS 100 ... Electric field communication apparatus 11 ... Secret key restoration part 12 ... Encryption part 13 ... Electric field communication transmission part 14 ... Electric field communication reception part 15 ... ID memory | storage part 16 ... Auxiliary data memory | storage part 200 ... User 300 ... User authentication apparatus 31 ... Correspondence Table search unit 32 ... biometric information acquisition unit 33 ... random number character string generation unit 34 ... reception unit 35 ... transmission unit 36 ... decryption unit 37 ... collation unit 38 ... correspondence table storage unit 39 ... secret key restoration unit 40 ... encryption unit DESCRIPTION OF SYMBOLS 51 ... Electric field communication sensor 52 ... Biometric information acquisition sensor S101-S116 ... Step S201-S214 ... Step S301-S318 ... Step S401-S414 ... Step S501-S502 ... Step S601-S602 ... Step

Claims (25)

In a user authentication method comprising a user terminal and a user authentication device, and performing user authentication using terminal identification data of the user terminal and user biometric data,
By the user terminal,
Storing auxiliary data in which the encryption key is concealed in advance using the biometric data in auxiliary data storage means;
Storing the terminal identification data in a terminal identification data storage means;
Reading the terminal identification data from the terminal identification data storage means and transmitting it to the user authentication device;
Receiving the biometric data acquired by the user authentication device, and using the biometric data, restoring the encryption key concealed in the auxiliary data read from the auxiliary data storage unit;
Receiving the authentication data transmitted from the user authentication device, encrypting it using the restored encryption key, and transmitting the encrypted authentication data to the user authentication device. And
By the user authentication device,
Storing a decryption key in association table storage means in association with the terminal identification data;
Receiving the terminal identification data transmitted from the user terminal and retrieving the decryption key corresponding to the terminal identification data from the correspondence table storage means;
Acquiring the biometric data by proximity of the user and transmitting it to the user terminal;
Generating the authentication data and transmitting it to the user terminal;
Receiving the encrypted authentication data transmitted from the user terminal and decrypting the authentication data using the retrieved decryption key;
Checking whether the decrypted authentication data matches the generated authentication data; and
A user authentication method comprising: In a user authentication method comprising a user terminal and a user authentication device, and performing user authentication using terminal identification data of the user terminal and user biometric data,
By the user terminal,
Storing auxiliary data in which the encryption key is concealed in advance using the biometric data in auxiliary data storage means;
Storing the terminal identification data in a terminal identification data storage means;
Transmitting the terminal identification data read from the terminal identification data storage means and the auxiliary data read from the auxiliary data storage means to the user authentication device,
By the user authentication device,
Storing a decryption key in association table storage means in association with the terminal identification data;
Receiving the terminal identification data transmitted from the user terminal and retrieving the decryption key corresponding to the terminal identification data from the correspondence table storage means;
Obtaining the biometric data by proximity of the user;
Generating the authentication data;
Receiving the auxiliary data transmitted from the user terminal, and using the acquired biometric data, restoring the encryption key concealed in the auxiliary data;
Encrypting the generated authentication data using the restored encryption key;
Using the retrieved decryption key to decrypt the encrypted authentication data into authentication data;
Checking whether the decrypted authentication data matches the generated authentication data; and
A user authentication method comprising: In a user authentication method comprising a user terminal and a user authentication device, and performing user authentication using terminal identification data of the user terminal and user biometric data,
By the user terminal,
Storing the terminal identification data in a terminal identification data storage means;
Reading the terminal identification data from the terminal identification data storage means and transmitting it to the user authentication device;
The biometric data acquired by the user authentication device is received, the auxiliary data transmitted from the user authentication device is received, and the encryption key concealed in the auxiliary data is restored using the biometric data. Steps,
Receiving the authentication data transmitted from the user authentication device, encrypting it using the restored encryption key, and transmitting the encrypted authentication data to the user authentication device. And
By the user authentication device,
Storing the decryption key in association with the terminal identification data and the auxiliary data in which the encryption key is concealed in advance using the biometric data in a correspondence table storage unit;
Receiving the terminal identification data transmitted from the user terminal and retrieving the decryption key and the auxiliary data corresponding to the terminal identification data from the correspondence table storage means;
Transmitting the retrieved auxiliary data to the user terminal;
Acquiring the biometric data by proximity of the user and transmitting it to the user terminal;
Generating the authentication data and transmitting it to the user terminal;
Receiving the encrypted authentication data transmitted from the user terminal and decrypting the authentication data using the retrieved decryption key;
Checking whether the decrypted authentication data matches the generated authentication data; and
A user authentication method comprising: In a user authentication method comprising a user terminal and a user authentication device, and performing user authentication using terminal identification data of the user terminal and user biometric data,
By the user terminal,
Storing the terminal identification data in a terminal identification data storage means;
Reading the terminal identification data from the terminal identification data storage means and transmitting it to the user authentication device,
By the user authentication device,
Storing the decryption key in association with the terminal identification data and auxiliary data in which the encryption key is concealed in advance using the biometric data in a correspondence table storage unit;
Receiving the terminal identification data transmitted from the user terminal and retrieving the decryption key and the auxiliary data corresponding to the terminal identification data from the correspondence table storage means;
Obtaining the biometric data by proximity of the user;
Generating the authentication data;
Using the obtained biometric data, restoring the encryption key concealed in the auxiliary data searched;
Encrypting the generated authentication data using the restored encryption key;
Using the retrieved decryption key to decrypt the encrypted authentication data into authentication data;
Checking whether the decrypted authentication data matches the generated authentication data; and
A user authentication method comprising: The user terminal and the user authentication device are:
5. The user authentication method according to claim 1, wherein the user authentication method performs communication using an electric field induced in an electric field transmission medium from an electrode. The user terminal is a transmission module;
The user authentication method according to claim 2, wherein the user authentication device is a receiving module. The user terminal is
The user authentication method according to any one of claims 1 to 6, wherein the user authentication method is built in an IC card or a USB memory. The encryption key and the decryption key are:
The user authentication method according to any one of claims 1 to 7, wherein the user authentication method is a secret key or public key used in a public key cryptosystem, or a common key used in a common key cryptosystem. In a user authentication system comprising a user terminal and a user authentication device, and performing user authentication using terminal identification data of the user terminal and user biometric data,
The user terminal is
Auxiliary data storage means for storing auxiliary data in which the encryption key is concealed in advance using the biometric data;
Terminal identification data storage means for storing the terminal identification data;
Transmitting means for reading the terminal identification data from the terminal identification data storage means and transmitting it to the user authentication device;
Reconstructing means for receiving the biometric data acquired by the user authentication device and using the biometric data to restore the encryption key concealed in the auxiliary data read from the auxiliary data storage means;
An encryption unit that receives the authentication data transmitted from the user authentication device, encrypts the data using the restored encryption key, and transmits the encrypted authentication data to the user authentication device; Have
The user authentication device includes:
Correspondence table storage means for storing a decryption key in association with the terminal identification data;
Search means for receiving the terminal identification data transmitted from the user terminal and searching the decryption key corresponding to the terminal identification data from the correspondence table storage means;
Biometric data acquisition means for acquiring the biometric data by the proximity of the user and transmitting it to the user terminal;
Authentication data generation means for generating the authentication data and transmitting it to the user terminal;
Decryption means for receiving the encrypted authentication data transmitted from the user terminal and decrypting it into the authentication data using the retrieved decryption key;
Collating means for collating whether the decrypted authentication data matches the generated authentication data;
A user authentication system comprising: In a user authentication system comprising a user terminal and a user authentication device, and performing user authentication using terminal identification data of the user terminal and user biometric data,
The user terminal is
Auxiliary data storage means for storing auxiliary data in which the encryption key is concealed in advance using the biometric data;
Terminal identification data storage means for storing the terminal identification data;
Transmission means for transmitting the terminal identification data read from the terminal identification data storage means and the auxiliary data read from the auxiliary data storage means to the user authentication device;
The user authentication device includes:
Correspondence table storage means for storing a decryption key in association with the terminal identification data;
Search means for receiving the terminal identification data transmitted from the user terminal and searching the decryption key corresponding to the terminal identification data from the correspondence table storage means;
Biometric data acquisition means for acquiring the biometric data by the proximity of the user;
Authentication data generating means for generating the authentication data;
A restoration unit that receives the auxiliary data transmitted from the user terminal and restores the encryption key concealed in the auxiliary data using the acquired biometric data;
Encryption means for encrypting the generated authentication data using the restored encryption key;
Decryption means for decrypting the encrypted authentication data into the authentication data using the retrieved decryption key;
Collating means for collating whether the decrypted authentication data matches the generated authentication data;
A user authentication system comprising: In a user authentication system comprising a user terminal and a user authentication device, and performing user authentication using terminal identification data of the user terminal and user biometric data,
The user terminal is
Terminal identification data storage means for storing the terminal identification data;
Transmitting means for reading the terminal identification data from the terminal identification data storage means and transmitting it to the user authentication device;
The biometric data acquired by the user authentication device is received, the auxiliary data transmitted from the user authentication device is received, and the encryption key concealed in the auxiliary data is restored using the biometric data. Recovery means,
An encryption unit that receives the authentication data transmitted from the user authentication device, encrypts the data using the restored encryption key, and transmits the encrypted authentication data to the user authentication device; Have
The user authentication device includes:
Correspondence table storage means for storing a decryption key and the auxiliary data in which the encryption key is concealed in advance using the biometric data in association with the terminal identification data;
Search means for receiving the terminal identification data transmitted from the user terminal and searching the decryption key and the auxiliary data corresponding to the terminal identification data from the correspondence table storage means;
Transmitting means for transmitting the auxiliary data searched to the user terminal;
Biometric data acquisition means for acquiring the biometric data by the proximity of the user and transmitting it to the user terminal;
Authentication data generation means for generating the authentication data and transmitting it to the user terminal;
Decryption means for receiving the encrypted authentication data transmitted from the user terminal and decrypting it into the authentication data using the retrieved decryption key;
Collating means for collating whether the decrypted authentication data matches the generated authentication data;
A user authentication system comprising: In a user authentication system comprising a user terminal and a user authentication device, and performing user authentication using terminal identification data of the user terminal and user biometric data,
The user terminal is
Terminal identification data storage means for storing the terminal identification data;
Reading means for reading out the terminal identification data from the terminal identification data storage means, and transmitting to the user authentication device,
The user authentication device includes:
Correspondence table storage means for storing a decryption key and auxiliary data in which the encryption key is concealed in advance using the biometric data in association with the terminal identification data;
Search means for receiving the terminal identification data transmitted from the user terminal and searching the decryption key and the auxiliary data corresponding to the terminal identification data from the correspondence table storage means;
Biometric data acquisition means for acquiring the biometric data by the proximity of the user;
Authentication data generating means for generating the authentication data;
Using the acquired biometric data, a restoring means for restoring the encryption key concealed in the auxiliary data searched;
Encryption means for encrypting the generated authentication data using the restored encryption key;
Decryption means for decrypting the encrypted authentication data into the authentication data using the retrieved decryption key;
Collating means for collating whether the decrypted authentication data matches the generated authentication data;
A user authentication system comprising: The user terminal and the user authentication device are:
13. The user authentication system according to claim 9, wherein the user authentication system is an electric field communication device that performs communication using an electric field induced in an electric field transmission medium from an electrode. The user terminal is a transmission module;
The user authentication system according to any one of claims 10, 12, and 13, wherein the user authentication device is a receiving module. The user terminal is
The user authentication system according to any one of claims 9 to 14, wherein the user authentication system is built in an IC card or a USB memory. The encryption key and the decryption key are:
The user authentication system according to any one of claims 9 to 15, wherein the user authentication system is a secret key or a public key used in a public key cryptosystem, or a common key used in a common key cryptosystem. Auxiliary data storage means for storing auxiliary data in which the encryption key is concealed in advance using biometric data;
Reconstructing means for receiving the biometric data acquired by the user authentication device and using the biometric data to restore the encryption key concealed in the auxiliary data read from the auxiliary data storage means;
An encryption unit that receives the authentication data transmitted from the user authentication device, encrypts the data using the restored encryption key, and transmits the encrypted authentication data to the user authentication device;
A user terminal characterized by comprising:   18. The user terminal according to claim 17, wherein the user terminal is an electric field communication device that communicates with the user authentication device by an electric field induced in an electric field transmission medium from an electrode.   The user terminal according to claim 17 or 18, wherein the user terminal is built in an IC card or a USB memory. Correspondence table storage means for storing a decryption key in association with the terminal identification data of the user terminal;
Search means for receiving the terminal identification data transmitted from the user terminal and searching the decryption key corresponding to the terminal identification data from the correspondence table storage means;
Biometric data acquisition means for acquiring biometric data of the user by the proximity of the user;
Authentication data generating means for generating authentication data;
Auxiliary data in which an encryption key is concealed in advance using the biometric data is received from the user terminal, and the encryption key concealed in the auxiliary data is restored using the acquired biometric data Means,
Encryption means for encrypting the generated authentication data using the restored encryption key;
Decryption means for decrypting the encrypted authentication data into the authentication data using the retrieved decryption key;
Collating means for collating whether the decrypted authentication data matches the generated authentication data;
A user authentication device comprising: Correspondence table storage means for storing a decryption key and auxiliary data in which the encryption key is concealed in advance using the user's biometric data in association with the terminal identification data of the user terminal;
Search means for receiving the terminal identification data transmitted from the user terminal and searching the decryption key and the auxiliary data corresponding to the terminal identification data from the correspondence table storage means;
Biometric data acquisition means for acquiring the biometric data by the proximity of the user;
Authentication data generating means for generating the authentication data;
Using the acquired biometric data, a restoring means for restoring the encryption key concealed in the auxiliary data searched;
Encryption means for encrypting the generated authentication data using the restored encryption key;
Decryption means for decrypting the encrypted authentication data into the authentication data using the retrieved decryption key;
Collating means for collating whether the decrypted authentication data matches the generated authentication data;
A user authentication device comprising:   The user authentication device according to claim 20 or 21, which is an electric field communication device that communicates with the user terminal by an electric field induced in an electric field transmission medium from an electrode. On the computer,
Processing for storing auxiliary data in which the encryption key is concealed in advance using biometric data in auxiliary data storage means;
Processing for receiving the biometric data acquired by the user authentication device and using the biometric data to restore the encryption key concealed in the auxiliary data read from the auxiliary data storage means;
Processing for receiving authentication data transmitted from the user authentication device, encrypting using the restored encryption key, and transmitting the encrypted authentication data to the user authentication device;
A program for a user terminal, characterized in that On the computer,
A process of storing a decryption key in the correspondence table storage means in association with the terminal identification data of the user terminal;
Processing for receiving the terminal identification data transmitted from the user terminal and retrieving the decryption key corresponding to the terminal identification data from the correspondence table storage means;
A process of acquiring biometric data of the user by the proximity of the user;
Processing to generate authentication data;
Processing for receiving auxiliary data in which an encryption key is concealed in advance using the biometric data from the user terminal, and using the acquired biometric data to restore the encryption key concealed in the auxiliary data When,
A process of encrypting the generated authentication data using the restored encryption key;
Using the retrieved decryption key, a process of decrypting the encrypted authentication data into authentication data;
A process of checking whether the decrypted authentication data matches the generated authentication data;
A program for a user authentication device, characterized in that On the computer,
A process of storing the decryption key and auxiliary data in which the encryption key is concealed in advance using the user's biometric data in association with the terminal identification data of the user terminal in the correspondence table storage unit;
Processing for receiving the terminal identification data transmitted from the user terminal and retrieving the decryption key and the auxiliary data corresponding to the terminal identification data from the correspondence table storage means;
Processing for obtaining the biometric data by the proximity of the user;
Processing for generating the authentication data;
Using the acquired biometric data, a process of restoring the encryption key that is concealed in the searched auxiliary data;
A process of encrypting the generated authentication data using the restored encryption key;
Using the retrieved decryption key, a process of decrypting the encrypted authentication data into authentication data;
A process of checking whether the decrypted authentication data matches the generated authentication data;
A program for a user authentication device, characterized in that

Images