JP7060449B2 - Biometric system, biometric method, and biometric program - Google Patents

Description

The present invention relates to a biometric authentication system , a biometric authentication method , and a biometric authentication program .

In recent years, biometric authentication that identifies an individual based on biometric information such as fingerprints, veins, and faces has become widespread. In biometric authentication, the registration terminal acquires biometric information at the time of registration, generates data (hereinafter referred to as a template) used for authentication based on the registration feature amount extracted from the biometric information, and stores it in a server or the like. .. Further, at the time of authentication, the authentication terminal acquires the biometric information, and the server performs the authentication process using the authentication feature amount extracted from the biometric information and the stored template.

As a method of preventing spoofing to the system in biometric authentication, for example, there is a method of encrypting a registration feature amount at the time of registration to generate a template, and decrypting and collating at the time of authentication. Further, there is known a method called cancelable biometrics, which encrypts and collates using the same random number (cancellable parameter) at the time of registration and authentication. However, in these methods, information such as a private key for decryption and parameters in cancelable biometrics is stored in an authentication terminal, a server, or the like, and if the template and the information are leaked at the same time, the registered biometric information. Can be restored, and spoofing using the restored biometric information becomes possible.

Therefore, even if data necessary for authentication such as templates, private keys and parameters, past authentication messages, and signatures are leaked, it is difficult to spoof using them as an authentication method such as a biometric signature method such as fuzzy signature. There are also biometric encryption methods such as fuzzy extractor described in Non-Patent Document 1.

Further, as an example of biometric authentication, there is 1: N authentication. 1: N authentication accepts input of biometric information without accepting input of an ID that identifies an individual at the time of authentication, and identifies which registered user the user who is trying to authenticate is from the input biometric information.

Y. Dodis, et al., “Fuzzy extractors: How to generate strong keys,” In Eurocrypt 2004, Vol. 3027 of LNCS, pp. 523-540, 2004.

Biometric signature methods such as fuzzy signature and biometric encryption methods such as fuzzy extractor require more processing time than verification in normal biometric authentication. Therefore, when the number of registered users is large, all N registered users Simple 1: N authentication that collates with the template cannot be authenticated in a practical time. Therefore, it is an object of the present invention to realize high-speed 1: N biometric authentication, which is difficult to spoof.

In order to solve the above problems, one aspect of the present invention adopts the following configuration. The biometric authentication system includes a registration terminal, an authentication terminal, and a server. The registration terminal extracts a first registration feature amount and a second registration feature amount from the biometric information of a person to be registered, and the authentication terminal is used. The first authentication feature amount and the second authentication feature amount are extracted from the biometric information of the authentication target person, and the registration terminal uses the first verification method to extract the second registration feature amount from the first registration feature amount. A first template different from the feature amount for use is determined, a second template is determined from the feature amount for second registration based on the second collation method, and the first template and the second template are transferred to the server. The server transmits the first template and the second template in association with each other, and the authentication terminal obtains search data from the first authentication feature amount based on the first verification method. The determination is made, the search data is transmitted to the server, and the server searches for the first template held by the server based on the first collation method, and the first template corresponding to the search data is obtained. , The second template corresponding to the specified first template is specified, the authentication terminal generates an authentication token from the second authentication feature amount based on the second verification method, and the server. Executes the authentication success / failure determination of the authentication target person based on the second verification method, the specified second template, and the authentication token, and generates the authentication token and determines the authentication success / failure. The template collation process in the search for the first template is faster than the process in which the above is combined.

According to one aspect of the present invention, spoofing is difficult and high-speed 1: N biometric authentication can be realized.

Issues, configurations and effects other than those described above will be clarified by the following description of the embodiments.

It is a block diagram which shows the configuration example of the biometric authentication system in Example 1. FIG. It is a block diagram which shows the hardware configuration example of the computer which constitutes each of the registration terminal, the authentication terminal, and the server in Example 1. FIG. It is a sequence diagram which shows an example of the registration process and the authentication process in Example 1. FIG. It is a block diagram which shows the configuration example of the biometric authentication system in Example 2. FIG. It is a sequence diagram which shows an example of the registration process and the authentication process in Example 2. FIG. It is a sequence diagram which shows an example of the registration process and the authentication process in Example 3. FIG. It is a sequence diagram which shows an example of the registration process and the authentication process in Example 4. FIG. It is a block diagram which shows the configuration example of the biometric authentication system in Example 5. It is a sequence diagram which shows an example of the registration process and the authentication process in Example 5.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the present embodiment, the same components are designated by the same reference numerals in principle, and repeated description thereof will be omitted. It should be noted that the present embodiment is merely an example for realizing the present invention and does not limit the technical scope of the present invention.

In Example 1, a biometric authentication system will be described. FIG. 1 is a block diagram showing a configuration example of a biometric authentication system. The biometric authentication system includes, for example, a registration terminal 100, an authentication terminal 200, and a server 300 connected to each other by a network 401.

The registration terminal 100 is a computer that generates a template based on the biometric information for registration of the user. The authentication terminal 200 is a computer that performs authentication processing based on a user's authentication feature amount. The server 300 is a computer that stores a template at the time of registration and performs a template search process at the time of authentication.

The registration terminal 100 may be, for example, a computer such as a PC (Personal Computer) installed in the user's home or the like, or a PC used by a plurality of or an unspecified number of users installed in an office or a university or the like. It may be a computer such as. Further, the registration terminal 100 and the authentication terminal 200 may be integrated, that is, may be configured as one terminal.

The registration terminal 100 is, for example, a first biometric information acquisition unit 101, a second biometric information acquisition unit 102, a first feature extraction unit 103, a second feature extraction unit 104, a first template generation unit 105, and a second template generation unit 106. , And the communication unit 107. The first biometric information acquisition unit 101 acquires the biometric information for the first registration. The second biometric information acquisition unit 102 acquires the biometric information for the second registration.

The first feature extraction unit 103 extracts the first registration feature amount from the first registration biometric information acquired by the first biometric information acquisition unit 101. The second feature extraction unit 104 extracts the second registration feature amount from the second registration biometric information acquired by the second biometric information acquisition unit 102. The first template generation unit 105 generates a first template from the first registration feature amount extracted by the first feature extraction unit 103. The second template generation unit 106 generates a second template from the second registration feature amount extracted by the second feature extraction unit 104. The communication unit 107 communicates with other devices.

The authentication terminal 200 may include, for example, a first biometric information acquisition unit 201, a second biometric information acquisition unit 202, a first feature extraction unit 203, a second feature extraction unit 204, a search data generation unit 205, an authentication token generation unit 207, and the like. And the communication unit 208. The first biometric information acquisition unit 201 acquires the biometric information for the first authentication. The second biometric information acquisition unit 202 acquires the biometric information for the second authentication.

The first feature extraction unit 203 extracts the first authentication feature amount from the first authentication biometric information acquired by the first biometric information acquisition unit 201. The second feature extraction unit 204 extracts the second authentication feature amount from the second authentication biometric information acquired by the second biometric information acquisition unit 202. The first registration feature amount and the first authentication feature amount are collectively referred to as the first feature amount, and the second registration feature amount and the second authentication feature amount are collectively referred to as the second feature amount. Call.

The search data generation unit 205 generates search data from the first authentication feature amount extracted by the first feature extraction unit 203. The authentication token generation unit 207 generates an authentication token based on the second feature amount extracted by the second feature extraction unit 204, and the second template and message received from the server 300. The communication unit 208 communicates with other devices.

The server 300 includes a storage unit 301, a template DB (database) 302, a template search unit 303, a message generation unit 304, a verification unit 305, and a communication unit 306. The storage unit 301 performs a process of associating the first template and the second template transmitted from the registration terminal 100 and storing them in the template DB 302. The template DB 302 holds the first template and the second template.

The template search unit 303 searches for the first template from the template DB 302 using the search data received from the authentication terminal 200 as a key, and identifies the second template corresponding to the first template. The message generation unit 304 generates a message. The verification unit 305 performs verification based on the message, the second template, and the authentication token transmitted from the authentication terminal 200. The communication unit 306 communicates with other devices.

FIG. 2 is a block diagram showing a hardware configuration example of a computer constituting each of the registration terminal 100, the authentication terminal 200, and the server 300 in this embodiment. The computer includes, for example, a CPU 1001, a memory 1002, an auxiliary storage device 1003, an input device 1004, an output device 1005, and a communication device 1006.

The registration terminal 100 and the authentication terminal 200 are connected to a sensor (for example, a fingerprint sensor, a vein sensor, a camera, a microphone, etc.) for acquiring the first biometric information and the second biometric information, or a device including the sensor. It may be included or it may include a sensor.

The CPU 1001 includes a processor and executes a program stored in the memory 1002. The memory 1002 includes a ROM which is a non-volatile storage element and a RAM which is a volatile storage element. The ROM stores an invariant program (for example, BIOS) and the like. The RAM is a high-speed and volatile storage element such as a DRAM (Dynamic Random Access Memory), and temporarily stores a program executed by the CPU 1001 and data used when the program is executed.

The auxiliary storage device 1003 is a large-capacity non-volatile storage device such as an HDD (Hard Disk Drive) or SSD (Solid State Drive), and stores a program executed by a processor and data used when the program is executed. do. That is, the program is read from the auxiliary storage device 1003, loaded into the memory 1002, and executed by the processor.

The computer has an input interface and an output interface. The input interface is an interface to which an input device 1004 such as a keyboard, a mouse, a camera, and a scanner is connected and accepts input from an operator. The output interface is an interface to which an output device 1005 such as a display device or a printer is connected and outputs a program execution result in a format that can be visually recognized by an operator.

The communication device 1006 is a network interface device that controls communication with other devices according to a predetermined protocol, and is used for communication by the communication unit. Further, the communication device 1006 includes, for example, a serial interface such as USB.

The program executed by the CPU 1001 is provided to the computer via a removable medium (CD-ROM, flash memory, etc.) or a network, and is stored in the non-volatile auxiliary storage device 1003, which is a non-temporary storage medium. Therefore, the computer may have an interface for reading data from removable media.

The registration terminal 100, the authentication terminal 200, and the server 300 are computer systems configured on one computer physically or on a plurality of computers logically or physically configured, and are the same. It may run on a separate thread on the computer, or it may run on a virtual computer built on multiple physical computer resources.

The CPU 1001 of the registration terminal 100 is, for example, a first biometric information acquisition unit 101, a second biometric information acquisition unit 102, a first feature extraction unit 103, a second feature extraction unit 104, a first template generation unit 105, and a second template generation. A unit 106, a second template generation unit 106, and a communication unit 107 are included. The CPU 1001 of the authentication terminal 200 includes a first biometric information acquisition unit 201, a second biometric information acquisition unit 202, a first feature extraction unit 203, a second feature extraction unit 204, a search data generation unit 205, and an authentication token generation unit 207. And the communication unit 208. The CPU 1001 of the server 300 includes a storage unit 301, a template search unit 303, a message generation unit 304, a verification unit 305, and a communication unit 306. The auxiliary storage device 1003 of the server 300 holds the template DB 302.

For example, the CPU 1001 of the registration terminal 100 functions as the first biometric information acquisition unit 101 by operating according to the first biometric information acquisition program loaded in the memory 1002 of the registration terminal 100, and is loaded into the memory 1002 of the registration terminal 100. By operating according to the second biometric information acquisition program, it functions as the second biometric information acquisition unit 102. The same applies to the other parts included in the CPU 1001 of the registration terminal 100 and the parts included in the CPU 1001 of the other computer included in the biometric authentication system.

In this embodiment, the information used by the biometric authentication system may be represented by any data structure without depending on the data structure. For example, a properly selected data structure from a table, list, database or queue can store the information.

FIG. 3 is a sequence diagram showing an example of registration processing and authentication processing. First, the outline of the processing by the authentication system will be described. The process by the biometric authentication system includes a registration process (S1000) and an authentication process (S2000).

In the registration process, the registration terminal 100 acquires the biometric information of the user and generates a template from the acquired biometric information. The server 300 stores the template in the template DB 302. In the authentication process, the authentication terminal 200 acquires the biometric information of the person who attempts the authentication (also referred to as the certifier), and the server 300 identifies the certifier from the registered users.

First, the process included in the registration process of step S1000 will be described. In step S1101, the first biometric information acquisition unit 101 acquires the first registration biometric information. The first registration biometric information includes any personally identifiable biometric information such as fingerprints, finger veins, irises, faces, or voiceprints.

In step S1102, the first feature extraction unit 103 extracts the first registration feature amount from the first registration biometric information. For example, when the biometric information for the first registration is a fingerprint, the feature amount for the first registration is the frequency information of the fingerprint, the position of the feature point, or the like.

In step S1103, the first template generation unit 105 generates the first template from the first registration feature amount. Specifically, for example, the first template generation unit 105 generates a random number (cancellable parameter) in an arbitrary cancelable biometric such as correlation-invariant random filtering, and conceals biometric information using the generated random number. The conversion (cancellable conversion for registration) performed for the purpose is applied to the feature quantity for the first registration to generate the first template. An example of the conversion performed by the first template generation unit 105 and the details of the effect of the conversion will be described later.

In step S1104, the second biometric information acquisition unit 102 acquires the biometric information for second registration. As the set of the biometric information for the first registration and the biometric information for the second registration, different types of biometric information sets such as (face, fingerprint), (iris, finger vein) can be selected. Further, for example, as in the case where the finger vein of the index finger of the right hand is the biometric information for the first registration and the finger vein of the middle finger of the right hand is the biometric information for the second registration, the biometric information of the same type and different parts is used. May be good.

Further, the first registration biometric information and the second registration biometric information may be biometric information that can be acquired from one device. Specifically, for example, a fingerprint and a finger vein are biometric information that can be simultaneously acquired by one device. Further, the same biometric information may be used as the biometric information for the first registration and the biometric information for the second registration.

In step S1105, the second feature extraction unit 104 extracts the second registration feature amount from the second registration biometric information. As will be described later, it is desirable that the second registration feature amount has a low correlation with the first registration feature amount. This has the effect of increasing the safety against spoofing. Further, the feature amount for the second registration needs to be at least different from that of the first template, and it is particularly desirable that the correlation is sufficiently low. This is because even if the first template is leaked, it becomes difficult to estimate the second registration feature amount from the first template.

In step S1106, the second template generation unit 106 generates the second template from the second registration feature amount. In step S1106, the second template generation unit 106 performs a template generation process in an arbitrary biometric encryption method such as, for example, a fuzzy extractor or a fuzzy commitment.

In the template generation process, the second template generation unit 106 first performs a concealment process based on the second registration feature amount and the secret key, and generates auxiliary information (auxiliary data). Further, the second template generation unit 106 generates data called a pseudo-identifier (pseudonymous identifier) for verifying the private key and the signature. For example, the public key corresponding to the private key and the hash value of the private key are examples of pseudo-identifiers. In this case, the second template generation unit 106 determines, for example, a set of auxiliary information and a pseudo-identifier as the second template.

Further, as another example of the process of step S1106, the second template generation unit 106 may generate the second template by performing some irreversible conversion on the second registration feature amount. Examples of irreversible transformations include the use of hash functions and the realization of irreversibility by missing some of the information. Subsequently, in step S1107, the communication unit 107 transmits the first template and the second template to the server 300.

In step S1301, the storage unit 301 associates the first template with the second template and stores them in the template DB 302. For example, the storage unit 301 may issue an ID that uniquely identifies the registered user, and may associate the first template with the second template using the ID. In addition, a plurality of template DB 302 may exist. In this case, one server 300 may hold a plurality of template DB 302s, or a plurality of template DB 302s may be distributed and held by a plurality of servers 300 included in the biometric authentication system.

When a plurality of templates DB 302 exist, for example, the first template and the second template may be stored in different template DB 302. Further, the internal data of at least one of the first template and the second template may be divided and stored in a plurality of template DB 302. Specifically, for example, when the second template is generated by the template generation process in the biometric encryption, the auxiliary information and the pseudo-identifier may be stored in different templates DB 302.

Subsequently, the process included in the authentication process in step S2000 will be described. In step S2201, the first biometric information acquisition unit 201 acquires the first authentication biometric information. The first authentication biometric information is the same site and the same type of biometric information as the first registration biometric information. For example, when the biometric information for the first registration is the finger vein of the index finger of the right hand, the biometric information for the first authentication is also the finger vein of the index finger of the right hand.

In step S2202, the first feature extraction unit 203 extracts the first authentication feature amount from the first authentication biometric information. The process performed by the first feature extraction unit 203 is, for example, the same as the process performed by the first feature extraction unit 103 in step S1102.

The contents of the processing may be partially different between the first feature extraction process by the first feature extraction unit 203 and the first feature amount extraction process by the first feature extraction unit 103. Specifically, for example, the first feature extraction unit 203 converts the biometric information for the first authentication into a size different from the biometric information for the first registration, and then changes the biometric information for the first authentication to the feature amount for the first authentication. May be extracted. Further, for example, at least one of the time of acquiring the biometric information for the first registration and the time of acquiring the biometric information for the first authentication, the biometric information of the same type and the same site is acquired a plurality of times, and the first is based on the acquired plurality of biometric information. The feature amount may be extracted (for example, the average of the plurality of biometric information is taken as the first feature amount).

In step S2203, the search data generation unit 205 generates search data based on the first authentication feature amount. The search data generation method in step S2203 depends on the algorithm for which the first template was generated in step S1103. Specifically, the first template generation process, the search data generation process, and the template search process described later are performed under the same collation method (for example, cancelable biometrics).

For example, when the first template is generated by the registration cancelable conversion, the search data generation unit 205 uses the same cancelable parameters as those at the time of registration processing for the first authentication feature amount to generate biometric information. Search data is generated by performing conversion for concealment (cancellable conversion for authentication). In order to perform this process, the registration terminal 100 and the authentication terminal 200 share the cancelable parameter by transmitting a cancelable variable meter to the authentication terminal 200 in advance.

In step S2204, the communication unit 208 transmits the search data to the server 300. In step S2205, the second biometric information acquisition unit 202 acquires the biometric information for second authentication. The second authentication biometric information is the same site and the same type of biometric information as the second registration biometric information.

In step S2206, the second feature extraction unit 204 extracts the second authentication feature amount from the second authentication biometric information. Similar to the time of extracting the first feature amount, the contents of the processing in the second feature amount extraction process by the second feature extraction unit 104 and the second feature amount extraction process by the second feature extraction unit 204. May be the same or may be partially different.

In step S2301, the template search unit 303 searches for the first template included in the template DB 302 using the search data received from the authentication terminal 200 as a key, and identifies the second template corresponding to the first template. For example, the first template generation unit 105 generates the first template by the registration cancelable conversion, and the search data generation unit 205 searches by performing the authentication cancelable conversion on the first authentication feature amount. An example of the process performed in step S2301 when the template data is generated is as follows.

First, the template search unit 303 performs cancelable collation with the search data received from the authentication terminal 200 for each of the first templates stored in the template DB 302, and calculates the similarity score. The template search unit 303 identifies, for example, a second template corresponding to the first template having a similarity score exceeding a predetermined threshold.

However, when there are a plurality of first templates having a similarity score exceeding the threshold value, the first template is specified by, for example, one of the following methods. The template search unit 303 identifies a second template corresponding to the first template having the maximum similarity score among the plurality of first templates. In addition, the template search unit 303 may specify a second template corresponding to the first template in which the similarity score first exceeds the threshold value in the sequential calculation of the similarity score. Further, the template search unit 303 may specify all the second templates corresponding to the plurality of first templates.

The template collation process in the template search process in step S2301 is a combination of the authentication token generation process and the authentication token verification process (that is, the process of verifying whether the specified second template belongs to the certifier), which will be described later. It is desirable that it is faster than the processing. When cancelable collation is performed in the template search process, high-speed collation can be realized by using, for example, a collation algorithm based on a fast Fourier transform or a distance index method.

In step S2302, the message generation unit 304 generates a message. When the biometric authentication system is a system for the purpose of authentication only, for example, random numbers, time information, one-time information such as a counter, or the like can be used as the message. One-time information is information that takes different values depending on the timing of generation (for example, at regular intervals). It is desirable that the generated message does not overlap with the previously generated message. Therefore, for example, when a random number is used as a message, it is desirable that the random number is generated by an algorithm having a collision probability of a predetermined value or less.

Further, a part or all of the message may be specific information such as transaction information or an electronic document, or may be processed information such as a hash value of the specific information. Further, a part or all of the message may be information generated by combining the specific information and the processing information. Since it is desirable that a message containing the specific information does not overlap with a past message, for example, when the specific information is transaction information, it is desirable that the transaction information includes time information and the like.

When the message contains specific information, the message has not been tampered with, that is, in addition to the personal authentication of the person who generated the message (that is, the user of the authentication terminal 200) by the verification step in step S2304 described later. It can be confirmed that the specific information contained in the message has not been tampered with.

In step S2303, the communication unit 306 transmits one or a plurality of second templates and messages specified in step S2301 to the authentication terminal 200. In step S2207, the authentication token generation unit 207 generates an authentication token based on the second authentication feature amount and the second template and message received from the server 300. The authentication token generation method in step S2207 depends on the algorithm for which the second template was generated in step S1106. Specifically, the second template generation process, the authentication token generation process, and the authentication token verification process (authentication process) described later are performed under the same collation method (for example, biometric encryption).

For example, when the second template is generated by the template generation process in biometric encryption in step S1106, for example, the following process is performed in step S2207. First, the authentication token generation unit 307 performs a restoration process for restoring the private key from the second authentication feature amount and the second template. When a plurality of second templates are received from the server 300, the authentication token generation unit 307 performs a restoration process on each of the plurality of second templates, and obtains one or a plurality of private keys that have been successfully restored. , Used for subsequent processing.

The authentication token generation unit 307 may perform a process of determining whether or not the extracted secret key is correct using the pseudo-identifier in the second template, and may use the determined secret key for subsequent processes. good.

Next, the authentication token generation unit 307 generates an authentication token based on the restored private key and the message sent from the server 300. An electronic signature generated by using a private key for a message, a MAC (Message Authentication Code), and the like are examples of authentication tokens. When using an electronic signature, any signature algorithm such as RSA, DSA, and Schnorr signature can be used. When MAC is used, any MAC algorithm such as HMAC or CMAC can be used.

The restoration process in the biometric encryption method requires more processing time than the collation process in normal authentication, but by narrowing down the candidates for the second template in step S2301, the number of restoration processes performed in step S2207 is reduced, and the authentication process is performed. The time can be shortened.

Further, the authentication token generation unit 307 may generate data obtained from the private key such as the hash value of the restored private key as an authentication token without using the message received from the server 300. When the authentication token generation unit 307 generates an authentication token without using the message received from the server 300 as in this example, the message generation process in step S2302 may not be performed. Further, in step S1106, when a second template for performing irreversible conversion to the second registration feature amount is obtained, the authentication token generation unit 307 performs second authentication in step S2207, for example, the same irreversible conversion as in step S1106. An authentication token is generated by performing for the feature amount.

In step S2209, the communication unit 208 transmits the generated authentication token to the server 300. In step S2304, when the verification unit 305 performs verification based on the message and the authentication token transmitted from the authentication terminal 200 and the verification is successful, the biometric authentication system (specifically, for example, the authentication terminal 200) is subjected to verification. For example, a message indicating "authentication success" is output, and an ID of a user who has succeeded in authentication (that is, an ID corresponding to the second template in which authentication is successful) is output. If the verification fails, the biometric authentication system outputs, for example, a message indicating "authentication failure".

However, if the verification is successful for the plurality of second templates, the verification unit 305 may output all the IDs corresponding to each of the plurality of second templates, or the verification unit 305 may output all the IDs corresponding to each of the plurality of second templates, or the second template for which the verification is successful first. A part of the IDs that have been successfully verified may be output, such as outputting the IDs corresponding to the above, or it may be considered that the verification has failed.

For example, when the authentication token generated in S2208 is an electronic signature, in step S2304, the verification unit 305 uses a pseudo-identifier included in the second template specified in step S2301 (in this case, the pseudo-identifier is a public key). ), And based on the message and the authentication token received from the authentication terminal 200, verification is performed by the verification algorithm corresponding to the signature algorithm in step S2208.

Further, for example, when the authentication token generated in step S2208 is the hash value of the secret key, the authentication token generation unit 207 generates the second template so that the pseudo identifier in the second template includes the hash value of the secret key. Then, the verification unit 305 can verify the authentication token by comparing the hash values.

Further, for example, when the authentication token generated in step S2208 is a MAC generated based on the private key and the message, or a MAC generated based on the hash value and the message of the private key, the authentication token generation unit 207 is the second template. If the second template is generated so that the pseudo identifier in the above contains the secret key and the hash value of the secret key, the verification unit 305 can verify the authentication token by using the verification algorithm of MAC.

In the biometric authentication system of this embodiment, the feature amount is extracted so that the correlation between the first registration feature amount and the second registration feature amount is low, and biometric encryption is used as the second template generation process. It has the effect of making it difficult to impersonate the system. The relationship between the first registration feature amount and the second registration feature amount will be described.

As an example of extracting the feature amount so that the correlation is low, another type of living body such as (face, fingerprint) or (face, finger vein) as a combination of the biological information for the first registration and the biological information for the second registration. There are examples of information, and examples of biometric information of the same type but different parts, such as (vein of the index finger of the right hand and vein of the middle finger of the right hand).

Further, the same biometric information (at least one of the site or type) may be selected as the biometric information for the first registration and the biometric information for the second registration, and two feature quantities having a low correlation may be extracted from the same biometric information. .. For example, when both the first registration feature amount and the second registration feature amount are fingerprints of the index finger of the right hand, the position of the feature point of the fingerprint is used as the first registration feature amount, and the second registration feature amount is used. The frequency information of the image of the fingerprint is used as.

Further, for example, even if the first registration biometric information and the second registration biometric information are the same type of biometric information obtained from the same site, the first registration feature amount and the second registration feature amount are generated. In the process of, by performing a predetermined conversion (for example, addition of a predetermined noise) to at least one of them, the correlation between the first registration feature amount and the second registration feature amount can be lowered.

In order to explain the effect of making it difficult to impersonate the biometric authentication system, as an example, the registration terminal 100 extracts the feature amount so that the correlation between the first registration feature amount and the second registration feature amount becomes low. Consider an example in which registration cancelable conversion is performed as the first template generation process and biometric encryption is used as the second template generation process.

In this case, if the stored first template and cancelable parameter are leaked to a third party at the same time, the third party can restore the first registration feature amount. However, since the correlation between the first registration feature amount and the second registration feature amount is low, it is difficult to estimate the second registration feature amount from the first registration feature amount.

On the other hand, by using the biometric encryption method for authentication based on the second registration feature amount, a third party who has not succeeded in estimating the second registration feature amount (second template, past authentication message, and signature). However, it is difficult to generate an authentication token that succeeds in the authentication token verification process in step S2304. Therefore, in the biometric authentication system of this embodiment, by extracting the feature amount so that the correlation between the first registration feature amount and the second registration feature amount becomes low, the registered template, parameter, etc. can be authenticated. Even if necessary information, past authentication messages, and signatures are leaked, it is difficult to spoof using them.

In order to obtain such spoofing difficulty, in the first template generation process, the first template generation unit 105 performs arbitrary conversion for the first registration feature amount instead of the registration cancelable conversion. It may be applied, or the first registration feature amount itself may be determined as the first template (that is, it is equal to the result of the equality conversion of the first registration feature amount).

Further, even if the correlation between the first registration feature amount and the second registration feature amount is not always low, for example, registration cancelable conversion is performed as the first template generation process, and biometric conversion is performed as the second template generation process. When metric encryption is performed, the correlation between the first template and the second registration feature amount becomes low. As a result, even if the first template is leaked to a third party, it is difficult to estimate the second registration feature amount directly from the first template unless the cancelable parameter is leaked. Impersonation to a biometric authentication system becomes difficult. As described above, even when the correlation between the first registration feature amount and the second registration feature amount is not always low, the safety is equal to or higher than that of the conventional cancelable biometrics, and the conventional cancelable biometric is used. It will be a system with a signature generation function, which was not found in metrics.

An example in which cancelable biometrics are used has been described, but in this case the cancelable parameters are stored in the authentication terminal 200, the server 300, or any device connected to these computers.

Further, after storing the cancelable parameters in the DB for storing the parameters, predetermined data is transmitted to the registration terminal 100, the authentication terminal 200, and the server 300 each time the registration process and the authentication process are performed, and each terminal transmits the predetermined data. A method for performing a predetermined cancelable conversion (see, for example, Japanese Patent Application Laid-Open No. 2010-146245) may be used.

Further, in the present embodiment, processing for preventing information leakage, such as further encrypting the first template, the second template, and the network communication, may be further performed. Further, in the present embodiment, the template DB 302 may be held by a storage device other than the server 300.

Further, in the present embodiment, a part of the processing order may be changed. For example, the processes of steps S2205 and S2206 are performed between steps S2204 and S2207, but the order may be changed so that they are performed at any time before step S2207 during the authentication process.

With the biometric authentication system of this embodiment, even if data such as templates and parameters and keys stored for authentication are leaked, it is difficult to impersonate the biometric authentication system, and it is for high-speed, large-scale users. , ID-less personal authentication via the network can be realized.

With such 1: N personal authentication, authentication and payment by online banking can be performed more safely, and it is expected to be applied to national IDs and the like.

Differences from the first embodiment will be described. In the biometric authentication system of this embodiment, the message generation process of step S2302 in the first embodiment is performed by the authentication terminal 200 instead of the server 300.

FIG. 4 is a block diagram showing a configuration example of the biometric authentication system in this embodiment. The authentication terminal 200 further includes a message generation unit 209. The server 300 does not include the message generation unit 304, but may include the message generation unit 304 as in the first embodiment.

FIG. 5 is a sequence diagram showing an example of registration processing and authentication processing in this embodiment. In the first embodiment, the server 300 performs the message generation process (S2302) after the template search process (S2301), but in the present embodiment, the server 300 does not generate the message, and the authentication terminal 200 generates the message.

Following step S2301, in step S2313, the communication unit 306 does not send a message, but sends only the second template. Step S2313 is a process executed in place of step S2303 of the first embodiment.

In step S2217, the message generation unit 209 generates a message. The method of generating a message is the same as that of the first embodiment. The authentication terminal 200 may acquire a message by receiving a message generated by an external device from the device.

Following step S2207, in step S2219, the communication unit 208 sends a message in addition to the authentication token. Step S2219 is a process executed in place of step S2209 of the first embodiment.

In the biometric authentication system of this embodiment, the authentication terminal 200 generates a message to perform authentication using the information generated by the authentication terminal 200, or to sign data such as a document generated by the authentication terminal 200. can do.

Differences from the first embodiment will be described. In the authentication process of the authentication system of this embodiment, the authentication terminal 200 does not receive the second template and generates an authentication token from the second authentication feature amount and the message. The authentication token generation unit 207 uses, for example, a biometric signature in the authentication token generation process.

FIG. 6 is a sequence diagram showing an example of registration processing and authentication processing in this embodiment. In step S1106, the second template generation unit 106 generates the second template based on the second registration feature amount. As an example of step S1106, the second template generation unit 106 generates a bio-public key by unidirectionally converting the registration feature amount in the bio-signature method based on the second registration feature amount (biological public key generation process). ), And the bio-public key is used as the second template.

Following step S2302, in step S2323, the communication unit 306 transmits a message. Step S2323 is a process executed in place of step S2303 of the first embodiment. That is, in this embodiment, the server 300 does not transmit the second template to the authentication terminal 200.

In step S2207, the authentication token generation unit 207 generates a biosignature for an arbitrary message using the signature feature amount in the biosignature method based on the second authentication feature amount extracted in step S2206 and the message. (Biological signature generation process) is performed, and the generated biometric signature is used as an authentication token.

In step S2304, the verification unit 305 performs verification based on the message, the authentication token, and the second template specified in step S2301. For example, when the second template generated in step S1126 is a biometric public key, step S2304 performs signature verification processing in the biometric signature method.

When a plurality of second templates are specified in step S2301, the verification unit 305 may perform signature verification processing on all of the plurality of second templates, and is first specified in step S2301. A part of the second template may be selected by any method such as selecting the second template, and the signature verification process may be performed on the selected second template. The signature verification process in the biometric signature requires more time than the collation process in the normal authentication, but the total authentication time can be shortened by reducing the number of the second templates for which the signature verification process is performed.

By using the biometric signature method, the authentication system of this embodiment is difficult to spoof the system even if data such as templates, parameters and keys stored for authentication are leaked, and is high-speed. It is possible to realize an IDless personal authentication system for large-scale users via a network.

In this embodiment, the message generation process of step S2302 in the third embodiment is performed by the authentication terminal 200 instead of the server 300. Therefore, the differences from the third embodiment will be described below. Since the configuration example of the biometric authentication system of this embodiment is the same as that of the second embodiment (FIG. 4), the description thereof will be omitted.

FIG. 7 is a sequence diagram showing an example of registration processing and authentication processing in this embodiment. In the third embodiment, the server 300 executes the message generation process (S2302) and the message transmission process (S2323) after the template search process (S2301), but in the present embodiment, the server 300 does not perform the message generation and the message transmission. , The authentication terminal 200 generates a message.

Following step S2206, in step S2217, the message generation unit 209 generates a message. The method of generating a message is the same as that of the second embodiment. Following step S2207, in step S2219, the communication unit 208 transmits a message and an authentication token. Step S2219 is a process executed in place of step S2209 of the third embodiment.

In the biometric authentication system of this embodiment, the authentication terminal 200 generates a message to perform authentication using the information generated by the authentication terminal 200, or to sign data such as a document generated by the authentication terminal 200. can do. In particular, in the authentication system of this embodiment, an authentication token for a message can be generated without communication from the server 300 to the authentication terminal 200.

In this embodiment, one terminal (referred to as a client terminal) performs registration processing and authentication processing. FIG. 8 is a block diagram showing a configuration example of the biometric authentication system in this embodiment. As described above, the biometric authentication system in this embodiment includes the client terminal 400. The client terminal 400 is configured by, for example, a computer having the hardware configuration shown in FIG.

The CPU 1001 of the client terminal 400 includes a first biometric information acquisition unit 101, a second biometric information acquisition unit 102, a first feature extraction unit 103, a second feature extraction unit 104, a first template generation unit 105, and a second template generation unit 106. , Search data generation unit 205, authentication token generation unit 207, storage unit 301, template search unit 303, and verification unit 305. The auxiliary storage device 1003 of the client terminal 400 includes the template DB 302.

FIG. 9 is a sequence diagram showing an example of registration processing and authentication processing in this embodiment. The process by the client terminal 400 includes a registration process (S1000) and an authentication process (S2000).

The registration process (S1000) includes the processes of step S1101, step S1102, step S1103, step S1104, step S1105, step S1106, and step S1301. The content of each process is the same as that of the first embodiment.

In the authentication process (S2000), the client terminal 400 first performs the processes of step S2201, step S2202, step S2203, step S2301, step S2205, and step S2206. The content of each process is the same as that of the first embodiment.

Subsequently, in step S2247, the authentication token generation unit 207 performs an authentication token generation process based on the second authentication feature amount and the second template specified in step S2301. In step S2247, the authentication token generation unit 207 may perform the message generation process and the authentication token generation process in the first embodiment or the third embodiment. If the message is not used to generate the authentication token, the message generation process may not be executed.

In step S2248, the verification unit 305 performs verification based on the second template and the authentication token. In step S2248, the verification unit 305 performs, for example, the authentication token verification process according to the first or third embodiment.

A specific example of the processing of steps S2247 and S2248 will be described. However, it is assumed that the template generation process in the biometric encryption method is performed in S1105, and the pseudo-identifier includes the hash value of the secret key.

In step S2247, first, the authentication token generation unit 207 performs a restoration process based on the second authentication feature amount and the second template specified in step S2341 to restore the private key. Then, the authentication token generation unit 207 determines the hash value of the restored private key as the authentication token. In step S2248, the verification unit 305 verifies by comparing the hash value of the secret key included in the pseudo identifier in the second template with the authentication token.

The authentication token generation unit 207 may generate an authentication token for a specific message by using the extracted private key. In this case, by verifying the signature, the client terminal 400 or another device can authenticate the identity of the message creator, approver, etc., and verify that the message has not been tampered with.

According to this embodiment, even if data such as templates and parameters and keys saved for authentication are leaked, it is difficult to spoof the system, and a high-speed, ID-less personal authentication system for large-scale users is provided. It can be realized in one terminal.

The present invention is not limited to the above-described embodiment, and includes various modifications. For example, the above-described embodiment has been described in detail in order to explain the present invention in an easy-to-understand manner, and is not necessarily limited to the one including all the described configurations. It is also possible to replace a part of the configuration of one embodiment with the configuration of another embodiment, and it is also possible to add the configuration of another embodiment to the configuration of one embodiment. Further, it is possible to add / delete / replace a part of the configuration of each embodiment with another configuration.

Further, each of the above configurations, functions, processing units, processing means and the like may be realized by hardware by designing a part or all of them by, for example, an integrated circuit. Further, each of the above configurations, functions, and the like may be realized by software by the processor interpreting and executing a program that realizes each function. Information such as programs, tables, and files that realize each function can be placed in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.

In addition, the control lines and information lines indicate what is considered necessary for explanation, and do not necessarily indicate all the control lines and information lines in the product. In practice, it can be considered that almost all configurations are interconnected.

100 registration terminal, 103 first feature extraction unit, 104 second feature extraction unit, 105 first template generation unit, 106 second template generation unit, 200 authentication terminal, 203 first feature extraction unit, 204 second feature extraction unit, 205 Search data generation unit, 207 Authentication token generation unit, 209 message generation unit, 300 server, 302 template DB, 303 template search unit, 304 message generation unit, 305 verification unit, 400 client terminal, 1001 CPU, 1002 memory, 1003 Auxiliary storage device, 1004 input device, 1005 output device, 1006 communication device

Claims (14)

It is a biometric authentication system
Including registration terminal, authentication terminal and server
The registration terminal extracts the first feature amount for registration and the second feature amount for registration from the biometric information of the person to be registered.
The authentication terminal extracts the first authentication feature amount and the second authentication feature amount from the biometric information of the person to be authenticated.
The registration terminal is
Based on the first collation method , a first template different from the second registration feature amount is determined from the first registration feature amount.
Based on the second collation method , the second template is determined from the second registration feature amount.
The first template and the second template are transmitted to the server, and the first template and the second template are transmitted to the server.
The server holds the first template and the second template in association with each other.
The authentication terminal is
Based on the first collation method , search data is determined from the first authentication feature amount.
The search data is transmitted to the server, and the search data is transmitted to the server.
The server
Based on the first collation method , the first template held by the server is searched, and the first template corresponding to the search data is specified.
Identify the second template that corresponds to the identified first template,
The authentication terminal is
Based on the second collation method , an authentication token is generated from the second authentication feature amount, and the authentication token is generated.
Send the authentication token to the server and
The server is a biometric authentication system, characterized in that it executes an authentication success / failure determination of the authentication target person based on the second collation method , the specified second template, and the authentication token. The biometric authentication system according to claim 1.
The first registration feature amount is obtained from the first biometric information.
The second registration feature amount is a biometric authentication system obtained from a second biometric information of a type different from the first biometric information. The biometric authentication system according to claim 2.
The first biometric information and the second biometric information are biometric information obtained from different sites, which is a biometric authentication system. The biometric authentication system according to claim 1.
The first registration feature amount and the second registration feature amount are obtained from the same biometric information.
A biometric authentication system in which at least one of the first registration feature amount and the second registration feature amount is subjected to a predetermined conversion in the process of generation from the same biometric information. The biometric authentication system according to claim 1.
The registration terminal is
In the second collation method ,
Generate a private key,
A biometric authentication system that determines the second template by using the secret processing of the second registration feature amount with the secret key. The biometric authentication system according to claim 5.
The server
Generate a message,
The message and the specified second template are transmitted to the authentication terminal, and the authentication terminal is sent.
The authentication terminal is
The private key is restored from the specified second template and the second authentication feature amount, and the secret key is restored.
Using the process of generating a signature with the restored private key for the message, the authentication token is generated.
The server is a biometric authentication system that executes the determination using the signature verification process. The biometric authentication system according to claim 5.
The server sends the specified second template to the authentication terminal, and the server sends the specified second template to the authentication terminal.
The authentication terminal is
Generate a message,
The private key is restored from the specified second template and the second authentication feature amount, and the secret key is restored.
Using the process of generating a signature with the restored private key for the message, the authentication token is generated.
The server is a biometric authentication system that executes the determination using the signature verification process. The authentication system according to claim 1.
The registration terminal is
In the second collation method ,
The second registration feature amount is unidirectionally converted to generate a biometric public key.
The bio-public key is determined as the second template, and the bio-public key is determined.
The server
Generate a message,
The message is sent to the authentication terminal, and the message is sent to the authentication terminal.
The authentication terminal generates the authentication token by using the biometric signature generation process based on the second authentication feature amount and the message.
The server is a biometric authentication system that executes the determination by using a verification process for verifying the biometric signature using the biometric public key. The authentication system according to claim 1.
The registration terminal is
In the second collation method ,
The second registration feature amount is unidirectionally converted to generate a biometric public key.
The bio-public key is determined as the second template, and the bio-public key is determined.
The authentication terminal is
Generate a message,
The authentication token is generated by using the biometric signature generation process based on the second authentication feature amount and the message.
The server is a biometric authentication system that executes the determination by using a verification process for verifying the biometric signature using the biometric public key. The biometric authentication system according to any one of claims 6 to 9.
The message is a biometric authentication system that is one-time information. The authentication system according to claim 1.
The registration terminal is
In the first collation method ,
Generate parameters and
A biometric authentication system that determines the first template by using the concealment processing of the first registration feature amount by the parameters. It is a biometric authentication system
It comprises a processor that executes a program and a memory that the processor accesses.
The processor
The first feature amount for registration and the second feature amount for registration are extracted from the biometric information of the person to be registered.
The first authentication feature amount and the second authentication feature amount are extracted from the biometric information of the person to be authenticated.
Based on the first collation method , a first template different from the second registration feature amount is determined from the first registration feature amount.
Based on the second collation method , the second template is determined from the second registration feature amount.
The first template and the second template are associated with each other and stored in the memory.
Based on the first collation method , search data is determined from the first authentication feature amount.
Based on the first collation method , the first template stored in the memory is searched, and the first template corresponding to the search data is specified.
Identify the second template that corresponds to the identified first template,
Based on the second collation method , an authentication token is generated from the second authentication feature amount, and the authentication token is generated.
Based on the second collation method , the specified second template, and the authentication token, the authentication success / failure determination of the authentication target person is executed .
A biometric authentication system characterized by this . It is a biometric authentication method using a biometric authentication system.
The biometric authentication system comprises one or more processors for executing a program and a memory accessed by the processors.
The biometric authentication method is
At the time of registration, one or more of the above processors
The first feature amount for registration and the second feature amount for registration are extracted from the biometric information of the person to be registered.
Based on the first collation method , a first template different from the second registration feature amount is determined from the first registration feature amount.
Based on the second collation method , the second template is determined from the second registration feature amount.
The first template and the second template are associated with each other and stored in the memory.
At the time of authentication, the one or more processors mentioned above
The first authentication feature amount and the second authentication feature amount are extracted from the biometric information of the person to be authenticated.
Based on the first collation method , search data is determined from the first authentication feature amount.
Based on the first collation method , the first template stored in the memory is searched, and the first template corresponding to the search data is specified.
Identify the second template that corresponds to the identified first template,
Based on the second collation method , an authentication token is generated from the second authentication feature amount, and the authentication token is generated.
A biometric authentication method characterized in that a determination of success or failure of authentication of the authentication target person is executed based on the second collation method , the specified second template, and the authentication token. It is a biometric authentication program that causes a biometric authentication system to execute biometric authentication.
The biometric authentication system comprises one or more processors for executing a program and a memory accessed by the processors.
The biometric authentication program is
At the time of registration, to one or more of the above processors
The process of extracting the first feature amount for registration and the second feature amount for registration from the biometric information of the person to be registered, and
A process of determining a first template different from the second registration feature amount from the first registration feature amount based on the first collation method.
A process of determining a second template from the second registration feature amount based on the second collation method, and
The process of associating the first template with the second template and storing them in the memory is executed.
At the time of authentication, to the one or more processors
The process of extracting the first authentication feature amount and the second authentication feature amount from the biometric information of the person to be authenticated, and
A process of determining search data from the first authentication feature amount based on the first collation method, and
A process of searching the first template stored in the memory based on the first collation method and specifying the first template corresponding to the search data.
The process of specifying the second template corresponding to the specified first template, and
Based on the second collation method, a process of generating an authentication token from the second authentication feature amount and
A biometric authentication program characterized by executing a process of determining whether or not the authentication target person has been authenticated based on the second collation method, the specified second template, and the authentication token.

Images