JPH09106456A - Personal identification method in card utilization, personal identification system using ic card and ic card used for the system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To attain perfect personal identification by executing personal identification by collating a user's finger print code generated from the finger print pattern of the card user to the person's finger print code. SOLUTION: The finger print pattern G of a true possessor is read by an optical reader such as CCD and the person's finger print K is generated through the use of a microcomputer M1. Then data D is stored in the card C and then electronic-sealed (locked) by setting the person's finger print code K as a key. Then the finger print pattern G of the user is read by the optical reader to generate the user's finger print code K' through the use of a microcomputer M2 and to collate this user's finger print code K' to the person's finger print code K to inspect the coincidence of both codes K and K'. Then both finger print code K and K' coincide with each other, the present card user is judged to be a true possessor.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a personal identification method in card use, an IC card operating system using this method, and an IC card used in this system.

[0002]

2. Description of the Related Art Many cards are circulated in the modern society, but these cards usually have information for personal identification registered therein. The most classical form of registration of personal identification information is to visually engrave a registration number on a plastic card, but for cards that handle data of higher importance, electrical, magnetic or optical is used. By the method, the personal identification number that is the personal identification information is registered in an invisible state. IC cards are representative of those that are electrically registered, magnetic cards that are used in current cash cards and credit cards are those that are magnetically registered, and optical ICs are those that are optically registered.
I have a card.

[0003]

By the way, in the case of IC cards, magnetic cards, optical IC cards, etc., the identification number entered into the terminal device using a ten-key pad or the like is registered in the card in order to confirm the identity when the card is used. This is done by collating it with a personal identification number (hereinafter referred to as the personal identification number on the card). However, this technology is based on the premise that the in-card security code is not known to a third party, so if the in-card security code is known to a third party, the card will be used illegally. . The personal identification number on the card can be leaked due to the carelessness of the card holder, or can be decrypted by analyzing the card itself. In particular, it is not so difficult to obtain a personal identification number as long as the magnetic card has a technology in the field. On the other hand, although the IC card and the optical IC card require high-level technology for analysis, the analysis itself is not completely impossible and the security problem has not been completely eliminated.

In recent years, the field of use of cards has expanded dramatically, despite such security concerns. For example, not only cash cards and credit cards, but also medical cards that manage your personal health and medical history, ID cards that prove your identity, etc.
There is also a concept of a citizen's card that centrally manages income and tax payment status, and its importance has increased remarkably. Recently, the use of each of the above-mentioned cards, especially the IC card, is being considered as a means of payment settlement in electronic transactions on a communication line. From such a situation, it is possible to completely prevent illegal use of the card. There is an urgent need to establish more reliable personal identification methods that can be prevented.

The present invention has been made in view of the above circumstances, and it is possible to almost completely prevent illegal use of a card, and it can be applied to all magnetic cards, IC cards, and optical IC cards, and the card itself is required. Specifications
Is about the same as the conventional one, and aims to provide a method of identifying the person who is in time.

[0006]

[Means for Solving the Problems] The first thing that can be considered in order to prevent unauthorized use of the card is to devise a method of storing the personal identification number in the card, complicate the personal identification number, or encrypt the personal identification number.
However, these methods are difficult to apply to magnetic cards and lack versatility. Even if these measures are taken, it is impossible to completely prevent the decryption of the personal identification number in the card.

[0007] Therefore, the present inventor considers that the in-card personal identification number may be deciphered in principle no matter how the device is devised, and even if the in-card personal identification number is deciphered, it is illegally used. I examined a method to confirm the identity that can be prohibited. As a result, I got the idea that the "fingerprint" can be used as personal identification information. However, if the fingerprint pattern is recorded in the card as it is, a large storage capacity is required, and there is a problem that the storage area for other management data that should be utilized should be pressed. Further, even a magnetic card has a problem that it is impossible to register the fingerprint pattern itself due to its small storage capacity.

As a method for solving such a problem, the present inventor does not register the fingerprint pattern as it is, but
The idea is to create a specific code in which the code length is limited to a range that does not overwhelm the storage area of other data based on the fingerprint pattern, and register this specific code instead of the fingerprint pattern. The present invention completed based on such an idea has the following contents.

According to the invention of claim 1, when the card is used,
In the identity verification method for card usage, which uses the same code as the specific code registered on the card, when issuing the card, the fingerprint pattern of the genuine holder is read and the fingerprint pattern read is used. Based on the same algorithm, the same code is always reproduced with the same fingerprint, and according to the algorithm that guarantees the reproducibility, a specific code that limits the code length to the range that does not press the storage area of other data is created. This specific code is registered as the personal fingerprint code in the card, and when using the card, the fingerprint pattern of the user is read based on the same algorithm as when the personal fingerprint code was created. A specific code is created from the pattern to identify this as a user fingerprint code, and this user fingerprint Card user by collating a personal fingerprint code registered to over de in the card is characterized by determining whether a genuine owner.

Further, according to the invention of claim 2, which is an identity verification system using an IC card which realizes the method, it has an IC card having a memory circuit and a fingerprint reading section for reading a fingerprint pattern of an authentic holder. , If the same fingerprint is always reproduced from this fingerprint pattern, the original fingerprint code whose code length is limited to a range that does not squeeze the storage area of other data according to the algorithm that guarantees the reproduction determinism is always reproduced. When a personal fingerprint code is created, it has a personal fingerprint code creating means for creating, a means for registering the created personal fingerprint code in an IC card, and a fingerprint reading unit for reading the fingerprint pattern of the card user when issuing the card. A user fingerprint code creating means for creating a user fingerprint code from a fingerprint pattern of a card user based on the same algorithm, Card user by collating the use's fingerprint code and the principal fingerprint code is characterized in that and a collating means for determining whether or not authentic holder.

The personal fingerprint code creating means and the user fingerprint code creating means can be shared by the same device.

The personal fingerprint code creating means and the user fingerprint code creating means other than the fingerprint reading section and the matching means may be composed of a CPU and a memory inside the IC card, or a CPU inside a general-purpose personal computer. And a memory.

The invention according to claim 6 which prescribes an IC card used in such a system is a reproduction in which the same code is always reproduced with the same fingerprint as the data accommodating portion for storing transaction contents and privacy information. A key that seals the data in the data accommodating unit with a personal fingerprint code that is created from the fingerprint pattern of the authentic holder according to an algorithm whose determinism is guaranteed and whose code length is limited to a range that does not press other data storage areas. And a personal fingerprint code registration unit for registering as.

[0014]

BEST MODE FOR CARRYING OUT THE INVENTION Next, the details of the present invention will be described with reference to the drawings. FIG. 1 shows the processing contents when the card is issued, and FIG. 2 shows the processing contents when the card is used. Here, a case where an IC card is used as a card will be described. <Process at Card Issuance> First, the fingerprint pattern G of the genuine holder is read by an optical reading device such as a CCD, and a microcomputer (hereinafter referred to as a microcomputer) M is read.
The person's fingerprint code K is created using 1 and the data D is stored in the card C, and then the person's fingerprint code K is used as a key to electronically seal (lock). The data D includes basic data such as first and last name, address, telephone number, and various transaction data. The same algorithm is always used to generate the fingerprint code K from the fingerprint pattern G. This algorithm is open to the public in principle, but it can be closed. The microcomputer M1 for executing the fingerprint code creation work is provided outside the card C when the card C is a memory card not equipped with a CPU, but when the card C is a CPU-mounted IC card, the CPU in the card C is installed. It can be used as the fingerprint code creating microcomputer M1.
From the viewpoint of enhancing security, it is preferable to use the CPU in the card C as a fingerprint code creating microcomputer. When the fingerprint code creating microcomputer M1 is provided outside the card C, the fingerprint code creating microcomputer M1 is made into a board and mounted in an expansion slot of a personal computer (hereinafter referred to as a personal computer), or a CPU mounted in the personal computer body. Also, the memory can be controlled by software and used as a microcomputer for fingerprint code generation. The fingerprint code created by the microcomputer must be guaranteed to have the same reproducibility so that the same code can always be reproduced with the same fingerprint. In addition, the code length of the fingerprint code is set to a range that does not press other data areas, and is usually 5 digits to 10 digits.
Decimal digits. The person's fingerprint code K does not have to be unique, and even if the number of digits is small, there is no practical problem. The personal fingerprint code may consist of only numbers,
It may also contain English characters and other symbols. Various algorithms are conceivable for creating a fingerprint code from a fingerprint pattern. For example, as shown in FIG. 3, the fingerprint pattern is divided into a plurality of areas, and the density of ridges crossing each area is replaced with a numerical value. Creating based on the obtained numerical group, or ridge stump, branch,
It is possible to adopt a numerical method by focusing on the characteristic part of the fingerprint such as delta formation, short rod-shaped or dot-shaped ridges, and bending. In order to prevent the difference in the fingerprint reading position and reading angle from affecting the created fingerprint code, the read fingerprint pattern may be moved to a fixed position in the memory before creating the fingerprint code. desired.

<Processing When Using Card> The fingerprint pattern G ′ of the card user is read by an optical reading device or the like, the user fingerprint code K ′ is created by using the microcomputer M2, and the user fingerprint code K ′ is also created. By collating with the fingerprint code K of the person registered in the card C, both codes K ,,
Verify the match of K '. When the card user is the true holder of the card, the user's fingerprint pattern G'is the same as the person's fingerprint pattern G, so the fingerprint codes K, K 'created from both fingerprint patterns G, G' naturally match. . When the fingerprint codes K and K ′ match, it is determined that the current card user is the genuine holder. The matching unit that determines the matching can be provided inside the card C or outside the card C. If the fingerprint codes K and K ′ match, the protection is released (unlocked) and access to the data in the card and the host computer is permitted. When the card is a magnetic card and does not have a data recording section for transaction contents etc. in the card, the host computer is accessed without accessing the data in the card.
The algorithm for creating the user fingerprint code K ′ is exactly the same as the algorithm for creating the personal fingerprint code K. Microcomputer M1 that created the personal fingerprint code K
And the microcomputer M2 that creates the user fingerprint code H ′ are usually different, but since the algorithm that creates the fingerprint code is the same, the reproducibility of the created fingerprint code is guaranteed. In principle, the matching between the fingerprint code K of the person in question and the fingerprint code K'of the user is made by completely matching all digits. However, the allowable range is set in consideration of the device error of the optical reading device and the standard is somewhat loosened. In some cases.

Such a personal identification method can be used for personal identification in various transactions using a card, for example. Various transactions are withdrawals of deposits and savings, purchases of products by credit cards, and payment for electronic transactions in personal computer communications, and there are many other transactions. IC cards are mainly used as cards for various transactions, but optical IC cards and magnetic cards are not excluded. In the following description, an IC card will be taken as an example to proceed the story.

A fingerprint code collation / registration device 1 as shown in FIG. 4, for example, can be used for registering the fingerprint code when issuing the card and collating the fingerprint code when using the card. The fingerprint code collation / registration device 1 includes a fingerprint reading unit 2
The card reading / writing unit 3 is integrated in one case. Most practically, the fingerprint reading unit 2 uses an optical reading device such as a CCD, but other sensors may be used as long as they can read the fingerprint pattern. The fingerprint code collation / registration device 1 may be an independent device incorporating all the collating means for verifying the fingerprint code creation and the matching between the user fingerprint code and the personal fingerprint code, but as shown in FIG. The parts other than the CCD in each of the above means, such as by connecting P, may be configured by the CPU or memory of the general-purpose personal computer P. The fingerprint code collation / registration device 1 can be installed in a bank or a store, or can be connected to a personal computer communication terminal if a small and simple device is developed.

The card read / write section 3 has a card mounting opening 3a, and a data transfer section 3b is provided inside the card loading opening 3a. The data transfer method may be a contact access method, but it is preferable to adopt a non-contact access method applying a principle such as magnetic induction or electrostatic induction. With the contactless access method, the contact terminals are not exposed on the surface of the card, so that data errors due to contamination of the terminals do not occur and the handling of the card is dramatically improved. If the secondary battery incorporated in the card is charged with electric power supplied by magnetic induction or electrostatic induction, the card can be completely sealed, and the card can be provided with a high degree of water resistance. Further, when a non-volatile memory such as a flash memory is used as the memory in the IC card, electric power for holding the stored contents is unnecessary, and therefore it is not necessary to accommodate a battery in the IC card.

As the IC card C, a memory circuit is mainly used. The IC card C may be either a CPU-mounted type or a non-CPU-mounted type. CPU
In the case of a built-in type, all processing of creating a fingerprint code using the calculation function of the IC card C and collating the created fingerprint code with the personal fingerprint code registered in the card is completed in the card. Security can be further enhanced.

FIG. 6 conceptually shows a state in which the data D in the card is sealed using the fingerprint code K of the person as a key. The memory circuit is configured by integrating memory elements having the same structure, and is divided into a data accommodating portion d and a key portion k for sealing (locking) the same on software. The distribution of the key part k and the data storage part d can be set appropriately. Although FIG. 6 shows the case where the data D in the single data storage section d provided in the card is sealed (locked) with the single key K, other modes can be appropriately adopted. For example, by sealing (locking) a single data storage unit with two or more types of keys, or by dividing the memory in the card into multiple areas by software as shown in FIG. 7, the data provided in each area Accommodation parts da, d
It is also possible to provide different keys A, B, ... For b ,. When providing these multiple keys, the fingerprint code should be used only for the key that allows access to the most important data, and access to other less important data has traditionally been adopted in cash cards. It is conceivable to use a simple password such as

Since the fingerprint code registered in the card is created from the fingerprint pattern and is not entered from the keyboard, it is not necessary to limit the number of digits based on whether manual input is possible. However, if the number of digits is too large, the amount of memory that can be secured as a data storage unit decreases. The code length of the fingerprint pattern is determined in consideration of these things. The fingerprint code does not have to be unique, and even if the number of digits is small, there is no practical problem. According to the present invention, the user fingerprint code created from the user's fingerprint pattern when using the card is compared with the personal fingerprint code registered in the card, so that the same fingerprint code may be created from different fingerprint patterns. Even in such cases, if the frequency is extremely rare, there will be no practical problem. No matter how sophisticated a person is, it is impossible to alter his / her own fingerprint so that the same fingerprint code as the genuine fingerprint code of the genuine holder is created. This means that there is no problem even if the fingerprint code is open to the public. This also means that it is possible to establish a public or private certification authority to authenticate fingerprint codes,
It also means that this certification authority can play the role of the current issuance of seal stamp certificates. When the fingerprint code is not disclosed, it is possible to manually input the fingerprint code without creating the user fingerprint code from the user fingerprint pattern depending on the type of transaction. The manual input of the fingerprint code in this case corresponds to the input of the PIN code in the conventional cash card, and is limited to simple transactions with low importance.
Instead of creating a fingerprint code from a fingerprint pattern, only the secret fingerprint code can be entered directly from the keyboard.

When a certification authority for authenticating the fingerprint code is provided, it is possible to certify that the user of the card is a specific person who has been notified to the certification authority without any doubt. It becomes more certain.
The registration of the fingerprint code to the certification authority may be performed by the registrant visiting the certification authority and causing the fingerprint code matching / registration device installed in the certification authority to read the fingerprint, but the registrant must go to the certification authority. It is also possible to do without it. FIG.
Shows this method, and-in the figure show each step.
Each step will be described below. The applicant for registration applies to the certification authority for the registration procedure of the fingerprint code. If you want to register your fingerprint code, add a 4-digit PIN (for example, 2131) that you have decided
Apply for certification authority Q by mail or personal computer communication. The certification authority Q writes a specific number (for example, 4567) designated by the relevant organization in the memory of the IC card, locks this specific number (4567) with the personal identification number (2131) designated by the applicant for registration, and then the IC card. Will be sent to those who wish to register by mail or home delivery. The registration applicant who has obtained the IC card mounts the IC card C on the fingerprint code collation / registration device 1 connected to the personal computer at home, unlocks it using the personal identification number (2131) specified by himself, and then the certification authority. Specific number specified by Q (456
7) and take out a specific number (456
7) is sent to this certification authority Q. The certification authority Q which received this verifies whether the transmitted specific number (4567) matches the specific number (4567) set by the relevant organization, so that the communication partner manages the certification authority Q. It recognizes that he is a specific applicant for registration and is aware that the procedure for the certification authority Q during this line connection is due to a specific individual. Specific number (456
7) is for the certification authority Q itself to specify the IC card issued by itself, and it does not make sense for the registration applicant to know the contents, so registration is performed by encrypting the specific number (4567). It is also possible to prevent the applicant from knowing. With the communication line open, write basic data such as first and last name, address, telephone number, date of birth, etc. into the memory in the card. The registration applicant reads his / her fingerprint by the fingerprint code collation / registration device 1 and reads the fingerprint code (for example, 47392).
8) is created, and the temporary key 2131 is discarded at this stage, and the personal fingerprint code (473928) is used as an official key. From this point onwards, lock / unlock is only possible with this fingerprint code (473928), and the fingerprint code (473
928) protects the data inside the card. The applicant for registration sends, together with the fingerprint code (473928), basic data such as first and last name, address, telephone number, date of birth, etc. to the certification authority Q for which there is no problem even if disclosed. The transmitted data is registered in the certification authority Q in association with the personal fingerprint code (473928). Since the personal fingerprint code (473928) is created from the personal fingerprint with reproducibility and certainty, it has the same reliability as that of registering the fingerprint in terms of accuracy of personal authentication.
Moreover, since the fingerprint pattern itself is not registered, no privacy problem occurs.

The present invention can be applied not only to various procedures and various transactions that require personal identification, but also to electronic transactions over communication lines which are expected to develop in the future. it can. In the case of electronic transactions through communication lines, fingerprint code verification /
A registration device needs to be connected or built in, but if such a device can be mass-produced, it can be provided at a dramatically low cost, and most of its functions can be performed by the CPU of the personal computer. There are no financial obstacles to its dissemination.

[0024]

According to the present invention, the personal fingerprint code created from the fingerprint pattern of the genuine holder is registered in the card,
Since the user's fingerprint code created from the fingerprint pattern of the card user is used to verify the person's identity when using the card, it is theoretically impossible for a third party to impersonate himself. Yes, almost perfect identity verification is possible. Moreover, since the present invention does not register the fingerprint pattern itself but a fingerprint code created from this fingerprint pattern, the storage capacity in the card to be secured for registering the fingerprint code is small. . Therefore, the present invention can be applied not only to IC cards and optical IC cards but also to magnetic cards, and when it is applied to IC cards and optical IC cards, most of the memory is secured as an area for registering transaction data, privacy data and the like. be able to. In addition, even if a certification authority that authenticates the fingerprint code is established and the environment where the system is legally assured is established, the fingerprint pattern is not registered in the certification authority, so there is no privacy problem. Since it does not occur and the memory capacity for registration is small, the burden on the facility of the certification authority is small.

[Brief description of the drawings]

FIG. 1 is an explanatory diagram showing the concept of locking in the present invention.

FIG. 2 is an explanatory diagram showing the concept of unlocking in the present invention.

FIG. 3 is an explanatory diagram showing an example of a method for creating a fingerprint code from a fingerprint pattern.

FIG. 4 is an explanatory diagram showing an example of a fingerprint code collation / registration device.

FIG. 5 is an explanatory diagram showing an example in which the fingerprint code collation / registration device is connected to a personal computer.

FIG. 6 is an explanatory diagram showing a state in which the memory in the card is divided into a key section and a data storage section on software, and the data in the data storage section is locked with a key.

FIG. 7 is an explanatory diagram showing a state in which the memory in the card is divided into a plurality of areas on software and the data in each area is locked by a separate key.

FIG. 8 is an explanatory diagram showing an example of a method for registering a fingerprint code in a certification authority.

[Explanation of symbols]

G Fingerprint pattern of genuine holder G'Fingerprint pattern of card user M1, M2 Microcomputer D data K Fingerprint code of genuine holder K'Card user's fingerprint code C card 1 Fingerprint code collation / registration device 2 Fingerprint reader 3 Card read / write unit 3a Card slot 3b Data transfer unit d Data storage unit k Key unit da to dz Data storage unit A to Z key Q Certification authority

Claims (6)

[Claims] 1. A method of verifying an identity by using the same code as a specific code registered on the card when using the card, in the method of verifying the identity in the use of the card, when issuing the card, the fingerprint of the genuine holder is used. The pattern is read, and the same code is always reproduced with the same fingerprint based on the read fingerprint pattern.The code length is set within a range that does not overwhelm the storage area of other data according to an algorithm that guarantees the reproducibility of the code. Create a restricted specific code and register this specific code as a personal fingerprint code in the card.When using the card, the fingerprint pattern of the user is read and the same as when creating the personal fingerprint code. Create a specific code from the fingerprint pattern of the card user based on the algorithm and use this as the user fingerprint code With a constant, identification method in card use the card user is then determined whether authentic owner by matching the principal fingerprint code registered the user fingerprint code in the card. 2. An IC card equipped with a memory circuit and a fingerprint reading unit for reading a fingerprint pattern of an authentic holder, and the same code is always reproduced from the fingerprint pattern. A personal fingerprint code creating means for creating a personal fingerprint code whose code length is limited to a range that does not press other data storage areas according to the created algorithm; and a means for registering the created personal fingerprint code in an IC card And a fingerprint reader that reads the fingerprint pattern of the card user when the card is issued, and creates a user fingerprint code from the fingerprint pattern of the card user based on the same algorithm as when creating the fingerprint code of the user. Whether the card user is an authentic holder by comparing the code generation means with the user fingerprint code and the personal fingerprint code An identification system that uses the collating means determines that the IC card with a. 3. The personal identification system using an IC card according to claim 2, wherein the personal fingerprint code creating means and the user fingerprint code creating means are shared by the same device. 4. The IC card according to claim 2, wherein the personal fingerprint code creating means and the user fingerprint code creating means other than the fingerprint reading section and the matching means are constituted by a CPU and a memory inside the IC card. Identity verification system using. 5. The IC card according to claim 2, wherein the personal fingerprint code creating means and the user fingerprint code creating means other than the fingerprint reading portion and the matching means are constituted by a CPU and a memory inside a general-purpose personal computer. Identity verification system using. 6. The data holder for storing transaction contents and privacy information, and the fingerprint pattern of the genuine holder according to an algorithm with which the same code is always reproduced if the fingerprint is the same, and the algorithm is guaranteed to be reproducible. An IC card having a personal fingerprint code registration unit for registering a personal fingerprint code whose code length is limited to a range that does not press other data storage areas as a key for sealing the data in the data storage unit.