WO2009051250A1 - 登録装置、認証装置、登録方法及び認証方法 - Google Patents
登録装置、認証装置、登録方法及び認証方法 Download PDFInfo
- Publication number
- WO2009051250A1 WO2009051250A1 PCT/JP2008/068925 JP2008068925W WO2009051250A1 WO 2009051250 A1 WO2009051250 A1 WO 2009051250A1 JP 2008068925 W JP2008068925 W JP 2008068925W WO 2009051250 A1 WO2009051250 A1 WO 2009051250A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- unit
- vitro
- vein
- authentication
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/14—Vascular patterns
Definitions
- Registration device Registration device, authentication device, registration method and authentication method
- the present invention relates to a registration device, an authentication device, a registration method, and an authentication method, and is suitable for application to, for example, biometric authentication.
- blood vessels are one of the targets for biometric authentication.
- Hough conversion is performed on the image data obtained as a result of finger imaging so that the number of parameters obtained as a result of the conversion becomes a predetermined number.
- Patent Document 1 there is a proposal that extracts parameters while changing the extraction threshold and uses the extracted parameters as registration data or data to be authenticated as registration data (for example, Patent Document 1). See).
- This authentication device performs pre-processing to determine whether or not the extraction threshold set when extracting parameters from the data to be authenticated is within the allowable extraction threshold range, and the extraction threshold is within the allowable extraction threshold range. In the case of, data to be authenticated is authenticated using parameters.
- this authentication device is set when extracting parameters from the data to be authenticated when there are few components corresponding to the biometric identification target or when there are extremely many noise components other than the biometric identification target. Since the extracted threshold value falls outside the extraction threshold range and authentication is not performed using parameters, the probability of misjudgment that authenticates the person as another person can be reduced, thus improving the authentication accuracy. Can do.
- Patent Document 1 Japanese Unexamined Patent Application Publication No. 2 0 0 7-2 3 3 5 7 4.
- this authentication device has the problem that the extraction threshold and parameters must be registered in a single memory, which increases the memory.
- pre-processing and authentication processing are performed in a module with a high security level, such as an anti-tempered security chip that prevents access from third parties. There are many cases.
- the memory capacity of a module with a high security level is often small, and the extraction threshold and the amount of memory occupied by the parameter are likely to increase compared to the case where the module is not applied.
- the present invention has been made in view of the above points. Let us propose a registration device and a registration method that can reduce the occupation of memory for storing biometric information, and an authentication device and an authentication method that can shorten authentication time. It is what.
- the present invention provides a registration device, an acquisition unit that acquires in vitro information other than a biological part that is a biometric authentication target from a biological image, and a biological unit acquired by the acquisition unit In-vitro registration unit that registers external information in the first storage unit, and in the block that has a higher security level than the acquisition unit, in-vitro registration unit, and first storage unit, about An extraction unit that extracts information to be extracted and a biometric registration unit that is included in the block and registers information related to the organism extracted by the extraction unit in the second storage unit in the block.
- the present invention is also an authentication device, wherein an acquisition unit that acquires in vitro information other than a biological part that is a biometric authentication target from biological image data, in vitro information acquired by the acquisition unit, and first storage In-vitro determination unit that determines whether or not the in-vitro information registered in the unit matches, and the protocol that has a higher security level than the acquisition unit, in-vitro determination unit, and first storage unit. If it is determined that the biometric image data is extracted from the biometric image and the block and the in vitro determination unit matches, the biometric information extracted by the extraction unit and the block A living body determination unit for determining whether or not the information related to the living body registered in the second storage unit matches is provided.
- the present invention is a registration method, wherein the obtaining unit obtains in vitro information other than the living body part to be subjected to biometric authentication from the biometric image data, and the in vitro registration unit includes the first step.
- the extraction unit included in the block having a higher security level than the storage unit includes a third step of extracting information about the living body from the biological image data, a biological registration unit included in the block, and a third step.
- a fourth step of registering in the second storage unit in the block is provided.
- the present invention is an authentication method, wherein the obtaining unit obtains in vitro information other than a living body part to be subjected to biometric authentication from the biometric image data, and the in vitro determination unit includes: A second step for determining whether or not the in vitro information acquired by the step and the in vitro information registered in the first storage unit match, the acquisition unit, the in vitro determination unit, and the first Security than the storage part of When the extraction unit in the block that is in a high level state determines that the third step for extracting information about the living body from the biological image data and the biological determination unit in the block match the in vitro determination unit And a fourth step for determining whether or not the information related to the living body extracted in the third step matches the information related to the living body registered in the second storage unit in the block. did.
- in vitro information and biometric information can be registered in different areas, and authentication using the extravenous information and authentication using the vein information can be performed in a shared manner.
- a registration device and a registration method that can reduce the amount of memory occupied by storing biometric information, and an authentication device and an authentication method that can shorten the authentication time.
- Fig. 1 is a schematic diagram showing the overall configuration of the PMI system.
- FIG. 2 is a schematic diagram showing the configuration of the authentication device according to the present embodiment.
- Fig. 3 is a schematic diagram showing the functional configuration of the control unit and security chip in the registration mode.
- FIG. 4 is a flowchart showing the registration processing procedure.
- FIG. 5 is a schematic diagram showing a functional configuration of the control unit and the security chip in the authentication mode.
- Figure 6 is a flowchart showing the authentication processing procedure.
- the PMI system 1 includes an authentication device 2, a certificate authority server 3, and an attribute certificate authority server 4.
- the authentication device 2 is, for example, a personal computer, obtains a public key certificate (PKC) issued from the certificate authority server 3, and obtains an attribute certificate AC (Attribute Certificate) issued from the attribute certificate authority server 4. Get a certificate.
- PLC public key certificate
- AC attribute Certificate
- the certification authority server 3 is a third party organization for the authentication device 2 and the attribute certification authority server 4 and issues a public key certificate P K C to the authentication device 2 and the attribute certification authority server 4.
- This public key certificate PKC is a certificate that proves that the public key corresponds to the private key owned by the user.
- the user ID such as user name, affiliation and email address, serial number, authentication
- the digital signature is added to the name of the station server 3 and the public key.
- Certificate Authority server 3 guarantees the generated public key certificate P K C by generating a public key certificate P K C with a digital signature added.
- the attribute certification authority server 4 is a third party organization for the authentication apparatus 2 and the certification authority server 3 and issues an attribute certificate AC to the authentication apparatus 2.
- This attribute certificate AC is a public key certificate that is linked to the public key certificate PKC given from the certificate authority server 3 PKC issuer name and serial number, various attribute information of the user, attribute certificate authority server 4 A digital signature is added to the name.
- the attribute certificate authority server 4 guarantees the generated attribute certificate A C by generating the attribute certificate A C with the digital signature added.
- the authentication device 2 has an input unit 1 2, an imaging unit 1 3, a hard disk drive (hereinafter referred to as HDD) 1 4, a security chip 15, communication to the control unit 1 1.
- the unit 16 and the notification unit 17 are connected to each other via a bus 18.
- the control unit 1 1 is a central processing unit (CPU) that controls the entire authentication device 2. Unit), a ROM (Read Only Memory) that stores various programs and setting information, and a RAM (Random Access Memory) as a work memory of the CPU.
- CPU central processing unit
- ROM Read Only Memory
- RAM Random Access Memory
- This control unit 11 determines whether to execute a mode for registering a blood vessel of a user to be registered (hereinafter referred to as a registrant) (hereinafter referred to as a registration mode) or the existence of the registrant.
- a command to execute a mode to perform (hereinafter referred to as an authentication mode) is input from the input unit 12 in response to a user operation.
- the control unit 11 determines a mode to be executed based on the execution instruction, and based on a program corresponding to the determination result, the imaging unit 13, the HDD 14, the security chip 15, the communication unit 16, and the notification unit 1 7 is controlled as appropriate to execute the registration mode or authentication mode.
- the imaging unit 13 has a wavelength within a wavelength range (700 [ ⁇ !] To 900 [nm]) having a characteristic of being specifically absorbed by both deoxygenated hemoglobin and oxygenated hemoglobin. (Hereinafter referred to as near-infrared light) is irradiated onto the target surface on which the finger is to be placed (hereinafter referred to as the finger placement surface).
- a wavelength range 700 [ ⁇ !] To 900 [nm]
- near-infrared light is irradiated onto the target surface on which the finger is to be placed
- the imaging unit 13 uses an image of a vein in a living body part (hereinafter referred to as a vein image) arranged on the finger placement surface as a display (hereinafter referred to as a vein image display).
- the vein image data obtained by generating is sent to the control unit 11 and the security chip 15.
- the HDD 14 captures information on the finger displayed in the vein image data (hereinafter referred to as finger information) as information other than information related to the vein (hereinafter referred to as extra-venous information), and the control unit 1 1
- finger information information other than information related to the vein
- extra-venous information information other than information related to the vein
- imaging conditions The conditions set for section 13 (hereinafter referred to as imaging conditions) are stored.
- the security chip 15 has a computer including a CPU, a ROM that stores various programs and setting information, a RAM as a work memory of the CPU, and a memory that stores data. It becomes impossible to analyze the data being handled, or there is unauthorized access from outside.
- the chip itself is configured as an anti-dumper chip that can prevent forgery, alteration, tampering, etc., so that the chip itself is physically destroyed.
- the security chip 15 generates information related to veins (hereinafter referred to as vein information) that is copied to the vein image data, and records the vein information in a memory in the security chip 15.
- vein information information related to veins
- the communication unit 16 exchanges various data with the certificate authority server 3 and the attribute certificate authority server 4 that are external to the authentication apparatus 2 via a predetermined communication path.
- the notification unit 17 includes a display unit 17 a and an audio output unit 17 b, and the display unit 17 a displays characters and figures based on the display data given by the control unit 11 on the display screen. indicate.
- the audio output unit 1 7 b is configured to output audio based on the audio data given from the control unit 1 1 from the speaker.
- the control unit 11 1 determines the registration mode as the mode to be executed, after notifying the finger placement surface that the finger should be placed via the notification unit 17, as shown in FIG. 1.
- the security chip 15 functions as the patterning unit 31 and the vein information registration unit 32.
- the driving unit 21 drives the light source in the imaging unit 13 with respect to the finger placement surface. Irradiate near infrared light.
- the drive unit 21 also adjusts the lens position of the optical lens in the imaging unit 13 so that the subject is in focus.
- the drive unit 21 adjusts the aperture value of the diaphragm in the imaging unit 13 and the shutter speed (exposure time) for the image sensor based on the vein image data.
- the imaging condition detection unit 24 of the extra-venous information acquisition unit 22 is adjusted by the drive unit 21.
- the focal length is detected based on the saved lens position, etc., and the aperture value and shutter speed are
- Exposure Value is detected based on the speed, and the detected exposure value E V and focal length are generated as imaging condition information and sent to the extra-venous information registration unit 23.
- the finger information extraction unit 25 of the extra-venous information acquisition unit 2 2 represents, for example, the finger width representing the user's characteristics from the vein image data provided from the imaging unit 13 as the imaging result of the imaging unit 13. And the luminance distribution (hereinafter referred to as a histogram) are extracted, and the extracted finger width and histogram are transmitted to the extra-venous information registration unit 23 as finger information.
- a histogram luminance distribution
- the extra-venous information acquisition unit 22 acquires the imaging condition information by the imaging condition detection unit 24 and the finger information by the finger information extraction unit 25, and uses the acquired imaging condition information and finger information as the extra-venous information.
- the extra-venous information registration unit 2 3 outputs the extra-venous information given from the extra-venous information acquisition unit 2 2 to the attribute certification authority server 4 via the communication unit 1 6. It is made like that.
- the extra-venous information registration unit 2 3 outputs the extra-venous information to the attribute certification authority server 4 and at the same time, for example, the public key certificate issued from the certification authority server 3 input via the input unit 12. Output PKC serial number to Attribute Certification Authority server 4 and wait for attribute certificate AC.
- the public key certificate P K C corresponding to the serial number of the public key certificate P K C given from the extra-venous information registration unit 23 3 is acquired from the certification authority server 3.
- the attribute certificate authority server 4 also writes the extra-venous information given by the extra-venous information registration unit 23 in the attribute information area of the attribute certificate AC corresponding to the public key certificate PKC, and uses the signature private key.
- the attribute certificate AC obtained by using the digital signature is output to the authentication device 2. 8 068925
- the extra-venous information registration unit 2 3 registers the attribute certificate AC by storing it in the HDD 14. .
- the patterning unit 31 uses the vein image displayed from the vein image given by the imaging unit 13 as an imaging result in the imaging unit 13 (hereinafter referred to as the vein image). (Referred to as an image).
- the patterning unit 31 after the patterning unit 31 appropriately performs preprocessing such as image rotation correction, noise removal, and image segmentation on the vein image data, for example, a Gaussian fill or Log ( Laplacian Of Gaussian) Sharpening is performed using differential evening such as fill evening.
- the paddering unit 3 1 binarizes the vein image after the sharpening process and thins the vein width uniformly with reference to the center of the vein or the luminance peak displayed in the binarized vein image. It is made to do. Therefore, the patterning unit 31 in this implementation extracts vein information, which is a binary image with a constant vein line width, from a multi-valued vein image.
- the vein information registration unit 32 registers the vein information associated with the extravenous information registered by the extravenous intelligence registration unit 23 by storing it in the memory of the security chip 15.
- control unit 11 can execute the registration mode.
- step SP2 the control unit 11 detects the imaging condition including the exposure value EV and the focal length set when the imaging unit 13 captures a vein image, and proceeds to the next step SP3.
- control unit 11 extracts the finger width and histogram as finger information from the vein image data given as the imaging result in the imaging unit 13, and proceeds to the next step SP 4.
- step SP4 the control unit 11 acquires imaging condition information including the imaging condition detected in step SP2 and extravenous information including finger information extracted in step SP3 as extravenous information.
- the obtained extra-venous information and the serial number of the public key certificate PKC input via the input unit 12 are output to the attribute certification authority server 4 via the communication unit 16 and the next step SP Go to 5.
- step SP5 the control unit 11 acquires the attribute certificate AC given from the attribute certification authority server 4 through the communication unit 16 and moves to the next step SP6.
- step S P 6 the control unit 11 registers the attribute certificate AC given from the attribute certification authority server 4 by storing it in the HD 14, and proceeds to the next step SP 7.
- the security chip 15 patterns the vein line width from the multi-valued vein image by patterning the vein image data given as the imaging result of the imaging unit 1 3-. Extract vein information, which is a constant binary image, and go to the next step SP8.
- the security chip 15 registers the vein information by storing it in the memory of the security chip 15, moves to the next step SP 9 and ends the processing.
- Control unit 1 1 is the mode to be executed When the authentication mode is determined as follows, after notifying that the finger should be placed on the finger placement surface via the notification unit 1 ⁇ ⁇ , as shown in FIG. It functions as a unit 21, an extra-venous information acquisition unit 22, an extra-venous information reading unit 26, and an extra-venous authentication unit 27.
- the security chip 15 functions as a patterning unit 31, a memory 33, a vein information reading unit 34, and a vein authentication unit 35.
- the drive unit 21 drives the imaging unit 13.
- the imaging condition detection unit 24 of the extra-venous information acquisition unit 22 detects an imaging condition including the exposure value EV and the focal length set by the driving unit 21 and extracts the imaging condition as imaging condition information.
- the finger information extraction unit 25 of the extra-venous information acquisition unit 22 2 extracts finger information including the finger width and histogram from the vein image data given from the imaging unit 13. That is, the extra-venous information acquisition unit 22 acquires the imaging condition information and finger information as extra-venous information, and sends the acquired extra-venous information to the extra-venous authentication unit 27.
- the extra-venous information reading unit 26 reads the attribute certificate A C registered in the HD 14 and sends the attribute certificate A C to the extra-venous authentication unit 27.
- the extra-venous authentication unit 27 verifies the attribute certificate AC given from the extra-venous information reading unit 26 using the signature public key of the attribute certification authority server 4. If the verified attribute certificate AC is not tampered with, the extra-venous authentication unit 27 and the extra-venous information described in the attribute certificate AC and the authentication target given by the extra-venous information acquisition unit 22 It is determined whether or not the extra-venous information matches.
- the extra-venous information if it is determined that the extra-venous information does not match, it means that the extra-venous information is different without needing authentication using the extra-venous information. In the previous stage of authentication using vein information, the possibility of the person is extremely low. As a process of authentication failure, for example, the display unit 1 7 a and the voice output unit 1 indicate that the user has not been authenticated. 7 Visually and audibly notify via b. 68925
- the control unit 11 causes the security chip 15 to authenticate using the extraneous information.
- the patterning unit 31 performs processing similar to that performed on the vein image data in the registration mode described above, and sets the vein line width constant from the multi-valued vein image captured by the imaging unit 13.
- the vein information that is the binary image is extracted, and the extracted vein information is sent to the vein authentication unit 35.
- the vein information reading unit 34 reads the vein information registered in the memory 33 and sends the read vein information to the vein authentication unit 35.
- the vein authentication unit 35 determines whether or not the vein information registered in the memory 33 matches the vein information to be authenticated extracted by the patterning unit 31.
- the vein authentication unit 3 5 indicates that the registrants cannot authenticate when it is determined that the vein information does not match, and as a process of authentication failure, for example, the display unit 1 7a and audio output unit 1 7 b Visually and audibly notified via b. '
- vein authentication unit 35 determines that the vein information matches, the vein authentication unit 3 5 can authenticate with the registrant.
- Control unit 1 Sends to 1.
- control unit 1 1 Based on the data given from the vein authentication unit 35, the control unit 1 1 unlocks the locked door for a certain period of time as an authentication success process, or cancels the operation mode to be restricted. Etc. are performed.
- control unit 11 can execute the authentication mode.
- control unit 11 enters from this routine RT 2 and proceeds to the next step SP 11, and the focal length, Set the aperture value, shutter speed, etc., and go to the next step SP 1 2.
- the control unit 11 reads the attribute certificate A C recorded in the HD 14 and verifies the read attribute certificate A C with the signature public key of the attribute certification authority server 4.
- the control unit 11 determines whether or not the attribute certificate AC has been tampered with.If a negative result is obtained, this means that the attribute certificate AC has been tampered with.
- the control unit 11 proceeds to Step SP20.
- step SP 1 2 If an affirmative result is obtained at step SP 1 2, this means that the attribute certificate AC has not been tampered with, and the control unit 1 1 sends extra-venous information from the attribute certificate AC. Read, go to next step SP 1 3.
- control unit 11 detects the imaging condition including the exposure value EV and the focal length set when the imaging unit 13 captures the vein image, and generates the imaging condition as imaging condition information. Then, go to the next step SP 1 4.
- control unit 11 extracts the finger width and histogram from the vein image data given as the imaging result in the imaging unit 13 as finger information, and proceeds to the next step SP 15. Move.
- the control unit 11 compares the extra-venous information described in the attribute certificate AC read from the HDD 14 with the extra-venous information to be authenticated extracted from the vein image data. To determine whether or not authentication using extra-venous information has succeeded. That is, the control unit 11 determines whether or not the extra-venous information read from the HDD 14 matches the extra-venous information to be authenticated.
- step SP 15 If a negative result is obtained in step SP 15, this means that the extra-venous information described in the attribute certificate AC read from HDD 14 and the extra-venous information of the authentication target extracted from the vein image data are displayed. Means that the control data does not match, and the control unit 1 1 proceeds to step SP 1 9.
- step SP 15 if a positive result is obtained in step SP 15, this means that the extravenous information described in the attribute certificate AC read from the HDD 14 and the authentication target extracted from the vein image data are displayed.
- the control unit 1 1 moves to the next step SP 1 6.
- the security chip 15 patterns the vein image data given as the imaging result of the imaging unit 1 3, and makes the vein line width constant from the multi-valued vein image 2 Extracted as vein information, which is an image of the value, moves to the next step SP 17.
- the security chip 15 reads the vein information registered in the memory 33 of the security chip 15, and the authentication target extracted from the read vein information and vein image data. Authentication is performed by comparing with vein information, and it is determined whether authentication by vein information is successful. That is, the security chip 15 determines whether the vein information read from the memory 33 matches the vein information to be authenticated.
- step SP 17 If an affirmative result is obtained in step SP 17, this means that the vein information read from the memory 33 matches the vein information of the authentication target extracted from the vein image data. '5 moves to the next step SP 1 8.
- step SP 18 the control unit 11 executes a predetermined process corresponding to the authentication success, moves to the next step SP 21, and ends the process.
- step SP 17 if a negative result is obtained in step SP 17, this means that the vein information read from the memory 33 does not match the vein information to be authenticated extracted from the vein image data. Means sekiyurite Chip 15 moves to the next step SP 19.
- step SP 19 the control unit 11 executes a predetermined process corresponding to the authentication failure, moves to the next step SP 21, and ends the process.
- step SP 20 the control unit 11 1 performs, for example, a reissue process in which an attribute certificate AC that has not been tampered with is given from the attribute authority server 4 as a recovery process for obtaining the attribute certificate AC that has not been tampered with. After executing, go to the next step SP 21 and end the process.
- the control unit 1 1 acquires extra-venous information to be used in the authentication process before the vein authentication process, and registers the extra-venous information in the HDD 14. I did it.
- the security chip 15 extracts vein information from the vein image data and registers the vein information in the memory 33.
- the control unit 11 authenticates using the extra-venous information
- the security chip 15 authenticates using the vein information, so that the authentication using the extra-venous information and the intravenous vein are performed.
- Authentication time can be shortened because authentication using information can be shared.
- the authentication device 2 registers extra-venous information in the HDD 14, thereby reducing the amount of memory occupied by the security chip 15 by not having to register extra-venous information in the memory 33 of the security chip 15. can do.
- the security chip 15 starts authentication using the vein information.
- the control unit 1 which has a higher processing capacity than the chip 15, performs authentication using extra-venous information, thereby shortening the authentication time because the security chip 15 does not perform authentication using extra-venous information. be able to.
- the control unit 1 1 extracts finger information from the vein image data,
- the finger information is registered in HDD 14 as extra-venous information.
- the authentication device 2 cannot decrypt the vein information itself from the finger information even if the finger information is stolen, so the control unit 1 1 authenticates with the finger information while maintaining the confidentiality of the vein information. It is possible to deny vein images that are likely to be.
- the authentication device 2 when the control unit 11 authenticates using extra-venous information, the imaging condition information is read from the HD 14 as extra-venous information. Accordingly, the authentication device 2 can use not only the imaging condition information as information to be used in the authentication process before the vein authentication process, but also can be used as a setting value of the imaging unit 13.
- the authentication device 2 sets the imaging condition using the imaging condition information registered in the HDD 14 without detecting the optimum imaging condition again when imaging the finger to be authenticated. Therefore, the authentication time can be shortened by the amount of time that can be taken to detect the optimal imaging conditions.
- the security chip 15 is composed of a chip-proof chip or the like. For this reason, the security chip 15 uses the vein information that the control unit 1 1 has successfully authenticated even though the processing capability is inferior to that of the control unit 1 1 while preventing theft of vein information. Therefore, the authentication time can be shortened accordingly.
- the authentication device 2 when the control unit 1 1 stores the extra-venous information in the HDD 14, the extra information is registered in the HDD 14 as the attribute certificate AC digitally signed in the attribute authority server 4. did. As a result, the authentication device 2 can verify the attribute certificate AC using the signature public key of the attribute certificate authority server 4 when the control unit 1 1 authenticates using the extra-venous information. It is possible to check whether the letter AC has been tampered with. Therefore, the authentication device 2 can avoid the erroneous authentication that the authentication succeeds even for another person, which occurs when the extra-venous information is falsified. In the authentication device 2, when the attribute certificate AC is falsified, the attribute certificate AC that has not been falsified is given by the attribute authority server 4 by executing the reissue process as a recovery process. However, it is possible to avoid failure of authentication.
- the authentication device 2 that can reduce the memory occupancy by registering extra-venous information in the HD 14 and registering the vein information in the memory 33.
- the security chip 15 authenticates using the vein information, whereby the authentication device 2 that can shorten the authentication time can be realized.
- a finger is applied as a living body part.
- the present invention is not limited to this, and for example, a palm, a toe, an arm, an eye, or the like is applied. Also good.
- a blood vessel is applied as the biological information.
- the present invention is not limited to this, and for example, a fingerprint, a crest, or a nerve may be applied. .
- the patterning unit 31 sequentially performs preprocessing, sharpening processing, binarization processing, and thinning processing on the vein image data.
- the present invention is not limited to this, and some of these processes may be omitted or replaced, or new processes may be added to these processes. Incidentally, the order of these processes can be changed as appropriate.
- the present invention is not limited to this, and the imaging condition detection unit 24 does not detect the imaging condition, but the imaging condition detection unit 24 sets the imaging unit 13 while setting the imaging condition 13 Furthermore, in the above-described embodiment, the case where the exposure value EV and the focal length are detected as the imaging condition has been described. However, the present invention is not limited to this. First, either the exposure value EV or the focal length may be detected, or the drive unit 21 adjusts the wavelength of near-infrared light in the imaging unit 13 to capture a vein image. The wavelength of the near infrared light may be detected.
- the finger width and the histogram are extracted as the image conditions.
- the present invention is not limited to this, and either the finger width or the histogram is extracted.
- the indirect distance between the first joint of the finger and the second indirect may be extracted from the vein image data.
- the imaging condition information and the finger information are registered and authenticated as extra-venous information.
- the present invention is not limited to this, and either the imaging condition information or the finger information is used.
- One may be registered and authenticated as a pre-processing condition.
- control unit 1 1 verifies the attribute certificate AC read from the HDD 14, and if the attribute certificate AC has been tampered with, executes the reissue process as a recovery process
- the present invention is not limited to this, and as a recovery process, for example, when the attribute certificate AC is stored in advance in a memory window and the attribute certificate AC is falsified
- a backup process may be executed in which the attribute certificate AC that has not been tampered with is read from the memory card.
- the extra-venous information is recorded on the HDD 14. 8068925
- the attribute certificate AC signed by the attribute authority server 4 is stored in the HDD 14, but the present invention is not limited to this.
- a possible external organization may sign a certificate in which the extra-venous information is written and store the signed certificate in the HDD 14.
- the control unit 11 may encrypt the extra-venous information and store the encrypted extra-venous information in the HD D 14.
- the case where the attribute certificate AC signed by the attribute authority server 4 is stored in the HDD 14 when the extra-venous information is recorded in the HDD 14 has been described.
- the invention is not limited to this, and extra-venous information may be stored in the HD D 14 without being signed.
- the present invention is not limited to this, and is installed from a program storage medium such as a CD (Compact Disc), a DVD (Digital Versatile Disc), or a semiconductor memory, or downloaded from a program providing server on the Internet.
- the registration processing procedure or the authentication processing procedure described above may be executed in accordance with the program acquired by dictation.
- the extra-venous information acquisition unit 22 as an acquisition unit
- the extra-venous information registration unit 23 as an in-vitro registration unit
- the patterning unit 31 as an extraction unit
- the vein as a bio-registration unit
- the registration device of the invention and the case where the authentication device 2 as the authentication device is configured have been described.
- the present invention is not limited to this, and an acquisition unit, an in vitro registration unit, and an extraction unit having various other configurations.
- the biometric registration unit, the in vitro determination unit, the biometric determination unit, the first storage unit, and the second storage unit may be configured.
- the present invention can be used in the field of biometric authentication.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Collating Specific Patterns (AREA)
- Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200880110777A CN101821776A (zh) | 2007-10-15 | 2008-10-14 | 登记装置、认证装置、登记方法和认证方法 |
JP2009538184A JP4924718B2 (ja) | 2007-10-15 | 2008-10-14 | 認証装置及び認証方法 |
EP08838690A EP2202685A1 (en) | 2007-10-15 | 2008-10-14 | Registration device, authentication device, registration method and authentication method |
US12/681,648 US20100272326A1 (en) | 2007-10-15 | 2008-10-14 | Registration Device, Authentication Device, Registration Method and Authentication Method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2007268280 | 2007-10-15 | ||
JP2007-268280 | 2007-10-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009051250A1 true WO2009051250A1 (ja) | 2009-04-23 |
Family
ID=40567511
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2008/068925 WO2009051250A1 (ja) | 2007-10-15 | 2008-10-14 | 登録装置、認証装置、登録方法及び認証方法 |
Country Status (6)
Country | Link |
---|---|
US (1) | US20100272326A1 (ja) |
EP (1) | EP2202685A1 (ja) |
JP (1) | JP4924718B2 (ja) |
KR (1) | KR20100069668A (ja) |
CN (1) | CN101821776A (ja) |
WO (1) | WO2009051250A1 (ja) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6197345B2 (ja) | 2013-04-22 | 2017-09-20 | 富士通株式会社 | 生体認証装置、生体認証システム、および生体認証方法 |
KR20160066728A (ko) | 2014-12-03 | 2016-06-13 | 삼성전자주식회사 | 생체 정보를 저장하는 nfc 패키지 및 전자 기기 |
KR101760211B1 (ko) * | 2016-04-04 | 2017-07-21 | 엔에이치엔엔터테인먼트 주식회사 | 안구 인식을 통해 보안이 강화된 인증 방법 및 시스템 |
CN110727966B (zh) * | 2018-07-16 | 2021-11-16 | Oppo广东移动通信有限公司 | 图像处理方法和装置、存储介质、电子设备 |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10248827A (ja) * | 1997-03-17 | 1998-09-22 | Oki Electric Ind Co Ltd | 個人認識装置 |
JPH11339045A (ja) * | 1998-05-27 | 1999-12-10 | Hitachi Ltd | 電子データ確認及び発行方法、その実施装置、その処理プログラムを記録した媒体並びに電子データ記録媒体 |
JP2001052182A (ja) * | 1999-08-13 | 2001-02-23 | Nippon Telegr & Teleph Corp <Ntt> | 個人認証方法及び個人認証プログラムを記録した記録媒体 |
JP2003308524A (ja) * | 2002-04-16 | 2003-10-31 | Nippon Signal Co Ltd:The | アクセスコントロールシステム |
JP2005174067A (ja) * | 2003-12-12 | 2005-06-30 | Toshiba Corp | 生体照合のための登録装置、生体照合を用いた個人認証装置、生体照合を用いた個人認証システム、及び生体照合を用いた個人認証方法 |
JP2005215963A (ja) * | 2004-01-29 | 2005-08-11 | Oki Electric Ind Co Ltd | 個人認証装置及び個人認証方法 |
JP2006059282A (ja) * | 2004-08-24 | 2006-03-02 | Fujitsu Ltd | 生体特徴情報に基づく認証方法 |
JP2007233574A (ja) | 2006-02-28 | 2007-09-13 | Sony Corp | 登録装置、認証装置、データ構造及び記憶媒体 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4601380B2 (ja) * | 2004-10-08 | 2010-12-22 | 富士通株式会社 | 生体認証システムの登録方法、生体認証システム及びそのプログラム |
JP5045344B2 (ja) * | 2007-09-28 | 2012-10-10 | ソニー株式会社 | 登録装置、登録方法、認証装置及び認証方法 |
-
2008
- 2008-10-14 WO PCT/JP2008/068925 patent/WO2009051250A1/ja active Application Filing
- 2008-10-14 KR KR1020107007531A patent/KR20100069668A/ko not_active Application Discontinuation
- 2008-10-14 EP EP08838690A patent/EP2202685A1/en not_active Withdrawn
- 2008-10-14 US US12/681,648 patent/US20100272326A1/en not_active Abandoned
- 2008-10-14 JP JP2009538184A patent/JP4924718B2/ja not_active Expired - Fee Related
- 2008-10-14 CN CN200880110777A patent/CN101821776A/zh active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10248827A (ja) * | 1997-03-17 | 1998-09-22 | Oki Electric Ind Co Ltd | 個人認識装置 |
JPH11339045A (ja) * | 1998-05-27 | 1999-12-10 | Hitachi Ltd | 電子データ確認及び発行方法、その実施装置、その処理プログラムを記録した媒体並びに電子データ記録媒体 |
JP2001052182A (ja) * | 1999-08-13 | 2001-02-23 | Nippon Telegr & Teleph Corp <Ntt> | 個人認証方法及び個人認証プログラムを記録した記録媒体 |
JP2003308524A (ja) * | 2002-04-16 | 2003-10-31 | Nippon Signal Co Ltd:The | アクセスコントロールシステム |
JP2005174067A (ja) * | 2003-12-12 | 2005-06-30 | Toshiba Corp | 生体照合のための登録装置、生体照合を用いた個人認証装置、生体照合を用いた個人認証システム、及び生体照合を用いた個人認証方法 |
JP2005215963A (ja) * | 2004-01-29 | 2005-08-11 | Oki Electric Ind Co Ltd | 個人認証装置及び個人認証方法 |
JP2006059282A (ja) * | 2004-08-24 | 2006-03-02 | Fujitsu Ltd | 生体特徴情報に基づく認証方法 |
JP2007233574A (ja) | 2006-02-28 | 2007-09-13 | Sony Corp | 登録装置、認証装置、データ構造及び記憶媒体 |
Also Published As
Publication number | Publication date |
---|---|
US20100272326A1 (en) | 2010-10-28 |
EP2202685A1 (en) | 2010-06-30 |
JP4924718B2 (ja) | 2012-04-25 |
JPWO2009051250A1 (ja) | 2011-03-03 |
KR20100069668A (ko) | 2010-06-24 |
CN101821776A (zh) | 2010-09-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210334571A1 (en) | System for multiple algorithm processing of biometric data | |
US9773151B2 (en) | System and methods for contactless biometrics-based identification | |
AU2017200935B2 (en) | Method for securing and verifying a document | |
US11997087B2 (en) | Mobile enrollment using a known biometric | |
JP2011023854A (ja) | 情報処理装置、情報処理方法およびプログラム | |
JP2009543176A (ja) | トレースレス生体認証識別システム及び方法 | |
JP2006507700A (ja) | 低価格でスケーラブルなデジタル識別認証を容易にするための方法および装置 | |
USRE48867E1 (en) | Biometric medical antifraud and consent system | |
JP2019508825A (ja) | 生体特徴識別装置及び方法並びに生体特徴テンプレート登録方法 | |
Hosseini | Fingerprint vulnerability: A survey | |
JP4924718B2 (ja) | 認証装置及び認証方法 | |
JP2008287436A (ja) | 静脈パターン管理システム、静脈パターン登録装置、静脈パターン認証装置、静脈パターン登録方法、静脈パターン認証方法、プログラムおよび静脈データ構造 | |
WO2018179723A1 (ja) | 顔認証処理装置、顔認証処理方法及び顔認証処理システム | |
CN101470803B (zh) | 生物体登录方法 | |
JP2008123108A (ja) | 生体情報認証システム | |
Arteche et al. | Data Approach to Biometrics in Cybersecurity with Related Risks | |
KR101783369B1 (ko) | 복수개의 보안 정보를 이용한 인증, 접근, 및 위변조를 통합 관리하는 방법 | |
Kavyashree et al. | FINGERPRINT AND FACE RECOGNITION BASED ATM SYSTEM USING RASPBERRY PI | |
JP2000076443A (ja) | 指紋照合装置と指紋照合方法 | |
JP2008097248A (ja) | 個人認証装置および個人認証方法 | |
JP2009042802A (ja) | 認証システム | |
Subbarao et al. | FPR a Secure and Secured Biometric in Web Banking-Survey | |
Sumner et al. | Biometrics: Fingerprint Authentication | |
JP2005352616A (ja) | 生体情報の登録方法 | |
MX2013005081A (es) | Sistema biometrico para la identificacion de usuarios. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200880110777.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08838690 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12681648 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 20107007531 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2008838690 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009538184 Country of ref document: JP |