WO2013114649A1 - Système, dispositif et procédé d'authentification biologique - Google Patents

Système, dispositif et procédé d'authentification biologique Download PDF

Info

Publication number
WO2013114649A1
WO2013114649A1 PCT/JP2012/069215 JP2012069215W WO2013114649A1 WO 2013114649 A1 WO2013114649 A1 WO 2013114649A1 JP 2012069215 W JP2012069215 W JP 2012069215W WO 2013114649 A1 WO2013114649 A1 WO 2013114649A1
Authority
WO
WIPO (PCT)
Prior art keywords
biometric
data
hash value
biometric authentication
host device
Prior art date
Application number
PCT/JP2012/069215
Other languages
English (en)
Japanese (ja)
Inventor
健志 市毛
浩美 菅生
Original Assignee
株式会社日立メディアエレクトロニクス
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立メディアエレクトロニクス filed Critical 株式会社日立メディアエレクトロニクス
Publication of WO2013114649A1 publication Critical patent/WO2013114649A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1365Matching; Classification

Definitions

  • the present invention relates to a biometric authentication system, a biometric authentication device, and a biometric authentication method, and relates to a biometric authentication device suitable for preventing data forgery and enhancing security by using for embedded devices, and a biometric authentication method.
  • biometric features used include fingerprints, veins, irises, voiceprints, etc.
  • finger vein authentication devices using finger veins are in widespread use.
  • the finger vein authentication apparatus authenticates or identifies an individual by comparing the vein pattern of the user's finger registered in advance with the vein pattern of the finger presented at the time of request.
  • Such a finger vein authentication apparatus generally comprises a light source for irradiating near infrared light to a human finger, an imaging unit for capturing an image of a vein, and a feature extraction unit for extracting a vein pattern from the captured image And an information processing unit that collates with the vein pattern of the user stored in advance and determines whether or not both match.
  • the connection mode of the information processing unit is classified into a host authentication method and a self authentication method.
  • the host authentication method is a method in which an information processing unit is on a server via a network, communicates with an imaging unit, and performs connection and authentication.
  • the self authentication method is a method in which the information processing unit is in the same case as the imaging unit and performs authentication in the apparatus.
  • a system employing a self authentication method is often suitable.
  • the self-authentication method is applicable to small-scale systems because there is no need to build a network system using a dedicated server, and by combining the biometrics module portion and the embedded device host portion, the biometrics module portion can be It is also possible to make the system configuration exchangeable.
  • the host part of the embedded device is a safe and an electronic lock incorporated therein, and a biometric module (finger vein authentication device) is embedded in the door and registered. This is a system configuration that confirms the collation with the biometric data of the person, locks and unlocks.
  • Patent Document 1 discloses such a technique, and the communication between the biometric authentication module and the server is a system for securing confidentiality using public key encryption. From the server, it is possible to confirm the result of biometric authentication at a remote place.
  • the biometric authentication module and host system adopted for the safe, the entry / exit system, etc. are housed in a strong case and operated under the formal control, and the user was not usually in the environment to modify the authentication module. Moreover, it was impossible for a normal user to disassemble as the structure of the device. Therefore, even if biometric authentication data of an individual is stored in the biometric authentication module, it is sufficient if certain data protection measures such as encryption of partial data are provided. Alternatively, it was sufficient to protect data from interception and alteration of communication data on the network as a countermeasure.
  • the known technology related to the conventional biometric authentication module can protect communication data on the network, but measures to prevent tampering of biometric data inside the module under control are insufficient, and self authentication It will be necessary to provide a means of protecting the personal biometric data etc stored in the module.
  • the biometric module is disassembled, investigated, partially altered, and a threat of imitation production occurs. It is also necessary to prevent such imitations.
  • the present invention has been made to solve the above problems, and the object thereof is to steal personal information or to store biometric data stored therein in a biometric authentication system having a self-authentication module for performing authentication processing in the device.
  • An object of the present invention is to provide a highly secure biometric authentication system capable of preventing tampering and forgery of a module.
  • the biometric authentication system of the present invention defines a communication protocol between a host and a module in a form in which a biometric authentication module and a host device are connected and communicate, and operates by a response to a predetermined command. Take the form.
  • the registration of the template of the user who is to authenticate the biometric data is performed under the management of the administrator, and the registration operation of the template is performed by communicating the hash value of the template to the host side. On the host side, this is given a digital signature, and data concerning this signature is sent to the biometric authentication module and stored with the template. Then, the data verification in the module is performed from the host side by the mechanism of challenge and response, and the result of the authentication is also a communication method that can be associated with each authentication request by the mechanism of challenge and response.
  • the biometric module performs data verification at multiple stages at other timings after power on based on the data relating to the signature, detects the presence or absence of data tampering, and controls the operation of the device. Functions are controlled to be executable at each successful verification stage, and the functions are limited if verification fails in the middle.
  • biometric authentication system it is possible to prevent falsification of biometric data stored therein and prevent forgery of the module in a self authentication module that performs authentication processing in the apparatus. Then, in the communication between the host device and the biometric authentication module, not the raw data of the template but the hash value is communicated, so leakage of personal information can be prevented. Then, the biometric authentication module can operate the authentication operation even under non-management of the host device.
  • a biometric authentication system having a self authentication module that performs authentication processing in the device, it is possible to prevent theft of personal information and tampering of biometric data stored in the inside, and also prevent forgery of the module. It is possible to provide a highly secure biometric system.
  • FIG. 1 is a block diagram showing the structure of a biometric authentication module of a biometric authentication system according to an embodiment of the present invention.
  • FIG. 2 is a block diagram showing the structure of a host device of the biometric authentication system according to an embodiment of the present invention.
  • the biometric authentication system is an embedded device that requests personal identification, and the host device and the biometric identification module communicate with each other.
  • biometric authentication for example, finger vein identification is used. Is assumed.
  • the function provided after personal identification is not particularly limited, but, for example, when the host device is an electronic lock, when the electronic lock is unlocked or when the host device incorporates a display device, It is possible to consider (output) a function of confirming confidential information by confirming personal authority by personal authentication.
  • the biometric authentication module 100 is a module that performs biometric authentication by finger vein authentication, and as illustrated in FIG. 1, the processor 101, the illumination unit 102, the imaging sensor 103, the feature extraction unit 104, the hash calculation 105, It consists of collation processing 106, signature verification 107, device number storage IC 108, host I / F 109, data memory 110, work memory 120, and program memory 130.
  • the illumination unit 102 emits near-infrared light to a target finger, and the imaging sensor 103 acquires raw image data of a finger vein.
  • the processor 101 is a central processing unit (CPU) or a digital signal processor (DSP) for performing operation control of the entire module.
  • the work memory 120 is a semiconductor memory which is volatile and temporarily stores work data, and is a RAM (Random Access Memory).
  • the program memory 130 is a storage device in which a program is stored, and is, for example, a semiconductor memory called ROM (Read Only Memory).
  • the data memory 110 is a non-volatile memory that stores data, and is, for example, a flash memory.
  • the data memory 110 stores template data 111, program signature 112, device number signature 113, key data 114, and template data management table 115 (described later in detail).
  • the feature extraction unit 104 is a functional block that generates a feature amount of finger veins, that is, template data from the acquired raw image data.
  • the feature extraction unit 104 may be implemented by dedicated hardware, or may be realized by the processor 101 executing a program stored in the program memory 130.
  • the generated template data is stored as template data 115 of the data memory 110.
  • the registration operation is performed by the processor 101 performing communication via the host I / F 109 and in response to a request from the host device 200 of the embedded device.
  • the same photographing and feature extraction as above are performed with the presented finger, template data is generated, and it is compared with the template data 111 stored in the matching processing unit 106, and the person determination based on the similarity between both Do.
  • the process of the personal identification process is performed by the collation processing unit 106.
  • the collation processing unit 106 may also be implemented by dedicated hardware, or may be realized by the processor 101 executing a program stored in the program memory 130.
  • the template data 111 can store template data corresponding to a plurality of fingers of the user. If a plurality of fingers are stored as template data 111, even if one finger is damaged due to an injury or the like, authentication can be performed using the other finger.
  • the above functions are the same as in the conventional device.
  • the device number storage IC 108 is an IC that holds a serial number unique to each module, and the serial number can not be falsified.
  • the built-in serial number can be read out by communication with the processor 101.
  • MAXIM's DS2401 is an example of an IC having such a function.
  • the hash calculation unit 105 is a functional block that calculates a message digest such as SHA-1, and generates fixed-length data, that is, a hash value for the target data. If the target data changes even by 1 bit, the hash value is It has the characteristic which changes greatly. Since the hash values of different target data match, that is, the probability of collision is extremely small and does not actually occur, the hash value is considered to be a numerical value corresponding to the target data. In addition, it has characteristics as a one-way function, and it is virtually impossible to calculate the original data from the hash value.
  • MAC Message Authentication Code
  • secret secret data
  • a method is used to distinguish between the enemy and the enemy who does not know it.
  • the sender generates and transmits a random number using a challenge and response method. If the receiving side is the friend, it is possible to correctly calculate the hash value (MAC) of the received random number including the known secret.
  • the receiving side returns the calculated hash value (MAC) to the transmitting side, and the transmitting side confirms whether the hash value is correct or not, so that it can be determined whether the receiving side knows the correct secret or not.
  • calculation of the hash value is used for data protection inside the module.
  • the hash calculation unit 105 is a functional block that performs hash calculation, and the secret is stored as a part of data in the key data 114 in the data memory 110, read out as necessary during calculation, and used for calculation. Be done.
  • the reading of the key data 114 needs to be restricted for the purpose of data secrecy, and a part of the data is set such that only the hash calculator 105 and the signature verification unit 107 can access it.
  • the target of data protection in the module is template data, program code, and device number (device ID).
  • the hash calculation unit 105 executes calculation of a hash value in combination with the key data 15 for the program code and the device number (device ID), and the calculated hash value corresponds to the program signature 112 and the device in the data memory 110, respectively. It is stored as the number signature 113.
  • a hash value including a secret generated to verify data is referred to as “signature code” or “signature”.
  • the hash value is stored in the template data management table 115, and the signature code created by the host apparatus 200 is stored in association with the signature code (described later in detail).
  • the secret used for the calculation is stored in an area where there is a read restriction on the key data 114. Since the program code and the device number are written (determined) at the setup (production time) of the module, the signature code corresponding to the program signature 112 and the device number signature 113 is written at the setup.
  • the corresponding hash value is calculated after the user registration and stored in the template data management table 115.
  • the signature verification unit 107 is a functional block that stores and verifies the digital signature received from the host or the digital signature written at the time of setup.
  • the data received by the host I / F 109 may be accompanied by a digital signature, and the corresponding public key is stored in the readable area of the key data 114. This applies to public keys of manufacturers, designated administrators, service providers, etc.
  • Some signature data for verification may be built in the signature verification unit 107.
  • the host I / F 109 is a functional block that communicates with the host, but incorporates an encryption function and encrypts communication data as needed.
  • the communication content conforms to the communication protocol defined between the host and the module.
  • mutual device authentication is performed, a key to be used for encrypted communication is exchanged, and then encrypted data is transmitted and received.
  • An encryption method such as Advanced Encryption Standard (AES) is used to protect communication data.
  • AES Advanced Encryption Standard
  • a command / response method is adopted as a standard communication method, and the module responds to the command from the host side.
  • the communication protocol defines the format of commands and responses, and defines multiple commands for executing the functions of the module.
  • the format of the response to an undefined command, an error code, etc. are also defined, and by checking the data content of the response, it can be detected that an error has occurred for the undefined command.
  • the host I / F 109 physically physically detaches from the host 200 and owns the module for each user.
  • biometric data for one user is held in the module.
  • the host device 200 of the present embodiment includes a processor 201, a communication I / F 202, an input / output I / F 203, a work memory 210, a data memory 220, and a program memory 230.
  • the processor 201 controls each unit of the host device 200 and executes each program stored in the program memory 230.
  • the work memory 210 is a semiconductor memory which is volatile and temporarily stores work data.
  • the data memory 220 is a non-volatile memory that stores data.
  • the data memory 220 stores a hash value management table 221 (described in detail later) and a user DB 222.
  • the program memory 230 is a storage device in which a program is stored.
  • the program memory 230 stores a system program 231, a signature program 232, a communication program 233, an authentication program 234, a user management program 235, and an input / output control program 236.
  • the system program 231 is also referred to as an OS, and is a program that performs an interaction between an application program and an input / output device and performs task scheduling.
  • the signature program 232 is a program for generating a signature code for the hash value transmitted from the biometric module 100.
  • the communication program 233 is a program for communicating with the biometric authentication module 100.
  • the authentication program 234 is a program for performing user authentication based on the biometric authentication result from the biometric authentication module 100.
  • the user management program 235 is a program that performs registration, access, and the like of the user DB.
  • the input / output control program 236 is a program for operating the device based on the authentication result, and is a program for controlling the unlocking of the electronic lock, data display, and the like.
  • FIG. 3 is a diagram showing a software structure (software stack) of a host device of a biometric authentication system and a biometric authentication module according to an embodiment of the present invention.
  • a template data 401 an authentication program 402 for finger vein authentication, a device ID (data) 403, a module control driver 404, a protocol control driver 405, and a communication driver 406 are mounted.
  • the communication driver 406 is software for performing data communication with the host apparatus 200 using the host I / F 109, and is software corresponding to a physical interface.
  • a popular interface is USB (Universal Serial Bus).
  • the protocol control driver 405 is software that implements a communication protocol (command / response method) defined between host modules. Logically in terms of software operation, an operation corresponding to the API driver 410 on the host side is performed.
  • the module control driver 404 is a part that executes module control of each process of the biometric authentication module 100. The authentication operation of the biometric authentication module 100 is executed by the software of the authentication program 402 using each internal functional block.
  • the host side 200 includes software modules such as an information service 407, a firewall 408, an input / output module 409, an API driver 410, and a communication driver 411.
  • software modules such as an information service 407, a firewall 408, an input / output module 409, an API driver 410, and a communication driver 411.
  • the personal authentication request from the information service 407 which is the main function of the host, is sent to the API driver 410, and the operation of the API driver executes command request and response reception.
  • the information service 407 is intended to include various application programs. Each communication operation is processed as a request to the lower communication driver 411. Then, as a result of communication between the two communication drivers 406 and 411, the personal identification request returns to the API driver 410 as response data. If the personal authentication is successful, the API driver 410 sends a request to the firewall 408 to validate the flow of data between the input / output control program 409 and the information service 407. As a result, the electronic lock is unlocked, confidential information is displayed, and the like. If the personal authentication fails, the API driver 410 controls the firewall 408 to close, and the input / output control program 409 is not provided with desired information.
  • predetermined actions such as unlocking of electronic information and information disclosure are realized as a result of performing personal identification by biometric authentication. Do.
  • FIG. 4 is a diagram illustrating the exchange in each case in the communication between the host device and the biometric authentication module.
  • FIG. 4 data serving as keys transmitted and received between the biometric module 100 and the host device 200 are indicated by d101 to d106. Transmission and reception in the command-response method is fundamental, and all data are not shown in consideration of the viewability of the figure (the transmission and reception data as the key are specified).
  • Template registration by hash value Template registration is performed by a manager under regular management. Communication between the host device and the biometric authentication module at this time is encrypted communication.
  • the biometric authentication module uses the hash value d101 of the generated finger vein template data of the user stored in the template data management table 115 as a response (response data) Send back.
  • the host device 200 does not hold the template data itself of the user.
  • the hash value corresponding to the template data is held in the hash value management table 221.
  • the host generates a signature code d102 by the administrator and stores it in the hash value management table 221 , Send it to the module.
  • the response is also returned when the command is normally processed, and it can be confirmed.
  • the signature verification unit 107 verifies the signature code, and if verification is successful, the signature code is stored in the template data management table 115. At the time of this storage, as will be described later, it is assumed that the signature code adds and stores the corresponding data (which identifies the different finger template).
  • (3) Data Verification in Module In order to confirm the correspondence with the request command between the host device 200 and the biometric authentication module 100, a challenge response method is adopted.
  • the challenge d103 includes a random number generated on the host side and a code indicating the type of data to be verified.
  • the module side calculates the hash value (MAC) of the challenge data, using the signature code corresponding to the data of the designated data type as the secret.
  • MAC hash value
  • the characteristic point is that the signature code itself held by the biometric authentication module 100 is not transmitted. If the hash value (MAC) matches the host-side calculation, it can be verified that the data in the module is correct, that is, the data in the module is not falsified. (4) Data Communication Operation of Authentication Result
  • a challenge response method is adopted in order to confirm the correspondence with the request command.
  • the communication data of the authentication result used once is not performed again, and if the data integrity is confirmed, it can be confirmed that the authentication operation has been performed in the module for each request.
  • the challenge d 105 includes a hash value corresponding to the finger type of the template data to be compared with the random number generated on the host side.
  • the matching with the corresponding template data is requested.
  • template data are not exchanged between the host side and the module side, high security against data theft can be secured.
  • the above operation is performed for all registered fingers.
  • the module side collates with the template data corresponding to the designated finger, and uses the signature code (stored in the template data management table 115) corresponding to the designated template data as a secret, and part or all of the challenge data Calculate the hash value (MAC) of the concatenated data of and the user ID.
  • the calculated hash value is sent back to the host as response data d106 including the authentication result.
  • the host side verifies that the received response data d106 matches the hash value calculated independently. If the authentication result is successful, the hash value should match, and if it matches, it can be confirmed that the matching with the user ID and the specified template has succeeded.
  • the hash values do not match, and at this time, the user of the user ID determines that the matching by the template has failed.
  • FIG. 5 is a flowchart showing control at activation of the biometric authentication module.
  • FIG. 5 is a flowchart showing control at activation (activation) of the biometric authentication module.
  • the start is a time after the hard reset is performed after the power is turned on (S301).
  • verification of the device ID is executed (S302), and branching is performed according to the result. Verification is executed by comparing the signature of the device number held in the device number signature 113 with the hash value including the secret and the device number newly read out by the device number storage IC.
  • program verification is executed (S303), and the process branches again based on the result. Verification is performed by reading the program data (all or a part) newly stored in the program signature 112, and comparing the read data with a hash value including a secret.
  • S304 the template data is verified, and a branch is performed according to the result. Verification of template data is performed in two stages, the first stage is verification of the module 100 alone, and the second stage is verification by host-module communication. Template data verification is considered successful only if both the first and second stage verifications are successful.
  • the verification of template data by the module 100 alone in the first stage is performed by the operation of the signature verification unit 107 to verify the corresponding hash value and signature code in the template data management table 115 for individual template data in the template data 111 I do.
  • the template data is falsified, the consistency between the above data is lost, so that falsification can be detected. Verification of template data by communication between host modules in the second stage is the process shown in (3) of FIG.
  • S304 If S304 succeeds, the authentication request of S307 is accepted, and an authentication request command and the like from the host at the time of the authentication operation can be processed. On the other hand, if S304 fails, it indicates that the template is invalid or there is no registration, and the process proceeds to S308 to receive the administrator request.
  • the operation in the case where a plurality of templates are registered and it is detected that a part of the templates is incorrect can be considered in two ways in consideration of the system to be applied.
  • the first one is an operation that does not accept an authentication request on the assumption that there is any tampering if there is even one invalid template, and the other one is an operation that invalidates only the invalid template and accepts the authentication request. It is. Control is performed so as not to perform the matching operation for the invalidated template.
  • step S303 If a failure occurs in step S303, the process proceeds to the maintenance mode of step S306, in which a mode for accepting program update work by the administrator or maker is entered.
  • tamper resistance is enhanced by controlling the operation of the module by data verification in a plurality of stages. If the device ID is forged, the module operation is stopped at that stage. For example, there is control such as stopping an operation clock used internally. If the program code is tampered with, the maintenance mode does not accept requests from ordinary users. Respond only to the rewriting work of the manager's or maker's program. Therefore, the tampering program can not try the matching operation. Data verification is also performed on template data, and control is performed so that verification is performed only on templates for which verification has succeeded. As a result, it is not possible to try a falsified template or artificial template matching operation.
  • FIG. 6 is a diagram for explaining the template data management table.
  • FIG. 7 is a diagram for explaining the hash value management table.
  • the template data management table 115 stored in the biometric authentication module 100 includes header information 801 and management information related to zero or more finger vein template data. In FIG. Is shown.
  • the header information 801 stores management information, and stores information such as a pointer to the template data 111, the number of template data, the creation date, and the update date.
  • the number of templates is four.
  • Valid / invalid of the template is a flag indicating that it is regarded as invalid and not used for authentication when inconsistency or illegal rewriting is found in the template data.
  • Each signature code is data digitally signed by the administrator for each hash value as shown in FIG. 4 (2), and the authenticity of the data can be confirmed with the administrator's public key or the like, and template data Used to protect against tampering threats. Note that the digital signature here does not necessarily have to be based on the public key cryptosystem.
  • the hash value management table 221 stored in the host device 200 also has almost the same structure as shown in FIG. 7 (901 to 905).
  • the hash value (c) is a hash value sent from the biometric authentication module 100.
  • the host apparatus 200 generates a signature code (d) and stores it in the corresponding record (902 to 905). Do.
  • FIG. 8 is a diagram showing a method of generating a hash value of template data according to each case.
  • Simplified Method A hash value is generated from a template data only by a predetermined hash algorithm (such as SHA-1).
  • Device Arbitrary Method The hash value is calculated using the secret and template data.
  • the algorithm uses the same one as the above (1).
  • the device is not fixed, and the hash value is valid for any device.
  • Device fixed method In addition to the secret and template data, a device number is added to calculate a hash value. In this method, the hash value is valid only in the single module specified by the device number. As a result, the strongest security can be realized.
  • FIG. 9 is a flowchart for explaining the communication protocol at the time of template data registration.
  • FIG. 10 is a flowchart for explaining the communication protocol at the time of authentication.
  • a user ID and a service ID are set on the host side and communicated to the module side (S601). .
  • the user ID is an identification code assigned to the user
  • the service ID is an identification code of a service provided by the host.
  • the host side provides a plurality of services, and is designed to cope with the case where the access right is independently managed in each service.
  • the process of S601 corresponds to one command / response, and if this operation is successful, the user ID and the service ID are fixed by the biometric authentication module 100 and the host device 200 unless a change is made thereafter. Ru.
  • a command / response for requesting template generation is performed on the host side and the module side (S602).
  • the biometric authentication module 100 that has received the command corresponding to this executes from capturing of the presented vein image of the finger to generation of template data.
  • a command / response for generating a hash value of template data generated on the module side is performed (S603).
  • the hash value is generated by the method described in the explanation of FIG.
  • This process corresponds to (1) in the description of FIG.
  • the generated hash value is included in response data and sent back to the host device 200.
  • a command / response for giving a signature code corresponding to the template data is performed (S604).
  • the process corresponds to (2).
  • the host device 200 generates an administrator's signature code for the hash value received in S603, and transmits the signature code to the biometric authentication module 100.
  • the received biometric authentication module 100 verifies the signature code, and if successful, stores the signature code in the template data management table 115.
  • a command response for confirming the signature code of the template data stored in the biometric module 100 is performed (S605).
  • This process corresponds to the in-module data verification process of (3) in FIG.
  • the host device 200 transmits the challenge data including the random number and the identification code of the template to the biometric authentication module 100.
  • a hash value of a template may be sent as a necessary parameter.
  • the biometric module 100 uses the corresponding signature code stored in the module as a secret, calculates a random number included in the challenge data and a hash value for other data, and returns it by including it in the response data. If the host calculates using the same formula and matches the received hash value, verification of the signature code of the template data in the module is complete.
  • a command / response for acquiring information on a template stored in a module is performed (S701).
  • a user ID, the number of template data, an identification code (corresponding finger type) of each template data, and the like are acquired as template information.
  • a command response is performed to confirm the signature code of the template in the module designated on the host side and the module side (S703).
  • This is the same communication as S605 in FIG. 9, and the authenticity of the signature code in the module can be confirmed.
  • This communication is a challenge and response transmission / reception as described above.
  • a command / response for requesting the biometrics authentication module 100 to perform an authentication operation is performed.
  • This process is a process corresponding to (4) in FIG.
  • This communication is also a challenge and response transmission / reception.
  • the challenge data includes a hash value corresponding to the finger type of the template data to be compared with the random number generated on the host side.
  • the module side collates with the template data corresponding to the designated finger, and sends an authentication result back to the host.
  • the response data conversion of the authentication result is the same as the part (4) of FIG.
  • the host side can verify the received response data, and can confirm whether the authentication result is successful.
  • biometric authentication module 100 and the host device 200 of the embedded device By configuring the biometric authentication module 100 and the host device 200 of the embedded device as described above, tampering of data in the biometric authentication module 100 can be prevented, tamper resistance can be enhanced, and fabrication of an imitation can be prevented. Can.
  • ... biometric authentication module 101 ... processor, 102 ... illumination unit, 103 ... imaging sensor, 104 ... feature extraction unit, 105 ... hash calculation unit, 106 ... verification processing unit, 107 ... signature verification unit, 108 ... device number storage IC 109: host I / F 110: data memory 120: work memory 130: program memory 200: host device 201: processor 202: communication I / F 203: input / output I / F 210: work Memory, 220 ... data memory, 230 ... program memory.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Collating Specific Patterns (AREA)

Abstract

L'invention concerne un système d'authentification biologique dans lequel un module d'authentification biologique et un dispositif hôte se connectent et communiquent, le protocole de communication entre l'hôte et le module étant défini, et un mode de fonctionnement étant déterminé conformément à une réponse concernant une instruction précise. L'enregistrement d'un modèle, qui correspond à des données biologiques, d'un utilisateur qui exécute une authentification, est effectué sous la gestion d'un gestionnaire, et l'opération d'enregistrement de modèle est effectuée par la communication d'une valeur de hachage du modèle à l'hôte. Du côté hôte, une signature est donnée à la valeur de hachage communiquée, des données associées à la signature sont envoyées au module d'authentification biologique et sont sauvegardées avec le modèle. Conformément à un schéma question/réponse, l'authentification de données dans le module est effectuée du côté hôte, et les résultats de l'authentification peuvent également être associés, conformément au schéma question/réponse, à des requêtes d'authentification individuelles. Cette configuration permet d'empêcher le détournement d'informations personnelles ou l'altération de données biologiques stockées, ainsi que d'empêcher la contrefaçon du module.
PCT/JP2012/069215 2012-02-01 2012-07-27 Système, dispositif et procédé d'authentification biologique WO2013114649A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2012019763A JP2013161104A (ja) 2012-02-01 2012-02-01 生体認証システム、生体認証装置、および、生体認証方法
JP2012-019763 2012-02-01

Publications (1)

Publication Number Publication Date
WO2013114649A1 true WO2013114649A1 (fr) 2013-08-08

Family

ID=48904720

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2012/069215 WO2013114649A1 (fr) 2012-02-01 2012-07-27 Système, dispositif et procédé d'authentification biologique

Country Status (2)

Country Link
JP (1) JP2013161104A (fr)
WO (1) WO2013114649A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10341112B2 (en) * 2014-03-21 2019-07-02 Koninklijke Philips N.V. Soft generation of biometric candidates and references based on empirical bit error probability
US10248846B2 (en) 2014-07-24 2019-04-02 Sony Interactive Entertainment Inc. Information processing device
WO2024091022A1 (fr) * 2022-10-26 2024-05-02 삼성전자 주식회사 Procédé de connexion de dispositifs à l'aide d'informations biométriques et dispositif électronique associé

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000215280A (ja) * 1999-01-26 2000-08-04 Hitachi Ltd 本人認証システム
JP2009026235A (ja) * 2007-07-23 2009-02-05 Univ Of Tsukuba 生体情報の登録方法及び生体認証方法
JP2009037417A (ja) * 2007-08-01 2009-02-19 Toshiba Corp 検証装置及びプログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000215280A (ja) * 1999-01-26 2000-08-04 Hitachi Ltd 本人認証システム
JP2009026235A (ja) * 2007-07-23 2009-02-05 Univ Of Tsukuba 生体情報の登録方法及び生体認証方法
JP2009037417A (ja) * 2007-08-01 2009-02-19 Toshiba Corp 検証装置及びプログラム

Also Published As

Publication number Publication date
JP2013161104A (ja) 2013-08-19

Similar Documents

Publication Publication Date Title
CN111884806B (zh) 用于认证用户或确保交互安全的系统和硬件认证令牌
KR100876003B1 (ko) 생체정보를 이용하는 사용자 인증방법
CN112214745B (zh) 经认证的外部生物特征读取器和验证设备
KR101198120B1 (ko) 홍채정보를 이용한 양방향 상호 인증 전자금융거래시스템과 이에 따른 운영방법
CN107771383A (zh) 使用认证服务器将至少两个认证设备映射到用户账户的方法
US10771441B2 (en) Method of securing authentication in electronic communication
WO2007094165A1 (fr) Systeme, programme et procede d'identification
EP2102790A2 (fr) Système et procédé de sécurité biométrique
CN101202762A (zh) 用于存储和检索身份映射信息的方法和系统
KR20070024569A (ko) 생체 측정 템플릿의 프라이버시 보호를 위한 아키텍처
KR101724401B1 (ko) 생체 정보 인식과 키 분할 방식을 이용한 공인인증 시스템 및 그 방법, 그 방법을 수행하는 프로그램이 기록된 기록매체
KR20150052260A (ko) 액세스 요청을 검증하기 위한 방법 및 시스템
CN109076090A (zh) 更新生物特征数据模板
WO2021111824A1 (fr) Système de signature électronique et dispositif inviolable
CN106161442A (zh) 一种系统控制用户登录方法
JP5183517B2 (ja) 情報処理装置及びプログラム
KR101052936B1 (ko) 생체정보 저장부를 갖는 생체인식매체를 이용한 네트워크기반의 생체인증시스템 및 생체정보 위변조 방지방법
WO2013114649A1 (fr) Système, dispositif et procédé d'authentification biologique
JPWO2006093238A1 (ja) 認証補助装置、認証主装置、集積回路及び認証方法
WO2023022584A1 (fr) Système et procédé de décentralisation d'identification numérique
JP2006293473A (ja) 認証システム及び認証方法、端末装置及び認証装置
WO2011006295A1 (fr) Procédé d’authentification pour équipement d’identification d’utilisateur
JP7230287B1 (ja) リモート署名システム及びリモート署名方法
CN117424709B (zh) 终端设备的登录方法、设备以及可读存储介质
WO2023199619A1 (fr) Système de signature à distance et dispositif antivol

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12867298

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12867298

Country of ref document: EP

Kind code of ref document: A1