WO2021240757A1 - 照合システム、クライアント端末、サーバ装置、照合方法、およびプログラム - Google Patents

照合システム、クライアント端末、サーバ装置、照合方法、およびプログラム Download PDF

Info

Publication number
WO2021240757A1
WO2021240757A1 PCT/JP2020/021262 JP2020021262W WO2021240757A1 WO 2021240757 A1 WO2021240757 A1 WO 2021240757A1 JP 2020021262 W JP2020021262 W JP 2020021262W WO 2021240757 A1 WO2021240757 A1 WO 2021240757A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
collation
calculation
client terminal
calculation result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2020/021262
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
寿幸 一色
寛人 田宮
成泰 奈良
利彦 岡村
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to US17/925,664 priority Critical patent/US12242644B2/en
Priority to PCT/JP2020/021262 priority patent/WO2021240757A1/ja
Priority to JP2022527423A priority patent/JP7428247B2/ja
Publication of WO2021240757A1 publication Critical patent/WO2021240757A1/ja
Anticipated expiration legal-status Critical
Priority to JP2024007191A priority patent/JP7697547B2/ja
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response

Definitions

  • the present invention relates to a collation system, a client terminal, a server device, a collation method, and a program.
  • Biometric authentication is an example of authentication. "Biometric authentication” is a personal authentication method that confirms whether or not the registered person and the person to be authenticated match by collating the biometric information of the registered person with the biometric information of the person to be authenticated. be.
  • biological information is data extracted from some characteristics of an individual regarding the body and behavior, or data generated by converting the extracted data. This data is sometimes referred to as a feature quantity.
  • the "template” is data stored in advance for biometric authentication, including data generated from the biometric information of the registered person (hereinafter referred to as registration information).
  • the client terminal is also referred to as a client or a terminal.
  • the server device is also simply referred to as a server.
  • FIDO Flust IDentity Online
  • the template is saved in the client in advance.
  • the client corresponds to the authenticated person according to the input biometric information and the template. Determine whether or not to do so.
  • the server uses the signature key (private key) possessed by the client and the verification key (verification key) possessed by the server based on the signature generated by the client with the signature key. It is determined whether or not the key (public key) is paired with the key. That is, in FIDO, when the client succeeds in biometric authentication and the server succeeds in verifying the signature of the client, it is finally determined that the user (certified person) is successfully authenticated.
  • data including encrypted biometric information of the registered person is stored in the client in advance as a template. Then, the key for decrypting the encrypted information is also stored in the client.
  • the client decrypts the ciphertext of the biometric information contained in the template using the key, and uses the decrypted biometric information and the input biometric information. , Determine whether the person to be authenticated corresponds to the person to be registered.
  • encrypted biometric information may be stored in the IC (Integrated Circuit) chip of the cash card.
  • Japan's Personal Information Protection Law stipulates that biometric information, which is personally identifiable information, is personal information. Furthermore, the Personal Information Protection Law stipulates that personal information managed in an electronic database or a paper database is subject to protection under the Personal Information Protection Law.
  • the template of each user who uses each client is saved as a database in the common server. Therefore, the template stored in the server is protected by the Personal Information Protection Law.
  • the server administrator is required to protect the server from leaking templates. That is, the security cost is increased as much as the server is protected.
  • the client saves the template of one or a small number of users who use the client. Therefore, it cannot be said that the template is stored as a database. Therefore, the template stored in the client may not be protected by the Personal Information Protection Law.
  • Patent Documents 1 to 3 disclose that a biometric authentication system uses homomorphic encryption that allows calculation while biometric information and the like are encrypted.
  • the present invention is a collation system and a client terminal capable of preventing leakage and spoofing of registered information and reducing the calculation cost for collating the registered information of the registered person with the collated information of the authenticated person. , Server equipment, collation methods, and programs.
  • the collation system includes a client terminal and a server device, and in the client terminal, the registration information is divided into the first information and the second information, and the second information is divided into the server device. Based on the collation information input for collation with the registration information in the secret sharing processing unit provided to the client terminal and the first information, the registration information and the collation information are similar to each other.
  • the first similarity calculation unit that executes the first step of the degree calculation, the first transmission unit that transmits the calculation result of the first step to the server device in the client terminal, and the server device.
  • the second similarity calculation unit that executes the second step of the similarity calculation based on the calculation result of the first step received from the client terminal and the second information.
  • a third similarity calculation unit for executing the third step of the similarity calculation and calculating the similarity between the registered information and the collation information is provided.
  • the client terminal divides the registration information into the first information and the second information, stores the first information, and provides the second information to the server device.
  • Similarity calculation unit a transmission unit that transmits the calculation result of the first step to the server device, and the similarity degree based on the calculation result of the first step and the second information received from the server device.
  • the third step of the similarity calculation is executed, and the similarity between the registered information and the collation information is calculated. It is equipped with a degree calculation unit.
  • the server device uses the calculation result of the first step of the similarity calculation between the first information divided from the registered information and the collation information input for collation with the registered information as a client.
  • the second of the similarity calculation is based on the calculation result of the first step received from the terminal and the second information of the first information and the second information divided from the registration information.
  • the third step of the similarity calculation based on the second similarity calculation unit for executing the step and the calculation result of the second step by the client terminal based on the calculation result of the second step and the first information.
  • a transmission unit for transmitting to the client terminal is provided in order to execute the above.
  • the collation method is a collation method in a collation system including a client terminal and a server device, and the registration information is divided into first information and second information by the client terminal.
  • the registration information and the collation are based on the collation information that provides the second information to the server device and is input by the client terminal for collation with the registration information and the first information.
  • the first step of the similarity calculation with the information is executed, the calculation result of the first step is transmitted to the server device by the client terminal, and the first step received from the client terminal by the server device.
  • the second step of the similarity calculation is executed, the calculation result of the second step is transmitted to the client terminal by the server device, and the client terminal transmits the calculation result of the second step.
  • the third step of the similarity calculation is executed, and the similarity between the registration information and the collation information is determined. Including to calculate.
  • the program for the client terminal divides the registration information into the first information and the second information, stores the first information, and provides the second information to the server device.
  • the first step of the similarity calculation between the registration information and the collation information is executed.
  • the first similarity calculation process the transmission process of transmitting the calculation result of the first step to the server device, the calculation result of the first step received from the server device, and the second information.
  • the third step of the similarity calculation is executed, and the similarity between the registered information and the collation information is calculated. Let the computer execute the similarity calculation process.
  • the program for the server device calculates the similarity between the first information divided from the registered information and the collation information input for collation with the registered information in the first step.
  • the result is received from the client terminal, and the similarity calculation is performed based on the calculation result of the first step and the second information of the first information and the second information divided from the registration information.
  • the similarity calculation process for executing the second step and the calculation result of the second step are calculated by the client terminal based on the calculation result of the second step and the first information.
  • the computer is made to execute the transmission process of transmitting to the client terminal.
  • the present invention it is possible to prevent leakage and spoofing of registered information and reduce the calculation cost for collating the registered information of the registered person with the collated information of the authenticated person.
  • FIG. 1 is a block diagram showing a configuration example of the collation system of the first embodiment.
  • the collation system 10 shown in FIG. 1 includes a client 100 and a server 200. Although one client 100 is shown in FIG. 1, a plurality of clients 100 may exist.
  • the client 100 and the server 200 can communicate with each other via a communication network.
  • a challenge-response method is introduced in the collation system 10 of the present embodiment so as to prevent spoofing.
  • the server 200 sends a different challenge to the client 100 for each authentication, and the client 100 calculates the response corresponding to the challenge, so that the value of the response is changed for each authentication.
  • the client 100 includes a registration information input unit 110, a distributed processing unit 120, a random number generation unit 130, a storage unit 140, a collation information input unit 150, a commitment generation unit 160, and a commitment transmission. It includes a unit 165, a response generation unit 170, a response transmission unit 175, and an output unit 180.
  • the registration information input unit 110 accepts the input of registration information.
  • the biometric information of the registered person is input to the registration information input unit 110 as the registration information.
  • the case where the registration information and the collation information described later (information input for collation with the registration information) are represented by a vector having a common dimension as a feature amount is taken as an example. explain.
  • the registration information input unit 110 may be an input device corresponding to the registration information.
  • the registration information input unit 110 is an input device that reads the fingerprint, extracts a vector to be registration information from the fingerprint, and accepts the vector as input. May be good.
  • the registration information input unit 110 may be an input device in which a vector to be registration information is directly input.
  • the biological information may be extracted from the iris, retina, face, blood vessel (vein), palm print, voice print, or a combination thereof in addition to the fingerprint.
  • the biological information may be extracted from other information that can identify the living body other than the above-mentioned example.
  • the vector corresponding to the biometric information (registration information) of the registered person input to the registration information input unit 110 is indicated by x.
  • the distributed processing unit 120 secretly distributes the biometric information x of the registered person input to the registration information input unit 110.
  • secret sharing for example, 2-out-of-2 linear secret sharing may be used.
  • the distributed processing unit 120 divides the biological information x and inputs a part of the information (that is, the first information) to the storage unit 130 as a template. Further, the distributed processing unit 120 provides the server 200 with another part of the information (that is, the second information) divided from the biometric information x as a verification key. This information is encrypted and kept secret.
  • the collation information input unit 150 accepts input of collation information.
  • the biometric information of the person to be authenticated is input to the collation information input unit 150 as the collation information.
  • the registration information and the collation information are represented by vectors having a common dimension as feature quantities.
  • the collation information input unit 150 may be an input device corresponding to the collation information.
  • the collation information input unit 150 is an input device that reads the fingerprint, extracts a vector to be collation information from the fingerprint, and accepts the vector as input. May be good.
  • the collation information input unit 150 may be an input device in which a vector to be collation information is directly input.
  • the registration information input unit 110 and the collation information input unit 150 may be a common input device.
  • the vector corresponding to the biometric information (verification information) of the authenticated person input to the collation information input unit 150 is referred to as y.
  • the random number generation unit 140 generates a random number R.
  • the random number generation unit 140 inputs the generated random number R to the storage unit 130.
  • the commitment generation unit 160 generates a commitment by using the random number R stored in the storage unit 130, a part of the template, and the biometric information y of the authenticated person.
  • the commitment transmission unit 165 executes a transmission process of transmitting the generated commitment to the server 200.
  • the response generation unit 170 generates a response by using the challenge received from the server 200, another part of the template, and the biometric information y of the authenticated person.
  • the response generation unit 170 can use the encrypted information among the information used for response generation without decrypting it.
  • the response transmission unit 175 executes a transmission process of transmitting the generated response to the server 200.
  • the output unit 180 receives the determination result for the response from the server 200 and outputs the determination result.
  • the determination result indicates the authentication result of whether or not the registered person and the authenticated person match.
  • the distributed processing unit 120, the commitment generation unit 160, the commitment transmission unit 165, the response generation unit 170, the response transmission unit 175, and the output unit 180 are, for example, a CPU (Central Processing Unit) of a computer that operates according to a program for a client terminal. And it is realized by the communication interface of the computer.
  • the CPU reads a program for a client terminal from a program recording medium such as a program storage device of a computer, and uses a communication interface according to the program to use a distributed processing unit 120, a random number generation unit 140, a commitment generation unit 160, and a commitment. It may operate as a transmission unit 165, a response generation unit 170, a response transmission unit 175, and an output unit 180.
  • the random number generation unit 140 is realized by, for example, a CPU of a computer that operates according to a program for a client terminal.
  • the CPU may read the program for the client terminal from the program recording medium as described above, and operate as the random number generation unit 140 according to the program.
  • the storage unit 130 is realized by, for example, a storage device included in a computer.
  • the server 200 includes a storage unit 210, a random number generation unit 220, a challenge generation unit 230, a challenge transmission unit 235, and a determination unit 240.
  • the storage unit 210 receives a part of the biometric information x of the registered person received from the client 100, and stores a part of the received biometric information x as a verification key. Further, the storage unit 210 can also store the random number r1 described later and the range information used for the determination process.
  • the random number generation unit 220 generates a random number r1.
  • the random number generation unit 220 inputs the generated random number r1 to the storage unit 210.
  • the random number r1 is used for generating a challenge to be transmitted to the client 100 and the like, as will be described later.
  • the challenge generation unit 230 uses the commitment received from the client 100 and a part of the biometric information x stored in the storage unit 210 as a verification key to generate a challenge.
  • the challenge transmission unit 235 executes a transmission process of transmitting the generated challenge to the client 100.
  • the determination unit 240 determines whether or not the value of the response received from the client 100 is within a predetermined range.
  • the range information regarding the response value may be acquired from the storage unit 210.
  • the determination unit 240 determines whether or not the collation information and the registration information correspond to each other by determining whether or not the response value is within a predetermined range. That is, the determination unit 240 determines whether or not the registered person and the authenticated person match.
  • the determination unit 240 determines that the collation information and the registration information correspond to each other when the response value is within a predetermined range. That is, it is determined that the registered person and the authenticated person match (authentication success). Further, the determination unit 240 determines that the collation information and the registration information do not correspond to each other if the response value is not within a predetermined range. That is, it is determined that the registered person and the authenticated person do not match (authentication failure). The determination unit 240 transmits information indicating the determination result to the client 100.
  • the post-authentication process may be executed.
  • the server 200 sends the determination result of the determination unit 240 to the client 100, and the client 100 receives the determination result that the registered person and the authenticated person match, the authentication is successful.
  • the post-authentication process may be executed.
  • the device that executes the post-authentication process is not limited to the client 100, and the device other than the client 100 authenticates on condition that the determination result that the registered person and the authenticated person match is obtained. Subsequent processing may be executed.
  • the challenge generation unit 230, the challenge transmission unit 235, and the determination unit 240 are realized by, for example, a CPU of a computer that operates according to a program for a server device, and a communication interface of the computer.
  • the CPU reads a program for a server device from a program recording medium such as a computer program storage device, and operates as a challenge generation unit 230, a challenge transmission unit 235, and a determination unit 240 using a communication interface according to the program. do it.
  • the random number generation unit 220 is realized by, for example, a CPU of a computer that operates according to a program for a server device.
  • the CPU may read the program for the server device from the program recording medium as described above, and operate as the random number generation unit 220 according to the program.
  • the storage unit 210 is realized by, for example, a storage device included in a computer.
  • FIG. 2 is a flowchart showing an example of the flow of the registration process in the first embodiment.
  • the input biometric information is secretly distributed between the template and the verification key, the template is stored in the client 100, and the verification key is stored in the server. The details of the matters already described will be omitted.
  • step S202 the distributed processing unit 120 executes secret sharing of the input biometric information x.
  • a part of the information divided from the biological information x (that is, the first information) is used as a template, and another part of the information divided from the biological information x (that is, the second information) is used as a verification key.
  • ⁇ (X 1 [i], x 2 [i]) ⁇ is used as a template, and ⁇ x 3 [i] ⁇ is used as a verification key.
  • the distributed processing unit 120 provides the verification key ⁇ x 3 [i] ⁇ to the server 200.
  • step S203 the storage unit 130 of the client 100 stores the template ⁇ (x 1 [i], x 2 [i]) ⁇ . Further, in step S204, the storage unit 210 of the server 200 stores the verification key ⁇ x 3 [i] ⁇ provided by the client.
  • the registration process described above may be repeatedly executed.
  • the biometric information x is distributed and registered in the client 100 and the server 200. Therefore, even if a part of the registered information is leaked from either the client 100 or the server 200, the personal information is protected because it is not the information that can identify the individual by itself.
  • FIG. 3 is a flowchart showing an example of the flow of the authentication process in the first embodiment.
  • the authenticated person is authenticated by using the two-party secret calculation between the client 100 and the server 200. The details of the matters already described will be omitted.
  • step S301 the collation information input unit 150 of the client 100 accepts the input of the biometric information y of the authenticated person.
  • step S302 the commitment generation unit 160 generates a commitment using the biometric information y and a part of the template (x 2 [i]) stored in the storage unit 210.
  • the commitment transmission unit 165 transmits the generated commitment to the server 200.
  • step S303 the challenge generation unit 230 of the server 200 generates a challenge using the commitment received from the client 100 and the verification key ⁇ x 3 [i] ⁇ stored in the storage unit 210.
  • the challenge transmission unit 230 transmits the generated challenge to the client 100.
  • step S304 the response generation unit 170 of the client 100 generates a response using the biometric information y, a part of the template (x 1 [i]), and the challenge received from the server 200. ..
  • the response transmission unit 175 transmits the generated response to the server 200.
  • step S305 the determination unit 240 of the server 200 determines whether or not the value of the response received from the client 100 is within a predetermined range.
  • the authentication result indicating "authentication success” is generated assuming that the registered person and the authenticated person match.
  • an authentication result indicating "authentication failure” is generated assuming that the registered person and the authenticated person do not match.
  • the determination unit 240 transmits the generated authentication result to the client 100.
  • step S306 the output unit 180 of the client 100 outputs the determination result received from the server 200.
  • the authentication result may be output directly from the server 200. Further, the above-mentioned authentication process may be repeatedly executed.
  • the authentication process of the biometric information y of the subject to be authenticated is performed between the client 100 and the server 200 based on the challenge-response method.
  • the calculation of the degree of similarity between the biometric information x of the registered person and the biometric information y of the authenticated person, which is performed in the challenge-response method, is performed by using a secret calculation using homomorphic encryption. The calculation of the similarity will be described in the following specific example.
  • the biometric information x of the registered person and the biometric information y of the authenticated person are common n-dimensional vectors. Further, the degree of similarity between the biological information x and the biological information y is calculated by the inner product of the biological information x and the biological information y.
  • FIG. 4 is an explanatory diagram showing a specific example of the registration process in the present embodiment.
  • the distributed processing unit 120 stores ⁇ (x 1 [i], x 2 [i]) ⁇ in the storage unit 130 as a template, and provides ⁇ x 3 [i] ⁇ to the server 200 as a verification key.
  • FIG. 5 is an explanatory diagram showing a specific example of the authentication process in the present embodiment.
  • the random number generation unit 140 of the client 100 randomly selects a random number R ⁇ ⁇ p.
  • Z represents a set of whole integers.
  • the commitment transmission unit 165 transmits the generated commitment com to the server 200.
  • the group operation is performed in a form that does not depend on the number of dimensions of the vector.
  • the challenge transmission unit 235 transmits the generated challenge to the client 100.
  • the above value sum is encrypted by homomorphic encryption.
  • the group operation is performed in a form that does not depend on the number of dimensions of the vector.
  • the response transmission unit 175 transmits the generated response to the server 200.
  • the responses resp1 and resp2 are ciphertexts of the inner product.
  • the determination unit 240 of the server 200 determines whether or not the value represented in the following (3) by the response is included in the predetermined range Decrange.
  • the determination unit 240 transmits the determination result to the client 100.
  • the inner product x ⁇ y for calculating the degree of similarity between the biological information x and the biological information y can be calculated by the following equation (4).
  • x 1 ⁇ y is calculated by the client 100.
  • information about x 1 is not provided to the server 200.
  • x 2 x 3 ⁇ y is calculated by using the secret calculated between the client 100 and the server 200. Since x 2 and x 3 are multiplicative secret shares of x 2 and x 3 , the calculation result of x 2 and y may be multiplied by x 3 by using the secret calculation on the server 200.
  • Homomorphic encryption is used to add x 1 ⁇ y while keeping the calculation result of x 2 x 3 ⁇ y secret. Therefore, since the number of encryptions does not depend on the number of dimensions of the vector, the number of group operations in the authentication process also does not depend on the number of dimensions. Therefore, it is possible to suppress an increase in the number of group operations due to an increase in the number of dimensions of the vector, and it is possible to reduce the calculation cost.
  • the second embodiment is different from the first embodiment in that the biometric information y of the person to be authenticated is divided in the authentication process. Further, the processes related to the commitment, the challenge, and the response are performed for each of the divided portions of the biometric information y. Since the registration process is the same as that of Specific Example 1, the description thereof will be omitted.
  • FIG. 6 is an explanatory diagram showing another specific example of the authentication process in the present embodiment.
  • the random number generation unit 140 randomly selects two random numbers R 1 and R 2 ⁇ ⁇ p.
  • the commitment transmission unit 165 transmits the generated commitment com1 and com2 to the server 200.
  • the group operation is performed in a form that does not depend on the number of dimensions of the vector.
  • the challenge transmission unit 235 transmits the generated challenge to the client 100.
  • the group operation is performed in a form that does not depend on the number of dimensions of the vector.
  • the response transmission unit 175 transmits the generated response to the server 200.
  • the determination unit 240 of the server 200 determines whether or not the value represented in the following (7) by the response is included in the predetermined range Decrange.
  • the determination unit 240 transmits the determination result to the client 100.
  • the verification information y may be divided and the authentication process may be performed.
  • FIG. 7 is a schematic block diagram showing a hardware configuration example of a computer related to the client and the server of the present embodiment.
  • the computer used as a client and the computer used as a server are separate computers.
  • the computer 700 includes a CPU 701, a main storage device 702, an auxiliary storage device 703, an interface 704, and a communication interface 705.
  • the client and server of this embodiment are realized by the computer 700.
  • the computer used as a client and the computer used as a server are separate computers.
  • the operation of the computer 700 that realizes the client is stored in the auxiliary storage device 703 in the form of a program for the client terminal.
  • the CPU 701 reads the program for the client terminal from the auxiliary storage device 703, expands it to the main storage device 702, and executes the operation of the client described in the present embodiment according to the program for the client terminal.
  • the operation of the computer 700 that realizes the server is stored in the auxiliary storage device 703 in the form of a program for the server device.
  • the CPU 701 reads the program for the server device from the auxiliary storage device 703, expands it to the main storage device 702, and executes the operation of the server described in the present embodiment according to the program for the server device.
  • Auxiliary storage 703 is an example of a non-temporary tangible medium.
  • Other examples of non-temporary tangible media include magnetic disks, optical magnetic disks, CD-ROMs (Compact Disk Read Only Memory), DVD-ROMs (Digital Versatile Disk Read Only Memory), which are connected via interface 704. Examples include semiconductor memory. Further, when the program is distributed to the computer 700 by the communication line, the distributed computer 700 may expand the program to the main storage device 702 and operate according to the program.
  • each component of the client may be realized by a general-purpose or dedicated circuitry, a processor, or a combination thereof. These may be composed of a single chip or may be composed of a plurality of chips connected via a bus. A part or all of each component may be realized by the combination of the circuit or the like and the program described above. The same applies to the server. ⁇ 1.7. Explanation of effect>
  • the biometric information x of the registered person is secretly shared between the client 100 and the server 200, information leakage in a state in which an individual can be identified can be prevented.
  • the collation system 10 of the present embodiment authenticates by the challenge-response method, the response value is changed for each authentication. That is, even if an attacker eavesdrops on the response value, spoofing can be prevented because the eavesdropped value is no longer usable in the next authentication.
  • the similarity calculation between the biometric information x of the registered person and the biometric information y of the authenticated person is performed by a secret calculation using homomorphic encryption, and the number of times of encryption does not depend on the number of dimensions of the vector. Therefore, the number of group operations with a large calculation cost does not depend on the number of dimensions, and the calculation cost can be reduced. That is, it is possible to shorten the calculation time required for the similarity calculation and speed up the calculation process.
  • the predetermined range Decrange may be changed for each user and each client. Further, the predetermined range Decrange may be changed according to an external factor or the like. Examples of external factors include the frequency of authentication accepted by the server, the frequency of suspicious access, the state of the communication network and the load of the CPU, and the like. If the predetermined range Decrange is changed, the load on the communication network and the CPU may be reduced.
  • a collation system that executes the registration process may be configured.
  • a registration collation system may be configured by a client including a registration information input unit 110, a distributed processing unit 120, a storage unit 130, and a server including a storage unit 210.
  • a collation system that executes the authentication process may be configured.
  • a verification system for authentication may be configured by a server including a unit 220, a challenge generation unit 2230, a challenge transmission unit 235, and a determination unit 240.
  • FIG. 8 is a block diagram showing a configuration example of the collation system of the second embodiment.
  • the collation system 20 of the present embodiment includes a client 800 and a server 900. Although one client 800 is shown, a plurality of clients 800 may exist.
  • the client 800 and the server 900 can communicate with each other via a communication network.
  • the client 800 includes a distributed processing unit 810, a commitment generation unit 820, a commitment transmission unit 825, a response generation unit 830, and a response transmission unit 835.
  • the server 900 includes a challenge generation unit 910 and a challenge transmission unit 915. The specific operation of each component will be described later.
  • the distributed processing unit 810, the commitment generation unit 820, the commitment transmission unit 825, the response generation unit 830, and the response transmission unit 835 are, for example, a CPU (Central Processing Unit) of a computer that operates according to a program for a client terminal. And it is realized by the communication interface of the computer.
  • the CPU reads a program for a client terminal from a program recording medium such as a program storage device of a computer, and uses a communication interface according to the program to generate a commitment generation unit 820, a commitment transmission unit 825, a response generation unit 830, and a response generation unit 830. It may operate as a response transmission unit 835.
  • the challenge generation unit 230, the challenge transmission unit 235, and the determination unit 240 are realized by, for example, a CPU of a computer that operates according to a program for a server device, and a communication interface of the computer.
  • the CPU reads a program for a server device from a program recording medium such as a computer program storage device, and operates as a challenge generation unit 230, a challenge transmission unit 235, and a determination unit 240 using a communication interface according to the program. do it.
  • Registration phase> An operation example of the registration phase of the second embodiment will be described.
  • the distributed processing unit 810 of the client 800 divides the registration information into the first information and the second information, and provides the second information to the server 900. That is, the distributed processing unit 810 functions as a secret sharing processing unit.
  • the commitment generation unit 820 of the client 800 executes the first step of calculating the similarity between the registration information and the collation information based on the collation information input for collation with the registration information and the first information. do. That is, the commitment generation unit 820 functions as a first similarity calculation unit that executes the first similarity calculation process.
  • the commitment transmission unit 825 transmits the calculation result of the first step to the server 900. That is, the commitment transmission unit 825 functions as a first transmission unit.
  • the challenge generation unit 910 of the server 900 executes the second step of the similarity calculation based on the calculation result of the first step received from the client 800 and the second information. That is, the challenge generation unit 910 functions as a second similarity calculation unit that executes the second similarity calculation process.
  • the challenge transmission unit 915 transmits the calculation result of the second step to the client 800. That is, the challenge transmission unit 915 functions as a second transmission unit.
  • the response generation unit 835 of the client 800 executes the third step of the similarity calculation based on the calculation result of the second step received from the server 900 and the first information, and obtains the registration information and the collation information. Calculate the similarity of. That is, the response generation unit 835 functions as a third similarity calculation unit that executes the third similarity calculation process.
  • the client 800 and the server 900 of the second embodiment are the client 100 and the server 200 of the first embodiment, respectively.
  • the description of the first embodiment may also be applied to the second embodiment.
  • the second embodiment is not limited to this example.
  • the steps in the process described herein do not necessarily have to be performed in chronological order in the order described in the flowchart.
  • the steps in the process may be executed in a different order from the order described in the flowchart, or may be executed in parallel.
  • some of the steps in the process may be deleted, and additional steps may be added to the process.
  • a module) for one of the units) may be provided.
  • a method including the processing of the above components may be provided, and a program for causing the processor to execute the processing of the above components may be provided.
  • a non-transitory computer readable medium may be provided to the computer on which the program is recorded.
  • such devices, modules, methods, programs, and computer-readable non-temporary recording media are also included in the invention.
  • Appendix 1 It is a collation system equipped with a client terminal and a server device.
  • a secret sharing processing unit that divides registration information into first information and second information and provides the second information to the server device.
  • the first step of the similarity calculation between the registration information and the collation information is executed.
  • a second transmission unit that transmits the calculation result of the second step to the client terminal
  • the third step of the similarity calculation is executed based on the calculation result of the second step received from the server device and the first information, and the registration information and the collation information are obtained.
  • a third similarity calculation unit that calculates the similarity of A collation system characterized by being equipped with.
  • a secret sharing processing unit that divides the registration information into the first information and the second information, stores the first information, and provides the second information to the server device. Based on the collation information input for collation with the registration information and the first information, the first similarity degree for executing the first step of the similarity calculation between the registration information and the collation information.
  • a transmission unit that transmits the calculation result of the first step to the server device, Based on the calculation result of the second step of the similarity calculation based on the calculation result of the first step and the second information received from the server device, and the calculation result of the first step, the similarity calculation is performed.
  • a third similarity calculation unit that executes the third step and calculates the similarity between the registration information and the collation information, and the like.
  • a client terminal characterized by being equipped with.
  • (Appendix 11) It is a collation method in a collation system including a client terminal and a server device.
  • the client terminal divides the registration information into the first information and the second information, and provides the second information to the server device.
  • the first step of the similarity calculation between the registration information and the collation information is executed.
  • the client terminal transmits the calculation result of the first step to the server device.
  • the server device executes the second step of the similarity calculation based on the calculation result of the first step received from the client terminal and the second information.
  • the server device transmits the calculation result of the second step to the client terminal.
  • the third step of the similarity calculation is executed, and the registration information and the collation information are obtained.
  • a collation method characterized by calculating the similarity of.
  • a secret sharing process that divides the registration information into the first information and the second information, stores the first information, and provides the second information to the server device. Based on the collation information input for collation with the registration information and the first information, the first similarity degree for executing the first step of the similarity calculation between the registration information and the collation information.
  • Calculation processing and A transmission process for transmitting the calculation result of the first step to the server device, and Based on the calculation result of the second step of the similarity calculation based on the calculation result of the first step and the second information received from the server device, and the calculation result of the first step, the similarity calculation is performed.
  • a third similarity calculation process for executing the third step and calculating the similarity between the registration information and the collation information, A program for client terminals that causes a computer to execute.
  • the present invention is suitably applied to a collation system that authenticates using a client and a server.
  • Collation system 100 Client 110 Registration information input unit 120 Distributed processing unit 130 Storage unit 140 Random number generation unit 150 Collation information input unit 160 Commitment generation unit 165 Commitment transmission unit 170 Response generation unit 175 Response transmission unit 180 Output unit 200 Server 210 Storage unit 220 Random number generation unit 230 Challenge generation unit 235 Challenge transmission unit 240 Judgment unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Collating Specific Patterns (AREA)
PCT/JP2020/021262 2020-05-29 2020-05-29 照合システム、クライアント端末、サーバ装置、照合方法、およびプログラム Ceased WO2021240757A1 (ja)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US17/925,664 US12242644B2 (en) 2020-05-29 2020-05-29 Collation system, client terminal, server apparatus, collation method, and program
PCT/JP2020/021262 WO2021240757A1 (ja) 2020-05-29 2020-05-29 照合システム、クライアント端末、サーバ装置、照合方法、およびプログラム
JP2022527423A JP7428247B2 (ja) 2020-05-29 2020-05-29 照合システム、クライアント端末、サーバ装置、照合方法、およびプログラム
JP2024007191A JP7697547B2 (ja) 2020-05-29 2024-01-22 情報処理装置、照合方法、およびプログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2020/021262 WO2021240757A1 (ja) 2020-05-29 2020-05-29 照合システム、クライアント端末、サーバ装置、照合方法、およびプログラム

Publications (1)

Publication Number Publication Date
WO2021240757A1 true WO2021240757A1 (ja) 2021-12-02

Family

ID=78723235

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2020/021262 Ceased WO2021240757A1 (ja) 2020-05-29 2020-05-29 照合システム、クライアント端末、サーバ装置、照合方法、およびプログラム

Country Status (3)

Country Link
US (1) US12242644B2 (https=)
JP (2) JP7428247B2 (https=)
WO (1) WO2021240757A1 (https=)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7556219B2 (ja) * 2020-06-17 2024-09-26 オムロン株式会社 情報処理装置、許可判定方法、プログラム

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016071639A (ja) * 2014-09-30 2016-05-09 日本電信電話株式会社 監視情報共有システム、照合装置、監視装置及びプログラム

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004088591A1 (ja) 2003-03-31 2004-10-14 Fujitsu Limited 照合装置及び登録装置
JP4636809B2 (ja) * 2004-03-31 2011-02-23 富士通フロンテック株式会社 情報処理端末およびその情報安全保護方法
CN102598576B (zh) 2009-10-29 2014-09-17 三菱电机株式会社 数据处理装置
WO2016152130A1 (ja) 2015-03-23 2016-09-29 日本電気株式会社 情報処理システム、ノード、認証方法、及び、記録媒体
JP6763378B2 (ja) 2015-06-18 2020-09-30 日本電気株式会社 暗号情報作成装置、暗号情報作成方法、暗号情報作成プログラム、及び、照合システム
US10782964B2 (en) * 2017-06-29 2020-09-22 Red Hat, Inc. Measuring similarity of software components
US12143482B2 (en) * 2019-10-09 2024-11-12 Nec Corporation Information matching system and information matching method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016071639A (ja) * 2014-09-30 2016-05-09 日本電信電話株式会社 監視情報共有システム、照合装置、監視装置及びプログラム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TADA ET AL.: "Privacy-Preserving Recommendation Schemes Using a Secure Function Evaluation Based on a Secret Sharing", PROCEEDINGS OF THE 2011 SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY, 25 January 2011 (2011-01-25) *

Also Published As

Publication number Publication date
JP2024038452A (ja) 2024-03-19
US20230342489A1 (en) 2023-10-26
JPWO2021240757A1 (https=) 2021-12-02
US12242644B2 (en) 2025-03-04
JP7428247B2 (ja) 2024-02-06
JP7697547B2 (ja) 2025-06-24

Similar Documents

Publication Publication Date Title
CN112926092A (zh) 保护隐私的身份信息存储、身份认证方法及装置
JP4870155B2 (ja) プライバシーが強化された電子パスポートの認証プロトコル
US8195951B2 (en) Data processing system for providing authorization keys
US20070118758A1 (en) Processing device, helper data generating device, terminal device, authentication device and biometrics authentication system
EP2397961A2 (en) Registration method of biologic information, application method of using template and authentication method in biometric authentication
US11227037B2 (en) Computer system, verification method of confidential information, and computer
WO2014192086A1 (ja) 生体署名システム、署名検証方法、登録端末、署名生成端末および署名検証装置
EA035080B1 (ru) Система и способ для многофакторной аутентификации личности на основе блокчейна
JP7259868B2 (ja) システムおよびクライアント
WO2020121461A1 (ja) 照合システム、クライアントおよびサーバ
JP2013123142A (ja) 生体署名システム
JP7231023B2 (ja) 照合システム、クライアントおよびサーバ
CN119696800B (zh) 基于生物特征的数据签名方法、装置、计算机设备和介质
JP7060449B2 (ja) 生体認証システム、生体認証方法、及び生体認証プログラム
JPWO2020121458A1 (ja) 照合システム、クライアントおよびサーバ
Higo et al. Privacy-preserving fingerprint authentication resistant to hill-climbing attacks
JP7697547B2 (ja) 情報処理装置、照合方法、およびプログラム
JP7632477B2 (ja) 回復用検証システム、照合システム、回復用検証方法およびプログラム
JPWO2018100740A1 (ja) 暗号文照合システム及び暗号文照合方法
JP7235055B2 (ja) 認証システム、クライアントおよびサーバ
JP7641926B2 (ja) テンプレート管理システム及びテンプレート管理方法
JP7061083B2 (ja) 署名システム、署名方法及びプログラム
JP2023031772A (ja) 生体認証システム、生体認証サーバ、及び生体認証方法
JP7597118B2 (ja) 照合システム、照合方法、及び、照合プログラム
JP7320101B2 (ja) 計算機システム、サーバ、端末、プログラム、及び情報処理方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20937787

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2022527423

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20937787

Country of ref document: EP

Kind code of ref document: A1

WWG Wipo information: grant in national office

Ref document number: 17925664

Country of ref document: US