WO2022162884A1 - 生体認証システム、そのテンプレート更新方法、記録媒体、生体認証クライアント装置及び生体認証サーバ装置 - Google Patents
生体認証システム、そのテンプレート更新方法、記録媒体、生体認証クライアント装置及び生体認証サーバ装置 Download PDFInfo
- Publication number
- WO2022162884A1 WO2022162884A1 PCT/JP2021/003294 JP2021003294W WO2022162884A1 WO 2022162884 A1 WO2022162884 A1 WO 2022162884A1 JP 2021003294 W JP2021003294 W JP 2021003294W WO 2022162884 A1 WO2022162884 A1 WO 2022162884A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- template
- update
- verification key
- biometric authentication
- update value
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 46
- 238000012795 verification Methods 0.000 claims abstract description 142
- 238000012545 processing Methods 0.000 claims abstract description 52
- 230000006870 function Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 238000012937 correction Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 210000003462 vein Anatomy 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- the present invention relates to a biometric authentication system, a template update method, a recording medium, a biometric authentication client device, and a biometric authentication server device, and more particularly, to a biometric authentication information input by using a template, which is made anonymous, by using a verification key.
- the present invention relates to a biometric authentication system for judging validity of biometric information, a template updating method thereof, a recording medium, a biometric authentication client device, and a biometric authentication server device.
- biometric authentication uses individual biometric information.
- biometric information used for authentication is registered in advance. At this time, if the biometric information is stored as it is, it poses a great danger in terms of security. Therefore, this biometric information is saved as a template concealed using a concealment key at the time of registration.
- a technique of performing biometric authentication while concealing the pre-registered biometric information (template) is called concealed biometric authentication.
- this secret biometric authentication the validity of input biometric information is determined using a verification key at the time of authentication.
- Patent Document 1 An example of technology related to this secret biometric authentication is disclosed in Patent Document 1.
- the biometric authentication system described in Patent Document 1 encrypts a template generated based on biometric information input by a user and a template representing the biometric information of the user and records the encrypted template on a recording medium.
- a registration/authentication server is provided for comparing a template generated by decrypting a template and authenticating a user based on the comparison result, and when the user is successfully authenticated by the registration/authentication server, the information is recorded in the recording medium.
- the encrypted template is replaced with an encrypted template using a different encryption key and recorded.
- the template is leaked in the biometric authentication system, there is a security risk if the template is not updated.
- One of the methods for updating this template is to input the biometric information again to create a new template. However, in order to create a new template, it is necessary to request the user to re-register the biometric information.
- One aspect of the biometric authentication system includes: an update value generation unit that generates an update value; a first update processing unit that updates a template generated from biometric information using the update value; a second update processing unit that updates, using the update value, a verification key that is generated together with the template from the information.
- One aspect of the template updating method includes a template storage unit storing a template used for anonymizing biometric information; a verification key storage unit storing a verification key used for verifying the anonymized biometric information; and generating an update value in the biometric system, using the update value to update the template, and using the update value to update the verification key.
- One aspect of the template update program includes a template storage unit storing a template used for anonymizing biometric information, a verification key storage unit storing a verification key used for verifying the anonymized biometric information,
- a computer-readable recording medium recording a template update program to be executed in a biometric authentication system, comprising: an arithmetic unit that executes a program, wherein the template update program generates update values in the biometric authentication system.
- An update value generation process, a template update process of updating the template using the update value, and a verification key update process of updating the verification key using the update value are performed.
- One aspect of the biometric authentication client device includes an update value generation unit that generates a new value, and a template update processing unit that updates a template generated from biometric information using the update value. and the update value generation unit transmits the update value to a biometric authentication server device having a verification key generated together with the template from the biometric information.
- One aspect of the biometric authentication server device includes an update value generation unit that generates an update value, and a verification key that is used to verify the validity of confidential authentication information that is made anonymous by a template that is generated from biometric information. a verification key update processing unit that updates using the update value, wherein the update value generation unit transmits the update value to the biometric authentication client device having the template.
- biometric authentication system its template update method, template update program, biometric authentication client device, and biometric authentication server device according to the present invention, templates in the biometric authentication system can be easily updated.
- FIG. 1 is a block diagram of a biometric authentication system according to Embodiment 1;
- FIG. 7 is a flowchart for explaining the flow of template update processing in the biometric authentication system according to the first embodiment;
- 2 is a block diagram of a biometric authentication system according to a second embodiment;
- FIG. 9 is a flow chart for explaining the flow of template update processing in the biometric authentication system according to the second embodiment;
- FIG. 11 is a block diagram of a biometric authentication system according to a third embodiment;
- FIG. It is a block diagram explaining an example of hardware constitutions of a biometrics system concerning an embodiment.
- Non-transitory computer-readable media include various types of tangible storage media.
- Examples of non-transitory computer-readable media include magnetic recording media (e.g., flexible discs, magnetic tapes, hard disk drives), magneto-optical recording media (e.g., magneto-optical discs), CD-ROMs (Read Only Memory), CD-Rs, CD-R/W, semiconductor memory (eg mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM (Random Access Memory)).
- the program may also be delivered to the computer by various types of transitory computer readable media. Examples of transitory computer-readable media include electrical signals, optical signals, and electromagnetic waves. Transitory computer-readable media can deliver the program to the computer via wired channels, such as wires and optical fibers, or wireless channels.
- biometric authentication system an example will be described in which two devices, a biometric authentication server and a biometric authentication client with which the user contacts, are provided separately.
- the function of the biometric authentication server and the function of the biometric authentication client may be implemented as one device.
- FIG. 1 shows a block diagram of a biometric authentication system 1 according to the first embodiment.
- the biometric authentication system 1 according to the first embodiment has a biometric authentication client 10 and a biometric authentication server 20 .
- the biometric authentication client 10 and the biometric authentication server 20 are connected by a network so that they can transmit and receive data to each other.
- the biometric authentication system 1 uses biometric authentication using biometric information such as the user's fingerprint, vein, iris, etc. as a basic function to determine whether the user is a registered user. Perform biometric authentication processing to determine.
- the biometric authentication system 1 according to the first embodiment has a function of updating templates used for biometric authentication processing.
- FIG. 1 shows only the main blocks related to one of the features of the biometric authentication client 10 and the biometric authentication server 20, namely updating of templates and verification keys. In other words, the biometric authentication client 10 and the biometric authentication server 20 also have other blocks (not shown).
- the biometric authentication client 10 has a first update processing unit (for example, the template update unit 11) and an update value generation unit 30.
- the biometric authentication server 20 has a second update processing unit (for example, verification key update unit 21).
- the update value generator 30 generates an update value UD.
- the template update unit 11 updates the template generated from the biometric information using the update value UD.
- the template is information that is anonymized by applying a predetermined rule to biometric information in the biometric authentication client 10 . Templates are held in a template storage unit (not shown), and the template updating unit 11 updates and overwrites the templates stored in the template storage unit.
- the verification key update unit 21 updates the verification key generated together with the template from the biometric information using the update value UD.
- the update key is obtained by, for example, subjecting the template to anonymization processing using random numbers.
- a verification key is held in a verification key storage unit (not shown), and a verification key updating unit 21 updates and overwrites the verification key stored in the verification key storage unit.
- FIG. 2 shows a flowchart for explaining the flow of template update processing in the biometric authentication system according to the first embodiment.
- the verification key is also updated in accordance with the update of the template.
- FIG. 2 shows an example in which the template and the verification key are updated with the update value UD.
- the update value UD is generated by the update value generator 30 (step S1). Subsequently, the update value generator 30 transmits the update value UD to the biometric authentication server 20 (step S2). Then, the template using the update value UD is updated by the template updating unit 11 (step S3). Further, the verification key is updated using the update value UD by the verification key updating unit 21 (step S4).
- the biometric information is the biometric feature amount vector represented by the formula (1)
- the template is the one represented by the formula (2)
- the verification key is the one represented by the formula (3).
- n is the number of vector elements of biometric information
- i is an integer greater than 0 and smaller than n indicating the number of vector elements
- t is a preset coefficient
- R is a random number.
- g is a generator of a group G whose order is a sufficiently large prime number q. Note that temp1[i] and temp2[i] in the template are represented by equations (4) and (5).
- the update value generation unit 30 generates the random number Ra'' as the correction value UD. Then, the template update unit 11 applies the update value UD to the template (6 ) and (7) to calculate the updated template of the formula (8), and the template update unit 11 overwrites the template of the template storage unit with the template of the formula (8).
- the random number Ra" is received as the update value UD, and the verification key updating unit 21 uses the formulas (9) to (11) to express the formula (12). Calculates the updated verification key.
- the template and the verification key are updated using the correction value UD generated by the update value generation unit 30, thereby generating a new template without using biometric information. can be generated.
- the verification key is updated using the correction value UD at the same time as the template.
- the update value UD is generated by the update value generator 30 in the system, so there is little risk of the information used in the update process being leaked to the outside. Further, since the update value UD is a random number, it is difficult to generate the same update value, so the biometric authentication system 1 can maintain high security.
- FIG. 3 shows a block diagram of the biometric authentication system according to the second embodiment.
- an update value generator 30 is provided on the biometric authentication server 20 side.
- FIG. 4 shows a flowchart for explaining the flow of template update processing in the biometric authentication system 2 according to the second embodiment.
- the update value generator 30 generates an update value UD (step S11).
- the update value generator 30 transmits the update value UD to the biometric authentication client 10 (step S12).
- the template update unit 11 updates the template using the update value UD (step S13).
- the verification key is updated using the update value UD by the verification key updating unit 21 (step S14).
- the verification key update unit 21 uses equations (13) to (15) to calculate equation (16) Calculates the updated verification key indicated by .
- the update value generator 30 passes the update value UD represented by the formula (17) to the template updater 11 . Then, the template updating unit 11 calculates the updated template represented by the formula (20) using the formulas (18) and (19).
- the update value generation unit 30 may belong to either the biometric authentication client 10 or the biometric authentication server 20, and the update value generation unit 30 generates the update value UD to facilitate updating of the template. can go to
- the random number generated as the update value UD can be arbitrarily set according to the specifications of the biometric authentication system. Also, the calculation load can be adjusted depending on what value is used as the update value UD.
- Embodiment 3 The biometric authentication system according to the third embodiment describes an example of a more detailed configuration of the biometric authentication systems 1 and 2 described in the first and second embodiments.
- FIG. 5 shows a block diagram of a biometric authentication system according to the third embodiment.
- the biometric authentication client 10 has a template updating unit 11 and a secret authentication information generating unit 12.
- the biometric authentication server 20 has a verification key updating unit 21 and a secret authentication information verifying unit 22 .
- FIG. 5 shows the update value generator 30 and the registration information concealer 40 .
- the update value generation unit 30 and the registration information concealment unit 40 may be arranged in the device in either the biometric authentication client 10 or the biometric authentication server 20, and may be installed as a device different from the biometric authentication client 10 and the biometric authentication server 20. It may be provided independently.
- the template update unit 11 updates the template generated from the biometric information used for personal authentication using the update value UD.
- the template updating unit 11 has an update value receiving unit 111 and a template update processing unit 112 .
- the update value reception unit 111 is an interface circuit that receives the update value UD from the update value generation unit 30 and transfers it to the template update processing unit 112 .
- the template update processing unit 112 updates the template stored in the template update processing unit 112 in the confidential authentication information generation unit 12 .
- the template update processing unit 112 updates the template using, for example, formulas (6) and (7), or formulas (18) and (19).
- the confidential authentication information generation unit 12 anonymizes the biometric information obtained from the user to generate confidential authentication information used for authentication.
- the secret authentication information generation unit 12 has a template reception unit 121 , a template storage unit 122 , a secret authentication information generation processing unit 123 , an input unit 124 and an output unit 125 .
- Template reception section 121 receives the template generated by registration information concealment section 40 and stores it in template storage section 122 .
- the template storage unit 122 is a storage unit that stores templates.
- the concealed authentication information generation processing unit 123 conceals the biometric information given from the input unit 124 using the template stored in the template storage unit 122 and the challenge value transmitted from the biometric authentication server 20, and conceals the biometric information. Generate credentials.
- the input unit 124 is an input device such as a scanner or a camera that acquires biometric information such as a user's fingerprint.
- the output unit 125 outputs an authentication result to a functional unit (not shown) in the biometric authentication client 10 based on the determination result of the biometric information by the biometric authentication server 20 . Based on the authentication result, the biometric authentication client 10 performs a process of releasing the restricted functions such as releasing the function lock state and unlocking the gate.
- the biometric authentication server 20 uses confidential authentication information given from the biometric authentication client 10 to authenticate whether or not the biometric information acquired by the biometric authentication client 10 can be determined to be valid with respect to the registered biometric information. process.
- the biometric authentication server 20 has a verification key updating unit 21 and a secret authentication information verifying unit 22 .
- the verification key update unit 21 has an update value reception unit 211 and a verification key update processing unit 212 .
- the update value reception unit 211 is an interface circuit that receives the update value UD from the update value generation unit 30 and passes it to the verification key update processing unit 212 .
- the verification key update processing section 212 updates the verification key stored in the verification key storage section 222 in the secret authentication information verification section 22 .
- the verification key update processing unit 212 updates the verification key using, for example, formulas (9) to (11) or formulas (13) to (15).
- the secret authentication information verification unit 22 has a verification key reception unit 221, a verification key storage unit 222, a challenge generation unit 223, a determination unit 224, and an acceptance range storage unit 225.
- the verification key reception unit 221 receives the verification key generated by the registration information concealment unit 40 and stores it in the verification key storage unit 222 .
- the verification key storage unit 222 is a storage unit that stores verification keys.
- the challenge generation unit 223 generates a challenge value using the verification key stored in the verification key storage unit 222 and gives it to the biometric authentication client 10 and the determination unit 224 .
- the determination unit 224 decrypts the confidential authentication information given from the biometric authentication client 10 using the challenge value and the verification key, refers to the acceptance range stored in the acceptance range storage unit 225 for the decryption result, and inputs the input unit 124 It is determined whether or not the biometric information acquired by is acceptable. Then, the determination section 224 outputs the determination result to the output section 125 .
- the acceptance range storage unit 225 is a storage unit that stores information indicating the acceptance range.
- the acceptance range is information indicating a range determined to be acceptable for fluctuations in one piece of biometric information.
- the update value generator 30 generates an update value UD.
- the update value generator 30 has a random number generator 31 and an update value transmitter 32 .
- the random number generator 31 generates a random number that becomes the update value UD.
- the update value transmission unit 32 transmits the random number generated by the random number generation unit 31 to the template update unit 11 and the verification key update unit 21 as the update value UD.
- the registration information secrecy unit 40 performs registration processing of the user's biometric information in the biometric authentication system.
- the registration information concealment unit 40 has an input unit 41 , anonymization unit 42 , random number generation unit 43 , and verification key generation unit 44 .
- the input unit 41 may be the same device as the input unit 124 when the registration information concealment unit 40 is incorporated in the biometric authentication client 10, for example.
- the input unit 41 is a device that acquires user's biometric information.
- the anonymization unit 42 anonymizes the biometric information acquired by the input unit 41 based on a predetermined rule to generate a template.
- the template generated by the anonymization section 42 is stored in the template storage section 122 via the template reception section 121 .
- the random number generator 43 generates random numbers.
- the verification key generation unit 44 generates a verification key by applying the random number generated by the random number generation unit 43 to the template generated by the anonymization unit 42 .
- the verification key generated by the verification key generation section 44 is stored in the verification key storage section 222 via the verification key reception section 221 .
- processing blocks for realizing the authentication function of the biometric authentication system other than the template updating process have been described.
- the processing blocks described in the third embodiment are part of the functions implemented in the biometric authentication system, and the biometric authentication system may have other processing functions.
- Embodiment 4 describes a hardware configuration for realizing a biometric authentication system.
- FIG. 6 shows a block diagram for explaining an example of the hardware configuration of the biometric authentication system according to the embodiment.
- the example shown in FIG. 6 is an example of the hardware configuration, and does not exclude other hardware configurations that implement the biometric authentication system 1 .
- the biometric authentication system has one biometric authentication server 20 and multiple biometric authentication clients 10 (for example, biometric authentication clients 10a to 10e). Also, in the example shown in FIG. 6, the biometric authentication server 20 and the biometric authentication clients 10a to 10e are connected to each other via a network so as to be able to communicate with each other.
- biometric authentication clients 10a to 10e can be configured with the same hardware configuration, the hardware configuration of the biometric authentication clients 10a to 10e will be described using the biometric authentication client 10a as an example.
- the biometric authentication client 10a has a first computing unit (eg, computing unit 100), a memory 101, an input unit 102, and a communication interface 103.
- the computing unit 100 executes a program that implements a biometric authentication system.
- This program includes a template update processing program that implements the template update unit 11 that updates the template, and a part of the biometric authentication program that implements the functions of the secret authentication information generation unit 12 .
- a memory 101 is a storage unit that stores a template update processing program and a biometric authentication program. Also, the memory 101 is a storage unit that serves as a template storage unit 122 .
- the input unit 102 is hardware that implements the input unit 124, and is a scanner or a camera that acquires biometric information such as a fingerprint.
- the communication interface 103 is an interface circuit for the computing unit 100 to communicate with the biometric authentication server 20 .
- the biometric authentication server 20 has a second computing unit (eg, computing unit 200), a memory 201, and a communication interface 202.
- the computing unit 200 executes a program that implements a biometric authentication system. This program includes a verification key update program that implements the verification key update unit 21 and a part of the biometric authentication program that implements the functions of the secret authentication information verification unit 22 .
- a memory 201 is a storage unit that stores a verification key update program and a biometric authentication program.
- the memory 201 is a storage unit serving as a verification key storage unit 222 and an acceptance range storage unit 225.
- the communication interface 202 is an interface circuit for the computing unit 200 to communicate with the biometric authentication clients 10a to 10e.
- a biometric authentication system can be implemented by executing a program on a device that has the same hardware configuration as a computer.
- the biometric authentication system can also be configured using dedicated hardware that implements the functions described above.
- (Appendix 1) an update value generator that generates an update value; a first update processing unit that updates a template generated from biometric information using the update value; a second update processing unit that uses the update value to update a verification key generated together with the template from the biometric information;
- a biometric authentication system having (Appendix 2) a confidential information generating unit that generates an initial value of the template and the verification key from the biometric information; a template storage unit that stores the template; a verification key storage unit that stores the verification key;
- the biometric authentication system according to appendix 1, comprising: (Appendix 3)
- the first update processing unit updates the template by multiplying a value included in the template stored in the template storage unit by the update value
- the biometric authentication system according to appendix 2 wherein the second update processing unit updates the verification key by multiplying the value included in the verification key stored in the verification key storage unit by the update value.
- (Appendix 4) The biometric authentication system according to any one of Appendices 1 to 3, wherein the update value generation unit has a random number generation unit, and the update value is a random number generated by the random number generation unit.
- (Appendix 5) a hidden authentication information generation device that anonymizes the newly input biometric information using the template to generate hidden authentication information; a secret authentication information verification device that applies the verification key to the secret authentication information and determines whether or not the newly input biometric information is acceptable; 5.
- the biometric authentication system according to any one of appendices 1 to 4, further comprising: (Appendix 6) A template updating method for a biometric authentication system having a template storage unit for storing a template used for anonymizing biometric information, and a verification key storage unit for storing a verification key used for verifying the anonymized biometric information, , generating an update value within the biometric system; updating the template with the updated value; A template update method for updating the verification key using the update value. (Appendix 7) updating the template by multiplying a value contained in the template by the updated value; The template update method according to appendix 6, wherein the verification key is updated by multiplying the value included in the verification key by the update value. (Appendix 8) 8.
- the template updating method according to appendix 6 or 7, wherein the update value is generated using a random number generated within the biometric authentication system.
- Appendix 9 9. The template according to any one of appendices 6 to 8, wherein the update value is generated by either a biometric authentication client device provided with the template storage unit or a biometric authentication server device provided with the verification key. How to update. (Appendix 10) generating anonymous authentication information by anonymizing the newly input biometric information using the template; 10.
- the template updating method according to any one of appendices 6 to 9, wherein the verification key is applied to the secret authentication information to determine whether or not the newly input biometric information is acceptable.
- Biometrics authentication comprising a template storage unit storing a template used for anonymizing biometric information, a verification key storage unit storing a verification key used for verifying the anonymized biometric information, and a computing unit executing a program
- a computer-readable recording medium recording a template update program to be executed in a system
- the template update program is an update value generation process for generating an update value within the biometric authentication system; a template update process for updating the template using the update value; a verification key update process for updating the verification key using the update value;
- Appendix 13 13.
- the template update process is performed by a program executed by a first calculation unit in the biometric authentication client device provided with the template storage unit
- the verification key update process is performed by a program executed by a second computing unit provided in the biometric authentication server device provided with the verification key, 14.
- the template update program according to any one of Appendices 11 to 13, wherein the update value generation processing is performed by a program executed by either the first calculation unit or the second calculation unit is recorded.
- Computer-readable recording medium (Appendix 15) a hidden authentication information generation program for generating hidden authentication information by anonymizing the newly input biometric information using the template; 15. Any one of appendices 11 to 14, further comprising a determination program that applies the verification key to the confidential authentication information and determines whether the newly input biometric information is acceptable.
- a computer-readable recording medium recording the template update program described in .
Abstract
Description
図1に実施の形態1にかかる生体認証システム1のブロック図を示す。図1に示すように、実施の形態1にかかる生体認証システム1は、生体認証クライアント10、生体認証サーバ20を有する。生体認証クライアント10と生体認証サーバ20はネットワークにより相互にデータの送受信が可能なように接続される。
実施の形態2では、実施の形態1にかかる生体認証システム1の別の形態となる生体認証システム2について説明する。そこで、図3に実施の形態2にかかる生体認証システムのブロック図を示す。図3に示すように、実施の形態2にかかる生体認証システム2では、更新値生成部30が生体認証サーバ20側に設けられる。
実施の形態3にかかる生体認証システムは、実施の形態1、2で説明した生体認証システム1、2のより詳細な構成の一例を説明するものである。そこで、図5に実施の形態3にかかる生体認証システムのブロック図を示す。
実施の形態4では、生体認証システムを実現するハードウェア構成について説明する。そこで、図6に実施の形態にかかる生体認証システムのハードウェア構成の一例を説明するブロック図を示す。図6に示す例は、ハードウェア構成の一例であり、生体認証システム1を実現する他のハードウェア構成を除外するものではない。
更新値を生成する更新値生成部と、
生体情報から生成されるテンプレートを、前記更新値を用いて更新する第1の更新処理部と、
前記生体情報から前記テンプレートとともに生成される検証鍵を、前記更新値を用いて更新する第2の更新処理部と、
を有する生体認証システム。
(付記2)
前記生体情報から前記テンプレートと前記検証鍵の初期値を生成する秘匿情報生成部と、
前記テンプレートを格納するテンプレート格納部と、
前記検証鍵を格納する検証鍵格納部と、
を有する付記1に記載の生体認証システム。
(付記3)
前記第1の更新処理部は、前記テンプレート格納部に格納された前記テンプレートに含まれる値に前記更新値を乗算することで前記テンプレートを更新し、
前記第2の更新処理部は、検証鍵格納部に格納された前記検証鍵に含まれる値に前記更新値を乗算することで前記検証鍵を更新する付記2に記載の生体認証システム。
(付記4)
前記更新値生成部は、乱数生成部を有し、当該乱数生成部により生成された乱数を前記更新値とする付記1乃至3のいずれか1項に記載の生体認証システム。
(付記5)
新たに入力される前記生体情報を前記テンプレートを用いて秘匿化して秘匿認証情報を生成する秘匿認証情報生成装置と、
前記秘匿認証情報に前記検証鍵を適用して、新たに入力された前記生体情報が受理可能なものであるか否かを判定する秘匿認証情報検証装置と、
をさらに有する付記1乃至4のいずれか1項に記載の生体認証システム。
(付記6)
生体情報の秘匿化に用いるテンプレートを格納するテンプレート格納部と、秘匿化された前記生体情報の検証に用いる検証鍵を格納する検証鍵格納部と、を有する生体認証システムのテンプレート更新方法であって、
更新値を前記生体認証システム内で生成し、
前記更新値を用いて前記テンプレートを更新し、
前記更新値を用いて前記検証鍵を更新するテンプレート更新方法。
(付記7)
前記テンプレートに含まれる値に前記更新値を乗算することで前記テンプレートを更新し、
前記検証鍵に含まれる値に前記更新値を乗算することで前記検証鍵を更新する付記6に記載のテンプレート更新方法。
(付記8)
前記生体認証システム内で生成される乱数を用いて前記更新値を生成する付記6又は7に記載のテンプレート更新方法。
(付記9)
前記更新値は、前記テンプレート格納部が設けられる生体認証クライアント装置と、前記検証鍵が設けられる生体認証サーバ装置とのいずれか一方で生成される付記6乃至8のいずれか1項に記載のテンプレート更新方法。
(付記10)
新たに入力される前記生体情報を前記テンプレートを用いて秘匿化して秘匿認証情報を生成し、
前記秘匿認証情報に前記検証鍵を適用して、新たに入力された前記生体情報が受理可能なものであるか否かを判定する付記6乃至9のいずれか1項に記載のテンプレート更新方法。
(付記11)
生体情報の秘匿化に用いるテンプレートを格納するテンプレート格納部と、秘匿化された前記生体情報の検証に用いる検証鍵を格納する検証鍵格納部と、プログラムを実行する演算部と、を有する生体認証システムで実行されるテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体であって、
前記テンプレート更新プログラムは、
更新値を前記生体認証システム内で生成する更新値生成処理と、
前記更新値を用いて前記テンプレートを更新するテンプレート更新処理と、
前記更新値を用いて前記検証鍵を更新する検証鍵更新処理と、
を行うテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。
(付記12)
前記テンプレート更新処理では、前記テンプレートに含まれる値に前記更新値を乗算することで前記テンプレートを更新し、
前記検証鍵更新処理では、前記検証鍵に含まれる値に前記更新値を乗算することで前記検証鍵を更新する付記11に記載のテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。
(付記13)
前記更新値生成処理では、前記生体認証システム内で生成される乱数を用いて前記更新値を生成する付記11又は12に記載のテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。
(付記14)
前記テンプレート更新処理は、前記テンプレート格納部が設けられる生体認証クライアント装置内の第1の演算部で実行されるプログラムにより行われ、
前記検証鍵更新処理は、前記検証鍵が設けられる生体認証サーバ装置に設けられる第2の演算部で実行されプログラムにより行われ、
前記更新値生成処理は、前記第1の演算部と前記第2の演算部のいずれか一方で実行されるプログラムにより行われる付記11乃至13のいずれか1項に記載のテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。
(付記15)
新たに入力される前記生体情報を前記テンプレートを用いて秘匿化して秘匿認証情報を生成する秘匿認証情報生成プログラムと、
前記秘匿認証情報に前記検証鍵を適用して、新たに入力された前記生体情報が受理可能なものであるか否かを判定する判定プログラムと、をさらに有する付記11乃至14のいずれか1項に記載のテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。
(付記16)
更新値を生成する更新値生成部と、
生体情報から生成されるテンプレートを、前記更新値を用いて更新するテンプレート更新処理部と、を有し、
前記更新値生成部は、前記生体情報から前記テンプレートとともに生成される検証鍵を有する生体認証サーバ装置に前記更新値を送信する生体認証クライアント装置。
(付記17)
更新値を生成する更新値生成部と、
生体情報から生成されるテンプレートにより秘匿化された秘匿認証情報の正当性の検証に用いる検証鍵を前記更新値を用いて更新する検証鍵更新処理部と、を有し、
前記更新値生成部は、前記テンプレートを有する生体認証クライアント装置に前記更新値を送信する生体認証サーバ装置。
2 生体認証システム
10 生体認証クライアント
11 テンプレート更新部
12 秘匿認証情報生成部
20 生体認証サーバ
21 検証鍵更新部
22 秘匿認証情報検証部
30 更新値生成部
31 乱数生成部
32 更新値送信部
40 登録情報秘匿部
41 入力部
42 秘匿化部
43 乱数生成部
44 検証鍵生成部
111 更新値受信部
112 テンプレート更新処理部
121 テンプレート受信部
122 テンプレート格納部
123 秘匿認証情報生成処理部
124 入力部
125 出力部
211 更新値受信部
212 検証鍵更新処理部
221 検証鍵受信部
222 検証鍵格納部
223 チャレンジ生成部
224 判定部
225 受理範囲記憶部
100 演算部
101 メモリ
102 入力部
103 通信インタフェース
200 演算部
201 メモリ
202 通信インタフェース
UD 更新値
Claims (17)
- 更新値を生成する更新値生成部と、
生体情報から生成されるテンプレートを、前記更新値を用いて更新する第1の更新処理部と、
前記生体情報から前記テンプレートとともに生成される検証鍵を、前記更新値を用いて更新する第2の更新処理部と、
を有する生体認証システム。 - 前記生体情報から前記テンプレートと前記検証鍵の初期値を生成する秘匿情報生成部と、
前記テンプレートを格納するテンプレート格納部と、
前記検証鍵を格納する検証鍵格納部と、
を有する請求項1に記載の生体認証システム。 - 前記第1の更新処理部は、前記テンプレート格納部に格納された前記テンプレートに含まれる値に前記更新値を乗算することで前記テンプレートを更新し、
前記第2の更新処理部は、検証鍵格納部に格納された前記検証鍵に含まれる値に前記更新値を乗算することで前記検証鍵を更新する請求項2に記載の生体認証システム。 - 前記更新値生成部は、乱数生成部を有し、当該乱数生成部により生成された乱数を前記更新値とする請求項1乃至3のいずれか1項に記載の生体認証システム。
- 新たに入力される前記生体情報を前記テンプレートを用いて秘匿化して秘匿認証情報を生成する秘匿認証情報生成装置と、
前記秘匿認証情報に前記検証鍵を適用して、新たに入力された前記生体情報が受理可能なものであるか否かを判定する秘匿認証情報検証装置と、
をさらに有する請求項1乃至4のいずれか1項に記載の生体認証システム。 - 生体情報の秘匿化に用いるテンプレートを格納するテンプレート格納部と、秘匿化された前記生体情報の検証に用いる検証鍵を格納する検証鍵格納部と、を有する生体認証システムのテンプレート更新方法であって、
更新値を前記生体認証システム内で生成し、
前記更新値を用いて前記テンプレートを更新し、
前記更新値を用いて前記検証鍵を更新するテンプレート更新方法。 - 前記テンプレートに含まれる値に前記更新値を乗算することで前記テンプレートを更新し、
前記検証鍵に含まれる値に前記更新値を乗算することで前記検証鍵を更新する請求項6に記載のテンプレート更新方法。 - 前記生体認証システム内で生成される乱数を用いて前記更新値を生成する請求項6又は7に記載のテンプレート更新方法。
- 前記更新値は、前記テンプレート格納部が設けられる生体認証クライアント装置と、前記検証鍵が設けられる生体認証サーバ装置とのいずれか一方で生成される請求項6乃至8のいずれか1項に記載のテンプレート更新方法。
- 新たに入力される前記生体情報を前記テンプレートを用いて秘匿化して秘匿認証情報を生成し、
前記秘匿認証情報に前記検証鍵を適用して、新たに入力された前記生体情報が受理可能なものであるか否かを判定する請求項6乃至9のいずれか1項に記載のテンプレート更新方法。 - 生体情報の秘匿化に用いるテンプレートを格納するテンプレート格納部と、秘匿化された前記生体情報の検証に用いる検証鍵を格納する検証鍵格納部と、プログラムを実行する演算部と、を有する生体認証システムで実行されるテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体であって、
前記テンプレート更新プログラムは、
更新値を前記生体認証システム内で生成する更新値生成処理と、
前記更新値を用いて前記テンプレートを更新するテンプレート更新処理と、
前記更新値を用いて前記検証鍵を更新する検証鍵更新処理と、
を行うテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。 - 前記テンプレート更新処理では、前記テンプレートに含まれる値に前記更新値を乗算することで前記テンプレートを更新し、
前記検証鍵更新処理では、前記検証鍵に含まれる値に前記更新値を乗算することで前記検証鍵を更新する請求項11に記載のテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。 - 前記更新値生成処理では、前記生体認証システム内で生成される乱数を用いて前記更新値を生成する請求項11又は12に記載のテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。
- 前記テンプレート更新処理は、前記テンプレート格納部が設けられる生体認証クライアント装置内の第1の演算部で実行されるプログラムにより行われ、
前記検証鍵更新処理は、前記検証鍵が設けられる生体認証サーバ装置に設けられる第2の演算部で実行されプログラムにより行われ、
前記更新値生成処理は、前記第1の演算部と前記第2の演算部のいずれか一方で実行されるプログラムにより行われる請求項11乃至13のいずれか1項に記載のテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。 - 新たに入力される前記生体情報を前記テンプレートを用いて秘匿化して秘匿認証情報を生成する秘匿認証情報生成プログラムと、
前記秘匿認証情報に前記検証鍵を適用して、新たに入力された前記生体情報が受理可能なものであるか否かを判定する判定プログラムと、をさらに有する請求項11乃至14のいずれか1項に記載のテンプレート更新プログラムを記録したコンピュータ読み取り可能な記録媒体。 - 更新値を生成する更新値生成部と、
生体情報から生成されるテンプレートを、前記更新値を用いて更新するテンプレート更新処理部と、を有し、
前記更新値生成部は、前記生体情報から前記テンプレートとともに生成される検証鍵を有する生体認証サーバ装置に前記更新値を送信する生体認証クライアント装置。 - 更新値を生成する更新値生成部と、
生体情報から生成されるテンプレートにより秘匿化された秘匿認証情報の正当性の検証に用いる検証鍵を前記更新値を用いて更新する検証鍵更新処理部と、を有し、
前記更新値生成部は、前記テンプレートを有する生体認証クライアント装置に前記更新値を送信する生体認証サーバ装置。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2022577957A JPWO2022162884A5 (ja) | 2021-01-29 | 生体認証システム、そのテンプレート更新方法、テンプレート更新プログラム、生体認証クライアント装置及び生体認証サーバ装置 | |
PCT/JP2021/003294 WO2022162884A1 (ja) | 2021-01-29 | 2021-01-29 | 生体認証システム、そのテンプレート更新方法、記録媒体、生体認証クライアント装置及び生体認証サーバ装置 |
US18/274,667 US20240104182A1 (en) | 2021-01-29 | 2021-01-29 | Biometric authentication system, template updating method therefor, storage medium, biometric authentication client device, and biometric authentication server device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2021/003294 WO2022162884A1 (ja) | 2021-01-29 | 2021-01-29 | 生体認証システム、そのテンプレート更新方法、記録媒体、生体認証クライアント装置及び生体認証サーバ装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022162884A1 true WO2022162884A1 (ja) | 2022-08-04 |
Family
ID=82652792
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2021/003294 WO2022162884A1 (ja) | 2021-01-29 | 2021-01-29 | 生体認証システム、そのテンプレート更新方法、記録媒体、生体認証クライアント装置及び生体認証サーバ装置 |
Country Status (2)
Country | Link |
---|---|
US (1) | US20240104182A1 (ja) |
WO (1) | WO2022162884A1 (ja) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013080320A1 (ja) * | 2011-11-30 | 2013-06-06 | 三菱電機株式会社 | データ処理装置及びデータ処理方法及びプログラム |
JP2018207433A (ja) * | 2017-06-09 | 2018-12-27 | 株式会社日立製作所 | 計算機システム、秘密情報の検証方法、及び計算機 |
JP2019102979A (ja) * | 2017-12-01 | 2019-06-24 | ソラミツ株式会社 | 生体情報を利用した個人識別に基づく取引に関する方法 |
US20200127824A1 (en) * | 2018-02-13 | 2020-04-23 | Fingerprint Cards Ab | Updating biometric template protection keys |
WO2020245939A1 (ja) * | 2019-06-05 | 2020-12-10 | 日本電気株式会社 | 照合システム、クライアントおよびサーバ |
-
2021
- 2021-01-29 WO PCT/JP2021/003294 patent/WO2022162884A1/ja active Application Filing
- 2021-01-29 US US18/274,667 patent/US20240104182A1/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013080320A1 (ja) * | 2011-11-30 | 2013-06-06 | 三菱電機株式会社 | データ処理装置及びデータ処理方法及びプログラム |
JP2018207433A (ja) * | 2017-06-09 | 2018-12-27 | 株式会社日立製作所 | 計算機システム、秘密情報の検証方法、及び計算機 |
JP2019102979A (ja) * | 2017-12-01 | 2019-06-24 | ソラミツ株式会社 | 生体情報を利用した個人識別に基づく取引に関する方法 |
US20200127824A1 (en) * | 2018-02-13 | 2020-04-23 | Fingerprint Cards Ab | Updating biometric template protection keys |
WO2020245939A1 (ja) * | 2019-06-05 | 2020-12-10 | 日本電気株式会社 | 照合システム、クライアントおよびサーバ |
Also Published As
Publication number | Publication date |
---|---|
US20240104182A1 (en) | 2024-03-28 |
JPWO2022162884A1 (ja) | 2022-08-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220191012A1 (en) | Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System | |
CN107925581B (zh) | 生物体认证系统以及认证服务器 | |
US10523441B2 (en) | Authentication of access request of a device and protecting confidential information | |
CA2341784C (en) | Method to deploy a pki transaction in a web browser | |
US10797879B2 (en) | Methods and systems to facilitate authentication of a user | |
US20180183586A1 (en) | Assigning user identity awareness to a cryptographic key | |
US9384338B2 (en) | Architectures for privacy protection of biometric templates | |
KR101863953B1 (ko) | 전자 서명 서비스 시스템 및 방법 | |
AU2016287728A1 (en) | Confidential authentication and provisioning | |
US9992190B2 (en) | Multi-party secure authentication system, authentication server, intermediate server, multi-party secure authentication method, and program | |
US20130088327A1 (en) | Template delivery type cancelable biometric authentication system and method therefor | |
US20120294445A1 (en) | Credential storage structure with encrypted password | |
CN108475309B (zh) | 用于生物特征协议标准的系统和方法 | |
US10867056B2 (en) | Method and system for data protection | |
US20210392003A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
KR102035249B1 (ko) | 생체 정보를 이용한 암호화 키 생성 장치 및 방법 | |
CN111740995B (zh) | 一种授权认证方法及相关装置 | |
US11868457B2 (en) | Device and method for authenticating user and obtaining user signature using user's biometrics | |
WO2022162884A1 (ja) | 生体認証システム、そのテンプレート更新方法、記録媒体、生体認証クライアント装置及び生体認証サーバ装置 | |
WO2020121458A1 (ja) | 照合システム、クライアントおよびサーバ | |
KR102424873B1 (ko) | 비밀번호 및 행동 패턴을 이용한 멀티 팩터 인증 시스템 및 방법 | |
KR20190048422A (ko) | 인증 시스템 및 방법 | |
WO2020121459A1 (ja) | 認証システム、クライアントおよびサーバ | |
KR20200137126A (ko) | 생체 정보 등록 장치 및 방법, 생체 인증 장치 및 방법 | |
JP2006277471A (ja) | 擬似生体認証システム、擬似生体認証方法、及び擬似生体認証プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21922899 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2022577957 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18274667 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21922899 Country of ref document: EP Kind code of ref document: A1 |