WO2022269914A1 - 端末装置、暗号化情報変換装置、照合システム、入力情報暗号化方法、暗号化情報変換方法、照合方法、入力情報暗号化プログラム、及び暗号化情報変換プログラム - Google Patents

端末装置、暗号化情報変換装置、照合システム、入力情報暗号化方法、暗号化情報変換方法、照合方法、入力情報暗号化プログラム、及び暗号化情報変換プログラム Download PDF

Info

Publication number
WO2022269914A1
WO2022269914A1 PCT/JP2021/024182 JP2021024182W WO2022269914A1 WO 2022269914 A1 WO2022269914 A1 WO 2022269914A1 JP 2021024182 W JP2021024182 W JP 2021024182W WO 2022269914 A1 WO2022269914 A1 WO 2022269914A1
Authority
WO
WIPO (PCT)
Prior art keywords
parameter
encrypted
input information
information
conversion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2021/024182
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
健吾 森
寿幸 一色
紗菜美 中川
寛人 田宮
成泰 奈良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Corp
Original Assignee
NEC Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Corp filed Critical NEC Corp
Priority to JP2023529418A priority Critical patent/JP7586324B2/ja
Priority to US18/570,734 priority patent/US12489619B2/en
Priority to PCT/JP2021/024182 priority patent/WO2022269914A1/ja
Publication of WO2022269914A1 publication Critical patent/WO2022269914A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Definitions

  • the present invention relates to a terminal device, an encrypted information conversion device, a verification system, an input information encryption method, an encrypted information conversion method, a verification method, an input information encryption program, and an encrypted information conversion program.
  • biometric authentication technology that performs authentication by matching biometric information such as fingerprints, veins, irises, and facial images has been widely used.
  • biometric authentication technology a feature amount is extracted from a user's biometric information and stored as registration information, and authentication is determined by matching the feature amount of the user's biometric information input for authentication with the registration information.
  • Biometric authentication technology has the advantage of reducing the risk of loss or theft compared to authentication technology that uses IC cards, etc. However, even if biometric information is leaked, it cannot be destroyed or updated. can't do In other words, the leakage of biometric information poses not only a problem related to the biometric personal information related to the leaked biometric information, but also a problem of impairing the security of an authentication system using the biometric information related to the leaked biometric information.
  • cancelable biometrics the elements of feature values extracted from biometric information are encrypted by rearranging them using a secret key to generate registration information.
  • verification information is generated by encrypting features extracted from biometric information input at the time of authentication using the same secret key as at the time of registration. That is, when recreating the registration information, it is possible to invalidate the generated registration information by using a different secret key. Encryption in cancelable biometrics is called "cancellable conversion" due to the nature of such registration information.
  • a cancelable transformation for example, in Non-Patent Document 1, an image of feature points obtained from a fingerprint or the like is divided into blocks, and the divided images are rearranged using a secret key to obtain registration information and verification information. has been proposed to generate
  • the same secret key is used at the time of registration and at the time of verification to convert the elements of feature values extracted from biometric information. Therefore, in order to reduce the risk of leakage of biometric information, it is desirable to collate the registered information and the collation information in the cancelable-converted state. Also, when matching registered information with matching information, it is desirable to perform cancelable conversion so as to obtain matching accuracy comparable to that of conventional biometric authentication technology.
  • An object of the present invention is to provide a terminal device, an encrypted information conversion device, an encrypted information conversion device, and a terminal device that realizes encryption processing capable of suppressing deterioration of collation accuracy and reducing the risk of information leakage.
  • a verification system, an input information encryption method, an encrypted information conversion method, a verification method, an input information encryption program, and an encrypted information conversion program are provided.
  • a terminal device of the present invention is a terminal device that encrypts input information input for verification, and includes a terminal-side storage area that stores a first parameter, a terminal-side acquisition unit that acquires a second parameter, a transformation parameter generation unit that performs transformation parameter generation processing for generating transformation parameters based on the first parameter and the second parameter; and encrypted input information by encrypting the input information using the transformation parameter. and an encryption information generation unit that generates the encryption information.
  • the encrypted information conversion apparatus of the present invention encrypts input information input for verification with a conversion parameter generated using a first parameter and a second parameter, and converts the encrypted input information into An encrypted information conversion apparatus for converting into updated encrypted input information, comprising: a conversion-side storage area for storing the first parameter; the second parameter used to generate the encrypted input information; a conversion-side acquisition unit that acquires a third parameter different from the second parameter; and an encryption conversion parameter for converting the encrypted input information using the first parameter, the second parameter, and the third parameter. and an update information generator generating the updated encrypted input information by converting the encrypted input information using the encrypted conversion parameter.
  • the encrypted information conversion apparatus of the present invention encrypts input information input for verification with a conversion parameter generated using a first parameter and a second parameter, and converts the encrypted input information into An encrypted information conversion apparatus for converting into updated encrypted input information, comprising: a conversion-side storage area for storing a plurality of master parameters including the first parameter; a conversion-side acquisition unit that acquires second parameters; an encryption conversion parameter generation unit that generates encryption conversion parameters for converting the encrypted input information using the plurality of master parameters and the second parameters; an update information generation unit that generates the updated encrypted input information by converting the encrypted input information using the encryption conversion parameter.
  • a verification system of the present invention is a terminal device for encrypting input information input for verification, comprising a terminal-side storage area for storing a first parameter, a terminal-side acquisition unit for acquiring a second parameter, a transformation parameter generation unit that performs transformation parameter generation processing for generating transformation parameters based on the first parameter and the second parameter; and encrypted input information by encrypting the input information using the transformation parameter.
  • a terminal device comprising: an encrypted information generating unit for generating; and first input information input to the terminal device for verification, generated by the encrypted information generating unit encrypting the first input information using the conversion parameter. and second encrypted input information generated by encrypting second input information different from the first input information input to the terminal device for verification and a matching processing unit that performs a matching process for matching the first input information and the second input information based on the input information.
  • a verification system of the present invention is a terminal device for encrypting input information input for verification, comprising a terminal-side storage area for storing a first parameter, a terminal-side acquisition unit for acquiring a second parameter, a transformation parameter generation unit that performs transformation parameter generation processing for generating transformation parameters based on the first parameter and the second parameter; and encrypted input information by encrypting the input information using the transformation parameter.
  • a terminal device comprising: an encrypted information generation unit for generating; Generated third encrypted input information; and fourth encrypted input information generated by encrypting fourth input information different from the third input information input to the terminal device for verification; and a matching processing unit that performs a matching process for matching the third input information and the fourth input information based on.
  • An input information encryption method includes performing transformation parameter generation processing for generating transformation parameters based on a first parameter stored in a storage area and a second parameter different from the first parameter; and generating encrypted input information by encrypting input information input for using the transformation parameters.
  • the encrypted input information generated by encrypting the input information input for verification with the conversion parameters generated using the first parameter and the second parameter is An encrypted information conversion method for converting to updated encrypted input information, comprising: obtaining the second parameter used to generate the encrypted input information; and a third parameter different from the second parameter. and generating an encryption conversion parameter for converting the encrypted input information using the first parameter stored in a storage area and the obtained second parameter and third parameter and generating the updated encrypted input information by transforming the encrypted input information using the cryptographic transformation parameters.
  • the encrypted input information generated by encrypting the input information input for verification with the conversion parameters generated using the first parameter and the second parameter is An encrypted information conversion method for converting to updated encrypted input information, comprising: obtaining the second parameter used to generate the encrypted input information; generating encryption conversion parameters for converting the encrypted input information using the master parameters other than the parameters and the second parameters; and converting the encrypted input information using the encryption conversion parameters. thereby generating said updated encrypted input information.
  • a matching method includes performing transformation parameter generation processing for generating transformation parameters based on a first parameter stored in a storage area of a terminal device and a second parameter different from the first parameter; generating encrypted input information by encrypting input information input for verification using the transformation parameter; and encrypting first input information for verification using the transformation parameter. and second encrypted input information generated by encrypting second input information different from the first input information input for verification and performing a matching process for matching the first input information and the second input information.
  • a matching method includes performing transformation parameter generation processing for generating transformation parameters based on a first parameter stored in a storage area of a terminal device and a second parameter different from the first parameter; generating encrypted input information by encrypting the input information input for Third encrypted input information generated by encryption and fourth encrypted input information generated by encrypting fourth input information different from the third input information input for verification and performing a matching process for matching the third input information and the fourth input information based on.
  • An input information encryption program of the present invention performs transformation parameter generation processing for generating transformation parameters based on a first parameter stored in a storage area and a second parameter different from the first parameter; and generating encrypted input information by encrypting input information input for using the transformation parameters.
  • the encrypted information conversion program of the present invention encrypts input information input for verification with a conversion parameter generated using a first parameter and a second parameter, and converts the encrypted input information into An encrypted information conversion program for converting to updated encrypted input information, comprising: obtaining the second parameter used to generate the encrypted input information; and a third parameter different from the second parameter. and generating an encryption conversion parameter for converting the encrypted input information using the first parameter stored in a storage area and the obtained second parameter and third parameter and generating the updated encrypted input information by transforming the encrypted input information using the cryptographic transformation parameters.
  • the encrypted information conversion program of the present invention encrypts input information input for verification with a conversion parameter generated using a first parameter and a second parameter, and converts the encrypted input information into An encrypted information conversion program for converting into updated encrypted input information, comprising obtaining the second parameter used to generate the encrypted input information; generating encryption conversion parameters for converting the encrypted input information using the master parameters other than the parameters and the second parameters; and converting the encrypted input information using the encryption conversion parameters. causes a processor to perform: generating said updated encrypted input information.
  • a terminal device an encrypted information conversion device, a verification system, an input information encryption method, and an encryption method that realize encryption processing capable of suppressing deterioration of verification accuracy and reducing the risk of information leakage.
  • An information conversion method, a matching method, an input information encryption program, and an encrypted information conversion program can be provided. It should be noted that other effects may be achieved by the present invention instead of or in addition to the above effects.
  • FIG. 1 is a diagram illustrating an operation form of a collation system according to the first embodiment.
  • FIG. 2 is a block diagram illustrating the hardware configuration of an information processing device included in the matching system according to the first embodiment.
  • FIG. 3 is a diagram showing an overview of cancelable biometrics.
  • FIG. 4 is a functional block diagram showing the functional configuration of the terminal device according to the first embodiment.
  • FIG. 5 is an explanatory diagram for explaining encryption of information in the conversion processing unit according to the first embodiment.
  • FIG. 6 is a functional block diagram showing the functional configuration of the sub-parameter generation device according to the first embodiment.
  • FIG. 7 is a functional block diagram showing the functional configuration of the matching device according to the first embodiment.
  • FIG. 1 is a diagram illustrating an operation form of a collation system according to the first embodiment.
  • FIG. 2 is a block diagram illustrating the hardware configuration of an information processing device included in the matching system according to the first embodiment.
  • FIG. 3 is a diagram showing an overview of cancelable biometric
  • FIG. 8 is an explanatory diagram for explaining the process of converting the encrypted input information by the update information generation unit according to the first embodiment.
  • FIG. 9 is a sequence diagram showing the flow of processing for encrypting feature amount data according to the first embodiment.
  • FIG. 10 is a diagram illustrating a configuration of information stored in a database according to the first embodiment;
  • FIG. 11 is a sequence diagram illustrating a flow of processing for collating encrypted information according to example 1 of the first embodiment.
  • FIG. 12 is a sequence diagram showing the flow of encrypted data conversion processing according to the first embodiment.
  • FIG. 13 is a flowchart showing the flow of processing for generating encryption conversion parameters according to the first embodiment.
  • FIG. 14 is a sequence diagram illustrating a flow of processing for collating encrypted information according to Example 2 of the first embodiment.
  • FIG. 15 is an explanatory diagram for explaining cancelable conversion using a Hamming distance mask in Modification 1 of the first embodiment.
  • FIG. 16 is a flowchart showing the flow of processing for generating encryption conversion parameters according to Modification 2 of the first embodiment.
  • 17 is a functional block diagram showing a functional configuration of a terminal device according to modification 3 of the first embodiment;
  • FIG. 18 is a diagram illustrating an example of an operation form of a collation system according to the second embodiment.
  • FIG. 19 is a functional block diagram showing the functional configuration of the determination device according to the second embodiment.
  • FIG. 20 is a functional block diagram showing the internal configuration of a collation processing unit according to the second embodiment.
  • FIG. 21 is a model diagram showing an overview of matching processing using homomorphic arithmetic processing in the matching system according to the second embodiment.
  • FIG. 22 is a block diagram illustrating a schematic configuration of a terminal device according to the third embodiment;
  • FIG. 23 is a block diagram illustrating a schematic configuration of an encrypted information conversion device according to the third embodiment.
  • FIG. 24 is a diagram showing a schematic configuration of a collation system according to the third embodiment.
  • biometric authentication technology that performs authentication by matching biometric information such as fingerprints, veins, irises, and facial images has been widely used.
  • biometric authentication technology a feature amount is extracted from a user's biometric information and stored as registration information, and authentication is determined by matching the feature amount of the user's biometric information input for authentication with the registration information.
  • Biometric authentication technology has the advantage of reducing the risk of loss or theft compared to authentication technology that uses IC cards, etc. However, even if biometric information is leaked, it cannot be destroyed or updated. can't do In other words, the leakage of biometric information poses not only a problem related to the biometric personal information related to the leaked biometric information, but also a problem of impairing the security of an authentication system using the biometric information related to the leaked biometric information.
  • cancelable biometrics the elements of feature values extracted from biometric information are encrypted by rearranging them using a secret key to generate registration information.
  • verification information is generated by encrypting features extracted from biometric information input at the time of authentication using the same secret key as at the time of registration. That is, when recreating the registration information, it is possible to invalidate the generated registration information by using a different secret key. Encryption in cancelable biometrics is called "cancellable conversion" due to the nature of such registration information.
  • a cancelable transformation for example, a method has been proposed in which registration information and verification information are generated by dividing an image of feature points obtained from a fingerprint or the like into blocks and rearranging the divided images using a secret key. ing.
  • the same secret key is used at the time of registration and at the time of verification to convert the elements of feature values extracted from biometric information. Therefore, in order to reduce the risk of leakage of biometric information, it is desirable to collate the registered information and the collation information in the cancelable-converted state. Also, when matching registered information with matching information, it is desirable to perform cancelable conversion so as to obtain matching accuracy comparable to that of conventional biometric authentication technology.
  • a terminal device an encrypted information conversion device, a verification system, and an input information encryption that realize encryption processing capable of suppressing deterioration of verification accuracy and reducing the risk of information leakage.
  • An object of the present invention is to provide an encryption method, an encrypted information conversion method, a collation method, an input information encryption program, and an encrypted information conversion program.
  • a terminal device that encrypts input information input for verification has a terminal-side storage area that stores a first parameter and a terminal-side storage area that acquires a second parameter.
  • an acquisition unit a transformation parameter generation unit that performs transformation parameter generation processing for generating transformation parameters based on the first parameter and the second parameter, and an encryption method that encrypts the input information using the transformation parameters and an encrypted information generator for generating encrypted input information.
  • the encrypted input information generated by encrypting the input information input for verification with the conversion parameter generated using the first parameter and the second parameter is updated.
  • An encrypted information conversion device for converting into encrypted input information has a conversion-side storage area for storing the first parameter, the second parameter used to generate the encrypted input information, and the second parameter. a conversion-side acquisition unit that acquires a third parameter different from the above; and generates an encryption conversion parameter for converting the encrypted input information using the first parameter, the second parameter, and the third parameter.
  • An encryption conversion parameter generation unit, and an update information generation unit that generates the updated encryption input information by converting the encryption input information using the encryption conversion parameter.
  • First Embodiment> A first embodiment of the present invention will be described below with reference to FIGS. 1 to 15.
  • FIG. 1 is a diagram showing an example of an operation form of a collation system 1000A according to the first embodiment of the invention.
  • a verification system 1000A includes a terminal device 1, a subparameter generation device 2, a verification device 3, and a database (Data Base, hereinafter sometimes referred to as "DB") 4 connected via a network 5. configured.
  • the input information input to the verification system 1000A is, for example, biometric information of the user such as fingerprints, veins, irises, and facial images. Information including data requiring high confidentiality and security is also one type of input information.
  • the terminal device 1 is an information processing device such as a computer or server in which a program for encrypting input information input to the verification system 1000A is installed.
  • the terminal device 1 is implemented by, for example, a portable information processing terminal such as a smart phone, an ATM (Automatic Teller Machine), a PC (Personal Computer) to which a sensor for detecting biological information is connected, or the like. The details of the process of encrypting information by the terminal device 1 will be described later.
  • Input information encrypted by the terminal device 1 (hereinafter sometimes referred to as “encrypted input information”) is stored in the DB 4 .
  • the sub-parameter generation device 2 is an information processing device in which a program for generating sub-parameters for generating conversion parameters used when encrypting the user's biometric information is installed.
  • the sub-parameter generating device 2 generates, as sub-parameters, for example, a second random number seed for generating random numbers, an encryption parameter, and the like. Further, the sub-parameter generation device 2 may generate sub-parameters based on a character string input to the sub-parameter generation device 2 by the user.
  • the subparameter generation device 2 transmits the generated subparameters to the terminal device 1 and the verification device 3 via the network 5 .
  • the sub-parameter generation device 2 is an example of the parameter transmission device of this embodiment.
  • the verification device 3 is an information processing device in which a program for verifying input information of the verification system 1000A based on the encrypted information generated by the terminal device 1 is installed.
  • the verification device 3 collates the feature quantity of the user's biometric information stored in the DB 4 with the feature quantity of the user's biometric information acquired from the terminal device 1 in biometric authentication technology, for example.
  • the verification device 3 also generates encryption conversion parameters based on the sub-parameters received from the sub-parameter generation device 2, and converts the encrypted input information stored in the DB 4 using the generated encryption conversion parameters. That is, the verification device 3 is an example of the encrypted information conversion device of this embodiment.
  • the encrypted input information converted by the verification device 3 (hereinafter sometimes referred to as “updated encrypted input information”) may be stored in the DB 4 .
  • the verification system 1000A may perform user authentication based on the result of verification processing performed by the verification device 3 .
  • the DB 4 is a storage medium for storing information, and stores, for example, encrypted input information generated by the terminal device 1, updated encrypted input information generated by the verification device 3, and the like.
  • FIG. 1 shows the collation device 3 and the DB 4 as independent elements, the DB 4 may be mounted on a storage medium such as an HDD (Hard Disk Drive) provided in the collation device 3 .
  • HDD Hard Disk Drive
  • FIG. 1 shows an example in which the sub-parameter generation device 2 is connected to the network 5, it does not necessarily have to be connected to the network 5.
  • the sub-parameter generation device 2 may be connected to the terminal device 1 and the verification device 3 via a USB (Universal Serial Bus) or the like.
  • the terminal device 1 only needs to be connected to the DB 4 when transmitting the encrypted input information to the DB 4 .
  • the verification device 3 may be connected to the terminal device 1 or the DB 4 when communicating.
  • the sub-parameter generation device 2 only needs to be connected to the terminal device 1 or the verification device 3 when transmitting the sub-parameters.
  • the verification system 1000A may include another information processing device that has the same elements as the terminal device 1 .
  • FIG. 2 is a block diagram showing the hardware configuration of the information processing device.
  • a CPU Central Processing Unit
  • ROM Read Only Memory
  • RAM Random Access Memory
  • storage medium 14 a storage medium 14
  • I/F interface
  • an input unit 17, a display unit 18, a sensor 19, and a network 5 are connected to the I/F 15.
  • the CPU 11 is computing means and controls the operation of the entire information processing apparatus.
  • the RAM 13 is a volatile storage medium from which information can be read and written at high speed, and is used as a working area when the CPU 11 processes information.
  • the ROM 12 is a read-only non-volatile storage medium and stores programs such as firmware.
  • the storage medium 14 is a non-volatile storage medium such as an HDD that can read and write information, and stores information such as an OS (Operating System), various control programs, and application programs.
  • the I/F 15 connects and controls the bus 16, various hardware, the network 5, and the like.
  • the input unit 17 is an input device such as a keyboard and a mouse for the user to input information to the information processing device.
  • the display unit 18 is a display device such as an LCD (Liquid Crystal Display) for the user to check the state of the information processing device.
  • the sensor 19 is a module that acquires the user's biometric information such as fingerprints, veins, and facial images. Note that the sensor 19 can be omitted. In this case, the terminal device 1 may acquire the user's biological information via an information processing device connected to the network 5 or the I/F 15 .
  • the CPU 11 of the terminal device 1 performs calculations according to a program stored in the ROM 12 of the terminal device 1 or a program loaded from the storage medium 14 of the terminal device 1 to the RAM 13 of the terminal device 1. , constitute a software control unit of the terminal device 1 .
  • a functional block that implements the functions of the controller 100 (see FIG. 4) of the terminal device 1 according to the present embodiment is configured by combining the software control unit configured as described above and hardware.
  • sub-parameter generation is performed according to the program stored in the ROM 12 of the sub-parameter generation device 2 or the program loaded from the storage medium 14 of the sub-parameter generation device 2 to the RAM 13 of the sub-parameter generation device 2.
  • a software control unit of the sub-parameter generation device 2 is configured by the CPU 11 of the device 2 performing calculations.
  • a functional block that realizes the functions of the controller 200 (see FIG. 6) of the sub-parameter generation device 2 according to the present embodiment is configured by combining the software control unit configured as described above and hardware.
  • the CPU 11 of the verification device 3 performs calculations according to programs stored in the ROM 12 of the verification device 3 and programs loaded from the storage medium 14 of the verification device 3 to the RAM 13 of the verification device 3.
  • the software control section of the verification device 3 is configured.
  • a functional block that implements the functions of the controller 300 (see FIG. 7) of the matching device 3 according to the present embodiment is configured by combining the software control unit configured as described above and the hardware.
  • FIG. 3 is a diagram showing an overview of cancelable biometrics.
  • biometric authentication technology user's biometric information such as fingerprints, veins, irises, and facial images is registered in advance, and authentication is judged based on the result of comparison with the user's biometric information input at the time of authentication. .
  • biometric information is leaked, there is not only a problem related to the biometric personal information related to the leaked biometric information, but also a problem that the security of the authentication system using the biometric information related to the leaked biometric information is impaired. .
  • authentication is performed using registration information in which the biometric information is concealed, and in the event that the registration information is leaked, the leaked registration information is invalidated in order to protect the user's biometric information.
  • a technique called “cancellable biometrics" is used.
  • a feature amount is extracted from the biometric information.
  • the vector feature data is extracted.
  • feature-value data x which is a vector
  • the replacement key is used to encrypt the feature amount data x (equation 1-1).
  • the replacement key K which is a vector
  • the encrypted data T which is a vector
  • the replacement key K corresponds to a randomly generated encryption key.
  • the transformation function F is a function that unidirectionally transforms (irreversibly transforms) input data (here, feature data x).
  • the encrypted data T corresponds to data obtained by converting the feature amount data x by the conversion function F using the replacement key K.
  • FIG. Also, the encrypted data T is one of registration information used for matching, and is stored in a storage device such as DB4.
  • a feature amount is extracted from biometric information.
  • the vector feature data is extracted.
  • the feature amount data y which is a vector
  • feature-value data y which is a vector
  • the feature amount data y is encrypted by one-way transformation using the replacement key K (equation 1-2).
  • the encrypted data T' which is a vector, may be simply referred to as "encrypted data T'".
  • the encrypted data T' corresponds to data obtained by converting the feature amount data y by a conversion function F using the same replacement key K as the encrypted data T.
  • the encrypted data T′ corresponds to information to be collated with the encrypted data T.
  • the encrypted data T obtained by encrypting the feature amount data x and the encrypted data T' obtained by encrypting the feature amount data y are collated in an encrypted state.
  • feature amount data is encrypted by a conversion function F using the same replacement key K at the time of registration and at the time of authentication. . That is, the degree of similarity between the feature amount data x and the feature amount data y is preserved even after conversion by the conversion function F using the replacement key K.
  • feature amount data x and feature amount data y close to feature amount data x are extracted from the fingerprint of the middle finger of the right hand of the same person as biometric information.
  • the encrypted data T is generated by transforming the feature amount data x
  • the encrypted data T' is generated by transforming the feature amount data y close to the feature amount data x. Therefore, since the degree of similarity between the encrypted data T and the encrypted data T' is equal to the degree of similarity between the feature amount data x and the feature amount data y, the encrypted data T and the encrypted data T' are close to each other. Data.
  • the replacement key K1 which is a vector
  • the replacement key K2 which is a vector
  • replacement key K2 replacement key K2
  • the transformation function F is a function that unidirectionally transforms the input data. That is, when the replacement key K 1 ⁇ the replacement key K 2 , the data T 1 output by the conversion function F when the replacement key K 1 is used for the feature amount data x is obtained by using the replacement key K 2 . Sometimes, it is different from the data T2 output by the conversion function F. As described above, cancelable biometrics does not use information about the replacement key K1 and the replacement key K2 at the time of matching.
  • cancelable biometrics different data T1 and data T2 are generated by using different replacement keys K1 and K2 for the same data. Using such characteristics, in cancelable biometrics, by changing the replacement key K, registration information stored in a database or the like can be invalidated.
  • the data conversion method in cancelable biometrics may be referred to as "cancellable conversion”.
  • FIG. 4 is a functional block diagram showing the functional configuration of the terminal device 1.
  • the terminal device 1 includes a controller 100 and a network I/F 101 that is an interface for the controller 100 to exchange information with other devices via the network 5 .
  • the controller 100 performs processing for encrypting information acquired via the network I/F 101.
  • the controller 100 is implemented by installing a dedicated software program in an information processing device such as the terminal device 1 .
  • the controller 100 includes a sub-parameter acquisition section 110 , a feature amount calculation section 120 , a storage area 130 , a parameter generation section 140 and a conversion processing section 150 .
  • the sub-parameter acquisition unit 110 acquires sub-parameters (for example, sub-parameter vpi1 or sub-parameter vpi2) generated by the sub-parameter generation device 2 via the network I/F 101 .
  • the sub-parameter acquisition unit 110 is an example of the terminal-side acquisition unit of this embodiment.
  • the sub-parameter vpi1 is an example of the second parameter.
  • the feature amount calculation unit 120 performs processing for extracting feature amounts from the user's biological information acquired by the sensor 19 of the terminal device 1 .
  • the information of the feature amount related to the biometric information of the user may be input to the terminal device 1 .
  • the feature amount calculator 120 may be omitted.
  • the storage area 130 stores a master parameter (for example, master parameter vpm1) that is different from the sub-parameter and is used to generate the transformation parameter vp together with the sub-parameter.
  • a master parameter in this embodiment is a parameter that is uniquely determined for the terminal device 1 .
  • the master parameter vpm1 is an example of the first parameter of this embodiment.
  • Storage area 130 may store a first random number seed for generating random numbers as a master parameter.
  • Storage area 130 may also store a secret key for decrypting encrypted parameters as a master parameter.
  • the storage area 130 is an example of the terminal-side storage area of this embodiment.
  • the terminal device 1 and the other information processing device may have a common master parameter (for example, master parameter vpm1) may be stored.
  • the master parameters may be stored in the storage area 130 when product shipment of the terminal device 1 or activation of the terminal device 1 is performed.
  • the parameter generation unit 140 encrypts information input to the terminal device 1 based on the master parameter (for example, master parameter vpm1) stored in the storage area 130 and the sub-parameter acquired from the sub-parameter generation device 2. Transformation parameter generation processing for generating transformation parameters for conversion is performed. A specific aspect of the processing in which the parameter generation unit 140 generates the transformation parameters will be described later.
  • the parameter generator 140 is an example of the conversion parameter generator of this embodiment.
  • the conversion parameters generated by the parameter generation unit 140 may be stored in the storage area 130.
  • input information for example, feature amount data x or feature The quantity data y
  • input information can be encrypted.
  • the conversion processing unit 150 generates encrypted input information by encrypting the information input to the terminal device 1 using the conversion parameters generated by the parameter generation unit 140 .
  • the conversion processing unit 150 is an example of the encryption information generation unit of this embodiment.
  • the encrypted data T and the encrypted data T' are examples of the encrypted input information of this embodiment.
  • Network I/F 101 transmits the encrypted input information generated by conversion processing unit 150 to verification device 3 .
  • the network I/F 101 transmits encrypted input information generated by the conversion processing unit 150 to the DB 4.
  • the DB 4 associates and stores the encrypted input information received from the terminal device 1 and identification information such as a user ID that can identify the user. Identification information such as a user ID that can identify a user corresponds to information such as an identifier preset for each user or terminal device 1 .
  • FIG. 5 is an explanatory diagram for explaining encryption of information in the conversion processing unit 150.
  • the terminal device 1 receives the feature amount data x.
  • the feature amount data x is an example of input information, first input information, and third input information in this embodiment.
  • the feature amount data x is a d-dimensional data set (the number of dimensions is d), as shown in (Equation 2-1).
  • the conversion processing unit 150 encrypts the feature amount data x based on the conversion parameter vp generated by the parameter generation unit 140 .
  • the parameter generation unit 140 generates, as the transformation parameter vp, a permutation key K for one-way transformation of the arrangement order of the elements of each dimension included in the feature amount data x.
  • the 0th dimension element (x[0]) of the feature amount data x is arranged in the d ⁇ 1 dimension
  • the 1st dimension element (x[1]) of the feature amount data x is Arrange in the d-2nd dimension, arrange the d-2nd dimension element (x[d-2]) of the feature amount data x in the 1st dimension, and arrange the d-1th dimension element (x[ d ⁇ 1]) are defined in the 0th dimension.
  • the conversion processing unit 150 encrypts the feature amount data x using the replacement key K, so that the encrypted data to generate
  • the encrypted data T is an example of encrypted input information in this embodiment.
  • the conversion processing unit 150 rearranges the 0th dimension element (x[0]) of the feature amount data x to the d ⁇ 1th dimension (x′[d ⁇ 1]) of the encrypted data T. Further, the conversion processing unit 150 rearranges the first-dimensional element (x[1]) of the feature amount data x into the d ⁇ 2nd dimension (x′[d ⁇ 2]) of the encrypted data T. FIG. Further, the conversion processing unit 150 rearranges the d ⁇ 2nd dimension element (x[d ⁇ 2]) of the feature amount data x to the 1st dimension (x′[1]) of the encrypted data T.
  • the conversion processing unit 150 rearranges the d ⁇ 1th dimension element (x[d ⁇ 1]) of the feature amount data x to the 0th dimension (x′[0]) of the encrypted data T.
  • the conversion processing unit 150 generates the encrypted data T by permuting the feature amount data x using the replacement key K.
  • the feature amount calculation unit 120, the storage area 130, the parameter generation unit 140, and the conversion processing unit 150 are provided in the protected area 102 provided in the terminal device 1.
  • the protected area 102 is separated from the normal area on the controller 100 in the memory (ROM 12 and RAM 13) space of the terminal device 1 by using technologies such as Arm's TrustZone (registered trademark) and RISC-V Foundation's KeyStone. Refers to a constructed space (Secure World) that is more secure than the normal area on the controller 100 .
  • a protection area 102 is provided on the controller 100, and a feature amount calculation unit 120, a storage area 130, a parameter generation unit 140, and a conversion processing unit 150 are implemented in the protection area 102. , the transformation parameter vp generated by the parameter generation unit 140, and the encrypted data T can be prevented from leaking.
  • FIG. 6 is a functional block diagram showing the functional configuration of the sub-parameter generator 2.
  • the sub-parameter generation device 2 includes a controller 200 and a network I/F 201 that is an interface for the controller 200 to exchange information with other devices via the network 5 .
  • the controller 200 performs processing for generating sub-parameters (for example, sub-parameter vpi1 or sub-parameter vpi2) and transmitting them to the terminal device 1 and the verification device 3 via the network I/F 101.
  • the controller 200 is implemented by installing a dedicated software program in an information processing device such as the sub-parameter generation device 2 or the like.
  • Controller 200 includes sub-parameter generator 210 , sub-parameter transmitter 220 , and sub-parameter storage 230 .
  • the sub-parameter generation unit 210 generates a sub-parameter vpi1 for the terminal device 1 to generate the conversion parameter vp.
  • the sub-parameter generating unit 210 generates, for example, a second random number seed for generating random numbers as the sub-parameter vpi1.
  • the sub-parameter generator 210 can also generate a sub-parameter (for example, sub-parameter vpi2) different from the sub-parameter vpi1.
  • the sub-parameter transmission unit 220 transmits the sub-parameter vpi1 (or sub-parameter vpi2) generated by the sub-parameter generation unit 210 to the terminal device 1 and/or the verification device 3 via the network I/F 201.
  • the sub-parameter storage unit 230 stores sub-parameters such as the sub-parameter vpi1 and the sub-parameter vpi2 generated by the sub-parameter generation unit 210.
  • the sub-parameter storage unit 230 stores identification information identifying the terminal device 1 that is the destination of the sub-parameter vpi1 (or sub-parameter vpi2), or the terminal device 1 that is the destination of the sub-parameter vpi1 (or sub-parameter vpi2). may be stored in association with the sub-parameter vpi1 for identifying the user who has entered the biometric information in the sub-parameter vpi1.
  • FIG. 7 is a functional block diagram showing the functional configuration of the matching device 3.
  • the verification device 3 includes a controller 300 and a network I/F 301 that is an interface for the controller 300 to exchange information with other devices via the network 5 .
  • the controller 300 performs processing for collating information acquired via the network I/F 101 .
  • the controller 300 is implemented by installing a dedicated software program in an information processing device such as the verification device 3 .
  • Controller 300 includes sub-parameter acquisition section 310 , storage area 320 , parameter generation section 330 , update information generation section 340 , and verification processing section 350 .
  • the sub-parameter acquisition unit 310 acquires sub-parameters (eg, sub-parameter vpi1 and sub-parameter vpi2) generated by the sub-parameter generation device 2 via the network I/F 301 .
  • the sub-parameter acquisition unit 310 is an example of the conversion-side acquisition unit of this embodiment.
  • the storage area 320 stores parameters that are different from the sub-parameters vpi1 and sub-parameters vpi2 and that are the same as the master parameters used in the terminal device 1 to generate the conversion parameters vp (for example, the master parameter vpm1). ing.
  • the master parameter vpm1 is a parameter that is uniquely determined for the terminal device 1 .
  • the storage area 320 stores master parameters stored in the terminal devices 1 that may be connected to the verification device 3 . That is, when the terminal device 1 and another information processing device having elements corresponding to the terminal device 1 are connected to the verification device 3, the storage area 320 stores a plurality of parameters including the master parameter vpm1 of the terminal device 1. Master parameters may be stored.
  • the storage area 320 is an example of the conversion-side storage area of this embodiment.
  • the parameter generation unit 330 converts the encrypted input information received from the terminal device 1 based on the master parameter vpm1 stored in the storage area 320 and the sub-parameter vpi1 and sub-parameter vpi2 acquired from the sub-parameter generation device 2. Generate cryptographic conversion parameters vp' for conversion. Specifically, the parameter generation unit 330 generates the master parameter vpm1 stored in the storage area 320, the sub-parameter vpi1 received from the sub-parameter generation device 2, the sub-parameter vpi1 different from the sub-parameter vpi1 (for example, the sub-parameter vpi2 ) to generate the encryption conversion parameter vp′. A specific aspect of the processing in which the parameter generation unit 330 generates the encryption conversion parameter vp' will be described later.
  • the parameter generator 330 is an example of the encryption conversion parameter generator of this embodiment.
  • the update information generation unit 340 converts the encrypted input information received from the terminal device 1 using the encryption conversion parameter vp' generated by the parameter generation unit 330, thereby generating updated encrypted input information.
  • the update information generating section 340 encrypts the encrypted input information acquired from the terminal device 1 will be described.
  • FIG. 8 is an explanatory diagram for explaining the process in which the update information generation unit 340 converts the encrypted input information.
  • the update information generator 340 converts the encrypted data T using the conversion parameter vp.
  • the feature amount data x is a five-dimensional (five-dimensional) data set (see FIG. 8, left uppermost). .
  • the conversion processing unit 150 generates the encrypted data T by encrypting the feature amount data x using the conversion parameter vp.
  • the parameter generation unit 140 generates, as the transformation parameter vp, a permutation key K for one-way transformation of the arrangement order of the elements of each dimension included in the feature amount data x.
  • the 0th dimension element (x[0]) of the feature amount data x is arranged in the fourth dimension
  • the 1st dimension element (x[1]) of the feature amount data x is arranged in the 1st dimension.
  • parameters for rearranging the fourth-dimensional element (x[4]) of the feature amount data x into the second dimension are defined.
  • the conversion processing unit 150 encrypts the feature amount data x using the replacement key K, so that the encrypted data (See FIG. 8, second row from the top on the left).
  • the terminal device 1 then transmits the encrypted data T to the verification device 3 .
  • FIG. Encrypted data can be generated (Fig. 8, bottom left).
  • the encrypted data T'' which is a vector, may be simply referred to as "encrypted data T''".
  • the arrangement order of the elements of the encrypted data T'' generated using the replacement key K' for the feature amount data x is determined by the feature amount data
  • the arrangement order of the elements of the encrypted data T generated using the replacement key K for x is different.
  • the encrypted data T generated using the replacement key K for the feature amount data x is encrypted using the replacement key K′ for the feature amount data x. It can be invalidated by the validation data T''.
  • the present embodiment can convert the encrypted data T without inversely converting the encrypted data T into the feature amount data x in the update information generation unit 340 .
  • the storage area 130 and the storage area 320 store the master parameter vpm1.
  • the master parameter vpm1 is a parameter used by the terminal device 1 to generate the conversion parameter vp.
  • the sub-parameter acquisition unit 310 receives the sub-parameter vpi1 from the sub-parameter generation device 2 .
  • the sub-parameter vpi1 is a parameter transmitted from the sub-parameter generation device 2 to the terminal device 1 to generate the transformation parameter vp.
  • the sub-parameter generation device 2 can transmit sub-parameters different from the sub-parameter vpi1 (for example, sub-parameter vpi2) to the verification device 3.
  • the parameter generator 330 generates an encryption conversion parameter vp' using the master parameter vpm1, the sub-parameter vpi1, and the sub-parameter vpi2.
  • the encryption conversion parameter vp' is a parameter for converting the encrypted data T into the updated encrypted data T3.
  • the update information generator 340 converts the encrypted data T (see the upper right side of FIG. 8) using the encryption conversion parameter vp′ to generate updated encrypted data T3 (see the lower right side of FIG. 8). ).
  • the encrypted update data T3 is an example of the encrypted update input information of this embodiment. As shown in FIG. 8, the arrangement order of the elements included in the updated encrypted data T3 is the same as the arrangement order of the elements included in the encrypted data T''.
  • the feature amount data y is data close to the feature amount data x
  • the feature amount data y is cancelably transformed by the replacement key K'.
  • the feature amount data y and the feature amount data x are data close to each other
  • the feature amount data y is converted into the encrypted data T'' using the replacement key K'.
  • the arrangement order of the elements included in the updated encrypted data T3 is the order of the elements included in the encrypted data T'' generated by cancelably transforming the feature amount data y using the replacement key K'. Same as the sort order.
  • the update information generation unit 340 can generate the update encrypted data T3 by converting the encrypted data T using the encryption conversion parameter vp'.
  • the updated encrypted data T3 is a data set corresponding to the encrypted data T'' obtained by encrypting the feature amount data x using the replacement key K' (that is, the conversion parameter vpx) (see FIG. 8 reference). By doing so, in this embodiment, it is possible to invalidate the encrypted data T without decrypting the encrypted data T into the feature amount data x in the matching device 3 .
  • the collation processing unit 350 performs collation processing for collating encrypted input information stored in the DB 4 with encrypted data (for example, encrypted data T′ or encrypted data T′′) obtained from the terminal device 1. I do.
  • the terminal device 1 generates the conversion parameters vp based on the master parameters vpm1 stored in the storage area 130 and the sub-parameters vpi1 received from the sub-parameter generation device 2 .
  • the sub-parameter generation device 2 may transmit a sub-parameter (for example, sub-parameter vpi2) different from the sub-parameter vpi1 to the terminal device 1 due to maintenance, version change, or the like of the verification system 1000A.
  • a generated transformation parameter (eg, transformation parameter vpx) is used.
  • the parameter generation unit 330 generates the sub-parameters vpi1 and vpi2, the storage area 320
  • the encryption conversion parameter vp' is generated using the master parameter vpm1 stored in .
  • the update information generator 340 can convert the encrypted data T into the updated encrypted data T3.
  • the collation processing unit 350 acquires data (encrypted data T′ or encrypted data T′′) obtained by encrypting the feature amount data y from the terminal device 1 and collates it with the encrypted data T.
  • data encrypted data T′ or encrypted data T′′
  • data close to feature data x for example, feature data y extracted from the fingerprint of the middle finger of the right hand of the same person
  • the similarity between the data encrypted with the key K (encrypted data T') and the encrypted data T matches the similarity between the feature amount data x and the feature amount data y.
  • the terminal device 1 encrypts the feature amount data y using a replacement key K' different from the replacement key K.
  • the similarity between the encrypted data T and the data obtained by encrypting the feature amount data y with the replacement key K′ is similar to the feature amount data x. It does not match the similarity with feature data y.
  • the collation processing unit 350 compares the encrypted data (for example, encrypted data T) acquired from the DB 4 and the encrypted data (for example, encrypted data T′ or encrypted data T′′) received from the terminal device 1. Perform matching processing to match. Also, the collation processing unit 350 outputs the result of the collation processing.
  • the result of the collation processing by the collation processing unit 350 corresponds to, for example, information indicating the degree of similarity between the encrypted data T and the encrypted data T′ or the degree of similarity between the encrypted data T and the encrypted data T′′. do.
  • the storage area 320 , the parameter generating section 330 , the update information generating section 340 , and the verification processing section 350 are provided in the protected area 302 provided in the verification device 3 .
  • the protected area 302 is different from the normal area on the controller 300 in the memory (ROM 12 and RAM 13) space of the collation device 3 by using technologies such as Arm's TrustZone and RISC-V Foundation's KeyStone. Refers to a space (Secure World) built in isolation and more secure than the normal area on the controller 300 .
  • a protection area 302 is provided on the controller 300, and a storage area 320, a parameter generation unit 330, an update information generation unit 340, and a verification processing unit 350 are implemented in the protection area 302. , the encryption conversion parameter vp' generated by the parameter generation unit 330, the encrypted data T, the encrypted data T', and the encrypted data T'', etc. can be further suppressed from leaking.
  • the matching processing unit 350 may be mounted in a protected area of an information processing device different from the matching device 3 .
  • FIG. 9 is a sequence diagram showing the flow of processing for encrypting feature data x.
  • FIG. 9 shows an example in which the sub-parameter generation device 2 transmits the sub-parameter vpi1 to the terminal device 1, but the sub-parameter generation device 2 generates a sub-parameter (sub-parameter vpi2) other than the sub-parameter vpi1. You may transmit to the terminal device 1.
  • step S11 the sub-parameter generator 210 generates sub-parameter vpi1.
  • step S ⁇ b>12 the sub-parameter transmitting section 220 transmits the sub-parameter vpi ⁇ b>1 to the terminal device 1 .
  • step S13 the sub-parameter acquisition unit 110 acquires the sub-parameter vpi1 from the sub-parameter generation device 2.
  • the terminal device 1 can encrypt the feature amount data x.
  • the sub-parameter generation device 2 only needs to be online when transmitting the sub-parameter vpi1 to the terminal device 1 .
  • step S14 the parameter generator 140 generates the conversion parameter vp based on the sub-parameter vpi1 and the master parameter vpm1 stored in the storage area 130.
  • the parameter generation unit 140 When the master parameter vpm1 is the first random number seed and the sub-parameter vpi1 is the second random number seed, the parameter generation unit 140 generates random numbers using the first random number seed and the second random number seed.
  • the random number generated by the parameter generator 140 is an example of the transformation parameter vp.
  • the parameter generator 140 decrypts the encryption parameter using the secret key.
  • the encrypted parameter decrypted by the parameter generation unit 140 is an example of the conversion parameter vp.
  • step S15 the conversion processing unit 150 generates encrypted data T by encrypting the feature amount data x using the conversion parameter vp.
  • step S ⁇ b>14 when the parameter generator 140 generates a random number as the transformation parameter vp, the transformation processor 150 encrypts the feature data x using the random number generated by the parameter generator 140 .
  • the feature amount data x is an example of input information input to the terminal device 1 for verification.
  • the encrypted data T is an example of encrypted input information.
  • step S16 the network I/F 101 transmits to the DB 4 identification information that can identify the user of the terminal device 1 when the feature amount data x was extracted, and the encrypted data T.
  • step S17 the DB 4 associates and stores the encrypted data T received from the terminal device 1 and identification information that can identify the terminal device 1 (or the user of the terminal device 1) when extracting the feature amount data x. do.
  • the encrypted data T is an example of the first encrypted input information and the third encrypted input information for the collation device 3 to collate.
  • FIG. 10 is a diagram illustrating the configuration of information stored in DB4.
  • DB4 No. 1 stores information indicating "v1" as version information, "encrypted data T" as encrypted data, and information indicating "EwFsih” as identification information in association with each other.
  • the No. of DB4. 2 information indicating "v2" as version information, "encrypted data TR” as encrypted data, and information indicating "u1WLM?” as identification information are stored in association with each other.
  • the version information is No. in FIG. 1, "v1" indicating that the encrypted data T is generated using the sub-parameter vpi1 is stored as version information.
  • the identification information is information for identifying the terminal device that extracted the feature amount data used to generate the encrypted data. No. in FIG. 1, "EwFsih" indicating that the encrypted data T was generated using the terminal device 1 is stored as identification information.
  • the terminal device 1 generates encrypted data T' by performing the process of step S15 on the feature amount data y input to the terminal device 1 for verification using the conversion parameter vp.
  • the parameter generation unit 140 may generate the conversion parameter vpx by acquiring the sub-parameter vpi2 different from the sub-parameter vpi1 and performing the process of step S14.
  • the terminal device 1 generates encrypted data T'' by performing the process of step S15 on the feature amount data y input to the terminal device 1 for verification using the transformation parameter vpx. do.
  • the transformation parameter vpx is an example of the terminal-side update transformation parameter of this embodiment.
  • Example 1 Next, an example of the flow of processing for matching in the matching system 1000A will be described.
  • Example 1 when the verification device 3 does not convert the encrypted data T into the updated encrypted data T3, that is, when the terminal device 1 encrypts the feature amount data x and the feature amount data y using the conversion parameter vp will be described.
  • the encrypted data T' is an example of the second encrypted input information and the fourth encrypted input information for the matching device 3 of the first embodiment to perform matching.
  • the feature amount data x is an example of the first input information and the third input information of the first embodiment
  • the feature amount data y is an example of the second input information and the fourth input information of the first embodiment. be.
  • FIG. 11 is a sequence diagram showing the flow of processing for collating encrypted data T and encrypted data T' in collation system 1000A.
  • the encrypted data T' corresponds to data obtained by encrypting the feature amount data y using the conversion parameter vp generated from the sub-parameter vpi1. Also, it is assumed that the identification information for identifying the user of the terminal device 1 when the feature amount data x and the feature amount data y are extracted is the same.
  • step S21 the network I/F 101 transmits to the verification device 3 the encrypted data T' and identification information for identifying the user of the terminal device 1 when the feature amount data y was extracted.
  • step S22 the network I/F 301 receives the encrypted data T' transmitted by the terminal device 1 and the identification information identifying the user of the terminal device 1 when the feature amount data y was extracted.
  • step S23 the collation processing unit 350 acquires the encrypted data T from the DB4.
  • the encrypted data T corresponds to information corresponding to the identification information for identifying the user of the terminal device 1 received together with the encrypted data T' in step S22.
  • step S24 the collation processing unit 350 collates the encrypted data T' received in step S22 with the encrypted data T acquired in step S23.
  • step S ⁇ b>25 the collation processing unit 350 transmits the result of the collation processing in step S ⁇ b>25 to the terminal device 1 .
  • the terminal device 1 encrypts the feature amount data x and the feature amount data y using the transformation parameter vp to generate the encrypted data T and the encrypted data T'.
  • the feature amount data x and the feature amount data y are data close to each other.
  • the collation processing unit 350 transmits to the terminal device 1 a collation result indicating that the encrypted data T and the encrypted data T' are similar data.
  • the terminal device 1 may authenticate the user of the terminal device 1 based on the verification result received from the verification device 3 .
  • FIG. 12 is a sequence diagram showing the flow of encrypted data conversion processing.
  • step S31 the sub-parameter generation device 2 transmits sub-parameters vpi1 and sub-parameters vpi2 to the verification device 3.
  • the terminal device 1 generates the conversion parameter vp based on the master parameter vpm1 and the sub-parameter vpi1.
  • the terminal device 1 generates a transformation parameter vpx based on the master parameter vpm1 and the sub-parameter vpi2.
  • step S32 the verification device 3 generates a cryptographic conversion parameter vp' based on the sub-parameter vpi1, the sub-parameter vpi2, and the master parameter vpm1.
  • FIG. 13 is a flow chart showing the flow of processing for generating the encryption conversion parameter vp'.
  • step S41 the sub-parameter acquisition unit 310 acquires the sub-parameter vpi1 and the sub-parameter vpi2 from the sub-parameter generator 2 via the network I/F 301.
  • step S42 the parameter generator 330 generates the parameter vp1 from the master parameter vpm1 and the sub-parameter vpi1.
  • the master parameter vpm1 used by the terminal device 1 and the verification device 3 is shared. That is, the parameter vp1 generated in step S42 is a parameter corresponding to the conversion parameter vp.
  • step S43 the parameter generator 330 generates the parameter vp2 from the master parameter vpm1 and the sub-parameter vpi2.
  • the parameter vp2 corresponds to a parameter (substitution key K') that can generate encrypted data T'' by encrypting the feature amount data x using the parameter vp2 (see FIG. 8).
  • Parameter vp2 is an example of the update transformation parameter of this embodiment.
  • step S44 the parameter generator 330 synthesizes the parameter vp1 and the parameter vp2 to generate the encryption conversion parameter vp'. Specifically, the parameter generation unit 330 generates the encryption conversion parameter vp′ by synthesizing the parameter obtained by inversely transforming the parameter vp1 and the parameter vp2.
  • step S33 the update information generator 340 acquires the encrypted data T from the DB4.
  • the encrypted data T corresponds to the encrypted data associated with the version information indicating the sub-parameter vpi1 received in step S41 (see FIG. 10).
  • step S34 the update information generator 340 converts the encrypted data T using the encryption conversion parameter vp' to generate updated encrypted data T3.
  • step S35 the update information generation unit 340 transmits the update encrypted data T3 to the DB4.
  • step S36 the DB 4 may overwrite the encrypted data T with the updated encrypted data T3, or store the encrypted data T and the updated encrypted data T3 in association with the identification information of the terminal device 1.
  • Example 2 Next, another example of the flow of processing for matching in the matching system 1000A will be described.
  • the verification device 3 converts the encrypted data T into the updated encrypted data T3. The flow of processing when the feature amount data y is encrypted using is explained.
  • the encrypted data T'' is an example of the second encrypted input information and the fourth encrypted input information for the matching device 3 of the second embodiment to perform matching.
  • the feature amount data x is an example of the first input information and the third input information of the second embodiment
  • the feature amount data y is an example of the second input information and the fourth input information of the second embodiment. be.
  • FIG. 14 is a sequence diagram showing the flow of processing for collating encrypted data T and encrypted data T'' in collation system 1000A.
  • the encrypted data T'' corresponds to data obtained by encrypting the feature amount data y using the conversion parameter vpx generated from the sub-parameter vpi2. Also, it is assumed that the identification information for identifying the user of the terminal device 1 when the feature amount data x and the feature amount data y are extracted is the same.
  • step S51 the network I/F 101 transmits to the verification device 3 the encrypted data T'' and the identification information for identifying the user of the terminal device 1 when the feature amount data y was extracted.
  • step S52 the network I/F 301 receives the encrypted data T'' transmitted by the terminal device 1 and the identification information identifying the user of the terminal device 1 when the feature amount data y was extracted.
  • step S53 the collation processing unit 350 acquires the encrypted data T from the DB4.
  • the encrypted data T corresponds to information corresponding to the identification information for identifying the user of the terminal device 1 received together with the encrypted data T'' in step S52.
  • step S54 the sub-parameter generation device 2 transmits sub-parameters vpi1 and sub-parameters vpi2 to the verification device 3.
  • step S55 the verification device 3 generates a cryptographic conversion parameter vp' based on the sub-parameter vpi1, the sub-parameter vpi2, and the master parameter vpm1. Since the process of step S55 is the same as that of step S32, redundant description will be omitted.
  • step S56 the update information generator 340 converts the encrypted data T using the encryption conversion parameter vp' to generate updated encrypted data T3.
  • step S57 the collation processing unit 350 collates the encrypted data T'' received in step S52 with the updated encrypted data T3 generated in step S56.
  • the arrangement order of the elements included in the updated encrypted data T3 is the same as the arranged order of the elements included in the encrypted data T''. This is the data corresponding to T''.
  • the collation processing unit 350 transmits to the terminal device 1 a collation result indicating that the encrypted data T and the encrypted data T'' are similar data.
  • the terminal device 1 may authenticate the user of the terminal device 1 based on the result of the verification process received from the verification device 3.
  • step S59 the update information generation unit 340 transmits the update encrypted data T3 to the DB4.
  • the process of step S59 may be performed when the encrypted data T' and the updated encrypted data T3 are close to each other.
  • the DB 4 may overwrite the encrypted data T with the updated encrypted data T3, or store the encrypted data T and the updated encrypted data T3 in association with the identification information of the user of the terminal device 1.
  • the order of the matching process in step S57 and the process of converting the encrypted data T in step S56 may be switched. That is, the collation device 3 may determine whether or not to execute the process of converting the encrypted data T based on the result of the collation process between the encrypted data T and the encrypted data T''.
  • step S57 the conversion parameter vp used to generate the encrypted data T and the encrypted data T'' are generated.
  • the encrypted data T′′ is not data close to the encrypted data T because the transformation parameter vpx used in .
  • the identification information for identifying the user of the terminal device 1 when the feature amount data x and the feature amount data y are extracted is the same, and the encrypted data T'' If the data is not similar to the data T, the update information generation unit 340 may perform the processing of step S56.
  • the terminal device 1 uses the sub-parameter vpi1 and the master parameter vpm1 to generate the conversion parameter vp for encrypting the input information. Since the master parameter vpm1 is stored in the protected area 102 of the terminal device 1, there is less risk of the master parameter vpm1 being leaked compared to transmission/reception of the replacement key via the network.
  • the verification device 3 can perform verification even if there is no information about the sub-parameter vpi1 and the master parameter vpm1 used by the terminal device 1, so the risk of information leakage can be further reduced. , and it is possible to suppress the deterioration of collation accuracy.
  • the sub-parameter vpi2 is used instead of the sub-parameter vpi1 to generate the transformation parameter vpx, thereby invalidating the encrypted data T transformed by the transformation parameter vp1, thereby further enhancing security. is possible.
  • the collation device 3 converts the encrypted data T using the encryption conversion parameter vp′ to convert the encrypted data T into the updated encrypted data T3 without decrypting the encrypted data T into the feature amount data x. can be converted. Since the updated encrypted data T3 is a data set corresponding to the encrypted data T'' obtained by encrypting the feature amount data x with the conversion parameter vpx, it is possible to maintain the accuracy of the matching process. By doing so, in the present embodiment, it is possible to realize encryption processing capable of suppressing degradation of collation accuracy and reducing the risk of information leakage.
  • FIG. 15 is an explanatory diagram for explaining cancelable conversion using a Hamming distance mask as a first modification of the first embodiment.
  • the conversion processing unit 150 converts feature amount data A mask array, a data set consisting of random bit strings for each element in each dimension of By calculating the logical exclusive sum of the elements of each dimension of , the encrypted data T is generated (see FIG. 15, upper right).
  • the mask array r consisting of random bit strings that mask the elements of the feature amount data of each dimension of the feature amount data x is an example of the transformation parameter vp of this modified example.
  • the encrypted data T' is generated by calculating the logical exclusive sum of the mask array r composed of random bit strings for the elements of each dimension of the feature amount data y.
  • the mask array r′ which is a data set composed of random bit strings with an array different from that of (Equation 4-1), is It may be used as the encryption conversion parameter vp'. By doing so, it is possible to convert the encrypted data T into the updated encrypted data T3 without decrypting the encrypted data T into the feature amount data x. In this case, it is assumed that the encrypted data T'' is generated in the terminal device 1 by calculating the logical exclusive sum of the mask array r' with respect to the feature amount data y.
  • FIG. 16 is a flowchart showing the flow of processing for generating encryption conversion parameters vp' according to the second modification of the first embodiment.
  • the sub-parameter vpi1 and sub-parameter vpi2 and the master parameter vpm1 are used as a mode of generating the encryption conversion parameter vp' in the verification system 1000A.
  • step S32 of FIG. 16 the description will be made assuming that the collation device 3 has received the sub-parameter vpi1 from the sub-parameter generation device 2 in the process of step S31.
  • step S61 the sub-parameter acquisition unit 310 acquires the sub-parameter vpi1 from the sub-parameter generation device 2 via the network I/F 301.
  • step S62 the parameter generator 330 generates the parameter vp3 from the master parameter vpm1 and the sub-parameter vpi1.
  • a master parameter vpm1 is a master parameter stored in the terminal device 1 . That is, the parameter vp3 generated in step S62 is a parameter corresponding to the conversion parameter vp.
  • step S63 the parameter generator 330 generates the parameter vp4 from the master parameter vpm2 and the sub-parameter vpi1.
  • the master parameter vpm2 is a master parameter stored in another information processing device having elements corresponding to the terminal device 1 . That is, the parameter vp4 generated in step S63 corresponds to a conversion parameter for encrypting the feature amount data in another information processing device having elements corresponding to the terminal device 1.
  • the master parameter vpm2 is an example of the fourth parameter of this embodiment.
  • Parameter vp4 is an example of an update transformation parameter of this embodiment.
  • step S64 the parameter generator 330 synthesizes the parameter vp3 and the parameter vp4 to generate the encryption conversion parameter vp'. Specifically, the parameter generator 330 generates the encryption conversion parameter vp′ by synthesizing the parameter obtained by inversely transforming the parameter vp3 and the parameter vp4.
  • the processing after step S64 is the same as in the first embodiment.
  • the DB 4 stores information for identifying the master parameter used to generate the encrypted data as version information. (See FIG. 10).
  • the verification device 3 of the present modification can be used even when the biometric information of the same person is encrypted in the terminal device 1 and another information processing device having elements corresponding to the terminal device 1.
  • the parameter vpm1, the master parameter vpm2, and the sub-parameter vpi1 can be used to generate the encryption conversion parameter vp'.
  • FIG. 17 is a functional block diagram showing the functional configuration of the terminal device 1 according to Modification 3 of the first embodiment.
  • the terminal device 1 according to Modification 3 includes an element corresponding to the sub-parameter generating section 210, an element corresponding to the sub-parameter storage section 230, and an element corresponding to the parameter generating section 330 of the first embodiment. 17, the same reference numerals are given to the same elements as those of the terminal device 1 shown in FIG. 4, and overlapping descriptions are omitted.
  • the controller 100 of the terminal device 1 includes a feature amount calculator 120 , a conversion processor 150 , a sub-parameter generator 160 , a parameter generator 170 and a storage area 180 .
  • the sub-parameter generator 160 is an element corresponding to the sub-parameter generator 210 according to the first embodiment. That is, the sub-parameter generator 160 generates the sub-parameter vpi1 for generating the transformation parameter vp.
  • the sub-parameter generating unit 160 generates, for example, a sub-random number seed for generating random numbers as the sub-parameter vpi1. Note that the sub-parameter generator 160 can also generate a sub-parameter vpi2 different from the sub-parameter vpi1.
  • the parameter generation unit 170 is an element having both an element corresponding to the parameter generation unit 140 according to the first embodiment and an element corresponding to the parameter generation unit 330. That is, the parameter generator 170 generates the conversion parameter vp for encrypting the information input to the terminal device 1 based on the master parameter vpm1 and the sub-parameter vpi1 stored in the storage area 180. FIG. Further, the parameter generator 170 uses the master parameter vpm1 stored in the storage area 180, the sub-parameter vpi1, and a sub-parameter different from the sub-parameter vpi1 (for example, sub-parameter vpi2) to generate the encryption conversion parameter vp '. Note that the conversion processing unit 150 can generate the updated encrypted data T3 by converting the encrypted data T obtained by encrypting the feature amount data x with the conversion parameter vp using the encryption conversion parameter vp′. is.
  • the storage area 180 is an element having both an element corresponding to the storage area 130 according to the first embodiment and an element corresponding to the sub-parameter storage unit 230. That is, the storage area 180 stores the master parameter vpm1 used to generate the conversion parameter vp or the encryption conversion parameter vp', and the sub-parameters such as the sub-parameter vpi1 and the sub-parameter vpi2 generated by the sub-parameter generation unit 160. .
  • the storage area 180 may store identification information for identifying the terminal device 1 or identification information for identifying the user who has input the biometric information to the terminal device 1 in association with the sub-parameter vpi1 and the sub-parameter vpi2. .
  • FIG. FIG. 18 is a diagram showing an example of an operation form of the collation system 1000B of this embodiment.
  • the verification system 1000B of FIG. 18 the same components as those of the verification system 1000A of FIG.
  • the verification system 1000B differs from the verification system 1000A in that it includes a determination device 6.
  • FIG. 19 is a functional block diagram showing the functional configuration of the determination device 6. As shown in FIG. The functional configuration of the determination device 6 has the same hardware configuration as the elements described in FIG. A software control section of the determination device 6 is configured by the CPU 11 of the determination device 6 performing calculations according to the program.
  • a functional block that implements the functions of the determination device 6 according to the present embodiment is configured by combining the software control unit configured as described above and hardware.
  • the determination device 6 includes a decoding processing unit 610 and a similarity determination unit 620 .
  • the decryption processing unit 610 decrypts the result of the collation process received from the collation device 3 using the ciphertext decryption parameter sk''.
  • the similarity determination unit 620 determines the similarity between the feature amount data R and the feature amount data S based on the result of the collation processing decoded by the decoding processing unit 610 .
  • FIG. 20 is a functional block diagram showing the internal configuration of the collation processing section 350. As shown in FIG. 20
  • the collation processing unit 350 includes a homomorphic arithmetic processing unit 351 and a ciphertext conversion processing unit 352.
  • the homomorphic arithmetic processing unit 351 performs so-called homomorphic arithmetic, in which encrypted information is added, subtracted, and multiplied in an encrypted state.
  • the ciphertext conversion processing unit 352 encrypts the calculation result of the homomorphic calculation processing unit 351 using the ciphertext conversion parameter sk'.
  • FIG. 21 is a model diagram showing an overview of matching processing using homomorphic arithmetic processing in the matching system 1000B.
  • the encryption parameter pk is an example of a conversion parameter of this embodiment.
  • the parameter generation unit 140 generates the encryption parameter pk using the sub-parameter vpi1 received from the sub-parameter generation device 2 and the master parameter vpm1.
  • Encpk(R) is transmitted from the terminal device 1 to the DB 4 . Also, Encpk(S) is transmitted from the terminal device 1 to the verification device 3 .
  • the collation device 3 acquires Encpk(R) stored in the DB 4 . Subsequently, the homomorphic operation processing unit 351 performs a homomorphic operation on Encpk(R) and Encpk(S) to obtain the degree of similarity between Encpk(R) and Encpk(S). Calculate
  • the ciphertext conversion processing unit 352 encrypts the similarity between Encpk(R) and Encpk(S) using the ciphertext conversion parameter sk′, and converts the ciphertext is sent to the determination device 6 (equation 5-1).
  • the ciphertext conversion processing unit 352 is an example of the encrypted similarity information generating unit of this modified example.
  • the ciphertext shown in (Formula 5-1) corresponds to encrypted similarity information obtained by encrypting information indicating the similarity between Encpk(R) and Encpk(S).
  • the ciphertext conversion parameter sk' is a parameter that depends on the encryption parameter pk.
  • the decryption processing unit 610 decrypts the information indicating the degree of similarity between Encpk(R) and Encpk(S) in (Formula 5-1) received from the verification device 3, using the ciphertext decryption parameter sk''.
  • Information indicating the degree of similarity between Encpk(R) and Encpk(S) in (Eq. can be decrypted to
  • the ciphertext decryption parameter sk'' is a parameter that depends on the encryption parameter pk.
  • the matching system 1000B may authenticate the user of the terminal device 1 based on the determination result of the similarity determination section 620.
  • the parameter generator 330 receives the sub-parameter vpi2 and the master parameter vpm1 from the sub-parameter generator 2, and uses the sub-parameter vpi2, the master parameter vpm1, and the master parameter vpm1 to generate the encryption conversion parameter vp'. to generate
  • Encpk(R) and Encpk(S) are matched by homomorphic operations
  • FIG. 22 is a block diagram illustrating a schematic configuration of a terminal device 1A according to the third embodiment.
  • the terminal device 1A includes a terminal-side acquiring section 110A, a terminal-side storage area 130A, a transformation parameter generating section 140A, and an encrypted information generating section 150A.
  • the terminal-side acquisition unit 110A acquires the second parameter.
  • the terminal-side storage area 130A stores a first parameter.
  • the transformation parameter generation unit 140A performs transformation parameter generation processing for generating transformation parameters based on the first parameter and the second parameter.
  • the encrypted information generation unit 150A generates encrypted input information by encrypting the input information using the transformation parameters.
  • FIG. 23 is a block diagram illustrating a schematic configuration of an encrypted information conversion device 3A according to the third embodiment.
  • the encrypted information conversion device 3A includes a conversion-side acquisition section 310A, a conversion-side storage area 320A, an encryption conversion parameter generation section 330A, and an update information generation section 340A.
  • the conversion-side acquisition unit 310A acquires the second parameter used to generate the encrypted input information and the third parameter different from the second parameter.
  • the conversion-side storage area 320A stores a first parameter.
  • the encryption conversion parameter generator 330A generates encryption conversion parameters for converting encrypted input information using the first parameter, second parameter, and third parameter.
  • the update information generator 340A generates updated encrypted input information by converting the encrypted input information using the encryption conversion parameter.
  • conversion-side acquisition unit 310A, the conversion-side storage area 320A, the encryption conversion parameter generation unit 330A that stores a plurality of master parameters including the first parameter, and the update information generation unit 340A may be configured as follows.
  • conversion-side obtaining section 310A obtains the second parameter used to generate the encrypted input information.
  • Conversion-side storage area 320A stores a plurality of master parameters including first parameters.
  • the encryption conversion parameter generator 330A generates encryption conversion parameters for converting encrypted input information using a plurality of master parameters and second parameters.
  • the update information generator 340A generates updated encrypted input information by converting the encrypted input information using the encryption conversion parameter.
  • the collation processing unit 350A converts the first input information input to the terminal device 1A for collation into the first encrypted input information generated by the encrypted information generation unit 150A encrypting it using the conversion parameter. , based on the first input information and the second encrypted input information generated by encrypting the second input information different from the first input information input to the terminal device 1A for verification, Verification processing is performed to verify input information.
  • the matching processing unit 350A may be configured as follows. For example, the collation processing unit 350A converts the third input information input to the terminal device 1A for collation into a third encrypted input generated by the encrypted information generation unit 150A encrypting the third input information using the conversion parameter. third input information based on the information and fourth encrypted input information generated by encrypting fourth input information different from the third input information input to the terminal device 1A for verification; A collation process is performed to collate the fourth input information.
  • FIG. 24 is a block diagram illustrating a schematic configuration of a collation system 1000C according to the third embodiment of the invention.
  • the verification system 1000C includes a terminal device 1A and a verification processing section 350A.
  • the terminal device 1A according to the third embodiment may perform the operation of the terminal device 1 according to the first or second embodiment.
  • the encrypted information conversion device 3A according to the third embodiment may perform the operations of the verification device 3 according to the first or second embodiment.
  • the verification system 1000C according to the third embodiment may perform the operations of the verification system 1000A according to the first embodiment or the verification system 1000B according to the second embodiment.
  • the description of the first embodiment or the second embodiment can also be applied to the third embodiment.
  • 3rd Embodiment is not limited to the above example.
  • the steps in the processes described in this specification do not necessarily have to be executed in chronological order according to the order described in the flowcharts and sequence diagrams.
  • the steps in the process may be performed in a different order than that depicted in the flowcharts and sequence diagrams, or in parallel.
  • some of the steps in the process may be deleted and additional steps may be added to the process.
  • a device for example, a registration information generation device that includes the components of the terminal device described in this specification (terminal-side storage area, terminal-side acquisition unit, conversion parameter generation unit, and/or encrypted information generation unit)
  • terminal-side storage area terminal-side acquisition unit
  • conversion parameter generation unit conversion parameter generation unit
  • encrypted information generation unit One or more of the constituent devices (or units) or a module for one of said plurality of devices (or units)
  • a device for example, a verification information generation device comprising the components of the encrypted information conversion device described in this specification (a conversion-side storage area, a conversion-side acquisition unit, an encryption conversion parameter generation unit, and/or an update information generation unit) or a module for one of said plurality of devices (or units) may be provided.
  • a method may also be provided that includes the processing of the above components, and a program may be provided for causing a processor to execute the processing of the above components. Also, a non-transitory computer readable medium recording the program may be provided. Of course, such devices, modules, methods, programs, and computer-readable non-transitory recording media are also included in the present invention.
  • a terminal device that encrypts input information input for verification, a terminal-side storage area for storing the first parameter; a terminal-side acquisition unit that acquires the second parameter; a transformation parameter generation unit that performs transformation parameter generation processing for generating transformation parameters based on the first parameter and the second parameter; an encrypted information generating unit that generates encrypted input information by encrypting the input information using the transformation parameters; Terminal equipment.
  • the first parameter is a first random number seed; the second parameter is a second random number seed;
  • the transformation parameter generation unit is generating a random number using the first random number seed and the second random number seed as the transformation parameter generating process;
  • the encrypted information generation unit encrypting the input information using the random number as the transformation parameter;
  • the terminal device according to appendix 1.
  • the second parameter is an encrypted parameter obtained by encrypting the conversion parameter; the first parameter is a private key for decrypting the encrypted parameter;
  • the transformation parameter generation unit is generating the conversion parameter by decrypting the encrypted parameter with the private key as the conversion parameter generation process;
  • the terminal device according to appendix 1.
  • the transformation parameters are A replacement key that replaces the arrangement order of elements included in the information to be encrypted by the encrypted information generation unit, The encrypted information generation unit generating the encrypted input information by replacing the order of elements included in the input information with the replacement key; 5.
  • the terminal device according to any one of appendices 1 to 4.
  • the transformation parameters are A data set consisting of random bit strings corresponding to elements included in information to be encrypted by the encrypted information generation unit, The encrypted information generation unit generating the encrypted input information by calculating a logical exclusive sum of the input information and the data set; 5.
  • the terminal device according to any one of appendices 1 to 4.
  • (Appendix 7) Encryption for converting the encrypted input information generated by encrypting the input information input for verification with the conversion parameter generated based on the first parameter and the second parameter into updated encrypted input information
  • An information conversion device a conversion-side storage area for storing the first parameter; a conversion-side acquisition unit that acquires the second parameter used to generate the encrypted input information and a third parameter different from the second parameter; an encryption conversion parameter generation unit that generates encryption conversion parameters for converting the encrypted input information using the first parameter, the second parameter, and the third parameter; an update information generation unit that generates the updated encrypted input information by converting the encrypted input information using the encryption conversion parameter; Encrypted information converter.
  • the encryption conversion parameter generation unit generating the transformation parameter using the first parameter and the second parameter; generating an updated transformation parameter different from the transformation parameter using the first parameter and the third parameter; generating the encryption conversion parameter by combining the conversion parameter and the updated conversion parameter;
  • the encrypted information conversion device according to appendix 7.
  • the transformation parameters are A first replacement key that replaces the order of elements included in the input information;
  • the encryption conversion parameters are a second replacement key that replaces the order of elements included in the encrypted input information;
  • the update information generating unit generating the updated encrypted input information by replacing the arrangement order of the elements included in the encrypted input information with the second replacement key;
  • the encrypted information conversion device according to appendix 7 or 8.
  • the transformation parameters are A first data set consisting of a random bit string corresponding to the elements included in the input information
  • the encryption conversion parameters are A second data set that is a random bit string corresponding to elements included in the encrypted input information and that is different from the first data set;
  • the update information generating unit generating the updated encrypted input information by calculating a logical exclusive sum of the encrypted input information and the second data set;
  • the encrypted information conversion device according to appendix 7 or 8.
  • An information conversion device Encryption for converting the encrypted input information generated by encrypting the input information input for verification with the conversion parameter generated using the first parameter and the second parameter into updated encrypted input information
  • An information conversion device a conversion-side storage area for storing a plurality of master parameters including the first parameter; a conversion-side acquisition unit that acquires the second parameter used to generate the encrypted input information; an encryption conversion parameter generating unit that generates encryption conversion parameters for converting the encrypted input information using the plurality of master parameters and the second parameters; an update information generation unit that generates the updated encrypted input information by converting the encrypted input information using the encryption conversion parameter; Encrypted information converter.
  • the encryption conversion parameter generation unit generating the transformation parameter using the first parameter and the second parameter; generating updated conversion parameters different from the conversion parameters using the master parameters other than the first parameters and the second parameters; generating the encryption conversion parameter by synthesizing the conversion parameter and the updated conversion parameter; 13.
  • the encrypted information conversion device according to appendix 12.
  • the transformation parameters are A first replacement key that replaces the order of elements included in the input information;
  • the encryption conversion parameters are a second replacement key that replaces the order of elements included in the encrypted input information;
  • the update information generating unit generating the updated encrypted input information by replacing the arrangement order of the elements included in the encrypted input information with the second replacement key; 14.
  • the encrypted information conversion device according to appendix 12 or 13.
  • the transformation parameters are A first data set consisting of a random bit string corresponding to the elements included in the input information
  • the encryption conversion parameters are A second data set that is a random bit string corresponding to elements included in the encrypted input information and that is different from the first data set;
  • the update information generating unit generating the updated encrypted input information by calculating a logical exclusive sum of the encrypted input information and the second data set; 14.
  • the encrypted information conversion device according to appendix 12 or 13.
  • Appendix 17 The terminal device according to any one of Appendices 1 to 6; first encrypted input information generated by the encrypted information generating unit encrypting first input information input to the terminal device for verification using the conversion parameter; the first input information and the second input information based on second encrypted input information generated by encrypting second input information different from the first input information input to the terminal device; A matching processing unit that performs a matching process to match the matching system.
  • the encrypted information conversion device has the collation processing unit, 19.
  • Appendix 21 a parameter transmission device that transmits the second parameter and the third parameter to the terminal device and the encrypted information conversion device; 21.
  • a verification system according to any one of appendices 18-20.
  • the transformation parameter generation unit is A terminal-side updated conversion parameter different from the conversion parameter can be generated based on the first parameter and the third parameter,
  • the encrypted information generation unit generating the second encrypted input information by encrypting the second input information using the terminal-side updated transformation parameters; 23.
  • the verification system according to appendix 21 or 22.
  • the encryption conversion parameter generation unit generating the encryption conversion parameter using the first parameter, the second parameter, and the third parameter;
  • the update information generating unit converting the first encrypted input information into the updated encrypted input information by the encryption conversion parameter generated using the first parameter, the second parameter, and the third parameter;
  • the collation processing unit performing the matching process based on the updated encrypted input information generated by converting the first encrypted input information and the second encrypted input information generated using the terminal-side updated conversion parameter; , 24.
  • the matching system according to Supplementary Note 23.
  • the collation processing unit Homomorphic operation for outputting a degree of similarity between the first input information and the second input information in an encrypted state by performing a homomorphic operation on the first encrypted input information and the second encrypted input information.
  • a processing unit an encrypted similarity information generating unit that generates encrypted similarity information by encrypting the similarity that is output in an encrypted state
  • the matching system is a decryption processing unit that decrypts the encrypted similarity information; a similarity determination unit that determines the similarity of the second input information to the first input information based on the decrypted encrypted similarity information; 25.
  • the verification system according to any one of appendices 17-24.
  • Appendix 26 The terminal device according to any one of Appendices 1 to 6; third encrypted input information generated by the encrypted information generating unit encrypting the third input information input to the terminal device for verification using the conversion parameter; and the third input information and the fourth input information based on the fourth encrypted input information generated by encrypting the fourth input information different from the third input information input to the terminal device; A matching processing unit that performs a matching process to match the matching system.
  • the encrypted information conversion device has the collation processing unit, 28.
  • the terminal device storing a fourth parameter different from the first parameter and the second parameter in the terminal-side storage area;
  • the transformation parameter generation unit is A terminal-side updated conversion parameter different from the conversion parameter can be generated based on the second parameter and the fourth parameter,
  • the encrypted information generation unit generating the fourth encrypted input information by encrypting the fourth input information using the terminal-side updated transformation parameters; 32.
  • the encrypted information conversion device is storing the fourth parameter as the master parameter;
  • the encryption conversion parameter generation unit generating the encryption conversion parameter using the first parameter, the second parameter, and the fourth parameter;
  • the update information generating unit converting the third encrypted input information using the encryption conversion parameter generated based on the fourth parameter;
  • the collation processing unit The updated encrypted input information generated by converting the third encrypted input information by the update information generation unit, and the fourth encrypted input information generated in the terminal device using the terminal-side update conversion parameter. Performing the matching process based on 33.
  • the collation processing unit Homomorphic operation for outputting the degree of similarity between the third input information and the fourth input information in an encrypted state by performing the homomorphic operation on the third encrypted input information and the fourth encrypted input information.
  • a processing unit an encrypted similarity information generating unit that generates encrypted similarity information by encrypting the similarity that is output in an encrypted state
  • the matching system is a decryption processing unit that decrypts the encrypted similarity information; a similarity determination unit that determines the similarity of the fourth input information to the third input information based on the decrypted encrypted similarity information; 34.
  • a verification system according to any one of clauses 26-33.
  • (Appendix 37) Encryption for converting the encrypted input information generated by encrypting the input information input for verification with the conversion parameter generated using the first parameter and the second parameter into updated encrypted input information
  • An information conversion method comprising: obtaining the second parameter used to generate the encrypted input information; obtaining a third parameter different from the second parameter; generating encryption conversion parameters for converting the encrypted input information using the first parameter stored in a storage area and the obtained second and third parameters; generating the updated encrypted input information by transforming the encrypted input information using the cryptographic transformation parameters; Encrypted information conversion method.
  • An information conversion method comprising: obtaining the second parameter used to generate the encrypted input information; generating an encryption conversion parameter for converting the encrypted input information using a master parameter other than the first parameter stored in a storage area and the second parameter; generating the updated encrypted input information by transforming the encrypted input information using the cryptographic transformation parameters; Encrypted information conversion method.
  • (Appendix 39) performing a conversion parameter generation process for generating a conversion parameter based on a first parameter stored in a storage area of a terminal device and a second parameter different from the first parameter; generating encrypted input information by encrypting input information input for verification using the conversion parameters; First encrypted input information generated by encrypting first input information for matching using the transformation parameter, and second input different from the first input information input for matching performing a matching process for matching the first input information and the second input information based on the second encrypted input information generated by encrypting the information; Matching method.
  • (Appendix 40) performing a conversion parameter generation process for generating a conversion parameter based on a first parameter stored in a storage area of a terminal device and a second parameter different from the first parameter; generating encrypted input information by encrypting input information input for verification using the conversion parameters; The third encrypted input information generated by encrypting the third input information input for verification using the conversion parameter is different from the third input information input for verification performing a collation process for collating the third input information and the fourth input information based on the fourth encrypted input information generated by encrypting the fourth input information; Matching method.
  • (Appendix 42) Encryption for converting the encrypted input information generated by encrypting the input information input for verification with the conversion parameter generated using the first parameter and the second parameter into updated encrypted input information
  • An information conversion program obtaining the second parameter used to generate the encrypted input information; obtaining a third parameter different from the second parameter; generating encryption conversion parameters for converting the encrypted input information using the first parameter stored in a storage area and the obtained second and third parameters; causing a processor to transform the encrypted input information using the cryptographic transformation parameters to generate the updated encrypted input information; Encrypted information conversion program.
  • (Appendix 43) Encryption for converting the encrypted input information generated by encrypting the input information input for verification with the conversion parameter generated using the first parameter and the second parameter into updated encrypted input information
  • An information conversion program obtaining the second parameter used to generate the encrypted input information; generating an encryption conversion parameter for converting the encrypted input information using a master parameter other than the first parameter stored in a storage area and the second parameter; causing a processor to transform the encrypted input information using the cryptographic transformation parameters to generate the updated encrypted input information; Encrypted information conversion program.
  • Terminal device encrypted information conversion device, verification system, input information encryption method, encrypted information conversion method, verification method for realizing encryption processing capable of suppressing degradation of verification accuracy and reducing risk of information leakage , an input information encryption program, and an encrypted information conversion program.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)
PCT/JP2021/024182 2021-06-25 2021-06-25 端末装置、暗号化情報変換装置、照合システム、入力情報暗号化方法、暗号化情報変換方法、照合方法、入力情報暗号化プログラム、及び暗号化情報変換プログラム Ceased WO2022269914A1 (ja)

Priority Applications (3)

Application Number Priority Date Filing Date Title
JP2023529418A JP7586324B2 (ja) 2021-06-25 2021-06-25 端末装置、暗号化情報変換装置、照合システム、入力情報暗号化方法、暗号化情報変換方法、照合方法、入力情報暗号化プログラム、及び暗号化情報変換プログラム
US18/570,734 US12489619B2 (en) 2021-06-25 2021-06-25 Terminal apparatus, encrypted information transformation apparatus, collation system, input information encryption method, encrypted information transformation method, collation method, input information encryption program, and encrypted information transformation program
PCT/JP2021/024182 WO2022269914A1 (ja) 2021-06-25 2021-06-25 端末装置、暗号化情報変換装置、照合システム、入力情報暗号化方法、暗号化情報変換方法、照合方法、入力情報暗号化プログラム、及び暗号化情報変換プログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/024182 WO2022269914A1 (ja) 2021-06-25 2021-06-25 端末装置、暗号化情報変換装置、照合システム、入力情報暗号化方法、暗号化情報変換方法、照合方法、入力情報暗号化プログラム、及び暗号化情報変換プログラム

Publications (1)

Publication Number Publication Date
WO2022269914A1 true WO2022269914A1 (ja) 2022-12-29

Family

ID=84544383

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2021/024182 Ceased WO2022269914A1 (ja) 2021-06-25 2021-06-25 端末装置、暗号化情報変換装置、照合システム、入力情報暗号化方法、暗号化情報変換方法、照合方法、入力情報暗号化プログラム、及び暗号化情報変換プログラム

Country Status (3)

Country Link
US (1) US12489619B2 (https=)
JP (1) JP7586324B2 (https=)
WO (1) WO2022269914A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024171434A1 (ja) * 2023-02-17 2024-08-22 日本電気株式会社 情報更新装置及び方法、認証装置及び方法、並びにコンピュータ可読媒体

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006121215A (ja) * 2004-10-19 2006-05-11 Fuji Electric Holdings Co Ltd 鍵交換方法、及び、鍵交換処理装置
JP2008046151A (ja) * 2006-08-10 2008-02-28 Sharp Corp 暗号処理方法
WO2010070787A1 (ja) * 2008-12-18 2010-06-24 株式会社日立製作所 生体認証システムおよびその方法
JP2010186075A (ja) * 2009-02-12 2010-08-26 Chugoku Electric Power Co Inc:The 整数の暗号化及び復号化方法
JP2011248778A (ja) * 2010-05-28 2011-12-08 Mitsubishi Electric Corp 認証システム及び端末装置及びアイシーカード及びコンピュータプログラム及び認証方法及びコマンド送信方法
JP2016131335A (ja) * 2015-01-14 2016-07-21 富士通株式会社 情報処理方法、情報処理プログラムおよび情報処理装置

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI106605B (fi) * 1997-04-16 2001-02-28 Nokia Networks Oy Autentikointimenetelmä
US6845159B1 (en) * 1998-10-07 2005-01-18 Protego Information Ab Processing method and apparatus for converting information from a first format into a second format
US20010031050A1 (en) * 2000-02-14 2001-10-18 Lateca Computer Inc. N.V. Key generator
JP5053032B2 (ja) * 2007-10-16 2012-10-17 株式会社バッファロー データ管理装置、データ管理方法およびデータ管理プログラム
US8751822B2 (en) * 2010-12-20 2014-06-10 Motorola Mobility Llc Cryptography using quasigroups
US9654968B2 (en) * 2012-07-17 2017-05-16 Texas Instruments Incorporated Certified-based control unit-key fob pairing
US10262161B1 (en) * 2014-12-22 2019-04-16 Amazon Technologies, Inc. Secure execution and transformation techniques for computing executables
WO2018188002A1 (en) * 2017-04-12 2018-10-18 Beijing Lianshi Networks Technology Co., Ltd. Methods and apparatus for secure and efficient implementation of block ciphers
WO2019178559A1 (en) * 2018-03-15 2019-09-19 Medici Ventures, Inc. Splitting encrypted key and encryption key used to encrypt key into key components allowing assembly with subset of key components to decrypt encrypted key
US11316835B2 (en) * 2018-06-25 2022-04-26 Virtual Software Systems, Inc. Systems and methods for securing communications

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006121215A (ja) * 2004-10-19 2006-05-11 Fuji Electric Holdings Co Ltd 鍵交換方法、及び、鍵交換処理装置
JP2008046151A (ja) * 2006-08-10 2008-02-28 Sharp Corp 暗号処理方法
WO2010070787A1 (ja) * 2008-12-18 2010-06-24 株式会社日立製作所 生体認証システムおよびその方法
JP2010186075A (ja) * 2009-02-12 2010-08-26 Chugoku Electric Power Co Inc:The 整数の暗号化及び復号化方法
JP2011248778A (ja) * 2010-05-28 2011-12-08 Mitsubishi Electric Corp 認証システム及び端末装置及びアイシーカード及びコンピュータプログラム及び認証方法及びコマンド送信方法
JP2016131335A (ja) * 2015-01-14 2016-07-21 富士通株式会社 情報処理方法、情報処理プログラムおよび情報処理装置

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024171434A1 (ja) * 2023-02-17 2024-08-22 日本電気株式会社 情報更新装置及び方法、認証装置及び方法、並びにコンピュータ可読媒体

Also Published As

Publication number Publication date
US20240291646A1 (en) 2024-08-29
JP7586324B2 (ja) 2024-11-19
US12489619B2 (en) 2025-12-02
JPWO2022269914A1 (https=) 2022-12-29

Similar Documents

Publication Publication Date Title
JP5028194B2 (ja) 認証サーバ、クライアント端末、生体認証システム、方法及びプログラム
US8842887B2 (en) Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device
US9940453B2 (en) Method and system for securing user access, data at rest and sensitive transactions using biometrics for mobile devices with protected, local templates
US7840034B2 (en) Method, system and program for authenticating a user by biometric information
CN101939754B (zh) 使用混合匹配的手指感测设备及相关方法
US10313317B2 (en) Systems and methods for securely managing biometric data
JP4736744B2 (ja) 処理装置、補助情報生成装置、端末装置、認証装置及び生体認証システム
CN107209821B (zh) 用于对电子文件进行数字签名的方法以及认证方法
US9152779B2 (en) Protecting codes, keys and user credentials with identity and patterns
US20070237366A1 (en) Secure biometric processing system and method of use
US20050138392A1 (en) Secure method and system for biometric verification
CN101971182B (zh) 颁发证书的手指感测设备及相关方法
US11227037B2 (en) Computer system, verification method of confidential information, and computer
TWI724681B (zh) 基於身分資訊管理密碼金鑰
CN112800477A (zh) 一种基于生物特征值的数据加解密系统及方法
US12411922B2 (en) System for cancelable biometric feature data generation
TWI476629B (zh) Data security and security systems and methods
US20070226514A1 (en) Secure biometric processing system and method of use
JP7586324B2 (ja) 端末装置、暗号化情報変換装置、照合システム、入力情報暗号化方法、暗号化情報変換方法、照合方法、入力情報暗号化プログラム、及び暗号化情報変換プログラム
US20070226515A1 (en) Secure biometric processing system and method of use
US20250298910A1 (en) Protection of ai models
KR20210015534A (ko) 보안키 관리 방법 및 보안키 관리 서버
US20240427859A1 (en) Information processing system and information processing method
JP7476982B2 (ja) 情報秘匿制御装置、情報秘匿装置、情報再構成制御装置、情報再構成装置、情報秘匿システム、情報秘匿制御方法、情報再構成制御方法、情報秘匿制御プログラム、及び情報再構成制御プログラム
TW202105220A (zh) 私鑰管理系統

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21947196

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023529418

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 18570734

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21947196

Country of ref document: EP

Kind code of ref document: A1