JP5276554B2 - Biometric information authentication apparatus and biometric information authentication program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent a third party except a person oneself from spoofing and being authenticated regardless of a method for falsifying bioinformation, in bioinformation authentication. <P>SOLUTION: A CPU (Central Processing Unit) 11 collates a finger vein image recorded in a collating finger vein image file 51 with a finger vein image captured by a finger vein acquisition device 30 to obtain similarity (hereinafter referred to as present similarity). The CPU 11 compares a prescribed threshold value with the present similarity, and decides the collation success in the case of (the present similarity)&gt;(the threshold value). When the collation success is decided, the CPU 11 next obtains the maximum value of the past similarity in reference to the similarity obtained in the past, recorded in a collation history file 52 as "referrable". The CPU 11 compares the maximum value of the past similarity with the present similarity, and decides that spoofing is performed in the case of (the present similarity)&gt;(the maximum value of the past similarity). <P>COPYRIGHT: (C)2011,JPO&amp;INPIT

Description

  The present invention relates to a biometric information authentication apparatus and a biometric information authentication program that authenticate whether or not an individual is using biometric information.

In recent years, there have been increasing cases of unauthorized intrusion into a house or the like by picking, intrusion into another person's bank account due to password voyeur, etc., or unauthorized entry into a computer network.
In order to cope with such fraud, forgery is more difficult, and biometric information has come to be used as a “key” that has a high ability to guarantee identity.

  For example, the house key is an electronic lock, and biometric information such as the person's fingerprint, iris, facial photograph, blood vessel pattern is registered in advance, and the biometric information of the unlocking requester is obtained (hereinafter referred to as “collection”). In some cases, a device that performs collation and unlocks if the two match is put into practical use. A similar method is also used for bank ATMs and identity verification at PC startup.

  In order to perform biometric information authentication, it is first necessary to collect and record biometric information as an original for verification by some method. Further, at the time of authentication, a function for acquiring biometric information (biometric information acquisition function) and a function for determining whether the acquired biometric information matches with the original for verification (match determination function) are required. Become.

  With regard to the biometric information acquisition function, there is known an apparatus that acquires a blood vessel image of a finger vein by irradiating a finger with infrared rays and acquires image data of the imaging result. Various devices and methods for obtaining biometric information are also known for biometric information authentication using fingerprints, irises, facial photographs, and the like (see, for example, Patent Document 1).

  Here, regarding the coincidence determination function, there is a unique problem in biometric information authentication. That is, even when collecting the same biometric information, the collection results differ depending on the collection conditions, so the biometric information collected and recorded as the original for verification matches the biometric information collected at the time of authentication. There is no. For example, the thickness of the finger vein blood vessel varies slightly depending on the time of the day, and varies depending on the growth.

  For this reason, in biometric information authentication, it is determined whether the biometric information collected and recorded as an original for verification is similar to the biometric information collected at the time of authentication. It will be considered as a match.

  Specifically, a method is generally used in which the degree of similarity of biological information is calculated and if the degree of similarity is equal to or greater than a certain value (hereinafter referred to as “threshold”), the person is identified. That is, when n-person biometric information is recorded as a reference original, biometric information collected at the time of authentication is collated with the n-person biometric information to calculate the similarity. Then, the highest similarity is compared with a threshold value, and if the similarity is equal to or higher than the threshold value, authentication is successful. Hereinafter, this method is referred to as “1-to-N authentication”.

  Also, an identification code is registered in pair with the biometric information, and at the time of authentication, in addition to collecting the biometric information, an input of the identification code is requested. First, the original for biometric information verification is determined by matching the identification code. If the similarity is greater than or equal to a threshold value compared to the collected biometric information, a method of making authentication successful is also performed. Hereinafter, this method is referred to as “one-to-one authentication”.

  In the biometric information authentication described above, if the similarity is greater than or equal to a predetermined threshold, it is determined that the person is the person. Therefore, in order not to mistakenly identify another person as the principal, it is necessary to set the threshold value higher. However, no matter how high the threshold is set, intentional and subtle impersonation cannot be prevented.

  For example, when the verification original is stolen, the verification original can be easily impersonated by changing the verification original to the biometric information collected at the time of verification. Such simple impersonation can be prevented by failing authentication when the verification source and the biometric information to be judged completely match, but only a part of the stolen verification source is falsified. As a result, it is possible to get through the above-mentioned preventive measures.

For this reason, as a technique for preventing such impersonation, Patent Document 2 divides biometric information into a plurality of parts, performs a match determination for each part, and differs only in part, and other parts match. Disclosed is a technique that assumes that the original verification document has been tampered with and fails authentication.
Patent Document 2 discloses a technique for determining whether or not each part indicating biometric information is uniformly increased, decreased, or shifted to perform a matching determination for each part, and that authentication fails if each part matches. Disclose.

JP 2003-187235 A JP 2001-283223 A

  However, for example, in the case where tampering is performed such that the rate at which the data of each part indicating biometric information is increased or decreased differs from part to part, the technique of Patent Document 2 cannot prevent the act of impersonation. . In addition, various methods for falsifying biometric information can be considered. Depending on the technique of Patent Document 2, it is difficult to prevent an act of impersonating all biological information that has been altered by various methods.

  The present invention has been made in view of the above circumstances, and a biometric information authentication apparatus and a biometric apparatus that can prevent a third party other than the person from impersonating and authenticating regardless of a method of tampering with biometric information. The purpose is to provide an information authentication program.

In order to achieve the above object, a biometric information authentication apparatus according to the present invention includes:
Original storage means for storing biometric information as an original for verification;
Biometric information acquisition means for acquiring biometric information to be authenticated;
Similarity calculation means for obtaining the similarity between the biometric information that is the original for comparison stored in the original storage means and the biometric information to be authenticated acquired by the biometric information acquisition means;
Similarity storage means for storing the similarity obtained by the similarity calculation means;
A reference value is obtained based on a plurality of similarities stored in the similarity storage means, and the similarity obtained by the similarity calculation means is the reference value, the biometric information serving as the reference original, and the A determination unit that determines that the biometric information acquired by the biometric information acquisition unit is impersonated biometric information when the biometric information to be authenticated is a value between the degrees of similarity when the biometric information completely matches;
Authentication means for authenticating whether the biometric information acquired by the biometric information acquisition means is the biometric information of the person or another person based on the similarity obtained by the similarity calculation means;
Of the biological information whose similarity is stored in the similarity storage means, for the biological information determined as the biological information impersonated by the determination means, if the biological information satisfies a predetermined condition, Re-determination means to re-determine information;
With
Among the similarities stored in the similarity storage unit, the determination unit includes a similarity between the biometric information of the user and the biometric information authenticated by the authentication unit, and the biometric information of the user by the re-determination unit. Obtaining the reference value based on the re-determined biometric information similarity,
And wherein a call.

Moreover, the biometric information authentication program according to the present invention includes:
Computer
Original storage means for storing biometric information as an original for verification;
Biometric information acquisition means for acquiring biometric information to be authenticated;
Similarity calculation means for obtaining the similarity between the biometric information that is the original for comparison stored in the original storage means and the biometric information to be authenticated acquired by the biometric information acquisition means;
Similarity storage means for storing the similarity obtained by the similarity calculation means;
A reference value is obtained based on a plurality of similarities stored in the similarity storage means, and the similarity obtained by the similarity calculation means is the reference value, the biometric information serving as the reference original, and the A determination unit that determines that the biometric information acquired by the biometric information acquisition unit is impersonated biometric information when the biometric information to be authenticated is a value between the degrees of similarity when the biometric information completely matches;
Authentication means for authenticating whether the biometric information acquired by the biometric information acquisition means is the biometric information of the person or another person based on the similarity obtained by the similarity calculation means;
Of the biological information whose similarity is stored in the similarity storage means, for the biological information determined as the biological information impersonated by the determination means, if the biological information satisfies a predetermined condition, Re-determination means to re-determine information;
To function,
Among the similarities stored in the similarity storage unit, the determination unit includes a similarity between the biometric information of the user and the biometric information authenticated by the authentication unit, and the biometric information of the user by the re-determination unit. The reference value is obtained based on the re-determined biometric information similarity.

  According to the present invention, in the biometric information authentication, it is possible to prevent a third party other than the person from being impersonated and authenticated regardless of the method of falsifying the biometric information.

It is a figure which shows an example of a structure of the biometric information authentication apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows an example of a data structure of the finger vein image file for collation. It is a figure which shows an example of a data structure of a collation history file. It is a figure which shows an example of the flowchart of the biometric information authentication process which concerns on the 1st Embodiment of this invention. It is a figure which shows an example of a structure of the biometric information authentication system which concerns on the 2nd Embodiment of this invention. It is a figure which shows an example of a structure of the biometric information authentication system 3 which concerns on the 3rd Embodiment of this invention. It is a figure which shows an example of the flowchart of the authentication request process in the client of the biometric information authentication system which concerns on the 3rd Embodiment of this invention. It is a figure which shows an example of the flowchart of the authentication process in the authentication server of the biometric information authentication system which concerns on the 3rd Embodiment of this invention. It is a figure which shows another example of the data structure of a collation history file.

  First, the principle of the present invention will be described.

  Even for the same living body (for example, finger vein), the collected biological information differs depending on the collecting conditions. For this reason, it may be considered that the biological information collected before and the biological information collected this time cannot be completely matched. Therefore, when the entire biometric information or a part of the biometric information in a certain range completely matches, it can be determined that the information is impersonating.

  Here, if it can be considered that the entire biometric information collected at the time of authentication cannot completely match the original data for verification, the degree of match between the entire biometric information collected at the time of authentication and the original data for verification is If the numerical value in this case is 100%, it should be considered that the value cannot exceed a certain predetermined criterion value (for example, 99.99%).

  Therefore, if the predetermined determination reference value can be obtained, it can be determined that the image is impersonated when the similarity is equal to or higher than the predetermined determination reference value.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

FIG. 1 is a diagram illustrating an example of a configuration of a biometric authentication apparatus 1 according to the first embodiment of the present invention.
The biometric information authentication device 1 according to the first embodiment includes a computer 10, an input device 20, a finger vein acquisition device 30, a display device 40, and a storage device 50.

  The computer 10 includes a CPU (Central Processing Unit) 11, a memory 12, an internal bus (not shown), an external interface device, and the like. The biometric information authentication device 1 is a general computer such as a PC (Personal Computer) provided with a finger vein acquisition device 30, for example.

The CPU 11 loads the authentication program 13 into the memory 12 from a storage device such as a magnetic disk (not shown) at a predetermined timing such as at the time of activation. Then, the CPU 11 executes the instruction code of the authentication program 13 to realize a biometric information authentication function.
The memory 12 includes a RAM (Random Access Memory), a ROM (Read Only Memory), and the like. In addition to the authentication program 13, the memory 12 is loaded with a program such as a document creation program.

  The input device 20 includes a keyboard and a mouse. The input device 20 receives user operation instructions.

  The finger vein acquisition device 30 images the finger vein of the user with infrared rays or the like, and creates finger vein image data.

  The display device 40 includes a display, a printer, and the like. The display device 40 displays the processing result of the authentication program 13 and the like.

  The recording device 50 is configured by a magnetic disk device, an optical disk device, or the like. The recording device 50 records a verification finger vein image file 51 and a verification history file 52.

  The verification finger vein image file 51 stores biometric information for verification and the like of all authentication subjects as described later. The verification finger vein image file 51 is referred to by the CPU 11 for executing the authentication program 13. Note that the process of creating the finger vein image file for verification 51 is not particularly described because it is not directly related to the object of the present invention.

  The verification history file 52 records the authentication history such as the date and time of the authentication process and the similarity at that time. As will be described later, the CPU 11 refers to the matching history file 52 to determine a threshold value as a determination criterion for impersonation. Further, the CPU 11 records the authentication date and time, the similarity calculated at the time of authentication, and the like in the verification history file 52.

  The biometric information authentication device 1 is used to authenticate a user's usage authority prior to use when the user uses a PC to create a document or the like. That is, when authentication is successful, the user can use the PC, and when authentication fails, the user cannot use the PC.

  For example, when a PC is used jointly in a company, it is necessary to change a file that can be referred to and updated by a user, an application that can be used, and the like according to the user. In such a case, the biometric information authentication device 1 can be used by incorporating a biometric information authentication function as described later into the PC. For example, when logging in to a PC, the presence / absence of use authority is determined by biometric authentication, an ID (Identifier) that uniquely identifies the user is acquired, and the acquired ID is used for file reference and determination of update authority Can be used.

  Also, in the home, it is necessary to prevent an act in which a child, for example, pretends to be a parent and logs in to a PC to access a WEB access prohibited site. In that case, the PC can be used as the biometric information authentication device 1 by incorporating the biometric information authentication function into the PC used by the family.

FIG. 2 is a diagram illustrating an example of the data configuration of the verification finger vein image file 51.
The verification finger vein image file 51 includes verification records 510 for authentication subjects, that is, users (m users) of the biometric authentication device 1. Each verification record 510 includes an identification code 511 and a finger vein image 512.

The identification code 511 is a code corresponding to each user of the biometric information authentication device 1, and is an ID that uniquely identifies each user of the biometric information authentication device 1. Each verification record 510 can be uniquely identified by the identification code 511. For example, the identification code 511 may be assigned a serial number in the order of creation of the verification records 510, or may be assigned a code input by the user in the process of registering the user.
The finger vein image 512 is an original for verification for verifying the user of the biometric authentication device 1, and when the verification record 510 is created, the vein pattern of the user is photographed by infrared rays or the like and used as a finger vein pattern image. Recorded.

FIG. 3 is a diagram illustrating an example of the data configuration of the verification history file 52.
The verification history file 52 includes verification history records 520 for authentication subjects (m people). Each verification history record 520 includes an identification code 521 and n authentication histories 522.

  The identification code 521 is a code corresponding to each user of the biometric information authentication device 1, similarly to the identification code 511 of the verification record 510. Each verification history record 520 can be uniquely identified by the identification code 521. The authentication history 522 includes data items of an authentication date / time 523, a similarity 524, an authentication success / failure 525, and a reference permission / inhibition 526. The authentication history 522 is a data item for recording an authentication result or the like by the authentication program 13. The authentication history 522 is not recorded for a person to be authenticated who has never been authenticated. At this time, n = 0.

  In the authentication date and time 523, the date and time when the CPU 11 performed the authentication process is recorded, for example, as “2009906140943” (June 30, 2009 14: 9: 43).

  In the similarity 524, a value indicating how similar the finger vein image of the user captured by the finger vein acquisition device 30 in the authentication to the finger vein image 512 of the user is set. In the following description, the similarity 524 is set to a value from 0 to 100. When 100 is set, it is completely matched, and the closer to 100, the more similar. However, the method of indicating the similarity as a numerical value is not limited to this.

  In the authentication success / failure 525, a value indicating that the authentication has succeeded in the authentication (whether the user has been authenticated) or a value indicating that the authentication has not succeeded is set. In the following description, it is assumed that “success” is set when succeeding, and “failure” is set when not succeeding.

  In the reference availability 526, a value indicating that the similarity 524 may be referred to as a past authentication result of the principal or a value indicating that the similarity 524 may not be referred to as a past authentication result of the principal is set. In the following description, it is assumed that “referenceable” is set when it is possible to refer to, or “reference is not possible” when it cannot be referred to. As will be described in detail later, when the CPU 11 performs the authentication process, “reference is allowed” is set if the authentication is successful, and “reference is not allowed” is set if the authentication is not successful. Therefore, immediately after the end of the authentication process, the setting value of the authentication success / failure 525 (“success” or “failure”) corresponds to the setting value of the reference permission / inhibition 526 (“reference allowed” or “reference not possible”).

However, for example, if the authentication succeeds immediately after the authentication that is determined to be impersonation, it can be determined that the authentication has not been impersonated (details will be described later).
In such a case, the authentication success / failure 525 is “failed” because it has been erroneously determined to be impersonation. In this case, the CPU 11 re-determines that the biometric information determined not to be impersonating is the biometric information of the person. The CPU 11 changes the reference permission / inhibition 526 from “cannot refer to” to “reference permission”, and refers to the similarity 524 as the person's similarity during the next authentication processing while the authentication success / failure 525 is set to “failure”. .

  Note that the number (n) of authentication histories 522 is not particularly limited, and the authentication history 522 may be increased each time authentication processing is performed. However, since there is actually a limitation due to the capacity of the storage device 5, for example, a predetermined number (for example, 100 times) of recent authentication histories may be left, or for a predetermined period, for example, the last several months. An authentication history may be left.

Next, a flow of processing in biometric information authentication using the biometric information authentication device 1 will be described.
As a premise of the authentication process, a process of creating a verification record 510 for each authentication target person (a process of assigning an identification code 511 to the authentication target person and setting the identification code 511 and the finger vein image 512) is performed. However, the contents of the processing are not directly related to the present invention, and thus description thereof is omitted. The following description is based on the assumption that the verification record 510 has been created.

FIG. 4 is a diagram illustrating an example of a flowchart of the biometric information authentication process according to the first embodiment of the present invention.
For example, when the PC is activated, the CPU 11 loads the authentication program 13 and starts the biometric information authentication process. The CPU 11 displays a message that prompts the user of the biometric information authentication device 1 to perform an authentication operation on the display device 40. Note that the authentication program 13 may be loaded when a specific program (for example, a document creation program) is activated instead of when the PC is activated.

Next, the CPU 11 instructs the finger vein acquisition device 30 to take a finger vein image of the user. When the user performs an operation such as holding a finger over the finger vein acquisition device 30, the finger vein acquisition device 30 captures a finger vein image. The CPU 11 acquires the captured finger vein image and stores it in the memory 12 as biometric information to be authenticated. (S101)
In addition, since it is a well-known technique that CPU11 memorize | stores information in the memory 12, description about such a process is abbreviate | omitted in subsequent description.

The CPU 11 collates the biometric information to be authenticated with the finger vein images 512 of all the collation records 510 and calculates the respective similarities. Since the finger vein pattern matching method and the similarity calculation method are well-known techniques, description thereof is omitted here.
The CPU 11 selects the maximum value from the obtained similarities and uses the matching record 510 that can obtain the maximum similarity (hereinafter referred to as the current maximum similarity) as an authentication candidate. (S102).

  Next, the CPU 11 compares the current maximum similarity with a predetermined threshold (S103). If the current maximum similarity> threshold (the current maximum similarity ≧ threshold may be determined), the CPU 11 determines that the verification is successful (S103: YES). In this case, the authentication program 13 determines whether an impersonation action is being performed (S104).

  Specifically, the CPU 11 refers to the identification code 511 of the verification record 510 as an authentication candidate, and compares the user's verification history record 520 (the verification history in which the same value as the identification code 511 is set in the identification code 521). Record 520) is acquired. Next, the CPU 11 refers to all the similarities 524 of the authentication history 522 in which “referenceable” is set in the reference availability 526, and obtains the maximum value of the similarity 524 (hereinafter referred to as “past maximum similarity”). ).

Then, the CPU 11 compares the current maximum similarity with the past maximum similarity, and when the current maximum similarity> the past maximum similarity (the current maximum similarity ≧ the past maximum similarity may be determined). It is determined that impersonation has been performed. That is, the CPU 11 determines to be impersonation when the past similarity is exceeded.
On the other hand, when the current maximum similarity ≦ the past maximum similarity (or the current maximum similarity <the past maximum similarity), the CPU 11 determines that authentication by the person has been performed, not impersonation.
Note that at the first authentication (when the authentication history 522 does not exist), the CPU 11 determines that the authentication is successful without performing the above-mentioned impersonation determination.

Here, as described above, the method of quantifying the similarity is not limited to a method of setting the value in the case of perfect match to 100 and within the range of 0 to 100. For example, the value in the case of perfect match is set to 0. Can be in the range of 1 to 0. In this way, when the numerical value representing the similarity is smaller, the determination method needs to be changed, for example, when the current maximum similarity is less than the threshold value, the collation is successful.
This is the same for the comparison judgment with the impersonation criterion value. In general terms, if the similarity is between the value indicating perfect match and the imitation criterion value, it may be determined as impersonation.

  When the CPU 11 determines that the authentication by the person has been performed (S104: YES), the CPU 11 finally determines that the authentication is successful, and adds the authentication history 522 to the verification history record 520 (S105). At this time, the CPU 11 indicates the date and time of authentication at the authentication date and time 523, the current maximum similarity as described above for the similarity 524, “success” for the authentication success / failure 525, and “ Set “Readable”.

  On the other hand, when the authentication is not successful (S103: NO), or when it is determined that impersonation has been performed (S104: NO), the CPU 11 finally determines that the authentication has failed, and the verification history record 520 includes an authentication history. 522 is added (S106). At this time, the CPU 11 indicates the date and time when the authentication was performed for the authentication date and time 523, the current maximum similarity described above for the similarity 524, “failure” for the authentication success / failure 525, and “ Set “Cannot be referenced”.

Next, the CPU 11 displays the authentication result on the display device 40 and ends the process (S107).
Instead of ending the process, the CPU 11 may return to step S101 and display a message prompting the user of the biometric authentication device 1 to perform an authentication operation on the display device 40. By doing in this way, it is possible to try the authentication again when the authentication fails by accident while being the person himself / herself.
Further, the CPU 11 may count the number of times the authentication has failed continuously using a counter, and may end the process when the predetermined number of times is reached. By doing in this way, it can prevent that the person who is impersonating performs authentication operation indefinitely.
Of course, when the authentication is finally successful, the user can perform an operation to be authenticated (for example, use of a PC, operation of a document creation program) or the like. I can't do it.

Here, the above-described determination process of whether or not the person is the person (the process of S104) is based on the following premise.
That is, when registering the original biometric information for verification, if it is to be used for authentication at a company, etc., it will be imaged several times under the presence and guidance of a person skilled in biometric information registration. The clearest possible imaged result should be selected as the original for comparison. In addition, even when registering the biometric information verification source at home, sufficient care should be taken and the clearest possible imaging result should be registered as the verification source.

On the other hand, when using a PC, there is a psychology of wanting to perform authentication with as little effort as possible, and imaging can be performed without paying sufficient attention to the position of the finger and the distance between the imaging camera and the finger. Tend to do. In addition, there are personal habits in the imaging conditions such as the orientation of the finger for imaging.
As a result, when the biometric information captured when using a PC is collated with the original for collation, the degree of similarity should be distributed around the average value with an average value of less than 100% meaning perfect match. It is. Therefore, the past maximum value of similarity can be used as a reference value (predetermined determination reference value) for impersonation determination.

By the way, the above-described determination process of whether or not the person is the person (the process of S104) has the following points to be noted.
First, in the above-described processing, the similarity 524 when authentication was successful in the past is used as it is, and therefore it is determined that the person himself / herself can acquire a finger vein image exceeding the past maximum similarity. Is a point.
In particular, when the authentication history 522 is not sufficiently accumulated (for example, at the time of the second authentication), there is a high possibility that even the person himself / herself is impersonated.
Accordingly, instead of always performing impersonation determination, if the authentication history 522 is not sufficiently accumulated, for example, if the number of authentication histories 522 is 10 or less, it is determined that the authentication is successful without performing impersonation determination. Also good.

  In this way, there is a demerit that impersonation judgment is not performed for a predetermined period after the creation of the verification source, but in the first place the verification source is stolen only after the verification source is created. Most likely after the period of. This is not a big problem. Furthermore, the problem that the impersonation determination is not performed is substantially solved by performing the trial authentication 10 times immediately after the creation of the verification original.

In addition to the above processing, or without performing the above processing, the similarity 524 when authentication was successful in the past is not used as it is, but the past maximum similarity is calculated with a certain range of error. You may do it.
For example, a statistical average value and a variance value of the similarity 524 when authentication has succeeded in the past are calculated, and the average value + 3 × variance value may be set as a reference value (predetermined determination reference value) for impersonation determination. .

Next, even when it is determined to be impersonation, it may be found that the subsequent authentication is not impersonation. For example, if the authentication succeeds immediately after the authentication that is determined to be impersonation, it can be determined that the impersonation was not actually performed.
If such a case is taken into consideration, for each authentication history 522 in which “failure” is set in the authentication success / failure 525, a predetermined time (for example, 2 minutes) from the authentication date / time 523 recorded in the authentication history 522 If there is an authentication history 522 in which “success” is set in the authentication success / failure 525, the authentication history 522 (“failure” is set in the authentication success / failure 525). It is possible to perform a correction process for correcting the reference availability 526 of the authentication history 522) to “referenceable”.
Before the process of referring to all the similarities 524 of the authentication history 522 in which “reference is allowed” is set in the reference permission / inhibition 526, it is possible to re-determine the authentication success / failure later by performing the above correction process. it can.

  Further, by extracting the authentication history 522 in which the authentication success / failure 525 is “failure” and the reference permission / inhibition 526 is “reference impossible” while the similarity is equal to or higher than a predetermined threshold, It is also possible to display a list.

  Thus, by providing the biometric information authentication device 1, not only impersonation can be effectively prevented, but also post-discovery of impersonation can be effectively performed.

  In the above, the anti-spoofing technology according to the first embodiment of the present invention has been described using a general computer such as a PC as an example, but the present invention is not limited to the first embodiment, and other This embodiment can also be implemented.

FIG. 5 is a diagram showing an example of the configuration of the biometric information authentication system 2 according to the second embodiment of the present invention.
The biometric information authentication system 2 according to the second embodiment includes an input device 20, a finger vein acquisition device 30, a display device 40, a storage device 50, a client 60, an authentication server 70, and a network 80. Is done.
The client 60 and the authentication server 70 are connected to the network 80. The client 60 and the authentication server 70 communicate with each other via the network 80.
1 and 5 are denoted by the same reference numerals, and description thereof is omitted.

The client 60 includes a CPU, a memory, a storage device, and the like, like the biometric information authentication device 1. The client 60 may be a general computer such as a PC provided with the finger vein acquisition device 30 as in the biometric information authentication device 1. The client 60 may be a mobile phone.
The CPU of the client 60 loads the authentication request program 61A from a storage device such as a magnetic disk (not shown) into the memory at a predetermined timing such as at startup. Then, the CPU of the client 60 executes the instruction code of the authentication request program 61A.

The authentication server 70 also includes a CPU, a memory, and the like, similar to the biometric information authentication device 1. Although not shown in the following description because it is not necessary, the authentication server 70 may be connected to an input device, a display device, or the like for operation by a server administrator or the like.
The CPU of the authentication server 70 loads the authentication program 71A from a storage device such as a magnetic disk (not shown) into the memory at a predetermined timing such as at startup. Then, the CPU of the authentication server 70 executes the instruction code of the authentication program 71A.

  Similarly to the biometric information authentication apparatus 1, the biometric authentication system 2 uses the client 60, which is a PC, to make a document when the user wants to use the client 60, which is a PC. When it is desired to use it, it is used to authenticate the usage authority of the user prior to use. That is, when authentication is successful, the user can use the client 60, and when authentication fails, the user cannot use the client 60.

  In order to perform the authentication process, the biometric authentication system 2 connects the client 60 that is a device used by the user and the authentication server 70 that is a device for authenticating the user to the network 80 (wired, wireless, or the like). As long as the authentication servers 70 can be connected to each other so that they can communicate with each other, they can be connected by any network. In the biometric information authentication system 2, not the client 60 but the authentication server 70 performs an authentication process.

When executing the authentication request program 61 </ b> A, the CPU of the client 60 first displays a message prompting the user of the client 60 to perform an authentication operation on the display device 40. Next, the CPU of the client 60 instructs the finger vein acquisition device 3 to take a finger vein image of the user. When the user performs an operation such as holding a finger over the finger vein acquisition device 30, the finger vein acquisition device 30 captures a finger vein image. The CPU of the client 60 acquires the captured finger vein image and transmits it to the authentication server 70. The CPU of the client 60 receives the authentication result from the authentication server 70, displays the authentication result on the display device 40, and ends the process.
Of course, if the authentication is successful, the user can perform an operation to be authenticated (for example, use of the client 60), and the like, and if the authentication fails, the user cannot perform the operation.

When the CPU of the authentication server 70 executes the authentication program 71 </ b> A, the finger vein image received from the authentication request program 61 </ b> A is collated with the finger vein image 512 that is a collation original recorded in the collation finger vein image file 51. Further, the impersonation determination is performed with reference to the authentication history 522 of the verification history file 52.
That is, in the biometric information authentication system 2, the process of the authentication program 13 in the biometric information authentication apparatus 1 is divided into the process of the authentication request program 61A and the process of the authentication program 71A. Specifically, the CPU of the client 60 executes the processing of steps S101 and S107 in FIG. 4 by executing the authentication request program 61A. Further, the CPU of the authentication server 70 performs the processing of steps S102 to S106 in FIG. 4 by executing the authentication program 71A.

  In this way, by providing the authentication server 70, it is possible to centrally monitor impersonation. Therefore, the administrator of the authentication server 70 can find a trace of impersonation by referring to the authentication history 522 without being aware of the user of the client 60, and can quickly perform a measure such as the suspension of use of the authentication original. .

  However, if the original biometric information verification source is collected in the storage device 50 of the authentication server 70 installed somewhere, it is stored in the office or at home as the biometric information authentication device 1. Compared with the case where there is, the risk of leakage of the original for verification increases, and there is a risk that biometric information is leaked together. Therefore, it is desirable that the biometric information authentication system 2 has a mechanism for minimizing the risk of biometric information leakage, such as encrypting and recording the finger vein image 512 that is the original for verification.

FIG. 6 is a diagram illustrating an example of the configuration of the biometric authentication system 3 according to the third embodiment of the present invention.
The biometric information authentication system 3 according to the third embodiment includes an input device 20, a finger vein acquisition device 30, a display device 40, a storage device 50, a client 60, an authentication server 70, a network 80, and a card. A reading device 90 and an IC card 91 are included.
Note that the same components in FIGS. 5 and 6 are denoted by the same reference numerals and description thereof is omitted.

An input device 20, a finger vein acquisition device 30, a display device 40, and a card reading device 90 are connected to the client 60.
The CPU of the client 60 loads the authentication request program 61B into a memory from a storage device such as a magnetic disk (not shown) at a predetermined timing such as at startup. Then, the CPU of the client 60 executes the instruction code of the authentication request program 61B.
The function of the authentication request program 61B in the biometric information authentication system 3 is slightly different from the function of the authentication request program 61A in the biometric information authentication system 2, and also performs part of the authentication process as will be described later.

  The card reader 90 acquires the finger vein image 92 from the IC card 91 in which the user's finger vein image 92 (that is, the reference original) is recorded. In addition to the finger vein image 92, the IC card 91 stores an identification code 93 that is an ID for identifying the user (that is, an authorized holder of the IC card 91).

A storage device 50 is connected to the authentication server 70, and a verification history file 52 is recorded in the storage device 50. The data structure of the verification history file 52 is the same as that of the biometric information authentication device 1.
The CPU of the authentication server 70 loads the authentication program 71B from a storage device such as a magnetic disk (not shown) into the memory at a predetermined timing such as at startup. Then, the CPU of the authentication server 70 executes the instruction code of the authentication program 71B.
The function of the authentication program 71B in the biometric information authentication system 3 is slightly different from the function of the authentication program 71A in the biometric information authentication system 2, and does not collate with the original for collation as will be described later, and performs impersonation determination. .

  The biometric authentication system 3 is a configuration often used when, for example, a user wants to use a client 60 that is an ATM (Automated Teller Machine) terminal in order to withdraw a deposit. Used to authenticate the user's operation authority. That is, when the authentication is successful, the user can operate the client 60 to withdraw a deposit, and when the authentication is unsuccessful, the user operates the client 60 to withdraw a deposit. I can't.

In order to perform the authentication process, in the biometric information authentication system 3, a client 60 that is a device used by a user and an authentication server 70 that is a device for authenticating the user are connected to a network 80. The impersonation determination process described in the first embodiment is performed not by the client 60 but by the authentication server 70.
Although not shown in the figure because it is not directly related to the present invention, the network 80 is also connected to a server that provides various services to the user, such as a server that manages deposits, and the user who has successfully authenticated the service Can be provided.

  That is, in the biometric information authentication system 3, as in the biometric information authentication system 2, the authentication function is distributed to the authentication request program 61B and the authentication program 71B. However, unlike the biometric information authentication system 2, verification with the original for verification is performed. Is performed by the authentication request program 61B, and the impersonation determination is performed by the authentication program 71B.

  By providing such an authentication server 70, it is possible to centrally monitor impersonation as in the biometric information authentication system 2. Further, unlike the biometric information authentication system 2, the verification original is not stored in the storage device 50 of the authentication server 70, and the biometric information is not transmitted to the network 80. Does not exist.

  However, since it is necessary to issue an IC card 91 in which the original for verification is recorded to the user and each client 60 must be provided with the IC card reader 90, the cost for system construction and operation increases. Accordingly, whether to adopt a system configuration such as the biometric information authentication system 2 or a system configuration such as the biometric information authentication system 3 is determined in consideration of the risk of information leakage and the cost associated with system construction / operation, etc. Should.

  Hereinafter, the processing of the authentication request program 61B and the authentication program 71B in the biometric information authentication system 3 will be described using a flowchart with an example in which the client 60 is an ATM terminal.

FIG. 7 is a diagram illustrating an example of a flowchart of authentication request processing in the client 60 of the biometric authentication system 3 according to the third embodiment of the present invention.
When the user operates the input device 2 such as a touch panel to instruct the start of transaction, the CPU of the client 60 displays a message prompting the user of the client 60 to perform an authentication operation on the display device 40. Next, the CPU of the client 60 instructs the finger vein acquisition device 30 to capture the finger vein image of the user. When the user performs an operation such as holding the finger over the finger vein acquisition device 3 and the finger vein acquisition device 3 captures a finger vein image, the CPU of the client 60 acquires the captured finger vein image (S201).

  The CPU of the client 60 displays a message on the display device 40 instructing to insert the IC card 91 into the card reader 9. The CPU of the client 60 acquires the finger vein image 92 and the identification code 93 recorded on the IC card 91 inserted by the user. The CPU of the client 60 collates the finger vein image captured by the finger vein acquisition device 30 with the finger vein image 92 and calculates the similarity (S202).

Next, the CPU of the client 60 compares the similarity with a predetermined threshold, and if the similarity is greater than the threshold (it may be determined that the similarity is equal to or greater than the threshold), the collation is successful (S203). ).
When the collation is successful (S203: YES), the CPU of the client 60 transmits the identification code 93, the authentication date and time, and the similarity to the authentication server 70 together with the collation “success” code (S204). On the other hand, when the collation fails (S703: NO), the CPU of the client 60 transmits the identification code 93, the authentication date and the similarity, together with the collation “failure” code to the authentication server 70 (S205).

The authentication request program 71B receives an authentication result indicating whether the authentication has finally succeeded or failed from the authentication server 70 (S206), displays the authentication result on the display device 40, and ends the process (S207).
Of course, if the authentication is successful, the user can perform an operation to be authenticated (for example, withdrawal of a deposit) or the like, and if the authentication fails, the user cannot perform the operation.

FIG. 8 is a diagram illustrating an example of a flowchart of authentication processing in the authentication server 70 of the biometric authentication system 3 according to the third embodiment of the present invention.
The CPU of the authentication server 70 receives the identification code 93, the authentication date and time, and the degree of similarity together with the code indicating whether the collation is “successful” or “failed” transmitted by the client 60 (S301). When the code is “success” (S302: YES), the CPU of the authentication server 70 determines whether or not an impersonation action is performed (S303).
A specific determination method is performed with reference to the matching history record 520 in which the identification code 93 received from the client 60 and the identification code 521 match, as described in the description of the first embodiment.

  If the CPU of the authentication server 70 determines that the user is not impersonating but the person himself (S303: YES), it finally determines that the authentication is successful, and adds the authentication history 522 to the verification history record 520. At this time, the CPU of the authentication server 70 indicates the received date / time and similarity for the authentication date / time 523 and the similarity 524, “success” for the authentication success / failure 525, and “referable” for the reference availability 526. Is set (S304).

On the other hand, if the received code is “failure” (S302: NO), or if it is determined that impersonation has been performed (S303: NO), the CPU of the authentication server 70 finally determines that authentication has failed, and the verification history An authentication history 522 is added to the record 520. At this time, the CPU of the authentication server 70 indicates the received date / time and similarity for the authentication date / time 523 and the similarity 524, “failure” for the authentication success / failure 525, and “not referable” for the reference availability 526. Is set (S305).
The CPU of the authentication server 70 transmits the authentication result to the client 60 and ends the process (S306).

By the way, when performing the impersonation determination in the authentication server 70 as in the biometric information authentication system 2 and the biometric information authentication system 3, the authentication server 70 generally receives authentication requests from a plurality of clients 60.
For example, the user uses a plurality of ATM terminals at different locations. For this reason, the impersonation determination request prior to deposit withdrawal is transmitted from different ATM terminals even if the users are the same. In this case, if the attachment position or height of the finger vein acquisition device 30 differs depending on the ATM terminal, the user's finger placement changes, and the degree of similarity may increase or decrease depending on the ATM terminal. . As a result, when authentication is performed at a specific ATM terminal, a phenomenon may occur in which the degree of similarity is high and it is always determined to be impersonation.

  Therefore, when such a phenomenon is remarkable, the authentication device identification 527 may be included in the authentication history 522 as shown in FIG. When the client 60 transmits an authentication request or the like to the authentication server 70, an authentication device is transmitted when an apparatus ID (for example, the serial number of the client 60) that can uniquely identify the client 60 is transmitted and the authentication history 522 is added. The device ID may be set in the identification 527. In this way, when the CPU of the authentication server 70 determines impersonation, only the authentication history 522 in which the same value as the device ID transmitted from the client 60 is set in the authentication device identification 527 is referred to. It is possible to determine impersonation without being affected by a variation in the degree of similarity due to different clients 60.

In each of the above-described embodiments, the authentication in the cellular phone and the ATM terminal of the bank at the time of starting the PC has been described. However, the present invention is not limited to this, and the present invention is not limited to this. It can be applied to authentication in various situations such as unlocking.
In each of the above embodiments, an example using a finger vein pattern as biometric information has been described. However, the present invention is not limited to a finger vein pattern, and blood vessel patterns, fingerprints, irises in parts other than the finger (for example, palm, retina, etc.) It is also possible to apply to biometric information authentication such as voice print and face image.

  As described above, according to the present invention, in biometric information authentication, it is possible to prevent a third party other than the person from impersonating and authenticating regardless of a method of falsifying biometric information.

  Although the embodiments of the present invention have been described above, various modifications and combinations necessary for design reasons and other factors are described in the inventions described in the claims and the specific embodiments described in the embodiments of the invention. It should be understood that it falls within the scope of the invention corresponding to the examples.

DESCRIPTION OF SYMBOLS 1 ... Biometric information authentication apparatus, 2, 3 ... Biometric information authentication system, 10 ... Computer, 11 ... CPU, 12 ... Memory, 13 ... Authentication program, 20 ... Input device, 30 ... Finger vein acquisition apparatus, 40 ... Display apparatus, DESCRIPTION OF SYMBOLS 50 ... Memory | storage device, 51 ... Finger vein image file for collation, 52 ... Collation history file, 60 ... Client, 61A, 61B ... Authentication request program, 70 ... Authentication server, 71A, 71B ... Authentication program, 80 ... Network, 90 ... Card reader, 91 ... IC card, 92 ... finger vein image, 93 ... identification code

Claims (2)

Original storage means for storing biometric information as an original for verification;
Biometric information acquisition means for acquiring biometric information to be authenticated;
Similarity calculation means for obtaining the similarity between the biometric information that is the original for comparison stored in the original storage means and the biometric information to be authenticated acquired by the biometric information acquisition means;
Similarity storage means for storing the similarity obtained by the similarity calculation means;
A reference value is obtained based on a plurality of similarities stored in the similarity storage means, and the similarity obtained by the similarity calculation means is the reference value, the biometric information serving as the reference original, and the A determination unit that determines that the biometric information acquired by the biometric information acquisition unit is impersonated biometric information when the biometric information to be authenticated is a value between the degrees of similarity when the biometric information completely matches;
Authentication means for authenticating whether the biometric information acquired by the biometric information acquisition means is the biometric information of the person or another person based on the similarity obtained by the similarity calculation means;
Of the biological information whose similarity is stored in the similarity storage means, for the biological information determined as the biological information impersonated by the determination means, if the biological information satisfies a predetermined condition, Re-determination means to re-determine information;
With
Among the similarities stored in the similarity storage unit, the determination unit includes a similarity between the biometric information of the user and the biometric information authenticated by the authentication unit, and the biometric information of the user by the re-determination unit. Obtaining the reference value based on the re-determined biometric information similarity,
Biometric information authentication device comprising a call. Computer
Original storage means for storing biometric information as an original for verification;
Biometric information acquisition means for acquiring biometric information to be authenticated;
Similarity calculation means for obtaining the similarity between the biometric information that is the original for comparison stored in the original storage means and the biometric information to be authenticated acquired by the biometric information acquisition means;
Similarity storage means for storing the similarity obtained by the similarity calculation means;
A reference value is obtained based on a plurality of similarities stored in the similarity storage means, and the similarity obtained by the similarity calculation means is the reference value, the biometric information serving as the reference original, and the A determination unit that determines that the biometric information acquired by the biometric information acquisition unit is impersonated biometric information when the biometric information to be authenticated is a value between the degrees of similarity when the biometric information completely matches;
Authentication means for authenticating whether the biometric information acquired by the biometric information acquisition means is the biometric information of the person or another person based on the similarity obtained by the similarity calculation means;
Of the biological information whose similarity is stored in the similarity storage means, for the biological information determined as the biological information impersonated by the determination means, if the biological information satisfies a predetermined condition, Re-determination means to re-determine information;
To function,
Among the similarities stored in the similarity storage unit, the determination unit includes a similarity between the biometric information of the user and the biometric information authenticated by the authentication unit, and the biometric information of the user by the re-determination unit. Obtaining the reference value based on the re-determined biometric information similarity,
Biometric authentication program.

Images