JP4623054B2 - Portable electronic device and personal authentication method using biometric information - Google Patents

Description

The present invention relates to personal authentication of a portable electronic device represented by an IC card or the like, personal authentication through a network such as the Internet, and an electronic signature. For example, it can be used for safe electronic currency that cannot be illegally used by a third party, and electronic commerce such as cashless shopping, online shopping, home banking, and the like.

Currently, a card having a magnetic stripe for storing information (hereinafter referred to as a magnetic card) is widely used in order to authenticate a specific individual in the withdrawal of bank deposits or purchase of goods. When cash is withdrawn from a bank automatic teller machine using a cash card, personal authentication is performed using a personal identification number. When a product is purchased using a credit card, the personal authentication is performed by comparing the signature on the back of the credit card with the signature at the time of product purchase.

Such personal authentication methods have been pointed out as having problems with security. When a cash card and its PIN are stolen by a third party, the deposit is easily withdrawn by the third party. Credit cards can be stolen by third parties imitating signatures.

Therefore, by using an IC card instead of a magnetic card, attention has been paid to the fact that the amount of information that can be stored in the card can be increased, and a method for personal authentication using biometric information such as a fingerprint, a retina pattern, or voice has been proposed. Yes. Many of these proposals are assumed to be processed by an IC card terminal because personal authentication using biometric information requires a considerable processing load. However, this processing also has a security problem because personal registration data is leaked to the outside and the IC card terminal can be modified by a third party relatively easily.

In view of this, Japanese Patent Application Laid-Open No. 61-199162 “Individual Identification System” proposes an idea that uses a fingerprint as a personal identification code and performs fingerprint feature extraction and collation processing using an IC card. However, the data processing performance of the IC card is extremely insufficient to perform personal authentication using biometric information, and cannot be substantially realized.

In addition, credit information is exchanged through the Internet together with personal authentication, such as when business transactions and elections are held on the Internet. In this case, the security is enhanced by encrypting the credit information, but it is difficult to judge whether the sent credit information is really the person's information and sent in real time. It was.

JP 61-199162 A

The first object of the present invention is a system that performs personal authentication using a portable electronic device that has a much larger storage capacity of information than a magnetic card and biometric information that is difficult to be stolen or imitated. An object of the present invention is to provide a personal authentication system with improved security by preventing stored biometric information from leaking outside.

The second object of the present invention is to use data processed so that biometric information cannot be reconstructed,
Highly secure personal authentication that prevents malicious third parties from illegally accessing the system by illegally operating the data processing device by performing personal authentication in cooperation between the data processing device and the portable electronic device To provide a system.

Furthermore, a third object of the present invention is to provide a high-security individual who can verify that information sent from a portable electronic device through an external network is personally authenticated and sent within a predetermined time. To provide an authentication system.

The portable electronic device of the present invention includes a memory for storing the feature quantity of the first biological information as registration data, and a transmission / reception interface for receiving the feature quantity of the second biological information to be authenticated from the data processing device as the feature data. And a processor for comparing and comparing the registered data and the feature data.

Further, in the personal authentication method using the biometric information of the present invention, the data processing device extracts a feature amount from the input biometric information, transmits the extracted feature amount to the portable electronic device as feature data,
The portable electronic device collates the feature data with registered data, which is a feature amount of biometric information stored in the memory. Furthermore, the portable electronic device reduces the hardware load by executing a part of the collation processing by the data processing device.

According to the present invention, a personal authentication system with improved security is realized by preventing the biometric information stored in the portable electronic device from leaking outside.

FIG. 1 shows a configuration of a portable electronic device represented by an IC card or the like. The portable electronic device 10
A CPU 102 that controls the entire portable electronic device 10, a RAM / ROM 103 that stores application programs and data, and an I / O 1 that communicates between the portable electronic device 10 and the outside.
01. RAM / ROM 103 is an EEPROM (Electronic Erasable Programma
ble Read Only Memory).
The EEPROM can maintain data without power and can rewrite data. The CPU 102 and RAM / ROM 103 are the address bus 104 and the CPU
101, RAM / ROM 103 and I / O 101 are connected by a control signal data signal bus 105. The CPU 102 receives an I / O signal from the outside via the I / O 101, and the RAM
/ Executes the application program on the ROM 103 and displays the execution result in the RAM / ROM 1
Write to 03 or output to the outside via the I / O 101.

The portable electronic device 10 has a function of enclosing hardware (101 to 105) and software (RAM / ROM) in one chip, or erasing software when a user performs a certain operation on the portable electronic device. It is a device that realizes tamper resistance by providing it. The tamper resistant device is desirable as a portable electronic device used in the field of electronic commerce to which the present invention is applied because it has a function of preventing software tampering by the user.

FIG. 2 shows a data processing device 2 typified by an IC card terminal or an IC card reader.
A configuration of 0 is shown. The data processing device 20 includes a CPU 201 that executes a program, a RAM 205 that stores programs and data to be executed, and an R for initial program boot.
An OM 202, a portable electronic device I / O 203 that exchanges information with the portable electronic device, an external I / O 204 that exchanges information with an external network, and an input device (such as a keyboard or a pin pad) connected to the data processing device 20 208 and a user I / O 206 for controlling an output device (display, speaker, etc.) 209.
7 is connected.

As shown in FIG. 3, the data processing device 20 is connected to the portable electronic device 10 by an I / O signal. Further, the data processing device 20 can exchange information with the external information processing device 30 through a network such as the Internet as necessary.

Here, CPUs and RAM / ROMs in portable electronic devices typified by IC cards and the like are used for data processing devices (IC card terminals and IC cards) in order to realize hardware in a compact manner and because of restrictions due to power supply and heat dissipation. Generally, the performance is inferior to the CPU and RAM / ROM in the reader.

Example 1
FIG. 4 shows a flowchart of the first embodiment of the personal authentication system according to the present invention. The processing in this embodiment includes processing executed by the portable electronic device 10 and the data processing device 20.
Biological information such as a fingerprint, a retina pattern, voice, handwriting, or the like is input from the input device 208 to the data processing device 20 (step 401). The CPU 201 displays the characteristics of the input raw data.
(Step 402), and the feature data obtained by the extraction process is sent to the portable electronic device 10.

In the portable electronic device 10, the registration data is read from the RAM / ROM 103 in which the registration data is stored (step 403), and the feature data sent from the data processing device 20 is compared with the registration data by the CPU 102 (step 404). ). If the collation result is true, the personal authentication ends normally, and the next processing is continued.
If the collation result is false, the personal authentication is rejected and the next process is not executed.

According to the processing in this embodiment, the biological information (registration data) registered in the portable electronic device is not output to the outside (data processing device or the like), and the biological information (raw data) with a large processing amount is output.
Since the feature extraction processing is executed by a data processing device having a high CPU performance, personal authentication can be realized safely and at high speed.

Here, a method for registering registration data in a portable electronic device when a fingerprint is used as biometric information will be described. The fingerprint registration is performed by the data processing apparatus shown in FIG.

As shown in FIG. 9, an input device 208 for inputting a fingerprint includes an optical device (for example, a fingerprint sensor using a CCD camera) 901, and a digital device 902 for digitizing image data captured from the optical device 901. Have Digitized image data (raw data) is input to the data processing device 20. The CPU 201 executes a program for extracting feature data from the input raw data in order to facilitate biometric information collation. Various methods for extracting features have been proposed, and the present invention is not limited thereby. For example, the method described in Minami et al. “Development of a new security system for fingerprint verification” (Electronics September, 1988 issue) can be used. In this method, as shown in FIG. 10, tone conversion (step 1001), leveling (step 1002), and ridge direction extraction (step 1003) are performed on raw data.
) Are performed in order. An example of a fingerprint pattern is shown in FIG. 11 and will be described in detail.

The gradation conversion 1001 is a process of reducing the gradation (so-called number of colors) of the raw data 1101.
For example, the gradation of 256 colors of raw data is reduced to 32 colors. In the leveling 1002, fingerprint data has few sharp gradation changes due to the nature of the image, and the correlation between adjacent pixels is strong.
This is a process for removing isolated points. The image subjected to these processes is divided into grid areas, and the ridge direction in each grid area is extracted. The ridge direction pattern extracted for each grid area is defined as feature data 1102.

Normally, the surrounding area of the obtained feature data 1102 contains a lot of noise due to optical distortion of the input device. The feature position of the fingerprint useful for collation is the central area of feature data with many ridge changes. Therefore, a center region including many feature positions of feature data is cut out, and the cut out partial feature data 1103 is sent to the portable electronic device 10. The portable electronic device 10 stores the partial feature data 1103 in the RAM / ROM 103 as registration data.

(Example 2)
FIG. 5 shows a flowchart of the second embodiment of the personal authentication system according to the present invention. In this embodiment, part of the processing of the portable electronic device in the first embodiment is performed by the data processing device, thereby reducing the processing load on the portable electronic device.
Biometric information is input to the data processing device 20 from the input device 208 (step 501), and features of the input raw data are extracted by the CPU 201 to obtain feature data (step 50).
2). The portable electronic device 10 reads registration data stored from the RAM / ROM 103 (step 505), and cuts out a part of the read registration data (step 506).
The cut partial registration data is sent to the data processing device 20.

The data processing device 20 generates a cut-out control signal from the feature data and the partial registration data sent from the portable electronic device (step 503), and cuts out the feature data (step 50).
4) Send to portable electronic device 10 In the portable electronic device 10, the extracted feature data and the registered data are compared and collated by the CPU 102 (step 507). If the collation result is true, the personal authentication is terminated normally, and the next processing is continued. If the collation result is false, the personal authentication is rejected and the next process is not executed.

The authentication process in the second embodiment will be described in more detail. In order to collate pre-registered registration data with feature data of biometric information input as an authentication target, (a) normalization processing of registration data and feature data (when fingerprint is used as biometric information) Processing such as alignment)
And (b) processing for comparing registered data and feature data is required. In the second embodiment, normalization processing is performed by the data processing device 20 and comparison processing is performed by the portable electronic device 10. The portable electronic device 10 extracts minimum partial registration data necessary for normalization processing from the registration data.
Then, the normalized (positioned) feature data is sent to the portable electronic device 10 and the portable electronic device 10 performs comparison processing. Thereby, even if a malicious third party obtains partial registration data output from the portable electronic device and registers the partial registration data in another portable electronic device, personal authentication cannot be performed.

Taking the fingerprint data shown in FIG. 12 as an example, the flow of comparison processing in the second embodiment will be described in detail. Fingerprint image data 1204 to be authenticated is input from the input device 208 to the data processing device 20, and feature extraction processing is executed to obtain feature data 1205.

On the other hand, the portable electronic device 10 reads the registration data 1201 and creates partial registration data 1202 for alignment. FIG. 12 shows registration data 1 as partial registration data 1202.
An example in which four corners of 201 are cut out is shown. The registration partial registration data 1302 may be arbitrary as long as the registration data is not stolen. Therefore, it is desirable to cut out the peripheral portion of the registered data that does not contain much fingerprint feature information, and it is desirable to cut out a plurality of locations in consideration of the rotation of the data to be collated.

The cut partial registration data 1202 is sent to the data processing device 20. The data processing device 20 generates a cut-out control signal from the feature data 1205 and the partial registration data 1202 sent thereto. The cut-out control signal is the feature data 12 that matches the registered data 1203.
This is a signal indicating the portion 05, and is represented by coordinates corresponding to the four corners of the registration data 1301, for example. The data processing device 20 performs a cut-out process on the feature data 1205 in accordance with the cut-out control signal. As a result, a rectangle (cut-out feature data 1206) having the four corners of the alignment data 1202 composed of four places is cut out.
The extracted feature data 1206 is sent to the portable electronic device 10 and registered data 1203.
And compared.

In the second embodiment, registration data of biometric information stored in the portable electronic device is not output to the outside of the portable electronic device, and normalization processing with a large processing amount is executed by a data processing device with high CPU performance. Therefore, safe and high-speed personal authentication can be realized.

(Example 3)
FIG. 6 shows a flowchart of a third embodiment of the personal authentication system according to the present invention.
Biometric information is input to the data processing device 20 from the input device 208 (step 601), and the features of the input raw data are extracted by the CPU 201 to obtain feature data (step 60).
2). The portable electronic device 10 reads registration data stored from the RAM / ROM 103 (step 606), and cuts out a part of the read registration data (step 607).
The cut partial registration data is sent to the data processing device 20.

The data processing device 20 generates a cut-out control signal from the feature data and the partial registration data sent from the portable electronic device (step 603), and cuts out the feature data (step 60).
4). Probability processing is performed on the extracted feature data (step 605), and the extracted feature data and prediction processing data are sent to the portable electronic device 10. In the portable electronic device 10, the extracted feature data, prospective processing data, and registered data are compared and collated by the CPU 102 (step 608). If the collation result is true, the personal authentication ends normally, and the next processing is continued. Do. If the collation result is false, the personal authentication is rejected and the next process is not executed.

The third embodiment will be described in more detail by taking the case of using a fingerprint as biometric information as an example.
As described in the second embodiment, the collation process includes two processes of (a) normalization process and (b) comparison process. The present embodiment further reduces the processing burden on the portable electronic device in the comparison process. In comparison between registered data and feature data, the distance between the two is generally calculated and the determination is made based on the magnitude of the distance. Here, depending on the function of distance, the amount of calculation increases, and the processing load may increase for a portable electronic device with poor hardware performance.

In this embodiment, paying attention to the fact that the input data to be authenticated is that of the person, the input data is located in the vicinity of the registered data, and the extracted feature data is shifted within the vicinity, Calculate the expected distance.

A specific example is shown in FIG. For simplification, it is assumed that the ridge direction pattern constituting the feature data is represented by a unit vector whose angle with the x-axis is a °, and the feature data is represented by a. Here, the extracted feature data 1301 is (41, 33, 18, 37, 22, 5,
24, 12, 3).

For example, for the first feature data “41”, the data processing device 20 takes “−2, −1, 0, +1, +2” as its neighborhood, and its absolute value “2, 1, 0, 1, 2”. Ask for.
The prospective processing data 1302 is a result calculated in advance for the permissible neighborhood range for each feature data.

The portable electronic device 10 receives the prospective processing data 1302 and receives the first feature data “41”.
Based on the corresponding neighborhood data “2, 1, 0, 1, 2”, the registered data string is (4
0, 35, 20, 37, 20, 8, 28, 10, 5), the first registration data is “40”.
”Is compared with the feature data“ 41 ”, and the difference is“ −1 ”.
“1” is obtained from “1, 0, 1, 2”. Similarly, successive registration data and the extracted feature data are compared, a distance is obtained from the corresponding prospective processing data, and cumulative addition is performed. The cumulative addition result is the difference between the registered data and the extracted feature data. If this value is smaller than a certain threshold value, it is determined that the registered data and the extracted feature data match.

As described above, the portable electronic device 10 does not perform the distance calculation that requires a calculation amount, performs the calculation in the data processing device 20, and compares the registered data with the extracted feature data.
A distance is obtained from the prospective processing data in a table look-up and collation processing is performed.

Here, one-dimensional feature data has been described as an example, but when the number of dimensions increases,
Whatever the distance function is used, the calculation load of the portable electronic device 10 can be reduced.

Example 4
FIG. 7 shows a flowchart of the fourth embodiment of the personal authentication system according to the present invention.
Biometric information is input to the data processing device 20 from the input device 208, and the feature of the input raw data is extracted by the CPU 201 to obtain feature data. The portable electronic device 10 is RAM / R
The registered data stored in the OM 103 is read out. Step 70 in the data processor
Processes 1 to 704 and steps 706 and 707 in the portable electronic device are the same as those in the second and third embodiments. In this embodiment, the difference between the registered data and the feature data sent is calculated (step 709). The difference data is encrypted with the random number generated in step 708 (step 710), and the encrypted data is sent to the data processing device 20.

The data processing device 20 performs a pre-collation process with the feature data and the encrypted data sent (step 705), and sends the pre-collation data to the portable electronic device 10. The portable electronic device 10 performs a post-collation process from the pre-collation data and the generated random number (step 711). If the collation result is true, the personal authentication ends normally, and the next process continues. If the collation result is false, the personal authentication is rejected and the next process is not executed.

  The fourth embodiment will be described in more detail by taking the case of using a fingerprint as biometric information as an example.

Similar to the third embodiment, the present embodiment also aims to reduce the processing burden on the portable electronic device in the comparison process. In this embodiment, the calculation for obtaining the distance is performed by the data processing device,
The calculation result is received by the portable electronic device and a final verification process is performed.

In the portable electronic device 10, as shown in FIG. 14, difference data 1403 between the extracted feature data 1401 and the registration data 1402 is obtained. If the ridge direction vector of the feature data completely matches the ridge direction vector of the registered data, the result is a zero vector. However, since the feature data generally contains many errors, it does not become zero. If the difference data 1403 is sent to the data processing apparatus as it is, the registration data 1402 is calculated backward. Therefore, the difference data 1403 is scrambled using a random number (the order of the data is rearranged randomly).
The encrypted data 1404 is sent to the data processing apparatus. Thereby, back calculation of registration data can be prevented.

In the data processing device 20, the absolute value of the encrypted data generated by the portable electronic device 10 (
The absolute value of the angle difference is taken as a distance) and sent to the portable electronic device 10. The portable electronic device 10 receives the distance calculation result and performs cumulative addition. The cumulative addition result is the difference between the registered data and the extracted feature data, and this value is compared with a threshold value (post-matching). If the value is smaller than the threshold value, it is determined that the registered data matches the extracted feature data.

For the sake of simplicity, an example using a one-dimensional angle as data has been described.
For example, it is of course possible to use multidimensional data such as the coordinates of the vector end point. Further, when the difference data is scrambled with random numbers, if the scrambled result has the same dimension as the registered data, there is a possibility that the registered data is inferred by repeatedly sending a zero vector or a unit vector from the data processing device 20.
Therefore, in scrambling, inference can be made difficult by increasing the number of dimensions of the encrypted data with random numbers.

In this embodiment, the normalization process is performed by the data processing apparatus. However, depending on the hardware performance of the portable electronic device, the characteristic data may be transmitted to the portable electronic device as it is, and the normalization process and the difference process may be performed. Is also possible.

(Example 5)
FIG. 8 shows a flowchart of the fifth embodiment of the personal authentication system according to the present invention. This embodiment implements a personal authentication system with high security in an environment where the data processing apparatus is connected to an external network. In this embodiment, the data processing device 20 is connected to a network such as the Internet, and the network is connected to an external information processing device 30 (such as a computer).
For example, a service provider host computer) is connected.

Biometric information is input to the data processing device 20 from the input device 208 (step 801), and the feature of the input raw data is extracted by the CPU 201 to obtain feature data (step 802).
) To the portable electronic device 10. The portable electronic device 10 reads the registration data stored from the RAM / ROM 103 (step 804), collates the registration data with the feature data sent (step 805), and performs personal authentication if the collation result is true. Completes normally and continues with the next process. If the collation result is false, the personal authentication is rejected and the next process is not executed. The first to fourth embodiments described above can be applied to the above collation processing.

Here, information such as money and transaction requests in electronic commerce is input to the data processing device 20 by the user. The data processing device 20 reads the input information (step 803).
To the portable electronic device 10. The external information processing device 30 reads the current time (step 808), performs encryption processing (step 809), triggered by the input of information to the data processing device by the user or the completion of personal authentication in the portable electronic device, via the network To the portable electronic device 10. The portable electronic device 10 decrypts the sent encrypted time (step 807), and performs encryption processing on the desired information and the sent time (step 806).
), And passes through the data processing device 20 to the external information processing device 30 via the network. The external information processing apparatus 30 decrypts the cipher (step 810), and if the sent time matches the time sent by itself (step 811), the sent information is correct information. The desired information processing, for example, electronic commerce is performed (step 812).

In the personal authentication system according to the present embodiment, when an instruction from the external information processing device 30 is received and information from the data processing device is transferred to the external information processing device 30, a person who performs the transfer process is registered in the portable electronic device 10. This is a system in which the external information processing apparatus 30 recognizes that the user is the person (person). That is, the personal authentication according to the present invention prevents a third party from impersonating a registered person by misusing the portable electronic device, and the portable electronic device 10 uses the time sent from the external information processing device 30 as information. By adding and sending back, falsification by the data processing device 20 is prevented.

Thereby, it is possible to prove that the person (person) registered in the portable electronic device 10 exists beyond the network at the time. If you use these characteristics,
It is possible to provide an effective system for competition and election on a network that is required to perform processing within a certain period of time.

Although an example in which necessary information is sent from the data processing device has been described, the same processing can be performed for information registered in the portable electronic device and information already stored in the data processing device. Further, the system can arbitrarily determine the timing for reading the current time (step 808) in the external information processing apparatus. In addition, the current time is transmitted from the external information processing device to the portable electronic device, but a random number is sent instead of the time, especially when processing is not required within a certain time. However, the same effect can be achieved.

The examples 1 to 5 have been described in detail above. The biometric information that can be used in the present invention has been described by taking a fingerprint as an example. Of course, other than fingerprints, biometric information that can be developed on a two-dimensional plane, for example, retina patterns, palms, human phases, and vectors such as handwriting and voiceprints. The present invention can be implemented only by changing the input processing of data that can be expressed, etc., and changing the algorithm of feature extraction. An authentication (speaker verification) method when the biometric information is voice will be described with reference to FIGS.

FIG. 15 shows a flowchart of speaker verification. A voice is input (step 1501), and the input voice is changed to a phoneme (phoneme processing, step 1502). A phoneme is a feature quantity of speech and is based on a spectrum analysis of speech. As the phonological processing by the spectrum analysis, LPC cepstrum analysis described in Seichi Nakagawa “Speech recognition using a probability model”, pages 10 to 12 (published by the Institute of Electronics, Information and Communication Engineers) can be used. After this phoneme processing 1502, vector quantization processing is performed on the phoneme-processed speech (step 1503). Efficient calculation can be performed by vector quantization of the feature amount of speech. Such processing 15
02 and 1503 correspond to a feature extraction process in the case where voice is used as biological information. Also,
In the portable electronic device 10, vector quantized speech feature values are registered as registration data,
It is collated with the voice feature data input to the data processing device 20. As shown in FIG.
The feature amount of speech is represented as a time series of feature vectors, and the registered data is (A ₁ , A ₂ ,... A
_n ) The feature data of the input speech is (X ₁ , X ₂ ,... X _m ).

The matching process (step 1504) includes DP (Dynamic Programming) matching method and H
The MM (Hidden Markov Model) method is used. The matching process by the DP matching method will be described with reference to FIG. Since voice expands and contracts in time, it is necessary to perform collation that allows temporal changes. The DP matching method, a combination that the cumulative distance between A _i and X _j is the minimum (A _i, X _j) (
1 ≦ i ≦ n, 1 ≦ j ≦ m) is obtained, and collation is performed by comparing the cumulative distance in this case with a predetermined reference.

As described above, in the DP matching method, since it is necessary to calculate the cumulative distance for a time series of various combinations, the combinations are limited to a certain range for the purpose of reducing the amount of calculation. This certain range is called a matching window, and the straight line 1703 and straight line 170 in FIG.
The cumulative distance is calculated only for combinations that are between four.

First, the distances of (A ₁ , X _j ) (1 ≦ j ≦ r) are compared, M combination candidates having a small distance are extracted, and then the combinations at the next time point are extracted from the M candidates. The cumulative distance with the distance (A ₂ , X _j ) is calculated, and the candidates are narrowed down. Such a process is repeated. Eventually, the combination (A _i ,
X _j ) that minimizes the cumulative distance, for example, (A ₁ , X ₁ ) (A ₁ , X ₂ ) (A ₂ , X ₃ ) (A ₃ , X ₃ ) (A ₄ , X ₄ )... (A _n , X _m ) are extracted. For details of such DP matching method, see Kenichi Mori “Pattern Recognition” (published by IEICE) 117.
Pages 119 to 119.

Thus, even in speaker verification, the processing load for calculating the cumulative distance for the time series of combinations is large, and it is difficult to perform processing in the portable electronic terminal. Therefore, in general, the feature data at the beginning of the utterance has a lot of fluctuations, but since the fluctuation is small from the middle of the utterance, it is necessary to enlarge the matching window at the beginning. Pay attention to the fact that it can be collated even if it is small. In other words, the first half of the utterance is checked by the data processor (
(This corresponds to the “cutout process” in the fifth embodiment), and the collation process in the latter half of the utterance is performed by the portable electronic device. Part of the registration data is sent from the portable electronic device to the data processing device for the first half of the verification process, but the other portions do not flow out to the outside.

This will be specifically described with reference to FIG. The portable electronic device sends registration data A _i (1 ≦ i ≦ u) to the data processing device and collates with the feature data. The collation range is a range indicated by a rectangle 1810. In this case, the matching window is wide and is a range between the straight line 1811 and the straight line 1812. The collation result in collation range 1810 is sent to the portable electronic device, and the collation processing is continued for A _i (u + 1 ≦ i ≦ n) in the portable electronic device. The collation range in the portable electronic device is a range indicated by a rectangle 1820, and the matching window of the collation range 1820 is a range sandwiched between the straight line 1821 and the straight line 1822. As described above, in the collation processing in the portable electronic device, the calculation window can be reduced by narrowing the matching window as compared with the collation processing in the data processing device.

Furthermore, the processing corresponding to the third and fourth embodiments described above can be performed to reduce the amount of calculation in the portable electronic device. Corresponding to the third embodiment, the distance from the neighborhood Y _k (1 ≦ k ≦ l) of the feature data X _j is obtained as prospective processing data. Y _k that matches A _i is selected, and the distance of (Y _k , X _j ) calculated in advance as the prospective process can be set as the distance of (A _i , X _j ). In this way, a time series of combinations (A _i , X _j ) that minimize the cumulative distance can be obtained.

Further, as a difference process corresponding to the fourth embodiment, the difference of the combination (A _i , X _j ) is taken as a time series satisfying the matching window, and subjected to a cryptographic process to obtain a combination (A _i , X _j as a pre-matching process). ) Distance calculation. In this case, the cumulative distance obtained as the post-collation process is selected to minimize the value and collated with the threshold value.

  Such a feature vector string matching method is also effective for handwriting collation.

It is a figure which shows the structure of a portable electronic device. It is a figure which shows the structure of a data processor. It is a figure which shows the relationship between a portable electronic device, a data processor, and an external information processor. It is a figure which shows the 1st Example of the personal authentication process which concerns on this invention. It is a figure which shows the 2nd Example of the personal authentication process which concerns on this invention. It is a figure which shows the 3rd Example of the personal authentication process which concerns on this invention. It is a figure which shows the 4th Example of the personal authentication process which concerns on this invention. It is a figure which shows the 5th Example of the personal authentication process which concerns on this invention. It is a figure which shows the structure of the input device in the case of using a fingerprint as biometric information. It is a figure which shows the method of calculating | requiring the fingerprint characteristic data. It is a figure which shows the method of producing the registration data of a fingerprint. It is a figure which shows the method of matching by registration data, and collating registration data and characteristic data. It is a figure explaining the expectation process for collating registration data and characteristic data. It is a figure which calculates | requires difference data from registration data and characteristic data, and produces | generates encryption data. It is a figure which shows the speaker collation method in the case of using a sound as biometric information. It is a figure which shows registration data and the characteristic data in the case of using a sound as biometric information. It is a figure which shows DP matching method for speaker collation. It is a figure which shows DP matching method for speaker collation in this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Portable electronic device, 101 ... I / O (Input / Output), 102 ... CPU (Central Process
ing Unit), 103 ... RAM / ROM (Random Access Memory / Read Only Memory), 10
4 ... Address bus, 105 ... Control signal / data signal bus, 20 ... Data processing device, 201
... CPU, 202 ... ROM, 203 ... portable electronic device I / O, 204 ... external I / O, 205
... RAM, 206 ... User I / O, 207 ... Bus, 208 ... Input device, 209 ... Output device, 30 ... External information processing device.

Claims (3)

  Registration data which is first biometric information;
A memory for storing an encryption program for encrypting data;
A processor having software that performs an operation related to collation with feature data that is second biological information;
Tamper resistance to prevent tampering with the software used for the calculation;
A transmission / reception interface for transmitting / receiving data to / from the data processing device having the characteristic data;
Have
The transmission / reception interface is:
Sending, to the data processing device, partial registration data composed of a part of the registration data that is not used for the verification by the processor,
Receiving the feature data cut out by the matching processing between the feature data based on the feature amount of the second biological information and the partial registration data in the data processing device;
Generating difference data between the extracted feature data and the registration data in the processor, and further transmitting the difference data encrypted by the encryption program to the data processing device;
A portable electronic device, wherein the data processing device receives a processing result collated based on the encrypted difference data. Feature data that is the first biometric information that is input,
A calculation unit that performs calculation related to verification with registration data that is second biological information;
A transmission / reception interface for performing transmission / reception of data to be collated with a portable electronic device having a memory for storing the registered data, a calculation unit, and a tamper resistant to prevent tampering with a program used for calculation in the calculation unit; ,
Have
The transmission / reception interface is:
Receiving partial registration data generated from a portion of the registration data in the portable electronic device;
By transmitting the feature data cut out by the matching process between the feature data and the partial registration data,
Receiving difference data between the extracted feature data and the registration data, which is generated by the portable electronic device and further encrypted,
A data processing apparatus that transmits a verification result based on the encrypted difference data that has been verified by the arithmetic unit.   The portable electronic device according to claim 1, wherein the tamper resistant erases the processing program when a predetermined operation is applied to the portable electronic device.

Images