Biometric authentication techniques are widely used which authenticate a person based on biological information such as a fingerprint, veins, a face, and an iris. In conventional biometric authentication techniques, at user registration, feature data (a template) extracted from the user's biological information are registered in a system. At user authentication, feature data extracted from the user's biological information again are compared with the template. If the similarity between them is large enough (the distance is small enough), it is determined that the authentication succeeded, and if not, it is determined that the authentication failed.
However, since biological information is irreplaceable, the occurrence of the leakage causes a serious problem. To address this problem, template-protecting biometric authentication techniques are being developed in which authentication is performed with biological information kept hidden. Among such techniques, a technique called biometric cryptography is attracting attention which generates key data from biological information and performs processing such as cryptographic authentication, encryption, signature generation, and the like.
In the above biometric cryptography, at a registration, a protection template T is created by converting feature data X of biological information. Thereafter, feature data X′ of newly acquired biological information are verified against the protection template T. If the verification succeeds, processing such as authentication, encryption, and placement of a signature can be performed. In such biometric cryptography, reconstituting or estimating X from T needs to be sufficiently difficult (requirement for security). In addition, if X′ is sufficiently similar to X (the distance is small), only in that case, processing such as authentication, encryption, and placement of a signature needs to succeed (requirement for integrity and soundness). Moreover, if X and X′ are the feature data extracted from the same biological information of a person, only in that case, X and X′ need to be sufficiently similar (the distance needs to be small) at a high probability (requirement for accuracy).
As a specific implementation method of such biometric cryptography described above, for example, a technique has been proposed in which a secret key K is generated randomly at a registration, auxiliary information H=F(X, K) is created by calculating a hash value of the secret key h=Hash(K) and embedding K into the biological information X in an inseparable form, and a combination of H and h is taken as a protection template T (T=(H, h)) (See Non Patent Literature 1). In this technique, when the key is reconstituted, biological information X′ is acquired again, and using auxiliary information H, the secret key K′=G(X′, is reconstituted. If X′ is close enough to X, an error correction coding technique and the like are used so that K′ is equal to K (K′=K). If the equation Hash (K′)=h holds, it is taken that the verification is successful. In this case, using the reconstituted K (=K′), the processing such as authentication, encryption, signature generation, and the like can also be performed.
Generally, the accuracy of a biometric authentication system is evaluated with a false acceptance rate (FAR) and a false rejection rate (FRR). If the FAR is large, the risk of impersonation by an inauthentic person increases, and if the FRR is large, the authentic person cannot be authenticated, which leads to lower availability. In general, the FAR and the FRR can be controlled with an authentication threshold t However, there is a trade-off relationship in which reducing one increases the other, and it is difficult to reduce both.
In general, biometric authentication techniques, as a measure against this problem, a multimodal biometric authentication technique has been proposed, which combines multiple pieces of biological information, for example, a combination of the ten fingers of both hands, or a combination of a fingerprint, veins, an iris, and the like, to make the FAR small enough while also keeping the FRR small. In the multimodal biometric authentication, each piece of biological information is registered as a template. For example, in the case where the ten fingers of both hand are used, the templates for the ten fingers are registered. Also at the time of authentication, each piece of biological information is acquired and verified against the corresponding template, and considering all the verification results, it is determined whether the authentication is successful or failed.
However, if the authentication requires inputs of all pieces of biological information, it makes the user operation complicated, leading to a decrease in convenience. For this reason, a sequential determination technique has also been proposed in which verification and determination are executed every time one piece of biological information is inputted, and in which the processing is terminated when it is determined that the authentication is successful.
For example, there is an OR determination method in which a piece of biological information is simply inputted and verified, and if it is sufficiently similar, it is determined that the authentication is successful. However, since the OR determination method only executes verification and determination using each piece of biological information separately, in order to make the FAR of each determination sufficiently small, the threshold for each determination needs to be sufficiently strict. As a result, the FRR of each determination becomes large. By repeating verification and determination multiple times, the FRR as a total can be reduced to some extent. However, the information possessed by combinations of multiple pieces of biological information cannot be utilized effectively, and the improvement effect on authentication accuracy in total is limited.
On the other hand, as a more advanced sequential determination method, a method using a sequential probability ratio test has also been proposed (see Non Patent Literature 2). This technique is a method in which every time biological information Xk (k=1, 2, . . . , n) is verified, a verification score (similarity level or distance) Sk is normalized to a likelihood ratio Lk using the statistical distribution they follow, and Mk=L1×L2× . . . ×Lk is compared with a threshold t. It has been proved that this method is the best sequential determination method in terms of authentication accuracy and the average number of verifications. The sequential probability ratio test is an effective method in the case where the similarity level or distance expressed with a continuous scale or multiple values can be calculated as the verification score Sk.