There has been known a service based on user data provided on a computing resource connected to a network. There is an opportunity for handling sensitive data of a user in such a service. In handling sensitive user data, it is important for a service provider to guarantee that data related to a user is securely managed. On the other hand, authentication using a password or an object may fail even for a person in question due to oblivion or a loss of the password or the object. As a method to avoid occurrence of such a situation, there is provided a technology referred to as a biometric authentication technology based on a personal biometric feature (referred to as biometric information) such as a fingerprint or a vein. Since biometric information remains unchanged through life, which is different from a password or object, leakage of biometric information may cause immense damage.
In biometric authentication, information that is generated based on biometric information and referred to as a template is stored in a database or the like, and the authentication is performed using the template. As described above, high confidentiality is required for biometric information. Thus, it is preferable to use an authentication method in which information related to biometric information does not leak from a template as well, as much as possible, and various methods have been hitherto proposed.
Non-Patent Literature 1, for example, discloses a method in which information obtained by masking biometric information by a random BCH (bose-chaudhuri-hocquenghem) code word is set in a template. In Non-Patent Literature 1, the template for biometric authentication is generated using biometric information Z and secret information S. FIG. 7 is a diagram based on FIG. 2 in Non-Patent Literature 1. Feature extraction (Feature Extraction), statistical processing (Statistical Analysis), quantization (Quantization), and so forth in FIG. 2 in Non-Patent Literature 1 are omitted. The method described in Non-Patent Literature 1 includes enrollment (Enrollment) and verification (Verification). Enrollment (Enrollment) of the template related to the biometric information Z is performed as follows:
(1) The secret information S is supplied to an encoder (ENC) to be subject to error correcting coding (Error Correcting Coding: ECC), thereby generating a code word C. Binary BCH code having parameters (K, s, d) is used as ECC, where K denotes the length of code words (cord word), s is the number of information symbols (information symbols), and d is the number of errors that can be corrected.(2) Exclusive OR of code word C and biometric information Z: W=C(+)Z is computed (where (+) indicates bit-by bit-based XOR (bitwise XOR) operation).(3) A hash value H(S) is computed, wherein H is a cryptographic hash function (cryptographic hash function) of SHA (Secure Hash Algorithm)−1 or the like.(4) W and H(S) are stored in a database (DB), as a template.
It is assumed that the above process is executed by an enrollment apparatus (not illustrated), and the template that has been generated is stored in the storage apparatus (DB).
Verification (Verification) of whether or not the template (two sets: W and H(S)) generated by the above-mentioned steps (1) to (4) and different biometric information Z′ are extracted from a same person is performed as follows. It is assumed that the verification is executed between two apparatuses that are a certification apparatus (not illustrated) configured to store the biometric information Z′ and a verification apparatus (not illustrated) including the template (two sets: W and H(S)). The process of the verification is performed by the following steps (1) to (5).
(1) The certification apparatus supplies the biometric information Z′ to the verification apparatus.
(2) The verification apparatus computes an exclusive OR C′ of Z′ and W: C′=W(+)Z′. It is to be noted herein that W(+)Z′=(C(+)Z)(+)Z′=C(+)(Z(+)Z′)=C(+)Z(+)Z′.
(3) The verification apparatus supplies C′ to a decoder (DEC). The decoder (DEC) performs error correcting decoding processing of the binary BCH code to compute S′.
(4) The verification apparatus computes a hash value H(S′).
(5) The verification apparatus compares H(S′) with H(S) read from the DB. When H(S)=H(S′) holds, the verification apparatus determines that a hamming distance between the biometric information used for generation of the template and the biometric information Z′ is close.
The reason why it can be verified by the above-mentioned steps that a hamming distance between the biometric information Z used for generation of the template and the biometric information Z′ used for the verification is not more than a predetermined value will be described below.
In step (2) of the verification process, C(+)Z(+)Z′ is computed. C(+)Z(+)Z′ can be regarded as data in which an error of Z(+)Z′ is added (added by an exclusive OR operation) to the error correcting code word C. That is, C(+)Z(+)Z′ is data obtained by giving to the code word C, an error or errors, the number of which corresponds to the hamming distance between the biometric information Z and the biometric information Z′. When the number of the error(s) is not more than d, the code word C can be decoded.
Accordingly, assuming that an error correcting process is executed on C(+)Z(+)Z′, when the hamming distance between the biometric information Z and the biometric information Z′ is not more than, the secret information S′, which is an output of the error correcting process, becomes the secret information S from which the error correcting code word C is generated. It is clear in this case that H(S′)=H(S) holds.
On the other hand, even if the error correcting process is executed on C(+)Z(+)Z′, when the hamming distance between the biometric information Z and the biometric information Z′ is larger than d, a secret information S cannot be obtained as an output S′. In this case, H(S′)=H(S) does not hold.
Accordingly, the above-mentioned process makes it possible to determine that hamming distance between biometric information is close.
The above-described approach does not depend on an acquisition method of biometric information Z. For this reason, the above-described approach can be used for determining closeness of a hamming distance for bit string information as well as biometric information. That is, a bit string is enrolled in a storage apparatus using the enrollment apparatus above described, a bit string is inquired by the certification apparatus, and the bit strings are collated by the verification apparatus.
Patent Literature 1, for example, discloses the following arrangement, as an authentication technology using templates.
At an enrollment time, a feature data array for enrollment is generated from biometric information acquired by a client, and a position correction template and a comparison template obtained by converting the feature data array for enrollment are registered in a server. At an authentication time, a feature data array for authentication is generated from biometric information acquired by the client, and converted feature data for position correction obtained by converting the feature data array for authentication is transmitted to the server. The server detects a position correction amount of the feature data array for authentication relative to the feature data array for enrollment using the position correction template and the converted feature data for position correction, and transmits the position correction amount to client. The client corrects the feature data array for authentication using the position correction amount and transmits to the server a converted feature data array for comparison obtained by further converting the corrected feature data array. The server calculates a distance between the comparison template and the converted feature data array for comparison and determines success or failure of the authentication on the basis of the distance.[Patent Literature 1]    JP Patent Kokai Publication No. JP2010-108365A[Patent Literature 2]    International Publication No. WO 2014/010725 A1[Non-Patent Literature 1]    Pim Tuyls, Anton H. M. Akkermans, Tom A. M. Kevenaar, Geert-Jan Schrijen, Asker M. Bazen and Raymond N. J. Veldhuis, “Practical Biometric Authentication with Template Protection”, Proceedings of AVBPA 2005, Lecture Notes in Computer Science, Vol. 3546, Springer Verlag, pp. 436-446, (2005)