1. Field of the Invention
The present invention relates to encryption/decryption method and equipment adapted for physical characteristic information such as fingerprints, voiceprints, palm patterns, facial appearances, or signatures representing a characteristic inherent to an individual, and to a remote identification system for identifying a person through a network according to the physical characteristic information.
The fingerprints, voiceprint, iris patterns or the like are characteristics inherent to an individual and are invariable for the life of the individual so that they are excellent as information for identifying a person and are utilized in various identification systems such as an admission controlling system.
As an information-related device such as a personal computer spreads, on the other hand, a variety of information are vigorously sent and received through a network between end users to enhance the importance of commerce through the network and transmissions of documents.
In order to perform the commerce and the exchanges of important documents properly through the network, there has been needed a technique for sending and receiving information to prove each other through the network and for identifying the persons reliably between each other. So the physical characteristic information has been noted as the information for identifying the persons.
2. Description of the Related Art
FIG. 15 is a diagram showing a construction of a remote identification system of the prior art through a network.
The remote identification system shown in FIG. 15 is constructed such that a client-side identification equipment 410 sends authenticating information through the network, and such that a server-side identification equipment 420 identifies the person of the client-side identification equipment 410, according to the result of comparison between the received authenticating information and the registered authenticating information.
When a personal computer communication service is utilized, for example, the end user's personal computer is the client-side identification equipment, and the host computer of a service provider is the server-side identification equipment.
In this case, according to a user's ID and a password inputted through a keyboard 411, the authenticating information is generated by a request controlling part 412 and is sent to the network by a transmission controlling part 413.
At this time, the aforementioned password is encrypted by an encrypting part 414, and this encrypted password is used in the request controlling part 412 to generate the authenticating information so that the password can be safely transferred through the network to the server-side identification equipment 420.
In the server-side identification equipment 420 shown in FIG. 15, the aforementioned encrypted password is received by a transmission controlling part 422 and transferred to a decrypting part 421. Accordingly, the decrypting part 421 decrypts the encrypted password and transfers the password to an identification controlling part 423.
On the other hand, the aforementioned user's ID is received by the transmission controlling part 422 and then transferred to the identification controlling part 423. According to this user's ID, the identification controlling part 423 retrieves the registered password from a password database 424, and compares this password with the password restored by the decrypting part 421.
In this case, if the restored password and the registered password match each other, the identification result having confirmed the identity is informed to the client-side identification equipment 410 by the transmission controlling part 422. Accordingly, the request controlling part 412 generates a message indicating the identification result and informs the person of the fact that the permission was acknowledged, by a display (CRT) 415.
As shown in FIG. 15, on the other hand, the encrypting part 414 may encrypt the password by using the current time on the system, as received from the digital timing unit 416, and the decrypting part 421 may decrypt the encrypted password by using the current time on the system, as received from a digital timing unit 425.
In this case, the password inputted by the person can be converted into a different cryptogram each time so that it can be safely sent and received through the network.
In this remote identification system, the inputted password is the information for identifying the person so that the password has to be properly managed by each person so as to identify the person reliably to exclude others.
On the other hand, the physical characteristic information is inherent to an individual and is excellent as one for the identification so that it is utilized as the authenticating information for the persons in the admission controlling system, for example.
FIG. 16 is a diagram showing an example of the construction of the identification system utilizing the physical characteristic information.
FIG. 16 shows the case in which the information representing a feature of a fingerprint is used as the physical characteristic information. This identification system is constructed to include a fingerprint reader 430 and fingerprint identification equipment 440.
In this identification system, the fingerprint reader 430 acquires the information featuring the fingerprint of a person being present at the site as a series of numeric data and inputs the aforementioned information to the fingerprint identification equipment 440 through an identification controlling part 401.
A set of numeric data representing the feature of a fingerprint will be referred to as the “fingerprint data”.
In the fingerprint reader 430 shown in FIG. 16, a feature extracting part 431 receives the image data read by an image inputting part 432, and extracts the feature of the fingerprint appearing in that image.
The features, as extracted by the feature extracting part 431, are arrayed according to a predetermined format by a fingerprint data generating part 433, and the fingerprint data thus generated are transferred to the identification controlling part 401.
In the fingerprint identification equipment 440 shown in FIG. 16, a fingerprint database 441 is registered with the user's ID given to an individual having an admission and fingerprint data (hereunder referred to as “reference data”) obtained by measuring the related individuals. On the other hand, the user's ID inputted from a keyboard 402 is transferred to a fingerprint data retrieving part 442 by the identification controlling part 401, so that the related fingerprint data are retrieved from the aforementioned fingerprint database 411 by the fingerprint data retrieving part 442 based on that user's ID and subjected to the processing of a verifying part 444.
Here, the numeric data obtained by measuring the physical characteristic information including fingerprints generally fluctuate at each measurement by the condition for the measurement.
By the pressure to be applied to a finger when the finger is pushed to the image inputting part 432, the temperature of the finger or the ambient humidity, for example, the image data to be read change in a subtle way. Accordingly, the patterns of ridge flows in an image of the fingerprint and the distributions of the ridge points or the ridge bifurcations fluctuate.
According to the recognition rate required, therefore, the verifying part 444 decides whether or not the inputted fingerprint data belong to the eligible person[TI1], depending upon whether or not components in a predetermined area of the inputted fingerprint data are equivalent to the components in the corresponding area of the reference data.
FIG. 17 is a diagram for explaining a processing for comparing the physical characteristic information.
For an application to allow a misidentification of about one to one hundred, for example, the verifying part 444 may compare a limited portion of the inputted fingerprint data with the reference data, as illustrated as a observing area in FIG. 17A, and may inform the identification controlling part 401 whether or not the variance of all the components contained in the observing area is within a predetermined allowable range.
If the variance between the individual components of the reference data and the individual components of the inputted fingerprint data is within the allowable range in the hatched area of FIG. 17A, for example, the verifying part 444 informs the identification controlling part 401 of the fact that the inputted fingerprint data and the reference data are equivalent.
In response to this, the identification controlling part 401 may identify the person, have a displaying part 403 display that the person is admitted, and perform the necessary controls such as unlocking the door by utilizing the function of the admission controlling part 404.
If the variance of a portion of the component included in the aforementioned observing area exceeds the allowable range, as illustrated in FIG. 17B, the verifying part 444 may inform that the reference data and the inputted fingerprint data are not equivalent. In response to this, the identification controlling part 401 may perform the controls necessary for denying the admission of the person.
Here, if the fingerprint data are recognized by using the relatively narrow area as the observing area, as illustrated in FIG. 17A, a misidentification of about one to one hundred may occur, but the possibility of excluding the person can be lowered even if the condition for measuring the fingerprint data is poor.
For an application requiring a misidentification of about one to ten thousands, on the other hand, most of the fingerprint data has to be confined in the observing area, as illustrated in FIG. 17C.
In this case, the possibility of the misidentification can be lowered, but the possibility that even the person able to be admitted may be denied because of having slight dirtiness of the fingertip will rise. This is because the wider the observing area the larger the possibility that the variance between the individual components of the inputted fingerprint data and the individual components of the reference data may exceed the allowable range.
As the technique for transmitting the information safely through the network, there was already practiced the RSA algorithm for realizing the public key system or the DES (Data Encryption Standard) method applying the common key system.
The DES method is a cryptographic method for dividing the information to be encrypted into blocks of a unit of 64 bits and for converting the individual blocks by combining a substitution cipher and a transposition cipher complicatedly. The DES method is called the “block encryption” because the conversion unit is the block.
In the aforementioned remote identification system of the prior art, the password or the information for providing the identity is basically left to the management of an individual.
In order to block the plagiarism of the password, on the other hand, it is required that the password has a sufficient length, be a meaningless string of characters and be frequently changed. This makes it difficult for the individual to manage the password properly.
This is because a person finds it difficult to memorize the meaningless string of characters or symbols, and because the necessity of frequent change is too heavy a burden for the person.
As a matter of fact, most users register such passwords as can be easily analogized from the personal information being opened to the public or the kind of information to be preferably accessed to, record and carry the memorandum of the password or forget to change the password for a long time.
In the remote identification system using only the password as the information for identifying the person, therefore, it is difficult to ensure the safety necessary for the e-commerce or for sending and receiving the important information.
By introducing the remote identification system using the physical characteristic information in place of the password as the information for the identification, it is possible to block fraudulent access. So important information can be sent and received safely through the network.
FIG. 18 shows an example of the construction of the remote identification system utilizing the physical characteristic information.
In the client-side identification equipment 410 shown in FIG. 18, the fingerprint data obtained by the fingerprint reader 430 are encrypted by the encrypting part 414, and the obtained cryptogram is sent in place of the password to the network by the transmission controlling part 413.
This cryptogram is received by the transmission controlling part 422 provided in the server-side identification equipment 420 and is then transferred to the decrypting part 421 by the identification controlling part 401. In response to this, the decrypting part 421 decrypts the aforementioned cryptogram to restore the original fingerprint data, which are transferred together with the user's ID to the fingerprint identification equipment 440.
Premising that the physical characteristic information contains fluctuations and noises, when exactly the same physical characteristic information as the previously inputted one is inputted, that physical characteristic information is judged to have been plagiarized. Then, the attack using the plagiarized authenticating information can be blocked, making it possible to send and receive the information more safely.
The attack to break the protection of the remote identification system by using the plagiarized authenticating information will be referred to as “replay attack”.
Here will be described an example of the remote identification system considering that replay attack.
In the remote identification system shown in FIG. 18, the replay attack is partially blocked by storing the fingerprint database 441 with not only the reference data related to each user's ID but also the registered fingerprint data that is previously inputted, by comparing the inputted fingerprint data with the reference data and the registered fingerprint data by a comparing part 445 provided in a verifying part 444, and by subjecting the result of comparison to the [TI2] processings of a fraud detecting part 446 and of a recognizing deciding part 447.
Here, according to the comparison result received from the comparing part 445, the fraud detecting part 446 shown in FIG. 18 decides whether or not all the numeric data comprising the inputted fingerprint data and the corresponding numeric data of the reference data or the registered fingerprint data completely match, and informs, if they match, the recognizing deciding part 447 of the detection of the replay attack.
According to the comparison result received from the comparing part 445, on the other hand, the recognizing deciding part 447 decides whether or not the variance between the individual components of the inputted fingerprint data and the individual components of the reference data is within a predetermined allowable range, and further whether or not the inputted fingerprint data belong to the eligible person, according to the decision result and the detection result of the fraud detecting part 446, and informs this result of decision as the result of recognition to the identification controlling part 401.
In this case, it is conditions necessary for identifying a person that the inputted fingerprint data are equivalent to the reference data over the area covering the observing area, as illustrated in FIG. 17A, and that all the numeric data comprising the inputted fingerprint data are not completely equal to the corresponding numeric data contained in the reference data or the registered fingerprint data.
Here, the cryptographic technique of the prior art, as represented by the aforementioned DES method, regards the difficulty at the time of restoring the original information from the cryptogram as important, and converts the original information by a complicated cryptographic algorithm. This makes it seriously difficult to decrypt the encrypted physical characteristic information to obtain the original physical characteristic information.
Since the physical characteristic information itself is inherent to each person, on the other hand, the information is extremely difficult to plagiarize or forge so long as it is properly managed.
Since the process for the encrypted physical characteristic information to be transmitted through the network has almost no protection, however, it is relatively easy to acquire that information fraudulently.
When the encrypted physical characteristic information fraudulently acquired by the wiretapping method or the like is utilized as it is, it can naturally be excluded as the replay attack, as has been described above.
When the fraudulently acquired encrypted physical characteristic information is partially altered, however, the decrypted physical characteristic information may satisfy the conditions necessary for identification described above by the influence of the alteration upon the decrypted physical characteristic information.
Because the fingerprint data having been encrypted by the aforementioned encrypting part 414 using the block encrypting method such as the DES method are decrypted for each block as in the encryption by the decrypting part 421 so that the influence of the alteration of the encrypted physical characteristic information is exerted only locally on the portion which is obtained by decrypting the altered portion, but not on the other portion.
As illustrated in FIG. 19, therefore, pseudo fluctuations can be synthesized in the decrypted fingerprint data by fraudulently acquiring the encrypted fingerprint data in the network and by altering a portion (as hatched in FIG. 19) of the encrypted fingerprint data to input as new authenticating information.
When a portion of the encrypted fingerprint data derived from the portion other than the observing area is altered, as illustrated in FIG. 19, the fingerprint data obtained by the decrypting part 421 are different at the decryption result of the altered portion from the corresponding portion of the original fingerprint data but are completely equivalent in the observing area to the original fingerprint data.
In other words, the decryption result obtained from the altered encrypted fingerprint data is equivalent over the observing area to the reference data but does not completely match either the reference data or the registered fingerprint data.
In this case, the variance, caused in the decryption result by altering the encrypted fingerprint data, from the original fingerprint data is regarded as the fluctuations of the fingerprint data by the recognizing deciding part 447, and the fraudulent attack using the altered encrypted fingerprint data may be allowed.
Therefore, any simple application of the cryptographic technique of the prior art could not enable the system for the identifying by sending and receiving the physical characteristic information through the network, to improve the security, which is expected by utilizing the physical characteristic information.