An authentication system using biometric information acquires biometric information of an individual at a time of initial enrollment, extracts information referred to as a feature data from the biometric information, and enrolls the extracted feature data. The enrolled information is called a template. At a time of authentication, the authentication system acquires biometric information from the individual again, extracts a feature data from the biometric information, and verifies the newly-obtained feature data with the previously-enrolled template, to thereby determine whether or not the feature data and the template come from the same individual.
In an authentication system in which a client terminal and an authentication server are connected via a network, when an authentication server authenticates biometric information of a user transmitted from the client terminal, the authentication server typically holds a template therein. At the time of authentication, the client terminal acquires biometric information of the user, extracts a feature data from the biometric information, and transmits the feature data to the authentication server. The authentication server verifies the transmitted feature data with a template of the user, to thereby determine whether or not the feature data and the template are of the same user.
Such a template is, however, information by which an individual can be identified. This means that the template needs to be strictly controlled as personal information and thereby requires a high management cost. Even if the template is managed with strict security, not a few people are still psychologically reluctant to enroll their template due to concerns about leak of their personal information. Additionally, there is a limit to the number of variations of one kind of biometric information that one individual has (for example, fingerprints typically has only ten variations based on ten fingers. There is thus a problem that such a template cannot be easily replaced with another, unlike a password or an encryption key. There is another problem that, if a template is leaked and is put at risk of forgery, the biometric authentication based on the template cannot be used any longer. Further, if one same biometric information is enrolled at different systems and is leaked from one of those systems, the other systems are also exposed to threat.
In light of the above, a method is proposed in which: at a time of enrollment, a feature data of biometric information is transformed by a given function (a type of encryption) and a secret parameter held by a client terminal (a type of encryption key), and the transformed feature data is stored in an authentication server as a template of which original information is kept confidential; and, at a time of authentication, a feature data of the biometric information is newly extracted by the client terminal, the extracted feature data is transformed with the same function and parameter as those used at the time of enrollment, the transformed feature is transmitted to the authentication server, and the received feature data is verified with the template while both are kept in the transformed states (the method is called cancelable biometrics).
In the above-described method, the client terminal keeps a transformation parameter secret, which makes the original feature data unknown to the authentication server even at the time of authentication. This allows privacy of individuals to be protected. Or, even if the template is leaked, security of the private information can be protected by changing the transformation parameter and newly creating and enrolling another template. Further, even if one same biometric information is used at different systems, different templates can be created from the one same biometric information by transforming using different parameters and enrolling the different templates. This can prevent security of the other systems from being decreased, even if any one of the templates is leaked.
A specific method of realizing such cancelable biometrics depends on a type of biometric information or verification algorithm.
For example, Patent Document 1 shown below discloses a biometric authentication method and a system implementation method (to be hereinafter referred to as correlation invariant random filtering) which is applicable to a biometric authentication technique in which a degree of similarity is determined based on a correlation value of a feature data (an image) such as vein authentication.
In the technique described in Patent Document 1, at a time of enrollment, a client terminal makes a feature data image x extracted from biometric information of a user subjected to basis transformation (Fourier transform or number theoretic transform), to thereby calculate a basis-transformed image X, to which a randomly-generated transform filter K is subjected. The client terminal then calculates T[i]=X[i]/K[i] for each i-th pixel, to thereby create a transform image T and enroll the created transform image T in an authentication server. The user carries the transform filter K by storing in an IC (Integrated Circuit) card or the like.
At a time of authentication, the client terminal newly extracts a feature data image y from biometric information of the user, sorts the extracted pixels in reverse order with respect to a vertical direction and a horizontal direction, and performs basis transformation on the pixels, to thereby calculate a basis transformation image Y. The client terminal transforms the basis transformation image Y using the transform filter K read from the user's IC card, calculates V[i]=Y[i]×K[i] for each i-th pixel, thereby creates a transform image V, and transmits the transform image V to the authentication server. The authentication server calculates C[i]=T[i]×V[i] (=X[i]×Y[i]) for each of the pixels, performs inverse basis transformation (inverse Fourier transform or inverse number theoretic transform) on the image C, and thereby calculate a value of mutual correlation between x and y. The authentication server then calculates a degree of similarity between x and y based on the value of mutual correlation, to thereby determine a match/nonmatch.