There is a conventional biometric authentication system for performing authentication by registering data on biometric features that are unique to individuals, such as data on fingerprints or veins, in a database in a server as registration data; obtaining, as checking data, biometric feature data obtained by a terminal; and checking the checking data against the registration data.
A technology for realizing such a biometric authentication system includes a method for encrypting and managing biometric feature data. A common encryption method guarantees security because an inverse operation is difficult due to enormous amount of calculations. However, when encryption data is stolen by an attacker, the encryption data can be decrypted in many cases if enormous amount of calculation resources and time are used. In such a case, because biometric feature data is usually unique to each individual and thus unchangeable, there is a problem in that an individual whose data is leaked may not use a system that uses biometric features in order to prevent unauthorized use of the system. To address this problem, a cancellable checking method is proposed as an example of the method for encrypting and managing the biometric feature data. The cancellable checking method is performed by transforming, at the time of encryption, biometric feature data using a certain type of parameter (transformation parameter), checking the transformed data without restoration, and changing an encryption method (transformation parameter) when the registration data is stolen. As a result, a person who becomes a target of impersonation due to the leakage of data can continue to use the system.
The cancellable checking method requires that registration data and checking data have the same transformation state. To address this problem, a technology that employs the same transformation parameter to make the transformation state the same is proposed as the easiest and simplest method.
Specifically, a server transforms biometric feature data to data that is hard to be decrypted by using a transformation parameter and registers the transformed data in a database as registration data. Then, at the time of checking, a client device together reads, into a memory, the registration data and the transformation parameter that is used for transforming the registration data. Then, the client device transforms checking data by using the read transformation parameter, checks the transformed checking data against the registration data, and performs the authentication.
Furthermore, the cancellable checking method includes a technology for using different transformation parameters for registration data and checking data and transforming the registration data and checking data by using different inverse transformation parameters to perform checking (see Patent Literature 1).
Specifically, a server transforms biometric feature data by using a first transformation parameter and registers it in a database as registration data. Then, a client device transforms checking data by using a second transformation parameter that is different from the first transformation parameter and reads, into a memory, a transformation parameter that is the inverse of the first transformation parameter and a transformation parameter that is the inverse of the second transformation parameter. Then, the client device transforms the registration data and the transformed checking data by using the respective inverse transformation parameters, checks the checking data against the registration data in the same transformation state, and performs the authentication.
Patent Literature 1: Japanese Laid-open Patent Publication No. 2008-097438
However, in the technology, used in the cancellable checking method described above, for using the same transformation parameter for both the registration data and the checking data, a device, such as a client device, that performs a transformation process reads the transformation parameter into its memory and refers to the read parameter every time biometric feature data is transformed at the checking, which is performed in an environment in which monitoring is difficult; therefore, there is a high risk of the transformation parameter being stolen. Accordingly, when the transformation parameter is stolen, the biometric feature data may possibly be restored by using the stolen transformation parameter, and thus there is a problem in that the security of registered biometric data is questionable.
Furthermore, in the technology, used in the cancellable checking method described above, for using different transformation parameters for registration data and checking data, because a device, such as a server, that performs checking reads an inverse transformation parameter of registration data into a memory near the device and refers to the read data, the transformation parameter of the registration data may possibly be stolen. Accordingly, if an inverse transformation parameter is leaked due to, for example, theft, the biometric feature data may possibly be restored by using the stolen inverse transformation parameter, and thus there is a problem in that the security of the registered biometric data may not be ensured.
Furthermore, in the technology, used in the cancellable checking method described above, for using different transformation parameters for registration data and checking data, because the device transforms registration data by using a transformation parameter every time the checking is performed, the device transforms N pieces of registration data and performs the checking by using the transformed N pieces of registration data when performing one-to-N checking, for example. Accordingly, there is a problem in that the load of the checking process increases, a high-speed checking process may not be performed, and furthermore the server cost, such as the cost of calculation resources, becomes extremely high.