1. Field of the Invention
This invention relates to a biometrics authentication method and biometrics authentication device to authenticate individuals using features of a portion of the human body, and in particular relates to a biometrics authentication method and biometrics authentication device suitable for verifying registered blood vessel image information for a body part against blood vessel information detected for a body part, in a contactless manner.
2. Description of the Related Art
In the human body there are numerous parts which can be used to differentiate individuals, such as fingerprints of hand and toe, the retinas of the eyes, facial features, and blood vessel patterns. Advances in biometrics technology in recent years have been accompanied by proposals of various devices which identify biometrics characteristics which are such regions of the human body to authenticate individuals.
Of these, because blood vessels and pin the palms and fingers and palm prints provide a comparatively large quantity of individual characteristic data, they are suited to individual authentication where high reliability is required. In particular, the patterns of blood vessels (veins) remain unchanged from the fetus throughout life, and are thought to be completely unique, and so are suited to individual authentication. FIG. 19 through FIG. 22 explain conventional technology for authentication using the palm. As shown in FIG. 19, at the time of registration or authentication, the user brings the palm of a hand 110 close to an image capture device 100. The image capture device 100 emits near-infrared rays, which are incident on the palm of the hand 110. The image capture device 100 receives the near-infrared rays reflected from the palm of the hand 110 using a sensor.
As shown in FIG. 20, hemoglobin within the red corpuscles flowing in the veins 112 has lost oxygen. This hemoglobin (reduced hemoglobin) absorbs near-infrared rays at wavelengths near 760 nanometers. Consequently when near-infrared rays are made incident on the palm of a hand, reflection is reduced only in the areas in which there are veins, and the intensity of the reflected near-infrared rays can be used to identify the positions of veins.
As shown in FIG. 19, a user first registers in a server and card the vein image data for the palm of his own hand, using the image capture device 100 of FIG. 19. Next, in order to perform individual authentication, the user uses the image capture device 100 of FIG. 19 to cause the vein image data of his own palm to be read.
The individual is authenticated by comparing the patterns of veins in the registered vein image retrieved using the user's ID and in the vein verification image read by the image capture device 100. For example, on comparing the vein patterns in the registered image and a verification image as in FIG. 21, the individual is authenticated as the individual in question. On the other hand, upon comparison of the vein patterns in a registered image and in a verification image as in FIG. 22, the individual is not authenticated (see for example Japanese Patent Laid-open No. 2004-062826).
In a biometrics authentication system, measures must be taken to ensure that biometrics characteristic data is not leaked to outside parties. Hence in the field of fingerprint authentication, a method of individual authentication has been proposed in which fingerprint characteristic data for an individual is registered in an IC card, and fingerprint characteristic data read from a fingerprint sensor is verified against the data within the IC card (Japanese Patent Laid-open No. 2000-293643).
Further, in the above proposal, the IC card stores comparatively low-level characteristic data A (which may be leaked to outside parties), and comparatively high-level characteristic data B which should be kept confidential, taking into consideration the processing capacity of the IC cards. Characteristic data A is transmitted from the IC card to an external device including a fingerprint sensor, and in the external device verification with the characteristic data A (called “primary verification”) is performed. The verification result and characteristic data B′ extracted from an image from the fingerprint sensor are transmitted to the IC card, and within the IC card verification with the characteristic data B (called “secondary verification”) is performed.
In this method, two stage verification operations are performed, externally and in the IC card, so that high-speed authentication can be achieved while maintaining security of biometrics characteristic data.
However, in order to further prevent leakage of characteristic data, security measures should also be applied to communication between the sensor, external device, and the IC card. In the above-described technology of the prior art, at the time of registration of characteristic data A, B in the IC card from the external device, data is encrypted and transmitted, and is decrypted and stored in the IC card (Japanese Patent Laid-open No. 2000-293643, paragraph 0055). And to perform secondary verification, characteristic data B′ is encrypted and transmitted from the external device to the IC card, and is decrypted and used in secondary verification in the IC card (Japanese Patent Laid-open No. 2000-293643, paragraphs 0061, 0062).
However, in the technology of the prior art, no security measures are taken with respect to biometrics information sent from the sensor to the external device at the times of registration and verification. Consequently there are respects in which protection of biometrics information detected by the sensor is lacking. And because characteristic data A which may be released externally is also encrypted, the IC card has had to bear the substantial processing burden of decrypting the characteristic data A and B.