1. Field of the Invention
This invention relates to an authentication method based on biological characteristic information (biometrics).
2. Description of the Related Art
In the prior art, authentication has been performed by confirming the conformity between a seal and a seal imprint, the conformity of personal identification numbers, the conformity of a username and password, or similar. However, there is the problem that as a consequence of theft, a seal imprint, personal identification number, password or similar can easily be used to impersonate the individual concerned. In recent years, authentication methods which utilize biological characteristics specific to individuals have been introduced as authentication methods affording higher reliability.
Authentication equipment which performs authentication using such biological characteristics as fingerprints, irises, voiceprints, or vein patterns has sensors to extract biological characteristics. During registration or verification, a user places a finger in a prescribed area, exposes the eyes to a light, brings an arm or hand into contact with the equipment or similar, to cause the sensor or similar to read a biological characteristic unique to a region of the human body.
Data which directly represents a biological characteristic of the user (hereafter called primitive-format information) is generated from the biological characteristics read by a sensor or similar. For example, when fingerprints are used as biological characteristics, this information is the entire image information of fingerprints read by a fingerprint sensor; when a vein pattern is used as a biological characteristic, the overall image information of a vein pattern read by an infrared camera is used.
Then, primary information used for authentication is extracted from the primitive-format information. Even if divulged, this primary information often cannot be readily used to reproduce the actual primitive-format information, that is, the primary information is often irreversible. Ordinarily, then, primary information with this property of irreversibility is extracted from primitive-format information, and based on this primary information, authentication of the user is performed.
As the extraction method for extracting primary information from biological characteristics read by a sensor, for example, in the case of fingerprints, minutiae extraction methods and frequency analysis methods are used. Of these, in minutiae extraction methods the positions, types, directions, and similar of minutiae (branch points, end points, and similar seen in the ridges of fingerprints) which characterize a fingerprint pattern are extracted from the subject and registered in advance as minutiae information, and at the time of authentication the individual is authenticated on the basis of whether the number of minutiae extracted from a fingerprint input to authentication equipment matching the minutiae information previously registered exceeds a prescribed threshold value. Even if this minutiae information were divulged to a third party, this alone could not easily be used to reproduce the actual fingerprint, so that the minutiae information has the property of irreversibility. In conformity judgment, when for example the number of minutiae with matching positions, types, and directions equals or exceeds a prescribed number, the data is judged to match.
Problems when using a minutiae extraction method to perform authentication are the occurrence of erroneous authentication, and the inability to register biological characteristics. For example, changes occurring in the surface of the skin (wrinkles due to dryness and dampness, scars due to an injury, and similar) between the time of registration and the time of verification may result in authentication failure, even for a normally registered user; conversely, authentication may succeed for an illicit user. Or, although occurring with low probability, registration may be rejected due to the inability to extract valid biological characteristics.
As a method of extracting primary information which is tolerant of changes occurring in the surface of skin between the time of registration and the time of verification, in the case of fingerprints, there are pattern matching methods. In pattern matching methods, image information (primitive-format information) of the entire fingerprint of the subject, read by a fingerprint sensor, is registered as primary information, and at the time of authentication, authentication of the individual is performed based on whether the image information of an entire fingerprint input to the authentication equipment conforms to the registered image information. In matching judgment, if the print patterns match when the two images are superposed one on another, then the fingerprints are judged to match.
However, although pattern matching methods are tolerant of changes occurring in the surface of skin between the time of registration and the time of verification, because an image of the entire fingerprint is stored, the amount of data handled is large compared with minutiae extraction methods, and the burden incurred in authentication processing is increased. Moreover, because image information of entire fingerprints (primitive-format information) is used, if the information is divulged to a third party, the biological characteristics (fingerprints) of the user can be directly reproduced, so that the information has the property of reversibility. Consequently such methods are not desirable from the standpoint of security.
Consequently as technology of the prior art to prevent erroneous authentication, authentication equipment has been proposed in which, in addition to primary information, data for secondary verification and registration (secondary information), differing from the primary information, is registered in advance, so that when primary verification based on primary information fails, the secondary information is used (Japanese Patent Laid-open No. 2001-307102). Further, user authentication equipment has been proposed in which authentication is performed based on biological characteristic information and on the trace (sweep pattern) when a finger is moved over a sensor, in order to improve authentication accuracy (Japanese Patent Laid-open No. 2003-51012).