JP5343761B2 - Optical information reader and authentication system using optical information reader - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To make a specified permitted person easily utilize secret data within a two-dimensional code, and to prevent a third party from illegally utilizing the secret data within the two-dimensional code. <P>SOLUTION: A reader 40 sets a partially non-disclosure codes, where an encryption key of encryption data recorded in a non-disclosure area corresponds to the biological information of a physical feature section of a registrant to be an object to be read. First, the reader 40 captures an image of the physical feature section of a person to be authenticated to extract the biological information on the person to be authenticated from the image of the physical feature section when reading such a partially non-disclosure code. Then, an authentication key used for the authentication of the partially non-disclosure code is generated based on the extracted biological information of the person to be authenticated, and the encryption data recorded in the non-disclosure area are decrypted based on the authentication key and prescribed decryption algorithm when the generated authentication key corresponds to an encryption key. <P>COPYRIGHT: (C)2011,JPO&amp;INPIT

Description

The present invention relates to an optical information reader, in which relates to an authentication system using an optical information reading apparatus.

  Currently, two-dimensional codes (information codes) such as QR codes (registered trademark) are used for various purposes. For example, they are also used as information transmission means when using a card medium such as a prepaid card or a credit card. Has been. However, in general, since the two-dimensional code can be copied or captured and redisplayed, there is a concern that it is illegally used by a third party.

JP 2001-256501 A Japanese Patent Laid-Open No. 11-272816

  As measures against the above problems, for example, a method of using an encrypted two-dimensional code and changing an encryption key used for encryption each time it is used can be considered. In this case, it is possible to prevent repeated unauthorized use of the two-dimensional code by preventing the code once used on the reading device side from being received from the next time. However, when such a method is used, there is a problem in that unauthorized use by others cannot be prevented if a medium itself (for example, a card or a mobile phone) with a two-dimensional code is lost. .

  On the other hand, as a technique for preventing unauthorized use by a third party other than a legitimate person, for example, an authentication technique such as Patent Document 1 is provided. In this technique, personal identification information (fingerprint feature point data, etc.) of a registrant is recorded in advance in a two-dimensional code. At the time of authentication, the two-dimensional code and the physical feature (fingerprint etc.) of the person to be authenticated are imaged, and the data recorded in the two-dimensional code and the data obtained by imaging the physical feature are used. Based on the collation result, it is determined whether or not the person to be authenticated is an authorized person. However, in Patent Document 1, the two-dimensional code is simply used as an authentication means, and information such as personal information is not transmitted using the two-dimensional code. The issue of “preventing unauthorized use” could not be resolved.

  On the other hand, in the technique of Patent Document 2, personal information of a legitimate person and a fingerprint image are recorded in a two-dimensional code attached to the card, and when the card is used, the user's fingerprint image is captured and two-dimensional. The code is collated with the fingerprint image. In this way, whether or not the user who uses the card is a legitimate user (that is, whether or not the user has a fingerprint corresponding to the fingerprint image in the two-dimensional code) is determined when the card is used. And unauthorized use by a third party other than a legitimate user can be effectively suppressed. However, in the method of Patent Document 2, when a medium (such as a card or a mobile phone) on which a two-dimensional code is displayed is lost, personal information recorded in the two-dimensional code is known to others. However, the risk of unauthorized use of information could not be completely eliminated.

The present invention has been made to solve the above-described problem, and a specific person can easily use the confidential data in the two-dimensional code, and a third party cannot illegally use the confidential data. An object is to provide an optical information reading apparatus and an authentication system.

The invention of claim 1 is an imaging means capable of imaging an information code and a human physical feature;
When the information code is imaged by the imaging means, a decoding means for decoding the imaged information code;
An optical information reader comprising:
The decryption means includes a partly private area in which the information code picked up by the image pickup means has a public area and a private area in which encrypted data encrypted based on a predetermined encryption key is recorded. When it is a code, it is configured to decrypt the data in the public area and decrypt the data in the private area on the condition that the encryption key is acquired,
The partially private code is formed by associating the encryption key of the encrypted data with the biometric information of the physical feature of the registrant,
An extraction unit that extracts the biometric information of the authentication target person from the captured image of the physical feature part when the physical feature part of the authentication target person is imaged by the imaging unit;
Key generation means for generating an authentication key used for authentication of the partially private code based on the biometric information of the person to be authenticated extracted by the extraction means;
With
The decryption means, when the authentication key generated by the key generation means matches the encryption key, the encrypted data recorded in the private area based on the authentication key and a predetermined decryption algorithm Is a structure to decrypt
A plurality of the encrypted data is recorded in the private area of the partially private code,
Each of the encryption keys of the plurality of encrypted data is associated with a plurality of the physical features,
The decryption means, when the authentication key generated by the key generation means corresponds to an encryption key of any of the plurality of encryption data recorded in the private area, the corresponding encryption key The cipher data corresponding to is decrypted according to the decryption algorithm.

  The invention of claim 5 includes an optical information reader,
  A portable terminal having display means capable of displaying the information code;
  An authentication system comprising:
  The optical information reader is
  An imaging means capable of imaging an information code and a human physical feature;
  When the information code is imaged by the imaging means, a decoding means for decoding the imaged information code;
  With
  The decryption means includes a partly private area in which the information code picked up by the image pickup means has a public area and a private area in which encrypted data encrypted based on a predetermined encryption key is recorded. When it is a code, it is configured to decrypt the data in the public area and decrypt the data in the private area on the condition that the encryption key is acquired,
  The partially private code is formed by associating the encryption key of the encrypted data with the biometric information of the physical feature of the registrant,
  An extraction unit that extracts the biometric information of the authentication target person from the captured image of the physical feature part when the physical feature part of the authentication target person is imaged by the imaging unit;
  Key generation means for generating an authentication key used for authentication of the partially private code based on the biometric information of the person to be authenticated extracted by the extraction means;
  With
  The decryption means, when the authentication key generated by the key generation means matches the encryption key, the encrypted data recorded in the private area based on the authentication key and a predetermined decryption algorithm Is a structure to decrypt
  The portable terminal is
  Storage means for storing image data of the partially private code generated by the portable terminal or an external device;
  Display control means for reading out the image data stored in the storage means and displaying the partially private code on the display means;
  With
  The display control means sequentially displays each partial private code on the display means when a plurality of the image data of the partial private code is stored in the storage means,
  The image pickup means of the optical information reader picks up each partially-disclosed code sequentially displayed on the display means,
  The decrypting means of the optical information reading device is configured to perform the processing when the authentication key generated by the key generating means matches the encryption key of any one of the partially private codes that are sequentially displayed. The encrypted data recorded in the private area of the private code is decrypted.

  The invention of claim 6 is an optical information reader;
  A portable terminal having display means capable of displaying the information code;
  An authentication system comprising:
  The optical information reader is
  An imaging means capable of imaging an information code and a human physical feature;
  When the information code is imaged by the imaging means, a decoding means for decoding the imaged information code;
  With
  The decryption means includes a partly private area in which the information code picked up by the image pickup means has a public area and a private area in which encrypted data encrypted based on a predetermined encryption key is recorded. When it is a code, it is configured to decrypt the data in the public area and decrypt the data in the private area on the condition that the encryption key is acquired,
  The partially private code is formed by associating the encryption key of the encrypted data with the biometric information of the physical feature of the registrant,
  An extraction unit that extracts the biometric information of the authentication target person from the captured image of the physical feature part when the physical feature part of the authentication target person is imaged by the imaging unit;
  Key generation means for generating an authentication key used for authentication of the partially private code based on the biometric information of the person to be authenticated extracted by the extraction means;
  With
  The decryption means, when the authentication key generated by the key generation means matches the encryption key, the encrypted data recorded in the private area based on the authentication key and a predetermined decryption algorithm Is a structure to decrypt
  The portable terminal is
  Storage means for storing image data of the partially private code generated by the portable terminal or an external device;
  Display control means for reading out the image data stored in the storage means and displaying the partially private code on the display means;
  With
  The display control means, when a plurality of the image data of the partially private code is stored in the storage means, to display a plurality of the partially private code on the display means at the same time,
  The imaging means of the optical information reading device images the plurality of the partially secret codes displayed on the display means,
  The decrypting means of the optical information reading device is configured to perform the processing when the authentication key generated by the key generating means matches the encryption key of any one of the partially displayed secret codes. The encrypted data recorded in the private area of the private code is decrypted.

The invention of claim 1 has a partially private code (a public area having a predetermined configuration and a private area in which encrypted data encrypted based on a predetermined encryption key is recorded). The decryption means includes a decryption means for decrypting the code (corresponding to the biometric information of the physical feature of the registrant). Furthermore, the biometric information of the person to be authenticated is extracted from the image of the physical feature imaged by the imaging means, and an authentication key used for the authentication of the partially private code is generated based on the extracted biometric information. When a part of the private code is decrypted, the generated authentication key is used, and when this authentication key matches the encryption key, the private key is decrypted based on the authentication key and a predetermined decryption algorithm. Decrypts the encrypted data recorded in the public area.
In this way, only the person to be authenticated who has the biometric information that can generate the authentication key corresponding to the encryption key can easily use the data in the non-public area. It is extremely difficult for the three parties to illegally use the data in the private area. In addition, since the private area is encrypted using biometric information as an encryption key, even if a medium that displays part of the private code is lost, a third party can illegally delete data in the private area. It is extremely difficult to obtain.
Also, a plurality of encrypted data is recorded in a secret area, and a part of the secret code corresponding to each of the plurality of physical features is set as a decryption target. When the authentication key generated by the key generation unit corresponds to any one of a plurality of encryption data recorded in the private area, the encryption data corresponding to the corresponding encryption key is Decrypting according to the decryption algorithm. If it does in this way, a plurality of kinds of encryption data can be managed for every physical feature part, and the freedom degree of use of encryption data and the convenience can be raised.

  The invention of claim 2 is intended for decoding a partially private code in which index data (data serving as an index for requesting authentication of a physical feature) is recorded in an area other than the private area. Further, data detecting means for detecting the index data is provided, and when the index data is detected by the data detecting means, it is configured to request imaging of the physical feature. In this way, it is possible to easily and appropriately determine whether or not the information code imaged by the imaging means is a partially private code that should require authentication of the physical feature. Therefore, if there is no need to take a response such as “requesting uniform imaging of physical features” and there is no need to request imaging of physical features, it is possible to avoid unnecessary processing. When it is necessary to request the imaging of the target feature portion, it can be judged appropriately and the process can be quickly shifted to the imaging process.

The invention of claim 3 is intended for decryption of a partially private code in which the encryption key of the encryption data is constituted by the registrant's fingerprint data. The feature of the fingerprint of the person to be authenticated is extracted from the fingerprint image of the person to be authenticated picked up by the imaging means, and an authentication key (the fingerprint data of the person to be authenticated) is generated based on the extracted feature of the fingerprint When the fingerprint data of the person to be authenticated matches the fingerprint data of the registrant, the encrypted data recorded in the private area is decrypted according to the decryption algorithm. In this way, only the authentication target who has a fingerprint capable of generating an authentication key that matches the encryption key (registrant's fingerprint data) can use the data in the non-public area and has such a fingerprint. It is extremely difficult for a third party who does not illegally use data in a private area. In addition, since the private area is encrypted using fingerprint data as an encryption key, even if a medium displaying some private code is lost, a third party can illegally delete the data in the private area. It is extremely difficult to obtain.

Note that a partially private code in which a fingerprint image of a registrant is recorded may be a decryption target . If the fingerprint of the person to be authenticated is picked up by the image pickup means, whether or not the fingerprint image of the person to be authenticated that has been picked up matches the fingerprint image of the registrant recorded in part of the private code If it is determined that they match, the decryption result of the private area may be output . In this way, unless the fingerprint image recorded in advance matches the fingerprint image of the person to be authenticated, the decryption result is not output and the security can be further improved.

In the invention of claim 4 , each encryption key of the plurality of encrypted data recorded in the non-public area is associated with each physical feature of each of the plurality of registrants. If the authentication key generated by the key generation means corresponds to an encryption key associated with any registrant's physical feature, the encrypted data corresponding to the corresponding encryption key is encrypted. Decoding according to the decoding algorithm. In this way, a plurality of registrants can share a part of the private code, and the convenience is further enhanced. In addition, each registrant can use the encrypted data corresponding to his / her physical features, but cannot use the encrypted data of other registrants. It will not be used illegally and security will be perfect.

In the fifth and sixth aspects of the invention , a portable terminal is used as a medium for displaying an information code, and the portable terminal stores image data of a partially private code generated by the portable terminal or an external device. And display control means for reading out image data stored in the storage means and displaying a part of the private code on the display means. Therefore, it is possible to manage some private codes on a mobile terminal without preparing a special medium and display them as necessary. Since the unauthorized use is eliminated, the convenience of the user is further enhanced and the function of preventing the unauthorized use can be secured.

In the invention of claim 5 , when a plurality of pieces of partially private code image data are stored in the storage means, each partially private code is sequentially displayed on the display means, and the imaging means of the optical information reading device comprises: These partially displayed private codes are sequentially imaged. In this way, a plurality of partially private codes can be managed in the mobile terminal, and the plurality of partially private codes can be easily registered as reading targets of the optical information reader. The authentication key generated by the key generation means of the optical information reading device is an encryption key of any partially private code (that is, any of the partially private code that has been imaged) that is sequentially displayed. If it matches, the encrypted data recorded in the private area of the partial private code is decrypted. Therefore, among the plurality of partial private codes displayed in sequence, the user's What can be deciphered by the physical features can be selectively used.

According to the sixth aspect of the present invention, when a plurality of pieces of partially private code image data are stored in the storage means, a plurality of partially private codes are displayed on the display means at the same time, and imaging of the optical information reader is performed. The means is configured to image the plurality of these partially private codes to be displayed. In this way, a plurality of partially private codes can be managed in the portable terminal, and the plurality of partially private codes can be easily and more quickly registered as reading targets of the optical information reader. become able to. Then, an encryption key of any one of the partial private codes (that is, any one of the partial private codes that have been imaged) displayed as a plurality of authentication keys generated by the key generation means of the optical information reader. If it matches, the encrypted data recorded in the private area of the partially private code is decrypted. Therefore, among the plurality of partially private codes displayed, the user's What can be deciphered by the physical features can be selectively used.

FIG. 1 is a block diagram schematically illustrating an authentication system according to the first embodiment. 2A is a block diagram illustrating the configuration of the server in the authentication system of FIG. 1, FIG. 2B is a block diagram illustrating the configuration of the registration device, and FIG. It is a block diagram which illustrates the composition of an external server. FIG. 3 is a flowchart illustrating the flow of registration processing performed in the authentication system of FIG. FIG. 4 is an explanatory diagram for conceptually explaining extraction of feature points from a fingerprint image. FIG. 5A is an explanatory diagram conceptually illustrating the data structure of registered fingerprint data, and FIG. 5B is a method for generating an encryption key based on the registered fingerprint data of FIG. FIG. 5C is an explanatory diagram illustrating another example of generating an encryption key based on the registered fingerprint data of FIG. 5A. FIG. 6A is an explanatory diagram for explaining values set for each type of feature point, and FIG. 6B is an explanatory diagram for explaining values set for each coordinate group. FIG. 6C is an explanatory diagram for explaining a specific example of the type and coordinate value of each feature point, and FIG. 6D is a method for generating an encryption key in the specific example of FIG. FIG. 6E is an explanatory diagram for explaining another example of the encryption key generation method in the specific example of FIG. 6C. FIG. 7 is an explanatory diagram conceptually illustrating the configuration of a partially private code used in the authentication system of FIG. 8A is an explanatory diagram illustrating the data configuration of the partially private code of FIG. 7, and FIG. 8B is an explanatory diagram illustrating the disclosed data recorded in the public area. (C) is explanatory drawing which illustrates the encryption data recorded on a non-public area | region. FIG. 9 is a flowchart illustrating a reading process performed by the reading device of the authentication system of FIG. FIG. 10A is an explanatory diagram for conceptually explaining a partially private code used in the authentication system according to the second embodiment, and FIG. 10B is a partially unlisted view of FIG. It is explanatory drawing which illustrates notionally the data structure of the non-public area | region of an open code | cord | chord. FIG. 11 is a flowchart illustrating the flow of registration processing performed in the authentication system according to the second embodiment. FIG. 12 is an explanatory diagram conceptually illustrating a mobile terminal used in the authentication system according to the third embodiment, conceptually showing the appearance of the mobile terminal on the left side, and a part stored in the storage unit on the right side. The contents of the private code are conceptually shown. FIG. 13 is an explanatory diagram illustrating a display state on the mobile terminal in the authentication system according to the fourth embodiment.

[First embodiment]
Hereinafter, an optical information reading device, an authentication system, and an information transmission method according to a first embodiment of the present invention will be described with reference to the drawings.

(overall structure)
First, the overall configuration of the authentication system 1 will be described with reference to FIG. FIG. 1 is a block diagram schematically illustrating the authentication system 1 according to the first embodiment. The authentication system 1 shown in FIG. 1 is a system that authenticates a user by a predetermined method, and is a two-dimensional code that is held by the user (stored in the portable terminal 30 in the example of FIG. 1) on the condition that authentication is successful. It functions as a data transmission system that transmits the data (for example, personal information) to the reading device 40 side. The authentication system 1 can be used for various purposes. For example, the display unit 32 of the mobile terminal 30 owned by the payer when paying according to the purchase amount at a retail store such as a convenience store. Display a two-dimensional code (partially non-public code) including personal information, and cause the reading device 40 installed in the retail store to read the partial non-public code and execute a settlement process. Conceivable.

  The authentication system 1 includes a server 10, a registration device 20, a mobile terminal 30, and a reading device 40.

  The server 10 is configured to be communicable with a portable terminal 30 to be described later via a communication network such as the Internet, and has a configuration as shown in FIG. The server 10 is configured as a personal computer, for example, and is configured as a control unit 11 including a CPU, a display unit 12 including a liquid crystal monitor, a storage unit 13 including a ROM, RAM, HDD, a mouse, a keyboard, and the like. And the communication unit 15 configured as a communication interface.

  The registration device 20 is configured as an information processing device having an imaging function, and has a configuration as shown in FIG. The registration device 20 includes a control unit 21 including a CPU, a display unit 22 configured as a liquid crystal monitor, a storage unit 23 including a ROM, a RAM, an HDD, an operation unit 24 configured as various keys and a touch panel, A communication unit 25 configured as a communication interface is provided. In addition, the registration device 20 is provided with an imaging unit 26 configured as a camera provided with a light receiving sensor (for example, a C-MOS area sensor, a CCD area sensor, or the like).

  The portable terminal 30 is configured as a portable communication device (for example, a mobile phone) having an information processing function. As shown in FIG. 1, a control unit 31 including a CPU and a light receiving sensor (for example, C- An imaging unit 32 configured as a camera having a MOS area sensor, a CCD area sensor, etc., a display unit 33 including a liquid crystal display, and a communication interface that performs communication via a communication network such as the Internet And a communication unit 34. In addition, a storage unit 35 including a ROM, a RAM, a nonvolatile memory, and the like, an operation unit 36 including various operation keys, and the like are also provided. The display unit 33 corresponds to an example of “display unit”. The storage unit 35 corresponds to an example of a “storage unit” and has a function of storing image data of a partially private code (described later) generated by a mobile terminal or an external device. The control unit 31 corresponds to an example of a “display control unit”, reads image data stored in the storage unit 35 (storage unit), and causes the display unit 33 (display unit) to display a part of the secret code. It has a function.

  The reading device 40 corresponds to an example of an “optical information reading device”, and images and reads an information code such as a QR code (registered trademark) (for example, a two-dimensional code displayed on the mobile terminal 30). It has a function. The reading device 40 includes a control unit 41 including a CPU and the like, an imaging unit 42 configured as a camera including a light receiving sensor (for example, a C-MOS area sensor, a CCD area sensor, etc.), a ROM, a RAM, a nonvolatile memory, and the like. And a communication unit 44 configured as a communication interface (for example, a communication interface capable of LAN communication and Internet communication). Note that the reading device 40 is also provided with a light projecting unit 45 that irradiates illumination light to a reading target, a display unit 46 that includes a liquid crystal display, an operation unit 47 that includes various operation keys, and the like. The imaging unit 42 corresponds to an example of “imaging unit”. The control unit 41 corresponds to an example of “decoding means”.

  The reading device 40 is configured to be able to communicate with an external information processing device (external server 50) directly or via a computer (not shown) or the like, and can transmit and receive data to and from the external server 50. I am doing. The external server 50 may be any server that can use the information acquired by the reading device 40. In the present embodiment, the external server 50 is configured as a server such as a credit card company that manages card payment, for example. Specifically, it is configured as a personal computer, for example, as shown in FIG. 2C, from a control unit 51 composed of a CPU or the like, a display unit 52 composed as a liquid crystal monitor, etc., ROM, RAM, HDD, etc. A storage unit 53, an operation unit 54 configured as a mouse or a keyboard, a communication unit 55 configured as a communication interface, and the like. In FIG. 1, the server 10 and the external server 50 are illustrated as separate ones, but they may be the same.

(registration process)
Next, each process performed in the authentication system 1 will be described. First, the registration process will be described with reference to FIG. FIG. 3 is a flowchart illustrating the registration process performed in the authentication system 1.
The registration process of FIG. 3 is performed using, for example, the registration device 20 shown in FIGS. 1 and 2B in a store (various stores such as a convenience store). This registration process is started, for example, when the user performs a predetermined operation on the operation unit 24 of the registration device 20, and first, a process of imaging the fingerprint of the person to be registered is performed by the imaging unit 26 (S1). In the fingerprint imaging process of S1, the fingerprint of the registration target person is captured by the imaging unit 26 of the registration device 20 (the imaging unit 26 corresponds to an example of an “imaging device”), and fingerprint image data of the registration target person is generated. The fingerprint image data obtained in S1 is temporarily stored in the storage unit 23, for example.

  After the fingerprint imaging process of S1, as shown in FIG. 3, a process of generating registration fingerprint data of the person to be registered is performed based on the fingerprint image data obtained in S1 (S2). In the present embodiment, the fingerprint matching is performed by a known fingerprint matching method (for example, a feature point extraction method (maneuver method), a pattern matching method, a frequency analysis method, etc.) during a reading process (FIG. 9) described later. In S2, registered fingerprint data used for this fingerprint collation is generated. In the following, a case where the feature point extraction method is used as the fingerprint matching method will be described as a representative example.

  When the feature point extraction method (maneuver method) is used, the shape of the feature point is defined in advance. In the process of S2, the specified feature point is extracted from the fingerprint image obtained in S1. In this embodiment, “branch points” and “end points” are defined as the shape of feature points, and FIG. 4 conceptually illustrates the branch points and end points scattered in the fingerprint image captured in S1. . In FIG. 4, the fingerprint region is indicated by a one-dot chain line Af, the position of the branch point is indicated by a point, and the position of the end point is indicated by +.

  In S2, first, feature points (branch points and end points) scattered as shown in FIG. 4 are detected, and an X coordinate value and a Y coordinate value are calculated for each feature point. The coordinate value calculation method may be any method that can grasp the relative positional relationship between the feature points. For example, as shown in FIG. 4, the position of the feature point P0 closest to the center position of the fingerprint region Af is used as a reference. The X coordinate value and Y coordinate value of each feature point are calculated with the position (origin) as the horizontal direction and vertical direction of the pixel as the X direction and Y direction, respectively.

  Then, registered fingerprint data is generated based on the type, X coordinate value, and Y coordinate value of each feature point detected or calculated as described above. Specifically, based on the type, X coordinate value, and Y coordinate value of each feature point, as shown in FIG. 5A, for each feature point, a value indicating the type, a value corresponding to the X direction position, and the Y direction Values corresponding to the positions are generated in association with each other, and these are stored in the storage unit 23 as registered fingerprint data. In the example of FIG. 5A, a predetermined number of feature point data (for example, 15) close to the reference position (origin) (for example, a value indicating the type, a value corresponding to the X direction position, and a Y direction position). Corresponding values) are generated and stored as registered fingerprint data.

  After the registration fingerprint data is generated in S2, as shown in FIG. 3, processing for generating an encryption key is performed based on the generated registration fingerprint data (S3). In this embodiment, a known common key cryptosystem is used, and in S3, numerical data to be an encryption key is generated based on the registered fingerprint data generated in S2. The specific method for generating the encryption key is to apply numerical data reflecting the data of each feature point constituting the registered fingerprint data (value indicating the type, value corresponding to the X direction position, value corresponding to the Y direction position). Any method may be used. For example, as shown in FIG. 5A, each value indicating the type of each feature point P1, P2, P3, P4, P5... Is A1, A2, A3, A4, A5. Each value corresponding to the X direction position of the feature point is X1, X2, X3, X4, X5..., And each value corresponding to the Y direction position of each feature point is Y1, Y2, Y3, Y4, Y5. .., The value obtained by multiplying the value indicating the type of each feature point, the value corresponding to the X direction position, and the value corresponding to the Y direction position as shown in FIG. As shown in FIG. 5C, a value indicating the type of each feature point, a value corresponding to the X direction position, and a value corresponding to the Y direction position arranged in a prescribed order are encrypted. It may be a key.

  As a specific example of the “value indicating the type” of the feature point, for example, an example as shown in FIG. 6A is given. In this example, the value indicating the branch point is set to “3”, and the value indicating the end point is set. “5”. In addition, as a setting method of “value corresponding to the position in the X direction” and “value corresponding to the position in the Y direction” of each feature point, for example, the X coordinate value and the Y coordinate value of each feature point itself are set to “ A value corresponding to the position in the X direction and a value corresponding to the position in the Y direction may be set, and a value is defined for each coordinate value range (coordinate group) as shown in FIG. Each value of the coordinate group to which each X coordinate value belongs is referred to as “value corresponding to the X direction position”, and each value of the coordinate group to which each Y coordinate value of each feature point belongs is “value corresponding to the Y direction position”. It is also good.

6D and 6E, when each type of value is defined as shown in FIG. 6A, and each distance group is defined as shown in FIG. 6B, FIG. The method of generating the encryption key when the type of each feature point, the X coordinate value, and the Y coordinate value as in (c) are obtained is specifically illustrated. In this example, since the type of the feature point P1 is a branch point, “3” is set as the “value indicating the type”. Further, since the X coordinate value is 0.1, it belongs to the coordinate group 1 and the value “3” defined in the coordinate group 1 is set as the “value corresponding to the position in the X direction”. Further, since the Y coordinate value is −0.2, it belongs to the coordinate group 2 and the value “3” defined in the coordinate group 2 is set as the “value corresponding to the position in the Y direction”. Accordingly, the values (“value indicating the type”, “value corresponding to the position in the X direction”, “value corresponding to the position in the Y direction”) for the feature point P1 are “3”, “3”, and “5”. The feature point P2 is the same, and since the type is an end point, “5” is set as the “value indicating the type”. Further, since the X coordinate value is 0.5, it belongs to the coordinate group 3 and the value “7” defined in the coordinate group 3 is set as “a value corresponding to the position in the X direction”. Further, since the Y coordinate value is 0.7, it belongs to the coordinate group 3 and the value “7” defined in the coordinate group 3 is set as the “value corresponding to the position in the Y direction”. Therefore, the values for the feature point P2 are “5”, “7”, and “7”. In this way, each value (“value indicating the type”, “value corresponding to the position in the X direction”, “value corresponding to the position in the Y direction”) is obtained for a predetermined number (for example, 15) of each feature point. In 6 (d), numerical data is calculated by multiplying these values, and this numerical data is used as the encryption key. Further, in FIG. 6E, each value for a predetermined number (for example, 15) of feature points corresponds to “value indicating the type” and “position in the X direction in order from the feature point close to the reference position (origin). Numeric data is generated in the order of “value” “value corresponding to the position in the Y direction”), and the arranged numeric data is used as an encryption key.
In the present embodiment, the processing of S1 and S2 corresponds to an example of an “acquisition step”, and the fingerprint (physical feature) of the registrant is captured by the imaging unit 26 (external device) provided in the registration device 20 (external device). The registration device 20 (external device) acquires biometric information for registration (registered fingerprint data) based on the physical features of the registrant.

  After the encryption key is generated in S3, as shown in FIG. 3, a process for generating a partially private code is performed (S4). In this process, the data to be made private is encrypted based on the encryption key obtained in S3, and a part of the private code is generated so as to record the encrypted data in the private area.

  In FIG. 7, one area is a private area Cb (an area where encrypted data is recorded) and another area is an open area Ca (an area where unencrypted data is recorded). The secret code C (two-dimensional code) is conceptually shown. Various data (encrypted data) to be recorded in the private area Cb of the partially private code C as shown in FIG. 7 can be considered. In the example of FIG. 7, card information (for example, credit card number, valid (Expiration date, etc.), personal information (name, date of birth, address, etc.) and fingerprint image data of the person to be registered are confidential data (encrypted data) to be recorded in a non-public area. In the process of S4, when the partially private code C as illustrated in FIG. 7 is generated, the registration device 20 needs to acquire data to be recorded in the private area Cb in advance. There are various methods for causing the registration device 20 to acquire data. For example, the registration target person may input using the operation unit 24 of the registration apparatus 20, and the registration target person inputs necessary personal information (for example, ID, name, etc.) in the registration apparatus 20. Sometimes, a method of transmitting from the credit company server (for example, the server 10) to the registration device 20 may be used.

  In the process of S4, the partially private code C is generated with a configuration in which unencrypted data is recorded in the public area Ca. This public area Ca is configured as an area that can be read even by a reader that does not have a decryption key, and can include various disclosed data that can be disclosed to a third party.

  Some areas are private areas (areas that can be read on the condition that a decryption key corresponding to the encryption key is obtained), and other areas are public areas (can be read without using the decryption key corresponding to the encryption key) As a specific method for generating a partially private code and a specific structure of the partially private code to be generated, for example, the techniques disclosed in Japanese Unexamined Patent Application Publication Nos. 2009-9547 and 2008-299422 are used. It can be used suitably. FIG. 8A illustrates a data configuration of a partially private code when the techniques of these publications are used, and among these, “disclosure code” indicates each disclosure as shown in FIG. Data is encoded according to the basic specification of JIS (JISX0510: 2004). In addition, the “secret code” is obtained by converting each encrypted data (encrypted data obtained by encrypting card information, personal information, fingerprint image data, etc.) as shown in FIG. 8C according to JIS basic specifications (JISX0510: 2004). Encoded.

  In the methods disclosed in Japanese Patent Application Laid-Open Nos. 2009-9547 and 2008-299422, the secret code recorded in the non-public area includes the decryption key and the decryption key check data that can specify the decryption key. The decryption key and the decryption key check data may not be included in the private area. In addition, the method for generating a partially private code and the specific configuration of the partially private code to be generated are not limited to this example. Encrypted data is recorded in some areas and non-encrypted in other areas. Any method other than the methods described in these publications may be used as long as it is a method capable of generating a two-dimensional code in which digitized data is recorded.

  As described above, a partially private code in which the encryption key is associated with the registrant's fingerprint information (biological information of the physical feature) is generated. In the present embodiment, the processing of S3 and S4 corresponds to an example of a “code generation step”, and encrypted data using the biometric information for registration acquired by the processing of S1 and S2 (acquisition step) as an encryption key. A partially private code is generated by recording in the private area and recording other data in the public area.

  After the partially private code is generated in S4, as shown in FIG. 3, processing for distributing the partially private code is performed (S5). In this distribution process, the data of the partially private code generated in S4 is transmitted to the portable terminal 30 of the person to be registered. The address of the transmission destination of the partially private code generated in S4 (that is, the e-mail address of the portable terminal 30 of the person to be registered) is displayed on the operation unit 24 of the registration apparatus 20 by the person to be registered in the registration process of FIG. Or may be transmitted from the credit company server (for example, the server 10) to the registration device 20 during the registration process of FIG.

(Reading process)
Next, an information transmission method using the partially private code will be specifically described. FIG. 9 is a flowchart illustrating the flow of reading processing performed by the reading device 40. Note that the reading device 40 that performs the reading process of FIG. 9 is provided in, for example, a store such as a convenience store or a restaurant, for example, by performing a predetermined operation on the operation unit 47 of the reading device 40. 9 is started.

The reading process of FIG. 9 is performed, for example, as a payment process when a product is purchased. First, a process of imaging a two-dimensional code is performed (S10).
In the authentication system 1 according to the present embodiment, when the mobile terminal 30 has acquired the data of the partially private code C (FIG. 7), a predetermined operation (external operation) is performed on the operation unit 36 of the mobile terminal 30. By doing so, the acquired partially private code C can be displayed on the display unit 33, and in this state where the partially private code C is displayed on the display unit 33 of the mobile terminal 30, When the partial private code C is arranged in the imaging area of the imaging unit 42, in the process of S10, the partial private code C is captured by the imaging unit 42, and image data of the partial private code C is obtained. Is stored in the storage unit 43. In addition, in this way, in response to an external operation on the mobile terminal 30, the partially private code C generated in S3 and S4 (code generation step) is displayed on the display unit 33 (display means) of the mobile terminal 30. In this case, the display process performed on the mobile terminal 30 corresponds to an example of “display step”. Further, when the partially private code C displayed in the “display step” is imaged by the imaging unit 42 (imaging means) in the process of S10, the process of S10 corresponds to an example of the “first imaging step”. .

  After the two-dimensional code is imaged in S10, decoding processing is performed based on the image data of the two-dimensional code as shown in FIG. 9 (S11). In this decoding process, data recorded in the public area is decoded by a known decoding method. If a two-dimensional code having a public area and a private area is to be read, only the public area is decoded in S11. On the other hand, when there is no non-public area, the decoding process is performed on the entire area in which data is recorded.

After the decoding process in S11, a process for determining whether or not a private area exists is performed (S12). In this process, based on the decoding result in S11, it is determined whether or not data (index data) indicating that a non-public area exists in an area other than the non-public area is included. For example, when a partly private code has a configuration as shown in FIG. 8A and a specific “secret identifier” is used as index data, in the area other than the private area in the two-dimensional code acquired in S10, It is determined whether or not there is an area in which this “secret identifier” is recorded. In the example of FIG. 8A, a “secret identifier” is attached following the end terminal indicating the end of the disclosure code recorded in the public area Ca. If used, in S12, it is determined whether or not a “secret identifier” exists after the terminal. If such a specific “secret identifier” (index data) exists, the process proceeds to Yes in S12, and a fingerprint imaging process described later is performed (S14). On the other hand, if there is no specific “confidential identifier”, it is determined that there is no private area, the process proceeds to No in S12, and the result of the decoding process performed in S11 is output to the display unit 46 or the like (S13). The reading process ends.
In the present embodiment, the control unit 41 that executes the processing of S12 corresponds to an example of “data detection means”, and a function of detecting a secret identifier (index data serving as an index for requesting authentication of a physical feature). Have

The process of S14 corresponds to an example of a “second imaging step”, and the fingerprint (physical feature) of the person to be authenticated is captured by the imaging unit 42 (imaging unit) of the reader 40 (optical information reader). The image is taken. Specifically, first, information for requesting the user to capture a fingerprint is displayed on the display unit 46. Various display methods are conceivable. For example, it is preferable to display explanatory information for prompting the fingerprint imaging operation by the imaging unit 42 such as “Hold your fingertip over the camera”. When the authentication target person places his / her fingertip in the imaging area of the imaging unit 42 in response to such a request, the authentication target person's fingertip is imaged and fingerprint image data of the authentication target person is generated and stored.
In the present embodiment, the control unit 41 that executes the process of S14 corresponds to an example of “request means”, and when a secret identifier (index data) is detected by the “data detection means”, a fingerprint (body) It functions to request imaging of the characteristic features.

  After the fingerprint image data of the person to be authenticated is generated in S14, a feature point extraction process is performed (S15). Specifically, the feature points are extracted as shown in FIG. 4 in the same manner as when the registered fingerprint data is generated in S2 of FIG. This extraction process makes it possible to specify which type of feature point exists at which position in the fingerprint image data of the person to be authenticated.

After extracting the feature points in S15, the X coordinate value and Y coordinate value of each feature point are acquired (S16). In the first process of S16, the X coordinate value and the Y coordinate value of each feature point are determined by the same method as in S2, and the feature point closest to the center position of the fingerprint area Af (FIG. 4). The X coordinate value and Y coordinate value of each feature point are calculated with the position of P0 as the reference position (origin) and the horizontal and vertical directions of the pixel as the X direction and Y direction, respectively. Then, data of each feature point (a value indicating the type, a value corresponding to the X direction position, and a value corresponding to the Y direction position) is generated by the same method as described above in S2. The data of each feature point (value indicating the type, value corresponding to the X direction position, and value corresponding to the Y direction position) corresponds to an example of “authentication biometric information”.
In the present embodiment, the processing of S15 and S16 corresponds to an example of “extraction step”, and authentication is performed based on the fingerprint (physical feature) of the person to be authenticated imaged in S14 (second imaging step). Fingerprint information (authentication biometric information) is extracted.
In the present embodiment, the control unit 41 that executes the processes of S15 and S16 corresponds to an example of an “extraction unit”, and the fingerprint (physical feature unit) of the person to be authenticated is captured by the imaging unit 42 (imaging unit). In the case where the authentication is performed, it has a function of extracting the characteristics (biometric information) of the fingerprint of the person to be authenticated from the captured fingerprint image.

Thereafter, a process for generating an authentication key used for authentication of the private area is performed (S17). The process of S17 corresponds to an example of a “key generation step”. Data of each feature point generated by S15 and S16 (extraction step) (value indicating the type, value corresponding to the position in the X direction, Based on the value corresponding to the position in the Y direction), an authentication key used for authentication of the private area is generated. Specifically, the authentication key is generated by the same method as the method for generating the encryption key in S3 of FIG. For example, when the encryption key is generated as shown in FIG. 5B, each data constituting the authentication fingerprint information obtained in S16, that is, “value indicating the type” “X direction” of each feature point. The value data obtained by multiplying the value corresponding to the position and the value corresponding to the position in the Y direction is defined as an “authentication key”. When the encryption key is generated as shown in FIG. 5C, the “value indicating the type”, the “value corresponding to the X direction position”, and the “value corresponding to the Y direction position” of each feature point are displayed. Arrangement is performed in the same manner as in 5 (c), and the obtained numerical data is set as an “authentication key”.
In the present embodiment, the control unit 41 that executes the processing of S17 corresponds to an example of a “key generation unit”, and is based on the characteristics (biometric information) of the authentication target person's fingerprint extracted by the “extraction unit”. Thus, it has a function of generating an authentication key used for authentication of a partly private code.

Thereafter, a process for decoding the secret area and decrypting the encrypted data is performed (S18). S18 corresponds to an example of a “decryption step”. When the authentication key generated in S17 (key generation step) matches the encryption key, the encrypted data recorded in the private area is decrypted. ing. Specifically, after the secret code formed by encoding the encrypted data is decoded by a known method, the decoded data is decoded using the authentication key (decryption key) obtained in S17. In the present embodiment, the decryption algorithm (decryption algorithm) used in the reading device 40 corresponds to the encryption algorithm used in the registration process 20, and the encryption key generated in S3 of FIG. When the authentication key (decryption key) generated in S17 matches, the encrypted data in the private area can be decrypted.
In the present embodiment, the control unit 41 that executes the processes of S11 and S18 corresponds to an example of a “decryption unit”. The control unit 41 decrypts the data in the public area, and acquires the encryption key on the condition of obtaining the encryption key. A function of decrypting data (specifically, when the authentication key generated by the “key generation means” matches the encryption key, the secret area is based on the authentication key and a predetermined decryption algorithm) To decrypt the encrypted data recorded in the

  After the decryption process of S18, a process for determining whether or not the decryption process is successful is performed (S19). In S18, when the decoding of the secret code fails or the decoding fails, the process proceeds to No in S19. On the other hand, if the decryption is successful in S18 and the encrypted data can be decrypted, the process proceeds to Yes in S19, and the fingerprint image data recorded in part of the private code and the image captured in S14 A match state is determined by comparing the data obtained from the fingerprint image.

The fingerprint image data to be compared in S20 is a data of a registrant's fingerprint image, and may be recorded in a non-public area as shown in FIG. 7, or may be recorded in a public area. The data structure of this fingerprint image data can be variously considered. For example, it may be the relative position data (pattern data indicating the arrangement pattern of each feature point) of each feature point detected as shown in FIG. May be part or all of the data. For example, when the relative position data of each feature point is partially recorded in the private code as fingerprint image data, in the process of S20, the arrangement pattern of each feature point specified by such fingerprint image data, It is determined whether or not the arrangement pattern of each feature point extracted from the fingerprint image obtained in S14 matches. When part or all of the fingerprint image data is recorded as a part of the private code as fingerprint image data, the recorded fingerprint image is compared with the fingerprint image obtained in S14 by pattern matching or the like. It may be determined whether or not they match. Note that these comparison determination methods are merely examples, and other methods may be used as long as they can compare and determine the coincidence between the fingerprint image of the person to be registered and the fingerprint image of the person to be authenticated. In any case, if it is determined that they match in S21, the process proceeds to Yes in S21, and data in the open area (data decoded in S11) and private area data (decrypted in S18). Data) is output (S22). The process of S22 corresponds to an example of an “output step”, and when the encrypted data is decrypted in S18 (decryption step), the decryption result is output.
In the present embodiment, the control unit 41 that executes the processes of S20 and S21 corresponds to an example of a “determination unit”, and when the fingerprint of the person to be authenticated is captured by the imaging unit 42 (imaging unit), It has a function of determining whether or not the captured fingerprint image of the person to be authenticated matches the fingerprint image of the registrant recorded in a partially private code. The control unit 41 that executes the process of S22 corresponds to an example of “output unit”, and when the “determination unit” determines that the fingerprint image of the person to be authenticated matches the fingerprint image of the registrant. And has a function of outputting the result of decoding the private area.

  On the other hand, if it is determined in S19 that the decryption has failed, or in S21, the fingerprint image data recorded in the partially private code matches the data obtained from the fingerprint image captured in S14. If it is determined that the condition is not satisfied, the process returns to S16, and processing for generating fingerprint information for authentication is performed again. In the process of S16 again, among the feature points extracted in S15, the position of the feature point that has not yet been set as the origin and is closest to the center position of the fingerprint area Af (FIG. 4) is used as the reference position. The X coordinate value and Y coordinate value of each feature point are recalculated with the origin and the horizontal and vertical directions of the pixel as the X direction and Y direction, respectively. For example, when the origin is set as shown in FIG. 4 in the first processing of S16, the origin is set as P0 ′ in the second processing of S16, and the coordinates are conceptually shown by a wavy line. . Then, based on the X and Y coordinate values of each feature point recalculated in this way, the fingerprint information for authentication (that is, a value indicating the type of each feature point, a value corresponding to the position in the X direction, Y (Value corresponding to the direction position) is regenerated (S16), an authentication key is generated again based on the authentication fingerprint information (S17), and then the decryption process of S18 is performed. Although not specifically shown in FIG. 9, if the decryption of the encrypted data is not successful even if the processes of S16 to S18 are performed a predetermined number of times, error information may be displayed and the reading process may be terminated. Alternatively, only the data in the public area may be output and the reading process may be terminated.

  In addition, when the process of FIG. 9 is a payment process performed in a store etc., in S22, each data (credit card number, expiration date, name, date of birth, etc.) recorded in a non-public area | region is purchased goods It is possible to perform payment processing in the credit company by associating with the data (product name, price, etc.) relating to and outputting the data directly to the external server 50 (for example, a credit company server) from the reading device 40 or via a computer (not shown). I can do it. In this case, a process for inputting data (product name, price, etc.) relating to the purchased product in the reading device 40 may be provided separately.

(Main effects of the first embodiment)
In the present embodiment, there is a partially private code C (public area having a predetermined configuration as shown in FIG. 7 and a private area in which encrypted data encrypted based on a predetermined encryption key is recorded. The encryption key of the encryption data is provided with “decryption means” for decrypting the code (corresponding to the biometric information of the physical feature of the registrant). In this case, since the private area Cb is decrypted on the condition that the encryption key is obtained, a third party who cannot obtain the encryption key cannot use the data in the private area Cb, and the confidentiality of the specific data is prevented. Sexually can be enhanced effectively.
Further, the biometric information of the person to be authenticated is extracted from the image of the physical feature imaged by the imaging unit 42 (imaging means), and the partially-disclosure code C is authenticated based on the extracted biometric information. When an authentication key to be used is generated and a part of the private code C is decrypted, the generated authentication key is used, and when the authentication key corresponds to the encryption key, the authentication key and the predetermined key Based on the decryption algorithm, the encrypted data recorded in the private area Cb is decrypted.
In this way, only the person to be authenticated who has biometric information capable of generating an authentication key corresponding to the encryption key can easily use the data in the non-public area Cb, and does not have such biometric information. It is extremely difficult for a third party to illegally use the data in the private area Cb. In addition, since the private area Cb is encrypted using the biometric information as an encryption key, even if a medium that displays a part of the private code C is lost, a third party can store the data in the private area Cb. It is extremely difficult to obtain fraudulently.

  Further, in the present embodiment, a partial secret code C in which a secret identifier (index data serving as an index for requesting authentication of a physical feature) is recorded in an area other than the secret area Cb is set as a decryption target. Furthermore, a “data detection unit” for detecting the secret identifier (index data) is provided, and when the “data detection unit” detects the secret identifier, it is configured to request imaging of the physical feature. ing. In this way, it is possible to easily and appropriately determine whether or not the information code imaged by the imaging unit 42 (imaging unit) is a partially private code that should require authentication of the physical feature part. it can. Therefore, if there is no need to take a response such as “requesting uniform imaging of physical features” and there is no need to request imaging of physical features, it is possible to avoid unnecessary processing. When it is necessary to request the imaging of the target feature portion, it can be judged appropriately and the process can be quickly shifted to the imaging process.

  Further, in the present embodiment, the partial secret code C in which the encryption key of the encryption data is composed of the registrant's fingerprint data is targeted for decryption. Then, the characteristics of the fingerprint of the authentication target person are extracted from the fingerprint image of the authentication target person imaged by the imaging unit 42 (imaging means), and the authentication key (the authentication target person's authentication target) is extracted based on the extracted fingerprint characteristics. When the fingerprint data of the person to be authenticated and the fingerprint data of the registrant are in the same relationship, the encrypted data recorded in the private area Cb is decrypted according to the decryption algorithm. . In this way, only the person to be authenticated who has a fingerprint capable of generating an authentication key corresponding to the encryption key (registrant's fingerprint data) can use the data in the private area Cb. It becomes extremely difficult for a third party who does not have to illegally use the data in the private area Cb. In addition, since the private area Cb is encrypted using the fingerprint data as an encryption key, even if a medium that displays a part of the private code C is lost, a third party can retrieve the data in the private area. It is extremely difficult to obtain illegally.

  Further, in the present embodiment, the partial secret code C in which the registrant's fingerprint image is recorded is to be decrypted. When the fingerprint of the person to be authenticated is picked up by the image pickup unit 42 (image pickup means), the fingerprint image of the person to be authenticated picked up, and the fingerprint image of the registrant recorded in the private code C in part Is determined to match, and if it is determined to match, the decryption result of the private area Cb is output. In this way, unless the fingerprint image recorded in advance matches the fingerprint image of the person to be authenticated, the decryption result is not output and the security can be further improved.

  In the present embodiment, the mobile terminal 30 is used as a medium for displaying the information code, and the mobile terminal 30 stores the image data of the partially private code C generated by the registration device 20 (external device). A storage unit 35 (storage unit) that reads the image data stored in the storage unit 35, and a display control unit that causes the display unit 33 (display unit) to display a partial private code. Therefore, a part of the secret code can be managed and displayed as necessary in the portable terminal 30 without preparing a special medium, and the secret area Cb can be displayed at the time of management and display. Since the data is not illegally used, it is possible to secure the function of preventing fraud while further improving the convenience for the user.

[Second Embodiment]
Next, a second embodiment will be described. FIG. 10A is an explanatory diagram for conceptually explaining a partially private code used in the authentication system according to the second embodiment, and FIG. 10B is a partially unlisted view of FIG. It is explanatory drawing which illustrates notionally the data structure of the non-public area | region of an open code | cord | chord. FIG. 11 is a flowchart illustrating the flow of registration processing performed in the authentication system according to the second embodiment.

  In the first embodiment, an example in which encrypted data encrypted by a single encryption key is recorded in a partially private code has been described. However, in the second embodiment, encryption is performed using different encryption keys. A plurality of encrypted data is partially provided in the private code. In the second embodiment, the configuration of the partially private code and the specific contents of the registration process and the reading process are different from those of the first embodiment, but the rest is the same as in the first embodiment. Therefore, in the following, different parts will be described mainly, and detailed description of the same parts will be omitted. 1, 2, 4 to 6, and 8 are the same as those in the first embodiment, and will be described with reference to these drawings as appropriate.

  In the present embodiment, as shown in FIGS. 10A and 10B, a plurality of pieces of encrypted data are recorded in the private area Cb of the partially private code C, and the encryption keys of the plurality of pieces of encrypted data are Each is associated with a plurality of fingerprints (physical features). In this partially private code C, the private area Cb is composed of a plurality of areas (first area, second area, third area, and fourth area). First encrypted data encrypted by the encryption key is recorded. Similarly, the second area stores the second encrypted data encrypted with the second encryption key, and the third area stores the third encrypted data encrypted with the third encryption key. In the fourth area, fourth encrypted data encrypted by the fourth encryption key is recorded. In addition, each encryption key of each encryption data may be generated by each fingerprint of a plurality of fingers of the same person, and a plurality of persons (such as a plurality of persons of the same family (for example, father, mother, child, etc.)) It may be generated by each fingerprint. In the following, an example in which each encryption key is generated based on the fingerprints of each person in the same family will be described as a representative example.

  The partially private code C as shown in FIG. 10 can be generated in the flow as shown in FIG. 11, for example. This registration process is also performed by the registration device 20 as in the first embodiment. First, a process of imaging the fingerprint of the person to be registered is performed (S201). This fingerprint imaging process is the same as S1 in FIG. 3. For example, when S201 is executed for the first time, the first registration target person (for example, father) 's finger is imaged by the imaging unit 26 of the registration device 20, and the first Fingerprint image data of the person to be registered is generated.

  After the fingerprint imaging process in S201, a process for generating registered fingerprint data of the person to be registered is performed based on the fingerprint image data obtained in S201 (S202). The method for generating the registered fingerprint data is the same as S2 in FIG. 3. Based on the fingerprint image data obtained in S201, the data of each feature point (value indicating the type, value corresponding to the position in the X direction, Y A value corresponding to the direction position (see FIG. 5A) is generated and stored as registered fingerprint data of the person to be registered. For example, when S202 is executed for the first time, based on the fingerprint image data of the first person to be registered (for example, father) obtained in S201, data of each feature point (value indicating the type, value corresponding to the position in the X direction, A value corresponding to the position in the Y direction (see FIG. 5A) is generated, and these are stored as the first registered fingerprint data of the first registered person.

  After the registered fingerprint data is generated in S202, processing for generating an encryption key is performed based on the generated registered fingerprint data (S203). The processing in S203 is the same as S3 in FIG. 3, and numerical data to be an encryption key is generated based on the registered fingerprint data generated in S202. For example, when S203 is executed for the first time, numerical data to be the first encryption key is generated based on the first registration fingerprint data of the first registration subject (for example, father). The encryption key generation method is obtained by multiplying the value indicating the type of each feature point, the value corresponding to the X direction position, and the value corresponding to the Y direction position, as shown in FIG. 5B. The encryption key may be used as an encryption key. As shown in FIG. 5C, the value indicating the type of each feature point, the value corresponding to the X direction position, and the value corresponding to the Y direction position are arranged in a prescribed order. The value may be an encryption key.

  Thereafter, a process of determining whether or not the necessary number of encryption keys has been generated is performed (S204). There are various determination methods. For example, when data to be encrypted for a plurality of persons in the same family is prepared in the registration device 20 in advance, whether or not encrypted data for the plurality of persons is generated is determined. Alternatively, it may be determined, or it may be determined whether or not the user has performed a fingerprint registration end operation. If it is determined that the necessary number of encryption keys have been generated, the process proceeds to Yes in S204. On the other hand, if the required number of encryption keys has not been generated, the process proceeds to No in S204, and the processes in and after S201 are repeated for other registration target persons.

  For example, when the processes of S201 to S203 are performed for the second registration target person (for example, mother), the finger of the second registration target person is imaged by the imaging unit 26 of the registration device 20 to generate fingerprint image data ( S201), based on the fingerprint image data, data of each feature point (value indicating the type, value corresponding to the X direction position, value corresponding to the Y direction position: see FIG. 5A) is generated (S202). ). Then, numerical data to be the second encryption key is generated based on the data of each feature point (that is, the second registered fingerprint data) (S203). Such processes of S201 to S203 are repeated by the number of persons scheduled to register.

  When the process proceeds to Yes in S204, a process for generating a partially private code is performed (S205). In the present embodiment, data to be encrypted is prepared for each registration target person. In the process of S205, the data for each registration target person is used as the encryption key for each registration target person obtained in S203. The private code C is generated in a configuration in which the respective encrypted data are recorded in the respective areas of the private area Cb (FIG. 10). In addition, as data to be encrypted prepared for each registration target person, as in the first embodiment, each registration target person's credit card information (for example, credit card number, expiration date, etc.), each registration target person's Personal information (name, date of birth, address, etc.), fingerprint image data of each registered person, and the like. For example, when first data (data such as a credit card number) is prepared for a first person to be registered (for example, a father), the first encrypted data is encrypted with the first encryption key. Is generated, and the first encrypted data is encoded and recorded in the first area. Similarly, when second data (data such as a credit card number) is prepared for a second person to be registered (for example, mother), the second data is encrypted by the second encryption key. Data is generated, and the second encrypted data is encoded and recorded in the second area. ,

  In addition, when the partially private code C as shown in FIG. 10 is generated in the process of S205, the data of each registration target person to be recorded in each area of the private area Cb (for example, the credit card number of each registration target person) Etc.) must be acquired in advance by the registration device 20, and there are various methods for causing the registration device 20 to acquire such data. For example, it may be a method in which each registration target person inputs using the operation unit 24 of the registration apparatus 20, and each registration target person acquires personal information (for example, ID, name, etc.) necessary for the registration apparatus 20. For example, a method of transmitting data from a credit company server (for example, the server 10) to the registration device 20 may be used.

  The partially private code C generated as described above is transmitted to the portable terminal 30 of each registration target person by the process of S206. The address of the transmission destination of the partially private code C generated in S205 (that is, the mail address of the mobile terminal 30 of each registration target person) is stored in the registration apparatus 20 by each registration target person in the registration process of FIG. It may be input using the operation unit 24, or may be transmitted from the credit company server (for example, the server 10) to the registration device 20 during the registration process of FIG.

  Next, an information transmission method using the partially private code C will be specifically described. In the present embodiment, the reading process is performed in the same flow as in FIG. 9, and therefore, the reading process will be described with reference to FIG. In the present embodiment, since the specific contents of the reading process are different from those in the first embodiment, this difference will be mainly described.

  Also in the present embodiment, for example, the reading process of FIG. 9 is performed by the reading device 40 provided in a store such as a convenience store or a restaurant. First, the same two-dimensional code imaging as in the first embodiment is performed. Processing is performed (S10). After that, the decoding process similar to that of the first embodiment is performed (S11), the determination process similar to that of the first embodiment is performed (S12), and there is a non-public area in the two-dimensional code imaged in S10. Advances to Yes in S12, and if it does not exist, advances to No in S12.

  In the authentication system according to the present embodiment, a predetermined operation (external operation) is performed on the portable terminal 30 of each registration target person who holds the image data of the partially private code C (FIG. 10). The private code C can be displayed on the display unit 33. As described above, when the partially private code C is displayed on the portable terminal 30 of any registration target person, when such a partially private code C is imaged in S10, it is made public in S11. After decoding the region, the process proceeds to Yes in S12, and fingerprint imaging processing (S14), feature point extraction processing (S15), and authentication fingerprint information generation processing for the fingerprint of the person to be authenticated in the same manner as in the first embodiment. (S16) An authentication key generation process (S17) is performed.

  Then, after generating the authentication key in S17, based on the generated authentication key, each encrypted data (first encrypted data, second encrypted data, third encrypted data, (4 encryption data) is decrypted (S18). In the process of S18, each area (the first area, the second area, the third area, and the fourth area) of the non-public area Cb is decoded by a known method, and then each encrypted data (the first area) recorded in those areas is decoded. 1 encryption data, 2nd encryption data, 3rd encryption data, 4th encryption data) is tried to decrypt using the authentication key (decryption key) obtained in S17. In the present embodiment, the decryption algorithm (decryption algorithm) used in the reading device 40 corresponds to the encryption algorithm used in the registration process 20, and a plurality of encryption keys (S203 shown in FIG. If any of the first encryption key, the second encryption key, the third encryption key, and the fourth encryption key) matches the authentication key (decryption key) generated in S17, the matching encryption Data can be decrypted.

  After the decryption process of S18, a process is performed to determine whether or not any of the encrypted data recorded in the private area Cb has been successfully decrypted (S19), and any of the encrypted data in the private area Cb is performed. If the decryption fails, the process proceeds to No in S19. On the other hand, if the decryption of any encrypted data in the private area Cb is successful and the encrypted data can be decrypted, the process proceeds to Yes in S19, and the fingerprint image data partially recorded in the private code , S14 is compared with the data obtained from the fingerprint image taken at S14 to determine the matching state. In the present embodiment, fingerprint image data (same data as in the first embodiment) of each registration target person is recorded in each area of the non-public area Cb, and in S20, the area where decryption was successful The fingerprint image data recorded in step S14 and the data obtained from the fingerprint image captured in S14 are compared by the same method as in the first embodiment to determine the matching state. If it is determined that they match in S21, the process proceeds to Yes in S21, and the data in the public area Ca (data decoded in S11) and the data in the private area (decoded data decoded in S18) are output. (S22). On the other hand, if it is determined in S19 that the decoding has failed, or if it is determined in S21 that the matching condition is not satisfied, the process returns to S16 and the same method as in the first embodiment (ie, in S15). Among the extracted feature points, the position of the feature point that has not yet been set as the origin and is closest to the center position of the fingerprint area Af (FIG. 4) is defined as a reference position (origin), and the horizontal direction of the pixel and The process of generating fingerprint information for authentication is performed again by a method of recalculating the X coordinate value and the Y coordinate value of each feature point with the vertical direction as the X direction and the Y direction, respectively (S16), and the processes after S17 are performed. repeat.

(Main effects of the second embodiment)
In the partially closed code C used in the present embodiment, a plurality of encrypted data is recorded in the public area Cb, and each encryption key of the plurality of encrypted data corresponds to a plurality of fingerprints (physical features), respectively. It is attached. In the reading process, when the authentication key generated by the “key generation unit” corresponds to any one of a plurality of encryption data recorded in the private area Cb, the corresponding encryption key The encrypted data corresponding to is decrypted according to the decryption algorithm. In this way, a plurality of types of encrypted data can be managed for each fingerprint (physical feature), and the degree of freedom and convenience of using the encrypted data can be improved.

  Specifically, each encryption key of the plurality of encrypted data recorded in the non-public area Cb is associated with each fingerprint (physical feature) of each of the plurality of registrants. And if the authentication key generated by the “key generation means” corresponds to the encryption key associated with the fingerprint (physical feature) of any registrant, it corresponds to the corresponding encryption key The encrypted data is decrypted according to the decryption algorithm. In this way, a plurality of registrants can partially share the private code C, and convenience is further enhanced. Each registrant can use the encrypted data corresponding to his / her fingerprint (physical feature), but cannot use the encrypted data of other registrants. Data will not be used illegally, and security will be ensured.

[Third Embodiment]
Next, a third embodiment will be described. FIG. 12 is an explanatory diagram conceptually illustrating a portable terminal used in the authentication system according to the third embodiment. The appearance of the portable terminal is conceptually shown on the left side and stored in the storage unit 35 on the right side. The contents of the private code are conceptually shown. Note that the third embodiment is different from the first embodiment in the distribution method of the partially private code and the display method of the partially private code on the mobile terminal 30, and is otherwise the same as the first embodiment. Therefore, in the following, different parts will be described mainly, and detailed description of the same parts will be omitted. The drawings are the same as those in FIGS. 1 to 9 and will be described with reference to these drawings as appropriate.

  In the first embodiment, a partial private code for the registration target person (partial private code including encrypted data encrypted with an encryption key based on the fingerprint of the registration target person) in the portable terminal of the registration target person ) In the present embodiment, a partially private code generated for another registration target person related to the one registration target person in the portable terminal of the one registration target person. (Partially private code including encrypted data encrypted with an encryption key based on the fingerprint of the other registered person) can be stored. As described above, as a method for causing the portable terminal of the one registration target person to acquire the partially private code generated for the other registration target person related to the one registration target person, In the distribution process (S5: FIG. 3) when a partially private code is generated, it may be distributed to the one registration target person (for example, only the address of another registration target person as a distribution destination) But you can also add the address of the first registered person). Alternatively, when a partially private code for another registration target person is generated, data communication (infrared communication or the like) is performed between the registration device 20 and the portable terminal 30 of the one registration target person, and one registration is performed. What is necessary is just to make it memorize | store the partially private code | symbol for other registration object persons in the portable terminal 30 of an object person.

  By using the configuration as described above, as shown in FIG. 12, in the storage unit 35 of the portable terminal 30 of one registration target person (registration target person 1), other registration target persons (registration target persons 2, 3, 4) A partially private code for use can be stored. The right side of FIG. 12 conceptually illustrates a plurality of partially private codes stored in the mobile terminal 30 for one registration target person (registration target person 1). In this example, the mobile terminal 30 As well as the partially private code C2 for the three owners (registration subjects 2, 3, 4) other than the owner, C3 and C4 are stored. In addition, the partial secret codes C1, C2, C3, and C4 for each registration target person are generated based on the fingerprint image of each registration target person in the registration process of FIG. 3 performed for each registration target person. (In other words, the encryption data in the private areas of the partial private codes C1, C2, C3, and C4 are generated using the respective encryption keys generated based on the fingerprints of the respective registration subjects. The configuration is the same as that of FIG. 7 described in the first embodiment.

In the portable terminal 30 according to the present embodiment, when a plurality of pieces of partially private code image data are stored in the storage unit 35 (storage unit) in this way, each partial secret code is displayed on the display unit 33 (display unit). Are configured to display sequentially. The left side of FIG. 12 shows an example in which one partial private code C1 among a plurality of stored codes is displayed on the display unit 33 of the mobile terminal 30. For example, the partial private code is sequentially displayed thereafter. C2, a partially private code C3, and a partially private code C4 can be displayed. The display order may be any order. For example, the display order may be displayed in the descending order of the number of times displayed in the past, or may be displayed in the newly stored order. In addition, such partial private code display (sequential display) on the mobile terminal 30 is performed by the user performing a predetermined operation on the operation unit 36 when the reading device 40 performs reading processing, for example. It is supposed to start when.
In the present embodiment, the control unit 31 corresponds to an example of a “display control unit”, and when a plurality of pieces of image data of a partial private code are stored in the storage unit 35 (storage unit), each partial private code Are sequentially displayed on the display unit 33 (display means).

  Next, a description will be given of a process for reading a partially private code that is sequentially displayed as described above. The reading process performed in the present embodiment is the same as the reading process (FIG. 9) described in the first embodiment. When the display unit 33 is arranged in the imaging area of the imaging unit 42, the display unit 33 is displayed. The process shown in FIG. 9 is performed for each partially-disclosed code displayed in FIG. For example, when the display is switched in the order of the partially private code C1, C2, C3, C4, first, the reading process of FIG. 9 is performed on the display of the partially private code C1. At this time, if the decryption is successful and it is determined in S21 that the matching condition is satisfied, the data of the public area and the private area are output in S22. Further, after the reading process of the partial private code C1, the reading process of FIG. 9 is similarly performed on the display of the next partial private code C2, and then the next partial private code is displayed. The reading process of FIG. 9 for the display of the code C3, and the subsequent reading process of FIG. 9 for the display of the next partial private code C4 are sequentially performed. It should be noted that the fingerprint imaging process of the person to be authenticated and the feature point extraction process of S15 may be performed in S14 for each partial private code reading process, but in the initial partial private code reading process, S14 The fingerprint image data of the person to be authenticated imaged in step 1 or the feature point data generated in step S15 in the first partial private code reading process may be used in the subsequent partial private code reading process. (In this case, the process of S14 or the processes of S14 and S15 is omitted in the second and subsequent partially private code reading process).

In the present embodiment, the imaging unit 42 corresponds to an example of an “imaging unit”, and functions to capture each partially closed code that is sequentially displayed on the display unit 33 (display unit).
In the present embodiment, the control unit 41 that executes the processes of S15 and S16 corresponds to an example of an “extraction unit”, and the fingerprint (physical feature unit) of the person to be authenticated is captured by the imaging unit 42 (imaging unit). In the case where the authentication is performed, it has a function of extracting the characteristics (biometric information) of the fingerprint of the person to be authenticated from the captured fingerprint image.
Further, the control unit 41 that executes the processing of S17 corresponds to an example of “key generation unit”, and is partially closed based on the fingerprint characteristic (biological information) of the person to be authenticated extracted by the “extraction unit”. It has a function of generating an authentication key used for code authentication.
Further, the control unit 41 that executes the process of S18 corresponds to an example of a “decryption unit”, and the authentication key generated by the “key generation unit” is encrypted with any of the partially private codes that are sequentially displayed. When corresponding to the key, it functions to decrypt the encrypted data recorded in the private area of the partially private code.

  In the present embodiment, when a plurality of pieces of partially-public code image data are stored in the storage unit 35 (storage unit), the partial private codes are sequentially displayed on the display unit 33 (display unit), and the reading device An imaging unit 42 (imaging unit) of 40 (optical information reader) is configured to image each of the partially displayed secret codes that are sequentially displayed. In this way, a plurality of partially private codes can be managed in the mobile terminal 30, and the plurality of partially private codes can be easily registered as reading objects of the reading device 40. Then, the authentication key generated by the “key generation unit” of the reading device 40 is an encryption key of any partially private code (that is, any of the partially private code that has been imaged) that is sequentially displayed. In the case of corresponding to the above, since it is configured to decrypt the encrypted data recorded in the private area of the partially private code, the user's Those that can be deciphered by fingerprints (physical features) can be selectively used.

  There are various specific usage methods of the above-described configuration. For example, all the registration target persons of each private code stored in the mobile terminal 30 belong to the same group (for example, family, company, etc.) having a deep relationship. If it belongs, the mobile terminal 30 can be shared by the group. For example, when a plurality of partially private codes stored in the mobile terminal 30 are all generated by the family of the owner of the mobile terminal 30, the mobile terminal 30 is shared by highly reliable families. And convenience increases.

[Fourth Embodiment]
Next, a fourth embodiment will be described. FIG. 13 is an explanatory diagram illustrating a display state on the mobile terminal in the authentication system according to the fourth embodiment.
Note that this embodiment differs from the third embodiment in the display method when displaying a partially private code on a mobile terminal, and the reading process for reading the displayed partially private code is also different from the third embodiment. However, the rest is the same as in the third embodiment. Therefore, hereinafter, points different from the third embodiment will be mainly described, and detailed description of similar points will be omitted.

  Also in this embodiment, by using the same method as in the third embodiment, a plurality of pieces of private code image data are stored in the storage unit 35 (storage means) of the mobile terminal 30. For example, the right side of FIG. As described above, in the storage unit 35 of the portable terminal 30 of one registration target person (registration target person 1), a partial secret code for other registration target persons (registration target persons 2, 3, 4) is stored. Can be kept. In the third embodiment, an example in which such partially private codes are sequentially displayed has been shown. However, in this embodiment, a plurality of such partially private codes are displayed on the display unit 33 (display means) at the same time. Is displayed.

  FIG. 13 shows an example in which when a plurality of partially private codes as shown in the right side of FIG. 12 are stored in the storage unit 35, these are simultaneously displayed on the display unit 33 of the mobile terminal 30. Such partial private code display (simultaneous display) on the mobile terminal 30 is started, for example, when the user performs a predetermined operation on the operation unit 36 when performing reading processing with the reading device 40. It has come to be. In the present embodiment as well, the control unit 31 corresponds to an example of “display control means”.

  Next, a description will be given of a process for reading a partially private code displayed simultaneously as described above. The reading process performed in the present embodiment is basically the same as the reading process (FIG. 9) described in the first embodiment. When a plurality of two-dimensional codes are imaged simultaneously by the imaging unit 42, all the two-dimensional codes are captured. The code shown in FIG. 9 is read. Therefore, when the display unit 33 as shown in FIG. 13 is picked up by the image pickup unit, the process shown in FIG. 9 is performed for all of the partial secret codes C1, C2, C3, and C4 displayed on the display unit 33. Will be.

  In this process, first, all the two-dimensional codes arranged in the imaging area of the imaging unit 42 are imaged (S10), and the same decoding process as in the first embodiment is performed on all the captured two-dimensional codes. (S11). Then, it is determined whether or not there is a non-public area in any two-dimensional code, and if it exists, the process proceeds to Yes in S12, and the processes in S14 to S17 are performed as in the first embodiment. It has become.

  Then, using the authentication key generated in S17, a decryption process is attempted on the private area of all the two-dimensional codes imaged in S10 (S18). Also in the present embodiment, the decryption algorithm (decryption algorithm) used in the reading device 40 corresponds to the encryption algorithm used in the registration process 20, and partially secret codes C1, C2, When C3 and C4 are imaged, one of these partially private code encryption keys (each encryption key generated in S3 of FIG. 3 for each registrant target person) is generated in S17. When the authentication key (decryption key) matches, the encrypted data with the same encryption key can be decrypted.

  After the decryption process of S18, a process is performed to determine whether or not any of the partial private code encrypted data has been decrypted (S19), and any partial private code encrypted data is also decrypted. If not, the process proceeds to No in S19. On the other hand, when the decryption of the encrypted data of any partially private code is successful and the encrypted data can be decrypted, the process proceeds to Yes in S19, and the decrypted data is successfully included in the partially private code. The recorded fingerprint image data is compared with the data obtained from the fingerprint image captured in S14 (S20), and a matching state is determined (S21). Note that the comparison and determination methods in S20 and S21 are the same as those in the first embodiment. If it is determined that they match in S21, the data of the partially private code (public area and private area data) that has been successfully decrypted is output (S22).

  In the present embodiment, when a plurality of pieces of private code image data are stored in the storage unit 35 (storage unit) of the mobile terminal 30, the plurality of partial private codes are stored in the display unit 33 (display unit). The image capturing unit 42 (imaging unit) of the reading device 40 (optical information reading device) simultaneously captures the plurality of partial secret codes to be displayed. In this way, it is possible to manage a plurality of partially private codes in the mobile terminal 30 and easily use the plurality of partially private codes as reading targets of the reading device 40 (optical information reading device). And can be registered more quickly. The encryption key generated by the “key generation unit” of the reading device 40 is an encryption key of any one of the partial private codes (that is, any one of the captured partial private codes) that is displayed. In the case of corresponding to the above, since it is configured to decrypt the encrypted data recorded in the private area of the partially private code, among the plurality of partially private codes displayed, the user's What can be deciphered by the physical features can be selectively used.

[Other Embodiments]
The present invention is not limited to the embodiments described with reference to the above description and drawings. For example, the following embodiments are also included in the technical scope of the present invention.

  In the above embodiment, a QR code is illustrated as an example of a two-dimensional code, and a QR code formed by recording secret data (encrypted data) encrypted after a terminal is illustrated as an example of a partially closed code. However, other types of two-dimensional codes may be used as long as they are two-dimensional codes having a public area and a private area.

  In the above embodiment, as a method for expressing a fingerprint as data, a method using feature point type and position data is exemplified. However, any other known method can be used as long as it can express a fingerprint as data. Also good.

  In the above embodiment, “fingerprint” is exemplified as the human physical feature, but any physical feature may be used as long as the content differs for each individual. For example, “retina”, “vein”, “iris”, “palmprint”, and the like may be used as physical features, and such biometric information may be used as an encryption key.

  In the above-described embodiment, the example in which the partially private code generated by the registration device 20 is delivered by email in S5 or S206 has been shown. For example, data of a partly private code may be transmitted by infrared communication or the like.

  In the above embodiment, the server 10 (for example, a credit company server) and the registration device 20 are illustrated as separate devices. However, the server 10 and the registration device 20 may be configured as a single device. That is, an imaging unit may be provided in the server 10 to function in the same manner as the registration device 20, and a part of the secret code may be generated in the server 10 as shown in FIG.

  In the above-described embodiment, the configuration in which the registration device 20 generates a part of the secret code is illustrated. However, the registration process shown in FIGS. A configuration in which a partially private code C such as 10 is generated may be used. In this case, it is necessary for the mobile terminal 30 to acquire data to be recorded in the public area Cb in advance. A method for causing the mobile terminal 30 to acquire such data is, for example, that the registration target person operates the operation unit of the mobile terminal 30. 36 may be used, or a method of transmitting necessary information from a credit company server (for example, the server 10) to the mobile terminal 30 may be used. When the registration process as shown in FIGS. 3 and 11 is performed on the mobile terminal 30, the fingerprint imaging process of S1 and S201 is performed using the imaging unit 32, and the imaging unit 32 is an example of the “imaging device”. It will be equivalent. In this case, the distribution process of S5 is omitted.

  In the third embodiment, an example is shown in which a plurality of partially private codes stored in the storage unit 35 are sequentially displayed and read by the reading device 40. However, a plurality of partially private codes stored in the storage unit 35 are shown. The code may be selected by the user and displayed on the display unit 33.

  In the above embodiment, as shown in S20 and S21 of FIG. 9, the fingerprint image data in the partially private code is compared with the fingerprint image generated in S14, and the matching state is determined. In this case, it is possible not to perform such comparison and determination processing.

DESCRIPTION OF SYMBOLS 1 ... Authentication system 20 ... Registration apparatus 26 ... Imaging part (imaging apparatus)
30 ... portable terminal 31 ... control unit (display control means)
32 ... Imaging unit (imaging device)
33 ... Display section (display means)
35 ... Storage section (storage means)
40 ... Reading device (optical information reading device)
41... Control unit (decryption means, extraction means, key generation means, data detection means, request means, determination means, output means)
42 ... Imaging unit (imaging means)
46 ... Display section (output means)
C: Partially private code Ca ... Public area Cb ... Private area

Claims (6)

An imaging means capable of imaging an information code and a human physical feature;
When the information code is imaged by the imaging means, a decoding means for decoding the imaged information code;
An optical information reader comprising:
The decryption means includes a partly private area in which the information code picked up by the image pickup means has a public area and a private area in which encrypted data encrypted based on a predetermined encryption key is recorded. When it is a code, it is configured to decrypt the data in the public area and decrypt the data in the private area on the condition that the encryption key is acquired,
The partially private code is formed by associating the encryption key of the encrypted data with the biometric information of the physical feature of the registrant,
An extraction unit that extracts the biometric information of the authentication target person from the captured image of the physical feature part when the physical feature part of the authentication target person is imaged by the imaging unit;
Key generation means for generating an authentication key used for authentication of the partially private code based on the biometric information of the person to be authenticated extracted by the extraction means;
With
The decryption means, when the authentication key generated by the key generation means matches the encryption key , the encrypted data recorded in the private area based on the authentication key and a predetermined decryption algorithm Is a structure to decrypt
A plurality of the encrypted data is recorded in the private area of the partially private code,
Each of the encryption keys of the plurality of encrypted data is associated with a plurality of the physical features,
The decryption means, when the authentication key generated by the key generation means corresponds to an encryption key of any of the plurality of encryption data recorded in the private area, the corresponding encryption key An optical information reading device that decrypts the encrypted data corresponding to the above in accordance with the decryption algorithm . In the area other than the private area, the partial private code is recorded with index data serving as an index for requesting authentication of the physical feature,
Data detecting means for detecting the index data;
Request means for requesting imaging of the physical feature when the index data is detected by the data detection means;
The optical information reader according to claim 1, wherein the optical information reader is provided. The imaging means has a configuration capable of imaging a human fingerprint as the physical feature.
In the partially private code, the encryption key of the encrypted data consists of fingerprint data of the registrant,
The extraction means, when the fingerprint of the person to be authenticated is imaged by the image pickup means, extracts the characteristics of the fingerprint of the person to be authenticated from the image of the fingerprint,
The key generation means generates fingerprint data of the person to be authenticated as the authentication key based on the characteristics of the fingerprint extracted by the extraction means,
The decrypting means decrypts the encrypted data recorded in the private area according to the decryption algorithm when the fingerprint data of the person to be authenticated matches the fingerprint data of the registrant. The optical information reading device according to claim 1 or 2. Each encryption key of the plurality of encrypted data recorded in the private area is associated with each physical feature of a plurality of registrants,
The reading means, when the authentication key generated by the key generation means corresponds to the encryption key associated with the physical feature of any registrant, the corresponding encryption key optical information reading apparatus according to any one of claims 3 the encrypted data corresponding claim 1, wherein the decrypting in accordance with the decryption algorithm. An optical information reader;
A portable terminal having display means capable of displaying the information code;
An authentication system comprising:
The optical information reader is
An imaging means capable of imaging an information code and a human physical feature;
When the information code is imaged by the imaging means, a decoding means for decoding the imaged information code;
With
The decryption means includes a partly private area in which the information code picked up by the image pickup means has a public area and a private area in which encrypted data encrypted based on a predetermined encryption key is recorded. When it is a code, it is configured to decrypt the data in the public area and decrypt the data in the private area on the condition that the encryption key is acquired,
The partially private code is formed by associating the encryption key of the encrypted data with the biometric information of the physical feature of the registrant,
An extraction unit that extracts the biometric information of the authentication target person from the captured image of the physical feature part when the physical feature part of the authentication target person is imaged by the imaging unit;
Key generation means for generating an authentication key used for authentication of the partially private code based on the biometric information of the person to be authenticated extracted by the extraction means;
With
The decryption means, when the authentication key generated by the key generation means matches the encryption key, the encrypted data recorded in the private area based on the authentication key and a predetermined decryption algorithm Is a structure to decrypt
The portable terminal is
Storage means for storing image data of the partially private code generated by the portable terminal or an external device;
Display control means for reading out the image data stored in the storage means and displaying the partially private code on the display means;
With
The display control means sequentially displays each partial private code on the display means when a plurality of the image data of the partial private code is stored in the storage means,
The image pickup means of the optical information reader picks up each partially-disclosed code sequentially displayed on the display means,
The decrypting means of the optical information reading device is configured to perform the processing when the authentication key generated by the key generating means matches the encryption key of any one of the partially private codes that are sequentially displayed. An authentication system , comprising: decrypting the encrypted data recorded in the private area of a private code . An optical information reader;
A portable terminal having display means capable of displaying the information code;
An authentication system comprising:
The optical information reader is
An imaging means capable of imaging an information code and a human physical feature;
When the information code is imaged by the imaging means, a decoding means for decoding the imaged information code;
With
The decryption means includes a partly private area in which the information code picked up by the image pickup means has a public area and a private area in which encrypted data encrypted based on a predetermined encryption key is recorded. When it is a code, it is configured to decrypt the data in the public area and decrypt the data in the private area on the condition that the encryption key is acquired,
The partially private code is formed by associating the encryption key of the encrypted data with the biometric information of the physical feature of the registrant,
An extraction unit that extracts the biometric information of the authentication target person from the captured image of the physical feature part when the physical feature part of the authentication target person is imaged by the imaging unit;
Key generation means for generating an authentication key used for authentication of the partially private code based on the biometric information of the person to be authenticated extracted by the extraction means;
With
The decryption means, when the authentication key generated by the key generation means matches the encryption key, the encrypted data recorded in the private area based on the authentication key and a predetermined decryption algorithm Is a structure to decrypt
The portable terminal is
Storage means for storing image data of the partially private code generated by the portable terminal or an external device;
Display control means for reading out the image data stored in the storage means and displaying the partially private code on the display means;
With
The display control means, when a plurality of the image data of the partially private code is stored in the storage means, to display a plurality of the partially private code on the display means at the same time,
The imaging means of the optical information reading device images the plurality of the partially secret codes displayed on the display means,
The decrypting means of the optical information reading device is configured to perform the processing when the authentication key generated by the key generating means matches the encryption key of any one of the partially displayed secret codes. An authentication system , comprising: decrypting the encrypted data recorded in the private area of a private code .

Images