[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2024171434A1 - Information updating device and method, authentication device and method, and computer-readable medium - Google Patents

Information updating device and method, authentication device and method, and computer-readable medium Download PDF

Info

Publication number
WO2024171434A1
WO2024171434A1 PCT/JP2023/005740 JP2023005740W WO2024171434A1 WO 2024171434 A1 WO2024171434 A1 WO 2024171434A1 JP 2023005740 W JP2023005740 W JP 2023005740W WO 2024171434 A1 WO2024171434 A1 WO 2024171434A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
biometric information
authentication
encryption key
user
Prior art date
Application number
PCT/JP2023/005740
Other languages
French (fr)
Japanese (ja)
Inventor
雄太 清水
寿幸 一色
健吾 森
和樹 稲垣
洸陽 柴田
康平 土方
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2023/005740 priority Critical patent/WO2024171434A1/en
Publication of WO2024171434A1 publication Critical patent/WO2024171434A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the present disclosure relates to an information update device, an information update method, an authentication device, an authentication method, and a computer-readable medium.
  • Patent Document 1 discloses a face recognition device.
  • a user's biometric information is encrypted by homomorphic encryption using the user's public key.
  • the authentication device receives the encrypted biometric information, the user's identification information, and the user's public key from the encryption device.
  • the authentication device searches a database and obtains the user's encrypted biometric information and the user's public key registered in the database.
  • the authentication device authenticates the user based on the encrypted biometric information and the user's public key obtained from the database, and the encrypted biometric information and the user's public key received from the encryption device.
  • Patent Document 1 if biometric information registered in a database is leaked, a re-registration process of the biometric information is performed.
  • the encryption device generates a new private key and public key pair.
  • the encryption device encrypts the user's biometric information using the newly generated public key.
  • the authentication device receives the newly generated public key and the encrypted biometric information from the encryption device.
  • the authentication device updates the information registered in the database with the received public key and the received encrypted biometric information. In this way, even if the encrypted biometric information is leaked, the old encrypted biometric information can be canceled, and spoofing using the leaked encrypted biometric information can be prevented.
  • the authentication device described in Patent Document 1 invalidates biometric authentication using the leaked biometric information by updating the key pair.
  • a user generally cannot know when the encrypted biometric information was leaked. From the time a user notices the leak until the key pair is subsequently updated, the leaked encrypted biometric information is valid, making it possible to impersonate a person using the leaked encrypted biometric information. For this reason, it is considered preferable to change the key information at an appropriate time, rather than after the user notices the leak.
  • the present disclosure aims to provide an information update device, an information update method, an authentication device, an authentication method, and a computer-readable medium that can update key information used for encryption at an appropriate time.
  • the present disclosure provides, as a first aspect, an information updating device.
  • the information updating device includes a detection unit that detects a predetermined operation of the device related to authentication performed using encrypted biometric information of a user, and an information updating unit that updates encryption key information used to encrypt the user's biometric information and target biometric information encrypted with the encryption key information when the predetermined operation is detected.
  • the present disclosure provides, as a second aspect, an authentication device.
  • the authentication device includes a biometric information acquisition unit that acquires biometric information of a user, an encryption unit that encrypts the acquired biometric information with encryption key information to generate query biometric information, an authentication unit that authenticates the user by comparing the query biometric information with target biometric information encrypted using the encryption key information, a detection unit that detects a predetermined operation of the device related to the authentication, and an information update unit that updates the encryption key information and updates the target biometric information using the updated encryption key information when the predetermined operation is detected.
  • the present disclosure provides, as a third aspect, an information update method.
  • the information update method includes detecting a predetermined operation of a device related to authentication performed using encrypted user biometric information, and, when the predetermined operation is detected, updating encryption key information used to encrypt the user biometric information and target biometric information encrypted with the encryption key information.
  • the present disclosure provides, as a fourth aspect, an authentication method.
  • the authentication method includes acquiring biometric information of a user, encrypting the acquired biometric information with encryption key information to generate query biometric information, authenticating the user by comparing the query biometric information with target biometric information encrypted using the encryption key information, detecting a predetermined operation of a device related to the authentication, updating the encryption key information when the predetermined operation is detected, and updating the target biometric information using the updated encryption key information.
  • the present disclosure provides a computer-readable medium.
  • the computer-readable medium stores a program for causing a processor to execute a process including detecting a predetermined operation of a device related to authentication performed using encrypted user biometric information, and updating encryption key information used to encrypt the user biometric information and target biometric information encrypted with the encryption key information when the predetermined operation is detected.
  • the present disclosure provides a computer-readable medium as a sixth aspect.
  • the computer-readable medium stores a program for causing a processor to execute a process including acquiring biometric information of a user, encrypting the acquired biometric information with cryptographic key information to generate query biometric information, authenticating the user by matching the query biometric information with target biometric information encrypted using the cryptographic key information, detecting a predetermined operation of a device related to the authentication, updating the cryptographic key information when the predetermined operation is detected, and updating the target biometric information using the updated cryptographic key information.
  • the information update device, information update method, authentication device, authentication method, and computer-readable medium disclosed herein can update key information used for encryption at the appropriate time.
  • FIG. 1 is a block diagram showing a schematic configuration of an authentication device according to the present disclosure.
  • 1 is a block diagram showing an authentication system including an authentication device according to an embodiment of the present disclosure.
  • 3A and 3B are schematic diagrams showing biometric information extracted from a camera image, query biometric information, and target biometric information.
  • 4 is a flowchart showing an operation procedure during authentication in the authentication device.
  • 10 is a flowchart showing an operation procedure of the authentication device when updating key information.
  • FIG. 1 is a block diagram showing an example of the configuration of an electronic device.
  • FIG. 1 shows a schematic configuration of an authentication device according to the present disclosure.
  • the authentication device 10 has a biometric information acquisition unit 11, an encryption unit 12, an authentication unit 13, a detection unit 15, and an information update unit 16.
  • the detection unit 15 and the information update unit 16 constitute an information update device 20.
  • FIG. 1 shows an example in which the information update device 20 is included in the authentication device 10, the present disclosure is not limited to this.
  • the information update device 20 does not necessarily have to be included in the authentication device 10, and the authentication device 10 and the information update device 20 may each be configured as independent devices.
  • the biometric information acquisition unit 11 acquires biometric information of the user.
  • the encryption unit 12 encrypts the biometric information acquired by the biometric information acquisition unit 11 with encryption key information to generate query biometric information.
  • the authentication unit 13 authenticates the user by comparing the query biometric information with target biometric information encrypted using the encryption key information used by the encryption unit 12.
  • the detection unit 15 detects a predetermined operation of a device related to authentication.
  • the device related to authentication means, for example, a device that the user operates after authentication.
  • the device related to authentication may be a device located at a predetermined place.
  • the information update unit 16 updates the encryption key information used by the encryption unit 12 for encryption. Furthermore, the information update unit 16 updates the target biometric information using the updated encryption key information.
  • the information update unit 16 updates the encryption key information and the target biometric information when a specified operation of the device related to authentication is detected. Even if the target biometric information is stolen by a malicious person and the user is unaware that the target biometric information has been stolen, the encryption key information is updated when the specified operation is detected. In the present disclosure, since the encryption key information and the target biometric information are updated in relation to a specified operation of the device related to authentication, it is possible to update the key information and target biometric information used for encryption at an appropriate time. Furthermore, in the present disclosure, by updating the key information and target biometric information used for encryption at an appropriate time, security risks can be reduced.
  • FIG. 2 shows an authentication system including an authentication device according to one embodiment of the present disclosure.
  • the authentication system 100 has an authentication device 110 and a camera 130.
  • an example is described in which the authentication system 100 is used for entry into the interior of a vehicle such as an automobile.
  • the authentication system 100 is not limited to entry into the interior of a vehicle, and can be applied to authentication in various systems such as access control systems for specific locations or areas.
  • the camera 130 photographs the user or subject to be authenticated.
  • the camera 130 photographs a person about to get into a vehicle.
  • the vehicle is, for example, a moving body such as a passenger car, a taxi, or a van.
  • the camera 130 is, for example, mounted on the vehicle and photographs the user outside the vehicle from inside the vehicle.
  • the camera 130 may be installed outside the vehicle and photograph the user approaching the vehicle.
  • the camera 130 may be installed inside the vehicle and photograph the user who has gotten into the vehicle.
  • the authentication device 110 acquires an image of the user from the camera 130 and performs biometric authentication on the user using the acquired image.
  • the authentication system 100 may have multiple cameras 130.
  • the authentication system 100 may include, for example, one or more cameras that photograph the vehicle from outside the vehicle, one or more cameras mounted on the vehicle that photograph the area outside the vehicle, and one or more cameras mounted on the vehicle that photograph the area inside the vehicle.
  • the authentication device 110 has an image acquisition unit 111, a feature extraction unit 112, an encryption unit 113, an authentication unit 114, a face information DB (database) 115, a detection unit 116, and an information update unit 117.
  • the authentication device 110 may be configured, for example, as a device having one or more memories and one or more processors. At least a part of the functions of each unit in the authentication device 110 may be realized by the processor operating in accordance with a program read from the memory.
  • the authentication device 110 may be mounted on a vehicle, for example.
  • the authentication device 110 corresponds to the authentication device 10 shown in FIG. 1.
  • the image acquisition unit 111 acquires videos or images captured by the camera 130.
  • the image acquisition unit 111 sequentially acquires the latest images captured by the camera 130.
  • the feature extraction unit 112 extracts biometric features from the images acquired by the image acquisition unit 111. Biometric features are also called biometric information.
  • the feature extraction unit 112 detects, for example, a facial region or facial image of a person present around the vehicle, i.e., a user, from image data, and extracts biometric information from the detected facial region or facial image.
  • the feature extraction unit 112 corresponds to the biometric information acquisition unit 11 shown in FIG. 1.
  • the encryption unit 113 encrypts the biometric information extracted by the feature extraction unit 112 using encryption key information to generate encrypted biometric information.
  • homomorphic encryption is used as the encryption method.
  • the encrypted biometric information is also called query biometric information.
  • the encryption unit 113 corresponds to the encryption unit 12 shown in FIG. 1.
  • the face information DB 115 stores biometric information extracted from face images for one or more registered persons, i.e., users, to be authenticated.
  • the face information DB 115 stores the biometric information of each of multiple users in a storage device, such as a hard disk drive (HDD), a solid state drive (SSD), or a flash memory.
  • the biometric information stored in the face information DB 115 is also called target biometric information.
  • the target biometric information stored in the face information DB 115 is encrypted using encryption key information used for encryption by the encryption unit 113.
  • a user registers biometric information in advance in the authentication device 110.
  • the user inputs a camera image taken with, for example, the user's own smartphone or digital camera into the authentication device 110.
  • the authentication device 110 extracts biometric information from the camera image input by the user in the feature extraction unit 112, and encrypts the extracted biometric information in the encryption unit 113 using encryption key information.
  • the authentication device 110 stores the encrypted biometric information in the face information DB 115 as target biometric information.
  • the face information DB 115 may store encrypted face images of each of one or more users instead of or in addition to the encrypted biometric information.
  • the face information DB 115 does not necessarily have to be included in the authentication device 10.
  • the face information DB 115 may be configured, for example, using a storage device connected to the authentication device 10 via a network.
  • the authentication unit 114 compares the query biometric information encrypted by the feature extraction unit 112 with the target biometric information stored in the face information DB 115 to authenticate the user. More specifically, the authentication unit 114 acquires the target biometric information of each user from the face information DB 115. The authentication unit 114 compares the query biometric information with the acquired target biometric information of each user. The authentication unit 114 calculates a matching score indicating the degree of match or similarity between the query biometric information and the target biometric information. For example, the matching score indicates a higher value as the degree of match or similarity increases. For example, the authentication unit 114 compares the matching score calculated for each user with a threshold value and determines whether or not face authentication has been successful based on the result of the comparison. The authentication unit 114 corresponds to the authentication unit 13 shown in FIG. 1.
  • the authentication result of the authentication device 110 is output to a device or system that uses the authentication result, such as an in-vehicle entry system.
  • the authentication device 110 outputs the authentication result to vehicle equipment (not shown), such as an ECU (Electronic Control Unit) that controls the vehicle, via an in-vehicle network such as a CAN (Controller Area Network).
  • vehicle equipment not shown
  • ECU Electronic Control Unit
  • CAN Controller Area Network
  • the detection unit 116 detects a predetermined operation of a device related to authentication.
  • the device related to authentication is a vehicle, and the detection unit 116 detects a predetermined operation in the vehicle.
  • the detection unit 116 detects, for example, at least one of opening and closing of a vehicle door, starting of a drive system such as an engine in the vehicle, starting the vehicle, locking of the vehicle door, and stopping of the drive system.
  • the detection unit 116 may, for example, acquire a signal output from an ECU mounted in the vehicle through an in-vehicle network, and detect a predetermined operation in the vehicle based on the acquired signal.
  • the detection unit 116 may, for example, analyze an image of a camera capturing an area inside the vehicle or an area outside the vehicle, and detect a predetermined operation of a user in the vehicle.
  • the detection unit 116 corresponds to the detection unit 15 shown in FIG. 1.
  • the information update unit 117 changes or updates the encryption key information used to generate query biometric information in the encryption unit 113.
  • the information update unit 117 also updates the target biometric information stored in the face information DB 115 using the changed or updated encryption key information.
  • the information update unit 117 may update the encryption key information and the target biometric information every time a predetermined movement is detected. Alternatively, the information update unit 117 may update the encryption key information and the target biometric information every time a predetermined movement is detected a predetermined number of times.
  • the information update unit 117 corresponds to the information update unit 16 shown in FIG. 1.
  • FIG. 3 shows biometric information extracted from a camera image, query biometric information, and target biometric information.
  • the feature extraction unit 112 extracts biometric information from the camera image.
  • the encryption unit 113 encrypts the biometric information extracted by the feature extraction unit 112 using encryption key information to generate query biometric information.
  • the authentication unit 114 compares the query biometric information encrypted by the encryption unit 113 with the encrypted target biometric information stored in the face information DB 115.
  • the information update unit 117 updates the encryption key information and the target biometric information stored in the face information DB 115.
  • the encryption key information is updated, the query biometric information and the target biometric information before the encryption key information is updated are different from the query biometric information and the target biometric information after the encryption key information is updated. Therefore, even if the target biometric information is stolen by a malicious person, the stolen target biometric information can be invalidated by changing the encryption key information. Therefore, this embodiment can reduce the risk of personal information being leaked and improve security.
  • FIG. 4 shows the operation procedure during authentication in the authentication device 110.
  • the operation procedure of the authentication device 110 corresponds to the authentication method.
  • the image acquisition unit 111 acquires a camera image from the camera 130 (step A1).
  • the image acquisition unit 111 may periodically perform step A1 and acquire camera images in time series from the camera 130 that captures moving images.
  • the feature extraction unit 112 detects a face region from the camera image and extracts biometric features from the image of the face region (step A2).
  • the feature extraction unit 112 for example, extracts one or more feature points from the image of the face region and extracts one or more biometric features based on the extracted one or more feature points.
  • the encryption unit 113 encrypts the biometric features extracted in step A2 to generate query biometric information (step A3).
  • the authentication unit 114 compares the query biometric information generated in step A3 with the target biometric information stored in the face information DB 115 to perform face authentication (step A4). In step A4, the authentication unit 114 calculates, for example, a matching score between the target biometric information and the query biometric information.
  • the authentication unit 114 determines whether or not the facial authentication was successful (step A5).
  • the authentication unit 114 compares the matching score with a threshold value, and determines whether or not the facial authentication was successful depending on whether or not the matching score is equal to or greater than the threshold value. If the matching score is equal to or greater than the threshold value, the authentication unit 114 determines in step A5 that the facial authentication was successful. In that case, the authentication unit 114 outputs a message indicating that the facial authentication was successful to a device that uses the authentication result, such as an in-vehicle entry system (step A6).
  • the authentication unit 114 determines that the facial authentication has failed in step A5. In that case, the authentication unit 114 outputs a message indicating that the facial authentication has failed to the device that uses the authentication result (step A7). If the facial authentication has failed, the authentication device 110 may return to step A1 and restart the facial authentication from the beginning.
  • FIG. 5 shows the operation procedure of the authentication device 110 when updating key information.
  • the operation procedure of the authentication device 110 when updating key information corresponds to the information update method.
  • the operation procedure of the authentication device 110 when updating key information shown in FIG. 5 may be performed before or after the operation procedure of the authentication device 110 when authenticating shown in FIG. 4.
  • the operation procedure of the authentication device 110 when updating key information shown in FIG. 5 may be performed in parallel with the operation procedure of the authentication device 110 when authenticating shown in FIG. 4.
  • the detection unit 116 determines whether a predetermined action or operation has been performed in the vehicle (step B1). In step B1, the detection unit 116 determines whether at least one of the following has been performed: opening and closing the vehicle door, starting the drive system such as the engine in the vehicle, starting the vehicle, locking the vehicle door, and stopping the drive system.
  • the detection unit 116 determines that a predetermined action or operation has been performed in the vehicle, it transmits a notification to the information update unit 117 indicating that the predetermined action or operation has been detected.
  • the detection unit 116 may count the number of times that the predetermined action or operation has been performed, and when the number of times reaches a predetermined number, transmits a notification to the information update unit 117 indicating that the predetermined action or operation has been detected.
  • the information update unit 117 When the information update unit 117 receives a notification from the detection unit 116 indicating that a predetermined movement or operation has been detected, it updates the encryption key information used to encrypt the biometric information in the encryption unit 113, i.e., the encryption key information used to generate the query biometric information (step B2). In step B2, the information update unit 117 generates encryption key information different from the encryption key information used for encryption in the encryption unit 113, and transmits the generated encryption key information to the encryption unit 113. When the encryption unit 113 receives encryption key information from the information update unit 117, it changes the encryption key information used for encryption to the encryption key information received from the information update unit 117.
  • the information update unit 117 also uses the updated encryption key information to update the target biometric information stored in the face information DB 115 (step B3).
  • the information update unit 117 updates the target biometric information, for example, by decrypting the target biometric information before the update using the key information before the update, and encrypting the decrypted target biometric information using the updated encryption key information.
  • the information update unit 117 updates the encryption key information and the target biometric information.
  • the information update unit 117 updates the encryption key information the target biometric information encrypted with the old encryption key information cannot be used for authentication. Therefore, this embodiment can improve security.
  • the encryption key information and the target biometric information are updated when a specific action is detected. Therefore, even if the user does not specifically instruct an update of the encryption key information, the encryption key information is updated periodically. In this embodiment, even if the target biometric information is stolen, the period during which the stolen target biometric information can be used for authentication can be shortened, and the possibility that the stolen target biometric information will be misused can be reduced.
  • FIG. 6 shows an example of the hardware configuration of an electronic device that can be used in the authentication device 110.
  • the electronic device 500 has a processor (CPU: Central Processing Unit) 501, a ROM (read only memory) 502, and a RAM (random access memory) 503.
  • the processor 501, the ROM 502, and the RAM 503 are connected to each other via a bus 504.
  • the authentication device 110 may include other circuits such as peripheral circuits, communication circuits, and interface circuits, although these are not shown.
  • ROM 502 is a non-volatile storage device.
  • a semiconductor storage device with a relatively small capacity such as a flash memory, is used for ROM 502.
  • ROM 502 stores the programs executed by processor 501.
  • the program includes instructions (or software code) that, when loaded into a computer, causes the computer to perform one or more functions described in the embodiments.
  • the program may be stored on a non-transitory computer-readable medium or a tangible storage medium.
  • computer-readable media or tangible storage media include RAM, ROM, flash memory, SSD or other memory technology, Compact Disc (CD), digital versatile disc (DVD), Blu-ray (registered trademark) disc or other optical disk storage, magnetic cassette, magnetic tape, magnetic disk storage or other magnetic storage devices.
  • the program may be transmitted on a transitory computer-readable medium or a communication medium.
  • transitory computer-readable media or communication media include electrical, optical, acoustic, or other forms of propagated signals.
  • RAM 503 is a volatile storage device.
  • Various semiconductor memory devices such as DRAM (Dynamic Random Access Memory) or SRAM (Static Random Access Memory) are used for RAM 503.
  • RAM 503 can be used as an internal buffer for temporarily storing data, etc.
  • the processor 501 loads the program stored in the ROM 502 into the RAM 503 and executes the program.
  • the CPU 501 executes the program, thereby realizing the functions of each part in the authentication device 110.
  • the authentication device 110 does not necessarily have to be configured as a single device.
  • the authentication device 110 may be configured using multiple devices that are physically separated.
  • the authentication device 110 may be separated into a device having an image acquisition unit 111, a feature extraction unit 112, an encryption unit 113, and an authentication unit 114, and an information update device having a detection unit 116 and an information update unit 117.
  • the authentication device 110 when used for vehicle interior entry, it is not necessary for all functions of the authentication device 110 to be installed in the vehicle. For example, some of the functions of the authentication device 110 may be installed in the vehicle, and the rest may be located outside the vehicle. Alternatively, each part of the authentication device 110 may be located outside the vehicle. In that case, the authentication device 110 may acquire camera images from the camera 130 via a wireless communication network. Furthermore, the authentication device 110 may transmit the authentication result to the vehicle via the wireless communication network.
  • Appendix 1 a detection unit that detects a predetermined operation of the device related to authentication performed using the encrypted biometric information of a user; and an information updating unit that updates encryption key information used to encrypt the user's biometric information and the target biometric information encrypted with the encryption key information when the specified movement is detected.
  • Appendix 3 The information update device described in Appendix 2, wherein the detection unit detects at least one of opening and closing of a door of the vehicle, starting of a drive system in the vehicle, starting of the vehicle, locking of the door of the vehicle, and stopping of the drive system.
  • Appendix 4 The information updating device described in any one of Appendices 1 to 3, wherein the information updating unit updates the encryption key information when the specified movement is detected a specified number of times, and updates the target biometric information using the updated encryption key information.
  • a biometric information acquisition unit that acquires biometric information of a user; an encryption unit that encrypts the acquired biometric information with encryption key information to generate query biometric information; an authentication unit that authenticates the user by comparing the query biometric information with target biometric information encrypted using the encryption key information; A detection unit that detects a predetermined operation of the device related to the authentication; an information update unit that updates the encryption key information when the predetermined motion is detected, and updates the target biometric information using the updated encryption key information.
  • the authentication device is used in a vehicle, 6.
  • Appendix 7 The authentication device described in Appendix 6, wherein the detection unit detects at least one of opening and closing of a door of the vehicle, starting of a drive system in the vehicle, starting of the vehicle, locking of the door of the vehicle, and stopping of the drive system.
  • [Appendix 10] Acquire biometric information of the user; encrypting the acquired biometric information with encryption key information to generate query biometric information; authenticating the user by matching the query biometric information with target biometric information encrypted using the encryption key information; Detecting a predetermined operation of the device related to the authentication; updating the encryption key information when the predetermined motion is detected, and updating the target biometric information using the updated encryption key information.
  • a non-transitory computer-readable medium storing a program for causing a processor to execute a process including updating, when the specified motion is detected, cryptographic key information used to encrypt the user's biometric information and target biometric information encrypted with the cryptographic key information.
  • [Appendix 12] Acquire biometric information of the user; encrypting the acquired biometric information with encryption key information to generate query biometric information; authenticating the user by matching the query biometric information with target biometric information encrypted using the encryption key information; Detecting a predetermined operation of the device related to the authentication;
  • a non-transitory computer-readable medium storing a program for causing a processor to execute a process including updating the encryption key information when the specified motion is detected, and updating the target biometric information using the updated encryption key information.
  • Authentication device 11 Biometric information acquisition unit 12: Encryption unit 13: Authentication unit 15: Detection unit 16: Information update unit 20: Information update device 100: Authentication system 110: Authentication device 111: Image acquisition unit 112: Feature extraction unit 113: Encryption unit 114: Authentication unit 115: Face information DB 116: Detection unit 117: Information update unit 130: Camera 500: Electronic device 501: Processor 502: ROM 503: RAM 504: Bus

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

This invention makes it possible to update key information that is used for encryption at an appropriate timing. A biometric information acquisition unit (11) acquires biometric information of a user. An encryption unit (12) encrypts the acquired biometric information with cryptographic key information, and generates query biometric information. An authentication unit (13) authenticates the user by comparing the generated query biometric information and target biometric information encrypted using the cryptographic key information. A sensing unit (15) senses a prescribed operation of a device associated with authentication of the user. An information update unit (16) updates the cryptographic key information and the target biometric information if the prescribed operation has been sensed.

Description

情報更新装置及び方法、認証装置及び方法、並びにコンピュータ可読媒体Information update device and method, authentication device and method, and computer-readable medium
 本開示は、情報更新装置、情報更新方法、認証装置、認証方法、及びコンピュータ可読媒体に関する。 The present disclosure relates to an information update device, an information update method, an authentication device, an authentication method, and a computer-readable medium.
 関連技術として、特許文献1は、顔認証装置を開示する。特許文献1において、利用者の生体情報は、利用者の公開鍵を用いて準同型暗号によって暗号化される。認証装置は、暗号化装置から、暗号化された生体情報、利用者の識別情報、及び利用者の公開鍵を受信する。認証装置は、データベースを検索し、データベースに登録されている利用者の暗号化された生体情報と利用者の公開鍵とを取得する。認証装置は、データベースから取得された暗号化された生体情報及び利用者の公開鍵と、暗号化装置から受信した暗号化された生体情報及び利用者の公開鍵に基づいて、利用者の認証を行う。 As a related technique, Patent Document 1 discloses a face recognition device. In Patent Document 1, a user's biometric information is encrypted by homomorphic encryption using the user's public key. The authentication device receives the encrypted biometric information, the user's identification information, and the user's public key from the encryption device. The authentication device searches a database and obtains the user's encrypted biometric information and the user's public key registered in the database. The authentication device authenticates the user based on the encrypted biometric information and the user's public key obtained from the database, and the encrypted biometric information and the user's public key received from the encryption device.
 特許文献1では、データベースに登録された生体情報が漏えいした場合、生体情報の再登録処理が実施される。その場合、暗号化装置は、新たな秘密鍵及び公開鍵のペアを生成する。暗号化装置は、新たに生成された公開鍵を用いて利用者の生体情報を暗号化する。認証装置は、暗号化装置から、新たに生成された公開鍵、及び暗号化された生体情報を受信する。認証装置は、受信した公開鍵及び受信した暗号化された生体情報とで、データベースに登録される情報を更新する。このようにすることで、暗号化された生体情報が漏えいした場合にも、古い暗号化された生体情報をキャンセルし、漏えいした暗号化された生体情報を用いたなりすましを防止することができる。 In Patent Document 1, if biometric information registered in a database is leaked, a re-registration process of the biometric information is performed. In this case, the encryption device generates a new private key and public key pair. The encryption device encrypts the user's biometric information using the newly generated public key. The authentication device receives the newly generated public key and the encrypted biometric information from the encryption device. The authentication device updates the information registered in the database with the received public key and the received encrypted biometric information. In this way, even if the encrypted biometric information is leaked, the old encrypted biometric information can be canceled, and spoofing using the leaked encrypted biometric information can be prevented.
特開2011-211593号公報JP 2011-211593 A
 特許文献1に記載の認証装置は、暗号化された生体情報が漏えいした場合、鍵ペアを更新することで、漏えいした生体情報を用いた生体認証を無効化する。しかしながら、一般に、利用者は、いつ暗号化された生体情報が漏えいしたかを知ることができない。利用者が漏えいに気付いてから、事後的に鍵ペアが更新されるまでの間は、漏えいした暗号化された生体情報は有効であり、漏えいした暗号化された生体情報を用いたなりすましが可能である。このため、利用者が漏えいしたと気が付いた後ではなく、適切なタイミングで鍵情報を変更することが好ましいと考えられる。 If encrypted biometric information is leaked, the authentication device described in Patent Document 1 invalidates biometric authentication using the leaked biometric information by updating the key pair. However, a user generally cannot know when the encrypted biometric information was leaked. From the time a user notices the leak until the key pair is subsequently updated, the leaked encrypted biometric information is valid, making it possible to impersonate a person using the leaked encrypted biometric information. For this reason, it is considered preferable to change the key information at an appropriate time, rather than after the user notices the leak.
 本開示は、上記事情に鑑み、適切なタイミングで暗号化に使用される鍵情報を更新することができる情報更新装置、情報更新方法、認証装置、認証方法、及びコンピュータ可読媒体を提供することを目的とする。 In view of the above circumstances, the present disclosure aims to provide an information update device, an information update method, an authentication device, an authentication method, and a computer-readable medium that can update key information used for encryption at an appropriate time.
 上記目的を達成するために、本開示は、第1の態様として、情報更新装置を提供する。情報更新装置は、暗号化されたユーザの生体情報を用いて実施される認証に関連した装置の所定の動作を検知する検知部と、前記所定の動作が検知された場合、ユーザの生体情報の暗号化に使用される暗号鍵情報、及び該暗号鍵情報で暗号化されたターゲット生体情報を更新する情報更新部とを含む。 In order to achieve the above object, the present disclosure provides, as a first aspect, an information updating device. The information updating device includes a detection unit that detects a predetermined operation of the device related to authentication performed using encrypted biometric information of a user, and an information updating unit that updates encryption key information used to encrypt the user's biometric information and target biometric information encrypted with the encryption key information when the predetermined operation is detected.
 本開示は、第2の態様として、認証装置を提供する。認証装置は、ユーザの生体情報を取得する生体情報取得部と、前記取得された生体情報を暗号鍵情報で暗号化し、クエリ生体情報を生成する暗号化部と、前記クエリ生体情報と、前記暗号鍵情報を用いて暗号化されたターゲット生体情報とを照合することで前記ユーザを認証する認証部と、前記認証に関連した装置の所定の動作を検知する検知部と、前記所定の動作が検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新する情報更新部とを含む。 The present disclosure provides, as a second aspect, an authentication device. The authentication device includes a biometric information acquisition unit that acquires biometric information of a user, an encryption unit that encrypts the acquired biometric information with encryption key information to generate query biometric information, an authentication unit that authenticates the user by comparing the query biometric information with target biometric information encrypted using the encryption key information, a detection unit that detects a predetermined operation of the device related to the authentication, and an information update unit that updates the encryption key information and updates the target biometric information using the updated encryption key information when the predetermined operation is detected.
 本開示は、第3の態様として、情報更新方法を提供する。情報更新方法は、暗号化されたユーザの生体情報を用いて実施される認証に関連した装置の所定の動作を検知し、前記所定の動作が検知された場合、ユーザの生体情報の暗号化に使用される暗号鍵情報、及び該暗号鍵情報で暗号化されたターゲット生体情報を更新することを含む。 The present disclosure provides, as a third aspect, an information update method. The information update method includes detecting a predetermined operation of a device related to authentication performed using encrypted user biometric information, and, when the predetermined operation is detected, updating encryption key information used to encrypt the user biometric information and target biometric information encrypted with the encryption key information.
 本開示は、第4の態様として、認証方法を提供する。認証方法は、ユーザの生体情報を取得し、前記取得された生体情報を暗号鍵情報で暗号化してクエリ生体情報を生成し、前記クエリ生体情報と、前記暗号鍵情報を用いて暗号化されたターゲット生体情報とを照合することで前記ユーザを認証し、前記認証に関連した装置の所定の動作を検知し、前記所定の動作が検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新することを含む。 The present disclosure provides, as a fourth aspect, an authentication method. The authentication method includes acquiring biometric information of a user, encrypting the acquired biometric information with encryption key information to generate query biometric information, authenticating the user by comparing the query biometric information with target biometric information encrypted using the encryption key information, detecting a predetermined operation of a device related to the authentication, updating the encryption key information when the predetermined operation is detected, and updating the target biometric information using the updated encryption key information.
 本開示は、第5の態様として、コンピュータ可読媒体を提供する。コンピュータ可読媒体は、暗号化されたユーザの生体情報を用いて実施される認証に関連した装置の所定の動作を検知し、前記所定の動作が検知された場合、前記ユーザの生体情報の暗号化に使用される暗号鍵情報、及び該暗号鍵情報で暗号化されたターゲット生体情報を更新することを含む処理をプロセッサに実行させるためのプログラムを格納する。 As a fifth aspect, the present disclosure provides a computer-readable medium. The computer-readable medium stores a program for causing a processor to execute a process including detecting a predetermined operation of a device related to authentication performed using encrypted user biometric information, and updating encryption key information used to encrypt the user biometric information and target biometric information encrypted with the encryption key information when the predetermined operation is detected.
 本開示は、第6の態様として、コンピュータ可読媒体を提供する。コンピュータ可読媒体は、ユーザの生体情報を取得し、前記取得された生体情報を暗号鍵情報で暗号化してクエリ生体情報を生成し、前記クエリ生体情報と、前記暗号鍵情報を用いて暗号化されたターゲット生体情報とを照合することで前記ユーザを認証し、前記認証に関連した装置の所定の動作を検知し、前記所定の動作が検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新することを含む処理をプロセッサに実行させるためのプログラムを格納する。 The present disclosure provides a computer-readable medium as a sixth aspect. The computer-readable medium stores a program for causing a processor to execute a process including acquiring biometric information of a user, encrypting the acquired biometric information with cryptographic key information to generate query biometric information, authenticating the user by matching the query biometric information with target biometric information encrypted using the cryptographic key information, detecting a predetermined operation of a device related to the authentication, updating the cryptographic key information when the predetermined operation is detected, and updating the target biometric information using the updated cryptographic key information.
 本開示に係る情報更新装置、情報更新方法、認証装置、認証方法、及びコンピュータ可読媒体は、適切なタイミングで暗号化に使用される鍵情報を更新することができる。 The information update device, information update method, authentication device, authentication method, and computer-readable medium disclosed herein can update key information used for encryption at the appropriate time.
本開示に係る認証装置の概略的な構成を示すブロック図。1 is a block diagram showing a schematic configuration of an authentication device according to the present disclosure. 本開示の一実施形態に係る認証装置を含む認証システムを示すブロック図。1 is a block diagram showing an authentication system including an authentication device according to an embodiment of the present disclosure. カメラ画像から抽出される生体情報、クエリ生体情報、及びターゲット生体情報を示す模式図。3A and 3B are schematic diagrams showing biometric information extracted from a camera image, query biometric information, and target biometric information. 認証装置における認証時の動作手順を示すフローチャート。4 is a flowchart showing an operation procedure during authentication in the authentication device. 鍵情報更新時の認証装置の動作手順を示すフローチャート。10 is a flowchart showing an operation procedure of the authentication device when updating key information. 電子装置の構成例を示すブロック図。FIG. 1 is a block diagram showing an example of the configuration of an electronic device.
 本開示の実施の形態の説明に先立って、本開示の概要を説明する。図1は、本開示に係る認証装置の概略的な構成を示す。認証装置10は、生体情報取得部11、暗号化部12、認証部13、検知部15、及び情報更新部16を有する。認証装置10において、検知部15、及び情報更新部16は、情報更新装置20を構成する。 Before describing the embodiments of the present disclosure, an overview of the present disclosure will be described. FIG. 1 shows a schematic configuration of an authentication device according to the present disclosure. The authentication device 10 has a biometric information acquisition unit 11, an encryption unit 12, an authentication unit 13, a detection unit 15, and an information update unit 16. In the authentication device 10, the detection unit 15 and the information update unit 16 constitute an information update device 20.
 なお、図1では、情報更新装置20が認証装置10に含まれる例が示されているが、本開示はこれには限定されない。情報更新装置20は、必ずしも認証装置10に含まれている必要はなく、認証装置10及び情報更新装置20は、それぞれ独立した装置として構成されていてもよい。 Note that while FIG. 1 shows an example in which the information update device 20 is included in the authentication device 10, the present disclosure is not limited to this. The information update device 20 does not necessarily have to be included in the authentication device 10, and the authentication device 10 and the information update device 20 may each be configured as independent devices.
 生体情報取得部11は、ユーザの生体情報を取得する。暗号化部12は、生体情報取得部11が取得した生体情報を暗号鍵情報で暗号化し、クエリ生体情報を生成する。認証部13は、クエリ生体情報と、暗号化部12が使用する暗号鍵情報を用いて暗号化されているターゲット生体情報とを照合することで、ユーザを認証する。 The biometric information acquisition unit 11 acquires biometric information of the user. The encryption unit 12 encrypts the biometric information acquired by the biometric information acquisition unit 11 with encryption key information to generate query biometric information. The authentication unit 13 authenticates the user by comparing the query biometric information with target biometric information encrypted using the encryption key information used by the encryption unit 12.
 検知部15は、認証に関連した装置の所定の動作を検知する。ここで、認証に関連した装置とは、例えば、ユーザが認証後に操作する装置を意味する。例えば、認証が所定の場所又は区域への入場に関して実施される場合、認証に関連した装置は、所定の場所に配置される装置であり得る。情報更新部16は、所定の動作が検知された場合、暗号化部12が暗号に使用する暗号鍵情報を更新する。また、情報更新部16は、更新された暗号鍵情報を用いてターゲット生体情報を更新する。 The detection unit 15 detects a predetermined operation of a device related to authentication. Here, the device related to authentication means, for example, a device that the user operates after authentication. For example, when authentication is performed for entry into a predetermined place or area, the device related to authentication may be a device located at a predetermined place. When a predetermined operation is detected, the information update unit 16 updates the encryption key information used by the encryption unit 12 for encryption. Furthermore, the information update unit 16 updates the target biometric information using the updated encryption key information.
 本開示では、情報更新部16は、認証に関連した装置の所定の動作が検知された場合、暗号鍵情報、及びターゲット生体情報を更新する。仮に、ターゲット生体情報が悪意を有する者によって窃取された場合で、かつユーザがターゲット生体情報の窃取に気付いていない場合でも、暗号鍵情報は、所定の動作が検知されたことを契機に更新される。本開示では、認証に関連した装置における所定の動作に関連して暗号鍵情報及びターゲット生体情報が更新されるため、適切なタイミングで暗号化に使用される鍵情報及びターゲット生体情報を更新することができる。また、本開示では、適切なタイミングで暗号化に使用される鍵情報及びターゲット生体情報を更新することで、セキュリティリスクを軽減することができる。 In the present disclosure, the information update unit 16 updates the encryption key information and the target biometric information when a specified operation of the device related to authentication is detected. Even if the target biometric information is stolen by a malicious person and the user is unaware that the target biometric information has been stolen, the encryption key information is updated when the specified operation is detected. In the present disclosure, since the encryption key information and the target biometric information are updated in relation to a specified operation of the device related to authentication, it is possible to update the key information and target biometric information used for encryption at an appropriate time. Furthermore, in the present disclosure, by updating the key information and target biometric information used for encryption at an appropriate time, security risks can be reduced.
 以下、図面を参照しつつ、本開示の実施の形態を詳細に説明する。なお、以下の記載及び図面は、説明の明確化のため、適宜、省略及び簡略化がなされている。また、以下の各図面において、同一の要素及び同様な要素には同一の符号が付されており、必要に応じて重複説明は省略されている。 Below, an embodiment of the present disclosure will be described in detail with reference to the drawings. Note that the following description and drawings have been omitted or simplified as appropriate for clarity of explanation. In addition, in each of the following drawings, the same elements and similar elements are given the same reference numerals, and duplicate explanations have been omitted as necessary.
 図2は、本開示の一実施形態に係る認証装置を含む認証システムを示す。認証システム100は、認証装置110、及びカメラ130を有する。以下の説明では、認証システム100が、自動車などの車両における車室内エントリに用いられる例を説明する。認証システム100は、車室内エントリに限らず、特定の場所又は区域への入出管理システムなどの様々なシステムにおける認証に適用され得る。 FIG. 2 shows an authentication system including an authentication device according to one embodiment of the present disclosure. The authentication system 100 has an authentication device 110 and a camera 130. In the following description, an example is described in which the authentication system 100 is used for entry into the interior of a vehicle such as an automobile. The authentication system 100 is not limited to entry into the interior of a vehicle, and can be applied to authentication in various systems such as access control systems for specific locations or areas.
 カメラ130は、認証対象のユーザ、又は被験者を撮影する。本実施形態において、カメラ130は、車両に乗車しようとする人物を撮影するものとする。車両は、例えば乗用車、タクシー、又はバンなどの移動体である。カメラ130は、例えば車両に搭載され、車両の内部から車両外部のユーザを撮影する。カメラ130は、車両の外部に設置され、車両に近付くユーザを撮影してもよい。あるいは、カメラ130は、車両内部に設置され、車両に乗車したユーザを撮影してもよい。認証装置110は、カメラ130からユーザの画像を取得し、取得した画像を用いてユーザに対する生体認証を実施する。 The camera 130 photographs the user or subject to be authenticated. In this embodiment, the camera 130 photographs a person about to get into a vehicle. The vehicle is, for example, a moving body such as a passenger car, a taxi, or a van. The camera 130 is, for example, mounted on the vehicle and photographs the user outside the vehicle from inside the vehicle. The camera 130 may be installed outside the vehicle and photograph the user approaching the vehicle. Alternatively, the camera 130 may be installed inside the vehicle and photograph the user who has gotten into the vehicle. The authentication device 110 acquires an image of the user from the camera 130 and performs biometric authentication on the user using the acquired image.
 なお、図2では、カメラ130が1台だけ図示されているが、本実施形態において、カメラ130の数は1つには限定されない。認証システム100は、複数のカメラ130を有し得る。認証システム100は、例えば、車両の外部から車両を撮影する1以上のカメラと、車両に搭載され、車両の外部の領域を撮影する1以上のカメラと、車両に搭載され、車両の内部の領域を撮影する1以上のカメラとを含み得る。 Note that although only one camera 130 is illustrated in FIG. 2, in this embodiment, the number of cameras 130 is not limited to one. The authentication system 100 may have multiple cameras 130. The authentication system 100 may include, for example, one or more cameras that photograph the vehicle from outside the vehicle, one or more cameras mounted on the vehicle that photograph the area outside the vehicle, and one or more cameras mounted on the vehicle that photograph the area inside the vehicle.
 認証装置110は、画像取得部111、特徴抽出部112、暗号化部113、認証部114、顔情報DB(database)115、検知部116、及び情報更新部117を有する。認証装置110は、例えば、1以上のメモリと1以上のプロセッサを有する装置として構成され得る。認証装置110内の各部の機能の少なくとも一部は、プロセッサが、メモリから読み出したプログラムに従って動作することで、実現され得る。認証装置110は、例えば車両に搭載されていてもよい。認証装置110は、図1に示される認証装置10に対応する。 The authentication device 110 has an image acquisition unit 111, a feature extraction unit 112, an encryption unit 113, an authentication unit 114, a face information DB (database) 115, a detection unit 116, and an information update unit 117. The authentication device 110 may be configured, for example, as a device having one or more memories and one or more processors. At least a part of the functions of each unit in the authentication device 110 may be realized by the processor operating in accordance with a program read from the memory. The authentication device 110 may be mounted on a vehicle, for example. The authentication device 110 corresponds to the authentication device 10 shown in FIG. 1.
 画像取得部111は、カメラ130が撮影した映像又は画像を取得する。画像取得部111は、カメラ130が撮影した最新の画像を、順次に取得する。特徴抽出部112は、画像取得部111が取得した画像から生体特徴を抽出する。生体特徴は、生体情報とも呼ばれる。特徴抽出部112は、例えば、画像データから、車両の周囲に存在する人、すなわちユーザの顔領域又は顔画像を検知し、検知した顔領域又は顔画像から生体情報を抽出する。特徴抽出部112は、図1に示される生体情報取得部11に対応する。 The image acquisition unit 111 acquires videos or images captured by the camera 130. The image acquisition unit 111 sequentially acquires the latest images captured by the camera 130. The feature extraction unit 112 extracts biometric features from the images acquired by the image acquisition unit 111. Biometric features are also called biometric information. The feature extraction unit 112 detects, for example, a facial region or facial image of a person present around the vehicle, i.e., a user, from image data, and extracts biometric information from the detected facial region or facial image. The feature extraction unit 112 corresponds to the biometric information acquisition unit 11 shown in FIG. 1.
 暗号化部113は、特徴抽出部112で抽出された生体情報を、暗号鍵情報を用いて暗号化し、暗号化された生体情報を生成する。本実施形態では、暗号化方式として、準同型暗号が用いられるものとする。暗号化された生体情報は、クエリ生体情報とも呼ばれる。暗号化部113は、図1に示される暗号化部12に対応する。 The encryption unit 113 encrypts the biometric information extracted by the feature extraction unit 112 using encryption key information to generate encrypted biometric information. In this embodiment, homomorphic encryption is used as the encryption method. The encrypted biometric information is also called query biometric information. The encryption unit 113 corresponds to the encryption unit 12 shown in FIG. 1.
 顔情報DB115は、認証対象の1以上の登録者、すなわちユーザそれぞれについて、顔画像から抽出される生体情報を記憶する。顔情報DB115は、例えばHDD(hard disk drive)、SSD(Solid State Drive)、又はフラッシュメモリなどのストレージに、複数のユーザのそれぞれの生体情報を記憶する。顔情報DB115に記憶される生体情報は、ターゲット生体情報とも呼ばれる。本実施形態において、顔情報DB115に記憶されるターゲット生体情報は、暗号化部113が暗号化に使用する暗号鍵情報を用いて暗号化されている。 The face information DB 115 stores biometric information extracted from face images for one or more registered persons, i.e., users, to be authenticated. The face information DB 115 stores the biometric information of each of multiple users in a storage device, such as a hard disk drive (HDD), a solid state drive (SSD), or a flash memory. The biometric information stored in the face information DB 115 is also called target biometric information. In this embodiment, the target biometric information stored in the face information DB 115 is encrypted using encryption key information used for encryption by the encryption unit 113.
 例えば、ユーザは、認証装置110に対して、事前に生体情報の登録を行う。生体情報を登録する場合、ユーザは、例えば自身が所持するスマートフォン、又はデジタルカメラで撮影されたカメラ画像を認証装置110に入力する。認証装置110は、特徴抽出部112においてユーザが入力したカメラ画像から生体情報を抽出し、暗号化部113において抽出した生体情報を、暗号鍵情報を用いて暗号化する。認証装置110は、暗号化された生体情報を、ターゲット生体情報として顔情報DB115に記憶する。顔情報DB115は、暗号化された生体情報に代えて、又はこれに加えて、1以上のユーザそれぞれの暗号化された顔画像を記憶してもよい。 For example, a user registers biometric information in advance in the authentication device 110. When registering biometric information, the user inputs a camera image taken with, for example, the user's own smartphone or digital camera into the authentication device 110. The authentication device 110 extracts biometric information from the camera image input by the user in the feature extraction unit 112, and encrypts the extracted biometric information in the encryption unit 113 using encryption key information. The authentication device 110 stores the encrypted biometric information in the face information DB 115 as target biometric information. The face information DB 115 may store encrypted face images of each of one or more users instead of or in addition to the encrypted biometric information.
 なお、本実施形態において、顔情報DB115は、必ずしも認証装置10に含まれている必要はない。顔情報DB115は、例えば、認証装置10とネットワークを介して接続されたストレージデバイスを用いて構成されていてもよい。 In this embodiment, the face information DB 115 does not necessarily have to be included in the authentication device 10. The face information DB 115 may be configured, for example, using a storage device connected to the authentication device 10 via a network.
 認証部114は、特徴抽出部112で暗号化されたクエリ生体情報と、顔情報DB115に記憶されるターゲット生体情報とを照合し、ユーザを認証する。より詳細には、認証部114は、顔情報DB115から各ユーザのターゲット生体情報を取得する。認証部114は、クエリ生体情報と、取得した各ユーザのターゲット生体情報とを照合する。認証部114は、クエリ生体情報とターゲット生体情報との一致度、又は類似度を示す照合スコアを計算する。照合スコアは、例えば、一致度又は類似度が高いほど高い値を示すものとする。認証部114は、例えば、各ユーザに対して計算された照合スコアとしきい値とを比較し、比較の結果に基づいて、顔認証に成功したか否かを判断する。認証部114は、図1に示される認証部13に対応する。 The authentication unit 114 compares the query biometric information encrypted by the feature extraction unit 112 with the target biometric information stored in the face information DB 115 to authenticate the user. More specifically, the authentication unit 114 acquires the target biometric information of each user from the face information DB 115. The authentication unit 114 compares the query biometric information with the acquired target biometric information of each user. The authentication unit 114 calculates a matching score indicating the degree of match or similarity between the query biometric information and the target biometric information. For example, the matching score indicates a higher value as the degree of match or similarity increases. For example, the authentication unit 114 compares the matching score calculated for each user with a threshold value and determines whether or not face authentication has been successful based on the result of the comparison. The authentication unit 114 corresponds to the authentication unit 13 shown in FIG. 1.
 認証装置110の認証結果は、車室内エントリシステムなどの、認証結果を使用する装置又はシステムに出力される。例えば、認証装置110は、CAN(Controller Area Network)などの車載ネットワークを通じて、車両を制御するECU(Electronic Control Unit)などの車両機器(図示せず)に認証結果を出力する。ECUは、カメラ画像に含まれる人物があらかじめ登録されたユーザであると認証された場合、車両のドアロックを解除し、ユーザの車両への乗車を許可する。ECUは、カメラ画像に含まれる人物があらかじめ登録されたユーザであると認証されなかった場合、車両のドアロックを解除しない。 The authentication result of the authentication device 110 is output to a device or system that uses the authentication result, such as an in-vehicle entry system. For example, the authentication device 110 outputs the authentication result to vehicle equipment (not shown), such as an ECU (Electronic Control Unit) that controls the vehicle, via an in-vehicle network such as a CAN (Controller Area Network). If the ECU authenticates that the person in the camera image is a pre-registered user, it unlocks the vehicle door and allows the user to enter the vehicle. If the ECU does not authenticate that the person in the camera image is a pre-registered user, it does not unlock the vehicle door.
 検知部116は、認証に関連した装置の所定の動作を検知する。本実施形態において、認証に関連した装置は車両であり、検知部116は、車両における所定の動作を検知する。検知部116は、例えば、車両のドアの開閉、車両におけるエンジンなどの駆動システムの起動、車両の発進、車両のドアのロック、及び駆動システムの停止の少なくとも1つを検知する。検知部116は、例えば、車載ネットワークを通じて、車両に搭載されるECUから出力される信号を取得し、取得した信号に基づいて、車両における所定の動作を検知してもよい。検知部116は、例えば車両の内部の領域又は車両の外部の領域を撮影するカメラの画像を解析し、車両におけるユーザの所定の動作を検知してもよい。検知部116は、図1に示される検知部15に対応する。 The detection unit 116 detects a predetermined operation of a device related to authentication. In this embodiment, the device related to authentication is a vehicle, and the detection unit 116 detects a predetermined operation in the vehicle. The detection unit 116 detects, for example, at least one of opening and closing of a vehicle door, starting of a drive system such as an engine in the vehicle, starting the vehicle, locking of the vehicle door, and stopping of the drive system. The detection unit 116 may, for example, acquire a signal output from an ECU mounted in the vehicle through an in-vehicle network, and detect a predetermined operation in the vehicle based on the acquired signal. The detection unit 116 may, for example, analyze an image of a camera capturing an area inside the vehicle or an area outside the vehicle, and detect a predetermined operation of a user in the vehicle. The detection unit 116 corresponds to the detection unit 15 shown in FIG. 1.
 情報更新部117は、検知部116において所定の動作が検知された場合、暗号化部113においてクエリ生体情報の生成に使用される暗号鍵情報を変更又は更新する。また、情報更新部117は、変更又は更新された暗号鍵情報を用いて、顔情報DB115に記憶されるターゲット生体情報を更新する。情報更新部117は、所定の動作が検知されるたびに、毎回、暗号鍵情報及びターゲット生体情報を更新してもよい。あるいは、情報更新部117は、所定の動作が所定回数検知されるたびに、暗号鍵情報及びターゲット生体情報を更新してもよい。情報更新部117は、図1に示される情報更新部16に対応する。 When a predetermined movement is detected by the detection unit 116, the information update unit 117 changes or updates the encryption key information used to generate query biometric information in the encryption unit 113. The information update unit 117 also updates the target biometric information stored in the face information DB 115 using the changed or updated encryption key information. The information update unit 117 may update the encryption key information and the target biometric information every time a predetermined movement is detected. Alternatively, the information update unit 117 may update the encryption key information and the target biometric information every time a predetermined movement is detected a predetermined number of times. The information update unit 117 corresponds to the information update unit 16 shown in FIG. 1.
 図3は、カメラ画像から抽出される生体情報、クエリ生体情報、及びターゲット生体情報を示す。特徴抽出部112は、カメラ画像から生体情報を抽出する。暗号化部113は、特徴抽出部112で抽出された生体情報を暗号鍵情報を用いて暗号化し、クエリ生体情報を生成する。認証部114は、暗号化部113で暗号化されたクエリ生体情報と、顔情報DB115に記憶される暗号化されたターゲット生体情報とを照合する。 FIG. 3 shows biometric information extracted from a camera image, query biometric information, and target biometric information. The feature extraction unit 112 extracts biometric information from the camera image. The encryption unit 113 encrypts the biometric information extracted by the feature extraction unit 112 using encryption key information to generate query biometric information. The authentication unit 114 compares the query biometric information encrypted by the encryption unit 113 with the encrypted target biometric information stored in the face information DB 115.
 情報更新部117は、検知部116で車両において所定の動作が検知された場合、暗号鍵情報、及び顔情報DB115に記憶されるターゲット生体情報を更新する。暗号鍵情報が更新された場合、暗号鍵情報が更新される前のクエリ生体情報及びターゲット生体情報は、暗号鍵情報が更新された後のクエリ生体情報及びターゲット生体情報とは異なる。従って、仮に、ターゲット生体情報が悪意を有する者によって窃取されたとしても、暗号鍵情報を変更することで、窃取されたターゲット生体情報を無効化することができる。従って、本実施形態は、個人情報が漏えいした場合のリスクを低減し、セキュリティを向上できる。 When the detection unit 116 detects a predetermined motion in the vehicle, the information update unit 117 updates the encryption key information and the target biometric information stored in the face information DB 115. When the encryption key information is updated, the query biometric information and the target biometric information before the encryption key information is updated are different from the query biometric information and the target biometric information after the encryption key information is updated. Therefore, even if the target biometric information is stolen by a malicious person, the stolen target biometric information can be invalidated by changing the encryption key information. Therefore, this embodiment can reduce the risk of personal information being leaked and improve security.
 続いて、動作手順を説明する。図4は、認証装置110における認証時の動作手順を示す。認証装置110の動作手順は、認証方法に対応する。画像取得部111は、カメラ130からカメラ画像を取得する(ステップA1)。画像取得部111は、ステップA1を周期的に実施し、動画像を撮影するカメラ130から、時系列的にカメラ画像を取得してもよい。特徴抽出部112は、カメラ画像から顔領域を検出し、顔領域の画像から生体特徴を抽出する(ステップA2)。特徴抽出部112は、ステップA2では、例えば、顔領域の画像から1以上の特徴点を抽出し、抽出した1以上の特徴点に基づいて、1以上の生体特徴を抽出する。 Next, the operation procedure will be described. Figure 4 shows the operation procedure during authentication in the authentication device 110. The operation procedure of the authentication device 110 corresponds to the authentication method. The image acquisition unit 111 acquires a camera image from the camera 130 (step A1). The image acquisition unit 111 may periodically perform step A1 and acquire camera images in time series from the camera 130 that captures moving images. The feature extraction unit 112 detects a face region from the camera image and extracts biometric features from the image of the face region (step A2). In step A2, the feature extraction unit 112, for example, extracts one or more feature points from the image of the face region and extracts one or more biometric features based on the extracted one or more feature points.
 暗号化部113は、ステップA2で抽出された生体特徴を暗号化し、クエリ生体情報を生成する(ステップA3)。認証部114は、ステップA3で生成されたクエリ生体情報と顔情報DB115に記憶されるターゲット生体情報とを照合し、顔認証を実施する(ステップA4)。認証部114は、ステップA4では、例えば、ターゲット生体情報に対して、クエリ生体情報との照合スコアを計算する。 The encryption unit 113 encrypts the biometric features extracted in step A2 to generate query biometric information (step A3). The authentication unit 114 compares the query biometric information generated in step A3 with the target biometric information stored in the face information DB 115 to perform face authentication (step A4). In step A4, the authentication unit 114 calculates, for example, a matching score between the target biometric information and the query biometric information.
 認証部114は、顔認証に成功したか否かを判断する(ステップA5)。認証部114は、ステップA5では、例えば、照合スコアとしきい値とを比較し、照合スコアがしきい値以上であるか否かに応じて、顔認証に成功したか否かを判断する。認証部114は、照合スコアがしきい値以上である場合、ステップA5において顔認証に成功したと判断する。その場合、認証部114は、顔認証に成功した旨を示すメッセージを、車室内エントリシステムなどの、認証結果を使用する装置に出力する(ステップA6)。 The authentication unit 114 determines whether or not the facial authentication was successful (step A5). In step A5, the authentication unit 114, for example, compares the matching score with a threshold value, and determines whether or not the facial authentication was successful depending on whether or not the matching score is equal to or greater than the threshold value. If the matching score is equal to or greater than the threshold value, the authentication unit 114 determines in step A5 that the facial authentication was successful. In that case, the authentication unit 114 outputs a message indicating that the facial authentication was successful to a device that uses the authentication result, such as an in-vehicle entry system (step A6).
 認証部114は、照合スコアがしきい値より小さい場合、ステップA5において顔認証に失敗したと判断する。その場合、認証部114は、顔認証に失敗した旨を示すメッセージを、認証結果を使用する装置に出力する(ステップA7)。認証装置110は、顔認証に失敗した場合、ステップA1に戻り、顔認証を最初からやり直してもよい。 If the matching score is smaller than the threshold value, the authentication unit 114 determines that the facial authentication has failed in step A5. In that case, the authentication unit 114 outputs a message indicating that the facial authentication has failed to the device that uses the authentication result (step A7). If the facial authentication has failed, the authentication device 110 may return to step A1 and restart the facial authentication from the beginning.
 図5は、鍵情報更新時の認証装置110の動作手順を示す。鍵情報更新時の認証装置110の動作手順は、情報更新方法に対応する。図5に示される鍵情報更新時の認証装置110の動作手順は、図4に示される認証時の認証装置110の動作手順の前、又は後に実施され得る。あるいは、図5に示される鍵情報更新時の認証装置110の動作手順は、図4に示される認証時の認証装置110の動作手順と並列に実施され得る。 FIG. 5 shows the operation procedure of the authentication device 110 when updating key information. The operation procedure of the authentication device 110 when updating key information corresponds to the information update method. The operation procedure of the authentication device 110 when updating key information shown in FIG. 5 may be performed before or after the operation procedure of the authentication device 110 when authenticating shown in FIG. 4. Alternatively, the operation procedure of the authentication device 110 when updating key information shown in FIG. 5 may be performed in parallel with the operation procedure of the authentication device 110 when authenticating shown in FIG. 4.
 検知部116は、車両において所定の動作又は操作が実施されたか否かを判断する(ステップB1)。検知部116は、ステップB1では、例えば、車両のドアの開閉、車両におけるエンジンなどの駆動システムの起動、車両の発進、車両のドアのロック、及び駆動システムの停止の少なくとも1つが実施されたか否かを判断する。 The detection unit 116 determines whether a predetermined action or operation has been performed in the vehicle (step B1). In step B1, the detection unit 116 determines whether at least one of the following has been performed: opening and closing the vehicle door, starting the drive system such as the engine in the vehicle, starting the vehicle, locking the vehicle door, and stopping the drive system.
 検知部116は、車両において所定の動作又は操作が実施されたと判断した場合、所定の動作又は操作が検知された旨を示す通知を、情報更新部117に送信する。検知部116は、所定の動作又は操作が実施された回数をカウントし、回数が所定回数に到達した場合に、所定の動作又は操作が検知された旨を示す通知を、情報更新部117に送信してもよい。 When the detection unit 116 determines that a predetermined action or operation has been performed in the vehicle, it transmits a notification to the information update unit 117 indicating that the predetermined action or operation has been detected. The detection unit 116 may count the number of times that the predetermined action or operation has been performed, and when the number of times reaches a predetermined number, transmits a notification to the information update unit 117 indicating that the predetermined action or operation has been detected.
 情報更新部117は、検知部116から所定の動作又は操作が検知された旨を示す通知を受信した場合、暗号化部113において生体情報の暗号化に使用される暗号鍵情報、すなわちクエリ生体情報の生成に使用される暗号鍵情報を更新する(ステップB2)。情報更新部117は、ステップB2では、暗号化部113において暗号化に使用されていた暗号鍵情報とは異なる暗号鍵情報を生成し、生成した暗号鍵情報を、暗号化部113に送信する。暗号化部113は、情報更新部117から暗号鍵情報を受信した場合、暗号化に使用する暗号鍵情報を、情報更新部117から受信した暗号鍵情報に変更する。 When the information update unit 117 receives a notification from the detection unit 116 indicating that a predetermined movement or operation has been detected, it updates the encryption key information used to encrypt the biometric information in the encryption unit 113, i.e., the encryption key information used to generate the query biometric information (step B2). In step B2, the information update unit 117 generates encryption key information different from the encryption key information used for encryption in the encryption unit 113, and transmits the generated encryption key information to the encryption unit 113. When the encryption unit 113 receives encryption key information from the information update unit 117, it changes the encryption key information used for encryption to the encryption key information received from the information update unit 117.
 また、情報更新部117は、更新された暗号鍵情報を用いて、顔情報DB115に記憶されるターゲット生体情報を更新する(ステップB3)。情報更新部117は、ステップB3では、例えば、更新前のターゲット生体情報を、更新前の鍵情報を用いて復号化し、復号化されたターゲット生体情報を、更新された暗号鍵情報を用いて暗号化することで、ターゲット生体情報を更新する。 The information update unit 117 also uses the updated encryption key information to update the target biometric information stored in the face information DB 115 (step B3). In step B3, the information update unit 117 updates the target biometric information, for example, by decrypting the target biometric information before the update using the key information before the update, and encrypting the decrypted target biometric information using the updated encryption key information.
 本実施形態では、情報更新部117は、検知部116で所定の動作が検知された場合、暗号鍵情報及びターゲット生体情報を更新する。情報更新部117が暗号鍵情報を更新した場合、古い暗号鍵情報で暗号化されたターゲット生体情報は認証に使用できなくなる。このため、本実施形態は、セキュリティを向上できる。また、本実施形態では、所定の動作が検知されたことを契機に、暗号鍵情報及びターゲット生体情報が更新される。このため、ユーザが特に暗号鍵情報の更新を指示しない場合でも、定期的に暗号鍵情報が更新される。本実施形態は、仮にターゲット生体情報が窃取されたとしても、窃取されたターゲット生体情報が認証に使用可能な期間を短くすることができ、窃取されたターゲット生体情報が悪用される可能性を低下させることができる。 In this embodiment, when a specific action is detected by the detection unit 116, the information update unit 117 updates the encryption key information and the target biometric information. When the information update unit 117 updates the encryption key information, the target biometric information encrypted with the old encryption key information cannot be used for authentication. Therefore, this embodiment can improve security. Also, in this embodiment, the encryption key information and the target biometric information are updated when a specific action is detected. Therefore, even if the user does not specifically instruct an update of the encryption key information, the encryption key information is updated periodically. In this embodiment, even if the target biometric information is stolen, the period during which the stolen target biometric information can be used for authentication can be shortened, and the possibility that the stolen target biometric information will be misused can be reduced.
 続いて、認証装置110のハードウェア構成を説明する。図6は、認証装置110に用いられ得る電子装置のハードウェア構成の例を示す。電子装置500は、プロセッサ(CPU:Central Processing Unit)501、ROM(read only memory)502、及びRAM(random access memory)503を有する。電子装置500において、プロセッサ501、ROM502、及びRAM503は、バス504を介して相互に接続される。認証装置110は、図示は省略するが、周辺回路、通信回路、及びインタフェース回路などの他の回路を含み得る。 Next, the hardware configuration of the authentication device 110 will be described. Figure 6 shows an example of the hardware configuration of an electronic device that can be used in the authentication device 110. The electronic device 500 has a processor (CPU: Central Processing Unit) 501, a ROM (read only memory) 502, and a RAM (random access memory) 503. In the electronic device 500, the processor 501, the ROM 502, and the RAM 503 are connected to each other via a bus 504. The authentication device 110 may include other circuits such as peripheral circuits, communication circuits, and interface circuits, although these are not shown.
 ROM502は、不揮発性の記憶装置である。ROM502には、例えば比較的容量が少ないフラッシュメモリなどの半導体記憶装置が用いられる。ROM502は、プロセッサ501が実行するプログラムを格納する。 ROM 502 is a non-volatile storage device. For example, a semiconductor storage device with a relatively small capacity, such as a flash memory, is used for ROM 502. ROM 502 stores the programs executed by processor 501.
 上記プログラムは、コンピュータに読み込まれた場合に、実施形態で説明された1又はそれ以上の機能をコンピュータに行わせるための命令群(又はソフトウェアコード)を含む。プログラムは、非一時的なコンピュータ可読媒体又は実体のある記憶媒体に格納されてもよい。限定ではなく例として、コンピュータ可読媒体又は実体のある記憶媒体は、RAM、ROM、フラッシュメモリ、SSD又はその他のメモリ技術、Compact Disc (CD)、digital versatile disc(DVD)、Blu-ray(登録商標)ディスク又はその他の光ディスクストレージ、磁気カセット、磁気テープ、磁気ディスクストレージ又はその他の磁気ストレージデバイスを含む。プログラムは、一時的なコンピュータ可読媒体又は通信媒体上で送信されてもよい。限定ではなく例として、一時的なコンピュータ可読媒体又は通信媒体は、電気的、光学的、音響的、またはその他の形式の伝搬信号を含む。 The program includes instructions (or software code) that, when loaded into a computer, causes the computer to perform one or more functions described in the embodiments. The program may be stored on a non-transitory computer-readable medium or a tangible storage medium. By way of example and not limitation, computer-readable media or tangible storage media include RAM, ROM, flash memory, SSD or other memory technology, Compact Disc (CD), digital versatile disc (DVD), Blu-ray (registered trademark) disc or other optical disk storage, magnetic cassette, magnetic tape, magnetic disk storage or other magnetic storage devices. The program may be transmitted on a transitory computer-readable medium or a communication medium. By way of example and not limitation, transitory computer-readable media or communication media include electrical, optical, acoustic, or other forms of propagated signals.
 RAM503は、揮発性の記憶装置である。RAM503には、DRAM(Dynamic Random Access Memory)又はSRAM(Static Random Access Memory)などの各種半導体メモリデバイスが用いられる。RAM503は、データなどを一時的に格納する内部バッファとして用いられ得る。 RAM 503 is a volatile storage device. Various semiconductor memory devices such as DRAM (Dynamic Random Access Memory) or SRAM (Static Random Access Memory) are used for RAM 503. RAM 503 can be used as an internal buffer for temporarily storing data, etc.
 プロセッサ501は、ROM502に格納されたプログラムをRAM503に展開し、プログラムを実行する。CPU501がプログラムを実行することで、認証装置110内の各部の機能が実現され得る。 The processor 501 loads the program stored in the ROM 502 into the RAM 503 and executes the program. The CPU 501 executes the program, thereby realizing the functions of each part in the authentication device 110.
 なお、上記実施形態において、認証装置110は、必ずしも単一の装置として構成されている必要はない。認証装置110は、物理的に分離された複数の装置を用いて構成されていてもよい。例えば、認証装置110は、画像取得部111、特徴抽出部112、暗号化部113、及び認証部114を有する装置と、検知部116及び情報更新部117を有する情報更新装置とに分離されていていてもよい。 In the above embodiment, the authentication device 110 does not necessarily have to be configured as a single device. The authentication device 110 may be configured using multiple devices that are physically separated. For example, the authentication device 110 may be separated into a device having an image acquisition unit 111, a feature extraction unit 112, an encryption unit 113, and an authentication unit 114, and an information update device having a detection unit 116 and an information update unit 117.
 また、認証装置110が車室内エントリに使用される場合において、認証装置110は、必ずしも全ての機能が車両に搭載されている必要はない。例えば、認証装置110の機能の一部は車両に搭載され、残りは車両の外部に配置されていてもよい。あるいは、認証装置110の各部は、車両の外部に配置されていてもよい。その場合、認証装置110は、無線通信ネットワークを介して、カメラ130のカメラ画像を取得してもよい。また、認証装置110は、認証結果を、無線通信ネットワークを介して車両に送信してもよい。 Furthermore, when the authentication device 110 is used for vehicle interior entry, it is not necessary for all functions of the authentication device 110 to be installed in the vehicle. For example, some of the functions of the authentication device 110 may be installed in the vehicle, and the rest may be located outside the vehicle. Alternatively, each part of the authentication device 110 may be located outside the vehicle. In that case, the authentication device 110 may acquire camera images from the camera 130 via a wireless communication network. Furthermore, the authentication device 110 may transmit the authentication result to the vehicle via the wireless communication network.
 以上、本開示の実施形態を詳細に説明したが、本開示は、上記した実施形態に限定されるものではなく、本開示の趣旨を逸脱しない範囲で上記実施形態に対して変更や修正を加えたものも、本開示に含まれる。 The above describes the embodiments of the present disclosure in detail, but the present disclosure is not limited to the above-described embodiments, and the present disclosure also includes changes and modifications to the above-described embodiments that do not deviate from the spirit of the present disclosure.
 例えば、上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。 For example, some or all of the above embodiments can be described as follows, but are not limited to the following:
[付記1]
 暗号化されたユーザの生体情報を用いて実施される認証に関連した装置の所定の動作を検知する検知部と、
 前記所定の動作が検知された場合、ユーザの生体情報の暗号化に使用される暗号鍵情報、及び該暗号鍵情報で暗号化されたターゲット生体情報を更新する情報更新部とを有する、情報更新装置。 [Appendix 1]
a detection unit that detects a predetermined operation of the device related to authentication performed using the encrypted biometric information of a user;
and an information updating unit that updates encryption key information used to encrypt the user's biometric information and the target biometric information encrypted with the encryption key information when the specified movement is detected.
[付記2]
 前記認証に関連した装置は車両であり、前記検知部は、前記車両における所定の動作を検知する、付記1に記載の情報更新装置。 [Appendix 2]
2. The information updating device according to claim 1, wherein the authentication-related device is a vehicle, and the detection unit detects a predetermined operation in the vehicle.
[付記3]
 前記検知部は、前記車両のドアの開閉、前記車両における駆動システムの起動、前記車両の発進、前記車両のドアのロック、及び前記駆動システムの停止の少なくとも1つを検知する、付記2に記載の情報更新装置。 [Appendix 3]
The information update device described in Appendix 2, wherein the detection unit detects at least one of opening and closing of a door of the vehicle, starting of a drive system in the vehicle, starting of the vehicle, locking of the door of the vehicle, and stopping of the drive system.
[付記4]
 前記情報更新部は、前記所定の動作が所定回数検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新する、付記1から3何れか1項に記載の情報更新装置。 [Appendix 4]
The information updating device described in any one of Appendices 1 to 3, wherein the information updating unit updates the encryption key information when the specified movement is detected a specified number of times, and updates the target biometric information using the updated encryption key information.
[付記5]
 ユーザの生体情報を取得する生体情報取得部と、
 前記取得された生体情報を暗号鍵情報で暗号化し、クエリ生体情報を生成する暗号化部と、
 前記クエリ生体情報と、前記暗号鍵情報を用いて暗号化されたターゲット生体情報とを照合することで前記ユーザを認証する認証部と、
 前記認証に関連した装置の所定の動作を検知する検知部と、
 前記所定の動作が検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新する情報更新部とを備える認証装置。 [Appendix 5]
A biometric information acquisition unit that acquires biometric information of a user;
an encryption unit that encrypts the acquired biometric information with encryption key information to generate query biometric information;
an authentication unit that authenticates the user by comparing the query biometric information with target biometric information encrypted using the encryption key information;
A detection unit that detects a predetermined operation of the device related to the authentication;
an information update unit that updates the encryption key information when the predetermined motion is detected, and updates the target biometric information using the updated encryption key information.
[付記6]
 前記認証装置は車両において用いられ、
 前記認証に関連した装置は前記車両であり、前記検知部は、前記車両における所定の動作を検知する、付記5に記載の認証装置。 [Appendix 6]
The authentication device is used in a vehicle,
6. The authentication device according to claim 5, wherein the device related to the authentication is the vehicle, and the detection unit detects a predetermined operation in the vehicle.
[付記7]
 前記検知部は、前記車両のドアの開閉、前記車両における駆動システムの起動、前記車両の発進、前記車両のドアのロック、及び前記駆動システムの停止の少なくとも1つを検知する、付記6に記載の認証装置。 [Appendix 7]
The authentication device described in Appendix 6, wherein the detection unit detects at least one of opening and closing of a door of the vehicle, starting of a drive system in the vehicle, starting of the vehicle, locking of the door of the vehicle, and stopping of the drive system.
[付記8]
 前記認証装置は、前記車両の車室内エントリにおいて前記ユーザを認証するために用いられる、付記6又は7に記載の認証装置。 [Appendix 8]
8. The authentication device according to claim 6 or 7, wherein the authentication device is used to authenticate the user upon entry into the vehicle interior.
[付記9]
 暗号化されたユーザの生体情報を用いて実施される認証に関連した装置の所定の動作を検知し、
 前記所定の動作が検知された場合、ユーザの生体情報の暗号化に使用される暗号鍵情報、及び該暗号鍵情報で暗号化されたターゲット生体情報を更新することを有する、情報更新方法。 [Appendix 9]
Detecting a predetermined operation of the device associated with authentication performed using the encrypted biometric information of the user;
an information updating method comprising, when the predetermined movement is detected, updating encryption key information used to encrypt the user's biometric information and the target biometric information encrypted with the encryption key information.
[付記10]
 ユーザの生体情報を取得し、
 前記取得された生体情報を暗号鍵情報で暗号化してクエリ生体情報を生成し、
 前記クエリ生体情報と、前記暗号鍵情報を用いて暗号化されたターゲット生体情報とを照合することで前記ユーザを認証し、
 前記認証に関連した装置の所定の動作を検知し、
 前記所定の動作が検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新することを有する認証方法。 [Appendix 10]
Acquire biometric information of the user;
encrypting the acquired biometric information with encryption key information to generate query biometric information;
authenticating the user by matching the query biometric information with target biometric information encrypted using the encryption key information;
Detecting a predetermined operation of the device related to the authentication;
updating the encryption key information when the predetermined motion is detected, and updating the target biometric information using the updated encryption key information.
[付記11]
 暗号化されたユーザの生体情報を用いて実施される認証に関連した装置の所定の動作を検知し、
 前記所定の動作が検知された場合、前記ユーザの生体情報の暗号化に使用される暗号鍵情報、及び該暗号鍵情報で暗号化されたターゲット生体情報を更新することを含む処理をプロセッサに実行させるためのプログラムを格納する非一時的なコンピュータ可読媒体。 [Appendix 11]
Detecting a predetermined operation of the device associated with authentication performed using the encrypted biometric information of the user;
A non-transitory computer-readable medium storing a program for causing a processor to execute a process including updating, when the specified motion is detected, cryptographic key information used to encrypt the user's biometric information and target biometric information encrypted with the cryptographic key information.
[付記12]
 ユーザの生体情報を取得し、
 前記取得された生体情報を暗号鍵情報で暗号化してクエリ生体情報を生成し、
 前記クエリ生体情報と、前記暗号鍵情報を用いて暗号化されたターゲット生体情報とを照合することで前記ユーザを認証し、
 前記認証に関連した装置の所定の動作を検知し、
 前記所定の動作が検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新することを含む処理をプロセッサに実行させるためのプログラムを格納する非一時的なコンピュータ可読媒体。 [Appendix 12]
Acquire biometric information of the user;
encrypting the acquired biometric information with encryption key information to generate query biometric information;
authenticating the user by matching the query biometric information with target biometric information encrypted using the encryption key information;
Detecting a predetermined operation of the device related to the authentication;
A non-transitory computer-readable medium storing a program for causing a processor to execute a process including updating the encryption key information when the specified motion is detected, and updating the target biometric information using the updated encryption key information.
10:認証装置
11:生体情報取得部
12:暗号化部
13:認証部
15:検知部
16:情報更新部
20:情報更新装置
100:認証システム
110:認証装置
111:画像取得部
112:特徴抽出部
113:暗号化部
114:認証部
115:顔情報DB
116:検知部
117:情報更新部
130:カメラ
500:電子装置
501:プロセッサ
502:ROM
503:RAM
504:バス 10: Authentication device 11: Biometric information acquisition unit 12: Encryption unit 13: Authentication unit 15: Detection unit 16: Information update unit 20: Information update device 100: Authentication system 110: Authentication device 111: Image acquisition unit 112: Feature extraction unit 113: Encryption unit 114: Authentication unit 115: Face information DB
116: Detection unit 117: Information update unit 130: Camera 500: Electronic device 501: Processor 502: ROM
503: RAM
504: Bus

Claims (12)

  1.  暗号化されたユーザの生体情報を用いて実施される認証に関連した装置の所定の動作を検知する検知部と、
     前記所定の動作が検知された場合、ユーザの生体情報の暗号化に使用される暗号鍵情報、及び該暗号鍵情報で暗号化されたターゲット生体情報を更新する情報更新部とを有する、情報更新装置。     a detection unit that detects a predetermined operation of the device related to authentication performed using the encrypted biometric information of a user;
    and an information updating unit that updates encryption key information used to encrypt the user's biometric information and the target biometric information encrypted with the encryption key information when the specified movement is detected.
  2.  前記認証に関連した装置は車両であり、前記検知部は、前記車両における所定の動作を検知する、請求項1に記載の情報更新装置。 The information update device according to claim 1, wherein the device related to the authentication is a vehicle, and the detection unit detects a predetermined operation in the vehicle.
  3.  前記検知部は、前記車両のドアの開閉、前記車両における駆動システムの起動、前記車両の発進、前記車両のドアのロック、及び前記駆動システムの停止の少なくとも1つを検知する、請求項2に記載の情報更新装置。 The information update device according to claim 2, wherein the detection unit detects at least one of the following: opening and closing of the vehicle door, starting of the drive system in the vehicle, starting the vehicle, locking of the vehicle door, and stopping of the drive system.
  4.  前記情報更新部は、前記所定の動作が所定回数検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新する、請求項1から3何れか1項に記載の情報更新装置。 The information update device according to any one of claims 1 to 3, wherein the information update unit updates the encryption key information when the specified action is detected a specified number of times, and updates the target biometric information using the updated encryption key information.
  5.  ユーザの生体情報を取得する生体情報取得部と、
     前記取得された生体情報を暗号鍵情報で暗号化し、クエリ生体情報を生成する暗号化部と、
     前記クエリ生体情報と、前記暗号鍵情報を用いて暗号化されたターゲット生体情報とを照合することで前記ユーザを認証する認証部と、
     前記認証に関連した装置の所定の動作を検知する検知部と、
     前記所定の動作が検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新する情報更新部とを備える認証装置。     A biometric information acquisition unit that acquires biometric information of a user;
    an encryption unit that encrypts the acquired biometric information with encryption key information to generate query biometric information;
    an authentication unit that authenticates the user by comparing the query biometric information with target biometric information encrypted using the encryption key information;
    A detection unit that detects a predetermined operation of the device related to the authentication;
    an information update unit that updates the encryption key information when the predetermined motion is detected, and updates the target biometric information using the updated encryption key information.
  6.  前記認証装置は車両において用いられ、
     前記認証に関連した装置は前記車両であり、前記検知部は、前記車両における所定の動作を検知する、請求項5に記載の認証装置。     The authentication device is used in a vehicle,
    The authentication device according to claim 5 , wherein the device related to the authentication is the vehicle, and the detection unit detects a predetermined action in the vehicle.
  7.  前記検知部は、前記車両のドアの開閉、前記車両における駆動システムの起動、前記車両の発進、前記車両のドアのロック、及び前記駆動システムの停止の少なくとも1つを検知する、請求項6に記載の認証装置。 The authentication device according to claim 6, wherein the detection unit detects at least one of the following: opening and closing of the vehicle door, starting of the drive system in the vehicle, starting the vehicle, locking of the vehicle door, and stopping of the drive system.
  8.  前記認証装置は、前記車両の車室内エントリにおいて前記ユーザを認証するために用いられる、請求項6又は7に記載の認証装置。 The authentication device according to claim 6 or 7, wherein the authentication device is used to authenticate the user at an entry into the vehicle interior.
  9.  暗号化されたユーザの生体情報を用いて実施される認証に関連した装置の所定の動作を検知し、
     前記所定の動作が検知された場合、ユーザの生体情報の暗号化に使用される暗号鍵情報、及び該暗号鍵情報で暗号化されたターゲット生体情報を更新することを有する、情報更新方法。     Detecting a predetermined operation of the device associated with authentication performed using the encrypted biometric information of the user;
    an information updating method comprising, when the predetermined movement is detected, updating encryption key information used to encrypt the user's biometric information and the target biometric information encrypted with the encryption key information.
  10.  ユーザの生体情報を取得し、
     前記取得された生体情報を暗号鍵情報で暗号化してクエリ生体情報を生成し、
     前記クエリ生体情報と、前記暗号鍵情報を用いて暗号化されたターゲット生体情報とを照合することで前記ユーザを認証し、
     前記認証に関連した装置の所定の動作を検知し、
     前記所定の動作が検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新することを有する認証方法。     Acquire biometric information of the user;
    encrypting the acquired biometric information with encryption key information to generate query biometric information;
    authenticating the user by matching the query biometric information with target biometric information encrypted using the encryption key information;
    Detecting a predetermined operation of the device related to the authentication;
    updating the encryption key information when the predetermined motion is detected, and updating the target biometric information using the updated encryption key information.
  11.  暗号化されたユーザの生体情報を用いて実施される認証に関連した装置の所定の動作を検知し、
     前記所定の動作が検知された場合、前記ユーザの生体情報の暗号化に使用される暗号鍵情報、及び該暗号鍵情報で暗号化されたターゲット生体情報を更新することを含む処理をプロセッサに実行させるためのプログラムを格納する非一時的なコンピュータ可読媒体。     Detecting a predetermined operation of the device associated with authentication performed using the encrypted biometric information of the user;
    A non-transitory computer-readable medium storing a program for causing a processor to execute a process including updating, when the specified motion is detected, cryptographic key information used to encrypt the user's biometric information and target biometric information encrypted with the cryptographic key information.
  12.  ユーザの生体情報を取得し、
     前記取得された生体情報を暗号鍵情報で暗号化してクエリ生体情報を生成し、
     前記クエリ生体情報と、前記暗号鍵情報を用いて暗号化されたターゲット生体情報とを照合することで前記ユーザを認証し、
     前記認証に関連した装置の所定の動作を検知し、
     前記所定の動作が検知された場合、前記暗号鍵情報を更新し、該更新された暗号鍵情報を用いて前記ターゲット生体情報を更新することを含む処理をプロセッサに実行させるためのプログラムを格納する非一時的なコンピュータ可読媒体。     Acquire biometric information of the user;
    encrypting the acquired biometric information with encryption key information to generate query biometric information;
    authenticating the user by matching the query biometric information with target biometric information encrypted using the encryption key information;
    Detecting a predetermined operation of the device related to the authentication;
    A non-transitory computer-readable medium storing a program for causing a processor to execute a process including updating the encryption key information when the specified motion is detected, and updating the target biometric information using the updated encryption key information.
PCT/JP2023/005740 2023-02-17 2023-02-17 Information updating device and method, authentication device and method, and computer-readable medium WO2024171434A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2023/005740 WO2024171434A1 (en) 2023-02-17 2023-02-17 Information updating device and method, authentication device and method, and computer-readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2023/005740 WO2024171434A1 (en) 2023-02-17 2023-02-17 Information updating device and method, authentication device and method, and computer-readable medium

Publications (1)

Publication Number Publication Date
WO2024171434A1 true WO2024171434A1 (en) 2024-08-22

Family

ID=92421343

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2023/005740 WO2024171434A1 (en) 2023-02-17 2023-02-17 Information updating device and method, authentication device and method, and computer-readable medium

Country Status (1)

Country Link
WO (1) WO2024171434A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011022785A (en) * 2009-07-15 2011-02-03 Sony Corp Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method, and program
JP2011211593A (en) * 2010-03-30 2011-10-20 Fujitsu Ltd Authentication apparatus, encryption apparatus, token device, authentication method, and authentication program
JP2019197999A (en) * 2018-05-09 2019-11-14 株式会社デンソー Electronic control system for vehicle and electronic control unit for vehicle
JP2021513259A (en) * 2018-02-13 2021-05-20 フィンガープリント カーズ アクティエボラーグ Biometric template protection key update
WO2022224332A1 (en) * 2021-04-20 2022-10-27 日本電気株式会社 Information processing device, vehicle control system, information processing method, and non-transitory computer-readable medium
WO2022269914A1 (en) * 2021-06-25 2022-12-29 日本電気株式会社 Terminal device, encrypted information conversion device, collation system, input information encryption method, encrypted information conversion method, collation method, input information encryption program, and encrypted information conversion program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011022785A (en) * 2009-07-15 2011-02-03 Sony Corp Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method, and program
JP2011211593A (en) * 2010-03-30 2011-10-20 Fujitsu Ltd Authentication apparatus, encryption apparatus, token device, authentication method, and authentication program
JP2021513259A (en) * 2018-02-13 2021-05-20 フィンガープリント カーズ アクティエボラーグ Biometric template protection key update
JP2019197999A (en) * 2018-05-09 2019-11-14 株式会社デンソー Electronic control system for vehicle and electronic control unit for vehicle
WO2022224332A1 (en) * 2021-04-20 2022-10-27 日本電気株式会社 Information processing device, vehicle control system, information processing method, and non-transitory computer-readable medium
WO2022269914A1 (en) * 2021-06-25 2022-12-29 日本電気株式会社 Terminal device, encrypted information conversion device, collation system, input information encryption method, encrypted information conversion method, collation method, input information encryption program, and encrypted information conversion program

Similar Documents

Publication Publication Date Title
US11868455B2 (en) Biometric authentication techniques
EP3848790B1 (en) Registration and verification of biometric modalities using encryption techniques in a deep neural network
US9218473B2 (en) Creation and authentication of biometric information
US9571284B2 (en) Controlling access to personal information stored in a vehicle using a cryptographic key
US6181803B1 (en) Apparatus and method for securely processing biometric information to control access to a node
US20190379541A1 (en) Encryption using biometric image-based key
US10956549B2 (en) Device and method for biometric recognition, and biometric template registration method
KR101668958B1 (en) Security system using a mobile smart terminal and facial recognition
US10742410B2 (en) Updating biometric template protection keys
US20200145220A1 (en) Verification system, verification method and non-transitory computer readable storage medium
WO2022028246A1 (en) Vehicle start control method and vehicle-mounted authentication device
US11308190B2 (en) Biometric template handling
US11586717B2 (en) Method and electronic device for authenticating a user
US11115215B2 (en) Methods and devices of enabling authentication of a user of a client device over a secure communication channel based on biometric data
WO2024171434A1 (en) Information updating device and method, authentication device and method, and computer-readable medium
US20240201790A1 (en) Information processing apparatus, vehicle controlling system, information processing method, and non-transitory computer-readable medium
EP3811254A1 (en) Method and electronic device for authenticating a user
US11192524B2 (en) Secure proximity key
WO2024189816A1 (en) Information updating device and method, authentication device and method, and computer-readable medium
US20210075785A1 (en) Methods and devices of enabling authentication of a user of a client device over a secure communication channel based on biometric data
WO2023058176A1 (en) Authentication system, user device, mobile device, key information transmission method, authentication method, and computer-readable medium
US20240046729A1 (en) Auto-programming door and camera relationships for a security system
WO2024127449A1 (en) Vehicle door control device, method, and computer-readable medium
US20230205856A1 (en) System and authentication device
US20230242076A1 (en) Fingerprint Data Reset System and Fingerprint Data Reset Method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23922768

Country of ref document: EP

Kind code of ref document: A1