CN101504785B - Bio-authentication control method and cash automatic traction apparatus - Google Patents

Bio-authentication control method and cash automatic traction apparatus Download PDF

Info

Publication number
CN101504785B
CN101504785B CN2009100082104A CN200910008210A CN101504785B CN 101504785 B CN101504785 B CN 101504785B CN 2009100082104 A CN2009100082104 A CN 2009100082104A CN 200910008210 A CN200910008210 A CN 200910008210A CN 101504785 B CN101504785 B CN 101504785B
Authority
CN
China
Prior art keywords
mentioned
authentication
data
card
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2009100082104A
Other languages
Chinese (zh)
Other versions
CN101504785A (en
Inventor
今井启允
佐川大介
山口章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Omron Financial System Co Ltd
Original Assignee
Hitachi Omron Financial System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Omron Financial System Co Ltd filed Critical Hitachi Omron Financial System Co Ltd
Publication of CN101504785A publication Critical patent/CN101504785A/en
Application granted granted Critical
Publication of CN101504785B publication Critical patent/CN101504785B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The present invention discloses a biometric authentication control method and an automatic cash transaction device. The aim of the invention is realize high privacy of biometric information in the biometric authentication control system using the IC card and the method thereof. The biometric authentication control method of the invention controls the biometric authentication, receives preprocessing data from a portable electronic device and transmits to a biometric authentication mechanism part. The biometric authentication mechanism part is caused to combine the second biometric information and preprocessing data for processing into authentication data. The authentication data is received and transmitted to the portable electronic device. The registration data is compared with the authentication data in the portable electronic device. The authentication result data which represents the authentication result between the registration data and authentication data is received from the portable electronic device. The authentication result data is transmitted to the biometric authentication mechanism part to cause the biometric authentication mechanism part to prepare the information related to the result whether the biometric authentication is successful. The information related to the result whether the biometric authentication is successful is received from the biometric authentication mechanism part.

Description

Bio-authentication control method and cash automated trading device
The present invention is dividing an application of following application, and original application information is as follows:
The applying date: on October 19th, 2006
Application number: 200610136086.6
Denomination of invention: Verification System in the IC-card
Technical field
The present invention relates to automatically receive and pay out the biometrics authentication system that uses in the device (ATM) etc. at cash.
Background technology
In the past, in automatically received and paid out the biometrics authentication system that device (ATM) etc. carries out by cash, following system was arranged.
In patent documentation 1 (TOHKEMY 2000-215294 communique), biosome identifying information IC card with built-in and person authentication method thereof have been recorded and narrated.This technology is, in the person authentication method that uses IC-card, built-in biological body identifying information in IC-card is processed this biosome identifying information and my original Biont information identifying information by the comparison of the bio-identification in IC-card handling part, carries out authenticate himself.
In patent documentation 2 (TOHKEMY 2005-115800 communique), recorded and narrated the authenticating method that uses Biont information.This technology is, cut apart the obtained Biont information from the user, respectively a part is stored in the electronic cards, another part is stored in the database, when authenticating, the user obtains Biont information from electronic cards, read a part of Biont information from above-mentioned electronic cards, retrieve subsequently and should whether be present in the above-mentioned database by the relevant another part Biont information of part Biont information, when existing in conjunction with these Biont informations, compare with the obtained electronic cards user's in front Biont information, carry out authentication determination.
In patent documentation 3 (Japanese kokai publication hei 10-312459 communique), recorded and narrated the authenticating method that uses portable electron device and Biont information.This technology is, stores in advance log-on data (characteristic quantity of Biont information) in the portable electron devices such as IC-card, and the characteristic (characteristic quantity of Biont information) and the log-on data that obtain during by comparison authentication in IC-card are implemented authentication.
In patent documentation 1, although in storing the IC-card of Biont information, carry out organism authentication, because in IC-card, store Biont information by original state, so there is the possibility that makes the Biont information leakage because of the stolen loss of IC-card.
In patent documentation 2, although Biont information is separated in these 2 of electronic cards and the databases stores (registration), when authentication with they 2 combinations, but also need in database, store a lot of users' data and manage all the time, process comparatively bothering.
In patent documentation 3, in the IC-card that extracts the living body feature amount from Biont information and store as log-on data, compare to authenticating stylish living body feature amount and the log-on data that obtains, and carry out organism authentication with it, but because between portable electron device (IC-card) and data processing equipment (IC-card terminal), transmitted the living body feature amount, so in this transmission course, there is the possibility of leaking as the living body feature amount of personal information.
Summary of the invention
Purpose of the present invention is in the biometrics authentication system and method thereof that use IC-card, to realize the high crypticity of Biont information.
In order to solve above-mentioned problem, implement authentication mode in the IC-card, authentication mode carries out the organism authentication processing by the authentication procedure in the portable electron device (IC-card) in this IC-card.Bio-authentication control method of the present invention carries out following action, receive the preprocessed data that is obtained by Biont information from portable electron device, above-mentioned preprocessed data is sent to biometric authentication unit section, receive the verify data that to make by the obtained Biont information of above-mentioned biometric authentication unit section and the combination of above-mentioned preprocessed data from above-mentioned biometric authentication unit section, received above-mentioned verify data is sent to above-mentioned portable electron device, make pre-stored log-on data and above-mentioned verify data in above-mentioned portable electron device, in above-mentioned portable electron device, compare.
The present invention has adopted authentication control software for IC-card, authenticate device being carried out the indication of data transfer and authentication processing, can provide thus a kind of security higher organism authentication mode.Moreover, by being made with authentication control middleware, the authentication controlling application program that consists of authentication control software can adapt to different multiple authentication modes, thereby in a plurality of authentications, when in terminal, being mounted with the authenticate device to a plurality of biosomes, can realize adapting to the control of a plurality of various authenticate devices.
Description of drawings
Fig. 1 is the summary legend of Biont information registration processing system of the present invention.
Fig. 2 is the block diagram example of Biont information registration processing system of the present invention.
Fig. 3 is the key diagram of Biont information location registration process.
Fig. 4 is the flow chart illustration of Biont information location registration process.
Fig. 5 is the summary legend of biometric authentication processing system.
Fig. 6 is the block diagram example of biometric authentication processing system.
Fig. 7 is the structure legend of authentication control software.
Fig. 8 is the key diagram that organism authentication is processed.
Fig. 9 is the transaction flow legend that comprises the organism authentication processing of using authentication mode in the IC-card.
Figure 10 is the flow chart illustration that authenticating transactions begins to process.
Figure 11 is the flow chart illustration that organism authentication is processed.
Figure 12 is the flow chart illustration of authenticating transactions end process.
Embodiment
Below, for using an embodiment of the invention to describe.
(embodiment 1)
In the present embodiment, roughly being divided into Biont information location registration process and organism authentication processes these 2 and describes, this Biont information location registration process is, in the business office of financial institution, between operator (window salesman) and user, to portable electron device, the particularly IC-card that the user holds, registered user's Biont information (for example, finger vena); This organism authentication is treated to, and uses main cash automated trading device, the automatic cashier (ATM) that automatically relates to the transaction of cash that is arranged in financial institution, the convenience store etc., and uses user's Biont information to authenticate.With Fig. 1~4 open-birth object information location registration process, with Fig. 5~12 open-birth object authentication processing.
At first, the summary of the location registration process of simple declaration Biont information and authentication processing.
In the Biont information location registration process, the finger vena extraction characteristic quantity from the user generates preprocessed data, and generates log-on data, is registered in the IC-card.The window terminal that uses in the process of this processing connects with the Biont information register device that is connected the IC-card device, the Biont information (preprocessed data, log-on data) of registration usefulness is encrypted, and directly do not transmit to IC-card from the Biont information register device via window terminal, and execution writes.
On the other hand, in organism authentication is processed, will from preprocessed data, the log-on data registered in the characteristic quantity of user's finger vena and the IC-card, carry out its processing based on distinctive authentication, comparison technology.In the process of this processing centered by ATM, the Biont information that utilization newly obtains by the biometric authentication unit section that is connected with ATM and the preprocessed data of reading from IC-card, generate verify data, it is transferred to IC-card, and in IC-card, carries out authentication processing.
In explanation of the present invention, use system of business office and authentication processing to use the mode of ATM although adopt the location registration process of Biont information, describe, but also can adopt the mode of in the system of business office, also carrying out authentication processing and in ATM, also carrying out location registration process.But, carry out even the location registration process of Biont information on the basis that clearly is me, also is preferably in the operator system of business office on the scene.In addition, although the media as the registered in advance Biont information, be illustrated as an example of IC-card example, but be not limited to this, also can be mobile phone or RFID (Radio-Frequency-Identification: radio frequency identification) the portable electronic medium (portable electron device) such as label, and preferably in the ATM card that the user is popularized the most, loaded at present the IC-card of IC chip, change that can restriction system.
Fig. 1 is the synoptic diagram of selecting especially the Biont information registration processing system relevant with the Biont information registration among the system of business office that the operator uses in the business office of financial institution.The following Biont information register device 101 that will possess Biont information reading device 102 consists of this Biont information Accreditation System with the registration of being connected this Biont information register device 101 with end device 104 connections.This system operates registration end device 104, registered user's Biont information in IC-card 105 by the operator (window salesman) of financial institution.Particularly, by the window salesman operating portion 107 is operated, select by the various menus that are shown on the display part 106, and except the registration of Biont information, can also carry out various transaction in the financial institution.
The window salesman makes IC-card 105 become writeable state with in the IC-card device 103 of IC-card 105 insertions as a structure of Biont information register device 101.On the other hand, the user is positioned over user's oneself finger on the Biont information reading device 102 along illustrated shape.By window salesman's operation, the finger that Biont information reading device 102 sees through near infrared ray to place, and by video camera the vein pattern of finger is taken, obtain its image.Extract the living body feature amount from this image, the living body feature amount of extracting is imposed following processing, by 103 pairs of IC-card 105 executive loggings of IC-card device, the processing that writes.Also have, the living body feature amount is from the resulting data that can determine the individual of finger vena data (vein pattern).
IC-card device 103 has except the function of writing information, also having the function that the information that is stored in the IC-card 105 is read as mentioned above in IC-card 105.That is to say to have and read or write-in functions, but will adopt below the example that writes Biont information in the IC-card 105, describe.
Fig. 2 is the block diagram of structure of an embodiment of expression Biont information registration processing system illustrated in fig. 1.
Biont information register device 101 comprises: CPU21, control Biont information register device 101 integral body; Primary storage section 202 stores various information; Biont information reading device 102 reads Biont information IC-card device 103, writes Biont information in IC-card 105; Department of Communication Force 215 connects with being connected with end device 104.
Primary storage section 202 is divided into ROM203 and the main RAM204 that stores data and can rewrite the data of storing that stores various programs.Here, although be illustrated as the primary storage section (also simply being called storage part) 202 that is formed by ROM203, RAM204, also can be the structure that is consisted of by hard disk, various semiconductor memory respectively.ROM203 possesses: location registration process program 205 is used for carrying out the location registration process of Biont information; Log-on data production process 206, the log-on data of using when being used for making authentication; Biont information reading device control program 207 is used for controlling Biont information reading device 102; IC-card apparatus control program 208 is used for IC-card 105 is carried out the processing that writes of information; Communication control program 209 is used for controlling Department of Communication Force 215.
Biont information reading device 102 possesses: imageing sensor (image obtaining section) 210, obtain biosome image (finger vena pattern), and consisted of by ccd video camera etc.; Biosome has or not to detect uses illumination LED 211, and whether detection can obtain the zone at the image of imageing sensor 210 has been placed finger; Biosome is obtained with illumination LED (biosome irradiation section) 212, when obtaining biosome image (finger vena pattern) finger is shone near infrared ray.IC-card device 103 possesses: IC-card write section 213, writing information in IC-card 105; Contact terminal 214 is used for being connected with IC-card connecting.
IC-card 105 possesses: CPU221, control IC-card 105 integral body; Storage part 222 is stored the data relevant with Biont information and is related to the program etc. of financial transaction; Contact terminal 223 is used for being connected with the Biont information register device connection.Also have, IC-card device 103 and IC-card 105 are not limited to utilize the contact of contact terminal, also can adopt contactless structure.
Registration comprises with end device 104: CPU231, control registration end device 104 integral body; Primary storage section 232 stores data and program; Display part 106 is made of CRT or liquid crystal display etc., and display operation instructs; Operating portion 107 is made of the keyboard of the input operation of accepting the window salesman, mouse etc.; Department of Communication Force 235 connects Biont information register device 101 and biosome registration end device 104.And primary storage section 232 controls the Biont information register device control program 233 of Biont information register device 101 except storing, and also stores the program of using in the various financial transactions of window transaction.
Utilize Fig. 3, the manufacturing process of the log-on data of registering in IC-card 105 in the Biont information location registration process is described.Wherein, the elaboration of the algorithm in the manufacturing process etc. because secure context, namely for the relation of the forgery that prevents from causing because of leakage of information etc., its explanation is omitted.Also identical in the authentication processing of Biont information.
At first, according to by imageing sensor 210 resulting biosome images (finger vena pattern), extract the living body feature amount (step 301) of its feature of performance with certain algorithm.Then, according to this living body feature amount, re-use certain algorithm and make preprocessed data.Then, with living body feature amount and preprocessed data combination, make log-on data (step 302).
Here, so-called preprocessed data also can be interpreted as making the employed encryption key of log-on data.In addition, log-on data as top and accompanying drawing clear and definite, be the data that can not directly make from the living body feature amount.In addition, although preprocessed data and log-on data are the data of producing from the living body feature amount of the feature that clearly shows user itself, the algorithm that in this manufacturing process, will use irreversible conversion to process.Thereby, process as the making that utilizes inverse conversion, can not make living body feature amount or preprocessed data according to log-on data, and can not make the living body feature amount according to preprocessed data and these 2 data of log-on data.Also have, the form of preprocessed data preferably extracts produced information after the part that can not determine user individual, and the form of log-on data preferably extracts and can determine produced information after the individual part.In addition, preprocessed data, log-on data all are can only be by the specific information of card holder acquisition.
At last, produced preprocessed data and log-on data are stored in the IC-card 105 (step 303).These data of storing in the IC-card 105 are stored under encrypted state, and as mentioned above, store under the state that the making that can't utilize inverse conversion is processed.Thereby, suppose that preprocessed data, log-on data read by despiteful people, and two data are decoded, also can not generate the living body feature amount.Like this, one of its feature is, the encryption by data, generate can't inverse conversion the such dual safety of data, protect the data in the IC-card.
Below, express above-mentioned data creating algorithm with mathematical formulae.
Suppose that the living body feature amount is x, then preprocessed data y uses certain function f (being equivalent to algorithm), expresses as " y=f (x) ".
Because log-on data z makes by combination living body feature amount x and preprocessed data y, thereby uses certain function g to be expressed as " x+y → z=g (x, y) ".
And, because this manufacturing process is irreversible, so can not be as z=g (x, y) → x, z=g (x, y) → y, z=g (x, y) → x+y, from log-on data reduction living body feature amount and preprocessed data.
Fig. 4 is the CPU201 of Biont information register device 101 or according to from the indication of the CPU201 flow chart illustration by the performed Biont information location registration process of each mechanism, each unit (also comprising program).
In IC-card device 103, insert IC-card 105, become IC-card connection status (can to the state of IC-card 105 data writings).Set up for IC-card is connected, need to make the contact terminal 214 of the contact terminal 223 contact IC-card devices 103 of IC-card 105.Below, illustrate that the window salesman operates registration and with end device 104 user's Biont information is registered in process in the IC-card 105, and explanation is based on processing, the control by execution such as each mechanisms of this operation.In addition, communication control program 209 illustrated in fig. 2 is especially in Biont information register device 101 and the biosome registration program with control data transmit-receive between the end device 104, and carries out below that description thereof is omitted.
Registration is accepted window salesman's input operation with end device 104 display menu picture (to the picture of selecting the processing such as registration, authentication, change, end to instruct) on display part 106 by operating portion 107.If among shown trading item, select location registration process by operating portion 107, then registration is carried out location registration process program 205, Biont information register device control program 233 with the CPU231 of end device 104, sends the indication that location registration process begins to Biont information register device 101.The CPU201 that receives the Biont information register device 101 after location registration process begins to indicate carries out location registration process program 205, and implements location registration process as entire system.
Instruct with display part 106 demonstrations of end device 104 in registration, instruct and in Biont information register device 101, insert IC-card 105.If IC-card 105 has been inserted in the IC-card device 103 (step 401), the contact terminal 223 of IC-card 105 and the contact terminal 214 of IC-card device 103 are contacted, connect Biont information register device 101 and IC-card 105 (step 402).At this moment, judge in the storage part 222 of the IC-card 105 insert whether the program (step 403) relevant with Biont information is arranged, when not having program the card of log-on data (can not time), return IC-card 105 (step 411).On the other hand, when in the storage part 222 of the IC-card 105 that inserts, having the program relevant with Biont information the card of the energy log-on data (time), show guidance at display part 106, the finger that guidance will be registered is positioned on the Biont information reading device 102.Corresponding with it, the user is positioned over the finger that will register on the Biont information reading device 102.The CPU201 of Biont information register device 101 carries out Biont information reading device control program 207, sends the indication that Biont information reads beginning to Biont information reading device 102.Placed object (finger) if can obtain the zone at the image of imageing sensor 210, then Biont information reading device 102 has or not by biosome and detects enter (step 404) that detects object (finger) with illumination LED 211, and investigates whether biosome (step 405) of object (finger).When being not biosome, in IC-card 105, do not write any information at the object that inserts (finger), IC-card 105 is returned (step 411).At the object that inserts (finger) when being biosome, obtained with 212 pairs of objects of illumination LED (finger) irradiation near infrared ray by biosome, and obtain biosome image (finger vena pattern) by imageing sensor 210, be stored in (step 406) among the RAM204.Then, extract living body feature amount (step 407) from biosome image (finger vena pattern).Then, by carrying out log-on data production process 206, produce (step 408) after the preprocessed data according to the living body feature amount as shown in Figure 3, make log-on data (step 409) according to living body feature amount and preprocessed data.Then, carry out IC-card apparatus control program 208, by the CPU221 in IC-card write section 213 and the IC-card 105, preprocessed data in the produced RAM204 and verify data are stored in the storage part 222 of IC-card 105, the Biont information registration finishes (step 410), returns IC-card 105 (step 411).
Above, although based on each CPU201,221,231 and storage part in processing, the control of each program of storing, location registration process, the control of Biont information have been described, but self-evident, each program also can just start in the initial period of transferring to location registration process, and the structure of these hardware and software is grasped as control part, and above-mentioned various controls, processing are function, the unit of this control part.In addition, also identical for the Biont information authentication processing that the following describes.
When carrying out the authentication processing of Biont information, use the above-mentioned information of registering by location registration process, preprocessed data and the log-on data namely storing, register and write in the IC-card 105 will be carried out authentication processing and be described as prerequisite.
Fig. 5 is the synoptic diagram of biometric authentication processing system.Connect automatic cash transaction or cashier device (ATM) 501 and server 502 and consist of biometrics authentication system, this automatic cash transaction or cashier's device 501 possess the function that reads Biont information and read the function of the information of (or writing) IC-card 105, and this server 502 stores the needed information of the transaction relevant with financial products.ATM501 is the device that automatically performs the various transaction that the users such as deposit, payment and account transfer wish, the user can insert IC-card 105 in section of card/detail form mechanism 504, by the operating portion 503 desirable transaction of input or the amount of money etc., the successfully authentication by biometric authentication unit 508, thus conclude the business.Particularly, in money transaction, carried out bank not deposits or withdrawn the money by section of Banknote deposting/drawing out mechanism 506, carried out the coins deposit or withdrawn the money by coin access mechanism section 507, ATM501 carries out the desirable cash exchange of user.In addition, when the user wishes to fill in bankbook, can in bankbook, fill in transaction content by section of bankbook mechanism 505, print.
Fig. 6 is the block diagram of an example structure of expression biometric authentication processing system.ATM501 has: CPU601, and control ATM is whole; Operating portion 503 carries out the picture disply of trading item and key-press input and detects, and specifically, accepts user's operation or with pointing the key-press input of pressing, and is made of touch panel etc.; Section of card/detail form mechanism 504 has the insertion of card and disgorging motion, is printed on the detail form to the image reading of the read/write actions of card magnetic stripe or IC-card 105, card jog and with the content of concluding the business and with its function that spues in install; Section of bankbook mechanism 505, have user's bankbook insertion/disgorging motion, magnetic stripe read/write actions and utilize function that printing section prints bankbook etc.
Moreover, also comprise: section of Banknote deposting/drawing out mechanism 506, have bank note discriminating, transport and take in function etc., carry out the deposit of bank note or the processing of withdrawing the money; Coin access mechanism section 507, have coin discriminating, transport and take in function etc., carry out the deposit of coin or the processing of withdrawing the money; Biometric authentication unit section 508 obtains Biont information, supports its authentication; Primary storage section (also simply being called storage part) 602 stores data and program; Department of Communication Force 610 is connected connection with server.
Also have, illustrated registration is used for user's Biont information being carried out input operation during to IC-card 105 registration the window salesman with the operating portion 107 of end device 104 among Fig. 1,2, consisted of by keyboard or mouse etc., on the other hand, the operating portion 503 of Fig. 5,6 ATM501 is used for carrying out input operation when the user concludes the business by ATM501, consisted of by touch panel etc., although two all be operating portion, structure, purposes are different.
Section of card/detail form mechanism 504 possesses: IC-card reading part 603, read the information of IC-card 105; Transaction content is printed at detail form by detail form printing section 604; Contact terminal 605 is used for being connected with IC-card connection.
Biometric authentication unit section 508 possesses: storage part 606 stores various data etc.; Imageing sensor (image obtaining section) 607 is obtained user's biosome image (finger vena pattern), is made of ccd video camera etc.; Biosome has or not to detect uses illumination LED 608, and whether detection can obtain the zone at the image of imageing sensor 607 has been placed finger; Illumination LED (biosome irradiation section) 609 shines near infrared ray to finger when obtaining biosome image (finger vena pattern).That is to say, biometric authentication unit section 508 has the function that obtain Biont information roughly the same with the Biont information reading device 102 shown in Fig. 1,2.
Primary storage section (also simply being called storage part) 602 comprises at hardware: ROM620 stores various programs; RAM621 mainly stores data, and can rewrite the data of storing.Illustrated in above-mentioned location registration process, also can be consisted of by hard disk or various semiconductor memory respectively, and be called the 1st, 2 storage parts.In addition, ROM620 possesses authentication control software 622, and this authentication control software 622 is used for according to the indication of CPU601 etc., and biometric authentication unit section 508 is controlled in the processing such as the biosome image that the following describes is obtained, authentication.In addition, although diagram not also stores required program, softwares such as money transaction among the picture data of the operating portion 503 of ATM501 and the ATM501, transfer transactions.The server 502 that is connected with ATM501 via communication network comprises: CPU611, Control Server 502 integral body; Storage part 612; Department of Communication Force 613 is connected with ATM501.
Fig. 7 illustrates, the related control of the authentication of the Biont information among the ATM501, the particularly relevant controll block (software configuration) of the IC-card 105 with in primary storage section 602, biometric authentication unit section 508, the section of card/detail form mechanism 504 centered by the authentication control software 622 that is used for control biometric authentication unit section 508.
Authentication control software 622 can roughly be divided into authentication controlling application program 701 and authentication control middleware 702, and respectively software is called software, application program is called application program, middleware is called middleware.So-called authentication controlling application program 701 refers to, program with discrete function of financial institution that the ATM501 that will be mounted with biometric authentication unit section 508 imports etc., and its specifications such as picture disply when each financial institution made or change the order of its authentication or mode, authentication.Particularly, 701 pairs of authentications of this authentication controlling application program middleware 702 carries out authentication processing and begins indication etc.
So-called authentication control middleware 702 refers to, the program of the required general utility functions of authentication processing even have financial institution's difference and Biont information difference, be the IC-card control program 704 of controlling such as the biometric authentication unit section control program 703 of control biometric authentication unit section 508 and from 105 pairs of IC-cards and card swap data, the program in the IC-card 105 of carrying out, be responsible for control, process the program that Biont information authenticates related various programs.
In addition, the data by 701 execution of authentication control middleware and acquisition temporarily are stored among the RAM621.RAM621 has each data buffer of buffer zone authentication authorization and accounting result data buffer 705, verify data buffer 706 and preprocessed data buffer 707 for swap data between biometric authentication unit section 508 and IC-card 105 and so on.Although these data are stored among the RAM621 at hardware, on software, can also think to be stored in the authentication control software 622, particularly in the authentication control middleware 702.
In addition, authentication control middleware 702 makes card/section of detail form mechanism 504 and 508 actions of biometric authentication unit section according to the indication that comes Self-certified controlling application program 701 via driver (not shown).And as mentioned above, its processing is controlled by the CPU601 of ATM501 in these each positions.Also have, so-called driver refers to, and is used for utilizing the control software of computer peripheral device (equipment).
The storage part 606 of being controlled the biometric authentication unit section 508 of software 622 controls by authentication has: verify data production process 709 is used for making verify data; Authentication result determining program 710 is used for whether judging authentication success according to the authentication result data.In addition, section of card/detail form mechanism 504 has the authentication procedure 711 of the authentication processing implemented.
Utilize Fig. 8, the formation of authentication in the organism authentication processing, the exchange of data are described.Also be used for as replenishing the explanation of the organism authentication flow process of following Figure 11.Following action subject is to receive the authentication control middleware 702 of carrying out instruction from authentication controlling application program 701, but jointly carry out because authenticate controlling application program 701 and authenticate control middleware 702, so can also think that controlling software 622 by authentication moves.In addition, can also be called input with receiving, sending, export.
If in the transaction of ATM501, carry out the authentication of Biont information, then send pre-stored preprocessed data, the preprocessed data among the log-on data in IC-card 105 to authentication control middleware 702.Authentication control middleware 702 receives preprocessed data from IC-card 105, temporarily be stored in the RAM621 preprocessed data buffer 707 of (comprising authentication control software 622, authentication control middleware 702), send to afterwards biometric authentication unit section 508 (step 801).On the other hand, biometric authentication unit section 508 receives preprocessed datas from authentication control software 622, subsequently or concurrently, obtains user's Biont information, extracts the living body feature amount from Biont information.Then, with received preprocessed data and living body feature amount combination obtained and that extract, make verify data (step 802).
Like this, in the authentication processing of Biont information, preprocessed data also has as the function that is used for making the verify data encryption key.In addition, if obtained this verify data, can not directly make the living body feature amount according to these data.Although verify data is the data of producing from the living body feature amount, but because the algorithm that in its manufacturing process, has used irreversible conversion to process, so can not oppositely make the living body feature amount from verify data, and can not make the living body feature amount according to preprocessed data and these 2 data of verify data.Preprocessed data is can not determine produced information after individual's the extracting section, and verify data is to determine produced information after the individual extracting section.
Here, identical when registering with Biont information, express above-mentioned data creating algorithm with mathematical formulae.
The information that will obtain in when authentication by biometric authentication unit section 508, the living body feature amount that namely newly obtains is made as x '.And, do not change during owing to preprocessed data y and registration, thereby be " y=f (x) ".
Because verify data z ' utilizes the combination of living body feature amount x ' and preprocessed data y to make, thus use certain function g be expressed as " x '+y → z '=g (x ', y) ".And, because this manufacturing process is irreversible process, thereby can not resemble z ' → x ', z ' → y, z ' → x '+y from log-on data reduction living body feature amount and preprocessed data.
After the verify data of S802 is made, indication, control according to authentication control software 622, to temporarily be stored in the verify data buffer 706 by biometric authentication unit section 508 produced verify datas, send to afterwards IC-card 105 (step 803).IC-card 105 receives verify data, and uses certain algorithm that pre-stored log-on data and verify data in IC-card 105 compared (being also referred to as organism authentication processes), makes authentication result data (step 804).Again produced authentication result data are sent to authentication control middleware 702.Authentication control middleware 702 receives the authentication result data from IC-card 105, temporarily is stored in the authentication result data buffer 705 of authentication control software 622, sends to afterwards biometric authentication unit section 508.Then, biometric authentication unit section 508 carries out the judgement (analysis) (step 805) of authentication result data in biometric authentication unit section 508, authentication result data and authentication success position authentification failure reason are notified to authentication control middleware 702 (step 806), and the organism authentication processing finishes.
Like this, in organism authentication is processed, although the living body feature amount the most approaching with user's Biont information itself is not stored in the IC-card 105, and obtain and extract the living body feature amount by biometric authentication unit section 508, but has the feature that can not be leaked to from biometric authentication unit section the outside.
In addition, are these 3 of preprocessed data, verify data and authentication result data by authentication control software 622 and the data that under its control, between IC-card 105 and biometric authentication unit section 508, exchange, make up as mentioned above in any case the feature that these data all can not be produced the living body feature amount but have.
In addition, in the organism authentication that generates each related data of Biont information etc. is processed, has the feature of being shared obtaining respectively authentication result by IC-card 105, biometric authentication unit section 508.Therefore, it is designed to, even IC-card or biometric authentication unit section are stolen and its inside is deciphered, can not carry out organism authentication and process.That is to say, although in theory, also can be from newly making preprocessed data by biometric authentication unit section 508 obtained living body feature amounts when authentication, and make verify data according to this preprocessed data and living body feature amount, but in the present embodiment, owing to does not do like that, but utilize pre-stored preprocessed data and living body feature amount in IC-card 105 to make verify data, thereby security improving.
In addition, preferably, authentication control middleware 702 is stored in preprocessed data in the biometric authentication unit section 508, and after making verify data with its deletion, preferably, when needs authenticate, send to biometric authentication unit section 508 from preprocessed data buffer 707 at any time.That is to say, before the closing the transaction that utilizes ATM501, pre-stored preprocessed data in the preprocessed data buffer 707 in authentication control software 622.So, following effect is arranged, namely with from IC-card 105 transmission preprocessed datas compare, if the preprocessed data buffers 707 in authentication control software 622 send, then can realize processing faster.
Utilize Fig. 9~12, the processing when cash automated trading device, cash are are automatically received and paid out device (ATM) 501 usefulness IC-cards 105 and implemented to comprise the payment transaction that the organism authentication that utilizes authentication mode in the IC-card processes is described.
Fig. 9 be expression performed by (control parts) such as the CPU601 of ATM501, authentication control softwares 622, particularly use the flow chart illustration of the transaction on the organism authentication of authentication mode in the IC-card ATM in processing.
Before carrying out the organism authentication processing, the processing that the exchange on the ATM501 needs is carried out in conclude the business selection or Password Input, card insertion etc.Read the transaction such as deposit, payment, inquiry into balance and account transfer from ROM620 and select to instruct, be shown on the operating portion 503, accept the selection (step 901) of transaction from the user.When selecting the transaction that needs organism authentication such as payment transaction etc., show the guidance that IC-card is inserted at operating portion 503, urge and insert IC-card 105.If in section of card/detail form mechanism 504, inserted IC-card 105 by the user, then it is detected (step 902), read account number by the IC-card reading part 603 of section of card/detail form mechanism 504 from IC-card 105.Also have, IC-card 105 also can be the card that possesses magnetic stripe, at this moment, also can read from the magnetic stripe of IC-card 105 data such as account number except Biont information.
Then, the guidance with the input password is shown on the operating portion 503.If inputted password by the user at operating portion 503, then it is detected (step 903), the account number that reads and the password of inputting are sent to server 502 via Department of Communication Force 610,613.On the other hand, the CPU611 of server 502 receives the password of inputting via Department of Communication Force 610,613, password and with the account number corresponding password of registered in advance in storage part 612 inputted are compared, this comparison result is sent to ATM501 via Department of Communication Force 610,613.ATM501 receives comparison result via Department of Communication Force 610,613, and checks password correctness (step 904), when the password bad of inputting, the input number of times of password is counted (step 905).If the input number of times of password is in stipulated number at this moment, then the user is urged and again input password.If the input number of times of password has surpassed stipulated number, then abort transactoin (step 906).
When the password of inputting is correct, judge whether organism authentication object card (step 907) of the IC-card 105 insert in S904.This moment, organism authentication object card referred to, and had to implement the required information of organism authentication and the card of program.
Then, when the IC-card 105 that inserts is not organism authentication object card, does not carry out organism authentication and process, wait transaction (step 915) and then carry out payment.When the IC-card 105 that inserts is organism authentication object card, as the in advance preparation that organism authentication is processed, carries out authenticating transactions and begin to process (step 908).Relevant authenticating transactions begins to process, and utilizes following Figure 10 to describe in detail.
After authenticating transactions began the processing end, the CPU601 of ATM501 obtained and launches authentication control software 622 in RAM621.Then, the CPU601 of ATM501 carries out authentication controlling application program 701.Receive this situation, 701 pairs of authentication control of authentication controlling application program middleware 702 sends log-on message and obtains indication.Receive that the authentication control middleware 702 that log-on message is obtained after the indication carries out IC-card control programs 704, obtain by the indicated required information (registrant's information) (step 909) of processing of authentication controlling application program 701 from IC-card 105.In processing required information, comprise Transaction Information and user's names such as account number, business office's number, project, have or not driver's license or insurance certificate etc. can confirm user's information etc. of my certificate and so on.In addition, this moment authentication control middleware 702 is also obtained the preprocessed data of registered in advance in IC-card 105 except the information that obtains certified controlling application program 701 indications and obtain, be stored in the preprocessed data buffer 707.Reason is by obtaining together preprocessed data with authentication controlling application program 701 specified information, can reduce the number of times of access IC-card 105, faster processing time.These data send to authentication control middleware 702, and are stored in the preprocessed data buffer 707.Like this, although the CPU501 of ATM501 becomes main body, carry out the various programs in the authentication control software 622, and carry out processing separately, below, for the purpose of simplifying the description this process is omitted, describe take authentication control middleware 702 as main body.In addition, as mentioned above, also these totally are called control, the processing of being undertaken by control part (unit).
After obtaining log-on message from IC-card 105, authentication control middleware 702 is carried out biometric authentication unit section control program 703, carries out organism authentication and processes (step 910).That is to say, the preprocessed data of storing in the preprocessed data buffer 707 is sent to biometric authentication unit section 508, and 508 indications of biometric authentication unit section are obtained Biont information.Process for this organism authentication, although utilize Fig. 8 to be illustrated, in following Figure 11, also be elaborated.
Then, check organism authentication success or not (step 911), at this, when the organism authentication failure, the enforcement number of times of organism authentication is counted (step 912).If the enforcement number of times of organism authentication is in stipulated number at this moment, the preprocessed data of then will store in RAM621 or program, preserving sends to biometric authentication unit section 508 again, the user is urged the again enforcement of organism authentication.If the enforcement number of times of organism authentication has surpassed stipulated number, then abort transactoin (step 913).Also have, at this moment, in order to improve security, with the deletions such as preprocessed data of storing among the RAM621.And, in S911, when the organism authentication success, as the afterwards processing that organism authentication is processed, carry out authenticating transactions end process (step 914).For this authenticating transactions end process, will utilize following Figure 12 to be elaborated.
After the authenticating transactions end process finishes, carry out the desirable transaction of user, namely carry out and in S901, carried out the transaction (step 915) that transaction is selected.Particularly, if the desirable transaction of user is payment transaction, then accept the input of payment by operating portion 503.If carried out the payment input by the user, then show the amount of money of inputting and press and urge the whether message of correct affirmation button of the amount of money at operating portion 503.If supress the affirmation button of operating portion 503, then carry out the mutually intercommunication of transaction data with server 502.After intercoming mutually, the CPU601 of ATM501 spues bank note, the coin of desired amount of money amount respectively from section of Banknote deposting/drawing out mechanism 506, coin access mechanism section 507, and makes the detail form printing section 604 of card/section of detail form mechanism 504 print transaction data.Then, return IC-cards 105 from section of card/detail form mechanism 504, and print on transaction data on the detail form and send, transaction is finished (step 916).
In addition, if the desirable transaction of user is inquiry into balance, then carry out the mutually intercommunication of transaction data with server 502, after the intercommunication, show deposit or loan balance at operating portion 503 mutually.After demonstration, the user instructed want to close the trade or want to continue to implement other transaction.When wanting to close the trade, to return IC-cards 105 from section of card/detail form mechanism 504, and print on transaction data on the detail form and send according to user's requirement, transaction is finished (step 916).When the user wishes to carry out other transaction enforcements, carry out following processing.
After inquiry into balance, then wish to carry out above-mentioned payment transaction etc. when needing the transaction of organism authentication, again implement organism authentication, and only when the organism authentication success, carry out transaction.Owing to considering the situation of being carried out transaction when not collecting IC-card 105 the user has confirmed the deposit loan balance by inquiry into balance after has left ATM by the 3rd people, by all implementing organism authentication in each transaction, can eliminate such danger, realize the higher ATM system of security.
Also have, in this flow process, although after Password Input, implemented organism authentication, also can make this reversed in order, after organism authentication is implemented, input password.There is following advantage when formerly implementing Password Input, namely owing to identical with general transaction, behind user's plug card, after selecting, initial transaction inputs at once password, even if thereby carry out subsequently organism authentication, operating process also is easy to process the device near present situation.On the other hand, with utilize password to authenticate to compare, when implementing organism authentication first, there is following advantage, namely, if when carrying out organism authentication and organism authentication failure and refuse to conclude the business owing to the people beyond me, just close the trade without Password Input, thereby need not be for the comparison of useless password communicate with server and get final product, can alleviate the burden to server.
Utilize Figure 10, the authenticating transactions among the S908 of key diagram 9 begins to process.Receive that from authentication controlling application program 701 the authentication control middleware 702 after authenticating transactions begins to indicate carries out IC-card control programs 704, carry out and IC-card 105 between connection (step 1001).This formation as mentioned above can be from the state of IC-card 105 reading out datas.But, not relevant with organism authentication data and be when being not suitable with the IC-card that authenticates in the IC-card in IC-card 105, only also can carry out the upper desirable transaction of ATM by the above-mentioned authentication processing of password of utilizing even for example wish, and be preferably in the roughly the same timings of card insertion such as S902 with Fig. 9, utilize other atm softwares outside the authentication control middleware 702, carry out IC-card control program 704, before the processing of S908, finish at least and being connected of IC-card 105.
In addition, in the IC-card 105 in being inserted into card/section of detail form mechanism 504, Biont information register device 101 registered in advance by Fig. 1 have the intrinsic log-on data of user and preprocessed data, and load, store the authentication procedure 711 that authenticates in IC-card 105.This authentication procedure 711 be in IC-card 105 in advance or with the application program that the form that can not rewrite writes, be to the log-on data of registered in advance in the IC-card and the program of mating and comparing by the resulting verify data of the control part of ATM according to specific algorithm.
If the successful connection in S1001 between section of card/detail form mechanism 504 and the IC-card 105, then authentication control middleware 702 is obtained the support authentication mode (or supporting authentication information) (step 1002) that is registered in the IC-card 105.So-called support that authentication mode refers to, the mode of registered in advance in IC-card 105 is the information that can unique decision the breath of verify data or living body feature amount etc. can be implemented authentication processing by which kind of control sequence.For example, in finger vena identification, authentication processing in the IC-card that is supported in the interior authentication processing of the device that authenticates (comparison) in the biometric authentication unit section 508 and in IC-card 105, authenticates, by obtaining the support authentication mode from IC-card 105, can switch authentication control sequence, realize 2 kinds of authentication modes with 1 authentication control program.
With this support authentication mode obtain such, switch the method for authentication control sequence or mode with the information of institute's authentication registration mode, unique decision authentication control sequence in the IC-card etc., in the organism authentication apparatus such as ATM loading terminal, (for example a plurality of authenticate devices have been loaded, the vein authentication apparatus of finger, palm and so on or the iris authentication device of eyes etc.) time, can by switching the control mode of authentication control program, adapt to the control of a plurality of organism authentication apparatus.
Then, judge in step 1002 the whether authentication (step 1003) in the IC-card of resulting authentication mode, not being not carry out transaction processing during authentication in the IC-card, return IC-card 105 (step 916).On the other hand, being in the IC-card during authentication mode, carry out the mutual authentication between ATM501 and the IC-card 105, and authenticating transactions begins processing and finishes (step 1004).So-called mutually authentication refers to following processing, namely, be used for confirming whether the verify data production process 709 in biometric authentication unit section 508 has been tampered into illegal program with authentication procedure 711 grades in being loaded into IC-card 105, perhaps confirms mutual procedural legality between ATM501 and IC-card 105.
Utilize Figure 11, process describing for the organism authentication of the S908 of Fig. 9.As illustrated in fig. 8, this organism authentication process be finally carry out pre-recorded in IC-card 105 log-on data and organism authentication process stylish making verify data between authentication (comparison) and obtain the processing of its comparison result, it is characterized by, in IC-card 105, authenticate the related processing of essence of itself.
Although in the S909 of Fig. 9, by IC-card 105 receive datas, meanwhile, when this organism authentication, from IC-card 105 pre-stored preprocessed data is sent to authentication control middleware 702.Authentication control middleware 702 receives the preprocessed data that is stored in the IC-card 105, is stored in the preprocessed data buffer 707.Moreover, this preprocessed data of storing in the preprocessed data buffer 707 is sent to biometric authentication unit section 508 (step 1101).If biometric authentication unit section 508 receives preprocessed data, then as processing or the parallel processing of getting off, read user's Biont information.
The processing execution of the step 1102 of Figure 11~step 1105 and the roughly the same processing of the step 404 of Fig. 4~step 407 obtain the living body feature amount.Placed finger if can obtain the zone at the image of imageing sensor 607, then had or not to detect with illumination LED 608 by biosome and detect the situation (step 1102) of having placed object (finger), inspection object (finger) is biosome (step 1103) whether.When being not biosome, organism authentication is (step 1104) unsuccessfully at the object that inserts (finger).At the object that inserts (finger) when being biosome, obtained with 609 pairs of biosome irradiations of illumination LED near infrared ray by biosome, obtain biosome image (finger vena pattern) by imageing sensor 607, be stored in the storage part 606 (step 1105).
Then, extract the living body feature amount (step 1106) of performance characteristic data from biosome image (finger vena pattern).Then, under the indication of authentication control middleware 702, carry out verify data production process 709, make thus verify data (step 1107) illustrated in fig. 8.Then, produced verify data is sent to authentication control middleware 702, be stored in the verify data buffer 706.
Authentication control middleware 702 is carried out IC-card control program 704, the verify data of storing in the verify data buffer 706 is sent to IC-card 105, and the authentication procedure 711 in the IC-card 105 is sent organism authentication indication (step 1108).On the other hand, the authentication procedure 711 of storing in IC-card 105 execute cards, the verify data of storing in the verify data buffer 706 to the log-on data of registered in advance in the IC-card 105 and above-mentioned authentication control middleware 702 is compared, carry out organism authentication and process, and make the authentication result data.
Then, IC-card 105 sends to authentication control middleware 702 with the authentication result data, and authentication control middleware 702 is stored in it in authentication control middleware 701 in the authentication result data buffer 705 of (be in the RAM as hardware).Like this, in the transmitting-receiving control procedure of biometric authentication unit section 508 that authentication control middleware 702 is implemented and the data between the IC-card 105, can be to the outside of biometric authentication unit section 508 from the obtained living body feature amount of biosome image (finger vena pattern), and be registered in verify data in the IC-card 105 also less than the outside.Thereby, can prevent that personal information from leaking into the outside of device, therefore the crypticity of personal information is protected, improve security.
Authentication control middleware 702 is carried out biometric authentication unit section control program 703, the authentication result data of storing in the authentication result data buffer 705 are sent to biometric authentication unit section 508, and authentication result determining program 710 is sent authentication result judge indication.Then, carry out authentication result determining program 710, according to the authentication result data that namely are stored in IC-card 105 interior authentication results of carrying out in the authentication result data buffer 705, judge that organism authentication is success or failure.Here as output, biometric authentication unit section 508 will notify to authentication control middleware 702 (step 1109) by authentication success on which position of biosome when authentication success.For example, if the position of organism authentication is finger vena or fingerprint etc., then will point at which (such as the right hand, middle finger etc.) upper authentication success notifies to authentication control middleware 702, if the vein of palm, then will be that the right hand or left hand are notified to authentication control middleware 702, if the iris of eyes then will be that authentication success is notified to authentication control middleware 702 on right eye or the left eye.
When the authentication result failure, judged the reason of authentification failure in the IC-card by authentication result determining program 710, give authentication control middleware 702 with its notice.As reason, preferably such as be accompanied be finger laying method not to or placed the information such as other fingers different from the finger of registering, notice is given authentication control middleware 702, show this reason by authentication controlling application program 701 at operating portion 503 accordingly, therefore can provide operability good device.Like this, differentiate authentication result as example take biometric authentication unit section 508, be illustrated, but also can be following manner, this mode is, can be by the authentication procedure 711 in the IC-card or the control of the authentication after obtaining authentication result data middleware 702 judge success or not and the authentication results such as authentication success position, authentification failure reason of authentication processing.
Authentication control middleware 702 is that the judged result data send to authentication controlling application program 701 with coupling, the comparison result of log-on data and verify data.If the judged result data are authentification failures, then authenticate operating portion 503 that controlling application program 701 makes ATM501 and demonstrate and authenticate again starting image etc., allow the user again implement authentication.At this moment, authentication control middleware 702 preferably will be obtained the obtained preprocessed data of processing by the log-on message of IC-card 105 and continue to remain in the preprocessed data buffer 707, obtain processing owing to can omit the log-on message of IC-card 105, thereby accelerate the authentication processing time.This can also be in order to carry out inquiry into balance to the continuous transaction that needs self acknowledging and when carrying out repeatedly authentication processing in 1 time is patronized of this class of payment transaction, too by not deleted by IC-card 105 obtained preprocessed datas from preprocessed data buffer 707, omit the log-on message of IC-card 105 and obtain processing, carry out the authentication processing in the chain transaction.
Utilize Figure 12, the authenticating transactions end process shown in the S914 of Fig. 9 is described.
If the judged result data are authentication successs, then authenticate 701 pairs of authentication control of controlling application program middleware 702 and send authenticating transactions end indication.Authentication control middleware 702 is carried out IC-card control program 704, and the disconnection process between execution and the IC-card 105.Disconnection between what is called and the IC-card 105 refers to the state that can not access IC-card 105.After disconnecting with IC-card 105, according to the indication that comes Self-certified control middleware 702, organism authentication apparatus control program 703 reaches the produced accordingly related information of authentication with employed personal information in the organism authentications such as living body feature amount in biometric authentication unit section 508, all deletes from storage part.
This is to prevent that personal information etc. from leaking into the validity feature that the outside is improved security.After with the data dump in the biometric authentication unit section 508, institute's canned data deletion (except the chain transaction) in authentication result data buffer 705, verify data buffer 706 and the preprocessed data buffer 707 that authentication control middleware 702 has itself has prevented leakage of information.After the authenticating transactions end process finishes, carry out payment input, with server 502 between mutually intercommunication etc., the payment transaction end.
Above, as utilizing Fig. 1~Fig. 4 that the location registration process of Biont information is described and utilizing Fig. 5~Figure 12 to illustrate the authentication processing of Biont information, for example control, the processing by CPU601, primary storage section 602 carried out on hardware, controls software 622, authentication controlling application program 701 by authenticating on software, authenticates the control of controlling middleware 702, the authentication that Biont information is carried out in processing.Thereby, as mentioned above, both they can be generically and collectively referred to as control, the processing of being undertaken by control part, control gear, also can realize at hardware such as LSI the function of each program.In addition, the various programs of Fig. 7 are not only to start first, carries out when needing in it is processed, if each program is started in advance, carry out the program that needs in the respectively processing, then can shorten the processing time.
In addition, although in Fig. 3, illustrated according to the living body feature amount and made preprocessed data and the mode of the log-on data when this produced preprocessed data and living body feature amount are made authentication, used, but the making of relevant preprocessed data, also can be fully irrelevant with the living body feature amount, and independently make.As mentioned above, preprocessed data has the function of the encryption key (or algorithm) of the log-on data of making when the registration Biont information, has function, the effect of the encryption key of the verify data of making when organism authentication.Thereby, if make preprocessed data according to the living body feature amount, then can become the data corresponding with user's difference, consist of the higher data creating algorithm of security, on the other hand, if independently make mutually preprocessed data with the living body feature amount, also can make in advance the preprocessed data itself that plays a role as encryption key, and become on the whole simple program structure, so save artificial and time, the processing time of registration, authentication shortens.
In addition, although produce preprocessed data according to living body feature amount one step, also can divide several steps to make.Accordingly, there is following such effect, if namely the 3rd people wants to resolve preprocessed data manufacturing process, also because manufacturing process is comparatively complicated, and be difficult to resolve, and parsing needs the time.
In addition, (verify data of making when being included in authentification failure or during chain transaction) is living body feature amount (the comprising picture pattern) mades such as finger according to the user, the information of generation originally because preprocessed data, log-on data, verify data, so can be called the 1st, 2, (biology) information.That is to say, also can think these the 1st, 2, (Biont information) be the information that obtains interior concept and Biont information from comprising the living body feature amount.
Above; since not be used in authenticate device load be enclosed in the terminal information that can determine the individual who registers in the IC-card in the authentication mode in the IC-card of the present invention and by the obtained Biont information of authenticate device (living body feature amount) itself; thereby can protect the crypticity of personal information, realize the higher organism authentication of security.

Claims (16)

1. a bio-authentication control method is controlled organism authentication, it is characterized in that,
Control part receives preprocessed data from portable electron device, and this preprocessed data is to obtain and pre-stored information in above-mentioned portable electron device from the 1st Biont information,
Above-mentioned control part sends to biometric authentication unit section with the above-mentioned preprocessed data that receives,
Above-mentioned control part makes the combination of above-mentioned biometric authentication unit section by the 2nd Biont information and above-mentioned preprocessed data that above-mentioned biometric authentication unit section obtains, makes verify data,
Above-mentioned control part receives above-mentioned verify data from above-mentioned biometric authentication unit section,
Above-mentioned control part sends to above-mentioned portable electron device with received above-mentioned verify data,
Above-mentioned control part is compared log-on data and above-mentioned verify data in above-mentioned portable electron device, this log-on data is combination above-mentioned the 1st Biont information and above-mentioned preprocessed data and the information made, and be pre-stored information in above-mentioned portable electron device
Above-mentioned control part receives the authentication result data of the authentication result between the above-mentioned log-on data of expression and the above-mentioned verify data from above-mentioned portable electron device,
Above-mentioned control part sends to above-mentioned biometric authentication unit section with the above-mentioned authentication result data that receive,
Above-mentioned control part makes above-mentioned biometric authentication unit section make and the organism authentication relevant information of success whether according to above-mentioned authentication result data,
Above-mentioned control part receives whether successful relevant information of above-mentioned and organism authentication from above-mentioned biometric authentication unit section.
2. bio-authentication control method according to claim 1 is characterized in that,
Above-mentioned preprocessed data comprises information that can not determine the individual, and above-mentioned verify data comprises the information that can determine the individual.
3. bio-authentication control method according to claim 1 is characterized in that,
Above-mentioned verify data comprises the above information of stating after preprocessed data is encrypted the 2nd Biont information as encryption key.
4. bio-authentication control method according to claim 1 is characterized in that,
Judge whether authentication mode in the portable electron device of the assistant authentification mode of storing in the above-mentioned portable electron device, if authentication mode in the portable electron device then makes above-mentioned log-on data and above-mentioned verify data compare.
5. bio-authentication control method according to claim 1 is characterized in that,
Judge whether biosome of the finger placed in the above-mentioned biometric authentication unit section, if biosome then makes above-mentioned log-on data and above-mentioned verify data compare.
6. bio-authentication control method according to claim 1 is characterized in that,
Above-mentioned preprocessed data comprises the algorithm of the irreversible conversion processing of use according to the made information of above-mentioned the 1st Biont information, and above-mentioned verify data comprises the algorithm of the irreversible conversion processing of use according to the made information of above-mentioned the 2nd Biont information.
7. bio-authentication control method according to claim 1 is characterized in that,
Above-mentioned preprocessed data comprises can not be from the information of above-mentioned the 1st Biont information of above-mentioned preprocessed data reduction itself, and above-mentioned verify data comprises can not be from the information of above-mentioned the 2nd Biont information of above-mentioned verify data reduction itself.
8. a cash automated trading device carries out the transaction of cash automatically, it is characterized in that,
Have:
Mechanism for card section reads the information of IC-card;
Biometric authentication unit section obtains the user's who utilizes above-mentioned cash automated trading device living body feature amount; And
Control part, above-mentioned control part receives preprocessed data from above-mentioned mechanism for card section, this preprocessed data is to obtain and pre-stored information in IC-card from the 1st Biont information, and above-mentioned control part sends to above-mentioned biometric authentication unit section with the above-mentioned preprocessed data that receives, the 2nd Biont information and above-mentioned preprocessed data that the combination of above-mentioned biometric authentication unit section is obtained by above-mentioned biometric authentication unit section, make verify data, above-mentioned control part receives above-mentioned verify data from above-mentioned biometric authentication unit section, received above-mentioned verify data is sent to above-mentioned IC-card, log-on data and above-mentioned verify data are compared in above-mentioned IC-card, this log-on data is combination above-mentioned the 1st Biont information and above-mentioned preprocessed data and the information made, and be pre-stored information in above-mentioned IC-card, above-mentioned control part receives the authentication result data of the authentication result between the above-mentioned log-on data of expression and the above-mentioned verify data from above-mentioned IC-card, the above-mentioned authentication result data that receive are sent to above-mentioned biometric authentication unit section, above-mentioned biometric authentication unit section is made and the organism authentication relevant information of success whether according to above-mentioned authentication result data, and above-mentioned control part receives whether successful relevant information of above-mentioned and organism authentication from above-mentioned biometric authentication unit section.
9. cash automated trading device according to claim 8 is characterized in that,
Above-mentioned biometric authentication unit section has: biosome irradiation section, to the biosome irradiation light of placing in this biometric authentication unit section; And the image obtaining section, obtain the image by the above-mentioned biosome of above-mentioned biosome irradiation section irradiation;
According to by the obtained above-mentioned living body feature amount of above-mentioned image obtaining section and from above-mentioned IC-card via the received above-mentioned preprocessed data of above-mentioned control part, the algorithm of processing according to irreversible conversion generates above-mentioned verify data.
10. cash automated trading device according to claim 9 is characterized in that,
The authentication control middleware of Biont information authentication processing is carried out in above-mentioned control part storage, according to the above-mentioned authentication control middleware of storing, generate above-mentioned verify data in above-mentioned biometric authentication unit section as indicated, the above-mentioned verify data that generates is sent to above-mentioned IC-card.
11. cash automated trading device according to claim 8 is characterized in that,
Above-mentioned control part also is received in the information of organism authentication success or not on which position of biosome, the reason during the authentication output failure from above-mentioned biometric authentication unit section.
12. cash automated trading device according to claim 8 is characterized in that,
Above-mentioned mechanism for card section set up and above-mentioned IC-card between connection, and read supplementary the organism authentication from above-mentioned IC-card, send to above-mentioned control part,
Above-mentioned control part is according to received above-mentioned supplementary, continues above-mentioned authentication processing during authentication processing in IC-card, in device during authentication processing from the above-mentioned mechanism for card section above-mentioned IC-card that spues.
13. cash automated trading device according to claim 8 is characterized in that,
Above-mentioned control part responds the authentication processing of above-mentioned IC-card, carry out the selected transaction of user, be unsuccessfully the time in the result of above-mentioned authentication processing, will again send to above-mentioned biometric authentication unit section from the received above-mentioned preprocessed data of above-mentioned IC-card, again carry out authentication processing.
14. cash automated trading device according to claim 8 is characterized by,
Have:
Banknote deposting/drawing out section carries out Banknote deposting/drawing out; And
Operating portion to user's display operation content, is accepted the input from the user;
Above-mentioned control part is accepted the desirable payment transaction of user by aforesaid operations section, is successfully the time in the response authentication processing of above-mentioned IC-card and its result, from the above-mentioned Banknote deposting/drawing out section bank note that spues.
15. cash automated trading device according to claim 8 is characterized in that,
Have operating portion, show the content of operation relevant with transaction, detect the input from the user,
Above-mentioned control part detects the desirable inquiry into balance of user by aforesaid operations section, be that above-mentioned comparison result is during success in the response authentication processing of above-mentioned IC-card and its result, show deposit or loan balance in aforesaid operations section, subsequently, if accepted the transaction that needs authentication by aforesaid operations section, then will receive and the above-mentioned preprocessed data of storage send to above-mentioned biometric authentication unit section again from above-mentioned IC-card, according to from the living body feature amount of the new input of biometric authentication unit section and the above-mentioned preprocessed data of again exporting, generate verify data.
16. cash automated trading device according to claim 8 is characterized in that,
Above-mentioned control part is the above-mentioned preprocessed data of temporary transient storage before the selected closing the transaction of user, along with closing the transaction, above-mentioned preprocessed data is deleted processing.
CN2009100082104A 2005-10-19 2006-10-19 Bio-authentication control method and cash automatic traction apparatus Expired - Fee Related CN101504785B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP303838/2005 2005-10-19
JP2005303838A JP4500760B2 (en) 2005-10-19 2005-10-19 IC card authentication system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN2006101360866A Division CN1952985B (en) 2005-10-19 2006-10-19 Ic card identification system

Publications (2)

Publication Number Publication Date
CN101504785A CN101504785A (en) 2009-08-12
CN101504785B true CN101504785B (en) 2013-01-02

Family

ID=38059315

Family Applications (3)

Application Number Title Priority Date Filing Date
CNA2009100082087A Pending CN101504784A (en) 2005-10-19 2006-10-19 Bio-authentication control method
CN2009100082104A Expired - Fee Related CN101504785B (en) 2005-10-19 2006-10-19 Bio-authentication control method and cash automatic traction apparatus
CN2006101360866A Expired - Fee Related CN1952985B (en) 2005-10-19 2006-10-19 Ic card identification system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CNA2009100082087A Pending CN101504784A (en) 2005-10-19 2006-10-19 Bio-authentication control method

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN2006101360866A Expired - Fee Related CN1952985B (en) 2005-10-19 2006-10-19 Ic card identification system

Country Status (3)

Country Link
JP (1) JP4500760B2 (en)
KR (1) KR100848926B1 (en)
CN (3) CN101504784A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019190639A1 (en) * 2018-03-26 2019-10-03 Mastercard International Incorporated System and method for enabling receipt of electronic payments

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5110983B2 (en) * 2007-06-29 2012-12-26 日立オムロンターミナルソリューションズ株式会社 Biometric authentication processing system
CN104009962B (en) * 2013-02-26 2018-01-16 中国银联股份有限公司 Equipment for safety information interaction
CN103997504B (en) * 2014-06-13 2017-11-10 谭知微 Authentication system and auth method
CN104182788A (en) * 2014-08-26 2014-12-03 黑龙江大学 RFID bank card development method based on finger vein identity recognition
JP6192082B1 (en) * 2016-04-27 2017-09-06 ブレイニー株式会社 Biometric data registration system and settlement system
JP2018018324A (en) * 2016-07-28 2018-02-01 株式会社東芝 IC card and portable electronic device
CN106888207B (en) * 2017-02-21 2020-02-21 中国联合网络通信集团有限公司 Authentication method, system and SIM card
CN108038694B (en) * 2017-12-11 2019-03-29 飞天诚信科技股份有限公司 A kind of fiscard and its working method with fingerprint authentication function

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1272188A (en) * 1998-05-21 2000-11-01 保仓丰 Identification card system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR19990010554A (en) * 1997-07-18 1999-02-18 김지태 Fingerprint Card System
KR19990073820A (en) * 1998-03-03 1999-10-05 박기옥 Cash dispenser with fingerprint reader
KR20010025234A (en) * 2000-11-09 2001-04-06 김진삼 A certification method of credit of a financing card based on fingerprint and a certification system thereof
KR100397382B1 (en) * 2001-04-19 2003-09-17 주식회사 안에스티 System of smart card for fingerprinting cognition
JP4088625B2 (en) * 2002-09-13 2008-05-21 富士通株式会社 Biological detection apparatus and method, and authentication apparatus having biological detection function

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1272188A (en) * 1998-05-21 2000-11-01 保仓丰 Identification card system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JP特开2001-168855A 2001.06.22
JP特开平10-312459A 1998.11.24

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019190639A1 (en) * 2018-03-26 2019-10-03 Mastercard International Incorporated System and method for enabling receipt of electronic payments

Also Published As

Publication number Publication date
CN1952985A (en) 2007-04-25
JP4500760B2 (en) 2010-07-14
JP2007114911A (en) 2007-05-10
CN101504784A (en) 2009-08-12
CN1952985B (en) 2011-06-22
KR100848926B1 (en) 2008-07-29
CN101504785A (en) 2009-08-12
KR20070042898A (en) 2007-04-24

Similar Documents

Publication Publication Date Title
CN101504785B (en) Bio-authentication control method and cash automatic traction apparatus
US6011858A (en) Memory card having a biometric template stored thereon and system for using same
CN1959750B (en) cash automatic access system and device
EP1508883A2 (en) Credit card application automation system
US20020095389A1 (en) Method, apparatus and system for identity authentication
US20070131759A1 (en) Smartcard and magnetic stripe emulator with biometric authentication
CN1855155B (en) Automated teller machine
CN100578558C (en) Transaction processing system
AU2009313971A1 (en) Device including authentication glyph
CN105229709B (en) Security ststem
CN100565596C (en) Individual authentication system, its method and host apparatus thereof
CN109426963A (en) Authenticate the biometric system of biometrics request
EP1061482B1 (en) Method, system, and apparatus for transmitting, receiving, and displaying information
JP2007164423A (en) Personal identification system and personal identification method
JP4834785B2 (en) Automatic cash deposit system and apparatus
US20120271764A1 (en) Financial trade method and trade system using mobile device for the same
JP2010049387A (en) Automated teller system, service management server, automated teller machine and automated teller method
JP4117335B2 (en) IC card authentication system
JP4500834B2 (en) IC card authentication system
CN101482996A (en) Finance terminal and finance system and its implementing method
CN1321389C (en) System and method of paying transaction
US20130126604A1 (en) All-card-in-one system
JP2016173680A (en) Automatic transaction device and automatic transaction method
JP2006099313A (en) Transaction system
RU2589847C2 (en) Method of paying for goods and services using biometric parameters of customer and device therefore

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130102

Termination date: 20181019

CF01 Termination of patent right due to non-payment of annual fee