JPH11149453A - Information processing apparatus and method - Google Patents

Abstract

(57) [Summary] [PROBLEMS] To enable safe and reliable storage of highly confidential specific information such as an individual password, and to avoid the danger that the specific information will be misused by others. A biometric information acquisition unit acquires information representing individual characteristics, for example, a fundus image, and a feature extraction unit extracts a feature amount from the obtained fundus image. The code sequence generation unit 103 generates code sequence data based on the extracted feature amount. The encryption unit 105 uses the generated code string data as an encryption key, and uses the password information input unit 104
Then, the personal password input through the personal computer is encrypted, and the encrypted password is stored in the storage device 106 in combination with the ID information of the personal.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information processing apparatus for controlling reading of stored specific information based on a biological characteristic of a human, and a method thereof.

[0002]

2. Description of the Related Art At present, network systems have evolved,
Many technologies such as electronic payment and electronic money on a network are being studied. At this time, if the individual intends to conduct the transaction electronically, the individual making the transaction must be accurately identified from a remote place. Therefore, studies are being made on a so-called asymmetric public key type encryption system such as the RSA method. I have.

On the other hand, in order to more accurately authenticate a specific individual, an ophthalmologic apparatus such as a fundus camera electronically captures a fundus image using a solid-state image sensor such as an area CCD, and a video signal obtained by electronically capturing a video signal from a hard disk or the like. 2. Description of the Related Art There is known an individual identification device which stores an image in a storage medium, compares a past fundus image stored in the storage medium with a current fundus image newly photographed, and identifies an individual. .

[0004]

In the above-described encryption system according to the prior art, it is necessary to set a password called a secret key in order to identify an individual. However, in order to prevent others from stealing the key, the password must be complicated to some extent, exceeding the limit that can be memorized by an individual, and becoming impractical.

Therefore, a method of storing such a password on some storage device instead of storing it individually is also conceivable. However,
When such a configuration is employed, there is no guarantee that the contents of the storage device will not be read out by others, and there is a problem in terms of security.

[0006] When personal authentication is to be performed using the biometric characteristics of an individual, information for specifying the individual, that is, image information obtained by electronically photographing the fundus of the individual in the above-described conventional example is stored in a storage device in advance. I have to keep it.
Therefore, there is a problem that if the stored information is stolen, reliable personal authentication becomes impossible.

At present, no method has been proposed to solve the problem of personal authentication in electronic transactions as described above.

[0008] The present invention has been made in view of the above-mentioned problems, and can store highly confidential specific information such as an individual's password in a safe and secure manner, and the specific information can be misused by others. It is an object of the present invention to provide an information processing apparatus and a method for avoiding the danger that the information will be lost.

[0009]

An information processing apparatus according to one embodiment of the present invention for achieving the above object has, for example, the following configuration. That is, acquiring means for acquiring biometric information representing characteristics of an individual, extracting means for extracting a characteristic amount from information obtained by the acquiring means, and generating code data based on the characteristic amount extracted by the extracting means. Generating means for performing encryption, encrypting the password of the individual using the code data generated by the generating means as an encryption key, and identification identifying the individual and the password encrypted by the encrypting means. Storage means for storing information as a pair.

Further, an information processing apparatus according to another aspect of the present invention for achieving the above object has, for example, the following configuration. That is, based on the input identification information, a reading unit that reads out encrypted password information corresponding to the identification information, an obtaining unit that obtains biometric information representing a characteristic of an individual, and information obtained by the obtaining unit. Extracting means for extracting a feature quantity; generating means for generating code data based on the feature quantity extracted by the extracting means; and code data generated by the generating means as an encryption key and read by the reading means. A decrypting unit for decrypting the output encrypted password; and an output unit for outputting data decrypted by the decrypting unit as a password corresponding to the identification information.

[0011]

Preferred embodiments of the present invention will be described below with reference to the accompanying drawings.

<First Embodiment> In the embodiments described below, explanations will be made using information generally called a password as confidential information to be stored. However, the present invention is intended to be kept secret by other individuals. The present invention can be similarly applied to storage of information to be stored, for example, secret key data in an asymmetric public key cryptosystem.

FIG. 1 is a block diagram showing a schematic configuration of the personal authentication device according to the first embodiment. In the figure, 1
Denotes a CPU, which implements various controls of the personal authentication device. Reference numeral 2 denotes a ROM, which stores a control program executed by the CPU 1. Reference numeral 3 denotes a RAM, which provides a work area when the CPU 1 executes various controls.

Reference numeral 4 denotes a CCD camera, which captures a fundus image of the user. The fundus image captured by the CCD camera 4 is RA
It is stored in M3 and processed by CPU1. Reference numeral 5 denotes a display, which performs various displays under the control of the CPU 1. Reference numeral 6 denotes a keyboard for inputting a password and the like. A storage device 106 stores various information such as password information. Reference numeral 7 denotes a system bus, which connects the above-described components.

FIG. 2 is a block diagram showing a functional configuration for realizing encryption of password information according to the first embodiment. Hereinafter, the procedure for encrypting the password information will be described with reference to FIG.

In the present embodiment, it is assumed that a password of a specific individual is predetermined for a certain system. The password information is expressed as a combination of a plurality of symbols, and needs to be stored in a manner not known to a specific individual. Generally, a specific individual stores the password information only in his / her own memory. As described above, a password that relies on such personal memory cannot be used with a very complicated password due to its limited memory. Therefore, in the present embodiment, a method will be described in which a password is securely stored and a complicated password can be used without any problem. In the configuration of FIG. 2, the password information is encrypted and stored in a specific storage device (a known storage device such as a magnetic recording medium is used), thereby improving the security of password storage.

In FIG. 2, reference numeral 101 denotes a biometric information acquisition unit which acquires biometric information of a specific individual. The biological information acquisition unit 101 is effective for identifying a specific individual, such as capturing a retinal blood vessel pattern of the fundus with a fundus camera using a CCD imaging device, or acquiring a fingerprint pattern image two-dimensionally. The biological information that is said to be obtained is obtained by a known method. In this example, a fundus image is acquired by a fundus camera (CCD camera 4) and
It shall be stored in AM3.

Reference numeral 102 denotes a feature extraction unit, which performs feature extraction from the biological information obtained by the biological information acquisition unit 101. For example, as a method of extracting a feature amount from a blood vessel pattern of a fundus, a technique disclosed in Japanese Patent Application Laid-Open No. 7-213511 (“personal identification device”) can be used. In this method, the center of the nipple is detected from the fundus image, and the fundus image is scanned concentrically from the center position to detect the angle component of the position where the blood vessel exists.

In Japanese Unexamined Patent Publication No. 7-213611, the detected angle component is compared with data stored in advance as a reference pattern of a specific individual to detect whether or not the user is the person. In the present embodiment, the code sequence generation unit 103 generates a code sequence based on the obtained angle components.

The operation of the court sequence generator 103 will be described. 3 and 4 are diagrams for explaining a method of extracting an angle component from a fundus image captured by the CCD camera 4. FIG. In FIG. 3, an appropriate pre-process is performed on the fundus image obtained by the CCD camera so that the blood vessel 201 is blackened.
The quantified result is conceptually represented. For such an image, first, a point 202 corresponding to the center of the nipple is determined from the blood vessel pattern 201. Next, assuming a circle having a predetermined radius centered on the point 202 (a broken-line circle indicated by 203 in FIG. 3), an intersection with the blood vessel pattern (represented by a white circle 204 in FIG. 3) is obtained. .

FIG. 4 shows the circle 203 and the white circle 204 extracted. As shown in FIG. 4, a plurality of intersections (white circles 204, there are seven in the figure) divide the circle 203 into a plurality of arcs, and the angles T1 to T7 of each arc can be determined.

The code string generator 103 generates the T1 to T7
To generate code string information. For example, T1 = 1
09 degrees, T2 = 40 degrees, T3 = 32 degrees, T4 = 25 degrees,
Assuming that T5 = 54 degrees, T6 = 62 degrees, and T7 = 38 degrees, the following 21-digit decimal numbers obtained by sequentially arranging each as a 3-digit integer, C = 109040032025054062038... (1) It can be column C.

On the other hand, from the password information input unit 104, personal password information P is input. This password information P is uniquely determined for a specific individual, and usually must be stored in a manner that is absolutely unknown to others. Therefore, they often exist as information based on personal memory. In the present embodiment, such password information is converted by the method described below.
It is possible to store data in a general storage device while maintaining high confidentiality.

The encryption section 105 encrypts the password information P using the code information C obtained by the code string generation section 103, and encodes the encrypted information (referred to as E (P, C)). It is stored in the storage device 106. Here, as the storage device 106, a normal storage device is sufficient. Because even if the encrypted information E (P, C) is known to others, it is almost impossible to know the original password information P without knowing the code information C used as the encryption key. That's why.

Here, as an encryption method in the encryption unit 105, a normal encryption method using an encryption key, for example, DES (Data Encryption Standard) or FEAL (Fa
st Encryption Algorithm). Whichever encryption method is adopted, by encrypting the password information P using the code string C based on the biometric information generated by the feature extracting unit 102 and the code string generating unit 103 as an encryption key, It is possible to safely store personal password information. FIG. 5 is a flowchart illustrating the procedure of the password storage process according to the first embodiment. Note that this procedure is realized by the control of the CPU 1, and it is assumed that a control program that defines the control is stored in the ROM 2. However, it goes without saying that the control program may be stored in a storage medium such as a floppy disk or a hard disk, and loaded into the RAM 3 at the time of execution. Further, each control program for realizing the control represented by each flowchart described later is also stored in the ROM or a storage medium such as a floppy disk or a hard disk, and is loaded into the RAM 3 at the time of execution.

When an instruction to start registration of a password is issued, the processing after step S11 in FIG. 5 is started. First, in step S11, identification information (using an ID number) of the user is input from the keyboard 6. Next, in step S12, the password of the user is input from the password information input unit 104. Subsequently, in step S13, the biological information acquisition unit 101 acquires a fundus image using the CCD camera 4, and stores the image data in the RAM 3. In step S14, the feature extraction unit 102 extracts a feature amount of the fundus image. Then, in step S15, the code sequence generation unit 103 executes step S15.
A code string is generated from the feature amounts extracted in 14. In step S16, the password input in step S12 is encrypted using the code string obtained in step S15 as an encryption key. Then, in step S17,
The encrypted password E (P, P,
C) is stored in the storage device 106 as a pair with the ID information input in step S11.

The method for storing password information has been described above. Next, reproduction of the encrypted password information will be described with reference to FIG.

FIG. 6 is a block diagram for explaining a functional configuration for a password reproducing process according to the first embodiment. In the figure, the elements that realize the same functions as in FIG. 2 are given the same reference numerals.

When there is a request to reproduce the password information, for example, the ID information input by the keyboard 6 and the encrypted password information E (P, C) stored in the storage device 106 are read out, and the decryption unit It is sent to 107. At the same time, the biometric information acquisition unit 101, the feature extraction unit 102, and the code string generation unit 103, as in the case of encrypting the password described with reference to FIG. To generate a code string C ′. The decryption unit 107 generates a password P from the code string C 'and the encrypted password information E (P, C), and the password information output unit 108 provides the password to a predetermined system.

Here, as long as the code string C 'generated from the password requester requesting the password reproduction is not equal to the code string C at the time of encryption, that is, unless the requester is the same person as at the time of encryption, The password information P cannot be reproduced. Therefore, unless the password registrant and the password requester are the same person (unless the biological information of both passwords match), a correct password cannot be obtained,
Passwords can be stored securely.

FIG. 7 is a flowchart showing the procedure of password reproduction according to the first embodiment. First, in step S21, when the password reproduction requester inputs the ID information, the encrypted password stored as a pair with the ID information is read from the storage device 106 in step S22.

On the other hand, the fundus image of the password requester is photographed by the CCD camera 4, a feature amount is extracted from the obtained fundus image, and a code string is generated from the extracted feature amount (steps S23 to S25). In step S26, the encrypted password read out in step S22 is decrypted using the code string obtained in step S25 to generate a password. Then, in step S27, the password decrypted and generated in step S26 is output to a predetermined system.

The above operation is ensured because the fundus blood vessel pattern is completely different for each individual, and one individual has a feature that it is invariant for life. That is, the code sequence generated above is always the same code sequence for the same person, and a different code sequence is always generated for another person.

Such biological characteristics include a fingerprint pattern, a voiceprint included in voice, a gene sequence included in DNA, and the like in addition to the above-described fundus blood vessel pattern.
The point is that the stability and uniqueness of the code string generation can be ensured (that is, the same and unique code string can always be generated for the same individual).

<Second Embodiment> In the above embodiment,
The system has been described on the assumption that the code sequence generated from the biometric information is always the same code sequence for the same person, and is always different from the code sequence generated from the biometric information of another person. In the second embodiment, a case where different code strings may be generated for the same person will be described.

The configuration of the personal authentication device according to the second embodiment is the same as that of the first embodiment (FIG. 1). FIG. 8 is a block diagram illustrating a functional configuration for a password storage process according to the second embodiment.

As in the first embodiment, the biometric information acquiring unit 301, the feature extracting unit 302, and the code string generating unit 303 acquire the biometric information (fundus image in this example) of the password registration requester. Extract features from biological information,
A code sequence is generated from the extracted features. As a result,
A code sequence C specific to the registration requester is generated.

Next, the password generation section 304 generates personal password information P based on the obtained code string C. Further, the encryption unit 305 includes the password generation unit 3
The password generated in step 04 is encrypted.

A special function F generally called a one-way function is used to determine a password. If the input is x and the output is y, and y = F (x) (2), it is easy to obtain y from x, but it is very difficult to obtain x by giving y. Is a function that is difficult to perform. As such a function, for example, the following non-linear function called a logistic function can be considered.

Y = F (x) = 4x (1-x) ^ 2 (3) where p ^ q represents p to the qth power.

Password generation unit 304 and encryption unit 30
The above functions can be used in password generation and encryption in 5. That is, the code sequence C generated by the code sequence generation unit 303 is set to the initial value x0.
Here, C is 2 as shown in the equation (1) of the first embodiment.
Let it be a single digit integer. On the other hand, x in equation (3)
Is a real number from 0 to 1, so the value of equation (1) is
The value obtained by dividing by 000000000000 (1 × 10 ^ 21) and converting it to a real value in the range of 0 to 1 is used as x0.

The output y0 is obtained by substituting x0 obtained as described above for x in equation (3). That is, y0 = F (x0) = 4 (x0) (1-x0) ^ 2 (4)

Next, the same conversion is performed by using the obtained y0 as x1 to obtain y1. That is, x1 = y0 y1 = F (x1) = 4 (x1) (1-x1) ^ 2 (5)

Further, y2 = F where y1 obtained is x2.
(X2), and so on.
When it is repeated 00 times, y100 is obtained. In this example, this y1
00 is a password P obtained by the password generation unit 304.

Next, the encryption unit 305 uses this y100 as an initial value and repeats conversion by the same function 100 more times to obtain y200.
(P) is stored in the storage device 306.

From the above-described nature of the one-way function, the stored encrypted information E (P) = y200 to the password information P =
It is virtually impossible to reverse y100. Naturally, it is practically impossible to reversely calculate the original code sequence C from y200. Therefore, the information stored in the storage device 306 can be safely stored.

FIG. 9 is a flowchart for explaining a procedure for storing a password according to the second embodiment. When the storage of the password is started, first, in step S31, the ID information of the storage requester is input. The input of the ID information is performed from the keyboard 6.

Next, the fundus image of the storage requester is photographed by the CCD camera 4, and a feature amount is extracted from the obtained fundus image, and a code string is generated from the extracted feature amount (steps S32 to S34). Then, in step S35,
The password generation unit 304 converts the code string into a real value in the range of 0 to 1, and generates a password by repeating the operation of the function as shown in the above equation (3) 100 times. Subsequently, in step S36, the encryption unit 305 repeats the function operation of the expression (3) 100 times using the password obtained in step S35 as an initial value, and encrypts the password.

In step S37, the password obtained in step S35 and the ID information input in step S31 are provided as a pair to a predetermined system. The system performs security management (authentication processing) using the provided password. In step S38,
The encrypted password obtained in step S36 is paired with the ID information and stored in the storage device 306.

Next, a procedure for reproducing a password in the second embodiment will be described. FIG. 10 is a block diagram illustrating a functional configuration for a password reproduction process according to the second embodiment. When a password reproduction request is made, as described above with reference to the first embodiment and FIG.
1. The feature extracting unit 302 and the code string generating unit 303 obtain the biometric information (fundus image in this example) of the reproduction requester, extract the feature quantity from the biometric information, and convert the code string from the extracted feature quantity. Generate. As a result, a code sequence C ′ unique to the playback requester is generated.

The cryptographic verification unit 307 sets C ′ to the initial value x0
Y0 is obtained by the function of the above-described equation (3), y1 = F (x1) is then obtained by setting y0 to x1, and so on.
Y100 and y200 are obtained by the same procedure as in the encryption. Then, the obtained y200 is compared with the encrypted information E (P) stored in the storage device 306, and if they match, the code string C 'is the same as the code string C of the password owner. The certified y100 is output to the system via the password information output unit 309 as the password information P.

On the other hand, when y200 does not match the encrypted password E (P) stored in the storage device 306, the cryptographic verification unit 307 requests the biometric information acquisition unit 301 to reacquire the biometric information. This means that biometric information cannot always be obtained stably, and even if the subject is the password owner, the obtained code sequence C ′ may be slightly different from the original code sequence. Because there is. For this reason, for example, when acquiring a fundus image, the biological information acquisition unit 301 may cause the subject's eyeball position to be slightly shifted with respect to the imaging device before taking an image.
Alternatively, fine adjustment of the brightness of the light source for illuminating the fundus is performed, and then imaging is performed again, and the reacquisition of the biological information is repeated until the subtle deviation of the code string is eliminated.

The request for re-acquisition is sent to the biological information acquisition unit 30.
1, the feature extraction unit 302 and the code string generation unit 303
You may go to. In this case, the generation of the code string is repeated while changing the threshold value of the binarization when extracting the feature amount from the fundus image in several steps, or changing the accuracy of determining the angle of the blood vessel. .

If a code string C 'that matches E (P) appears in such a plurality of trials, the password information can be read there. The upper limit of the number of retries is set in advance, and if the number of retries is exceeded, it is determined that the target person is not the password owner, and the process ends without outputting the password.

FIG. 11 is a flowchart for explaining the procedure for obtaining a password according to the second embodiment. When the requester of the password reproduction activates this processing and inputs the requester's ID information from the keyboard 6 in step S41, the counter n for counting the number of trials is set to 0 in step S42.

On the other hand, the biometric information acquisition unit 301, the feature extraction unit 302, and the code string generation unit 303 photograph the fundus image of the password requester with the CCD camera 4, and extract the feature amount from the obtained fundus image. A code sequence C ′ is generated from the extracted feature amounts (steps S43 to S4).
5). Then, in step S46, the cryptographic verification unit 3
07 generates a password by repeating the operation by the function shown in the expression (3) 100 times using the code string C ′. In step S46, the encrypted password is generated by repeating the operation by the function shown in equation (3) 100 times using the password generated in step S45.

In step S48, the encrypted password generated in step S47 is compared with the encrypted password read from the storage device 306 based on the ID information input in step S41. As a result of this comparison, if they match, it is determined that the authentication has been established, and step S4
From step 9, the process proceeds to step S50, and the password obtained in step S46 is output.

On the other hand, if the comparisons in step S48 do not match, steps S49 to S51
Proceed to. In step S51, it is checked whether or not the counter n has exceeded a predetermined number of times, that is, whether or not cryptographic verification has been attempted more than the predetermined number of times. Counter n
If the value exceeds a predetermined number, the process proceeds to step S54.
Notify that authentication failed.

If the value of the counter n is equal to or less than the predetermined number, the flow advances to step S52 to change the photographing condition. In step S53, the counter n is incremented by one and the flow returns to step S43. That is, the photographing conditions are changed and the fundus image is captured again. As described above, when the retry is instructed to the feature extraction unit 302, for example, the binarization condition is set again in step S52, and the process proceeds to step S52.
After incrementing the counter n by one in 53, the process returns to step S44.

In the second embodiment, a fingerprint pattern, a voiceprint included in voice,
Alternatively, a gene sequence or the like contained in DNA can be used. Further, according to the second embodiment, even if a factor that is unstable in feature extraction to some extent is included, it is possible to absorb the factor and determine the person.

In the second embodiment, the generated password P is output as it is to the authentication system.
In some cases, a necessary password may be determined in advance. In this case, assuming that the predetermined password is P ′, the generated password P
Is also created when P is generated,
This procedure may be stored in the storage device at the same time as the ID information and the encrypted password E (P) (there is no problem even if the procedure itself is known to others). For example, if P is "123" and P 'is "456",
The procedure of “adding 3 to each digit of P” is stored, and P ′ can be obtained by adding 3 to each digit of the password P generated at the time of reading out the password. What is necessary is just to output.

The present invention is applied to a system composed of a plurality of devices (for example, a host computer, an interface device, a reader, a printer, etc.), and manages such as restricting access to each device for each individual. You can also. Of course, the present invention can be applied to an apparatus including one device (for example, a copying machine, a facsimile machine, and the like).

Another object of the present invention is to supply a storage medium storing program codes of software for realizing the functions of the above-described embodiments to a system or an apparatus, and to provide a computer (or CPU) of the system or the apparatus.
And MPU) read and execute the program code stored in the storage medium.

In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiment, and the storage medium storing the program code constitutes the present invention.

As a storage medium for supplying the program code, for example, a floppy disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD
-R, a magnetic tape, a nonvolatile memory card, a ROM, or the like can be used.

When the computer executes the readout program code, not only the functions of the above-described embodiment are realized, but also an OS (Operating System) running on the computer based on the instruction of the program code. ) May perform some or all of the actual processing, and the processing may realize the functions of the above-described embodiments.

Further, after the program code read from the storage medium is written into a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, based on the instructions of the program code, It goes without saying that the CPU included in the function expansion board or the function expansion unit performs part or all of the actual processing, and the processing realizes the functions of the above-described embodiments.

[0068]

As described above, according to the present invention, highly confidential specific information such as a personal password can be stored safely and reliably, and the specific information can be misused by others. Danger can be avoided.

[0069]

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a schematic configuration of a personal authentication device according to a first embodiment.

FIG. 2 is a block diagram illustrating a functional configuration for implementing encryption of password information according to the first embodiment.

FIG. 3 is a diagram illustrating a method for extracting an angle component from a fundus image captured by a CCD camera 4.

FIG. 4 is a diagram illustrating a method of extracting an angle component from a fundus image captured by a CCD camera 4.

FIG. 5 is a flowchart illustrating a procedure of a password storage process according to the first embodiment.

FIG. 6 is a block diagram for explaining a functional configuration for a password reproduction process according to the first embodiment.

FIG. 7 is a flowchart illustrating a procedure of password reproduction according to the first embodiment.

FIG. 8 is a block diagram illustrating a functional configuration for password storage processing according to a second embodiment.

FIG. 9 is a flowchart illustrating a procedure for storing a password according to the second embodiment.

FIG. 10 is a block diagram illustrating a functional configuration for a password reproduction process according to a second embodiment.

FIG. 11 is a flowchart illustrating a procedure for acquiring a password according to the second embodiment.

Claims (19)

[Claims] An acquisition unit configured to acquire biological information representing a characteristic of an individual; an extraction unit configured to extract a feature amount from information obtained by the acquisition unit; and a code based on the feature amount extracted by the extraction unit. Generating means for generating data; encrypting means for encrypting a password of the individual using the code data generated by the generating means as an encryption key; and encrypting the password and the individual encrypted by the encrypting means. An information processing apparatus comprising: storage means for storing identification information to be specified in pairs. 2. A reading unit that reads encrypted password information corresponding to the identification information based on the input identification information; an obtaining unit that obtains biometric information representing a characteristic of an individual; Extracting means for extracting a characteristic amount from the extracted information; generating means for generating code data based on the characteristic amount extracted by the extracting means; and using the code data generated by the generating means as an encryption key, A decryption means for decrypting the encrypted password read by the means; and an output means for outputting data decrypted by the decryption means as a password corresponding to the identification information. apparatus. 3. The obtaining means obtains a fundus image, and the feature amount extracting means obtains an image of a blood vessel pattern from the fundus image, and obtains a circumference of a predetermined radius around the center of the nipple of the blood vessel pattern. Angle information representing the position of a plurality of intersections with each blood vessel in the blood vessel pattern is used as a feature amount, and the generation unit generates code data by arranging a plurality of angle data included in the angle information. The information processing apparatus according to claim 1, wherein 4. An acquisition unit for acquiring biometric information representing characteristics of an individual; an extraction unit for extracting a feature amount from information obtained by the acquisition unit; and a code based on the feature amount extracted by the extraction unit. Generating means for generating data; password generating means for generating a password for the individual by performing a predetermined operation on the code data generated by the generating means; and encrypting the password generated by the password generating means. An information processing apparatus comprising: an encryption unit that obtains an encrypted password; and a storage unit that stores the password encrypted by the encryption unit and identification information that specifies the individual in a pair. 5. The information processing apparatus according to claim 4, further comprising a notifying unit for notifying a system of the password generated by said password generating unit. 6. A reading unit that reads encrypted password information corresponding to the identification information based on the input identification information, an obtaining unit that obtains biometric information representing a characteristic of an individual, Extracting means for extracting a characteristic amount from the extracted information; generating means for generating code data based on the characteristic amount extracted by the extracting means; and encrypting the password generated by the generating means to obtain an encrypted password. Encrypting means; comparing means for comparing the encrypted password obtained by the main encrypting means with the encrypted password obtained by the reading means; as a result of the comparison by the comparing means, the two encrypted passwords match. An output unit that outputs the password generated by the generation unit when the password is generated. 7. The generating means obtains a password by repeating a calculation by a one-way function on the code data a predetermined number of times, and the encrypting means obtains the password obtained by the generating means. 5. The method according to claim 4, wherein the password is encrypted by repeating the operation using the direction function a predetermined number of times.
An information processing apparatus according to any one of claims 1 to 6. 8. The information processing apparatus according to claim 1, wherein the acquisition unit captures a fundus image of a human and acquires the image information as the biological information. 9. The information processing apparatus according to claim 1, wherein the acquisition unit analyzes a human voice signal and acquires voiceprint information as the biological information. 10. The information processing apparatus according to claim 1, wherein the acquisition unit acquires a human fingerprint pattern as the biometric information. 11. The information processing apparatus according to claim 1, wherein the acquisition unit acquires a gene sequence contained in human DNA as the biological information. 12. An acquisition step of acquiring biometric information representing a characteristic of an individual; an extraction step of extracting a feature amount from the information obtained in the acquisition step; and a code based on the feature amount extracted in the extraction step. A generation step of generating data; an encryption step of encrypting the password of the individual using the code data generated in the generation step as an encryption key; and a password encrypted in the encryption step and the individual. Storing a pair of identification information to be specified in a storage medium. 13. A reading step of reading encrypted password information corresponding to the identification information from a storage medium based on the input identification information, an obtaining step of obtaining biometric information representing characteristics of an individual, and the obtaining step An extracting step of extracting a characteristic amount from the information obtained by the extracting step; a generating step of generating code data based on the characteristic amount extracted in the extracting step; and using the code data generated in the generating step as an encryption key. A decrypting step of decrypting the encrypted password read in the reading step, and an output step of outputting the data decrypted in the decrypting step as a password corresponding to the identification information. Information processing method. 14. An acquisition step of acquiring biometric information representing a characteristic of an individual; an extraction step of extracting a feature amount from the information obtained in the acquisition step; and a code based on the feature amount extracted in the extraction step. A generating step of generating data; a password generating step of generating a password for the individual by performing a predetermined operation on the code data generated in the generating step; and encrypting the password generated in the password generating step. An information processing method comprising: an encryption step of obtaining an encrypted password; and a storage step of storing the password encrypted in the encryption step and identification information for identifying the individual in a storage medium in pairs. Method. 15. A reading step of reading encrypted password information corresponding to the identification information based on the input identification information; an obtaining step of obtaining biological information representing a characteristic of an individual; An extracting step of extracting a feature amount from the extracted information; a generating step of generating code data based on the feature amount extracted in the extracting step; and encrypting the password generated in the generating step to obtain an encrypted password. An encrypting step; a comparing step of comparing the encrypted password obtained in the encrypting main step with the encrypted password obtained in the reading step; and a result of the comparison in the comparing step, the two encrypted passwords match. And an output step of outputting the password generated in the generation step. 16. A storage medium for storing a control program for realizing a process for saving a password, the control program comprising: a code of an acquisition step of acquiring biometric information representing characteristics of an individual; A code of an extraction step of extracting a feature amount from the information obtained by the above, a code of a generation step of generating code data based on the feature amount extracted in the extraction step, and encrypting the code data generated in the generation step. A code of an encryption step for encrypting the password of the individual using as a key; and a storage step of storing the password encrypted in the encryption step and identification information for identifying the individual in a storage medium as a pair. A storage medium comprising a code. 17. A storage medium for storing a control program for realizing a process for acquiring a password, the control program comprising, based on input identification information, encrypted password information corresponding to the identification information , A code of an acquisition step of acquiring biological information representing characteristics of an individual, a code of an extraction step of extracting a feature amount from the information obtained by the acquisition step, and the extraction step. A code of a generation step of generating code data based on the feature amount extracted in the step, and a decryption of decrypting the encrypted password read in the reading step using the code data generated in the generation step as an encryption key. And a code of an output step of outputting data decrypted in the decrypting step as a password corresponding to the identification information. And a storage medium. 18. A storage medium for storing a control program for realizing a process for saving a password, the control program comprising: a code of an acquisition step of acquiring biometric information representing characteristics of an individual; A code of an extraction step of extracting a feature amount from the information obtained by the above, a code of a generation step of generating code data based on the feature amount extracted in the extraction step, and a code data generated in the generation step. A code of a password generation step of generating a password of the individual by performing a predetermined operation; a code of an encryption step of encrypting the password generated in the password generation step to obtain an encrypted password; and the encryption step A code of a storage step of storing the password encrypted in the above and the identification information for identifying the individual in a storage medium in pairs. A storage medium comprising: 19. A storage medium for storing a control program for realizing a process for acquiring a password, the control program comprising, based on input identification information, encrypted password information corresponding to the identification information A code of an acquisition step of acquiring biological information representing characteristics of an individual; a code of an extraction step of extracting a feature amount from the information obtained by the acquisition step; A code of a generation step of generating code data based on the obtained characteristic amount; a code of an encryption step of encrypting the password generated in the generation step to obtain an encrypted password; and a code of the encryption main step. A code of a comparing step of comparing the encrypted password with the encrypted password obtained in the reading step, and a result of the comparison in the comparing step, If Goka passwords match, the storage medium characterized by comprising a code output step of outputting a password generated by said generating step.