ID system and program, and ID method
First Claim
1. An ID system comprising a server device, a biometric authentication device, and a device authentication unit, wherein:
- the device authentication unit issues a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy;
the server device transmits a biometric authentication request including information that can identify the request to the biometric authentication device;
the biometric authentication device transmits the information that can identify the request, a user information and a biometric authentication result to the server by adding a signature that is formed with a secret key that is peculiar to the biometric authentication device; and
the server device verifies the signature of the transmitted data by using an encrypting key that corresponds to the secret key peculiar to the biometric authentication device so as to check the result of biometric authentication that is conducted at the biometric authentication device by corresponding to the request under a guarantee of the biometric authentication device, and check the biometric authentication result under a guarantee of the device authentication unit based on the biometric authentication result that is checked under the guarantee of the biometric authentication device and the device certificate issued from the device authentication unit so as to confirm that it is the biometric authentication result corresponding to the request.
0 Assignments
0 Petitions
Accused Products
Abstract
[PROBLEMS] To appropriately authenticate a user, a biometric device, and an authentication timing of a client side and prevent leak or tampering of the biometric information.
[MEANS FOR SOLVING PROBLEMS] A server device includes: a unit for encrypting information for requesting biometric authentication and identifying the request by using a public key of the biometric authentication device and transmitting the information; and a unit for authenticating the user according to the authentication information containing the result of the biometric authentication. The biometric authentication device includes: a unit for inputting biometric information; a unit for storing a template as biometric information registered in advance together with the user information; a unit for collating the biometric information inputted by the user with the template; a unit for adding a digital signature to the authentication information containing the collation result, information for identifying the request from the server device, and the template user information, by using a secret key of the local device and transmitting the authentication information to the server device.
-
Citations
10 Claims
-
1. An ID system comprising a server device, a biometric authentication device, and a device authentication unit, wherein:
-
the device authentication unit issues a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy; the server device transmits a biometric authentication request including information that can identify the request to the biometric authentication device; the biometric authentication device transmits the information that can identify the request, a user information and a biometric authentication result to the server by adding a signature that is formed with a secret key that is peculiar to the biometric authentication device; and the server device verifies the signature of the transmitted data by using an encrypting key that corresponds to the secret key peculiar to the biometric authentication device so as to check the result of biometric authentication that is conducted at the biometric authentication device by corresponding to the request under a guarantee of the biometric authentication device, and check the biometric authentication result under a guarantee of the device authentication unit based on the biometric authentication result that is checked under the guarantee of the biometric authentication device and the device certificate issued from the device authentication unit so as to confirm that it is the biometric authentication result corresponding to the request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An ID method for performing authentication by exchanging information between a server device and a biometric authentication device, the method comprising:
-
issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy from the device authentication unit; transmitting a request for biometric authentication including information that can identify the request to the biometric authentication device from the server device; transmitting the information that can identify the request, a user information and a biometric authentication result to the server by the biometric authentication device by giving a signature thereon with a secret key that is peculiar to the biometric authentication device; and verifying the signature of the transmitted data by the server device with using an encrypting key that corresponds to the secret key peculiar to the biometric authentication device, so as to check the result of biometric authentication that is conducted at the biometric authentication device by corresponding to the request under a guarantee of the biometric authentication device, and checking the biometric authentication result under a guarantee of the device authentication unit based on the biometric authentication result that is checked under the guarantee of the biometric authentication device and the device certificate issued from the device authentication unit so as to confirm that it is the biometric authentication result corresponding to the request. - View Dependent Claims (7)
-
-
8. A biometric authentication device for an ID system that includes a server and the biometric authentication device, comprising:
-
a hardware processer; and a memory storing instructions, wherein the hardware processor is configured by the instructions to; receive an authentication request including request identification information that can identify the authentication request from the server, read a template data related to a first biometric information, and a template information, receive a second biometric information from a biometric information input device, collate the second biometric information with the template data, apply a signature with an authentication information including a secret key corresponding to a key which the server stores on the request identification information, the template information making a pair with the template data, and a result of collation between the second biometric information and the template data, and transmit the signed authentication information to the server. - View Dependent Claims (9, 10)
-
Specification