ID system and program, and ID method

US 10,142,114 B2
Filed: 07/24/2015
Issued: 11/27/2018
Est. Priority Date: 02/15/2006
Status: Active Grant

First Claim

Patent Images

1. An ID system comprising a server device, a biometric authentication device, and a device authentication unit, wherein:

the device authentication unit issues a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy;

the server device transmits a biometric authentication request including information that can identify the request to the biometric authentication device;

the biometric authentication device transmits the information that can identify the request, a user information and a biometric authentication result to the server by adding a signature that is formed with a secret key that is peculiar to the biometric authentication device; and

the server device verifies the signature of the transmitted data by using an encrypting key that corresponds to the secret key peculiar to the biometric authentication device so as to check the result of biometric authentication that is conducted at the biometric authentication device by corresponding to the request under a guarantee of the biometric authentication device, and check the biometric authentication result under a guarantee of the device authentication unit based on the biometric authentication result that is checked under the guarantee of the biometric authentication device and the device certificate issued from the device authentication unit so as to confirm that it is the biometric authentication result corresponding to the request.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

[PROBLEMS] To appropriately authenticate a user, a biometric device, and an authentication timing of a client side and prevent leak or tampering of the biometric information.

[MEANS FOR SOLVING PROBLEMS] A server device includes: a unit for encrypting information for requesting biometric authentication and identifying the request by using a public key of the biometric authentication device and transmitting the information; and a unit for authenticating the user according to the authentication information containing the result of the biometric authentication. The biometric authentication device includes: a unit for inputting biometric information; a unit for storing a template as biometric information registered in advance together with the user information; a unit for collating the biometric information inputted by the user with the template; a unit for adding a digital signature to the authentication information containing the collation result, information for identifying the request from the server device, and the template user information, by using a secret key of the local device and transmitting the authentication information to the server device.

Citations

10 Claims

1. An ID system comprising a server device, a biometric authentication device, and a device authentication unit, wherein:
- the device authentication unit issues a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy;
  
  the server device transmits a biometric authentication request including information that can identify the request to the biometric authentication device;
  
  the biometric authentication device transmits the information that can identify the request, a user information and a biometric authentication result to the server by adding a signature that is formed with a secret key that is peculiar to the biometric authentication device; and
  
  the server device verifies the signature of the transmitted data by using an encrypting key that corresponds to the secret key peculiar to the biometric authentication device so as to check the result of biometric authentication that is conducted at the biometric authentication device by corresponding to the request under a guarantee of the biometric authentication device, and check the biometric authentication result under a guarantee of the device authentication unit based on the biometric authentication result that is checked under the guarantee of the biometric authentication device and the device certificate issued from the device authentication unit so as to confirm that it is the biometric authentication result corresponding to the request.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The ID system as claimed in claim 1, whereinthe server device comprises:
    - a unit which requests individual authentication based on biometric information to the biometric authentication device, encrypts information for identifying the request with a public key of the biometric authentication device, and transmits the encrypted information to the biometric authentication device; and
      
      a unit which makes authentication judgment on a user based on authentication information including a result of the individual authentication, andthe biometric authentication device comprises;
      
      an input device which inputs biometric information of the user;
      
      a storage device which stores user information along with a template that is biometric information registered in advance and the secret key corresponding to the public key;
      
      a unit which collates the template with the biometric information inputted in response to a request for individual authentication sent from the server device; and
      
      a unit which adds an electronic signature with the secret key on the authentication information that includes a result of the collation, the information for identifying the request from the server device, and the user information of the template, and transmits the authentication information to the server device.
  - 3. The ID system as claimed in claim 2, wherein:
    - the biometric authentication device comprises a unit which finds hash values of programs of the device itself as the verification information, andtransmits the verification information for verifying appropriateness of operations of the device itself to the server device; and
      
      the server device comprises a unit which verifies the appropriateness of the operations of the biometric authentication device based on the verification information from the biometric authentication device.
  - 4. The ID system as claimed in claim 2, wherein:
    - the biometric authentication device comprises a unit which reads out each template of a plurality of users in order for the collation from the storage device, and applies the user information of the template that corresponds to the biometric information inputted from the input device to the authentication information.
  - 5. The ID system as claimed in claim 2, wherein the server device generates random numbers as the information for identifying the request for performing individual authentication sent to the biometric authentication device.

6. An ID method for performing authentication by exchanging information between a server device and a biometric authentication device, the method comprising:
- issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy from the device authentication unit;
  
  transmitting a request for biometric authentication including information that can identify the request to the biometric authentication device from the server device;
  
  transmitting the information that can identify the request, a user information and a biometric authentication result to the server by the biometric authentication device by giving a signature thereon with a secret key that is peculiar to the biometric authentication device; and
  
  verifying the signature of the transmitted data by the server device with using an encrypting key that corresponds to the secret key peculiar to the biometric authentication device, so as to check the result of biometric authentication that is conducted at the biometric authentication device by corresponding to the request under a guarantee of the biometric authentication device, and checking the biometric authentication result under a guarantee of the device authentication unit based on the biometric authentication result that is checked under the guarantee of the biometric authentication device and the device certificate issued from the device authentication unit so as to confirm that it is the biometric authentication result corresponding to the request.
- View Dependent Claims (7)
- - 7. The ID method as claimed in claim 6, comprising:
    - requesting individual authentication based on biometric information to a biometric authentication device that is connected to be communicable with a device itself, encrypting information for identifying the request with a public key of the biometric authentication device, and transmitting the encrypted information to the biometric authentication device;
      
      making authentication judgment on a user based on authentication information including a result of the individual authentication, andinputting biometric information of the user;
      
      storing user information along with a template that is biometric information registered in advance and the secret key corresponding to the public key;
      
      collating the biometric information inputted to the device itself in response to a request for individual authentication sent from the server device with a template that is biometric information stored to a storage device of the device itself along with user information;
      
      adding an electronic signature on authentication information that includes a result of the collation, the information for identifying the request from the server device, and the user information of the template with a secret key that is stored in advance in the storage device of the device itself, andtransmitting the authentication information to the server device; and
      
      performing authentication judgment on the user based on the authentication information.

8. A biometric authentication device for an ID system that includes a server and the biometric authentication device, comprising:
- a hardware processer; and
  
  a memory storing instructions,wherein the hardware processor is configured by the instructions to;
  
  receive an authentication request including request identification information that can identify the authentication request from the server,read a template data related to a first biometric information, and a template information,receive a second biometric information from a biometric information input device,collate the second biometric information with the template data,apply a signature with an authentication information including a secret key corresponding to a key which the server stores on the request identification information, the template information making a pair with the template data, and a result of collation between the second biometric information and the template data, andtransmit the signed authentication information to the server.
- View Dependent Claims (9, 10)
- - 9. The biometric authentication device according to claim 8,wherein the hardware processor is configured by the further instructions to:
    - transmit a device certification of the biometric authentication device to the server.
  - 10. The biometric authentication device according to claim 8,wherein the template information includes an electronic signature of the user or a certificate as the user information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Monden, Akira
Primary Examiner(s)
Hoffman, Brandon S
Assistant Examiner(s)
Anderson, Michael D

Application Number

US14/808,301
Publication Number

US 20150333911A1
Time in Patent Office

1,222 Days
Field of Search

713169
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/32   using biometric data, e.g. ...

H04L 63/0861   using biometrical features,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

ID system and program, and ID method

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

ID system and program, and ID method

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links