Person authentication application data processing system, person authentication application data processing method, information processing apparatus, and program providing medium

US 20020026427A1
Filed: 08/30/2001
Published: 02/28/2002
Est. Priority Date: 08/31/2000
Status: Abandoned Application

First Claim

Patent Images

1. A person authentication application data processing system for performing a person authentication process based on a verification process between a template extracted from a person identification certificate in which the template which is person identification data of an individual user who uses an information processing apparatus and user input sampling information, said person authentication application data processing system comprising:

an information processing apparatus as a person authentication execution entity; and

a person identification certificate authority as a person identification certificate issuing entity, wherein said information processing apparatus performs a process of retrieving a person identification certificate used for a person authentication process based on user input information, and outputs a request for issuing a person identification certificate to the person identification certificate authority when a person identification certificate corresponding to the user input information cannot be extracted, said person identification certificate authority creates a person identification certificate in which an encrypted template which can be decrypted in said information processing apparatus and performs an issuing process for the information processing apparatus, and said information processing apparatus performs a process for storing the person identification certificate issued from said person identification certificate authority in the storage means of the information processing apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided which allows a person authentication process to be performed in a device in which a person identification certificate used for person authentication is not stored. A device for performing a process for requesting person authentication performs a process for retrieving a person identification certificate used for a person authentication process on the basis of user input information with device-stored data being used as the retrieval target, outputs a request for issuing a person identification certificate after mutual authentication with the person identification certificate authority which is a person identification certificate issuing entity, obtains the certificate from the person identification certificate authority, and stores the certificate. The certificate is stored in a template encrypted using a public key of the device or a user, and can be used in the device which receives the certificate.

122 Citations

27 Claims

1. A person authentication application data processing system for performing a person authentication process based on a verification process between a template extracted from a person identification certificate in which the template which is person identification data of an individual user who uses an information processing apparatus and user input sampling information, said person authentication application data processing system comprising:
- an information processing apparatus as a person authentication execution entity; and
  
  a person identification certificate authority as a person identification certificate issuing entity, wherein said information processing apparatus performs a process of retrieving a person identification certificate used for a person authentication process based on user input information, and outputs a request for issuing a person identification certificate to the person identification certificate authority when a person identification certificate corresponding to the user input information cannot be extracted, said person identification certificate authority creates a person identification certificate in which an encrypted template which can be decrypted in said information processing apparatus and performs an issuing process for the information processing apparatus, and said information processing apparatus performs a process for storing the person identification certificate issued from said person identification certificate authority in the storage means of the information processing apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A person authentication application data processing system according to claim 1, wherein, in the process for storing the newly obtained person identification certificate in the storage means, when said newly obtained person identification certificate is a person identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus, said information processing apparatus performs a process for creating pair information of identifiers of each certificate and stores the pair information in the storage means.
  - 3. A person authentication application data processing system according to claim 1, further comprising a certificate authority as a public key certificate issuing entity, wherein, said information processing apparatus performs a process for retrieving a public key certificate used during data communication with an external apparatus with stored data of the storage means of the information processing apparatus being used as the retrieval target on the basis of the user input information, creates a pair of a public key and a secret key when the applicable public key certificate cannot be extracted, transmits the created public key to the certificate authority which is the issuing entity of the public key certificate and makes a request for issuing a person identification certificate, said certificate authority performs a process for issuing a public key certificate corresponding to an individual user or a public key certificate corresponding to said information processing apparatus, and said information processing apparatus performs a process for storing the public key certificate issued from said certificate authority in the storage means of the information processing apparatus.
  - 4. A person authentication application data processing system according to claim 3, wherein, in the process for storing the newly obtained person identification certificate in the storage means, when said newly obtained person identification certificate is a person identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus, said information processing apparatus performs a process for creating pair information of identifiers of each certificate and stores the pair information in the storage means.
  - 5. A person authentication application data processing system according to claim 3, wherein, in the process for storing the newly obtained person identification certificate in the storage means, when said newly obtained person identification certificate is a person identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus, said information processing apparatus performs a process for creating pair information of identifiers of each certificate, stores the pair information in the storage means, and registers together a process identifier which identifies a process such as services to be used.
  - 6. A person authentication application data processing system according to claim 1, further comprising a service distribution construction in which various services such as content distribution can be received from a service provider under the control of a service registration server on the condition of user registration for the service registration server, wherein said information processing apparatus performs a person authentication process based on a verification process between the template extracted from the person identification certificate in which the template which is person identification data of an individual user who uses the information processing apparatus is stored and user input sampling information and performs user registration for said service registration server on the condition that person authentication is established.
  - 7. A person authentication application data processing system according to claim 1, further comprising a service distribution construction in which various services such as content distribution can be received from a service provider under the control of the service registration server on the condition of user registration for the service registration server, wherein said information processing apparatus performs mutual authentication with said service provider by using a public key certificate corresponding to an individual user or a public key certificate corresponding to said information processing apparatus in a process for receiving service distribution from said service provider, and said service provider provides services for said information processing apparatus on the condition that it is confirmed that the public key certificate used for said mutual authentication corresponds to an authorized user or device registered in said service registration server and said mutual authentication is established.
  - 8. A person authentication application data processing system according to claim 1, wherein data communication between said information processing apparatus as a person authentication execution entity and the person identification certificate authority as a person identification certificate issuing entity is performed on the condition that the mutual authentication process is established.
  - 9. A person authentication application data processing system according to claim 1, wherein, for data communication between said information processing apparatus as a person authentication execution entity and the person identification certificate authority as a person identification certificate issuing entity, a data transmission part performs a process for creating an electronic signature for transmission data, and a receiving part performs a process for verifying the electronic signature.
  - 10. A person authentication application data processing system according to claim 1, wherein an encryption key used to encrypt the template stored in the person identification certificate issued from said person identification certificate authority is a public key which is set for said information processing apparatus or an individual user.
  - 11. A person authentication application data processing system according to claim 1, wherein said template is biometric information of a person such as fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information, or a non-biometric information such as a seal, a passport, a driver'"'"'s license, and a card, or any combination of two or more of the biometric information and the non-biometric information, or a combination of any of the information and a password.
  - 13. A person authentication application data processing method according to claim 12, wherein, in the process for storing the newly obtained personal identification certificate in the storage means, when said newly obtained person identification certificate is a person identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus, said information processing apparatus performs a process for creating pair information of identifiers of each certificate and storing the pair information in the storage means.
  - 14. A person authentication application data processing method according to claim 12, further comprising:
    - a step for providing a certificate authority as a public key certificate issuing entity;
      
      a step in which said information processing apparatus performs a process for retrieving a public key certificate used during data communication with an external apparatus with stored data of the storage means of the information processing apparatus being used as the retrieval target on the basis of the user input information, creates a pair of a public key and a secret key when the corresponding public key certificate cannot be extracted, transmits the created public key to the certificate authority which is the issuing entity of the public key certificate;
      
      a step in which said certificate authority performs a process for issuing a public key certificate corresponding to an individual user or a public key certificate corresponding to said information processing apparatus; and
      
      a step in which said information processing apparatus performs a process for storing the public key certificate issued from said certificate authority in the storage means of the information processing apparatus.
  - 15. A person authentication application data processing method according to claim 14, wherein, in the process for storing the newly obtained personal identification certificate in the storage mean, when said newly obtained personal identification certificate is a personal identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus, said information processing apparatus performs a process for creating pair information of identifiers of each certificate and for storing the pair information in the storage means.
  - 16. A person authentication application data processing method according to claim 14, wherein, in the process for storing the newly obtained personal identification certificate in the storage means, when said newly obtained person identification certificate is a person identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus, said information processing apparatus performs a process for creating pair information of identifiers of each certificate, storing the pair information in the storage means, and registering together a process identifier which identifies a process such as services to be used.
  - 17. A person authentication application data processing method according to claim 12, further comprising:
    - a step for providing a service distribution construction in which various services such as content distribution can be received from a service provider under the control of a service registration server on the condition of user registration for the service registration server; and
      
      a step in which said information processing apparatus performs a person authentication process based on a verification process between a template extracted from the person identification certificate in which the template which is person identification data of an individual user who uses the information processing apparatus is stored and the user input sampling information, and performs user registration for said service registration server on the condition that person authentication is established.
  - 18. A person authentication application data processing method according to claim 12, further comprising:
    - a step for providing a service distribution construction in which various services such as content distribution can be received from a service provider under the control of a service registration server on the condition of user registration for the service registration server;
      
      a step in which, in a process for receiving service distribution from said service provider, said information processing apparatus performs mutual authentication with said service provider by using a public key certificate corresponding to an individual user who uses the information processing apparatus or a public key certificate corresponding to said information processing apparatus; and
      
      a step in which said service provider provides services for said information processing apparatus on the condition that it is confirmed that the public key certificate used for said mutual authentication corresponds to an authorized user or device registered in said service registration server and said mutual authentication is established.
  - 19. A person authentication application data processing method according to claim 12, wherein data communication between said information processing apparatus as a person authentication execution entity and the person identification certificate authority as a person identification certificate issuing entity is performed on the condition that the mutual authentication process is established.
  - 20. A person authentication application data processing method according to claim 12, wherein, for data communication between said information processing apparatus as a person authentication execution entity and the person identification certificate authority as a person identification certificate issuing entity, a data transmission part performs a process for creating an electronic signature for transmission data, and a receiving part performs a process for verifying the electronic signature.
  - 21. A person authentication application data processing method according to claim 12, wherein an encryption key used to encrypt the template stored in the person identification certificate issued from said person identification certificate authority is a public key which is set for said information processing apparatus or an individual user.

12. A person authentication application data processing method for performing a person authentication process based on a verification process between a template extracted from a person identification certificate in which a template which is person identification data of an individual user who uses an information processing apparatus and user input sampling information, said person authentication application data processing method comprising:
- a step for providing an information processing apparatus as a person authentication execution entity and a person identification certificate authority as a person identification certificate issuing entity;
  
  a step in which said information processing apparatus performs a process of retrieving a person identification certificate used for a person authentication process based on user input information, and outputs a request for issuing a person identification certificate to the person identification certificate authority which is a person identification certificate issuing entity when a person identification certificate corresponding to the user input information cannot be extracted;
  
  a step in which said person identification certificate authority creates a person identification certificate in which an encoded template which can be decrypted in said information processing apparatus is stored and performs an issuing process for the information processing apparatus; and
  
  a step in which said information processing apparatus performs a process for storing the person identification certificate issued from said person identification certificate authority in the storage means of the information processing apparatus.

22. An information processing apparatus for performing a person authentication process based on a verification process between a template extracted from a person identification certificate in which the template which is person identification data of an individual user who uses the information processing apparatus is stored and user input sampling information, wherein said information processing apparatus performs a process for retrieving a person identification certificate used for a person authentication process based on user input information with stored data of the information processing apparatus being used as the retrieval target, outputs a request for issuing a person identification certificate to a person identification certificate authority which is a person identification certificate issuing entity when a person identification certificate corresponding to the user input information cannot be extracted, and stores the person identification certificate issued from the person identification certificate authority in the storage means of the information processing apparatus.
- View Dependent Claims (23, 24, 25, 26)
- - 23. An information processing apparatus according to claim 22, wherein, in the process for storing the newly obtained personal identification certificate in the storage means, when said newly obtained person identification certificate is a person identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus, said information processing apparatus performs a process for creating pair information of identifiers of each certificate and for storing the pair information in the storage means.
  - 24. An information processing apparatus according to claim 22, wherein said information processing apparatus performs a process for retrieving a public key certificate used for data communication with an external apparatus with stored data of the storage means of the information processing apparatus being used as the retrieval target on the basis of user input information, creates a pair of a public key and a secret key when a corresponding public key certificate cannot be extracted, transmits the created public key to the certificate authority which is a public key certificate issuing entity, makes a request for issuing a public key certificate, and performs a process for storing the public key certificate issued from said certificate authority in the storage means of the information processing apparatus.
  - 25. An information processing apparatus according to claim 24, wherein, in the process for storing the newly obtained personal identification certificate in the storage means, when said newly obtained person identification certificate is a person identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus, said information processing apparatus performs a process for creating pair information of identifiers of each certificate and stores the pair information in the storage means.
  - 26. An information processing apparatus according to claim 24, wherein, in the process for storing the newly obtained personal identification certificate in the storage means, when said newly obtained person identification certificate is a person identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus, said information processing apparatus performs a process for creating pair information of identifiers of each certificate, stores the pair information in the storage means, and registers together a process identifier which identifies a process such as services to be used.

27. A program providing medium for providing a computer program for causing a person application authentication data process for performing a person authentication process to be performed in a computer system based on a verification process between a template extracted from a person identification certificate in which the template which is person identification data of an individual user who uses an information processing apparatus and user input sampling information, said computer program comprising:
- a step for retrieving a person identification certificate used for a person authentication process based on the user input information;
  
  a step for outputting a request for issuing a person identification certificate to a person identification certificate authority which is a person identification certificate issuing entity when a person identification certificate corresponding to the user input information cannot be extracted;
  
  a step for creating pair information of identifiers of each certificate when said person identification certificate issued from said person identification certificate authority is a person identification certificate corresponding to the same user for an existing public key certificate which has already been stored in said information processing apparatus; and
  
  a step for storing the pair information in the storage means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Ishibashi, Yoshihito, Watanabe, Hideaki, Matsuyama, Shinako, Futamura, Ichiro, Kon, Masashi

Application Number

US09/944,501
Publication Number

US 20020026427A1
Time in Patent Office

Days
Field of Search
US Class Current

705/67
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/40   by quorum, i.e. whereby two...

G06F 2221/2115   Third party

G06Q 20/3674   involving authentication

Person authentication application data processing system, person authentication application data processing method, information processing apparatus, and program providing medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

122 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Person authentication application data processing system, person authentication application data processing method, information processing apparatus, and program providing medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others