Apparatus, system and method for authenticating personal identity, computer readable medium having personal identity authenticating program recorded thereon method of registering personal identity authenticating information, method of verifying personal identity authenticating information, and recording medium having personal identity authenticating information recorded thereon
First Claim
1. A personal identity authenticating apparatus, comprising:
- a read means for reading a registrant'"'"'s image data and identity data from a recording medium on which the two data are individually encrypted with two secret keys and then recorded, the secret keys belonging to two pairs of secret keys and public keys that are mapped to their identifiers at an authentication support station;
a decryption and checking means for decrypting the encrypted data with the public keys and for checking the decrypted data for consistency of its contents, each of the public keys being matched with said identifier;
an image confirmation means for presenting an image from the decrypted image data and for accepting a result of authentication; and
a permission means for granting permission according to the checking result of said decryption and checking means and the result of said image confirmation means.
1 Assignment
0 Petitions
Accused Products
Abstract
Conventional credit cards are exposed to risks that someone else signs in imitation of the signature of the cardholder or counterfeits the card, which is relatively easy to do. By the disclosed invention, a personal identity authenticating system of extremely high security for payment with an IC card or the like can be built. The registrant/cardholder and the registrar are assigned their specific identifiers and their secret keys and public keys are managed, mapped to the identifiers at the authentication support station (ASS). Personal identity to which the registrar identifier is attached is encrypted with the registrant/cardholder'"'"'s secret key. In addition, personal identity is embedded as an encrypted digital watermark into image data by means of the registrar'"'"'s secret key. Both encrypted identity data and watermarked image data are recorded on the IC card. When personal identity authentication is required, the encrypted identity data with the registrar identifier is decrypted with the cardholder'"'"'s public key which is obtained by requesting the ASS to supply it, according to the cardholder identifier specified with the request. Similarly, the registrar'"'"'s public key is obtained from the ASS by using the decrypted registrar identifier. By using the thus obtained registrar'"'"'s public key, the personal identity is also retrieved from the watermarked image data. Eventually, internal authentication is executed by matching between the separately obtained personal identity strings and checking the image data for falsification.
53 Citations
20 Claims
-
1. A personal identity authenticating apparatus, comprising:
-
a read means for reading a registrant'"'"'s image data and identity data from a recording medium on which the two data are individually encrypted with two secret keys and then recorded, the secret keys belonging to two pairs of secret keys and public keys that are mapped to their identifiers at an authentication support station;
a decryption and checking means for decrypting the encrypted data with the public keys and for checking the decrypted data for consistency of its contents, each of the public keys being matched with said identifier;
an image confirmation means for presenting an image from the decrypted image data and for accepting a result of authentication; and
a permission means for granting permission according to the checking result of said decryption and checking means and the result of said image confirmation means. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A personal identity authenticating system comprising:
-
an authentication support station at which secret key and public key pairs are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs;
a registry terminal which encrypts image data and identity data and writes encrypted data onto a recording medium; and
a personal identity authenticating terminal which reads the encrypted data from said recording medium, decrypts said image data and said identity data, and checks the decrypted data for consistency of its contents, wherein;
said registry terminal receives and stores the input of image data generated by capturing a part of the body of the registrant, and the input of the registrant'"'"'s identity data, encrypts the identity data with the registrant'"'"'s secret key and with the registrar'"'"'s secret key respectively, and writes the image data and encrypted identity data onto said recording medium of the registrant, said personal identity authenticating terminal decrypts the double encrypted data respectively with the registrant'"'"'s and registrar'"'"'s public keys which are obtained from said authentication support station by specifying either the registrant or registrar identifier and performs matching between both identity data decrypted with each public keys, and moreover presents a image from said image data and accepts the input of confirmation. - View Dependent Claims (8, 9, 10)
-
-
11. A method of authenticating personal identity, using secret key and public key pairs which are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs at an authentication support station, said method comprising:
-
encrypting image data and identity data and writing encrypted data onto a recording medium at a registry site; and
reading the encrypted data from said recording medium, decrypting said image data and said identity data, and checking the decrypted data for consistency of its contents at a personal identity authenticating site;
at the registry site, said method further comprising;
receiving and storing the input of image data generated by capturing a part of the body of the registrant;
receiving and storing the input of the registrant'"'"'s identity data;
encrypting the identity data with the registrant'"'"'s secret key;
encrypting the identity data with the registrar'"'"'s secret key; and
writing the image data and encrypted identity data onto said recording medium of the registrant;
at the personal identity authenticating site, said method further comprising;
decrypting the double encrypted data respectively with the registrant'"'"'s and registrar'"'"'s public keys which are obtained from said authentication support station by specifying the registrant or registrar identifier;
performing matching between both identity data decrypted with each public keys;
presenting a personal image from said image data; and
accepting the input of confirmation. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
12. A computer readable medium having a personal identity authenticating program recorded thereon, said program based on authentication using secret key and public key pairs which are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs at an authentication support station, said program comprising:
-
a subprogram to run on a registry workstation for encrypting image data and identity data and writing encrypted data onto a recording medium; and
a subprogram to run on a personal identity authenticating workstation for reading the encrypted data from said recording medium, decrypting said image data and said identity data, and checking the decrypted data for consistency of its contents;
said subprogram to run on a registry workstation comprising the functions of;
receiving and storing the input of image data generated by capturing a part of the body of the registrant;
receiving and storing the input of the registrant'"'"'s identity data;
encrypting the identity data with the registrant'"'"'s secret key;
encrypting the identity data with the registrar'"'"'s secret key; and
writing the image data and encrypted identity data onto said recording medium of the registrant;
said subprogram to run on a personal identity authenticating workstation comprising the functions of;
decrypting the double encrypted data respectively with the registrant'"'"'s and registrar'"'"'s public keys which are obtained from said authentication support station by specifying the registrant or registrar identifier;
performing matching between both identity data decrypted with each public keys;
presenting a personal image from said image data; and
accepting the input of confirmation.
-
-
13. A method of registering personal identity authenticating information, using secret key and public key pairs which are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs at an authentication support station, said method comprising:
-
receiving and storing the input of image data representing the peculiarity of a person, the registrant who will be the cardholder of an IC card;
receiving and storing the input of identity data of said registrant;
encrypting said image data and said identity data by means of the registrar'"'"'s secret key;
encrypting said identity data together with the registrar identifier by the registrant'"'"'s secret key; and
recording the encrypted data on the IC card, thus registering the identity of the registrant.
-
-
14. A method of verifying personal identity authenticating information, using secret key and public key pairs which are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs at an authentication support station, said method comprising:
-
obtaining the public key of the cardholder of an IC card from said authentication support station by specifying the cardholder identifier;
decrypting one encrypted data from the IC card with said public key, thereby retrieving the identity data and the registrar identifier;
obtaining the public key of the registrar from said authentication support station by specifying the registrar identifier;
decrypting the other encrypted data from the IC card with the registrar'"'"'s public key, thereby retrieving the identity data and image data;
checking the retrieved data for falsification; and
rendering the result of the check and the image data usable.
-
-
15. A recording medium having personal identity authenticating information recorded thereon, which is to have registrant image data and identity data recorded thereon, said identity data being encrypted with a secret key paired with a public key and with another secret key paired with another pubic key, using two pairs of secret keys and public keys which are managed such that each pair is mapped to the identifier thereof at an authentication support station
Specification