Data Communication Method and System

US 20070226516A1
Filed: 05/30/2005
Published: 09/27/2007
Est. Priority Date: 06/08/2004
Status: Active Grant

First Claim

Patent Images

1-38. -38. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Public-key cryptography is realized by means of PKI in which biometrics data, in which biological information of users is converted to numerical values, are used to authenticate users that transmit and receive data, and based on the biometrics data, identical secret keys (common secret keys) are generated in each of the user terminal devices that are used by the users without releasing the secret keys onto the network.

Citations

74 Claims

1-38. -38. (canceled)

42. A data communication method, said data communication method being of the public-key cryptography type for both authenticating users that transmit and receive data by way of a network and for encrypting said data for transmission and reception;
- said data communication method comprising the steps of;
  
  storing in advance biometrics data in which biological information of said users has been converted to numerical values as registration data in memory devices that are provided in user terminal devices used by said users;
  
  using biometrics acquisition devices to acquire biometrics data of said users;
  
  transmitting said registration data and inquiry data, which are biometrics data that have been acquired for authenticating said users from user terminal devices, that are used by the users, to a server device by way of a network;
  
  determining by means of said server device whether data in which bit sequence absolutely identical to inquiry data that have been received from said user terminal devices is present in a lapsed list which contains registered biometrics data that cannot be used;
  
  when data in which bit sequence absolutely identical to the inquiry data is not present in said lapsed list, determining whether data in which bit sequence absolutely identical to registered data that have been received is present in a database in which biometrics data for each user have been registered in advance; and
  
  when data in which bit sequence absolutely identical to the registration data is present in said database, authenticating the user of the user terminal device that has transmitted said registration data and said inquiry data as actually said user.
- View Dependent Claims (43, 44, 45, 46)
- - 43. The data communication method according to claim 42, wherein, when data in which bit sequence absolutely identical to inquiry data that have been received from said used terminal devices is not present in said lapsed list, the inquiry data is stored in said lapsed list by means of said server device.
  - 44. The data communication method according to claim 42, wherein:
    - each of said user terminal devices matches inquiry data that have been acquired by using said biometrics acquisition device with registration data that have been stored in advance in said memory device; and
      
      when the user of the user terminal device is authenticated as actually said user by means of said matching, said registration data and said inquiry data are transmitted to said server device.
  - 45. The data communication method according to claim 42, further comprising the steps of:
    - determining by means of said user terminal devices that registration data that have been stored in advance in said memory devices are data of poor quality that cannot be used in matching;
      
      when said registration data are not said data of poor quality, matching inquiry data that have been acquired by using said biometrics acquisition devices with registration data that have been stored in advance in said memory devices; and
      
      when the user of a user terminal device has been authenticated as actually said user by means of said matching, transmitting said registration data and said inquiry data to said server device;
      
      when said registration data are said data of poor quality, transmitting said registration data and said inquiry data to said server device.
  - 46. The data communication method according to claim 42, wherein:
    - based on said inquiry data and said registration data that have been received, said server device uses a prescribed function to calculate for each of said users similarity information indicating the degree of similarity between said inquiry data and said registration data and transmits to each user terminal device the similarity information of users that are the communication partners;
      
      based on the registration data that have been stored in advance in said memory device and on the inquiry data that have been acquired by using said biometrics acquisition device, each of said user terminal devices uses the same function as said server device to calculate its own user'"'"'s similarity information that indicates the degree of similarity between the registration data and inquiry data; and
      
      based on its own user'"'"'s similarity information that has been calculated and the similarity information of the user that is the communication partner that has been received from said server device, each of said user terminal devices uses a common function for each said user terminal device to generate a common secret key for decoding data that have been encrypted and transmitted from the user terminal device of said communication partner.

47. A data communication system, said data communication system being of the public-key cryptography type for both authenticating users that transmit and receive data by way of a network and for encrypting said data for transmission and reception, said data communication system comprising:
- user terminal devices;
  
  that are used by said users, that are each provided with a biometrics acquisition device for acquiring biometrics data in which biological information of said users has been converted to numerical values, that each use said biometrics acquisition device acquire biometrics data of users, and that each transmit the biometrics data that have been acquired as inquiry data for authenticating said users; and
  
  a PKI server device that;
  
  is provided with a database in which are registered in advance registration data, which are biometrics data of said users;
  
  upon receiving said inquiry data from said user terminal devices, based on said registration data and said inquiry data, uses a prescribed function to calculate for each of said users similarity information indicating the degree of similarity of said inquiry data and said registration data; and
  
  transmits to each user terminal device the registration data of the user that uses that user terminal device and the similarity information of the user that is the communication partner of the user of that user terminal device;
  
  wherein each said user terminal device;
  
  based on registration data that have been received from said PKI server device and on inquiry data that have been acquired using said biometrics acquisition device, uses the same function as said PKI server device to calculate its own user'"'"'s similarity information that indicates the degree of similarity between the registration data and the inquiry data; and
  
  , based on its own user'"'"'s similarity information that has been calculated and the similarity information of a user that is the communication partner that has been received from said PKI server device, uses a function that is common to each of said user terminal devices to generate a common secret key for decoding data that have been encrypted and transmitted from the user terminal device of said communication partner.
- View Dependent Claims (48, 49, 50)
- - 48. The data communication system according to claim 47, wherein said PKI server device determines whether or not the bit sequences of said registration data and said inquiry data are absolutely identical;
    - when the bit sequences of said registration data and said inquiry data are different, matches said inquiry data with said registration data; and
      
      when said matching is successful, authenticates the user of the user terminal device that transmitted said inquiry data as actually said user.
  - 49. The data communication system according to claim 48, wherein said PKI server device is provided with a lapsed list in which biometrics data that cannot be used are registered;
    - wherein, when the bit sequences of said registration data and said inquiry data are determined to be absolutely identical, the registration data of the user that uses the user terminal device that transmitted said inquiry data are registered in said lapsed list.
  - 50. The data communication system according to claim 47, wherein:
    - said PKI server device;
      
      based on said inquiry data and said registration data that have been received from said user terminal devices, uses a prescribed function to calculate for each said user similarity information indicating the degree of similarity between said inquiry data and said registration data, and transmits to each user terminal device the similarity information of the user that is the communication partner of the user of that user terminal device; and
      
      each of said user terminal devices;
      
      is provided with a memory device for storing, in advance as registration data, biometrics data of users that use the user terminal devices;
      
      based on registration data that have been stored in advance in said memory device and on inquiry data that have been acquired by using said biometrics acquisition device, uses the same function as said PKI server device to calculate its own user'"'"'s similarity information that indicates the degree of similarity between the registration data and the inquiry data; and
      
      based on its own user'"'"'s similarity information that has been calculated and the similarity information of a user that is the communication partner that has been received from said PKI server device, uses a function that is common with each of said user terminal devices to generate a common secret key for decoding data that have been encrypted and transmitted from the user terminal device of said communication partner.

51. A data communication system, said data communication system being of the public-key cryptography type for both authenticating users that transmit and receive data by way of a network and for encrypting said data for transmission and reception, said data communication system comprising:
- user terminal devices;
  
  that are each used by said users;
  
  that are each provided with a biometrics acquisition device for acquiring biometrics data in which biological information of said users have been converted to numerical values, and a memory device for storing the biometrics data of users in advance as registration data; and
  
  that each use said biometrics acquisition device to acquire the biometrics data of users and to transmit biometrics data that have been acquired as inquiry data for authenticating said users; and
  
  a PKI server device;
  
  that is provided with;
  
  a database in which the biometrics data of each of said users are registered in advance, and a lapsed list in which biometrics data that cannot be used are registered;
  
  that, upon receiving said inquiry data and registration data from said user terminal devices, determines whether data in which bit sequence absolutely identical to inquiry data that have been received from said user terminal device is present in said lapsed list;
  
  that, when data in which bit sequence absolutely identical to said inquiry data is not present in said lapsed list, determines whether data in which bit sequence absolutely identical to registration data that have been received from said user terminal device is present in said database; and
  
  that, when data in which bit sequence absolutely identical to registration data is present in said database, authenticates the user of the user terminal device that transmitted said registration data and said inquiry data as actually said user.
- View Dependent Claims (52, 53, 54, 55)
- - 52. The data communication system according to claim 51, wherein, when data in which bit sequence absolutely identical to inquiry data that have been received from said user terminal device is not present in said lapsed list, said PKI server device stores the inquiry data in said lapsed list.
  - 53. The data communication system according to claim 51, wherein said user terminal devices each match inquiry data that have been acquired using said biometrics acquisition device with registration data that have been stored in advance in said memory device;
    - and when the user of a user terminal device has been authenticated as actually said user by means of said matching, the user terminal device transmits said registration data and said inquiry data to said PKI server device.
  - 54. The data communication system according to claim 51, wherein each of said user terminal devices:
    - determines whether or not registration data that have been stored in advance in said memory device are data of poor quality that cannot be used in matching;
      
      when said registration data are not said data of poor quality, matches inquiry data that have been acquired using said biometrics acquisition device with registration data that have been stored in advance in said memory device; and
      
      when the user of the user terminal device is authenticated as actually said user by means of said matching, transmits said registration data and said inquiry data to said PKI server device; and
      
      when said registration data are said data of poor quality, transmits said registration data and said inquiry data to said server device.
  - 55. The data communication system according to claim 51, wherein:
    - said PKI server device, based on said inquiry data and said registration data that have been received from said user terminal devices, uses a prescribed function to calculate for each of said users similarity information that indicates the degree of similarity between said inquiry data and said registration data, and transmits to each user terminal device the similarity information of the user that is the communication partner of the user of that user terminal device; and
      
      each of said user terminal devices;
      
      based on registration data that have been stored in advance in said memory device and inquiry data that have been acquired using said biometrics acquisition device, uses the same function as said PKI server device to calculate its own user'"'"'s similarity information that indicates the degree of similarity between the registration data and the inquiry data, and based on its own user'"'"'s similarity information that has been calculated and similarity information of a user that is the communication partner that has been received from said PKI server device, uses a common function for each said user terminal device to generate a common secret key for decoding data that have been encrypted and transmitted from the user terminal device of said communication partner.

56. A server device for realizing data communication of the public key type for both authenticating users that transmit and receive data by way of a network and for encrypting said data for transmission and reception, said server device comprising:
- a data storage device provided with a database in which registration data are registered in advance, these registration data being biometrics data in which biological information of said users has been converted to numerical values; and
  
  a processor for;
  
  upon receiving inquiry data, which are biometrics data for authenticating a user, from a user terminal device used by a said user, based on said inquiry data and said registration data, uses a prescribed function to calculate for each of said users similarity information that indicates the degree of similarity between said inquiry data and said registration data; and
  
  transmits to each user terminal device the registration data of the user that uses that user terminal device and similarity information of the user that is the communication partner of the user of that user terminal device.
- View Dependent Claims (57, 58, 59)
- - 57. The server device according to claim 56, wherein said processor determines whether or not the bit sequences of said registration data and said inquiry data are absolutely identical;
    - when the bit sequences of said registration data and said inquiry data are different, matches said inquiry data with said registration data; and
      
      when said matching is successful, authenticates the user of the user terminal device that transmitted said inquiry data as actually said user.
  - 58. The server device according to claim 57, wherein:
    - said data storage device is further provided with a lapsed list for registering biometrics data that cannot be used; and
      
      when said processor determines that the bit sequences of said registration data and said inquiry data are absolutely identical, said processor stores the registration data of the user that uses the user terminal device that transmitted said inquiry data in said lapsed list.
  - 59. The server device according to claim 56, wherein said processor:
    - based on said inquiry data and said registration data that have been received from said user terminal devices, uses a prescribed function to calculate for each of said users similarity information that indicates the degree of similarity between said inquiry data and said registration data; and
      
      transmits to each user terminal device the similarity information of the user that is the communication partner of the user of that user terminal device.

60. A server device for realizing data communication of the public-key cryptography type for both authenticating users that transmit and receive data by way of a network and for encrypting said data for transmission and reception, said server device comprising:
- a data storage device provided with a database in which are registered in advance registration data, which are biometrics data in which biological information of said users has been converted to numerical values, and a lapsed list in which are registered biometrics data that cannot be used; and
  
  a processor for;
  
  upon receiving, from a user terminal device used by a said user, inquiry data that are biometrics data for authenticating the user and registration data that are biometrics data that have been registered in advance in said user terminal device, determining whether or not data in which bit sequence absolutely identical to the inquiry data that have been received from said user terminal device is present in said lapsed list;
  
  when data in which bit sequence absolutely identical to the inquiry data is not present in said lapsed list, determining whether or not data in which bit sequence absolutely identical to registration data that have been received from said user terminal device is present in said database; and
  
  when data in which bit sequence absolutely identical to the registration data is present in said database, authenticating the user of the user terminal device that transmitted said registration data and said inquiry data as actually said user.
- View Dependent Claims (61, 62)
- - 61. The server device according to claim 60, wherein when data in which bit sequence absolutely identical to the inquiry data that have been received from said user terminal device is not present in said lapsed list, said processor stores the inquiry data in said lapsed list.
  - 62. The server device according to claim 60, wherein said processor:
    - based on said inquiry data and said registration data that have been received from said user terminal device, uses a prescribed function to calculate for each user similarity information indicating the degree of similarity between said inquiry data and said registration data; and
      
      transmits to each user terminal device the similarity information of the user that is the communication partner of the user of that user terminal device.

63. A computer readable recording medium storing a program for realizing, by means of a computer, data communication of the public-key cryptography type for both authenticating users that transmit and receive data by way of a network and encrypting said data for transmission and reception, wherein said program causes said computer to execute processes of:
- when said computer receives, from user terminal devices used by said users, inquiry data, which are biometrics data for authenticating the users in which biological information of the users has been converted to numerical values, based on registration data which are biometrics data of said users that have been registered in advance in a database and said inquiry data, using a prescribed function to calculate for each of said users similarity information indicating the degree of similarity between said inquiry data and said registration data; and
  
  transmitting to each user terminal device the registration data of the user that uses that user terminal device and the similarity information of a user that is the communication partner of the user of that user terminal device.
- View Dependent Claims (64, 65, 66)
- - 64. The computer readable recording medium storing a program according to claim 63, wherein said program causes said computer to further execute processes of:
    - determining whether the bit sequences of said inquiry data is absolutely identical to that of said registration data;
      
      when the bit sequences of said registration data and said inquiry data are different, matching said inquiry data with said registration data; and
      
      when said matching is successful, authenticating the user of the user terminal device that transmitted said inquiry data as actually said user.
  - 65. The computer readable recording medium storing a program according to claim 64, wherein said program causes said computer to further execute processes of:
    - when the bit sequences of said registration data and said inquiry data are determined to be absolutely identical, storing the registration data of the user that uses the user terminal device that transmitted said inquiry data in a lapsed list in which are registered biometrics data that cannot be used.
  - 66. The computer readable recording medium storing a program according to claim 63, wherein said program causes said computer to further execute processes of:
    - based on said inquiry data and said registration data that have been received from said user terminal device, using a prescribed function to calculate for each of said users similarity information indicating the degree of similarity between said inquiry data and said registration data; and
      
      transmitting to each user terminal device the similarity information of the user that is the communication partner of the user of that user terminal device.

67. A computer readable recording medium storing a program for realizing, by means of a computer, data communication of the public-key cryptography type for both authenticating users that transmit and receive data by way of a network and for encrypting said data for transmission and reception, said program causing said computer to execute processes of:
- when said computer receives, from a user terminal device that is used by a said user, inquiry data that are biometrics data of the users and registration data that are biometrics data that have been registered in advance in said user terminal devices, determining whether or not data of absolutely identical bit sequence as the registration data that have been received from said user terminal device are present in a lapsed list which contains stored biometrics data that cannot be used;
  
  when data in which bit sequence absolutely identical to the inquiry data is not present in said lapsed list, determining whether or not data of a bit sequence absolutely identical to the registration data that have been received from said user terminal device is present in said database; and
  
  when data in which bit sequence absolutely identical to the registration data is present in said database, authenticating the user of the user terminal device that transmitted said registration data and said inquiry data as actually said user.
- View Dependent Claims (68, 69)
- - 68. The computer readable recording medium storing a program according to claim 67, wherein said program causes said computer to further execute a process of:
    - when data in which bit sequence absolutely identical to the inquiry data that have been received from said user terminal device is present in said lapsed list, storing said inquiry data in said lapsed list by means of said server device.
  - 69. The computer readable recording medium storing a program according to claim 67, wherein said program causes said computer to further execute processes of:
    - based on said inquiry data and said registration data that have been received from said user terminal devices, using a prescribed function to calculate for each of said users similarity information indicating the degree of similarity between said inquiry data and said registration data; and
      
      transmitting to each user terminal device similarity information of the user that is the communication partner of the user of that user terminal device.

70. A terminal device used by a user for transmitting and receiving data that have been encrypted by means of public-key cryptography by way of a network, said terminal device comprising:
- a biometrics acquisition device for acquiring biometrics data in which biological information of said user has been converted to numerical values; and
  
  a processor for using said biometrics acquisition device to acquire biometrics data of the user and transmitting the biometrics data, that have been acquired as inquiry data for authenticating said user, to a server device.
- View Dependent Claims (71, 72, 73, 74)
- - 71. The terminal device according to claim 70, wherein said processor:
    - based on registration data that are biometrics data of its own user that have been registered in advance in said server device and that have been received from said server device and inquiry data that have been acquired using said biometrics acquisition device, uses a prescribed function to calculate its own user'"'"'s similarity information that indicates the degree of similarity between said registration data and said inquiry data; and
      
      based on its own user'"'"'s similarity information that has been calculated and similarity information of a user that is the communication partner that has been received from said server device, uses a function common to each of said terminal devices to generate a common secret key for decoding data that have been encrypted and transmitted from the terminal device that is used by said communication partner.
  - 72. The terminal device according to claim 70, further comprising a memory device for storing in advance as registration data biometrics data of its own user that uses said terminal device, wherein said terminal device:
    - based on registration data that have been stored in advance in said memory device and inquiry data that have been acquired using said biometrics acquisition device, uses a prescribed function to calculate its own user'"'"'s similarity information that indicates the degree of similarity between said registration data and said inquiry data; and
      
      based on its own user'"'"'s similarity information that has been calculated and similarity information of a user that is the communication partner that has been received from said server device, uses a function that is common to each of said terminal devices to generate a common secret key for decoding data that have been encrypted and transmitted from the terminal device that is used by said communication partner.
  - 73. The terminal device according to claim 72, wherein said processor:
    - determines whether or not the registration data that have been stored in advance in said memory device are data of poor quality that cannot be used in matching;
      
      when said registration data are not said data of poor quality, matches inquiry data that have been acquired using said biometrics acquisition device with registration data that have been stored in advance in said memory device; and
      
      when the user of the terminal device has been authenticated as actually said user by means of said matching, transmits said registration data and said inquiry data to said server device.
  - 74. The terminal device according to claim 73, wherein when said registration data are said data of poor quality, said processor transmits said registration data and said inquiry data to said server device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Kubota, Tomoki, Hiratsuka, Seiichi

Granted Patent

US 8,086,868 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

H04L 9/006   involving public key infras...

H04L 9/0866   involving user or device id...

H04L 9/3231   Biological data, e.g. finge...

Data Communication Method and System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

74 Claims

Specification

Solutions

Use Cases

Quick Links

Data Communication Method and System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

74 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links