Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method, and program
First Claim
1. A key storage device comprising:
- a receiving unit for receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a terminal that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by the key storage device in which the template encryption key is stored;
a key information storage unit for restoring the template encryption key and the authentication key from the package data received by the receiving unit, and for storing the template encryption key and the authentication key in a tamper resistant non-volatile memory;
a mutual authentication unit for performing, in case a request for use of the template encryption key is received from the terminal, mutual authentication with the terminal by using authentication information that is based on the authentication key stored in the non-volatile memory; and
a key state management unit for placing, in case the mutual authentication by the mutual authentication unit succeeds, the template encryption key stored in the non-volatile memory in a state usable by the terminal.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided is a key storage device including a receiving unit for receiving package data that includes a template key for decrypting an encrypted template and an authentication key that is used for authentication performed with a terminal that uses the template key and the package data being in a data format that allows restoration only by the key storage device, a key information storage unit for restoring the template key and the authentication key, and for storing the template key and the authentication key in a tamper resistant non-volatile memory, a authentication unit for performing, in case a request for use of the template key is received from the terminal, authentication with the terminal by using authentication information that is based on the authentication key, and a key state management unit for placing, in case the authentication succeeds, the template key in a state usable by the terminal.
-
Citations
14 Claims
-
1. A key storage device comprising:
-
a receiving unit for receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a terminal that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by the key storage device in which the template encryption key is stored; a key information storage unit for restoring the template encryption key and the authentication key from the package data received by the receiving unit, and for storing the template encryption key and the authentication key in a tamper resistant non-volatile memory; a mutual authentication unit for performing, in case a request for use of the template encryption key is received from the terminal, mutual authentication with the terminal by using authentication information that is based on the authentication key stored in the non-volatile memory; and a key state management unit for placing, in case the mutual authentication by the mutual authentication unit succeeds, the template encryption key stored in the non-volatile memory in a state usable by the terminal. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A biometric authentication device comprising:
-
a biometric information acquisition unit for capturing an image of a biometric pattern, and for acquiring biometric information for biometric authentication; an encrypted template acquisition unit for acquiring an encrypted template for biometric authentication; a mutual authentication unit for acquiring authentication information that is used at a time of performing mutual authentication with a key storage device that stores a template encryption key for decrypting the encrypted template for biometric authentication in a tamper resistant non-volatile memory and that manages the template encryption key, and for performing mutual authentication with,the key storage device by using the authentication information; a template decryption unit for decrypting the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication by the mutual authentication unit succeeds and the template encryption key is placed in a usable state by the key storage device; and a biometric authentication unit for performing a biometric authentication process by checking, against each other, the template for biometric authentication decrypted by the template decryption unit and the biometric information acquired by the biometric information acquisition unit. - View Dependent Claims (8)
-
-
9. A biometric authentication system comprising:
-
a key storage device including a receiving unit for receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a biometric authentication device that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by the key storage device in which the template encryption key is stored, a key information storage unit for restoring the template encryption key and the authentication key from the package data received by the receiving unit, and for storing the template encryption key and the authentication key in a tamper resistant non-volatile memory, a first mutual authentication unit for performing, in case a request for use of the template encryption key is received from the biometric authentication device, mutual authentication with the biometric authentication device by using authentication information that is based on the authentication key stored in the non-volatile memory, and a key state management unit for placing, in case the mutual authentication by the first mutual authentication unit succeeds, the template encryption key stored in the non-volatile memory in a state usable by the biometric authentication device; and the biometric authentication device including a biometric information acquisition unit for capturing an image of a biometric pattern, and for acquiring biometric information for biometric authentication, an encrypted template acquisition unit for acquiring the encrypted template for biometric authentication, a second mutual authentication unit for acquiring authentication information that is used at a time of performing mutual authentication with the key storage device, and for performing mutual authentication with the key storage device by using the authentication information, a template decryption unit for decrypting the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication by the second mutual authentication unit succeeds and the template encryption key is placed in a usable state by the key storage device, and a biometric authentication unit for performing a biometric authentication process by checking, against each other, the template for biometric authentication decrypted by the template decryption unit and the biometric information acquired by the biometric information acquisition unit.
-
-
10. A key management method comprising the steps of:
-
receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a terminal that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by a key storage device in which the template encryption key is stored; restoring the template encryption key and the authentication key from the package data received in the step of receiving, and storing the template encryption key and the authentication key in a tamper resistant non-volatile memory; performing, in case a request for use of the template encryption key is received from the terminal, mutual authentication with the terminal by using authentication information that is based on the authentication key stored in the non-volatile memory; and placing, in case the mutual authentication succeeds in the step of performing mutual authentication, the template encryption key stored in the non-volatile memory in a state usable by the terminal.
-
-
11. A biometric authentication method comprising the steps of:
-
capturing an image of a biometric pattern, and acquiring biometric information for biometric authentication; acquiring an encrypted template for biometric authentication; acquiring authentication information that is used at a time of performing mutual authentication with a key storage device that stores a template encryption key for decrypting the encrypted template for biometric authentication in a tamper resistant non-volatile memory and that manages the template encryption key, and performing mutual authentication with the key storage device by using the authentication information; decrypting the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication succeeds in the step of performing mutual authentication and the template encryption key is placed in a usable state by the key storage device; and performing a biometric authentication process by checking, against each other, the template for biometric authentication decrypted in the step of decrypting and the biometric information acquired in the step of acquiring biometric information.
-
-
12. A biometric authentication method comprising the steps of:
-
receiving, by a key storage device provided with a tamper resistant non-volatile memory in which a template encryption key is stored, package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a biometric authentication device that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by the key storage device; restoring, by the key storage device, the template encryption key and the authentication key from the package data received in the step of receiving, and storing, by the key storage device, the template encryption key and the authentication key in a tamper resistant non-volatile memory; performing, by the key storage device, mutual authentication with the biometric authentication device by using authentication information that is based on the authentication key stored in the non-volatile memory, in case a request for use of the template encryption key is received from the biometric authentication device; placing, by the key storage device, the template encryption key stored in the non-volatile memory in a state usable by the biometric authentication device, in case the mutual authentication succeeds in the step of performing mutual authentication with the biometric authentication device; capturing, by the biometric authentication device, an image of a biometric pattern, and acquiring, by the biometric authentication device, biometric information for biometric authentication; acquiring, by the biometric authentication device, the encrypted template for biometric authentication; acquiring, by the biometric authentication device, authentication information that is used at a time of performing mutual authentication with the key storage device, and performing, by the biometric authentication device, mutual authentication with the key storage device by using the authentication information; decrypting, by the biometric authentication device, the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication succeeds in the step of performing mutual authentication with the key storage device and the template encryption key is placed in a usable state by the key storage device; and performing, by the biometric authentication device, a biometric authentication process by checking, against each other, the template for biometric authentication decrypted in the step of decrypting and the biometric information acquired in the step of acquiring biometric information.
-
-
13. A program for causing a computer to realise:
-
a receiving function of receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a terminal that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by a key storage device in which the template encryption key is stored; a key information storage function of restoring the template encryption key and the authentication key from the package data received by the receiving function, and of storing the template encryption key and the authentication key in a tamper resistant non-volatile memory; a mutual authentication function of performing, in case a request for use of the template encryption key is received from the terminal, mutual authentication with the terminal by using authentication information that is based on the authentication key stored in the non-volatile memory; and a key state management function of placing, in case the mutual authentication by the mutual authentication function succeeds, the template encryption key stored in the non-volatile memory in a state usable by the terminal.
-
-
14. A program for causing a computer to realise:
-
a biometric information acquisition function of capturing an image of a biometric pattern, and of acquiring biometric information for biometric authentication; an encrypted template acquisition function of acquiring an encrypted template for biometric authentication; a mutual authentication function of acquiring authentication information that is used at a time of performing mutual authentication with a key storage device that stores a template encryption key for decrypting the encrypted template for biometric authentication in a tamper resistant non-volatile memory and that manages the template encryption key, and of performing mutual authentication with the key storage device by using the authentication information; a template decryption function of decrypting the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication by the mutual authentication function succeeds and the template encryption key is placed in a usable state by the key storage device; and a biometric authentication function of performing a biometric authentication process by checking, against each other, the template for biometric authentication decrypted by the template decryption function and the biometric information acquired by the biometric information acquisition function.
-
Specification