Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method, and program

US 20110016317A1
Filed: 06/21/2010
Published: 01/20/2011
Est. Priority Date: 07/15/2009
Status: Abandoned Application

First Claim

Patent Images

1. A key storage device comprising:

a receiving unit for receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a terminal that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by the key storage device in which the template encryption key is stored;

a key information storage unit for restoring the template encryption key and the authentication key from the package data received by the receiving unit, and for storing the template encryption key and the authentication key in a tamper resistant non-volatile memory;

a mutual authentication unit for performing, in case a request for use of the template encryption key is received from the terminal, mutual authentication with the terminal by using authentication information that is based on the authentication key stored in the non-volatile memory; and

a key state management unit for placing, in case the mutual authentication by the mutual authentication unit succeeds, the template encryption key stored in the non-volatile memory in a state usable by the terminal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a key storage device including a receiving unit for receiving package data that includes a template key for decrypting an encrypted template and an authentication key that is used for authentication performed with a terminal that uses the template key and the package data being in a data format that allows restoration only by the key storage device, a key information storage unit for restoring the template key and the authentication key, and for storing the template key and the authentication key in a tamper resistant non-volatile memory, a authentication unit for performing, in case a request for use of the template key is received from the terminal, authentication with the terminal by using authentication information that is based on the authentication key, and a key state management unit for placing, in case the authentication succeeds, the template key in a state usable by the terminal.

Citations

14 Claims

1. A key storage device comprising:
- a receiving unit for receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a terminal that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by the key storage device in which the template encryption key is stored;
  
  a key information storage unit for restoring the template encryption key and the authentication key from the package data received by the receiving unit, and for storing the template encryption key and the authentication key in a tamper resistant non-volatile memory;
  
  a mutual authentication unit for performing, in case a request for use of the template encryption key is received from the terminal, mutual authentication with the terminal by using authentication information that is based on the authentication key stored in the non-volatile memory; and
  
  a key state management unit for placing, in case the mutual authentication by the mutual authentication unit succeeds, the template encryption key stored in the non-volatile memory in a state usable by the terminal.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The key storage device according to claim 1,wherein a system authentication key that is used for mutual authentication performed with the terminal at a time of the template encryption key and the authentication key being stored by the key information storage unit is stored in advance in the non-volatile memory,wherein the key storage device further includes a system mutual authentication unit for performing mutual authentication with the terminal by using the system authentication key stored in advance in the non-volatile memory, andwherein, in case the mutual authentication by the system mutual authentication unit succeeds, the key information storage unit restores the template encryption key and the authentication key from the package data and stores the template encryption key and the authentication key in the non-volatile memory.
  - 3. The key storage device according to claim 2, further comprising:
    - a system degenerate key generation unit for generating a system degenerate key from the system authentication key by using a specific system degenerate key generation function,wherein the system mutual authentication unit performs mutual authentication with the terminal by using the system degenerate key generated by the system degenerate key generation unit.
  - 4. The key storage device according to claim 3, further comprising:
    - a degenerate key generation unit for generating a degenerate key from the authentication key by using a specific degenerate key generation function,wherein the mutual authentication unit performs mutual authentication with the terminal by using the degenerate key generated by the degenerate key generation unit.
  - 5. The key storage device according to claim 4,wherein, in case a request for use of a plurality of template encryption keys is received from the terminal in a state where a plurality of services exist, where the template encryption key is set for each of the services, and where the template encryption keys and authentication keys corresponding to the plurality of services are stored in the non-volatile memory,the degenerate key generation unit generates one degenerate key by using the authentication keys corresponding to the plurality of services in relation to which the request for use has been received,the mutual authentication unit performs mutual authentication with the terminal by using the one degenerate key generated by the degenerate key generation unit, andthe key state management unit places, in case the mutual authentication by the mutual authentication unit succeeds, a plurality of template encryption keys that correspond to the plurality of services in relation to which the request for use has been received and that are stored in the non-volatile memory in a state usable by the terminal.
  - 6. The key storage device according to claim 1, wherein, in case the mutual authentication by the mutual authentication unit succeeds, the key state management unit copies, in a volatile memory, the template encryption key stored in the non-volatile memory, and places the template encryption key in the volatile memory in a state usable by the terminal while a session with the terminal is established.

7. A biometric authentication device comprising:
- a biometric information acquisition unit for capturing an image of a biometric pattern, and for acquiring biometric information for biometric authentication;
  
  an encrypted template acquisition unit for acquiring an encrypted template for biometric authentication;
  
  a mutual authentication unit for acquiring authentication information that is used at a time of performing mutual authentication with a key storage device that stores a template encryption key for decrypting the encrypted template for biometric authentication in a tamper resistant non-volatile memory and that manages the template encryption key, and for performing mutual authentication with,the key storage device by using the authentication information;
  
  a template decryption unit for decrypting the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication by the mutual authentication unit succeeds and the template encryption key is placed in a usable state by the key storage device; and
  
  a biometric authentication unit for performing a biometric authentication process by checking, against each other, the template for biometric authentication decrypted by the template decryption unit and the biometric information acquired by the biometric information acquisition unit.
- View Dependent Claims (8)
- - 8. The biometric authentication device according to claim 7, further comprising:
    - a system mutual authentication unit for acquiring system authentication information to be used for mutual authentication that is performed at a time of storing the template encryption key in the non-volatile memory of the key storage device, and for performing mutual authentication with the key storage device by using the system authentication information; and
      
      a package data providing unit for acquiring package data that includes the template encryption key along with an authentication key used for mutual authentication performed at a time of the key storage device placing the template encryption key in a usable state and that is in a data format that allows restoration only by the key storage device, and for providing the package data to the key storage device, in case the mutual authentication by the system mutual authentication unit succeeds.

9. A biometric authentication system comprising:
- a key storage device includinga receiving unit for receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a biometric authentication device that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by the key storage device in which the template encryption key is stored,a key information storage unit for restoring the template encryption key and the authentication key from the package data received by the receiving unit, and for storing the template encryption key and the authentication key in a tamper resistant non-volatile memory,a first mutual authentication unit for performing, in case a request for use of the template encryption key is received from the biometric authentication device, mutual authentication with the biometric authentication device by using authentication information that is based on the authentication key stored in the non-volatile memory, anda key state management unit for placing, in case the mutual authentication by the first mutual authentication unit succeeds, the template encryption key stored in the non-volatile memory in a state usable by the biometric authentication device; and
  
  the biometric authentication device includinga biometric information acquisition unit for capturing an image of a biometric pattern, and for acquiring biometric information for biometric authentication,an encrypted template acquisition unit for acquiring the encrypted template for biometric authentication,a second mutual authentication unit for acquiring authentication information that is used at a time of performing mutual authentication with the key storage device, and for performing mutual authentication with the key storage device by using the authentication information,a template decryption unit for decrypting the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication by the second mutual authentication unit succeeds and the template encryption key is placed in a usable state by the key storage device, anda biometric authentication unit for performing a biometric authentication process by checking, against each other, the template for biometric authentication decrypted by the template decryption unit and the biometric information acquired by the biometric information acquisition unit.

10. A key management method comprising the steps of:
- receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a terminal that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by a key storage device in which the template encryption key is stored;
  
  restoring the template encryption key and the authentication key from the package data received in the step of receiving, and storing the template encryption key and the authentication key in a tamper resistant non-volatile memory;
  
  performing, in case a request for use of the template encryption key is received from the terminal, mutual authentication with the terminal by using authentication information that is based on the authentication key stored in the non-volatile memory; and
  
  placing, in case the mutual authentication succeeds in the step of performing mutual authentication, the template encryption key stored in the non-volatile memory in a state usable by the terminal.

11. A biometric authentication method comprising the steps of:
- capturing an image of a biometric pattern, and acquiring biometric information for biometric authentication;
  
  acquiring an encrypted template for biometric authentication;
  
  acquiring authentication information that is used at a time of performing mutual authentication with a key storage device that stores a template encryption key for decrypting the encrypted template for biometric authentication in a tamper resistant non-volatile memory and that manages the template encryption key, and performing mutual authentication with the key storage device by using the authentication information;
  
  decrypting the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication succeeds in the step of performing mutual authentication and the template encryption key is placed in a usable state by the key storage device; and
  
  performing a biometric authentication process by checking, against each other, the template for biometric authentication decrypted in the step of decrypting and the biometric information acquired in the step of acquiring biometric information.

12. A biometric authentication method comprising the steps of:
- receiving, by a key storage device provided with a tamper resistant non-volatile memory in which a template encryption key is stored, package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a biometric authentication device that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by the key storage device;
  
  restoring, by the key storage device, the template encryption key and the authentication key from the package data received in the step of receiving, and storing, by the key storage device, the template encryption key and the authentication key in a tamper resistant non-volatile memory;
  
  performing, by the key storage device, mutual authentication with the biometric authentication device by using authentication information that is based on the authentication key stored in the non-volatile memory, in case a request for use of the template encryption key is received from the biometric authentication device;
  
  placing, by the key storage device, the template encryption key stored in the non-volatile memory in a state usable by the biometric authentication device, in case the mutual authentication succeeds in the step of performing mutual authentication with the biometric authentication device;
  
  capturing, by the biometric authentication device, an image of a biometric pattern, and acquiring, by the biometric authentication device, biometric information for biometric authentication;
  
  acquiring, by the biometric authentication device, the encrypted template for biometric authentication;
  
  acquiring, by the biometric authentication device, authentication information that is used at a time of performing mutual authentication with the key storage device, and performing, by the biometric authentication device, mutual authentication with the key storage device by using the authentication information;
  
  decrypting, by the biometric authentication device, the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication succeeds in the step of performing mutual authentication with the key storage device and the template encryption key is placed in a usable state by the key storage device; and
  
  performing, by the biometric authentication device, a biometric authentication process by checking, against each other, the template for biometric authentication decrypted in the step of decrypting and the biometric information acquired in the step of acquiring biometric information.

13. A program for causing a computer to realise:
- a receiving function of receiving package data that includes a template encryption key for decrypting an encrypted template for biometric authentication and an authentication key that is used for mutual authentication performed with a terminal that uses the template encryption key, the mutual authentication being performed at a time of placing the template encryption key in a usable state and the package data being in a data format that allows restoration only by a key storage device in which the template encryption key is stored;
  
  a key information storage function of restoring the template encryption key and the authentication key from the package data received by the receiving function, and of storing the template encryption key and the authentication key in a tamper resistant non-volatile memory;
  
  a mutual authentication function of performing, in case a request for use of the template encryption key is received from the terminal, mutual authentication with the terminal by using authentication information that is based on the authentication key stored in the non-volatile memory; and
  
  a key state management function of placing, in case the mutual authentication by the mutual authentication function succeeds, the template encryption key stored in the non-volatile memory in a state usable by the terminal.

14. A program for causing a computer to realise:
- a biometric information acquisition function of capturing an image of a biometric pattern, and of acquiring biometric information for biometric authentication;
  
  an encrypted template acquisition function of acquiring an encrypted template for biometric authentication;
  
  a mutual authentication function of acquiring authentication information that is used at a time of performing mutual authentication with a key storage device that stores a template encryption key for decrypting the encrypted template for biometric authentication in a tamper resistant non-volatile memory and that manages the template encryption key, and of performing mutual authentication with the key storage device by using the authentication information;
  
  a template decryption function of decrypting the encrypted template for biometric authentication by using the template encryption key, in case the mutual authentication by the mutual authentication function succeeds and the template encryption key is placed in a usable state by the key storage device; and
  
  a biometric authentication function of performing a biometric authentication process by checking, against each other, the template for biometric authentication decrypted by the template decryption function and the biometric information acquired by the biometric information acquisition function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
mofiria Corp.
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Abe, Hiroshi

Application Number

US12/803,182
Publication Number

US 20110016317A1
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0897   involving additional device...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3273   for mutual authentication n...

Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method, and program

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method, and program

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links