AUTHENTICATION IN UBIQUITOUS ENVIRONMENT
First Claim
1. A method of registering a user in an authentication management system based on a public key certificate, the method performed by a portable device of the user, the method comprising:
- encrypting biometric data or a combination of pieces of biometric data of the user by using an encryption algorithm defined in the public key certificate;
storing encrypted biometric data or encrypted combination of the pieces of biometric data in the portable device;
tokening the encrypted biometric data or the encrypted combination of the pieces of biometric data to generate a biometric code;
generating a pair of keys including a private key and a public key by inserting a verification code containing at least the biometric code in an extension field of the public key certificate;
transmitting the public key to a remote entity; and
requesting a registration of the user.
0 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, encrypted biometric data are stored in advance in a device that is possessed or carried by a user (for example, a smartcard, a communication terminal, or the like) based on a public key certificate, and a user authentication (first user authentication) is performed by a biometric matching in the device. A public key certificate matching the encrypted biometric data is used to perform a user authentication (second user authentication) for a transaction authorization in a service providing server. According to some embodiments, one time password, keystroke, dynamic signature, location information, and the like are employed as additional authentication factors to tighten the security of the first and second user authentications. According to some embodiments, an authentication mechanism including the first user authentication and the second user authentication is applied to control an access to the IoT device.
-
Citations
30 Claims
-
1. A method of registering a user in an authentication management system based on a public key certificate, the method performed by a portable device of the user, the method comprising:
-
encrypting biometric data or a combination of pieces of biometric data of the user by using an encryption algorithm defined in the public key certificate; storing encrypted biometric data or encrypted combination of the pieces of biometric data in the portable device; tokening the encrypted biometric data or the encrypted combination of the pieces of biometric data to generate a biometric code; generating a pair of keys including a private key and a public key by inserting a verification code containing at least the biometric code in an extension field of the public key certificate; transmitting the public key to a remote entity; and requesting a registration of the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of authenticating a user in an authentication management system based on a public key certificate, the method performed by a portable device of the user, the portable device storing a private key in which a verification code including a biometric code is inserted and encrypted biometric data or an encrypted combination of pieces of biometric data from which the biometric code is derived, the method comprising:
-
acquiring biometric data or a combination of pieces of biometric data of the user; comparing the biometric data or the combination of pieces of biometric data of the user with at least one of the encrypted biometric data or the encrypted combination of pieces of biometric data stored in the portable device or the biometric code; transmitting, when the biometric data or the combination of pieces of biometric data of the user matches the at least one of the encrypted biometric data or the encrypted combination of pieces of biometric data, authentication information including the verification code inserted in the private key to a remote entity; and requesting an authentication of the user. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method of managing an authentication of a user in an authentication management system based on a public key certificate, the method performed by a remote entity connected to a portable device of the user via a network, the method comprising:
-
receiving, from the portable device, a public key corresponding to a private key in which a verification code including a biometric code derived from biometric data or a combination of pieces of biometric data of the user is inserted; performing a registration of the user based on the public key; receiving, from the portable device, authentication information including the verification code inserted in the private key; verifying the authentication information based on the public key; and performing the authentication of the user based on a result of the verifying.
-
-
28. A method of managing an authentication of a user in an authentication management system based on a public key certificate, the method performed by a public terminal configured to provide a predetermined service and a service providing server configured to manage the public terminal, the method comprising:
-
receiving including the service providing server receiving, from a portable device of a user, a public key corresponding to a private key in which a verification code including a biometric code derived from biometric data or a combination of pieces of biometric data of the user is inserted; performing including the service providing server performing a registration of the user based on the public key; receiving including the public terminal receiving, from the portable device, authentication information including the verification code inserted in the private key; requesting including the public terminal requesting the service providing server to perform a verification of the authentication information based on the public key; performing including the public terminal performing the authentication of the user based on a result of the verification; and providing including the public terminal providing, when the authentication of the user is successful, the predetermined service. - View Dependent Claims (29, 30)
-
Specification