Apparatus, system and method for authenticating personal identity, computer readable medium having personal identity authenticating program recorded thereon method of registering personal identity authenticating information, method of verifying personal identity authenticating information, and recording medium having personal identity authenticating information recorded thereon

US 7,024,563 B2
Filed: 09/26/2001
Issued: 04/04/2006
Est. Priority Date: 09/26/2000
Status: Active Grant

First Claim

Patent Images

1. A personal identity authenticating system comprising:

an authentication support station at which secret key and public key pairs are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs;

a registry terminal which encrypts image data and identity data and writes encrypted data onto a recording medium; and

a personal identity authenticating terminal which reads the encrypted data from said recording medium, decrypts said image data and said identity data, and checks the decrypted data for consistency of its contents,wherein;

said registry terminal receives and stores the input of image data generated by capturing a part of the body of the registrant, and the input of the registrant'"'"'s identity data, encrypts the identity data with the registrant'"'"'s secret key and with the registrar'"'"'s secret key respectively, and writes the image data and encrypted identity data onto said recording medium of the registrant,said personal identity authenticating terminal decrypts the double encrypted data respectively with the registrant'"'"'s and registrar'"'"'s public keys which are obtained from said authentication support station by specifying either the registrant or registrar identifier and performs matching between both identity data decrypted with each public keys, and moreover presents a image from said image data and accepts the input of confirmation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal identity authenticating system where the registrant/cardholder and the registrar are assigned specific identifiers and secret keys and public keys that are mapped to the identifiers at the authentication support station (ASS). Personal identity to which the registrar identifier is attached is encrypted with the registrant/cardholder'"'"'s secret key. Personal identity data is embedded as an encrypted watermark image data by means of the registrar'"'"'s secret key. Both encrypted identity and watermarked image data are recorded on the IC card. When authentication is required, the identity data with the registrar identifier is decrypted with the cardholder'"'"'s public key that is supplied by the ASS. The registrar'"'"'s public key is obtained from the ASS by using the decrypted registrar identifier. The registrar'"'"'s public key permits the personal identity to be retrieved from the watermarked image data. Internal authentication is executed by matching between personal identity strings and image data.

Citations

8 Claims

1. A personal identity authenticating system comprising:
- an authentication support station at which secret key and public key pairs are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs;
  
  a registry terminal which encrypts image data and identity data and writes encrypted data onto a recording medium; and
  
  a personal identity authenticating terminal which reads the encrypted data from said recording medium, decrypts said image data and said identity data, and checks the decrypted data for consistency of its contents,wherein;
  
  said registry terminal receives and stores the input of image data generated by capturing a part of the body of the registrant, and the input of the registrant'"'"'s identity data, encrypts the identity data with the registrant'"'"'s secret key and with the registrar'"'"'s secret key respectively, and writes the image data and encrypted identity data onto said recording medium of the registrant,said personal identity authenticating terminal decrypts the double encrypted data respectively with the registrant'"'"'s and registrar'"'"'s public keys which are obtained from said authentication support station by specifying either the registrant or registrar identifier and performs matching between both identity data decrypted with each public keys, and moreover presents a image from said image data and accepts the input of confirmation.
- View Dependent Claims (2, 3, 4)
- - 2. The personal identity authenticating system according to claim 1, wherein:
    - said registry terminal encrypts said image data and said identity data together with the registrar identifier with the registrant'"'"'s secret key and encrypts said image data and said identity data with the registrar'"'"'s secret key; and
      
      said personal identity authenticating terminal obtains the registrant'"'"'s public key from said authentication support station by specifying registrant identifier and decrypts the encrypted data including the registrar identifier with the registrant public key, and moreover obtains the registrar'"'"'s public key from said authentication support station by specifying the registrar identifier obtained by the preceding decryption and decrypts the remaining encrypted data with the registrar'"'"'s public key.
  - 3. The personal identity authenticating system according to claim 1, wherein:
    - during the encryption process on the registry terminal, parameters for preventing data encrypted by either the registrant'"'"'s secret key or registrar'"'"'s secret key from being falsified are included in encrypting data with the other secret key; and
      
      said personal identity authenticating terminal obtains the falsification preventing parameters by decrypting the data including the parameters with either registrant'"'"'s public key or the registrant'"'"'s public key and checks the other data for falsification by using the thus obtained parameters.
  - 4. The personal identity authenticating system according to claim 1, wherein:
    - said registry terminal embeds a digital watermark consisting of said identity data into said image data by means of the registrar'"'"'s secret key; and
      
      said personal identity authenticating terminal extracts the identity data from the watermarked image data by means of the registrar'"'"'s public key.

5. A method of authenticating personal identity, using secret key and public key pairs which are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs at an authentication support station, said method comprising:
- encrypting image data and identity data and writing encrypted data onto a recording medium at a registry site; and
  
  reading the encrypted data from said recording medium, decrypting said image data and said identity data, and checking the decrypted data for consistency of its contents at a personal identity authenticating site;
  
  at the registry site, said method further comprising;
  
  receiving and storing the input of image data generated by capturing a part of the body of the registrant;
  
  receiving and storing the input of the registrant'"'"'s identity data;
  
  encrypting the identity data with the registrant'"'"'s secret key;
  
  encrypting the identity data with the registrar'"'"'s secret key; and
  
  writing the image data and encrypted identity data onto said recording medium of the registrant;
  
  at the personal identity authenticating site, said method further comprising;
  
  decrypting the double encrypted data respectively with the registrant'"'"'s and registrar'"'"'s public keys which are obtained from said authentication support station by specifying the registrant or registrar identifier;
  
  performing matching between both identity data decrypted with each public keys;
  
  presenting a personal image from said image data; and
  
  accepting the input of confirmation.

6. A computer readable medium having a personal identity authenticating program recorded thereon, said program based on authentication using secret key and public key pairs which are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs at an authentication support station, said program comprising:
- a subprogram to run on a registry workstation for encrypting image data and identity data and writing encrypted data onto a recording medium; and
  
  a subprogram to run on a personal identity authenticating workstation for reading the encrypted data from said recording medium, decrypting said image data and said identity data, and checking the decrypted data for consistency of its contents;
  
  said subprogram to run on a registry workstation comprising the functions of;
  
  receiving and storing the input of image data generated by capturing a part of the body of the registrant;
  
  receiving and storing the input of the registrant'"'"'s identity data;
  
  encrypting the identity data with the registrant'"'"'s secret key;
  
  encrypting the identity data with the registrar'"'"'s secret key; and
  
  writing the image data and encrypted identity data onto said recording medium of the registrant;
  
  said subprogram to run on a personal identity authenticating workstation comprising the functions of;
  
  decrypting the double encrypted data respectively with the registrant'"'"'s and registrar'"'"'s public keys which are obtained from said authentication support station by specifying the registrant or registrar identifier;
  
  performing matching between both identity data decrypted with each public keys;
  
  presenting a personal image from said image data; and
  
  accepting the input of confirmation.

7. A method of registering personal identity authenticating information, using secret key and public key pairs which are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs at an authentication support station, said method comprising:
- receiving and storing the input of image data representing the peculiarity of a person, the registrant who will be the cardholder of an IC card;
  
  receiving and storing the input of identity data of said registrant;
  
  encrypting said image data and said identity data by means of the registrar'"'"'s secret key;
  
  encrypting said identity data together with the registrar identifier by the registrant'"'"'s secret key; and
  
  recording the encrypted data on the IC card, thus registering the identity of the registrant.

8. A method of verifying personal identity authenticating information, using secret key and public key pairs which are managed such that each pair is mapped to the identifier of a registrant or registrar to which the pair belongs at an authentication support station, said method comprising:
- obtaining the public key of the cardholder of an IC card from said authentication support station by specifying the cardholder identifier;
  
  decrypting one encrypted data from the IC card with said public key, thereby retrieving the identity data and the registrar identifier;
  
  obtaining the public key of the registrar from said authentication support station by specifying the registrar identifier;
  
  decrypting the other encrypted data from the IC card with the registrar'"'"'s public key, thereby retrieving the identity data and image data;
  
  checking the retrieved data for falsification; and
  
  rendering the result of the check and the image data usable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seiko Epson Corporation (Seiko Group)
Original Assignee
Seiko Epson Corporation (Seiko Group)
Inventors
Mogami, Kazuto, Shimosato, Hideto, Ushiyama, Yuichi
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Dinh, Minh

Application Number

US09/962,336
Publication Number

US 20020049908A1
Time in Patent Office

1,651 Days
Field of Search

713/168, 713172-173, 713/176, 713185-186, 340 58- 584, 382115-119, 382/124, 283 74- 75, 283 77- 78, 283112-113
US Class Current

713/186
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40145   Biometric identity checks

G06Q 20/40975   using encryption therefor

G06T 1/0021   Image watermarking

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/608   Watermarking

H04L 9/3231   Biological data, e.g. finge...

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links