Person authentication system, person authentication method, and program providing medium

US 7,185,193 B2
Filed: 08/30/2001
Issued: 02/27/2007
Est. Priority Date: 08/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A person authentication system for executing person authentication by comparing a template which is previously acquired person identification data with sampling information input by a user, said system comprising:

a person identification authority which creates a person identification certificate for storing the template and which issues the person identification certificate to an entity which executes person authentication,whereinsaid person identification authority acquires the template and data for person identification from the user to be certified with the person identification certificate, and encrypts the template using a public key and creates and registers, on the basis of the identification of the user, the person identification certificate for storing the encrypted template which is the person identification data,the entity which decrypts the encrypted template stored in the person identification certificate and executes person authentication compares the decrypted template with the sampling information of the user so as to execute person authentication, andthe public key used to encrypt or decrypt the template stored in the person identification certificate being a different public key depending upon the entity which executes authentication of a person.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A person authentication system includes a person identification authority. In the system, a service provider, a user device, or the like performs person authentication by acquiring a template from a person identification certificate created by the person identification authority, which is a third-party agency. The person identification authority identifies a person who requests issue of the person identification certificate, creates and registers the person identification certificate. Furthermore, the person identification authority deletes and changes the person identification certificate and performs registration, addition, deletion, invalidation process, and re-validation process of the template stored in the person identification certificate.

26 Citations

View as Search Results

30 Claims

1. A person authentication system for executing person authentication by comparing a template which is previously acquired person identification data with sampling information input by a user, said system comprising:
- a person identification authority which creates a person identification certificate for storing the template and which issues the person identification certificate to an entity which executes person authentication,whereinsaid person identification authority acquires the template and data for person identification from the user to be certified with the person identification certificate, and encrypts the template using a public key and creates and registers, on the basis of the identification of the user, the person identification certificate for storing the encrypted template which is the person identification data,the entity which decrypts the encrypted template stored in the person identification certificate and executes person authentication compares the decrypted template with the sampling information of the user so as to execute person authentication, andthe public key used to encrypt or decrypt the template stored in the person identification certificate being a different public key depending upon the entity which executes authentication of a person.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system according to claim 1, wherein said person identification authority acquires a template deleting request and the data for person identification from the user to be certified with the person identification certificate, deletes the template from the person identification certificate, and registers the person identification certificate in a revocation list, on the basis of the identification of the user.
  - 3. The system according to claim 1, wherein said person identification authority acquires a new template and the data for person identification together with a template changing request from the user to be certified with the person identification certificate, deletes an old template from the person identification certificate, deletes the person identification certificate for storing the old template, registers the person identification certificate in the revocation list, and creates and registers a person identification certificate for storing the new template, on the basis of the identification of the user.
  - 4. The system according to claim 1, wherein said person identification authority acquires an additional template and the data for person identification together with a template addition request from the user to be certified with the person identification certificate, and creates and registers a person identification certificate for storing the additional template as well as the template of the user on the basis of the identification of the user.
  - 5. The system according to claim 1, wherein said person identification authority acquires the data for person identification together with a template suspension request from the user to be certified with the person identification certificate, invalidates the template stored in the person identification certificate, and registers the person identification certificate in the revocation list, on the basis of the identification of the user.
  - 6. The system according to claim 1, wherein said person identification authority acquires the data for person identification together with a template suspension cancel request from the user to be certified with the person identification certificate, re-validates the template stored in the person identification certificate, and erases the person identification certificate from the revocation list, on the basis of the identification of the user.
  - 7. The system according to claim 1, wherein said person identification authority executes mutual authentication with a user device, in data communication with the user device performed when the user to be certified with the person identification certificate requests registration, deletion, change, addition, suspension, or canceling of suspension of the template, and prevents and verifies data-tampering by creating a digital signature and performing signature verification.
  - 8. The system according to claim 1, wherein said person identification authority issues, in response to a request from the entity which executes person authentication, the registered person identification certificate to the entity, and in the issuing of the person identification certificate to the entity, the template to be stored in the person identification certificate is issued as an encrypted data which may be decrypted in the entity.
  - 9. The system according to claim 1, wherein said person identification authority issues, in response to a request from the entity which executes person authentication, the registered person identification certificate to the entity, and in the issuing of the person identification certificate to the entity, the template to be stored in the person identification certificate is issued as data encrypted with a public key of the entity.
  - 10. The system according to claim 1, wherein said person identification authority updates, in response to a request from the entity which executes person authentication, the person identification certificate previously issued to the entity, and in the updating of the person identification certificate to the entity, a new person identification certificate of which validity is reset is issued to the entity.
  - 11. The system according to claim 1, wherein said person identification authority acquires a request for deleting the person identification certificate and the data for person identification from the user to be certified with the person identification certificate, deletes the person identification certificate, and requests deletion of the issued person identification certificate to the entity to which the person identification certificate is issued, on the basis of the identification of the user.
  - 12. The system according to claim 1, wherein said person identification authority performs comparison for verification based on the person identification certificate in response to a request from the entity which executes person authentication, and in the comparison for verification of the person identification certificate to the entity, the sampling information received from the entity is compared with the template in the person identification certificate stored in said person identification authority, and a comparison result is provided as a response to the entity.
  - 13. The system according to claim 1, wherein said person identification authority executes mutual authentication with a device of the entity, in data communication with the entity performed to issue, update, delete, or inquire the person identification certificate to the entity which executes person authentication, and verifies data validity by checking whether the data is tampered with by adding the digital signature and performing signature verification.
  - 14. The system according to claim 1, wherein the template to be stored in the person identification certificate created by said person identification authority comprises biometric information of a person selected from the group consisting of fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information;
    - non-biometric information selected from the group consisting of a seal impression, a passport, a driver'"'"'s license, and a credit card;
      
      any combination of two or more of the biometric information and the non-biometric information;
      
      or a combination of any of the biometric or non-biometric information and a password.
  - 15. The system according to claim 1, wherein the person identification certificate issued by said person identification authority includes the digital signature written by said person identification authority.
  - 16. The system according to claim 1, wherein the entity is a service provider which provides services to the user identified by the person identification certificate, a user device that the user identified by the person identification certificate accesses, or said person identification authority.

17. A person authentication method for executing person authentication by comparing a template which is previously acquired person identification data with sampling information input by a user, said method comprising the steps of:
- creating a person identification certificate for storing the template and issuing the person identification certificate to an entity which executes person authentication in a person identification authority,acquiring the template and data for person identification from the user to be certified with the person identification certificate, and encrypting the template using a public key and creating and registering, on the basis of the identification of the user, the person identification certificate for storing the encrypted template which is the person identification data, anddecrypting the encrypted template and comparing the decrypted template with the sampling information of the user so as to execute person authentication in the entity which executes person authentication, the public key used to encrypt or decrypt the template stored in the person identification certificate being a different public key depending upon the entity which executes authentication of a person.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 18. The method according to claim 17, wherein said person identification authority acquires a template deleting request and the data for person identification from the user to be certified with the person identification certificate, deletes the template from the person identification certificate, and registers the person identification certificate in a revocation list, on the basis of the identification of the user.
  - 19. The method according to claim 17, wherein said person identification authority acquires a new template and the data for person identification together with a template changing request from the user to be certified with the person identification certificate, deletes an old template from the person identification certificate, deletes the person identification certificate for storing the old template, registers the person identification certificate in the revocation list, and creates and registers a person identification certificate for storing the new template, on the basis of the identification of the user.
  - 20. The method according to claim 17, wherein said person identification authority acquires an additional template and the data for person identification together with a template addition request from the user to be certified with the person identification certificate, and creates and registers a person identification certificate for storing the additional template as well as the template of the user on the basis of the identification of the user.
  - 21. The method according to claim 17, wherein said person identification authority acquires the data for person identification together with a template suspension request from the user to be certified with the person identification certificate, invalidates the template stored in the person identification certificate, and registers the person identification certificate in the revocation list, on the basis of the identification of the user.
  - 22. The method according to claim 17, wherein said person identification authority acquires the data for person identification together with a template suspension cancel request from the user to be certified with the person identification certificate, re-validates the template stored in the person identification certificate, and erases the person identification certificate from the revocation list, on the basis of the identification of the user.
  - 23. The method according to claim 17, wherein said person identification authority executes mutual authentication with a user device, in data communication with the user device performed when the user to be certified with the person identification certificate requests registration, deletion, change, addition, suspension, or canceling of suspension of the template, and prevents and verifies data-tampering by creating a digital signature and performing signature verification.
  - 24. The method according to claim 17, wherein said person identification authority issues, in response to a request from the entity which executes person authentication, the registered person identification certificate to the entity, and in the issuing of the person identification certificate to the entity, the template to be stored in the person identification certificate is issued as an encrypted data which may be decrypted in the entity.
  - 25. The method according to claim 17, wherein said person identification authority issues, in response to a request from the entity which executes person authentication, the registered person identification certificate to the entity, and in the issuing of the person identification certificate to the entity, the template to be stored in the person identification certificate is issued as data encrypted with a public key of the entity.
  - 26. The method according to claim 17, wherein said person identification authority updates, in response to a request from the entity which executes person authentication, the person identification certificate previously issued to the entity, and in the updating of the person identification certificate to the entity, a new person identification certificate of which validity is reset is issued to the entity.
  - 27. The method according to claim 17, wherein said person identification authority acquires a request for deleting the person identification certificate and the data for person identification from the user to be certified with the person identification certificate, deletes the person identification certificate, and requests deletion of the issued person identification certificate to the entity to which the person identification certificate is issued, on the basis of the identification of the user.
  - 28. The method according to claim 17, wherein said person identification authority performs comparison for verification based on the person identification certificate in response to a request from the entity which executes person authentication, and in the comparison for verification of the person identification certificate to the entity, the sampling information received from the entity is compared with the template in the person identification certificate stored in said person identification authority, and a comparison result is provided as a response to the entity.
  - 29. The method according to claim 17, wherein said person identification authority executes mutual authentication with a device of the entity, in data communication with the entity performed to issue, update, delete, or inquire the person identification certificate to the entity which executes person authentication, and verifies data validity by checking whether the data is tampered with by adding the digital signature and performing signature verification.

30. A program providing medium for providing a computer program which executes person authentication in a computer system by comparing a template which is previously acquired person identification data with sampling information input by a user, said computer program comprising the steps of:
- acquiring the template and data for person identification from the user to be certified with a person identification certificate,encrypting the template using a public key,creating and registering, on the basis of the identification of the user, the person identification certificate for storing the encrypted template which is the person identification data, anddecrypting the encrypted template and comparing the decrypted template with the sampling information of the user so as to execute person authentication in the entity which executes person authentication, the public key used to encrypt or decrypt the template stored in the person identification certificate being a different public key depending upon the entity which executes authentication of a person.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Ishibashi, Yoshihito, Watanabe, Hideaki, Matsuyama, Shinako, Futamura, Ichiro, Kon, Masashi
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Ho; Thomas

Application Number

US09/943,683
Publication Number

US 20020027494A1
Time in Patent Office

2,007 Days
Field of Search

713/155, 713/156, 713/175, 713/176, 713/185, 713/169, 713/186, 726/9, 705/51, 705/76
US Class Current

713/155
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 2221/2115   Third party

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3268   using certificate validatio...

H04L 9/3273   for mutual authentication n...

Person authentication system, person authentication method, and program providing medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Person authentication system, person authentication method, and program providing medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links