×

Account management system, root-account management apparatus, derived-account management apparatus, and program

  • US 8,499,147 B2
  • Filed: 07/10/2009
  • Issued: 07/30/2013
  • Est. Priority Date: 09/11/2007
  • Status: Active Grant
First Claim
Patent Images

1. An account management system including a root-account management apparatus, which manages root-account information for certifying the identity of a user, and a derived-account management apparatus which manages derived-account information generated based on the root-account information, wherein the respective account management apparatuses are configured to communicate with a client apparatus of the user,the root-account management apparatus comprising:

  • a root-account storage device which stores the root-account information including an initial authentication element field in which initial authentication element information is stored and a derived-account credence element field in which derived-account credence element information is stored;

    a root-account key storage device in which a first secret key of the root-account management apparatus and a first public key certificate corresponding to the first secret key are stored;

    a survival condition setting device configured to set, in advance, a survival condition including a plurality of validity terms for the derived-account credence element information, wherein the plurality of validity terms allows a validity term of the derived-account credence element information to be set so as to temporarily become invalid;

    an initial authentication device configured to authenticate the user of the client apparatus based on the initial authentication element information;

    a device configured to generate a first electronic signature based on the first secret key of the root-account management apparatus for credence element identification information, root-account management apparatus identification information, derived-account management apparatus identification information, root-account information reference information, and the survival condition, when an authentication result of the initial authentication device is proper;

    a device configured to store, in the derived-account credence element information field, the derived-account credence element information including the credence element identification information, the root-account management apparatus identification information, the derived-account management apparatus identification information, the root-account information reference information, the survival condition, the first electronic signature and the first public key certificate; and

    a device configured to transmit the derived-account credence element information inside the root-account storage device to the derived-account management apparatus,the derived-account management apparatus comprising;

    a derived-account storage device configured to store the derived-account information including a derived-account credence element field in which the derived-account credence element information is stored and a derived authentication element field in which derived authentication element information is stored;

    a device configured to verify the first electronic signature inside the derived-account credence element information based on the first public key certificate inside the relevant derived-account credence element information, upon receiving the derived-account credence element information from the root-account management apparatus;

    a device configured to verify whether or not the survival condition inside the derived-account credence element information is satisfied when the first electronic signature is proper as a result of the verification;

    a device which creates the derived-account information including the derived-account credence element information in the derived-account credence element field and writes the derived-account information in the derived-account storage device when the survival condition is satisfied as a result of the verification;

    a derived-account key storage device in which a second secret key of the derived-account management apparatus and a second public key certificate corresponding to the second secret key are stored, the second secret key having a long validity term compared with a validity term of the first public key certificate;

    a device configured to acquire biometric information of the user from the client apparatus, and to create a biometric information template from the biometric information;

    a device configured to generate a second electronic signature based on the second secret key for the biometric information template;

    a device which writes the derived authentication element information including the biometric information template and the second electronic signature in the derived authentication element field of the derived-account information inside the derived-account storage device;

    a device configured to verify the first electronic signature inside the relevant derived-account credence element information based on the first public key certificate inside the derived-account credence element information in the derived-account information inside the derived-account storage device, upon receiving an access request to the derived-account information after the derived authentication element is written;

    a device configured to verify whether or not the survival condition inside the relevant derived-account credence element information is satisfied when the first electronic signature is proper as a result of the verification; and

    a device configured to deny the access request and to invalidate the derived-account information when the survival condition is not satisfied as a result of the verification,wherein the survival condition includes an extended survival condition so that, in creating the derived-account information, survival is permitted when approval is obtained from a predetermined third-party apparatus other than the root-account management apparatus.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×