ID system and program, and ID method

US 9,112,705 B2
Filed: 01/30/2007
Issued: 08/18/2015
Est. Priority Date: 02/15/2006
Status: Active Grant

First Claim

Patent Images

1. An ID system comprisinga biometric authentication device for performing authentication of biometric information;

a server device for making judgment on authentication information from the biometric authentication device; and

a device authentication unit for issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, whereinthe server device comprises;

a unit which requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request with a public key of the biometric authentication device, and transmits the encrypted information to the biometric authentication device; and

a unit which makes authentication judgment on a user of the biometric authentication device based on authentication information output from the biometric authentication device, andthe biometric authentication device comprises;

an input device which inputs biometric information of a user;

a storage device which stores, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with the public key, the template being stored and associated with user information registered in advance;

a unit which receives the biometric information of the user from the input device, reads the template from the storage device, and collates the read template with the received biometric information inputted according to the request for individual authentication sent from the server device; and

a unit which includes a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information output from the biometric authentication device, applies an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device, and transmits the authentication information to which the electronic signature is applied to the server device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

[PROBLEMS] To appropriately authenticate a user, a biometric device, and an authentication timing of a client side and prevent leak or tampering of the biometric information.

[MEANS FOR SOLVING PROBLEMS] A server device includes: a unit for encrypting information for requesting biometric authentication and identifying the request by using a public key of the biometric authentication device and transmitting the information; and a unit for authenticating the user according to the authentication information containing the result of the biometric authentication. The biometric authentication device includes: a unit for inputting biometric information; a unit for storing a template as biometric information registered in advance together with the user information; a unit for collating the biometric information inputted by the user with the template; a unit for adding a digital signature to the authentication information containing the collation result, information for identifying the request from the server device, and the template user information, by using a secret key of the local device and transmitting the authentication information to the server device.

37 Citations

View as Search Results

24 Claims

1. An ID system comprisinga biometric authentication device for performing authentication of biometric information;
- a server device for making judgment on authentication information from the biometric authentication device; and
  
  a device authentication unit for issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, whereinthe server device comprises;
  
  a unit which requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request with a public key of the biometric authentication device, and transmits the encrypted information to the biometric authentication device; and
  
  a unit which makes authentication judgment on a user of the biometric authentication device based on authentication information output from the biometric authentication device, andthe biometric authentication device comprises;
  
  an input device which inputs biometric information of a user;
  
  a storage device which stores, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with the public key, the template being stored and associated with user information registered in advance;
  
  a unit which receives the biometric information of the user from the input device, reads the template from the storage device, and collates the read template with the received biometric information inputted according to the request for individual authentication sent from the server device; and
  
  a unit which includes a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information output from the biometric authentication device, applies an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device, and transmits the authentication information to which the electronic signature is applied to the server device.
- View Dependent Claims (2, 3, 4)
- - 2. The ID system as claimed in claim 1, wherein:
    - the biometric authentication device comprises a unit which generates verification information based on hash values of programs of the biometric authentication device, and transmits the verification information to the server device; and
      
      the server device comprises a unit which verifies the appropriateness of the operations of the biometric authentication device based on the verification information from the biometric authentication device.
  - 3. The ID system as claimed in claim 1, wherein:
    - the biometric authentication device comprises a unit which reads out each template of a plurality of users in order for the collation from the storage device, and applies the user information associated with a template stored in the storage device that corresponds to the received biometric information inputted from the input device to the authentication information.
  - 4. The ID system as claimed in claim 1, wherein the server device generates random numbers as the information for identifying the request for performing individual authentication sent to the biometric authentication device.

5. A biometric authentication device used in an ID system, for performing authentication of biometric information, the biometric authentication device being used in combination with a server device making judgment on authentication information from the biometric authentication device and a device authentication unit issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, the biometric authentication device comprising:
- an input device which inputs biometric information of a user;
  
  a storage device which stores, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with the public key of the biometric authentication device, the template being stored and associated with user information registered in advance;
  
  a unit which receives the biometric information of the user from the input device, reads the template from the storage device, and collates, when the server device requests individual authentication based on biometric information from the biometric authentication device, the read template with the received biometric information inputted according to the request for individual authentication sent from the server device; and
  
  a unit which includes a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information, applies an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device and transmits the authentication information to which the electronic signature is applied to the server device.
- View Dependent Claims (6, 7, 8)
- - 6. The biometric authentication device as claimed in claim 5, comprising a unit which transmits verification information to the server device.
  - 7. The biometric authentication device as claimed in claim 6, wherein the verification information is based on hash values of programs of the biometric authentication device.
  - 8. The biometric authentication device as claimed in claim 5, comprising a unit which reads out each template of a plurality of users in order for the collation from the storage device, and applies the user information associated with a template stored in the storage device that corresponds to the received biometric information inputted from the input device to the authentication information.

9. A server device connected mutually to be communicable with a biometric authentication device and a device authentication unit that issues a device certificate for guaranteeing authentication operations of the biometric authentication device including its authentication accuracy,the server device comprising:
- a unit which requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request with a public key of the biometric authentication device, and transmits the encrypted information to the biometric authentication device; and
  
  a unit which makes authentication judgment on a user of the biometric authentication device based on authentication information to which an electronic signature is applied by using a secret key of the biometric authentication device, the authentication information including a result of collation between a template stored in the biometric authentication device and the biometric information inputted to the biometric authentication device according to a request for individual authentication sent from the server device, information for identifying the request from the server device, and user information associated with the template.
- View Dependent Claims (10, 11)
- - 10. The server device as claimed in claim 9, comprising a unit which verifies appropriateness of operations of the biometric authentication device based on verification information, when receiving the verification information for verifying the appropriateness of the operations of the biometric authentication device.
  - 11. The server device as claimed in claim 9, which generates random numbers as the information for identifying the request for performing individual authentication sent to the biometric authentication device.

12. An ID method for a server device making judgment on authentication information from a biometric authentication device where a device authentication unit is configured to issue a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, the method comprising:
- requesting individual authentication based on biometric information from the biometric authentication device;
  
  encrypting information for identifying the request with a public key of the biometric authentication device; and
  
  transmitting the encrypted information to the biometric authentication device; and
  
  making authentication judgment on a user of the biometric authentication device based on authentication information to which an electronic signature is applied by using a secret key of the biometric authentication device output from the biometric authentication device, the authentication information including a result of collation between a template stored in the biometric authentication device and the biometric information inputted to the biometric authentication device according to a request for individual authentication sent from the server device, information for identifying the request from the server device, and user information associated with the template.
- View Dependent Claims (13, 14)
- - 13. The ID method as claimed in claim 12, comprising:
    - receiving verification information for verifying appropriateness of operations of the biometric authentication device by the server device, the verification information being based upon hash values of programs of the biometric authentication device; and
      
      verifying, in the server device, the appropriateness of the operations of the biometric authentication device based on the verification information from the biometric authentication device.
  - 14. The ID method as claimed in claim 12, which generates, in the server device, random numbers as the information for identifying the request for performing individual authentication sent to the biometric authentication device.

15. A non-transitory computer readable storage medium storing a program for causing a computer of a biometric authentication device that is used in combination with a server device making judgment on authentication information and a device authentication unit issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy to execute the functions of:
- storing, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with a public key of the biometric authentication device, the template being stored and associated with user information registered in advance;
  
  receiving the biometric information of the user;
  
  reading the template from a storage device;
  
  collating the read template with the received biometric information inputted according to the request for individual authentication sent from the server device;
  
  including a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information;
  
  applying an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device; and
  
  transmitting the authentication information to which the electronic signature is applied to the server device, the collating, applying and transmitting occurring when the server device requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request for individual authentication with the public key, and transmits the encrypted information to the biometric authentication device.
- View Dependent Claims (16, 17, 18)
- - 16. The non-transitory computer readable storage medium storing a program as claimed in claim 15, for causing the computer to execute the function of transmitting verification information to the server device.
  - 17. The non-transitory computer readable storage medium storing a program as claimed in claim 15, for causing the computer to execute the function of reading out each template of a plurality of users in order for the collation from the storage device, and applies the user information associated with a template stored in the storage device that corresponds to the received biometric information inputted from the input device to the authentication information.
  - 18. The non-transitory computer readable storage medium storing a program as claimed in claim 15, wherein the verification information is based on hash values of programs of the biometric authentication device.

19. A non-transitory computer readable storage medium storing a program for causing a computer of a server device connected mutually to be communicable with a biometric authentication device and a device authentication unit that issues a device certificate for guaranteeing authentication operations of the biometric authentication device including its authentication accuracy to execute the functions of:
- requesting individual authentication based on biometric information from the biometric authentication device;
  
  encrypting information for identifying the request with a public key of the biometric authentication device;
  
  transmitting the encrypted information to the biometric authentication device; and
  
  making authentication judgment on a user of the biometric authentication device based on authentication information to which an electronic signature is applied using a secret key of the biometric authentication device, the authentication information including a result of collation between a template stored in the biometric authentication device and the biometric information inputted to the biometric authentication device according to the request for individual authentication sent from the server device, information for identifying the request from the server device, and user information associated with the template.
- View Dependent Claims (20, 21)
- - 20. The non-transitory computer readable storage medium storing a program as claimed in claim 19, for causing the computer to execute the function of verifying appropriateness of operations of the biometric authentication device based on verification information, when receiving the verification information for verifying the appropriateness of the operations of the biometric authentication device.
  - 21. The non-transitory computer readable storage medium storing a program as claimed in claim 19, for causing the computer to execute the function of generating random numbers as the information for identifying the request for performing individual authentication sent to the biometric authentication device.

22. An ID method for a biometric authentication device, the biometric authentication device is configured to communicate with a server device which makes judgment on authentication information where a device authentication unit issues a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, the method comprising:
- storing, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with a public key of the biometric authentication device, the template being stored and associated with user information registered in advance;
  
  receiving the biometric information of the user;
  
  reading the template from a storage device;
  
  collating the read template with the received biometric information inputted according to the request for individual authentication sent from the server device;
  
  including a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information;
  
  applying an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device; and
  
  transmitting the authentication information to which the electronic signature is applied to the server device, the collating, applying and transmitting occurring when the server device requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request for individual authentication with the public key, and transmits the encrypted information to the biometric authentication device.
- View Dependent Claims (23, 24)
- - 23. The ID method as claimed in claim 22, comprising:
    - reading out, in the biometric authentication device, each template of a plurality of users in order for the collation from the storage device, and applying the user information associated with a template stored in the storage device that corresponds to the received biometric information inputted from the input device to the authentication information.
  - 24. The ID method as claimed in claim 22, further comprisinggenerating verification information of the biometric authentication device based on hash values of programs of the biometric authentication device;
    - andtransmitting the verification information to the server device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Monden, Akira
Primary Examiner(s)
Eskandarnia, Arvin
Assistant Examiner(s)
DESAI, MARGISHI V

Application Number

US12/279,629
Publication Number

US 20100287369A1
Time in Patent Office

3,122 Days
Field of Search

713/186, 713/176, 713/169
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/32   using biometric data, e.g. ...

H04L 63/0861   using biometrical features,...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04L 9/3271   using challenge-response

ID system and program, and ID method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

ID system and program, and ID method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links