ID system and program, and ID method
First Claim
1. An ID system comprisinga biometric authentication device for performing authentication of biometric information;
- a server device for making judgment on authentication information from the biometric authentication device; and
a device authentication unit for issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, whereinthe server device comprises;
a unit which requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request with a public key of the biometric authentication device, and transmits the encrypted information to the biometric authentication device; and
a unit which makes authentication judgment on a user of the biometric authentication device based on authentication information output from the biometric authentication device, andthe biometric authentication device comprises;
an input device which inputs biometric information of a user;
a storage device which stores, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with the public key, the template being stored and associated with user information registered in advance;
a unit which receives the biometric information of the user from the input device, reads the template from the storage device, and collates the read template with the received biometric information inputted according to the request for individual authentication sent from the server device; and
a unit which includes a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information output from the biometric authentication device, applies an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device, and transmits the authentication information to which the electronic signature is applied to the server device.
1 Assignment
0 Petitions
Accused Products
Abstract
[PROBLEMS] To appropriately authenticate a user, a biometric device, and an authentication timing of a client side and prevent leak or tampering of the biometric information.
[MEANS FOR SOLVING PROBLEMS] A server device includes: a unit for encrypting information for requesting biometric authentication and identifying the request by using a public key of the biometric authentication device and transmitting the information; and a unit for authenticating the user according to the authentication information containing the result of the biometric authentication. The biometric authentication device includes: a unit for inputting biometric information; a unit for storing a template as biometric information registered in advance together with the user information; a unit for collating the biometric information inputted by the user with the template; a unit for adding a digital signature to the authentication information containing the collation result, information for identifying the request from the server device, and the template user information, by using a secret key of the local device and transmitting the authentication information to the server device.
37 Citations
24 Claims
-
1. An ID system comprising
a biometric authentication device for performing authentication of biometric information; -
a server device for making judgment on authentication information from the biometric authentication device; and a device authentication unit for issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, wherein the server device comprises; a unit which requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request with a public key of the biometric authentication device, and transmits the encrypted information to the biometric authentication device; and a unit which makes authentication judgment on a user of the biometric authentication device based on authentication information output from the biometric authentication device, and the biometric authentication device comprises; an input device which inputs biometric information of a user; a storage device which stores, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with the public key, the template being stored and associated with user information registered in advance; a unit which receives the biometric information of the user from the input device, reads the template from the storage device, and collates the read template with the received biometric information inputted according to the request for individual authentication sent from the server device; and a unit which includes a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information output from the biometric authentication device, applies an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device, and transmits the authentication information to which the electronic signature is applied to the server device. - View Dependent Claims (2, 3, 4)
-
-
5. A biometric authentication device used in an ID system, for performing authentication of biometric information, the biometric authentication device being used in combination with a server device making judgment on authentication information from the biometric authentication device and a device authentication unit issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, the biometric authentication device comprising:
-
an input device which inputs biometric information of a user; a storage device which stores, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with the public key of the biometric authentication device, the template being stored and associated with user information registered in advance; a unit which receives the biometric information of the user from the input device, reads the template from the storage device, and collates, when the server device requests individual authentication based on biometric information from the biometric authentication device, the read template with the received biometric information inputted according to the request for individual authentication sent from the server device; and a unit which includes a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information, applies an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device and transmits the authentication information to which the electronic signature is applied to the server device. - View Dependent Claims (6, 7, 8)
-
-
9. A server device connected mutually to be communicable with a biometric authentication device and a device authentication unit that issues a device certificate for guaranteeing authentication operations of the biometric authentication device including its authentication accuracy,
the server device comprising: -
a unit which requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request with a public key of the biometric authentication device, and transmits the encrypted information to the biometric authentication device; and a unit which makes authentication judgment on a user of the biometric authentication device based on authentication information to which an electronic signature is applied by using a secret key of the biometric authentication device, the authentication information including a result of collation between a template stored in the biometric authentication device and the biometric information inputted to the biometric authentication device according to a request for individual authentication sent from the server device, information for identifying the request from the server device, and user information associated with the template. - View Dependent Claims (10, 11)
-
-
12. An ID method for a server device making judgment on authentication information from a biometric authentication device where a device authentication unit is configured to issue a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, the method comprising:
-
requesting individual authentication based on biometric information from the biometric authentication device; encrypting information for identifying the request with a public key of the biometric authentication device; and transmitting the encrypted information to the biometric authentication device; and making authentication judgment on a user of the biometric authentication device based on authentication information to which an electronic signature is applied by using a secret key of the biometric authentication device output from the biometric authentication device, the authentication information including a result of collation between a template stored in the biometric authentication device and the biometric information inputted to the biometric authentication device according to a request for individual authentication sent from the server device, information for identifying the request from the server device, and user information associated with the template. - View Dependent Claims (13, 14)
-
-
15. A non-transitory computer readable storage medium storing a program for causing a computer of a biometric authentication device that is used in combination with a server device making judgment on authentication information and a device authentication unit issuing a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy to execute the functions of:
-
storing, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with a public key of the biometric authentication device, the template being stored and associated with user information registered in advance; receiving the biometric information of the user; reading the template from a storage device; collating the read template with the received biometric information inputted according to the request for individual authentication sent from the server device; including a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information; applying an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device; and transmitting the authentication information to which the electronic signature is applied to the server device, the collating, applying and transmitting occurring when the server device requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request for individual authentication with the public key, and transmits the encrypted information to the biometric authentication device. - View Dependent Claims (16, 17, 18)
-
-
19. A non-transitory computer readable storage medium storing a program for causing a computer of a server device connected mutually to be communicable with a biometric authentication device and a device authentication unit that issues a device certificate for guaranteeing authentication operations of the biometric authentication device including its authentication accuracy to execute the functions of:
-
requesting individual authentication based on biometric information from the biometric authentication device; encrypting information for identifying the request with a public key of the biometric authentication device; transmitting the encrypted information to the biometric authentication device; and making authentication judgment on a user of the biometric authentication device based on authentication information to which an electronic signature is applied using a secret key of the biometric authentication device, the authentication information including a result of collation between a template stored in the biometric authentication device and the biometric information inputted to the biometric authentication device according to the request for individual authentication sent from the server device, information for identifying the request from the server device, and user information associated with the template. - View Dependent Claims (20, 21)
-
-
22. An ID method for a biometric authentication device, the biometric authentication device is configured to communicate with a server device which makes judgment on authentication information where a device authentication unit issues a device certificate for guaranteeing an authentication operation of the biometric authentication device including its authentication accuracy, the method comprising:
-
storing, only in the biometric authentication device, a template that is biometric information registered in advance and a secret key that makes a pair with a public key of the biometric authentication device, the template being stored and associated with user information registered in advance; receiving the biometric information of the user; reading the template from a storage device; collating the read template with the received biometric information inputted according to the request for individual authentication sent from the server device; including a result of the collation, the information for identifying the request for individual authentication from the server device, and the user information associated with the template in the authentication information; applying an electronic signature on the authentication information by using the secret key of the biometric authentication device read from the storage device; and transmitting the authentication information to which the electronic signature is applied to the server device, the collating, applying and transmitting occurring when the server device requests individual authentication based on biometric information from the biometric authentication device, encrypts information for identifying the request for individual authentication with the public key, and transmits the encrypted information to the biometric authentication device. - View Dependent Claims (23, 24)
-
Specification