Home
Patent Search
IMT Blog
REGISTER
|
SIGN IN
United States Patent Application
20020026574
Kind Code
A1
Watanabe, Hideaki ; et al.
February 28, 2002
Person authentication system, person authentication method , information processing apparatus, and program providing medium
Abstract
Disclosed are a person authentication system, a person authentication method, and an information processing apparatus which allow person authentication to be performed in an easy fashion in various devices by comparing a template serving as person identification data with sampling information input by a user. A service provider (SP) or user device (UD) executes person authentication by acquiring a template from a person identification certificate (IDC) generated by a third-party agency serving as a person identification certificate authority (IDA). The IDA acquires a template serving as identification data after verifying a person requesting an IDC to be issued, and generates the IDC storing template information. The IDA distributes the IDC having a digital signature of the IDA added thereto to the SP and the UD.
Inventors:
Watanabe; Hideaki
(Tokyo, JP)
, Ishibashi; Yoshihito
(Tokyo, JP
)
, Matsuyama; Shinako
(Tokyo, JP
)
, Futamura; Ichiro
(Kanagawa, JP
)
, Kon; Masashi
(Kanagawa, JP
)
Correspondence Name and Address:
P.O. BOX 061080 WACKER DRIVE STATION
SONNENSCHEIN NATH & ROSENTHAL
CHICAGO
IL
60606-1080
US
Series Code:
944192
Filed:
August 30, 2001
U.S. Current Class:
713/155;
380/278
U.S. Class at Publication:
713/155;
380/278
Intern'l Class:
H04L 009/00
Claims
What is claimed is:
1. A person authentication system for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user, said system comprising an entity for executing person authentication, wherein said entity acquires a template from a person identification certificate storing temperature information including said template and generated by a third-party agency serving as a person identification certificate authority, and executes person authentication on the basis of the acquired template.
2. A person authentication system according to claim 1, wherein the person identification certificate issued by said person identification certificate authority includes a digital signature written by said person identification certificate authority.
3. A person authentication system according to claim 1, wherein said person identification certificate authority verifies the identification of a person requesting a person identification certificate to be issued, acquires a template serving as person identification data of said person requesting the person identification certificate to be issued, and generates a person identification certificate storing template information including said template.
4. A person authentication system according to claim 1, wherein, in the process of acquiring the person identification certificate from said person identification certificate authority, said entity performs mutual authentication between said entity and said person identification certificate authority, and said person identification certificate authority transmits the person identification certificate, provided that said mutual authentication is successfully completed.
5. A person authentication system according to claim 1, wherein said person identification certificate authority stores said template in said person identification certificate after encrypting said template.
6. A person authentication system according to claim 1, wherein said entity is any one of a service provider which makes a deal with a user identified by said person identification certificate, a user device accessed by a user identified by said person identification certificate, and said person identification certificate authority.
7. A person authentication system according to claim 1, wherein, when transmitting said person identification certificate to said entity, said person identification certificate authority transmits a template which is stored in said person identification certificate, as an encrypted template which is decryptable only by said entity to which said person identification certificate is to be transmitted.
8. A person authentication system according to claim 1, wherein said entity is a service provider which makes a deal with a user identified by said person identification certificate, and wherein said service provider compares a template, which is acquirable from the person identification certificate acquired from said person identification certificate authority, with sampling information provided by the user and starts making a deal with the user, provided that said template and said sampling information match with each other.
9. A person authentication system according to claim 1, wherein said entity is a user device serving as a data processing apparatus including data accessible by a user identified by said person identification certificate, and wherein said user device compares a template, which is acquirable from the person identification certificate acquired from said person identification certificate authority, with sampling information provided by the user, and said user device allows the user to start accessing said user device, provided that said template and said sampling information match with each other.
10. A person authentication system according to claim 1, wherein said template is composed any one of biometric information of a person such as fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information; non-biometric information such as a seal, a passport, a driver's license, and a card; any combination of two or more of said biometric information and said non-biometric information; and a combination of any of said information and a password.
11. A person authentication system according to claim 1, wherein said entity and said person identification certificate authority have an encryption processing unit, respectively, and wherein, when data is transmitted therebetween, mutual authentication is performed between said entity and said person identification certificate authority, a data-transmitting party generates a digital signature and adds it to data to be transmitted, and a data-receiving party verifies the digital signature.
12. A person authentication system for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by said person, said system comprising a person identification certificate authority which acquires a template from a person identification certificate storing template information including said template, executes person authentication on the basis of said acquired template, and issues a verification certificate, provided that said person authentication is successfully passed.
13. A person authentication system according to claim 12, wherein the verification certificate issued by said person identification certificate authority includes a digital signature written by said person identification certificate authority.
14. A person authentication system according to claim 12, wherein said person identification certificate authority verifies the identification of a person requesting a person identification certificate to be issued, acquires a template serving as person identification data of said person requesting the person identification certificate to be issued, and generates a person identification certificate storing template information including said template.
15. A person authentication system according to claim 12, wherein, in the process of acquiring the verification certificate from said person identification certificate authority, said entity performs mutual authentication between said entity and said person identification certificate authority, and said person identification certificate authority transmits the verification certificate, provided that said mutual authentication is successfully completed.
16. A person authentication system according to claim 12, wherein said entity acquiring the verification certificate is one of a service provider which makes a deal with a user identified by said person identification certificate, and a user device accessed by a user identified by said person identification certificate.
17. A person authentication system according to claim 12, wherein said entity acquiring the verification certificate is a service provider which makes a deal with an user, and wherein said service provider starts making a deal with the user, provided that the verification certificate is successfully acquired from said person identification certificate authority.
18. A person authentication system according to claim 12, wherein said entity acquiring the verification certificate is a user device serving as a data processing apparatus including data accessible by an user, and wherein said user device allows the user to start accessing said user device, provided that the verification certificate is successfully acquired from said person identification certificate authority.
19. A person authentication system according to claim 12, wherein said entity acquiring the verification certificate verifies the signature of said verification certificate acquired from said person identification certificate authority and deletes said verification certificate after confirming that said verification of the signature indicates the validity of said verification certificate.
20. A person authentication system according to claim 12, wherein said template is composed of any one of biometric information of a person such as fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information; non-biometric information such as a seal, a passport, a driver's license, and a card; any combination of two or more of said biometric information and said non-biometric information; and a combination of any of said information and a password.
21. A person authentication method for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user, wherein an entity for executing person authentication acquires a template from a person identification certificate storing template information including said template and generated by a third-party agency serving as a person identification certificate authority, and executes person authentication on the basis of the acquired template.
22. A person authentication method according to claim 21, wherein said person identification certificate authority writes a digital signature on the person identification certificate issued by said person identification certificate authority.
23. A person authentication method according to claim 21, wherein said person identification certificate authority verifies the identification of a person requesting a person identification certificate to be issued, acquires a template serving as person identification data of said person requesting the person identification certificate to be issued, and generates a person identification certificate storing template information including said template.
24. A person authentication method according to claim 21, wherein, in the process of acquiring the person identification certificate from said person identification certificate authority, said entity performs mutual authentication between said entity and said person identification certificate authority, and said person identification certificate authority transmits the person identification certificate, provided that said mutual authentication is successfully completed.
25. A person authentication method according to claim 21, wherein said person identification certificate authority stores said template in said person identification certificate after encrypting said template.
26. A person authentication method according to claim 21, wherein, when transmitting said person identification certificate to said entity, said person identification certificate authority transmits a template which is stored in said person identification certificate, as an encrypted template which is decryptable only by said entity to which said person identification certificate is to be transmitted.
27. A person authentication method according to claim 21, wherein said entity is a service provider which makes a deal with a user identified by said person identification certificate, and wherein said service provider compares a template, which is acquirable from a person identification certificate acquired from said person identification certificate authority, with sampling information provided by the user, and starts making a deal with the user, provided that said template and said sampling information match with each other.
28. A person authentication method according to claim 21, wherein said entity is a user device serving as a data processing apparatus including data accessible by a user identified by said person identification certificate, and wherein said user device compares a template, which is acquirable from a person identification certificate acquired from said person identification certificate authority, with sampling information provided by the user, and said user device allows the user to start accessing said user device, provided that said template and said sampling information match with each other.
29. A person authentication method for executing person authentication by comparing a template which is a person identification data acquired beforehand with sampling information input by a user, wherein, at a person identification certificate authority which acquires a template from a person identification certificate storing template information including said template and executes person authentication on the basis of said acquired template, a verification certificate is issued provided that said person authentication is successfully passed.
30. A person authentication method according to claim 29, wherein said person identification certificate authority writes a digital signature on the verification certificate issued by said person identification certificate authority.
31. A person authentication method according to claim 29, wherein said person identification certificate authority verifies the identification of a person requesting a person identification certificate to be issued, acquires a template serving as person identification data of said person requesting the person identification certificate to be issued, and generates a person identification certificate storing template information including said template.
32. A person authentication method according to claim 29, wherein, in the process of acquiring said verification certificate from said person identification certificate authority, said entity performs mutual authentication between said entity and said person identification certificate authority, and said person identification certificate authority transmits the verification certificate, provided that said mutual authentication is successfully completed.
33. A person authentication method according to claim 29, wherein said entity acquiring the verification certificate is a service provider which makes a deal with an user, and wherein said service provider starts making a deal with the user, provided that the verification certificate is successfully acquired from said person identification certificate authority.
34. A person authentication method according to claim 29, wherein said entity acquiring the verification certificate is a user device serving as a data processing apparatus including data accessible by an user, and wherein said user device allows the user to start accessing said user device, provided that the verification certificate is successfully acquired from said person identification certificate authority.
35. A person authentication method according to claim 29, wherein said entity verifies the signature of said verification certificate acquired from said person identification certificate authority and deletes said verification certificate after confirming that said verification of the signature indicates the validity of said verification certificate.
36. An information processing apparatus for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user, wherein a template is acquired from a person identification certificate generated by a third-party agency serving as a person identification certificate authority and storing template information including said template, and person authentication is executed on the basis of the acquired template.
37. An information processing apparatus according to claim 36, wherein the person identification certificate issued by said person identification certificate authority includes a digital signature written by said person identification certificate authority, and said information processing apparatus verifies the digital signature to check whether or not data has been tampered with.
38. An information processing apparatus according to claim 36, wherein, in the process of acquiring a person identification certificate from said person identification certificate authority, said information processing apparatus performs mutual authentication between said information processing apparatus and said person identification certificate authority, and said information processing apparatus receives the person identification certificate, provided that said mutual authentication is successfully completed.
39. An information processing apparatus according to claim 36, wherein said information processing apparatus compares a template, which is acquirable from the person identification certificate acquired from said person identification certificate authority, with sampling information provided by the user, and said information processing apparatus starts performing a process requested by the user, provided that said template and said sampling information match with each other.
40. A program providing medium for providing a computer program which executes, on a computer system, a person authentication process for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user, said computer program comprising the steps of: acquiring a template from a person identification certificate generated by a third-party agency serving as a person identification certificate authority and storing template information including said template; and executing person authentication on the basis of said acquired template.
Description
BACKGROUND OF THE INVENTION
[0001] 1. Field of the Invention
[0002] The present invention relates to a person authentication system, a person authentication method, an information processing apparatus, and a program providing medium. More particularly, the present invention relates to a person authentication system, a person authentication method, an information processing apparatus, and a program providing medium, which can be advantageously employed, in a communication network such as the Internet or in data communication performed via a medium, to identify a person at a receiving end or to authenticate a person who uses a particular information apparatus such as a personal computer.
[0003] 2. Description of the Related Art
[0004] A data processing apparatus such as a personal computer (PC) is widely used in a company or by a person. In some cases, secret data is stored in such an apparatus. To prevent such secret data from being accessed by an unauthorized user, techniques of preventing information stored in a PC from being leaked have been developed. One known technique for this purpose is to identify a user on the basis of a password input by the user or on the basis of biometric information of the user.
[0005] Now, it is popular to distribute various kinds of software data such as a game program, audio data, image data, and a document generating program (hereinafter, such software data will be referred to as a content) via a network such as the Internet or a storage medium such as a DVD or a CD which can be distributed. In such a situation, it is highly desired to quickly identify a user in a highly reliable fashion in various processes such as distribution of a content or reception of a fee for usage of a content. Furthermore, in the user identification process, it is very important to prevent personal information from being leaked.
[0006] One widely-used user identification method is to compare input data with preassigned data such as a user ID or a password. However, in this method, there is always a possibility that a registered user ID or password is leaked. Once a user ID or password has been leaked, the same user ID or password becomes unusable. One known method to avoid the above problem is to identify a user using biometric information.
[0007] An example of a conventional process of identifying a person using biometric information is described below. A representative example of biometric information for the above purpose is a fingerprint. A person authentication apparatus which reads a fingerprint and verifies it is described below with reference to FIG. 1. In FIG. 1, a user of a PC 20
registers his/her fingerprint information in a person authentication apparatus 10 including a reading apparatus, and data indicating the fingerprint is stored in a secure memory 14. The fingerprint information stored therein is called a template. When the user uses data on the personal computer 20, his/her fingerprint is read and compared with the template by the person authentication apparatus 10 serving as a fingerprint reading apparatus.
[0008] More particularly, reading of fingerprint information of a user is performed by a personal information acquisition unit 11 formed of a CCD camera or the like. After being read, the fingerprint information is subjected to a feature extraction process performed by an information conversion unit 12, and resultant data is compared, by a comparator 13, with the template stored in the secure memory 14.
[0009] The comparator 13 determines whether or not the data is identical to the template on the basis of a threshold value preset in the comparator. If the data and the template match with each other to a degree higher than the threshold value, the comparator 13 outputs an OK signal, while a NG signal is output when the matching degree is lower than the threshold value. The fingerprint information is stored in the form of fingerprint image data, and the data indicating the feature extracted by the information converter 12 is compared with the image data to check the matching degree relative to the threshold value.
[0010] In the case where the comparator 13 determines that the input information and the registered information match with each other, an authentication success message is transmitted to the personal computer 20
via a communication unit 16, and the user is permitted to access the personal computer 20. If it is determined that the input data does not match with the registered information, an authentication failure message is transmitted, and accessing to the personal computer 20 is refused. The person authentication apparatus 10 may include fingerprint information templates of a plurality of users (user ID =ID1 to IDn) stored in the secure memory as shown in FIG. 1, and a user may be permitted to access the PC if the person authentication apparatus 10 determines that a fingerprint of the user matches with some stored template. This makes it possible for a single person authentication apparatus to deal with a plurality of users.
[0011] [Problems to be Solved by the Invention]
[0012] However, the above-described person authentication apparatus has the following problems arising from the construction in which templates are stored in a memory of the fingerprint reading/comparing apparatus.
[0013] (a) To use the comparison result, it is required that a template be included in the fingerprint reading/comparing apparatus.
[0014] (b) In the case where a fingerprint is compared at a plurality of different locations, it is required to register, beforehand, the fingerprint in a plurality of fingerprint read/comparison apparatuses.
[0015] (c) Because templates are stored in the fingerprint reading/comparing apparatus, there is a risk that data representing templates may be tampered with or may be read by an unauthorized person.
[0016] (d) When the comparison result is transmitted to a PC or the like, the comparison result can be easily attacked.
[0017] As described above, the conventional person authentication system is coupled in an inseparable fashion to a particular data processing apparatus such as a personal computer which deals with secret information, in which the person authentication system is assumed to authenticate only users who deal with that personal computer, and thus the person authentication system cannot be used to authenticate a user who uses another device in which no template is stored. Furthermore, because templates are stored in the fingerprint reading/comparing apparatus itself, there is a problem in terms of security and reliability of templates.
[0018] Furthermore, in data transmission in which encrypted data is transmitted via a network or in data distribution via a medium, data is generally encrypted using a public key, and a public key certificate is widely used to guarantee the reliability of the public key. However, although a public key certificate certifies a public key itself, the public key certificate cannot guarantee the relationship between the public key and a person who owns that public key. That is,
[0019] (e) No technique is known to guarantee the relationship between a public key used in transmission of encrypted data or the like and an owner of that public key, and a good enough means for identifying the owner of the public key is not known.
[0020] As described above, the conventional person authentication system has various problems to be solved. In particular, in a recent social situation in which advanced communication systems via networks such as the Internet have become very popular, a large amount of secret information and personal information are frequently dealt with using various communication devices and data processing devices at various locations and at various times. Furthermore, in pay contents distribution systems/services in which contents are distributed to specific users such as registered members, it is required to identify users when contents are distributed or services are provided. Thus, it is highly desired to realize a person authentication system which is usable without having limitations in terms of locations, times, and devices used.
SUMMARY OF THE INVENTION
[0021] Accordingly, it is an object of the present invention to provide a person authentication system and a person authentication method, which allow person authentication to be performed in various situations and environments in a highly reliable fashion, and which allow template information to be stored and used in a highly secure manner, and furthermore, which can be used in conjunction with a public key certificate, thereby allowing person authentication to be used in various fields.
[0022] It is another object of the present invention to provide an information processing apparatus for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user.
[0023] It is a further object of the present invention to provide a program providing means for providing a computer program which executes, on a computer system, a person authentication process for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user.
[0024] According to a first aspect of the present invention, there is provided a person authentication system for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user, said system comprising an entity for executing person authentication, wherein said entity acquires a template from a person identification certificate storing temperature information including said template and generated by a third-party agency serving as a person identification certificate authority, and executes person authentication on the basis of the acquired template.
[0025] In the person authentication system, the person identification certificate issued by the person identification certificate authority may include a digital signature written by the person identification certificate authority.
[0026] In the person authentication system, the person identification certificate authority may verify the identification of a person requesting a person identification certificate to be issued, acquire a template serving as person identification data of the person requesting the person identification certificate to be issued, and generate a person identification certificate storing template information including the template.
[0027] In the person authentication system, in the process of acquiring the person identification certificate from the person identification certificate authority, the entity may perform mutual authentication between the entity and the person identification certificate authority, and the person identification certificate authority may transmit the person identification certificate, provided that the mutual authentication is successfully completed.
[0028] In the person authentication system, the person identification certificate authority may store the template in the person identification certificate after encrypting the template.
[0029] In the person authentication system, the entity may be any one of a service provider which makes a deal with a user identified by the person identification certificate, a user device accessed by a user identified by the person identification certificate, and the person identification certificate authority.
[0030] In the person authentication system, when transmitting the person identification certificate to the entity, the person identification certificate authority may transmit a template which is stored in the person identification certificate, as an encrypted template which is decryptable only by the entity to which the person identification certificate is to be transmitted.
[0031] In the person authentication system, the entity may be a service provider which makes a deal with a user identified by the person identification certificate, and the service provider may compare a template, which is acquirable from a person identification certificate acquired from the person identification certificate authority, with sampling information provided by the user, and the service provider may start making a deal with the user, provided that the template and the sampling information match with each other.
[0032] In the person authentication system, the entity may be a user device serving as a data processing apparatus including data accessible by a user identified by the person identification certificate, and the user device may compare a template, which is acquirable from a person identification certificate acquired from the person identification certificate authority, with sampling information provided by the user, and the user device allows the user to start accessing the user device, provided that the template and the sampling information match with each other.
[0033] In the person authentication system, the template may be composed of any one of biometric information of a person such as fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information; non-biometric information such as a seal, a passport, a driver's license, and a card; any combination of two or more of the biometric information and the non-biometric information; and a combination of any of the information and a password.
[0034] In the person authentication system, the entity and the person identification certificate authority may have an encryption processing unit, respectively, and when data is transmitted therebetween, mutual authentication may be performed between the entity and the person identification certificate authority, a data-transmitting party may generate a digital signature and add it to data to be transmitted, and a data-receiving party may verify the digital signature.
[0035] According to a second aspect of the present invention, there is provided a person authentication system for executing authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user, the system including a person identification certificate authority which acquires a template from a person identification certificate storing template information including the template, executes person authentication on the basis of the acquired template, and issues a verification certificate, provided that the person authentication is successfully passed.
[0036] In the person authentication system, the verification certificate issued by the person identification certificate authority may include a digital signature written by the person identification certificate authority.
[0037] In the person authentication system, the person identification certificate authority may verify the identification of a person requesting a person identification certificate to be issued, acquire a template serving as person identification data of the person requesting the person identification certificate to be issued, and generate a person identification certificate storing template information including the template.
[0038] In the person authentication system, in the process of acquiring the verification certificate from the person identification certificate authority, the entity may perform mutual authentication between the entity and the person identification certificate authority, and the person identification certificate authority may transmit the verification certificate, provided that the mutual authentication is successfully completed.
[0039] In the person authentication system, the entity acquiring the verification certificate may be one of a service provider which makes a deal with a user identified by the person identification certificate and a user device accessed by a user identified by the person identification certificate.
[0040] In the person authentication system, the entity acquiring the verification certificate may be a service provider which makes a deal with an user, and the service provider may start making a deal with the user, provided that the verification certificate is successfully acquired from the person identification certificate authority.
[0041] In the person authentication system, the entity acquiring the verification certificate may be a user device serving as a data processing apparatus including data accessible by an user, and the user device may allow the user to start accessing the user device, provided that the verification certificate is successfully acquired from the person identification certificate authority.
[0042] In the person authentication system, the entity acquiring the verification certificate may verify the signature of the verification certificate acquired from the person identification certificate authority and delete the verification certificate after confirming that the verification of the signature indicates the validity of the verification certificate.
[0043] In the person authentication system, the template may be composed of any one of biometric information of a person such as fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information; non-biometric information such as a seal, a passport, a driver's license, and a card; any combination of two or more of the biometric information and the non-biometric information; and a combination of any of the information and a password.
[0044] According to a third aspect of the present invention, there is provided a person authentication method for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user, wherein an entity for executing person authentication acquires a template from a person identification certificate storing template information including the template and generated by a third-party agency serving as a person identification certificate authority, and executes person authentication on the basis of the acquired template In the person authentication method, the person identification certificate authority may write a digital signature on the person identification certificate issued by the person identification certificate authority.
[0045] In the person authentication method, the person identification certificate authority may verify the identification of a person requesting a person identification certificate to be issued, acquire a template serving as person identification data of the person requesting the person identification certificate to be issued, and generate a person identification certificate storing template information including the template.
[0046] In the person authentication method, in the process of acquiring the person identification certificate from the person identification certificate authority, the entity may perform mutual authentication between the entity and the person identification certificate authority, and the person identification certificate authority may transmit the person identification certificate, provided that the mutual authentication is successfully completed.
[0047] In the person authentication method, the person identification certificate authority may store the template in the person identification certificate after encrypting the template.
[0048] In the person authentication method, when transmitting the person identification certificate to the entity, the person identification certificate authority may transmit a template which is stored in the person identification certificate, as an encrypted template which is decryptable only by the entity to which the person identification certificate is to be transmitted.
[0049] In the person authentication method, the entity may be a service provider which makes a deal with a user identified by the person identification certificate, and the service provider may compare a template, which is acquirable from a person identification certificate acquired from the person identification certificate authority, with sampling information provided by the user, and start making a deal with the user, provided that the template and the sampling information match with each other.
[0050] In the person authentication method, the entity may be a user device serving as a data processing apparatus including data accessible by a user identified by the person identification certificate, and the user device may compare a template, which is acquirable from a person identification certificate acquired from the person identification certificate authority, with sampling information provided by the user, and the user device may allow the user to start accessing the user device, provided that the template and the sampling information match with each other.
[0051] According to a fourth aspect of the present invention, there is provided a person authentication method for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user, wherein, at a person identification certificate authority which acquires a template from a person identification certificate storing template information including the template and executes person authentication on the basis of the acquired template, a verification certificate is issued provided that the person authentication is successfully passed.
[0052] In the person authentication method, the person identification certificate authority may write a digital signature on the verification certificate issued by the person identification certificate authority.
[0053] In the person authentication method, the person identification certificate authority may verify the identification of a person requesting a person identification certificate to be issued, acquire a template serving as person identification data of the person requesting the person identification certificate to be issued, and generate a person identification certificate storing template information including the template.
[0054] In the person authentication method, in the process of acquiring the verification certificate from the person identification certificate authority, the entity may perform mutual authentication between the entity and the person identification certificate authority, and the person identification certificate authority may transmit the verification certificate, provided that the mutual authentication is successfully completed.
[0055] In the person authentication method, the entity acquiring the verification certificate may be a service provider which makes a deal with an user, and the service provider may start making a deal with the user, provided that the verification certificate is successfully acquired from the person identification certificate authority.
[0056] In the person authentication method, the entity acquiring the verification certificate may be a user device serving as a data processing apparatus including data accessible by an user, and the user device may allow the user to start accessing the user device, provided that the verification certificate is successfully acquired from the person identification certificate authority.
[0057] In the person authentication method, the entity may verify the signature of the verification certificate acquired from the person identification certificate authority and delete the verification certificate after confirming that the verification of the signature indicates the validity of the verification certificate.
[0058] According to a fifth aspect of the present invention, there is provided an information processing apparatus for executing person authentication by comparing a template which is person identification data acquired beforehand with sampling information input by a user, wherein a template is acquired from a person identification certificate generated by a third-party agency serving as a person identification certificate authority and storing template information including the template, and person authentication is executed on the basis of the acquired template.
[0059] In the information processing apparatus, the person identification certificate issued by the person identification certificate authority may include a digital signature written by the person identification certificate authority, and the information processing apparatus may verify the digital signature to check whether or not data has been tampered with.
[0060] In the information processing apparatus, in the process of acquiring a person identification certificate from the person identification certificate authority, the information processing apparatus may perform mutual authentication between the information processing apparatus and the person identification certificate authority, and the information processing apparatus may receive the person identification certificate, provided that the mutual authentication is successfully completed.
[0061] In the information processing apparatus, the information processing apparatus may compare a template, which is acquirable from the person identification certificate acquired from the person identification certificate authority, with sampling information provided by the user, and the information processing apparatus may start performing a process requested by the user, provided that the template and the sampling information match with each other.
[0062] The person authentication system, the person authentication method, and the information processing apparatus according to the present invention allow person authentication to be performed in an easy fashion in various devices by comparing a template serving as person identification data with sampling information input by a user. For example, a service provider or user device can execute person authentication by acquiring a template from a person identification certificate generated by a third-party agency serving as a person identification certificate authority. The person identification certificate is issued by the person identification certificate authority, in response to a request from a person, on the basis of a template serving as identification data which is acquired from the person after verifying the identification of the person, and, when the person identification certificate is distributed to a service provider or a user device, the distribution is performed after adding a signature of the IDA thereto, thereby ensuring that the validity of the data is guaranteed and high-reliability person authentication can be performed.
[0063] Furthermore, in the person authentication system, the person authentication method, and the information processing apparatus according to the present invention, when the person identification certificate generated by the person identification certificate authority is distributed to a service provider or a user device, the template stored in the person identification certificate is encrypted into a form which can be decrypted only by the service provider or the user device to which the person identification certificate is distributed, thereby ensuring that the template information is prevented from leaking out.
[0064] Furthermore, in the person authentication system, the person authentication method, and the information processing apparatus according to the present invention, the person identification certificate authority may perform person authentication and may issue a verification certificate to a service provider or a user device provided that the person authentication is successfully passed, thereby making it possible for a device, which does not have means for making a comparison with sampling information, to perform person authentication.
[0065] According to a sixth aspect of the present invention, there is provided a program providing medium for providing a computer program which executes, on a computer system, a person authentication process for authenticating a person by comparing a template which is person identification data acquired beforehand with sampling information input by a user, the computer program comprising the steps of: acquiring a template from a person identification certificate generated by a third-party agency serving as a person identification certificate authority and storing template information including the template; and executing person authentication on the basis of the acquired template.
[0066] The program providing medium according to the sixth aspect of the present invention is used to provide a computer program in a computer-readable format to a computer system capable of executing various program codes. There is no particular limitation in the form of the medium, and various types of media can be used. Specific examples include a storage medium such as a CD, FD, MO, and DVD and a transmission medium such as a network.
[0067] Such a program providing medium defines a cooperative relationship in structure or function between the computer program and the providing medium so that the computer program functions on a computer system. In other words, the program providing medium operates in a cooperative fashion on a computer system when the computer program is installed on the computer system via the program providing medium, thereby achieving functions similar to those which can be achieved according to the other aspects of the present invention.
[0068] Other objects, aspects, and advantages of the present invention will become apparent from the following description of embodiments with reference to the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0069] FIG. 1 is a diagram illustrating a conventional person authentication apparatus which reads and verifies a fingerprint;
[0070] FIG. 2 is a diagram illustrating encrypted data communication performed, using a public key certificate, by a personal authentication system according to the present invention;
[0071] FIG. 3 is a diagram illustrating a data format of a public key certificate;
[0072] FIG. 4 is a diagram illustrating the data format of the public key certificate;
[0073] FIG. 5 is a diagram illustrating an example of a format of a person identification certificate;
[0074] FIGS. 6A to 6C are diagrams illustrating manners of encrypting a template of a person identification certificate;
[0075] FIG. 7 is a table illustrating the types of keys used to encrypt a template of a person identification certificate and also illustrating processing manners;
[0076] FIGS. 8A and 8B are diagrams illustrating manners of encrypting a template of a person identification certificate;
[0077] FIG. 9 is a diagram illustrating a processing flow and a data flow in registration of a template and generation of an IDC;
[0078] FIG. 10 is a diagram illustrating a processing flow and a data flow in a process of deleting a template;
[0079] FIG. 11 is a diagram illustrating a processing flow and a data flow in a process of changing a template;
[0080] FIG. 12 is a diagram illustrating a processing flow and a data flow in a process of adding a template;
[0081] FIG. 13 is a diagram illustrating a processing flow and a data flow in a process of suspending a template;
[0082] FIG. 14 is a diagram illustrating a processing flow and a data flow in a process of canceling suspension of a template;
[0083] FIG. 15 is a diagram illustrating a processing flow and a data flow in a process of distributing an IDC;
[0084] FIG. 16 is a diagram illustrating a processing flow and a data flow in a process of updating an IDC;
[0085] FIG. 17 is a diagram illustrating a processing flow and a data flow in a process of deleting an IDC;
[0086] FIG. 18 is a diagram illustrating a processing flow and a data flow in a process of inquiring about an IDC;
[0087] FIG. 19 is a diagram illustrating examples of configurations of a certificate authority (CA) which issues a public key certificate (PKC), a person identification certificate authority (IDA) which issues a person identification certificate (IDC), and a device which uses a certificate;
[0088] FIG. 20 is a diagram illustrating examples of configurations of a certificate authority (CA) which issues a public key certificate (PKC), a person identification certificate authority (IDA) which issues a person identification certificate (IDC), and a device which uses a certificate;
[0089] FIGS. 21A to 21C are diagrams illustrating manners of performing verification by a user device, a service provider (SP), or a person identification certificate authority (IDA) in a system;
[0090] FIG. 22 is a diagram illustrating a system in which verification is performed by a user device;
[0091] FIG. 23 is a diagram illustrating a system in which verification is performed by a service provider (SP);
[0092] FIG. 24 is a diagram illustrating a verification process performed by a user device storing an IDC and a PKC;
[0093] FIG. 25 is a diagram illustrating a system in which verification is performed by transmitting a person identification certificate (IDC) stored in a personal terminal such as an IC card to a shared user device;
[0094] FIG. 26 is a diagram illustrating a system in which verification is performed by decrypting a person identification certificate (IDC) stored in a personal terminal such as an IC card and then transmitting the decrypted IDC to a shared user device;
[0095] FIG. 27 is a diagram illustrating a system in which verification is performed by a personal terminal such as an IC card using a person identification certificate (IDC) stored in the personal terminal and only the result of the verification is transmitted to a shared user device;
[0096] FIG. 28 is a diagram illustrating a process performed when template information of a person identification certificate (IDC) is encrypted using a public key of a service provider (SP);
[0097] FIG. 29 is a diagram illustrating a system in which verification is performed by transmitting a person identification certificate (IDC) stored in a user device to a service provider (SP);
[0098] FIG. 30 is a diagram illustrating a system in which verification is performed by decrypting a person identification certificate (IDC) stored in a user device and then transmitting the decrypted IDC to a service provider (SP);
[0099] FIG. 31 is a diagram illustrating a system in which verification is performed by a user device using a person identification certificate (IDC) stored in the user device and only the result of the verification is transmitted to a service provider (SP);
[0100] FIG. 32 is a diagram illustrating a configuration of a secure container containing a content to be distributed via content transaction;
[0101] FIG. 33 is a diagram illustrating a form of a list of person identification certificates (IDCs);
[0102] FIG. 34 is a diagram illustrating a specific example of a form of sales restriction (UCP) information;
[0103] FIG. 35 is a diagram illustrating an example of a format of a permitted usage data;
[0104] FIG. 36 is a diagram illustrating an example of a data format of price information included in a secure container;
[0105] FIG. 37 is a diagram illustrating a manner of distributing a content using a secure container;
[0106] FIG. 38 is a diagram illustrating an example of a data format of usage control status (UCS) information;
[0107] FIG. 39 is a diagram illustrating a manner of using a person identification certificate (IDC) when a secure container containing a content is distributed from a service provider to a user device;
[0108] FIG. 40 is a flow chart of a process in which a secure container is received from a service provider and a person authentication is performed by a user device so that the content can be used only by authorized users;
[0109] FIG. 41 is a flow chart of a process in which a person authentication is performed by a service provider and a secure container is distributed only to authorized users;
[0110] FIG. 42 is a diagram illustrating a manner of distributing a content among users using a secure container;
[0111] FIG. 43 illustrates another manner in which a content is distributed using a secure container among users and a manner in which user authentication is performed;
[0112] FIG. 44 is a flow chart of a process in which a secure container is received from a user device A and person authentication is performed by a user device B so that only authorized users can use the content;
[0113] FIG. 45 is a flow chart of a process in which person authentication is performed by a content distributor before distributing a content and a secure container is distributed only to authorized users;
[0114] FIG. 46 is a block diagram mainly illustrating configurations of user devices which transmit a secure container to each other;
[0115] FIGS. 47A and 47B are diagrams illustrating various manners of linking a personal identification certificate (IDC) and a public key certificate (PKC) to each other;
[0116] FIGS. 48A and 48B are diagrams illustrating various manners of linking personal identification certificates (IDCs) and public key certificates (PKC) to one another;
[0117] FIGS. 49A and 49B are diagrams illustrating manners of storing a public key certificate (PKC) linked to a person identification certificate (IDC) into the person identification certificate (IDC);
[0118] FIGS. 50A and 50B illustrate manners of storing an identification number of a certificate into another certificate;
[0119] FIGS. 51A and 51B are diagrams illustrating examples of manners of management using link management data;
[0120] FIGS. 52A and 52B are diagrams illustrating another examples of manners of management using link management data;
[0121] FIG. 53 is a diagram illustrating a configuration of a user device capable of performing person authentication and reproducing a content;
[0122] FIG. 54 is a diagram illustrating a data flow in a process of downloading a content;
[0123] FIG. 55 is a diagram illustrating the details of the data flow in the process of downloading a content;
[0124] FIG. 56 is a diagram illustrating the details of the data flow in the process of downloading a content;
[0125] FIG. 57 is a diagram illustrating the details of the data flow in the process of downloading a content;
[0126] FIG. 58 is a diagram illustrating a data flow in processes of user registration, erasure of user registration, and making a service contract;
[0127] FIG. 59 is a diagram illustrating the details of the data flow in the processes of user registration, erasure of user registration, and making a service contract;
[0128] FIG. 60 is a diagram illustrating the details of the data flow in the processes of user registration, erasure of user registration, and making a service contract;
[0129] FIG. 61 is a diagram illustrating the details of the data flow in the processes of user registration, erasure of user registration, and making a service contract;
[0130] FIG. 62 is a diagram illustrating a flow of data in the process of requesting a person identification certificate (IDC), which is to be stored in a device, to be issued;
[0131] FIG. 63 is a diagram illustrating the details of the flow of data in the process of requesting the person identification certificate (IDC), which is to be stored in the device, to be issued;
[0132] FIG. 64 is a diagram illustrating the details of the flow of data in the process of requesting the person identification certificate (IDC), which is to be stored in the device, to be issued;
[0133] FIG. 65 is a diagram illustrating the details of the flow of data in the process of requesting the person identification certificate (IDC), which is to be stored in the device, to be issued;
[0134] FIG. 66 is a diagram illustrating a procedure of issuing a one-time PKC;
[0135] FIG. 67 is a flow chart of the procedure of issuing a one-time PKC;
[0136] FIG. 68 is a diagram illustrating a first manner of using a verification certificate;
[0137] FIG. 69 is a flow chart of a process of using a verification certificate;
[0138] FIG. 70 is a diagram illustrating a second manner of using a verification certificate;
[0139] FIG. 71 is a diagram illustrating an example of a format of a verification certificate;
[0140] FIG. 72 is a diagram illustrating a process in which person authentication is performed using a person identification certificate (IDC) which has already been registered in a person identification certificate authority (IDA), and a content is distributed in accordance with the person authentication;
[0141] FIG. 73 is a flow chart of a process in which a content is distributed after performing person authentication using an IDC and performing mutual authentication using a PKC;
[0142] FIG. 74 is a flow chart of a process in which a content is distributed after performing person authentication using an IDC and performing mutual authentication using a PKC;
[0143] FIG. 75 is a flow chart of a process in which a content is distributed after performing person authentication using an IDC and performing mutual authentication using a PKC;
[0144] FIG. 76 is a diagram illustrating a process in which person authentication is performed using a user IDC and a device PKC and also using an IDC which has already been registered in a person identification certificate authority (IDA), and then a content is distributed to a user using the device PKC;
[0145] FIG. 77 is a flow chart illustrating a process in which person authentication is performed using a user IDC and a device PKC and also using an IDC which has already been registered in a person identification certificate authority (IDA), and then a content is distributed to a user using the device PKC;
[0146] FIG. 78 is a flow chart illustrating a process in which person authentication is performed using a user IDC and a device PKC and also using an IDC which has already been registered in a person identification certificate authority (IDA), and then a content is distributed to a user using the device PKC;
[0147] FIG. 79 is a diagram illustrating a person identification certificate (IDC) in which validity information (expiration date and the number of times the IDC is allowed to be used) of the person identification certificate (IDC) and also the expiration date of template information stored in the IDC are set;
[0148] FIGS. 80A and 80B are diagrams illustrating manners of managing the "expiration date or the number of times the IDC is allowed to be used" and the "expiration date of template" of the template information stored in a person identification certificate (IDC);
[0149] FIG. 81 is a diagram illustrating a manner of managing the expiration date of the IDC and the expiration date of the template;
[0150] FIG. 82 is a diagram illustrating a manner of managing the number of times the IDC is allowed to be used and the template expiration date;
[0151] FIG. 83 is a flow chart illustrating a process of controlling the usage of an IDC in accordance with the "expiration date or number of times the IDC is allowed to be used" and "expiration date of template" described in a person identification certificate (IDC);
[0152] FIG. 84 is a diagram illustrating a process in which when a person identification certificate (IDC) is used, if it turns out that the "IDC expiration date" has been reached, the person identification certificate (IDC) is updated;
[0153] FIG. 85 is a diagram illustrating a process in which the expiration date of a person identification certificate (IDC) is checked at scheduled intervals, and if it turns out that the "IDC expiration date" has been reached, the IDC is updated;
[0154] FIG. 86 is a diagram illustrating a process in which the expiration date of template information which has already been registered in a person identification certificate authority (IDA) is checked by the IDA and updated if the expiration date has been reached, after informing a user that the expiration date has been reached; and
[0155] FIG. 87 is a diagram illustrating a process in which template information which has already been registered in a person identification certificate authority (IDA) is updated in response to an updating request from an user.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0156] [Description of the Embodiments]
[0157] The present invention is described in further detail below with reference to preferred embodiments in conjunction with the accompanying drawings.
[0158] [Embodiments]
[0159] The present invention is described below in terms of items listed below.
[0160] 1. Concepts of the Present Invention and the Outline of Certificates
[0161] 2. Encryption of Template
[0162] 3. Registration and Change of Template and Person Identification Certificate (IDC)
[0163] 4. Basic Manners of Using Person Identification Certificate (IDC)
[0164] 5. Authentication Using Person Identification Certificate (IDC)
[0165] 6. Control of Permission of Usage of Content According to User Authentication on the Basis of Person Identification Certificate
[0166] 7. Link between Person Identification Certificates (IDCS) and Public Key Certificates (PKCs)
[0167] 8. Using a Content on the Basis of Person Identification Certificate (IDC) and Public Key Certificate (PKC)
[0168] 9. One-Time Public Key Certificate (One-Time PKC)
[0169] 10. Verification Certificate
[0170] 11. Downloading of Person Identification Certificate (IDC) and Usage of a Content
[0171] 12. Setting the Validity Period of Person Identification Certificate (IDC)
[0172] [1. Concepts of the Invention and Outline of Certificates]
[0173] (1.1 Basic Concepts of the System According to the Invention)
[0174] First, basic concepts of the person authentication system according to the present invention are described. In the present invention, authentication of a person is realized using a person identification certificate (IDC). A person identification certificate (IDC) is issued for each person who wants to be certified by an identification authority (IDA), which is a reliable third-party agency, after verifying the identification of the person.
[0175] Each person identification certificate (IDC) includes information (template information) which identifies a corresponding person. Specific examples usable as personal identification information include fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information. Personal identification information other than biometric information such as a seal, a passport, a driver's license, or a card can also be used. Any combination of the personal identification information described above can also be used. Furthermore, a combination of a password and any personal identification described above may also be used. That is, information that only a person himself/herself can possess is used as the person identification information and is stored as template information wherein the template information is generally encrypted.
[0176] A person identification certificate (IDC) issued by an identification authority (IDA) is used by a registered user himself/herself, a service provider (SP) which provides a content to the registered user, or an agency or an organization (such as a settling financial institution) which needs to authenticate an user. A person identification certificate (IDC) is also issued by the person identification certificate authority (IDA) in response to a request from a user device which needs the person identification certificate (IDC) for authentication of an user. Specific examples of manners of using person identification certificates will be described in detail later.
[0177] Furthermore, in embodiments according to the present invention, a person identification certificate (IDC) is effectively used in conjunction with a public key certificate (PKC). For example, when a service provider (SP) distributes an encrypted content to an user, the service provider (SP) authenticates the user on the basis of a person identification certificate (IDC), and the service provider (SP) transmits the encrypted content to the user only when the user is verified as an authorized user, wherein the content is encrypted using a public key described in a public key certificate so that only the authorized user can decrypt the content.
[0178] FIG. 2 is a diagram illustrating encrypted data communication performed by a person authentication system, using a public key certificate, according to the present invention. A person identification certificate (IDC) and a public key certificate (PKC) are issued by an identification authority (IDA) 201 and a certificate authority (CA) 202, respectively, in accordance with predetermined procedures.
[0179] Encrypted data communication is performed, for example, between a user device A205 and a service provider (SP) 203 which distributes a content. In the encrypted data communication, the service provider (SP) 203 first confirms that the user device A is used by a user A and then transmits a content after converting the content into encrypted data which can be decrypted by the user A.
[0180] The user A registers his/her personal information in the person identification certificate authority (IDA) 201, and the person identification certificate authority (IDA) 201 issues a person identification certificate (IDC) to the user A. The service provider (SP) 203 verifies the authenticity of the user A on the basis of the person identification certificate (IDC). In this case, the service provider (SP) 203 is an entity which executes person authentication on the basis of the person identification certificate (IDC). The authentication may be performed in various manners on the basis of an identification certificate, as will be described in detail later.
[0181] The user A presents his/her public key to the certificate authority 202 and receives a public key certificate including a digital signature written by the certificate authority. After the service provider (SP) 203
authenticates the user A on the basis of the person identification certificate (IDC), the service provider (SP) 203 extracts the public key from the public key certificate of the user A and transmits a content to the user A after encrypting the content using the extracted public key. When the user A of the user device A205 receives the encrypted content, the encrypted data is decrypted using a private key corresponding to the public key, and the decrypted data is used by the user A.
[0182] Authentication and transmission of encrypted data are also performed in a similar manner between a service provider (SP) 204 serving as a settling institution and a user device B206. That is, the service provider (SP) 204 authenticates the user B on the basis of an identification certificate of the user B and transmits data (such as a content or electronic settlement data) after encrypting the data using a public key certificate of the user B. In this case, the user device is an entity which executes personal authentication on the basis of the person identification certificate (IDC).
[0183] Furthermore, in data communication between the user device A205 and the user device B206, authentication of users A and B is performed on the basis of the person identification certificates of users A and B, and data is transmitted by means of encryption using the public key certificate of the use A or B.
[0184] As described above, identification certificates and public key certificates can be used in various situations in which data is transmitted. A person identification certificate can also be used singly. For example, when a user accesses secret information stored in a PC, the authenticity of the user is verified on the basis of a person identification certificate. A wide variety of entities, such as a service provider (SP), a user device, and a person identification certificate authority (IDA), execute person authentication on the basis of a person identification certificate.
[0185] In an embodiment of a system according to the present invention, as shown in FIG. 2, a person identification certificate (IDC) issued by a person identification certificate authority (IDA) 201 is linked with a public key certificate (PKC) issued by a certificate authority 202. The link may be achieved by incorporating a public key certificate (PKC) into a person identification certificate or by creating group information indicating link information. Manners of forming links will be described in detail later.
[0186] In the public key cryptography described above, different keys are used by a sender and a receiver, wherein one of the keys is used as a public key which are opened for use by any unspecified user, while the other key is used as a private key which is kept secret. In the public key cryptography, unlike the symmetric key cryptography in which encryption and decryption are performed using a symmetric key, only a particular one person has a private key which should be kept secret, and thus it is easy to manage keys. An representative example of a public key encryption algorithm is the RSA (Rivest-Shamir-Adleman) encryption algorithm. In this technique, a product of two very large prime numbers (for example, 150-digit prime numbers) is used because it is difficult to factorize the product of two very large prime numbers (such as 150-digit prime numbers) into prime numbers.
[0187] In the public key cryptography, a large number of unspecified users are allowed to use the same public key, and the validity of a distributed public key is generally certified by a certificate called a public key certificate. For example, a user A creates a pair of a public key and a private key and sends the created public key to a certificate authority to acquire a public key certificate from the certificate authority. The user A opens the public key certificate to the public. An unspecified user acquires the public key from the public key certificate via a predetermined procedure and transmits, to the user A, a document or the like after encrypting it using the public key. Upon reception of the document, the user A decrypts the received document using the private key. The user A may also attach his/her signature encrypted with the private key to a document or the like, and unspecified user may verify the signature using the public key extracted from the public key certificate via the predetermined procedure. Before describing the person authentication system according to the present invention in further detail, the data structures of the public key certificate (PKC) and the person identification certificate (IDC) used in the system of the present invention are described.
[0188] (1.2 Public Key Certificate)
[0189] Public key certificates are described with reference to FIGS. 3 and 4. In the public key cryptography, a public key certificate is issued by a certificate authority (CA) which is also called an issuer authority (IA), wherein in response to receiving an ID and a public key from an user, the certificate authority issues a certificate after adding information such as an ID of the certificate authority and a validity period and also adding a signature of the certificate authority.
[0190] An example of a format of a public key certificate is described. In this specific example, the format is according to the public key certificate format X.509 V3.
[0191] Version indicates the version of the certificate format.
[0192] Serial Number indicates a serial number assigned by a public key issuer authority (IA) to a public key certificate.
[0193] Signature algorithm Identifier and algorithm parameters are fields in which the signature algorithm of the public key certificate and parameters thereof are described. Either the elliptic curve cryptography or the RSA can be used as the signature algorithm, wherein in the case where the elliptic curve cryptography is employed, parameters and the key length are described, while the key length is described in the case where the RSA is employed.
[0194] Issuer is a field in which the issuer of the public key certificate, that is, the name of the public key certificate issuer (IA) is described in the form of a distinguished name.
[0195] Validity is a field to describe a period during which the certificate is valid, wherein a start date and an expiration date are described.
[0196] Subject is a field in which the name of a subject or a user is described. More specifically, for example, the ID of a user device or the ID of a subject which supplies services is described.
[0197] In subject Public Key Info, algorithm and subject Public key, information about the public key of the user including the key algorithm is described.
[0198] The fields described above are defined in the public key certificate format X.509 V1, and fields described below are fields added thereto according to the public key certificate format X.509 V3.
[0199] In authority Key Identifier, key Identifier, authority Cert Issuer, authority Cert Serial Number, information which identifies the key of the public key certificate issuer (IA) is described, wherein, more specifically, a key identification number (octal number), the name of the public key issuer authority (IA), and a certificate number are described.
[0200] In subject key Identifier, identifiers are described in the case where a plurality of keys are certified in the public key certificate.
[0201] Key usage is a field to specify the purpose of the key, wherein a purpose is selected from the group consisting of (0) digital signature, (1) prevention of repudiation, (2) encryption of the key, (3) encryption of a message, (4) distribution of a symmetric key, (5) verification of the signature of the certificate, and (6) verification of the signature of a revocation list.
[0202] In private Key Usage Period, a period is described during which the private key of the user is valid.
[0203] In certificate Polices, certificate policies of certificate authorities, that is, the public key certificate issuer authority (IA) and the registration authority (RA), are described. For example, a policy ID or a certification criterion according to the ISO/IEC9384-1 is described.
[0204] Policy Mapping is described only when a CA (public key certificate issuer (IA)) is certified, wherein mapping is described in terms of the policy of the public key certificate issuer (IA) which issues the certificate and the policy of the certificate authority which is certified.
[0205] In supported Algorithms, attributes of a directory (X.500) are defined. This field is used, in communication, to inform a receiving party of the attribute of the directory.
[0206] Subject Alt Name is a field to describe an alternative name of the subject.
[0207] Issuer Alt Name is a field to describe an alternative name of the certificate issuer.
[0208] Subject Direction Attribute is a field in which an arbitrary attribute of the user is described.
[0209] Basic Constraint is a field to describe whether the public key to be certified is used for signature of the certificate authority (public key certificate issuer authority (IA)) or is used by the user.
[0210] Name Constraints permitted Subtrees is a field to describe the area where the certificate is effective, wherein this field is used only when a certificate authority (public key certificate authority (CA) is certified.
[0211] In policy Constraints, constrains are described in terms of requirements of explicit policy ID or inhibit policy mapping for the remaining certification path.
[0212] CRL (Certificate Revocation List) Distribution Points is a filed to describe a reference point in the revocation list (FIG. 9) at which data is present which indicates whether the certificate of a user is revoked, wherein this field is used to confirm, when the user uses the certificate, that the certificate is not revoked.
[0213] Signature is a field in which a signature of the public key certificate issuer (public key certificate authority (IA) is written. The signature is data which is created by generating a hash value by applying a hash function to the whole of a certificate and then encrypting the resultant hash value using a public key of a certificate authority.
[0214] A certificate authority issues a public key certificate in the format shown in FIGS. 3 and 4 and also updates a public key certificate which has expired. Furthermore, the certificate authority generates, manages, and distributes an illegal user list (revocation list) to shut out users who have made an illegal act. The certificate authority also generates a public key and a private key, as required.
[0215] When a user uses the public key certificate, the user verifies the digital signature of the public key certificate using the public key of the certificate authority the user has. If the verification of the digital signature is successfully passed, the user extracts the public key from the public key certificate. Therefore, all users, who want to use the public key certificate, need to have the common public key of the certificate authority.
[0216] (1.3 Person Identification Certificate)
[0217] Each person identification certificate (IDC) used in the person authentication system according to the present invention includes information which identifies a person (hereinafter, this person identification information included in the IDC is referred to as template information). An example of template information is biometric information of a person such as fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information. Personal identification information other than biometric information is also usable. Specific examples of such personal identification information includes a seal, a passport, a driver's license, and a card. Any combination of the personal identification information described above can also be used. Furthermore, a combination of a password and any personal identification described above may also be used. That is, information that only a person himself/herself can possess is used as the person identification information. It is desirable that the template information be stored in the IDC after being encrypted so as to prevent the template information from being leaked to an unauthorized third party. However, encryption of the template is not necessarily required if the distribution of the person identification certificate is very limited and if the template is thus prevented from being leaked.
[0218] A digital signature of a person identification authority (IDA) is written in a person identification certificate (IDC) so that the person identification certificate is prevented from being tampered with.
[0219] FIG. 5 illustrates an example of a person identification certificate format. The person identification certificate format shown in FIG. 5 includes indispensable item fields, extended item fields, and a signature field. The respective items are described below.
[0220] First, the respective fields of the indispensable items are described.
[0221] Version indicates the version of the certificate format.
[0222] Serial Number indicates a serial number assigned by a person identification authority (IDA) to a person identification certificate (IDC).
[0223] In Signature algorithm Identifier algorithm parameter, the signature algorithm of the person identification certificate and parameters thereof are described.
[0224] Either the elliptic curve cryptography or the RSA can be used as the signature algorithm, wherein in the case where the elliptic curve cryptography is employed, parameters and the key length are described, while the key length is described in the case where the RSA is employed.
[0225] Issuer is a field in which the issuer of the person identification certificate, that is, the name of the person identification certificate authority (IDA) is described in the form of a distinguished name.
[0226] Validity is a field to describe a period during which the certificate is valid, wherein a start date and an expiration date are described.
[0227] Subject is a field in which the name of a subject or a user is described. In this field, more specifically, the ID or the name of the user is described.
[0228] Subject Template Info is a field to describe identification information of an user, wherein data representing biometric information such as a fingerprint of the user is stored after being encrypted. More specifically, the encryption algorithm used to encrypt the template, the unique identifier (ID) or the certificate number of the public key certificate used in encryption, an encryption algorithm, a parameter, a start date and an expiration date indicating the validity period of the template, the type of the template, and the template (encrypted) are described.
[0229] The fields described above are set as the indispensable item fields.
[0230] Now, extended fields of the person identification certificate (IDC) are described.
[0231] Subject PKC info is a field to describe the public key certificate information of the subject to be certified, including the certificate number of the public key certificate of the subject and the subject unique ID of the public key certificate of the subject.
[0232] In Issuer Unique ID, the unique ID of the person identification certificate authority (IDA) is described.
[0233] In Subject Unique ID, the unique ID of the subject to be certified is described.
[0234] In Public Key Certificate, the public key certificate described above is stored.
[0235] In Issuer Alt Name, an alternative name of the person identification certificate authority is described.
[0236] In Subject Directory Attribute, an arbitrary attribute of an user, such as an age, sex, address, telephone number, is encrypted as required to identify the user.
[0237] Valid Count is a field to describe the maximum number of times the person identification certificate is allowed to be used. More specifically, after a certificate is issued, the certificate is allowed to be used as many times as described in this field.
[0238] In Control Table link Infor, group information indicating the link between the person identification certificate (IDC) and the public key certificate (PKC) is described. For example, information is described which indicates a link to a public key certificate used in data communication or data processing which is executed only when a user is successfully authenticated on the basis of the person identification certificate. The link information and the group information will be described in detail later.
[0239] The extended fields of the person identification certificate (IDC) have been described above.
[0240] The digital signature is data which is created by generating a hash value by applying a hash function to all fields of the certificate and then encrypting the resultant hash value using the public key of the person identification certificate authority (IDA).
[0241] Other information may also be described in the extended fields of the person identification certificate (IDC). For example, when the template information is encrypted using not the public key but a common private key, and the common key used in the encryption is encrypted using the public key of the user device, the service provider, or the person identification certificate authority (IDA), the encrypted public key is described in an extended field. The process performed in this case will be described later.
[0242] [2. Encryption of Template]
[0243] The person identification certificate (IDC) described above includes information (template information) used to identify a person. An example of template information is biometric information of a person such as fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information. Personal identification information other than biometric information is also usable. Specific examples of such personal identification information includes a seal, a passport, a driver's license, and a card. Any combination of the personal identification information described above can also be used. Furthermore, a combination of a password and any personal identification described above may also be used. That is, information that only a person himself/herself can possess is used as the person identification information.
[0244] It is desirable that the template be stored after being encrypted to prevent the template from being leaked to a third party, unless the distribution of the certificate is limited so as to keep a secret. The manners of encrypting and storing a template are described below.
[0245] A template may be stored and encrypted in various manners as described below.
[0246] 1) The template is stored without being encrypted.
[0247] 2) The template is encrypted using the public key of the user (identified by the person identification certificate).
[0248] 3) The template is encrypted using the symmetric key Kt, and the symmetric key Kt is encrypted using the public key of the user.
[0249] 4) The template is encrypted using a public key of a service provider (SP) (which identifies a user to which a service is to be provided, by means of using a person identification certificate).
[0250] 5) The template is encrypted using the symmetric key Kt and the symmetric key Kt is encrypted using the public key of the service provider (SP).
[0251] 6) The template is encrypted using the public key of the person identification certificate authority (IDA).
[0252] 7) The template is encrypted using the symmetric key Kt, and the symmetric key Kt is encrypted using the public key of the person identification certificate authority (IDA).
[0253] The template may be stored after being encrypted or without being encrypted in one of the above manners, each of which will be described in further detail below with reference to FIGS. 6, 7, and 8. FIG. 6A illustrates an example in which a template is not encrypted, and data representing biometric information such as a fingerprint acquired via a person identifying apparatus is directly stored as template information in a person identification certificate (IDC).
[0254] FIGS. 6B illustrate an example in which encryption and decryption are performed using only a public key, wherein in encryption shown in FIG. 6B, a template of a user acquired as identification information via a person identifying apparatus is encrypted using a public key of the user or a user device, a public key of a service provider (SP) (which identifies a user to which a service is to be provided, by means of using a person identification certificate), or a public key of a person identification certificate authority (IDA). Encryption may be performed in accordance with, for example, the elliptic curve cryptography (ECC) or the RSA (Rivest-Shamir-Adleman) cryptography. The encrypted template is stored in the person identification certificate (IDC), together with the identifier (unique ID) of the public key and data indicating the encryption algorithm employed in the encryption of the template.
[0255] The public key used herein is a public key which can be identified by the unique ID of the public key. The unique ID of the public key is information which can identify a public key certificate, wherein specific examples include a user ID and a user name stored in a public key certificate. The public key used herein is selected, depending upon the manner in which the person identification certificate (IDC) is used, from the group consisting of the public key of the user, the public key of the service provider (SP) (which identifies a user to which a service is to be provided, by means of using a person identification certificate), and the public key of the person identification certificate authority (IDA).
[0256] FIG. 7 shows various manners of using a public key to encrypt a template. In the case of a person identification certificate (IDC) in which a public key of a user or a user device is used to encrypt a template, an example of usage of the person identification certificate (IDC) is to identify a particular user who is authorized to use a user device (such as a PC). When a user wants to use a PC, the template stored in the person identification certificate (IDC) is decrypted using the private key of the user and is compared with an input template to verify the authenticity of the user.
[0257] An example of usage of a person identification certificate (IDC) in which a template is encrypted using a public key of a service provider is to identify a particular user to whom a service is to be provided by the service provider. The service provider extracts the encrypted template information from a person identification certificate (IDC) of an user, which is stored in the service provider or transmitted from the user or the person identification certificate authority (IDA), and the service provider decrypts the encrypted template information using the private key of the service provider. The service provider then compares the decrypted template with sampling information (such as fingerprint data) presented by a person to be verified.
[0258] A person identification certificate (IDC) in which a template is encrypted using a public key of the person identification certificate (IDC) is used, for example, in data transmission between terminals, to identify transmitting and receiving users on the basis of the person identification certificate (IDC) issued by the person identification certificate authority (IDA). As described above, the template information is encrypted in a different manner depending upon the usage of the person identification certificate (IDC).
[0259] FIG. 6C shows a process of decrypting a template encrypted with a public key. An encrypted template is extracted from a person identification certificate (IDC), and then data indicating the encryption algorithm and the unique ID of a public key are extracted. Furthermore, a private key corresponding to the public key specified by the public key unique ID is extracted, and the encrypted template is decrypted using the extracted private key thereby extracting the template. Each entity which executes the person verification, such as a user device or a service provider which verifies an user, includes an encryption unit for decrypting and encrypting data.
[0260] FIGS. 8A and 8B are diagrams each illustrating a manner of encrypting and decrypting a template of a person identification certificate, using a symmetric key and a public key. FIG. 8A illustrates an encrypting process. First, for example, in a person identification certificate authority (IDA) which wants to generate encrypted template information, a symmetric key is generated using a random number, and a template input via a person identifying apparatus is encrypted using the symmetric key. Furthermore, a public key employed, that is, one of a public key of the user or of a user device, a public key of a service provider (SP), and a public key of the person identification certificate authority (IDA) is encrypted using the symmetric key. The public key is selected depending upon the usage manner described above with reference to FIG. 7.
[0261] The resultant encrypted template and encrypted symmetric key are stored in the person identification certificate (IDC) together with the identifier (unique ID) of the public key and the data indicating the encryption algorithm applied to the encryption of the template and the encryption of the symmetric key.
[0262] FIG. 8B illustrates a decrypting process using the symmetric key and the private key. The encrypted template is extracted from the encrypted template information of the person identification certificate (IDC). Furthermore, the encrypted symmetric key, the data indicating the encryption algorithm, and the public key unique ID are extracted. The encrypted symmetric key is decrypted using the private key specified by the public key specified by the public key unique ID, and the encrypted template is decrypted using the symmetric key obtained via the above decryption process, thereby extracting the template.
[0263] [3. Registration and Change of Template and Person Identification Certificate (IDC)]
[0264] Processes of registering, deleting, changing, adding, suspending, and canceling of suspension of a person identification certificate (IDC) in which data is described in the above-described manner are described below. Herein, the suspending of an IDC is a process of temporarily invalidating the IDC, and the canceling of suspension is a process of re-validating the temporarily suspended IDC.
[0265] (3.1 Registration of Template)
[0266] To effectively register a person identification certificate (IDC), a person to be certified with a person identification certificate (IDC) first presents sampling information to register his/her template. As described earlier, an example of template information is biometric information of a person such as fingerprint information, retina pattern information, iris pattern information, voice print information, and handwriting information. Personal identification information other than biometric information is also usable. Specific examples of such personal identification information includes a seal, a passport, a driver's license, and a card. Any combination of the personal identification information described above can also be used. Furthermore, a combination of a password and any personal identification described above may also be used. That is, information that only a person himself/herself can possess is used as the person identification information.
[0267] FIG. 9 illustrates a flow in terms of registration of a template and creation of an IDC. Registration of a template is performed on the basis of information (sampling information) acquired using an apparatus capable of acquiring personal information in one of the various forms described earlier. For example, in the case where fingerprint information is used as a template, a fingerprint reading apparatus is used, while a voice print acquisition apparatus is used in the case where voice print information is used as a template (S11). The acquired data is transmitted online or offline to a person identification certificate authority (IDA) (S12). A user transmits his/her personal information (PIN) identifying the user to the person identification certificate authority (IDA) (S13).
[0268] In the case where the data described above are transmitted online, mutual authentication is performed between the device of the user and the person identification certificate authority (IDA), wherein data is transmitted together with a digital signature, and the signature is verified at a receiving end. The person identification certificate authority (IDA) checks the data to confirm that the data has not been tempered with, identifies the user, and verifies the data (S14). If it is determined that the data is not valid, error handling is performed (S17) without performing registration.
[0269] In the registration of the template, the person identification certificate authority (IDA) verifies the identification of the user on the basis of user identification data which identifies the user. The person identification certificate authority (IDA) also acquires personal information such as an address or a telephone number, as required. After verifying the identification of the user and the verifying other necessary data, the person identification certificate authority (IDA) assigns a person identifier to the template and stores it in a database (S15). The person identification certificate authority (IDA) encrypts the template using the public key of the person identification certificate authority (IDA) and creates a person identification certificate (IDC) in which the encrypted template is stored (S16). The key used to encrypt the template stored in the IDC may be different depending upon the location where the IDC is used, that is, depending upon the entity which executes authentication of a person. For example, a public key of a service provider or a user device is used depending upon the situation.
[0270] (3.2 Deleting of Template)
[0271] A template registered in a person identification certificate authority (IDA) may be deleted by performing a template deleting process. The deleting process is performed in response to a deleting request issued by an user. FIG. 10 shows a flow of the template deleting process. When a user requests deletion of a template (S21), the user submits his/her identification data which identifies the user to a person identification certificate authority (IDA) (S22). Furthermore, the user transmits his/her personal information (PIN) used for identification to the person identification certificate authority (IDA) (S23).
[0272] In the case where the data described above are transmitted online, mutual authentication is performed between the device of the user and the person identification certificate authority (IDA), wherein data is transmitted together with a digital signature, and the signature is verified at a receiving end. The person identification certificate authority (IDA) checks the data to confirm that the data has not been tempered with, identifies the user, and verifies the data (S24). If it is determined that the data is not valid, error handling is performed (S27) without performing the deleting process.
[0273] After identifying the user on the basis of the person identification data to confirm that the request has been issued by the user himself/herself (S24), the person identification certificate authority (IDA) deletes the requested template and the associated person identification data and other additional information (S25). Furthermore, the person identification certification authority (IDA) deletes the person identification certificate (IDC) in which the template was present, and registers the deleted IDC in a revocation list (S26). More specifically, the IDC identifier corresponding to the deleted IDC is registered in the revocation list.
[0274] (3.3 Changing of Template)
[0275] A template registered in a person identification certificate authority (IDA) may be changed by performing a template changing process. FIG. 11 illustrates a flow of the template changing process. A user submits a template changing request to a person identification certificate authority (IDA) (S31), creates sampling information or the like used to create a new template (S32), and transmits identification data identifying the user and additional information (PIN) as required to the person identification certificate authority (IDA) (S33, S34). The person identification certificate authority (IDA) identifies the user on the basis of the identification data (S35), deletes the person identification certificate (IDC) based on the current template (S36), and registers the deleted IDC in the revocation list (S37). Furthermore, the person identification certificate authority (IDA) assigns an identification number to the new template and stores it in the database (S38), encrypts the template using the public key of the person identification certificate authority (IDA), and creates a person identification certificate (IDC) in which the encrypted template is stored (S39). In on-line data communication between the user device and the person identification certificate authority (IDA), mutual authentication, addition of a signature to data to be transmitted, and verification of the signature are performed in a similar manner to the processes described above.
[0276] (3.4 Addition of Template)
[0277] A user may add another identification data as an additional template to the template which has been already registered in a person identification certificate authority (IDA). FIG. 12 illustrates the template addition process. A user issues a template addition request to a person identification certificate authority (IDA) (S41), creates a new template using a template acquisition apparatus (S42), and transmits it together with identification data to the person identification certificate authority (IDA) (S43, S44). The person identification certificate authority (IDA) verify the received identification data (S45) to authenticate the user, assigns a person identifier (number) to the template to be added and stores it in the database (S46), encrypts the template to be added using the public key of the person identification certificate authority (IDA), and creates a person identification certificate (IDC) in which the encrypted template is stored (S47). In on-line data communication between the user device and the person identification certificate authority (IDA), mutual authentication, addition of a signature to data to be transmitted, and verification of the signature are performed in a similar manner to the processes described above.
[0278] (3.5 Suspension of Template)
[0279] A template registered in a person identification certificate authority (IDA) may be suspended temporarily in response to a suspension request issued from a user. FIG. 13 illustrates a flow of a template suspension process. If a user issues a template suspension request to a person identification certificate authority (IDA) (S51) and submits identification data and addition data to the person identification certification authority (IDA) (S52, S53), the person identification certificate authority (IDA) identifies the user on the basis of the identification data (S54) and suspends the validity of the requested template of the user and the associated identification data and additional information (S55). In this suspension process, the person identification certificate authority (IDA) also revokes the person identification certificate (IDC) of that user and registers it in the revocation list (S56). More specifically, the IDC identifier corresponding to the deleted IDC is registered in the revocation list. In online data communication between the user device and the person identification certificate authority (IDA), mutual authentication, addition of a signature to data to be transmitted, and verification of the signature are performed in a similar manner to the processes described above.
[0280] (3.6 Cancellation of Suspension of Template)
[0281] A template whose validity was suspended via the suspension process may be re-validated in response to a suspension cancel request issued by a user. FIG. 14 illustrates a template suspension canceling process. A user issues a template suspension cancel request to a person identification certificate authority (IDA) (S61) and submits identification data and additional information to the person identification certificate authority (IDA) (S62, S63). After verifying identification of the user on the basis of the identification data (S64), the person identification certificate authority (IDA) cancels the suspension of validity of the requested template of the user and the associated identification data and additional information (S65). Furthermore, the person identification certificate authority (IDA) removes the person identification certificate (IDC) of that user from the revocation list (S66). More particularly, the corresponding IDC identifier is removed from the revocation list. In on-line data communication between the user device and the person identification certificate authority (IDA), mutual authentication, addition of a signature to data to be transmitted, and verification of the signature are performed in a similar manner to the processes described above.
[0282] (3.7 Distribution of Person Identification Certificate (IDC))
[0283] Distribution of a person identification certificate (IDC) created on the basis of a template registered after being supplied from a user is described below.
[0284] FIG. 15 illustrates a flow of a process of distributing a person identification certificate (IDC) to service providers (SPs). A service provider who wants to use a person identification certificate (IDC) makes, in advance, a contract including a rule of using IDCs with a person identification certificate authority (IDA) (S71). Thereafter, mutual authentication is performed between the person identification certificate authority (IDA) and the service provider (SP) (S72). The mutual authentication may be performed, for example, via a process using symmetric key encryption or public key encryption.
[0285] If a success is achieved in mutual authentication, the service provider (SP) transmits to the person identification certificate authority (IDA) a request for issuing person identification certificate (IDC) together with user identification data or data indicating the name of a user to whom a service is to be provided and also data indicating the desired policy of the person identification certificate (IDC) (S73). The person identification certificate authority (IDA) verifies the person identification certificate issuing request (S74), sets the policy of the person identification certificate (IDC) in accordance with the usage rule (S75), extracts the requested person identification certificate (IDC) of the user from the database, decrypts the user template encrypted with the public key of the person identification certificate authority (IDA), encrypts the user template using the public key of the service provider (S76), creates a person identification certificate (IDC) according to the policy (S77), and supplies the created IDC to the service provider (SP) (S78). In the case where the template stored in the database is not encrypted, or in the case where encryption is not required, the encryption of the template is not necessary.
[0286] (3.8 Updating of Person Identification Certificate (IDC))
[0287] Now, a process of updating a person identification certificate (IDC) created on the basis of a registered template of a user is described below. In most cases, updating is performed to reset the validity period of a person identification certificate (IDC) being used.
[0288] FIG. 16 illustrates a flow performed in response to a person identification certificate (IDC) updating request issued from a service provider (SP). A service provider who wants to use a person ide