JP2001312477A - System, device, and method for authentication - Google Patents

Abstract

PROBLEM TO BE SOLVED: To solve the problem such that the possibility of 'impersonation' can not be denied as to an existent authentication system even when authentica tion is successful at the time of remote access through a network, i.e., an authen ticator is unable to prove that a person who is operating a personal computer of a client as an authenticated person is a legal user. SOLUTION: A remote authenticating program with high security using code is built in an intelligent portable device 100 having a function of inputting and matching biological features of an authenticated person inside and in the device 100 which are hardly accessed from outside, local authentication by biological feature authentication and high-security remote authentication are combined. Consequently, the genuiness of the user obtained by a client PC 200 is transmitted to a remote authentication server 400 to actualize remote individual authentication.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a recognition system, an authentication apparatus and an authentication method, and more particularly to an authentication system for authenticating an individual user in remote access via a network, and an authentication apparatus and an authentication method.

[0002]

2. Description of the Related Art As a method of authenticating a user who accesses a computer at a remote place via a network, a so-called password authentication system combining a user ID and a password and an improvement in security of the password authentication system are attempted. There is a one-time password authentication method.

In the password authentication method, a third party can easily “spoof” the user by guessing the password or eavesdropping on the password during communication.

Some of the one-time password authentication methods use a challenge response method or a portable one-time password generator.

In the challenge-response method, a computer on the side of the authenticator transmits different data called "challenge" to the computer on the side of the authenticated person every time. Upon receipt of the challenge, the subject passes the password and the challenge, which are shared with the authenticator and kept secret, through a certain one-way function, and outputs the output to the authenticator's computer as a one-time valid authentication password. return.

In a system using a portable one-time password generator, a user normally holds the generator,
The password generated by this and a PIN (Personal Identification Number) that is shared in advance with the authenticator and kept secret
The character string combined with r) is sent to the authenticator's computer as a one-time valid password.

[0007] These one-time password authentication methods are:
It is impossible to “spoof” by eavesdropping a password, which is one of the disadvantages of the password authentication method.

However, the password in the challenge-response authentication method and the PIN in the one-time authentication method are information to be stored (held) by the user to be authenticated, and in that sense, the password authentication It is only equal to the security strength of the scheme. That is,
If a character string or a number string that is easy for the user to remember is used, it can be easily detected or guessed by a third party. In addition, meaningless character strings and numeric strings may be used in consideration of security, but in other words, they are difficult to remember character strings and numeric strings, so if you write them down as a memorandum somewhere, conversely Security will be reduced.

Further, if the computer of the person to be authenticated is stolen, or if the computer is successfully used by a third party without authorization, the authenticator can confirm that the other party is not a valid user. Regardless, access is allowed.

[0010] Further, Japanese Patent Application Laid-Open No. H11-282982 discloses an authentication method using a portable IC card and cryptography, which has a low risk of theft. However, the security strength is the same as that of the password authentication method in that a password is required to identify the genuine holder of the IC card.

[0011]

The actual situation (authenticator) for performing the authentication process is the person who operates the personal computer (PC) of the other party to be authenticated, that is, the actual situation (authenticatee) to be authenticated is authenticated. When accessing the server managed by the user, usually, the authenticity of the person to be authenticated is confirmed using various authentication means such as a password method, a challenge response method or a one-time password method, and "spoofing" by a third party is performed. Exclude.

Information such as a password is actually sent from hardware or software such as a PC of a person to be authenticated. For this reason, from the point of view of the authenticator, it is not possible to confirm whether or not the authenticated person is a valid user of the server at the moment when the authenticated person is to be authenticated. As described above, this is because the PC is stolen, the PC is used by unauthorized third parties, or the IC card is lost, stolen, or has a password or PIN in the case of the above authentication method using an IC card. Is likely to leak or be guessed.

[0013] The present invention has been made to solve the above-described problem, and has as its object to authenticate a user in remote access via a network.

Another object is to eliminate the need for a password or PIN in authentication.

It is another object of the present invention to perform authentication which does not require communication of information required for generating authentication information between an authenticator and a subject.

[0016]

The present invention has the following configuration as one means for achieving the above object.

An authentication system according to the present invention is a portable device having local authentication means for performing local authentication for inputting and verifying biometric characteristics of a subject, and high-security remote authentication means using encryption. A remote authentication means for performing remote authentication via a network, wherein when the local authentication is successful, the remote authentication means generates authentication information necessary for the remote authentication and performs the remote authentication The authentication device recognizes that the authenticity of the subject has been confirmed by the local authentication based on the authentication information sent via the network.

An authentication device according to the present invention is an authentication device for authenticating a user in remote access via a network, wherein a recording unit on which information indicating a biological characteristic of the user is recorded; Input means for inputting information indicating a biological characteristic of a person, collating information indicating the biological characteristic input by the input means with information indicating the biological characteristic recorded in the recording means It has a collating unit and a generating unit that generates authentication information necessary for the remote access according to a collation result of the collating unit.

An authentication method according to the present invention is an authentication method for authenticating a user in remote access via a network, wherein information indicating a biological characteristic of the user is input, and information relating to the user is stored in a memory. The information indicating the biological characteristic is read out, and the information indicating the biological characteristic input by the input unit is compared with the information indicating the biological characteristic read from the memory, and according to the matching result, And generating authentication information necessary for the remote access.

[0020]

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, as one embodiment of the present invention,
An authentication method using an intelligent biometric feature input matching device with excellent portability and an encryption algorithm will be described with reference to the drawings.

As an example of a device for inputting and verifying the characteristics of a living body, the applicant has proposed a thin and lightweight card-type fingerprint reading and verifying device (hereinafter referred to as Japanese Patent Application Laid-Open No. 10-336169) in which an infinite one-time authentication system is mounted. There is a "card." This card is registered in advance with fingerprint information of a person to be authenticated as a holder and an encryption key for generating a one-time valid authenticator having a one-time property (hereinafter referred to as an “authenticator”). . This encryption key corresponds to a secret key in a public key cryptosystem and a common key in a common key cryptosystem, but the encryption key in the description of the present embodiment is a secret key.

When a person to be authenticated, who is the owner of the card, accesses the target server, the user connects the card to a PC and causes the card to read his / her fingerprint. Then, the read fingerprint is compared with fingerprint information or fingerprint feature point (template) data registered in the fingerprint card. That is, the card authenticates the cardholder and verifies the cardholder's validity. Such authentication is called "local authentication".

If the local authentication succeeds, an encryption processing program mounted on the card generates an authenticator using an encryption key (private key) stored in the card, and transmits the authenticator via a PC and a communication path. To send to the target server. Of course, since the fingerprint information, the template and the encryption key are not transmitted, privacy and information leakage on the communication path can be prevented.

The server that has received the authenticator verifies the authenticity of the authenticator, that is, authenticates the person to be authenticated, using the public key and the encryption processing program that form a pair with the secret key.
Such authentication is called "remote authentication".

If the remote authentication succeeds, the PC of the subject
Can access the target server and use various applications and resources on the target server. Of course, if the authentication fails, the authenticator cuts off the communication path between the server and the PC of the subject.

As described above, the local authentication using the characteristics of the living body and the strong remote authentication using the encryption are connected in a card that is a tamper-resistant device that blocks external access. With this mechanism, the authenticity of the individual obtained by the local authentication can be safely transmitted to the authenticator.

Next, referring to FIG.
Will access the target server 400 via the network 300. As described above, the infinite one-time authentication method based on the public key encryption method is employed as the remote authentication method. As the biometric feature matching device, the above-described thin and lightweight card-type fingerprint reading and matching device (card) 100 having excellent portability is employed.

FIG. 2 is a diagram showing a configuration example of the client PC 200 and the software modules mounted in the card 100 connected thereto. FIG. 3 is a sequence diagram showing a series of flows of local authentication and remote authentication.

[0029] Inside the card 100 owned by the user,
Fingerprint information 106 of the card holder required for local authentication, fingerprint collation program 105, seed data (S) 103 for generating an authenticator having one-time property required for remote authentication,
A cryptographic processing program 104 and a secret key (Ks) 102 necessary for encryption are stored.

When the user requests remote access (S 1), the authentication processing program 110 on the client PC 200
Prompts the user to input a fingerprint using the fingerprint reading unit 101 of the card 100 (S2).

When the fingerprint information is input (S3), the card 100
The fingerprint collation processing program 105 performs local authentication by comparing the inputted fingerprint information with the fingerprint information 106 which is the fingerprint information of the holder of the card 100 (S4). If the two information do not match, a message to that effect is returned to the authentication processing program 110, and the remote access request is rejected (S
Five). On the other hand, if the two information match, the encryption processing program 10
According to 4, the authenticator for remote authentication by the infinite one-time authentication method is the seed data (S) 103 and the secret key (Ks) 10
2 (S6).

Here, it is extremely important that the fingerprint collation is performed by the fingerprint collation program 105 in the card 100.
That is, the fingerprint information of the user does not leak out of the card 100, and it is impossible to “forge” the fingerprint information 106 by forgery. Therefore, only authentic users can use the card
The card 100 cannot be used, and even if the card 100 is lost or stolen, the card 100 is not used for unauthorized access. Furthermore, since the privacy of the user can be protected, it is considered that the user's psychological resistance to using the biometric information (fingerprint) for authentication is small.

In addition, the generation of the authenticator is entirely performed by the card 100.
It is also important that the processing be performed by the cryptographic processing program 104 within. That is, no information about the secret key (Ks) 102 leaks out of the card 100, and only the authenticator is output. According to the infinite one-time authentication method, since the generated authenticator is different each time, even if the authenticator is intercepted, it cannot be reused, and
Unless the secret key (Ks) 102 is obtained, the authenticator cannot be forged.

The authenticator generated in the card 100 is sent to the client PC 200 (S7), and further sent to the target server 400 via a communication path (S8). Then, the server 400 performs remote authentication using the infinite one-time authentication method (S9), and returns an authentication result to the client PC 200 (S10). If the authentication is successful, transmission / reception of data between the client PC 200 and the target server 400 is started (S11). If the authentication fails, the server 400 immediately cuts off the communication path (S12).

As described above, in order to generate an authenticator for remote authentication, the secret key stored in the card 100 is required.
(Ks) 102 is required. Only a valid card holder who has succeeded in local authentication can use the secret key (Ks) 102. Therefore, the authenticator has obtained confirmation that the person operating the client PC 200 is a valid user of the server 400 when the remote authentication is successful. In other words, authentication of an individual located in a remote place (remote individual authentication) is realized.

[0036]

[Modifications] Various modifications can be made to the above-described embodiment without departing from the spirit thereof.

In the above, an example has been described in which a fingerprint, which is a biometric feature of a user, is used as authentication information for local authentication. However, biometric feature information other than a fingerprint can be used. For example, there are a retinal pattern, an iris, a palm shape, an ear shape, a face pattern, a face temperature distribution, and a voice spectrum. If the device has a function of measuring (inputting) and collating them, a data storage management function capable of controlling access, and a cryptographic processing program, remote personal authentication similar to that of the above embodiment can be performed.

Further, if the device measures (inputs) and checks not only one kind of biometric feature but also two or more biometric features, the security of local authentication can be further improved.

As a biometric feature input matching device,
Ultra-thin IC card type, mobile phone built-in type, game machine built-in type, watch built-in type, etc. are considered. In general, if a biodevice is built into an item worn or carried by an individual, the authenticity of the user can be easily proved to the authenticator at any time in remote access via a network. .

In the above, an example in which the infinite one-time authentication method is used as the remote authentication method has been described. However, any other authentication method can be used as long as the security strength is strong, that is, a method that can withstand wiretapping and replay attacks. I do not care. For example, there is a method of performing authentication using a chaotic multi-value encryption method capable of generating a multi-value cipher text using a common key. In this case, there are a method using seed data and a method using a challenge-response authentication method for generating an authenticator.

As described above, according to the present embodiment, in the authentication processing via the network, it is determined whether or not the person who accessed using the computer is a person having a legitimate access right, even though the person is remote. And can be strictly authenticated. At that time, the biometric feature information (fingerprint, etc.) of the individual to be authenticated is only registered in the biometric feature input / verification device possessed by the individual, and must be registered at all on the authenticator side (remote authentication server). No biometric feature information is exchanged between the biometric feature input verification device and the authentication server. Therefore, it is possible to eliminate the psychological resistance of users of such an authentication system,
In addition, the operation of the authentication server becomes easy.

[0042]

As described above, according to the present invention,
A user for remote access via a network can be authenticated.

Further, a password or a PIN for authentication can be made unnecessary.

Further, it is possible to perform authentication that does not require communication of information necessary for generating authentication information between the authenticator and the subject.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration example of a living body detection type remote personal authentication system;

FIG. 2 is a diagram showing a configuration example of a software module on a client side in the living body detection type remote personal authentication system;

FIG. 3 is a sequence diagram illustrating a flow of an authentication process.

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification FI FI Theme coat ゛ (Reference) H04L 9/00 673A F-term (Reference) 5B085 AA08 AE12 AE15 AE23 AE25 AE26 AE29 BG07 5J104 AA07 KA01 KA04 KA06 KA17 NA02 NA35 NA37 NA38 NA40 NA42 PA07

Claims (8)

[Claims] 1. A network using a portable device having local authentication means for performing local authentication for inputting and verifying a biometric characteristic of a subject, and high-security remote authentication means using encryption. An authentication system that performs remote authentication via the remote authentication unit, wherein the remote authentication unit generates authentication information necessary for the remote authentication when the local authentication is successful; An authentication system for recognizing that the authenticity of the subject is confirmed by the local authentication based on the authentication information sent through the authentication system. 2. An authentication device for authenticating a user in remote access via a network, comprising: recording means for recording information indicating a biological characteristic of the user; and a biological characteristic of the user. Input means for inputting information indicating the biological information, input means for inputting information indicating biological characteristics, input means for inputting information indicating biological characteristics, input means for inputting information indicating biological characteristics, and information indicating biological characteristics recorded on the storage means, Generating means for generating authentication information necessary for the remote access in accordance with a result of the verification by the means. 3. The method according to claim 2, wherein the generating unit generates the authentication information when the collation matches.
Authentication device described in. 4. The authentication apparatus according to claim 2, wherein the generation unit generates the authentication information by performing a cryptographic process using seed information and a secret key. 5. The apparatus according to claim 2, further comprising an output unit configured to output the authentication information generated by the generation unit to another authentication device that performs remote authentication via the network. An authentication device according to claim 4. 6. The authentication device according to claim 2, wherein the authentication device has a card shape. 7. An authentication method for authenticating a user in remote access via a network, comprising: inputting information indicating a biological characteristic of the user; and displaying a biological characteristic of the user from a memory. The information is read, and the information indicating the biological characteristic input by the input unit is compared with the information indicating the biological characteristic read from the memory. An authentication method characterized by generating necessary authentication information. 8. A storage medium used for an authentication device that authenticates a user in remote access via a network, wherein the feature information indicates biological characteristics of the user, the feature information, and input means. And a program code for generating authentication information necessary for the remote access according to the result of the comparison.