JP2020010299A - Personal authentication device and personal authentication method - Google Patents

Abstract

To provide a personal authentication technology which can manage key information, personal identification information, and personal information in a distributed manner by a plurality of users and can operate at low cost without risk of falsification by a malicious third party.SOLUTION: A personal authentication device 100 includes a distributed ledger network 50 opened to a public network 70, and a profile gateway 60 that stores key information 3A transmitted from a predetermined terminal device 10 via the public network 70 in the distributed ledger network 50 together with identity verification information that can associated with the terminal device 10.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a personal authentication device and a personal authentication method.

  2. Description of the Related Art Conventionally, an identity authentication system using a certification authority (CA) for identity verification has been operated. Upon receiving the public key from the subscribing user, the certificate authority verifies the identity of the owner of the public key and issues a certificate guaranteeing the owner of the public key. The certificate contains information certifying the public key and its owner, and is given a digital signature to prevent tampering.

  For example, Patent Document 1 proposes an invention relating to a certificate authority that issues a public key infrastructure certificate in response to a request from a user.

JP 2003-309555 A

  However, since the conventional certificate authority has a centralized configuration, it is necessary to always maintain the digital certificate in a verifiable state. Also, the certificate authority must be prepared for the risk of falsification by a malicious third party, which increases operating costs and is not always a satisfactory service.

  Therefore, an object of the present invention is to provide a personal authentication technology that can be operated at low cost without the risk of falsification by a malicious third party.

  The personal authentication apparatus according to one aspect of the present invention includes a distributed ledger network disclosed to a public network, and key information associated with a predetermined terminal device, together with personal identification information associated with the terminal device. And a profile gateway stored in the model ledger network.

  In the aspect of the personal authentication device, the personal identification information may include two or more of the key information certificate, the identification information, the authentication source information, and the personal identification result.

  The personal computer further includes a profile storage unit closed to a public network. The profile storage unit stores personal information associated with the personal identification information, and the personal identification information verifies the authenticity of the personal information. Information and link information to personal information may be included.

  The personal information is composed of a plurality of fields, and the hash information is generated by repeatedly performing a hashing operation of concatenating a plurality of hash information for each field and further hashing the hash information until one hash information is obtained. May be.

  Of a plurality of fields of personal information stored in the profile storage unit, for fields for which non-disclosure has been requested, hash information hashed for each field may be alternatively or additionally stored.

  The method may include a step of connecting and hashing two or more of a plurality of fields.

  The profile gateway may record a history of requests for providing personal information in the distributed ledger network.

  A personal authentication method according to another aspect of the present invention provides a computer connected to a public network, with a function of receiving key information associated with a predetermined terminal device and personal identification information associated with the terminal device. And a function of storing key information and personal identification information in a distributed ledger network opened to the public network.

  In the above aspect of the personal authentication method, a function of receiving personal information associated with the personal identification information from the terminal device, a function of storing the personal information in a profile storage unit kept private from a public network, A function of generating hash information for verifying the authenticity of the information, and a function of further storing link information and hash information to the personal information stored in the profile storage unit in the distributed ledger network. Is also good.

  According to the present invention, since the key information is distributed and managed in the distributed ledger network, it is possible to provide a personal authentication technique that can be operated at low cost without the risk of falsification by a malicious third party.

FIG. 2 is a schematic diagram of a basic configuration of the personal authentication device according to the first embodiment. FIG. 1 is a schematic diagram illustrating a mobile communication system according to a first embodiment. 5 is a flowchart illustrating an identity verification procedure and a public key registration procedure according to the first embodiment. It is a schematic diagram explaining registration of a public key and personal identification information to a distributed ledger network. It is a schematic diagram explaining the sharing of registration information of a distributed ledger network. It is a schematic diagram for explaining access to another company. It is a schematic diagram of the basic configuration of the personal authentication device according to the second embodiment. It is a schematic diagram which shows the mobile communication system of 2nd Embodiment. FIG. 4 is a schematic diagram for explaining access control to registration information. FIG. 4 is a schematic diagram for explaining verification of personal information stored in a profile storage unit. It is a schematic diagram for explaining personal identification information. It is a mimetic diagram for explaining creation of hash information in a personal identification method concerning a 3rd embodiment. It is a schematic diagram. FIG. 3 is a schematic diagram for explaining a hash dictionary attack. It is a mimetic diagram for explaining countermeasures for a hash dictionary attack in the personal authentication method concerning a 4th embodiment. FIG. 2 is a schematic diagram for explaining the personal identification device of the first embodiment. FIG. 14 is a sequence diagram in a case where a public key is registered after personal identification according to the second embodiment. FIG. 14 is a sequence diagram for explaining an identity verification agency according to a third embodiment. FIG. 14 is a sequence diagram of updating personal information according to the fourth embodiment.

  Next, an embodiment of the present invention will be described with reference to the accompanying drawings. In each of the drawings, the components denoted by the same reference numerals have the same or similar functions.

[First Embodiment]
(Configuration of personal authentication device)
The configuration of the personal authentication device 100 according to the first embodiment will be described with reference to FIGS. FIG. 1 is a schematic diagram of a basic configuration of the personal authentication device according to the first embodiment. FIG. 2 is a schematic diagram illustrating the mobile communication system according to the first embodiment.

  As shown in FIG. 1, the personal authentication device 100 according to the first embodiment transmits a distributed ledger network 50 opened to the public network 70 and key information associated with a predetermined terminal device 10 to the terminal device. And a profile gateway 60 stored in the distributed ledger network 50 together with the personal identification information associated with 10.

  The distributed ledger network 50 is also called a block chain. A block chain is a database that generates data units called “blocks” and stores the data by connecting them in a chain. In the distributed ledger network 50 of the present embodiment, each block 51 stores authentication data in a distributed manner. The distributed ledger network 50 functions as a so-called smart contract that realizes a certain contract procedure. In the distributed ledger network 50, each block 51 is distributed and managed by a plurality of users participating in the public network 70. In the distributed ledger network 50, since information is not concentrated at a specific location, the whole system does not stop due to any trouble. By nature, blockchains cannot be tampered with.

  The profile gateway 60 is a computer device, and stores the key information transmitted from the terminal device 10 in the distributed ledger network 50 together with the identification information associated with the terminal device 10. The key information is publicly available encryption information, for example, a public key. The personal identification information is information necessary for confirming that the owner of the public key is two users, and is non-personal information that is considered to have no problem if disclosed. The personal identification information includes, for example, a public key certificate, identification information of the terminal device 10, authentication source information, and personal identification means. It is preferable that the personal identification information of the present embodiment includes two or more of these pieces of information.

  Of the above-mentioned identity verification information, the public key certificate is a key information certificate that proves that the owner of the public key is the two users, and is also called a digital certificate or an electronic certificate. It may be done. The public key certificate may include the electronic signature of the certified organization. The identification information is information for identifying the user who is the owner of the terminal device 10, and includes, for example, the ID and signature of the user, the ID, address, and telephone number of the terminal device 10. The authentication source information indicates the type of certificate referred to when the user has been authenticated, and includes, for example, whether it is a license, my number, insurance card number, or the like. The personal identification means is the means used when the personal identification is performed, for example, is the line authentication verified by the information registered with the telecommunications carrier, or the telephone verification verified verbally through the telephone This is information for discriminating whether or not the document has been verified by the transmitted certificates.

  In this specification, an organization that examines and confirms that the transmitted public key is owned by the user based on evidence (authentication source information) is referred to as a “registration organization”. The registrar also has a function of issuing a public key certificate when it is confirmed that the owner of the public key is the user himself. The registrar also has the function of applying to register the public key and personal identification information in the distributed ledger network. These functions need not necessarily be performed by a single institution, and may be divided into a plurality of organizations. An organization that manages the personal authentication device is called a “profile provider”.

  The distributed ledger network 50 is included in the public network 70. The public network 70 is a large-scale network, for example, the Internet. The distributed ledger network 50 does not need to have all of the constituent blocks 51 belonging to the public network 70, but needs to be open to at least a third party.

  The terminal device 10 is configured to be connectable to the profile gateway 60 and the public network 70 by the function of the mobile communication system 1 shown in FIG. The mobile communication system 1 includes a wireless network 20 and a core network 40, as shown in FIG.

  The wireless network 20 is a wireless communication network including the terminal device 10 and the macro cell base station 30. A relay base station (not shown) may be provided between the terminal device 10 and the macro cell base station 30.

  The terminal device 10 is a communication terminal such as a smartphone and a mobile phone. The terminal device 10 is located within the communicable range of the macrocell base station 30 and is directly connected to the macrocell base station 30. In some cases, the terminal device 10 is located in a communicable range of a relay base station (not shown) and is connected to the macrocell base station 30 via the relay base station.

  The macrocell base station 30 is also referred to as a donor cell, is configured to establish a communication path with the terminal device 10 located therein, and to be capable of wireless communication. When the terminal device 10 is a terminal other than the mobile portable communication terminal having the communication function, the macro cell base station 30 is unnecessary.

  The core network 40 is a dedicated network of a communication provider that provides the mobile communication system 1. The core network 40 includes various gateways and servers for connecting the terminal device 10 to the public network 70. In the present embodiment, the core network 40 particularly includes the profile gateway 60.

(Explanation of action)
Next, the operation of the present embodiment will be described with reference to the flowchart of FIG. First, an identity verification procedure and a public key registration procedure performed by a registrar will be described.

(Proof of identity verification at the registration institution)
First, prior to using the personal authentication device 100, the user 2 installs predetermined application software on the terminal device 10 and issues a public key and a secret key as key information. The application software is programmed to execute the following functions by being executed by the terminal device 10 as a computer device.
1) A function of issuing a public key and a secret key.
2) A function to connect to a registrar and apply for identity verification procedures.
3) A function to connect to a registration institution and apply for registration of a public key and personal identification information to the distributed ledger network 70.

  In the above 1), the public key is registered in the distributed ledger network 50, but the private key is held by the terminal device 10 without being disclosed to the outside. Note that the above 2) and 3) may be functions that are performed in one procedure. If the result of the identity verification is positive, further application from the user 2 is omitted, and the information obtained by the registrar at the time of the identity verification procedure or the public key certificate issued by the user itself is used as the public key authentication information. Together with registration in the distributed ledger network 50.

  Next, the user 2 applies for identity verification to the registrar. Specifically, the user 2 uses the terminal device 10 to send the issued public key together with the electronic signature to the registrar, thereby applying for identity verification to the registrar. At the time of application, an electronic signature may be sent. The registrar confirms, based on the application, whether the sent public key belongs to the two users.

  In step S310, the registrar checks the user 2 who has applied for identity verification for identity verification. As a means of verifying the identity at the registration institution, the identity was verified by the line authentication verified by the information registered with the telecommunications carrier, by telephone verification verbally verified by telephone, or by the certificates sent. Whether it is document confirmation.

  The line authentication can be used when the registrar has concluded a contract that allows reference to personal information such as the line number of the user 2 registered with the communication carrier. The registrar connected from the communication terminal 10 via the telephone line confirms the identity based on the line number of the communication terminal 10. In the telephone confirmation, the operator of the registrar confirms the identity by directly asking various questions to the user 2 through the communication terminal 10. In the document confirmation, the user 2 sends a predetermined document such as a resident's card, a driver's license, a personal identification card / card, etc. to a registration institution to be examined by the user 2 for identification. do. The document confirmation may be performed by transmitting image data obtained by photographing or scanning the personal identification document from the terminal device 10 to the registration organization.

  If the result of the identity verification procedure is positive (S320: YES), the registrar issues a public key certificate (S330). The registrar may include the registrar's electronic signature in the public key certificate. If the result of the identity verification procedure is negative (S320: NO), the registrar notifies the terminal device 10 that the identity verification result is negative, and ends the processing.

(Public key registration procedure)
The user 2 to whom the public key certificate has been issued applies for registration of the public key in the distributed ledger network 70 by using the terminal device 10 in a timely manner. In step S340, the registrar that has accepted the registration application requests the terminal device 10 to transmit the rest of the personal identification information as necessary. The terminal device 10 that has received the request sends the rest of the personal identification information to the registration organization. The rest of the identity verification information is information that is not possessed by the registrar and is necessary for confirming that the owner of the public key is two users. In this embodiment, since the registrar already has the public key and the public key certificate, the rest of the personal identification information includes the identification information of the terminal device 10, the authentication source information, and the personal identification means.

  In step S350, the registrar that has received the rest of the personal identification information sends the public key and the personal identification information to the profile provider that manages the personal authentication device 100, and requests that the information be registered in the distributed ledger network 50. Apply. The profile gateway 60 of the personal identification device 100 registers the public key and the personal identification information in the distributed ledger network 50. If the result of the identity verification is affirmative, the registrar does not wait for further application from user 2 and, without waiting for the further application from user 2, copies the information obtained at the time of the identity verification procedure or the public key certificate issued by himself / herself to the identity verification information. May be registered in the distributed ledger network 50 together with the public key.

  FIG. 4 is a schematic diagram for explaining the procedure for registering a public key and a public key certificate in the distributed ledger network described in FIG. 3 by focusing on the flow of information. As shown in FIG. 4, the user 2 transmits the stored public key 3A to the registrar 6 using the terminal device 10. The registrar 6 confirms that the owner of the public key 3A is two users, and issues a public key certificate. Then, the registrar 6 sends the personal identification information 4 including the public key 3A and the public key certificate to the personal authentication device 100 and applies for registration of the information. The personal authentication apparatus 100 registers the transmitted public key 3A and the personal identification information 4 in the distributed ledger network 50.

  FIG. 5 is a schematic diagram illustrating sharing of a public key and personal identification information registered in the distributed ledger network. Since the public key 3A and the personal identification information 4 registered in the distributed ledger network 50 are disclosed on the public network 70, anyone who has registered to use the distributed ledger network 50 can access it. It is possible. As shown in FIG. 5, for example, the information registered in the distributed ledger network 50 by the registrar 6 refers to any of the companies X, Y, and Z that have registered use in the distributed ledger network 50. It has become possible. Company X, company Y, and company Z can obtain the public key 3A and the identification information 4 of the user 2 as public information using the identification information and the electronic signature of the user 2 as an index.

  FIG. 6 is a schematic diagram for explaining access to another company. Anyone who has registered use in the distributed ledger network 50 can share the registration information. For example, as shown in FIG. 6, if another company 7 such as a bank has registered use of the distributed ledger network 50, the public key 3 A and the personal identification information 4 registered in the distributed ledger network 50 are registered. Can be referred to. As a specific procedure, the user 2 transmits an ID as identification information and an electronic signature from the terminal device 10 to the company 7. The company 7 refers to the distributed ledger network 50, obtains the public key 3A and the identification information 4 linked to the identification information corresponding to the ID, and can confirm the identity of the user 2. When the identity is confirmed, the user 2 that transmitted the ID and the electronic certificate can be assumed to be the principal, so the company 7 encrypts the information to be transmitted using the public key 3A and transmits the information to the terminal device 10 of the user 2. . The user 2 can decrypt and use the information using the secret key 3B stored in the terminal device 10.

  As described above, according to the personal authentication apparatus 100 according to the first embodiment, since the distributed ledger network 50 is open to the public network 70, anyone who has registered for use of the distributed ledger network 50 Anyone can refer to the registered public key and personal identification information. At this time, since the distributed ledger network 50 forms a block chain, there is no danger of falsification by a malicious third party. In the past, a centralized management was required at the certificate authority in order to keep the digital certificate always verifiable in order for the certificate authority to check the validity of the digital certificate. This has tended to increase overall operating costs. According to the personal authentication apparatus 100 according to the first embodiment, the distributed ledger network 50 securely stores the public key and the personal identification information so that the public key and the personal identification information can always be referred to. The identity verification service can be operated at a much lower cost.

  Further, according to the personal authentication device 100 according to the first embodiment, when the user 2 who intends to start using the new service provided by the company 7 using the terminal device 10 receives a use application, the new service is There is simplicity of use that the providing company 7 can easily confirm the identity of the user 2.

  Furthermore, since the personal identification information of the personal authentication apparatus 100 according to the first embodiment includes identification information, authentication source information, and personal identification means in addition to the public key certificate, it is possible to perform more accurate personal identification. it can.

[Second embodiment]
Next, an authentication apparatus 200 according to a second embodiment will be described. The second embodiment differs from the first embodiment in that personal information is also registered and managed as compared with the first embodiment in which personal identification information is registered in addition to a public key.

  FIG. 7 is a schematic diagram of a basic configuration of the personal authentication device according to the second embodiment. FIG. 8 is a schematic diagram illustrating the mobile communication system according to the second embodiment. As shown in FIGS. 7 and 8, the personal authentication device 200 according to the second embodiment includes a profile storage unit 265 for storing personal information 8 and a personal key in addition to the public key 3A and the personal identification information 4. The configuration differs from the first embodiment in that the hash information Kh for verifying the information 8 is registered. Other configurations are the same as in the first embodiment.

  The profile storage unit 265 is a database that stores personal information of the user 2. In the second embodiment, the profile storage unit 265 is connected to the profile gateway 60. However, the connection may be made to a location other than the profile gateway 60 as long as access restriction is set for the profile storage unit 265.

  In the second embodiment, the registrar 6 described with reference to FIG. 4 acquires the personal information 8 from the user 2 in addition to the public key 3A and the personal identification information 4. Next, the registrar 6 executes a hash operation for verifying the personal information 8 and generates hash information Kh for verification. Then, the registrar 6 stores the personal information 8 in the profile storage unit 265 and registers the hash information Kh in the distributed ledger network 50.

  Although the personal information 8 is stored in the profile storage unit 265 and thus has access control, there is no possibility that the personal information 8 will be falsified. On the other hand, the hash information Kh stored in the distributed ledger network 50 is disclosed but cannot be falsified due to the nature of the blockchain. Therefore, a third party referring to the personal information 8 stored in the profile storage unit 265 checks the hash information calculated from the personal information 8 against the hash information Kh registered in the distributed ledger network 50. Whether or not the personal information 8 has been falsified can be verified based on whether or not they match.

  FIG. 9 is a schematic diagram for explaining access control to registration information. As shown in FIG. 9, the registration information of the distributed ledger network 50 (for example, the public key 3A and the personal identification information 4) can be registered by any registered user who has registered use of the distributed ledger network 50. Can be viewed. However, the malicious user 2H cannot falsify the registered contents. On the other hand, the personal information 8 stored in the profile storage unit 265 is subjected to access control and is not disclosed to the public network 70. The company 7 that wants to refer to the personal information 8F of the user 2F in response to a service use request from the user 2F must access the profile storage unit 265 via the access-controlled profile gateway 60. To allow the company 7 to authorize access to the personal information 8F, the user 2F sends authorization information, for example, an authorization token, to the company 7. The company 7 requests the personal information 8F from the profile gateway 60 using the authorization token. When the profile gateway 60 approves, the company 7 can obtain the personal information 8F stored in the profile storage unit 265.

  The personal authentication method according to the second embodiment includes a function of receiving the personal information 8 associated with the personal identification information from the terminal device 10 and a function of storing the personal information 8 in the profile storage unit 265 kept private to the public network 70. The function of saving, the function of generating hash information h for verifying the authenticity of the personal information 8, the link information (for example, url) to the personal information 8 stored in the profile storage unit 265, and the hash information h Is further stored in the distributed ledger network 50, and a computer executes the function.

  With reference to FIG. 10, verification of whether the personal information 8 stored in the profile storage unit 265 has been tampered with will be described. FIG. 10 is a schematic diagram for explaining verification of the personal information 8 stored in the profile storage unit 265. As shown in FIG. 10, in the second embodiment, in the distributed ledger network 50, a hash operation is performed in advance on the personal information 8F stored in the profile storage unit 265, that is, the personal information 8F is obtained by hashing. Verification hash information Kh is stored together with link information to personal information 8F. The hash information Kh stored in the distributed ledger network 50 is compared with the hash information h obtained by hashing the personal information 8F, and if these hash information match, the personal information stored in the profile storage unit 265 is obtained. It can be determined that 8F has not been tampered with. Hash information is generated for each personal information 8 and registered in the distributed ledger network 50.

  With reference to FIG. 11, a specific example of the personal identification information 4 registered in the distributed ledger network 50 in the second embodiment will be described. As shown in FIG. 11, in the block 51 of the distributed ledger network 50, details of the personal identification information 4, for example, a public key, a public key certificate, identification information (ID) for identifying the owner, and information for identification are used. The information source information provided, the identity confirmation means used when confirming the identity, the link information to the personal information stored in the profile storage unit 265, and the hash information Kh for verification correspond to the owner who is the user 2. Stored. Note that a configuration may be employed in which a public key certificate issued by a registrar is further stored as the personal identification information 4.

  For example, as shown in FIG. 11, in association with the identification information of the user 2F, a public key KF, a license as an information source, and a line authentication as a confirmation means are recorded as identity information 4F as public information. Further, a link to the personal information 8F of the user 2F stored in the profile gateway 60 and hash information obtained by hashing the personal information 8F are also stored as public information. In association with the identification information of the user 2M, a public key KM, my number as an information source, and telephone confirmation as a confirmation means are recorded as non-personal information 4M as public information. Further, a link to the personal information 8M of the user 2M stored in the profile gateway 60 and hash information obtained by hashing the personal information 8M are also stored as public information.

  As described above, according to the personal authentication device 200 according to the second embodiment, basically, the same operation and effect as those of the first embodiment can be obtained. In particular, according to the personal identification device 200 according to the second embodiment, it is possible to manage the personal information 8 with a small possibility of being falsified. More specifically, the personal information 8 is stored in a profile storage unit 265 that is kept secret from the public network 70, and the hash information for verifying the falsification is not distributed. By registering in the., It is possible to accurately verify the presence or absence of tampering by comparing hash information.

[Third embodiment]
Next, a personal authentication method according to a third embodiment will be described. The third embodiment is different from the second embodiment in which the entire personal information is hashed in that the procedure is to hash and connect the personal information for each field.

  The basic configuration of the personal authentication device according to the third embodiment is the same as the basic configuration of the second embodiment described with reference to FIGS. 7 and 8, and a detailed description is omitted.

  The third embodiment is characterized by an operation method for obtaining hash information for verification registered in the distributed ledger network 50. More specifically, a plurality of hash information items, which are hashed for each field constituting the personal information, are connected to each other, and a hashing operation for further hashing is repeated until one hash information item is generated. Hereinafter, a specific description will be given.

  FIG. 12 is a schematic diagram for explaining creation of hash information in the third embodiment. As shown in FIG. 12, the personal information 8 includes a plurality of fields F such as a name, a date of birth, a telephone number, and an address. The hash information h1 is hashed for each field F such as, for example, name: hash00, date of birth: hash01, telephone number: hash10, and address: hash11. A plurality of these hashed hash information h1 are concatenated and further hashed like hash0 and hash1 to obtain concatenated hash information h2. Such a hashing operation is repeated to generate one piece of hash information rh.

  The hashing operation of repeating the hashing for each field as described above, linking a plurality of pieces of hash information, and further hashing of the linked hash information is performed by setting whether only a part of the personal information can be disclosed to another person, and checking whether there is tampering. This is advantageous in that it can be verified. When only a part of the personal information stored in the profile storage unit 265 is to be disclosed, the hash information obtained by hashing only a part of the personal information is a distributed ledger obtained by hashing all the personal information. The hash information is different from the hash information registered in the network 50. Therefore, if only a part of the personal information is to be disclosed, it becomes impossible to verify whether the information has been tampered with.

  Therefore, in the third embodiment, hash information obtained by hashing in advance a field requested by the user to be kept secret from the personal information is stored in the profile storage unit instead or additionally. Then, when verifying whether or not tampering has been performed, the entire hashing is performed by using hash information pre-hashed in the private information field to be kept secret as well as the private information field to be kept secret. The hash information obtained by hashing the entire personal information using a part of the hash information hashed in advance in this manner has the same value as the hash information obtained by hashing the entire personal information by using a part of the personal information to be kept secret. Therefore, it can be used for verification of falsification.

  Next, a specific description will be given of hash restoration when there is a field F for which non-disclosure is required. FIG. 13 is a schematic diagram for explaining hash restoration of a field for which non-disclosure has been requested. As shown in FIG. 13, it may be requested that some fields F of the plurality of fields F of the personal information 8 stored in the profile storage unit 265 be not disclosed.

  Specifically, it is often required that the telephone number and the address of the personal information 8 be not disclosed. Therefore, for example, when the user 2F requests not to disclose the telephone number and the address of the personal information 8F stored in the profile storage unit 265, the other party (company or the like) who has requested the reference of the personal information. Of the original personal information 8F, hash information hash10 and hash11 obtained by hashing the fields F3 and F4 of the telephone number and address are provided. When the partner requesting the reference of the personal information verifies whether the personal information 8f has been tampered with, as shown in FIG. 13, the hash information hash10 and the hash information hash10 applied instead of the telephone number and the address which are the original personal information. The hashing operation is repeatedly performed on the hash information h1 using the hash11 to calculate the hash information rh on the personal information 8f when the non-disclosure is requested. That is, a plurality of hash information h1 hashed for each field F are connected, further hashed, and a hashing operation for repeatedly hashing the hash information h2 to one hash information rh is repeatedly generated. Then, hash information rh generated from personal information 8f when non-disclosure is requested, and hash information rh obtained by hashing operation based on original personal information 8F registered in distributed ledger network 50, Compare. If the personal information 8F has not been tampered with, the hash information rh calculated from the personal information 8f in which the hash information is applied to the non-disclosed personal information field is calculated from the personal information 8F including the original field. Should be the same as the hash information rh. Therefore, if the two pieces of hash information match, there is no falsification, and if they do not match, the possibility of tampering and the presence or absence of tampering can be accurately verified.

  As described above, according to the personal authentication method according to the third embodiment, the same operation and effect as those of the second embodiment can be obtained, and a part of the personal information to be kept secret is a hash value pre-hashed. Is applied, so that even if a part of the personal information is kept private, it is possible to verify whether the information has been tampered with.

[Fourth embodiment]
Next, a personal authentication method according to a fourth embodiment will be described. The fourth embodiment is different from the third embodiment in which personal information is hashed and connected for each field in that a procedure for connecting fields of personal information and then hashing is added.

  The basic configuration of the personal authentication apparatus according to the fourth embodiment is the same as the basic configuration of the second embodiment described with reference to FIGS. 7 and 8, and a detailed description is omitted.

  The fourth embodiment is characterized in that the hashing operation includes a procedure of connecting two or more fields out of a plurality of fields constituting personal information and then hashing. Hereinafter, a specific description will be given.

  First, a hash dictionary attack that may occur when personal information is hashed for each field will be described. The hash dictionary attack is an attack in which a hash of a frequently used character string is calculated in advance, and the original character string of the received hash is guessed. FIG. 14 is a schematic diagram for explaining a hash dictionary attack. As shown in FIG. 14, it is assumed that the date of birth field F2 of the personal information 8F is changed to the original date of birth and is disclosed as hash information h. The date of birth has a limited range of possible values due to its nature. Therefore, the malicious third party 2H creates a date of birth date dictionary J in which how the hash information changes according to the change of the date of birth in advance. The original date of birth can be estimated from the hash information F2 included in the personal information published based on the information. Since it is relatively easy to create a hash dictionary for a date of birth, a telephone number, and the like, even if such information is set to private, information leakage is likely. Therefore, the fourth embodiment includes a procedure of connecting and hashing two or more of a plurality of fields included in personal information.

  FIG. 15 is a schematic diagram for explaining measures against a hash dictionary attack in the fourth embodiment. As shown in FIG. 15, items are assigned levels based on the confidentiality of the items of the personal information 8F. The confidentiality of items is determined based on the level of provision of personal information. For example, levels are divided by connecting fields such as level 1: name + birth date, level 2: name + birth date + telephone number + address, level 3:. Next, the hash information h is created by concatenation for each level, and the hash calculation is repeated to create one piece of hash information rh. Creating the hash information h by connecting a plurality of fields for each level makes it more difficult to create the hash dictionary J. Authorization to the item of the personal information 8F is performed on a level basis.

  As described above, according to the personal authentication method according to the fourth embodiment, the same operation and effect as those of the second embodiment can be obtained, and two or more fields among the plurality of fields included in the personal information are connected. By including a hashing procedure, it is possible to make it extremely difficult to guess the private information that has been kept secret.

  Example 1 relates to the second embodiment and the third embodiment, and is an example in the case where a company performs an identity verification procedure on behalf of a company. FIG. 16 is a schematic diagram for explaining the first embodiment. As shown in FIG. 16, the distributed ledger network 50 includes a partial profile hash unit 51 and a history unit 52 in which the provision history and the authorization history of the personal information 8 are recorded. The profile gateway 60 records the history of the request for providing the personal information 8 in the profile of the distributed ledger network 50. Further, the profile recording unit 265 includes a partial profile generation unit 266 that generates a partial profile, and a carrier hash client unit 267.

  For example, when the user 2F accesses the company 7 such as a bank on the network, the company 7 requests the personal information of the user 2F (S401). The user 2F uses the terminal device 10 to request permission to provide the personal information 8F to the distributed ledger network 50 (S402). The distributed ledger network 50 adds an authorization history and issues an authorization token (S403). The distributed ledger network 50 transmits the authorization token to the terminal device 10 (S404).

  The user 2F transfers the authorization token received by the terminal device 10 to the company 7 (S405). The company 7 requests the personal information 8F with the authorization token from the profile gateway 60 (S406). The profile gateway 60 transmits the authorization token to the distributed ledger network 50 and causes it to be verified (S407). If the verification is affirmative, the profile gateway 60 requests the profile storage unit 265 for the item of the authorized personal information (S408). The profile storage unit 265 transmits the profiled partial profile including only the item of the authorized personal information to the profile gateway 60 (S409). The profile gateway 60 transmits the approved partial profile to the company 7 (S410). The company 7 hashes the partial profile and verifies whether the hash matches the hash information h stored in the distributed ledger network 50 (S411).

  The second embodiment relates to the second embodiment and relates to registration of a public key from identity verification. In particular, the second embodiment relates to an example in which the user only needs to apply for one-time identification and registration in the distributed ledger network. FIG. 17 is a sequence diagram when a public key is registered after confirming the identity. As shown in FIG. 17, the user 2F creates a pair key of the public key 3A and the secret key 3B in the terminal device 10 (S500). The user 2F makes a registration application to the registrar RA from the terminal device 10 (S510). The registration authority RA requests identification of the owner of the terminal device 10 (S520). The personal identification information and the personal information 8F are transmitted from the terminal device 10 to the registrar RA (S530).

  The registrar RA performs identity verification based on the transmitted identity verification information, and issues a public key certificate if the result of the identity verification is positive. The registration authority RA transmits the public key 3A, the personal identification information 4 including the public key certificate, and the personal information 8F to the profile provider PP that manages the personal authentication device 100 (S540). The profile provider PP hashes the personal information 8F to generate hash information h (S550). Then, the profile provider PP registers the personal information 8F in the profile storage unit 265 (S560). Further, the profile provider PP saves the public key 3A, the personal identification information 4, and the hash information h in the distributed ledger network 50 (S570). Since the information stored in the distributed ledger network 50 is managed in a distributed manner by a plurality of users, it cannot be falsified. Although there is no possibility that the personal information 8F registered in the profile storage unit 265 is falsified, the hash information obtained by hashing the personal information 8F is compared with the hash information h registered in the distributed ledger network 50. It is possible to determine the presence or absence of tampering based on whether or not the results obtained do not match.

  Third Embodiment A third embodiment is another embodiment relating to an identity verification agency. With reference to FIG. 18, a case will be described in which the company performs identity verification on behalf of the company when concluding a use contract for a system or service with an individual user. As shown in FIG. 18, the user 2F applies for a contract from the terminal device 10 to the company 7 such as a bank (S600). The company 7 requests the personal identification information of the owner of the terminal device 10 (S610). The user 2F transmits the public key and the signature to the company 7 (S620). Specifically, the signature is an electronic signature created by the terminal device 10 using the secret key in order to prove that the public key belongs to the user 2F.

  The company 7 requests the profile provider PP to provide the personal information 8F (S630). The profile provider PP searches the profile storage unit 265 based on the identification information of the user 2F (S640), and acquires the personal information 8F of the user 2F (S650). The profile provider PP searches the distributed ledger network 50 for the identification information of the user 2F (S660), and obtains hash information h calculated from the user identification information 4 of the user 2F and the original personal information 8F (S670). . Then, the profile provider PP generates partial personal information 8f in which the hash information calculated based on the unnecessary personal information is embedded in the field of the personal information unnecessary for the use contract in the personal information 8F (S680). . Then, the profile provider PP provides the partial personal information 8f to the company 7 together with the personal identification information 4 and the hash information h acquired from the distributed ledger network 50 (S690).

  The company 7 compares and verifies the hash information h obtained from the distributed ledger network 50 with the hash information calculated from the partial personal information 8f. Then, if the conditions are satisfied, a use contract can be concluded.

  Embodiment 4 is an embodiment relating to updating of personal information. FIG. 19 is a sequence diagram of updating personal information. As shown in FIG. 19, the user 2F creates a pair key of the public key 3A and the secret key 3B in the terminal device 10 (S700). The user 2F transmits the public key 3A from the terminal device 10 to the registrar RA to apply for an update (S710). The registrar RA requests the provision of personal identification information of the owner of the terminal device 10 and personal information to be updated (S720). On the other hand, the user 2F uses the terminal device 10 to transfer the personal identification information 4 and the newly updated personal information 8N to the registration authority RA (S730).

  The registrar RA transfers the public key 3A, the personal identification information 4, and the personal information 8N to be updated to the profile provider PP (S740). The profile provider PP updates and stores the personal information 8N to be updated in the profile storage unit 265 (S750). Also, the profile provider PP hashes the updated personal information 8N (S760). Then, the profile provider PP stores the hash information h hashed from the updated personal information 8N together with the personal identification information 4 in the distributed ledger network 50 (S770).

The above embodiment can be appropriately modified and applied to the case where the public key and the public key certificate are exchanged or deleted.
[Other variations]
The embodiments and examples described above are intended to facilitate understanding of the present invention, and are not intended to limit the present invention. Each element arrangement procedure included in the embodiment is not limited to the illustrated example, and can be appropriately changed. Further, the configurations and procedures shown in different embodiments can be partially replaced or combined.

  DESCRIPTION OF SYMBOLS 1 ... Public network, 2 2F, 2M ... User, 3A ... Public key, 4 ... Identity information, 8 ... Personal information, 10 ... Terminal device, 50 ... Distributed ledger network, 60 ... Profile gateway, 100, 200 ... Personal authentication device, 265 ... Profile storage unit, h ... Hash information, F ... Field

The personal authentication apparatus according to one aspect of the present invention includes a distributed ledger network disclosed to a public network, and key information associated with a predetermined terminal device, together with personal identification information associated with the terminal device. A profile gateway stored in the model ledger network, and a profile storage unit kept private from the public network. The profile storage unit stores personal information associated with the personal identification information. The confirmation information includes hash information for verifying the authenticity of the personal information and link information to the personal information, and the personal information is composed of a plurality of fields. For the hashed information that has been converted, the hashing operation for connecting and hashing a plurality of Repeat has been generated, the fields that nondisclosure is requested among the plurality of fields of personal information, the hash information hashed for each field is alternatively or additionally stored.

A personal authentication method according to another aspect of the present invention provides a computer connected to a public network, with a function of receiving key information associated with a predetermined terminal device and personal identification information associated with the terminal device. A function of storing key information and personal identification information in a distributed ledger network open to the public network, and personal information associated with the personal identification information in a profile storage unit kept private to the public network And a function for storing The personal identification information includes hash information for verifying the authenticity of the personal information and link information to the personal information, and the personal information is composed of a plurality of fields, and the hash information is provided for each field. Hashed hash information is generated by repeatedly performing a hashing operation of concatenating a plurality of pieces and further hashing until one hash information is obtained. For, hash information hashed for each field is alternatively or additionally stored .

Claims (9)

A distributed ledger network open to the public network,
A profile gateway storing key information associated with a predetermined terminal device in the distributed ledger network together with identification information associated with the terminal device,
An authentication device comprising:   The personal authentication device according to claim 1, wherein the personal identification information includes two or more of a key information certificate, identification information, authentication source information, and personal identification means. Further comprising a profile storage unit closed to the public network,
In the profile storage unit, personal information associated with the personal identification information is stored,
The personal authentication device according to claim 1, wherein the personal identification information includes hash information for verifying the authenticity of the personal information and link information to the personal information. The personal information is composed of a plurality of fields,
The hash information is generated by repeatedly performing a hashing operation of concatenating a plurality of pieces of hash information for each field and further hashing the pieces of hash information until one piece of hash information is obtained.
The personal authentication device according to claim 3.   Of the plurality of fields of the personal information stored in the profile storage unit, for fields for which non-disclosure has been requested, the hash information hashed for each of the fields is alternatively or additionally stored. The personal authentication device according to claim 4, wherein Concatenating and hashing two or more of the plurality of fields,
The personal identification device according to claim 4.   The personal authentication device according to claim 3, wherein the profile gateway records a history of the request for providing the personal information in the distributed ledger network. On a computer connected to the public network,
A function of receiving key information associated with a predetermined terminal device and personal identification information associated with the terminal device;
A function of storing the key information and the personal identification information in a distributed ledger network opened to the public network. A function of receiving personal information associated with the personal identification information from the terminal device,
A function of storing the personal information in a profile storage unit closed to the public network;
A function of generating hash information for verifying the authenticity of the personal information,
The personal authentication method according to claim 8, further comprising: executing a function of further storing the link information to the personal information and the hash information stored in the profile storage unit in the distributed ledger network.