WO2001042938A1 - Systeme d'authentification personnelle et dispositif electronique portatif a fonction d'authentification personnelle utilisant des informations physiques - Google Patents
Systeme d'authentification personnelle et dispositif electronique portatif a fonction d'authentification personnelle utilisant des informations physiques Download PDFInfo
- Publication number
- WO2001042938A1 WO2001042938A1 PCT/JP1999/006961 JP9906961W WO0142938A1 WO 2001042938 A1 WO2001042938 A1 WO 2001042938A1 JP 9906961 W JP9906961 W JP 9906961W WO 0142938 A1 WO0142938 A1 WO 0142938A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- unit
- data
- electronic device
- portable electronic
- feature data
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
Definitions
- the present invention provides a system for authenticating an individual using biological information (for example, fingerprint, voice, iris, face, retina, blood vessel, palm shape, signature, voice, keystroke, dynamic signature, etc.)
- biological information for example, fingerprint, voice, iris, face, retina, blood vessel, palm shape, signature, voice, keystroke, dynamic signature, etc.
- the present invention relates to a portable electronic device such as an IC card having a function.
- a debit card is a card that uses the magnetic cash issued by a financial institution as it is and allows the purchase price to be immediately deducted from the user's deposit account.
- users who are not accustomed to using passwords (hereinafter also referred to as users) tend to use easily memorable character strings as passwords so as not to forget their passwords.
- passwords For example, in addition to the name of the user and his / her family, date of birth, telephone number, and the like, words registered in a dictionary are often registered as passwords.
- the password may be left behind on a piece of paper, or the password may be leaked, especially when a debit card is used, when the password is entered using the numeric keypad.
- the encryption / decryption key used for encryption has a long character string and requires a great deal of effort for humans to memorize. Therefore, the keys are usually stored on a convenience store or floppy disk and read out when needed. When reading, the security of the key may be kept by using a password or the like. However, just because a key with a long character string cannot be written, managing it with a short password with a short character string length reduces security by half.
- the security setting does not depend on the user, and biometric information (eg, fingerprint, voice, iris, face, retina, blood vessel, palm shape, signature, voice, key) It is necessary to cooperate with personal authentication using strokes, dynamic signatures, etc.).
- biometric information eg, fingerprint, voice, iris, face, retina, blood vessel, palm shape, signature, voice, key
- Biometric information is a physical feature that humans do not remember, do not need to write down on paper, and are not expected from third parties. In addition, forgery of biometric information is difficult, and even if you see the collation of biometric information, you cannot imitate it. Therefore, when personal authentication is important, personal authentication by matching biometric information is optimal.
- the process of collecting biometric information and extracting biometric feature data for collation from the collected biometric information is not possible.
- an IC card terminal external data processing device
- the IC card performs only the verification of the biometric data (for example, Japanese Patent Laid-Open No. 10-3). Reference is made to JP-A No. 12459).
- the biometric feature data of the user is stored in advance as registered biometric feature data, and when the biometric feature data for collation is sent from the IC card terminal, the biometric feature data for collation is used.
- the IC card terminal corresponds to a client that performs fingerprint feature extraction, and the IC card is a fingerprint feature data.
- the difference between the above-described collation method using an IC card and the fingerprint collation method of the client server type is that the user can carry the IC card corresponding to the server as a portable electronic device with high anti-dumping properties. It is in. Since the biometric feature data collation and subsequent processing can be performed within the IC card owned by the user instead of the server operated by another person, there is an advantage that privacy can be reliably maintained.
- the biometric feature data for verification is transmitted as it is from the IC card terminal to the IC card, or the verification result from the IC card is transmitted to the O KZNG G signal (0 1 signal). ) And send it as is. Therefore, no matter how good the tamper resistance of the IC card is, if the data exchanged between the 1 card and 1 (card terminal) is stolen, the data may be misused. However, the current linking method could not fully utilize the tamper resistance of IC cards.
- the present invention has been made in view of such a problem, and in a system that requires a process of inputting a personal identification number for personal authentication, such as a debit card, it is impossible to input the personal identification number and theft or imitation.
- the primary objective is to link personal authentication with sensitive biometric information, and to ensure that leakage and theft of identification numbers are reliably prevented, high security performance is ensured, and personal authentication can be performed safely.
- the present invention is applicable not only when inputting biometric characteristic data for collation into a portable electronic device such as an IC card, but also when outputting the result of collating biometric characteristic data inside the portable electronic device to the outside.
- the second objective is to ensure high security performance and enable secure personal authentication. Disclosure of the invention
- a personal authentication system of the present invention comprises: a portable electronic device; a data processing device mounted with the portable electronic device for directly accessing the portable electronic device; A management device that accesses the portable electronic device via the data processing device and performs authentication of the owner of the portable electronic device by using a personal identification number,
- a biometric information measurement unit configured to measure biometric information of a person to be authenticated; a biometric feature data extraction unit configured to extract biometric feature data for verification from the biometric information measured by the biometric information measurement unit;
- a first transmission / reception interface for transmitting / receiving data between the processing device and the portable electronic device and the management device;
- a biometric feature data registration unit that stores in advance the registered biometric feature data of the owner of the portable electronic device in the portable electronic device; and transmits and receives data between the portable electronic device and the data processing device.
- a second transmission / reception interface a biometric characteristic data collation unit for comparing and collating the registered biometric characteristic data received from the outside with the second transmission / reception interface, and an owner of the portable electronic device
- a password registration unit that stores a password in advance for
- the biometric data for verification is transmitted from the first transmission / reception interface of the data processing device to the portable electronic device, and the second transmission / reception is performed by the biometric data collation unit of the portable electronic device. Comparing and matching the biometric feature data for verification received by the interface with the registered biometric feature data, and as a result of the comparison, the biometric feature data for verification is compared with the registered biometric feature data. If the predetermined matching condition is satisfied, the password is transmitted from the second transmission / reception interface of the portable electronic device to the management device via the first transmission / reception interface of the data processing device. It is characterized by.
- the data processing device includes a first encryption unit that encrypts the biometric characteristic data for collation with a public key, and the portable electronic device stores a registration secret key corresponding to the public key in advance.
- the secret key registration unit to be stored and the second transmission / reception interface
- a decrypting unit for decrypting the encrypted data received from the outside with the registered secret key, wherein the biometric characteristic data for collation encrypted by the first encrypting unit is used as the first transmission / reception as the encrypted data. Transmitting the encrypted data received from the second transmission / reception interface to the portable electronic device, and decrypting the encrypted data received by the second transmission / reception interface by the decryption unit to obtain the biometric characteristic data for verification. Comparison and matching by the biometric feature data matching unit may be performed.
- a public key registration unit for a management device that stores a public key for the management device in advance, and before transmitting the password to the management device,
- a second encryption unit for encrypting with a public key for use.
- a recording unit for recording information used for processing in the management device as magnetic data is provided, and in the data processing device, the recording unit is recorded on the recording unit.
- the data processing device is provided with the biometric part for verification by the biometric feature data extracting unit, and the time stamp is encrypted by the first encryption unit together with the biometric feature data for verification. And transmitting it to the portable electronic device from the first transmitting / receiving interface to the portable electronic device.
- the portable electronic device further includes a clock function unit for calculating a current time, and the time stamp obtained by decoding by the decoding unit.
- a time stamp matching unit for comparing and matching the current time calculated by the clock function unit; and a result of matching by the biometric feature data matching unit, wherein the matching biometric feature data is the registered biometric feature data. If the predetermined match condition is satisfied with respect to, and the time difference between the time stamp and the current time is within a predetermined range as a result of the matching by the time stamp matching unit, The subject may be determined to be the owner of the portable electronic device.
- the portable electronic device When the portable electronic device receives a predetermined signal at the second transmission / reception interface, the portable electronic device transmits public key information of the owner registered in the portable electronic device from the second transmission / reception interface. It may be transmitted to the outside.
- a state where the matching biometric feature data does not satisfy a predetermined matching condition with the registered biometric feature data is determined by a predetermined number of times.
- a lock function unit for locking the input of the biometric feature data to the portable electronic device may be provided.
- the portable electronic device may include a management log recording unit that saves at least one of the transmission date and time and the processing content of the personal identification number as a management log of the personal identification number.
- the biometric information of the person to be authenticated is measured by the biometric information measuring unit, and the biometric feature for collation is extracted from the biometric information by the biometric data extracting unit.
- the data is extracted, and the matching biometric data is transmitted from the first transmission / reception interface to the portable electronic device.
- the portable electronic device receives the biometric feature data for verification through the second transmission / reception interface, the biometric feature data for verification and the registered biometric feature data are compared and collated by the biometric data collating unit. You.
- the matching biometric feature data satisfies a predetermined matching condition with the registered biometric feature data, the personal identification number is transmitted to the management device.
- the personal identification number stored in the portable electronic device is changed. Since the password is transmitted to the management device, there is no need to directly input the password with the numeric keypad in the data processing device as in the past, and the password only passes through the data processing device. This greatly reduces the risk of the password being stolen when the password is entered. Therefore, in a system that requires the input of a personal identification number for personal authentication, such as a debit card, linking the personal identification number with personal identification using biometric information that cannot be stolen or imitated The security code is leaked and theft is reliably prevented, ensuring high security performance. This will enable secure personal authentication.
- a personal identification number for personal authentication such as a debit card
- the biometric characteristic data for verification encrypted by the public key in the first encryption unit is transmitted to the portable electronic device.
- the biometric characteristic data for verification is encrypted by the public key method, transmitted from the data processing device to the portable electronic device, and all data input to the portable electronic device at the time of personal authentication are stored in the portable electronic device. Is decrypted. Therefore, it is not possible to input falsified biometric feature data for verification, and it becomes difficult for others to impersonate, and higher security performance is secured.
- biometric characteristic data for verification is trapped using a fake portable electronic device (fake IC card, etc.)
- biometric characteristic data for verification (encrypted data) is diverted to another system. It will be difficult to do. Therefore, high security performance is secured and personal authentication is performed safely.
- the personal authentication system of item (1-4) the information recorded in the recording unit on the surface of the portable electronic device is read by the magnetic data reading unit of the data processing device, and the information is transmitted to the management device together with the personal identification number. Sent. Therefore, when using, for example, an IC card that also has the function (magnetic stripe) of an existing magnetic card as a portable electronic device, the personal authentication system of item (1-4) can be used.
- the date and time of extraction of the biometric characteristic data for verification is generated as a time stamp in the data processing device, attached to the biometric characteristic data for verification, and transmitted to the portable electronic device.
- the biometric feature data for verification satisfies a predetermined matching condition with the registered biometric feature data, and If the time difference between the (extraction date and time) and the current time is within a predetermined range, it is determined that the person to be authenticated is the owner of the portable electronic device.
- the biometric feature data for verification transmitted from the data processing device to the portable electronic device is trapped. After that, a replay attack on the portable electronic device is performed using the trapped biometric feature data for verification. Even if this is done, the time difference between the timestamp (extraction date and time) and the current time increases, and the access by the trapped biometric data for verification can be rejected, and higher security performance is secured.
- the personal identification number is obtained from the collation date and time obtained by the clock function unit ( Along with the timestamp, it is encrypted by the second encryption unit and then transmitted to the management device.
- the security code transmitted from the portable electronic device to the management device is trapped, and even if the trapped security code is used, the management device monitors the verification date and time attached to the security code. If this is done, it is possible to recognize that the password has been trapped based on the time difference between the verification date and time (time stamp) and the current time. Therefore, access by the trapped password can be denied, and higher security performance is secured.
- the portable electronic device when the portable electronic device receives a predetermined signal through the second transmission / reception interface, the public key information of the owner registered in the portable electronic device is transmitted to the outside. .
- the public key inside the portable electronic device can be used even if the data processing device does not hold the public key in advance.
- the matching by the biometric feature data matching unit of the portable electronic device indicates that the matching biometric feature data does not satisfy the predetermined matching condition with the registered biometric feature data. Is generated a predetermined number of times consecutively, the lock function unit locks the input of the biometric characteristic data to the portable electronic device. This ensures that unauthorized access is denied.
- the owner of the portable electronic device can make the system itself. Because you can have a separate management log from the You can get collateral for low-trust systems.
- the portable electronic device of the present invention transmits and receives data to and from a management device that performs personal authentication using a personal identification number, and stores in advance registered biometric characteristic data of the owner of the portable electronic device.
- a biometric feature data registration unit for transmitting / receiving data to / from the outside, a biometric feature data for verification of a person to be authenticated received from the outside by the transmission / reception interface, and the registered biometric feature data.
- a feature data collating unit; and a password registration unit for preliminarily storing a password of the owner of the portable electronic device, wherein the biometric data collating unit receives the collation received by the transmission / reception interface.
- the biometric feature data for comparison and the registered biometric feature data are compared and collated, and as a result of the comparison, the biometric feature data for collation is stored in the registered biometric feature data. If they meet the predetermined match condition with respect to the body feature data, the PIN, is characterized by transmitting to said management apparatus from said transmission reception fin evening face.
- a secret key registration unit that stores a registered secret key corresponding to the public key in advance, and a decryption unit that decrypts the encrypted data encrypted with the public key using the registered secret key are provided. If the biometric feature data for verification is obtained as a result of decrypting the encrypted data received by the transmission / reception interface by the decoding unit, the comparison / collation may be performed by the biometric feature data matching unit.
- a management device public key registration unit that stores a public key for the management device in advance, and before transmitting the password to the management device, publishes the password for the management device.
- An encryption unit for encrypting with a key may be provided.
- a recording unit for recording information used for processing in the management device as magnetic data may be provided on the surface of the portable electronic device.
- a clock function unit for calculating the current time, and a time stamp indicating the date and time of extraction of the biometric feature data for verification obtained by decoding by the decoding unit.
- the time stamp and the current time calculated by the clock function unit, a time stamp matching unit for comparing and matching, and a result of matching by the biological feature data matching unit, the matching biometric feature data Satisfies a predetermined matching condition with respect to the registered biological feature data, and If the time difference between the time stamp and the current time is within a predetermined range as a result of the collation, it may be determined that the person to be authenticated is the owner of the portable electronic device.
- the password is set to the watch.
- the data may be encrypted by the encryption unit together with the verification date and time obtained by the functional unit, and then transmitted to the outside from the transmission / reception interface.
- the public key information of the owner registered in the portable electronic device may be transmitted from the transmission / reception interface to the outside.
- a management log recording unit for storing at least one of the transmission date and time and the processing content of the password as a management log of the password may be provided.
- the biometric feature data for collation when the biometric feature data for collation is received by the transmission / reception interface, the biometric feature data for collation and the registered biometric feature data are compared with the biometric feature data. The comparison is performed by the feature data matching unit. As a result of the collation, if the collation biometric data satisfies a predetermined matching condition with respect to the registered biometric feature data, the personal identification number is transmitted to the management device. As described above, according to the portable electronic device of item (2-1), the password is transmitted to the management device after confirming a predetermined match between the biometric feature data for verification and the registered biometric feature data.
- the biometric data for verification is encrypted by the public key method and then input to the mobile electronic device, and all data input to the mobile electronic device during personal authentication is decrypted in the mobile electronic device. Is done. Therefore, it is not possible to input falsified biometric feature data for verification, and it becomes difficult for others to impersonate and higher security performance is secured. Even if the biometric characteristic data for verification is trapped using a fake portable electronic device (fake IC card, etc.), the biometric characteristic data for verification (encrypted data) is diverted to another system. It becomes difficult. Therefore, high security performance is secured and personal authentication is performed safely.
- the portable electronic device of item (2-3) all data transmitted to the outside is encrypted. That is, when the personal identification number is transmitted from the portable electronic device to the management device, the password is encrypted by the encryption key in the management device public key. Therefore, even if the PIN output from the portable electronic device is stolen, it is difficult to reuse the stolen PIN because the PIN is encrypted, and higher security performance is secured. You.
- a recording unit for recording information used for processing in the management device as magnetic data is provided on the surface. This makes it possible to use the portable electronic device as a portable electronic device, for example, when using an IC card that also has a function (magnetic stripe) as an existing magnetic card.
- the matching biometric feature data satisfies a predetermined matching condition with the registered biometric feature data, and the matching is performed by the time stamp matching unit.
- the time difference between the time stamp (extraction date and time) and the current time is within a predetermined range, it is determined that the person to be authenticated is the owner of the portable electronic device.
- the biometric characteristic data for verification input to the portable electronic device is trapped, and even if a replay attack is performed on the portable electronic device using the trapped biometric data for verification afterwards.
- the time difference between the evening stamp (extraction date and time) and the current time increases, and access to the trapped biometric data for verification can be denied. Performance is ensured.
- the password is encrypted together with the collation date and time (time stamp) obtained by the clock function unit. It is transmitted to the management device after being encrypted by the section.
- the security code transmitted from the portable electronic device to the management device is trapped, and even if the trapped security code is used, the collation date and time attached to the security code in the management device is not changed. If it is monitored, it is possible to recognize that the password has been trapped based on the time difference between the verification date and time (time stamp) and the current time. Therefore, access using the trapped password can be denied, and higher security performance is ensured.
- the portable electronic device of item (2-7) upon receiving a predetermined signal, the public key information of the owner registered in advance is transmitted to the outside. Thereby, even if the external device does not hold the public key in advance, the public key inside the portable electronic device can be used.
- the portable electronic device of the item (2-8) as a result of the matching by the biometric feature data matching unit, it is found that the matching biometric feature data does not satisfy the predetermined matching condition with the registered biometric feature data. When a predetermined number of consecutive occurrences occur, the lock function unit locks the input of the biometric feature data to the portable electronic device. This ensures that unauthorized access is rejected.
- the owner of the portable electronic device by storing at least one of the date and time of transmission of the personal identification number and the processing content in the management log recording unit, the owner of the portable electronic device becomes independent from the system. Because it is possible to have the management log of the system, it is possible to obtain security for the system with low trust.
- the personal authentication system of the present invention comprises a portable electronic device and a data processing device to which the portable electronic device is attached and which directly accesses the portable electronic device.
- a biometric information measurement unit configured to measure biometric information of a person to be authenticated; a biometric feature data extraction unit configured to extract biometric feature data for verification from the biometric information measured by the biometric information measurement unit;
- a first encryption unit that encrypts the biometric characteristic data for verification with a public key, and transmits and receives data between the data processing device and the portable electronic device. With the first transmission / reception interface to perform
- a biometric feature data registration unit that stores in advance the registered biometric feature data of the owner of the portable electronic device in the portable electronic device; and a data transfer unit between the portable electronic device and the data processing device.
- a second transmission / reception interface for performing transmission / reception, a biometric feature data matching unit for comparing and matching the biometric feature data for verification received from the outside with the second transmission / reception interface with the registered biometric feature data,
- a secret key registration unit that stores a registration private key corresponding to a public key in advance; and a decryption unit that decrypts encrypted data encrypted with the public key using the registration secret key.
- the biometric characteristic data for verification encrypted by the first encryption unit is transmitted from the first transmission / reception interface to the portable electronic device, and the encrypted data received by the second transmission / reception interface is decrypted by the decryption unit. And then obtains the biometric data for verification, and then compares and verifies the biometric feature data for verification with the registered biometric feature data by the biometric feature data verification unit.
- the data processing device is provided with the biometric part for verification by the biometric feature data extracting unit, and the time stamp is encrypted by the first encryption unit together with the biometric feature data for verification. While transmitting from the first transmission / reception interface to the portable electronic device,
- a clock function unit for calculating a current time in the portable electronic device; and a time stamp comparison for comparing and collating the time stamp obtained by decoding by the decoding unit with the current time calculated by the clock function unit.
- a result of the matching by the biometric feature data matching unit wherein the matching biometric feature data satisfies a predetermined matching condition with respect to the registered biometric feature data, and a result of the matching by the time stamp matching unit,
- the authentication target may be determined to be the owner of the portable electronic device.
- the portable electronic device transmits the owner information relating to the owner of the portable electronic device in advance to the owner information registration unit and the second transmission / reception interface to the data processing device.
- the owner information and the matching rate of the matching biometric feature data obtained at the time of the matching with the registered biometric feature data
- the second transmission / reception interface After encrypting at least one of the collation date and time obtained by the clock function unit with the second encryption unit, the second transmission / reception interface sends the collation result to the data processing device as the collation result. May be sent.
- the data processing apparatus further includes a message digest generation unit that generates a value obtained by inputting transfer data to the portable electronic device into a predetermined one-way function as a message digest; Is encrypted by the first encrypting unit together with the matching biometric feature data and transmitted from the first transmission / reception interface to the portable electronic device.
- a message digest generation unit that generates a value obtained by inputting transfer data to the portable electronic device into a predetermined one-way function as a message digest
- the first encrypting unit together with the matching biometric feature data and transmitted from the first transmission / reception interface to the portable electronic device.
- the portable electronic device may include a collation log recording unit that stores the collation result as a collation log for a predetermined period.
- a state in which the matching biometric feature data does not satisfy a predetermined matching condition with respect to the registered biometric feature data is determined by a predetermined number of times.
- a lock function unit for locking the input of the biometric data to the portable electronic device may be provided.
- the biometric information of the person to be authenticated is measured by the biometric information measurement unit, and the biometric data is extracted from the biometric information by the biometric data extraction unit.
- the biometric feature data is extracted, and the biometric feature data for collation is encrypted by the first encryption unit using the public key, and then transmitted from the first transmission / reception interface to the portable electronic device.
- the second transmission / reception After the encrypted data received by the communication interface is decrypted by the decryption unit overnight in the biometric data for verification, the biometric data for verification and the registered biometric data are compared and verified by the biometric data verification unit. Is done.
- the biometric feature data for verification transmitted from the data processing device to the portable electronic device is encrypted with the public key, Even if the biometric characteristic data for verification is trapped using a fake portable electronic device (fake IC card, etc.), it becomes difficult to divert the biometric characteristic data for verification (encrypted data) to other systems. . Therefore, high security performance is secured and personal authentication is performed safely.
- the date and time of extraction of the biometric feature data for verification is generated as a time stamp in the data processing device, attached to the biometric feature data for verification, and transmitted to the portable electronic device.
- the matching biometric feature data satisfies a predetermined matching condition with the registered biometric feature data, and the time difference between the time stamp (extraction date and time) and the current time is within a predetermined range.
- the person to be certified is the owner of the portable electronic device.
- the biometric data for verification transmitted from the data processing device to the portable electronic device is trapped, and then a replay attack on the portable electronic device is performed using the trapped biometric characteristic data for verification. Even if this is done, the time difference between the timestamp (extraction date and time) and the current time will increase, and it will be possible to reject the access due to the trapped biometric data for verification, ensuring higher security performance.
- the owner information (account number, etc.) and the biometric characteristic data for verification are used.
- At least one of the matching rate of the registered biometric characteristic data and the verification date and time (time stamp) is encrypted by the second encryption unit using the secret key, and then transmitted to the data processing device as the verification result.
- the result of comparing the biometric data in the portable electronic device is output to the outside. High security performance is assured, and personal authentication is performed safely.
- the matching rate obtained by matching biometric feature data as a matching result, it is possible to manage records of the likelihood of the matching result.
- the data processing device In the personal authentication system of item (3-4), the data processing device generates a message digest for the data transferred to the portable electronic device, and the message digest is included in the first data along with the biometric characteristic data for verification.
- the data is encrypted by the encryption unit and transmitted from the first transmission / reception interface to the portable electronic device.
- the decryption unit In the case of the portable electronic device, if it is determined that the person to be authenticated is the owner of the portable electronic device, the decryption unit
- the message digest of the electronic slip or the like obtained by decrypting in step (2) is again encrypted by the secret key in the second decryption unit, and then transmitted to the data processing device as a verification result.
- the same effect as the personal authentication system of item (3-3) can be obtained, and since the message digest is output as the collation result, it is possible to manage the record of which process was authenticated. it can.
- the collation result is stored as a collation log for a predetermined period in the collation log recording unit of the portable electronic device. Records can be maintained.
- the portable electronic device when the portable electronic device receives a predetermined signal at the second transmission / reception interface, the public key information of the owner registered in the portable electronic device is transmitted to the outside. .
- the public key inside the portable electronic device can be used even if the data processing device does not hold the public key in advance.
- the matching biometric feature data satisfies a predetermined matching condition with the registered biometric feature data.
- the absence state occurs continuously for a predetermined number of times, the input of biometric characteristic data to the portable electronic device is locked by the lock function unit. This ensures that unauthorized access is denied.
- the portable electronic device of the present invention has a personal authentication function using biometric information, and a biometric feature data registration unit for storing registered biometric feature data of the owner of the portable electronic device in advance. And send and receive data to and from the outside Ace, a biometric feature data comparison unit for comparing and matching biometric feature data for verification of a person to be authenticated received from the outside by the transmission / reception interface with the registered biometric feature data, and a registered private key corresponding to a public key And a decryption unit for decrypting the encrypted data encrypted with the public key with the registered private key, and storing the encrypted data received by the transmission / reception interface.
- the biometric feature data comparing unit compares and matches the matching biometric feature data with the registered biometric feature data. It is characterized by:
- a clock function unit for calculating the current time and a time stamp indicating the date and time of extraction of the biometric feature data for verification attached to the biometric feature data for verification obtained by decoding by the decoding unit. If the time stamp is compared with the current time calculated by the clock function unit, a time stamp matching unit for comparing and matching the time stamp is provided. When the characteristic data satisfies a predetermined matching condition with respect to the registered living body characteristic data, and as a result of the collation by the time stamp collating unit, the time difference between the time stamp and the current time is within a predetermined range. Alternatively, it may be determined that the person to be authenticated is the owner of the portable electronic device.
- an owner information registration unit for storing the owner information of the owner of the portable electronic device in advance, and encrypting data transmitted from the transmission / reception interface to the data processing device with the registration secret key.
- the owner information At least one of a matching rate of the biometric feature data for matching obtained at the time of the matching with the registered biometric feature data, and a matching date and time obtained by the clock function unit, After encryption, the data may be transmitted from the transmission / reception interface to the data processing device as a result of verification.
- a verification log recording unit for storing the verification result as a verification log for a predetermined period may be provided.
- the public key information of the owner registered in the portable electronic device may be transmitted from the transmission / reception interface to the outside.
- the portable electronic device having the personal authentication function using the biological information of the item (4-1) described above, when the encrypted data is received by the transmission / reception interface, the encrypted data is decrypted by the decryption unit, and as a result, When the biometric data for collation is obtained, the biometric data for collation and the registered biometric data are compared and collated by the biometric data collator.
- the fake portable electronic device since the biometric data for verification input from the outside is encrypted, the fake portable electronic device (fake IC) should be used. Even if the biometric feature data for verification is trapped using a card, it becomes difficult to use the biometric feature data for verification (encrypted data) in other systems. Therefore, high security performance is secured and personal authentication is performed safely.
- the verification biometric data is compared with the registered biometric data by a predetermined value. If the matching condition is satisfied and the time difference between the time stamp (extraction date and time) and the current time is within a predetermined range, it is determined that the person to be authenticated is the owner of the portable electronic device. As a result, the biometric characteristic data for verification input to the portable electronic device is trapped, and thereafter, the trapped biometric characteristic data for verification is trapped. Even if a replay attack is performed on a portable electronic device using a mobile device, the time difference between the timestamp (extraction date and time) and the current time increases, and access to the trapped biometric feature for verification can be denied. Higher security performance is ensured.
- the owner information (account number, etc.) and the registered biometric feature in the biometric feature data for verification are set.
- At least one of the data match rate and the collation date / time (time stamp) is encrypted by the encryption unit using the secret key, and then transmitted to the outside as the collation result. That is, since the information about the authentication result is encrypted with the secret key, the issuer of the authentication result can be certified.
- the verification date and time time stamp
- the portable electronic device of item (4-4) when the person to be authenticated is determined to be the owner of the portable electronic device, and a message digest is attached to the biometric characteristic data for verification. After the message digest is encrypted by the encryption key using the secret key, it is transmitted to the outside as a verification result. As a result, the same effect as the portable electronic device of item (4-3) can be obtained, and a record of which process has been authenticated can be managed by outputting a message digest as a collation result. it can.
- the collation result is stored in the collation log recording unit as the collation log for a predetermined period, so that the record of the owner's collation activity is stored in the portable electronic device. Can be held.
- the portable electronic device of item (4-6) upon receiving a predetermined signal, the public key information of the owner registered in advance is transmitted to the outside. Thereby, even if the external device does not hold the public key in advance, the public key inside the portable electronic device can be used.
- the portable electronic device of the item (4-7) as a result of the matching by the biometric feature data matching unit, the state where the matching biometric feature data does not satisfy the predetermined matching condition with the registered biometric feature data continues for a predetermined number of times. If this occurs, the lock function unit locks the input of biometric characteristic data to the portable electronic device. This ensures that unauthorized access is rejected.
- FIG. 1 is a block diagram showing a configuration of a personal authentication system as a first embodiment of the present invention.
- FIG. 2 is a flowchart for explaining the operation of the first embodiment.
- FIG. 3 is a block diagram showing a configuration of a personal authentication system as a first modification of the first embodiment of the present invention.
- FIG. 4 is a flowchart for explaining the operation of the first modification of the first embodiment.
- FIG. 5 is a block diagram showing a configuration of a personal authentication system as a second modification of the first embodiment of the present invention.
- FIG. 6 is a flowchart for explaining the operation of the second modification of the first embodiment.
- FIG. 7 is a block diagram showing a configuration of a personal authentication system as a third modification of the first embodiment of the present invention.
- FIG. 8 is a flowchart for explaining the operation of the third modification of the first embodiment.
- FIG. 9 is a block diagram showing a configuration of a personal authentication system according to a second embodiment of the present invention.
- FIG. 10 is a flowchart for explaining the operation of the second embodiment.
- FIG. 11 is a block diagram showing a configuration of a personal authentication system as a first modification of the second embodiment of the present invention.
- FIG. 12 is a flowchart for explaining the operation of the first modification of the second embodiment.
- FIG. 13 is a block diagram showing a configuration of a personal authentication system as a second modification of the second embodiment of the present invention.
- FIG. 14 is a flowchart for explaining the operation of the second modification of the second embodiment.
- FIG. 15 is a block diagram showing a configuration of a personal authentication system as a third modification of the second embodiment of the present invention.
- FIG. 16 is a flowchart for explaining the operation of the third modification of the second embodiment.
- the portable electronic device is an IC card having a function as, for example, a debit card.
- the personal authentication system of the first embodiment requires a process of inputting a personal identification number for personal authentication.
- the personal identification system and the biometric information that cannot be stolen or imitated are required.
- the biometric feature data extracted from the biometric information about the owner of the IC card is registered and stored in the IC card as registered biometric feature data in advance.
- the personal identification number stored in the IC card is output to the host computer (management device) through the interface.
- the password is sent directly from the IC card to the host computer after personal identification using biometric information in the IC card. There is no need to enter it, which reduces the chances of having your PIN stolen.
- the security of the transmitted PIN is further improved by transmitting the PIN after encrypting it with the public key of the host computer. can do.
- the timestamp verification date and time
- the second embodiment of the present invention includes a portable electronic device (in this embodiment, an IC card) and an external data processing device (the present embodiment) which is mounted with the portable electronic device and directly accesses the portable electronic device.
- a portable electronic device in this embodiment, an IC card
- an external data processing device the present embodiment
- the public key method is applied to input and output the biometric characteristic data to the portable electronic device. Even when the result of collating biometric data is output to the outside, high security performance is ensured, and personal authentication can be performed safely.
- the IC card also includes
- the biometric feature data extracted from the biometric information about the owner of the C card is registered and stored in advance as registered biometric feature data.
- the user (owner) of the IC card inputs his / her biometric information at the IC card terminal, and the biometric characteristic data for verification, which is processed at the IC card terminal and extracted from the biometric information, is transferred from the IC card terminal to the IC card. Is entered. At that time, the biometric feature data for verification is encrypted with the public key and then transmitted to the IC card.
- the IC card transmits the message digest attached to the biometric feature data for verification, After merging the matching result (matching rate) of biometric feature data, matching date and time, owner information, etc. and encrypting it with the registered private key, the encrypted data is returned to the IC card terminal as the authentication result.
- the second embodiment by using personal authentication based on biometric information without relying on a password, it is possible to provide a personal authentication technology suitable for an IC card having high tamper resistance.
- the biometric data is encrypted using a public key method.
- the fake biometric data is prevented from being accepted by the IC card.
- the authentication result (comparison result) of the biometric characteristic data inside the IC card is encrypted with the registered secret key stored in the IC card and output to the outside.
- the registered biometric characteristic data in the ic card does not go outside during verification, and the verification result from the outside is not input to the IC card. Therefore, the possibility of impersonation can be reliably reduced.
- the verification result is output from the IC card to the outside, if the PKI process is performed inside the IC card and output to the outside, or if a message digest is generated and attached, the verification result is falsified or forged. It is possible to more reliably reduce the possibility.
- FIG. 1 is a block diagram showing a configuration of a personal authentication system according to a first embodiment of the present invention.
- the personal authentication system 100 according to the first embodiment is configured as a debit card.
- a host computer (management device) 400 that accesses the IC card 300 through the IC card terminal 200 and authenticates the owner of the IC card 300 using a personal identification number.
- the host computer 400 belongs to, for example, a bank that has a deposit account from which the purchase price must be paid when using the IC card 300 as a debit card.
- the debit card is used in combination with an external data processing device, for example, a debit card terminal (here IC card terminal 200).
- the external data processing device is connected via a network to a host computer 400 that performs deposit balance management and the like.
- the IC card terminal 200 has a slot (not shown) for the IC card 300. At the same time as inserting the IC card 300 into this slot, the transmission / reception interface on the IC card terminal 200 side is provided. (The first transmission / reception interface) 205 comes into contact with the transmission / reception interface (second transmission / reception interface) 310 on the IC card 300 side, and the IC card terminal 200 contacts the IC card 300. Data is sent and received overnight.
- the transmission and reception interfaces 205 and 301 are of a contact type.
- the present invention is not limited to this, and it is of course possible to use a contactless interface.
- the IC card terminal 200 includes a biological information measuring unit 201, a biometric feature data extracting unit 202, a time stamp generating unit 203, a data encrypting unit (first encrypting unit) 200. 4 and a transmission / reception interface 205.
- the biometric information measurement unit 201 measures and collects the biometric information of the person to be authenticated (the user who inserted the IC card 300 into the IC card terminal 200). It is.
- biometric information image data such as fingerprints, irises, faces, retinas, vascular patterns, palm shapes, signatures, ear shapes, etc. may be measured and collected for use, and voice, keystroke, dynamic Time series data such as signatures may be measured and collected for use.
- the biometric information measuring unit 201 is provided with a fingerprint input surface, and the person to be authenticated touches the fingerprint input surface with a finger. The fingerprint of the finger is measured and collected.
- the biometric feature data extraction unit 202 extracts a biometric feature data for collation from the biometric information measured by the biometric information measurement unit 201.
- the biometric feature data extracted from the fingerprint image data is, for example, the coordinates of a branch point (feature point) of a fingerprint ridge, an end point (feature). Point) coordinates, intersection coordinates, fingerprint center coordinates, fingerprint delta coordinates, fingerprint ridge direction, distance between feature points, number of ridges between fingerprint feature points, and so on.
- the time stamp generation unit 203 generates a time and date when the biometric feature data for collation is extracted by the biometric feature data extraction unit 202 as a time stamp.
- the data encryption unit 204 combines the biometric feature data for collation extracted by the biometric feature data extraction unit 202 with the time stamp (extraction date and time) from the time stamp generation unit 203 and the IC card 300 It is encrypted with the public key for use.
- the public key for the IC card 300 is stored in a host computer (not shown; different from the host computer 400) connected to the IC card terminal 300 or the IC card 300. On the other hand, it can be obtained by issuing a specific instruction (predetermined signal).
- the IC card 300 holds a public key for the IC card 300 and the IC card terminal The 200 has obtained a public key by issuing a specific command to the IC card 300.
- the transmission / reception interface 205 contacts the transmission / reception interface 301 on the IC card 300 side, and transmits / receives data between the IC card terminal 200 and the IC card 300. In addition to this, data transmission / reception between the IC card terminal 200 and the host computer 400 is performed.
- the IC card 300 of the first embodiment includes a storage unit such as a ROM and a RAM, and a CPU (Central Processing Unit) that performs processing based on data stored in the storage unit and an external signal.
- a storage unit such as a ROM and a RAM
- a CPU Central Processing Unit
- the transmission / reception interface 301 the biometric feature data registration unit 302, the secret key registration unit 303, the clock function unit 304, the data encryption Z decryption unit (the 2 Encrypting unit, decrypting unit) 3 05, Biometrics information data collating unit 3 06, Time stamp collating unit 3 07, Password registration unit 3 08, Owner information registering unit 3 09, Verification It is configured to have functions as a log recording unit 310, an IC card public key registration unit 312, and a management log recording unit 317.
- the transmission / reception interface 301 comes into contact with the transmission / reception interface 205 on the IC card terminal 200 side, and
- the biometric data storage section 302 stores the registered biometric data of the owner of the IC card 300 in advance. This registered biometric data is stored in the IC card terminal, for example, when the IC card 300 is issued.
- the biometric information (fingerprint image data, etc.) of the owner of the IC card 300 is collected at the IC card terminal 200, and the registered biometric feature data is obtained from the biometric information. Extract. Then, the registered biometric feature data is
- the information is written from the IC card terminal 200 to the biometric characteristic data registration unit 302 in the IC card 300 and registered.
- the secret key registration unit 303 stores the registered secret key corresponding to the public key for the IC card 300 in advance, and the clock function unit 304 calculates the current time.
- the data encryption / decryption unit 3 A function as a decryption unit for decrypting the encrypted data received from the private key registration unit 303 with the registered private key, and a public key for the host computer 400 to transmit the data to be transmitted to the host computer 400 It also has a function as an encryption unit (second encryption unit) for encrypting with.
- the data encryption Z-decryption section 305 functions only as a decryption section, and the function as the encryption section is used in the first to third modifications of the first embodiment.
- the encrypted data decrypted by the data encryption Z decryption unit 305 is a biometric characteristic data for verification, which is transmitted after being encrypted from the IC card terminal 200. And time stamp (extraction date and time).
- the biometric information data collating unit 3006 compares the biometric data for collation received from outside via the transmission / reception interface 301 with the registered biometric data data of the biometric data registration unit 302. The comparison and collation are performed to determine whether or not the biometric feature data for verification satisfies a predetermined matching condition with respect to the registered biometric feature data.
- the predetermined matching condition is, for example, that the matching rate (matching degree) between the biometric data for verification and the registered biometric data is equal to or more than a predetermined value.
- the time stamp comparing unit 307 compares and collates the time stamp obtained by decryption by the data encryption / decryption unit 305 with the current time calculated by the clock function unit 304. This is to determine whether or not the time difference is within a predetermined range (for example, a predetermined value or less).
- the password registration section 308 and the owner information registration section 309 function as a user information storage section, and the password registration section 308 uses an IC card 300 as a debit card.
- a password password required to access the host computer 400, which has been manually input using a numeric keypad in the past, is registered and stored in advance.
- the account number account number, user number
- the collation log recording unit 310 records the collation results from the biometric feature data collation unit 302 and the time stamp collation unit 307, together with the collation date and time obtained by the clock function unit 304, as a collation log. It is stored for a predetermined period.
- the IC card public key registration unit 312 is required when the data encryption unit 204 of the IC card terminal 200 encodes the biometric characteristic data for verification and the time stamp.
- the public key (predetermined public key information) for the IC card 300 is registered and stored in advance.
- the public key stored in the public key registration unit 312 is transmitted to and received from the transmission / reception interface 301. When a predetermined signal (specific command) is received, it is transmitted from the transmission / reception interface 301 to the IC card 200 (or the host computer 400).
- the management log recording unit 317 saves at least one of the transmission date and time and the processing content of the password as a password management log. Things.
- biometric feature data registration section 302 secret key registration section 303, certificate number registration section 308, owner information registration section 309, verification log recording section 310, IC card
- the public key registration unit 312 and the management log recording unit 3117 are actually realized by a storage unit such as a ROM and a RAM built in the IC card 300.
- the clock function section 304, the data encryption Z decryption section 300, the biometrics information data overnight collation section 310, and the time stamp collation section 310 are actually composed of an IC card 3004. It is realized by the CPU built in the PC.
- the owner of the IC card 300 inserts the IC card 300 into the slot of the IC card terminal 200, and If information such as fingerprint image data is required as information, touch the finger to the fingerprint input surface.
- the biometric information measuring unit 201 measures biometric information (fingerprint image data) of the person to be authenticated (step S11), and extracts biometric data from the biometric information.
- biometric feature data for collation is extracted by the unit 202, and the extraction date (time stamp) of the biometric feature data for collation is generated by the time stamp generation unit 203 and attached to the biometric feature data for collation.
- time stamp time stamp generation unit 203
- the biometric characteristic data for verification is encrypted with the attached time stamp by the public key for the IC card 300 by the data encryption unit 204 (step S13).
- the public key for the IC card 300 is issued by issuing a specific command (predetermined signal) to the IC card 300, so that the IC card
- the information is read from the card public key registration unit 312 and transmitted from the IC card 300 to the IC card terminal 200.
- the encryption key transmitted from the IC card 300 to the IC card terminal 200 is a public key, no problem occurs even if it is transmitted by a simple command.
- the biometric data for verification which is encrypted with the public key in the data encryption unit 204, is transmitted to the IC card 300 from the transmission / reception interface 205 together with the time stamp. (Step S14).
- the encrypted data is decrypted by the data encryption Z decryption unit 304 using the registered private key, and the biometric characteristic data for verification and After obtaining the time stamp (step S15), first, the biometric feature data for verification and the registered biometric feature data are compared and collated by the biometric feature data collating unit 303 (step S1-5). 6).
- the matching rate (matching degree) between the matching biometric feature data and the registered biometric feature data is not equal to or greater than a predetermined value (NO route in step S17)
- the person to be authenticated is the IC card 30. It is determined that it is not the owner of 0 (step S22), and predetermined measures (such as card lock) are performed.
- step S17 if the matching rate (matching degree) between the matching biometric feature data and the registered biometric feature data is equal to or greater than a predetermined value (YES route in step S17), then the time stamp matching unit 310 As a result, the time stamp obtained by decryption by the data encryption / decryption unit 304 is compared with the current time calculated by the clock function unit 304 (step S18).
- the person to be authenticated is not the owner of the IC card 300 Is determined (step S23), and a predetermined countermeasure (such as card lock) is performed.
- a predetermined countermeasure such as card lock
- the person to be authenticated is the owner of the IC card 300.
- the password and the account number (user number) are read out from the password registration section 308 and the owner information registration section 309, respectively, and as an authentication result (OK).
- the transmission / reception interface 301 outputs and transmits to the host computer 400 via the transmission / reception interface 205 of the IC card terminal 200 (step S21).
- Means for notifying the processing result include a means for printing on a predetermined sheet in the IC card terminal 200 and a means for writing as a log inside the IC card 300.
- the comparison result (OKZNG, etc.) by the biometric data overnight collation unit 310 and the time stamp collation unit 307 is converted to the clock function unit 304 In addition to the collation date and time obtained by the password, it is stored in the collation log recording unit 310 only for a predetermined period. Is stored in the management log recording unit 3 17.
- the personal authentication system 100 after confirming a predetermined match between the biometric feature data for verification and the registered biometric feature data,
- the IC card 300 as a debit card, it is possible to link PIN input with personal authentication using biometric information that cannot be stolen or imitated. Theft is reliably prevented, high security performance is ensured, and personal authentication can be performed safely.
- the biometric characteristic data for verification is encrypted by the public key method, and then transmitted from the IC card terminal 200 to the IC card 300, and the personal authentication is performed. All the data input to the IC card 300 are decrypted in the IC card 300. Therefore, it is not possible to input the falsified biometric feature data for verification, and it becomes difficult for others to impersonate, and higher security performance is secured.
- the biometric data for verification is encrypted using a public key method. This makes it difficult to reuse and reuse in other systems. Therefore, high security performance is secured and personal authentication is performed safely.
- the time difference between the date and time of extraction of the biometric feature data for verification and the current time is Inevitably grows.
- the personal authentication system 100 of the first embodiment takes advantage of this fact and compares the extraction date and time (time stamp) of the biometric feature data for verification with the current time, thereby obtaining the time stamp (extraction date and time). If the time difference from the current time is large, access using the biometric characteristic data for verification is rejected, so that it is difficult to perform a replay attack using stolen biometric characteristic data for verification, and higher security performance is achieved. Secured.
- the IC card 300 when the IC card 300 receives a predetermined signal (command) through the transmission / reception interface 301, the IC card public key registration unit 312 Since the public key is read and transmitted to the outside, even if the IC card terminal 200 (or the host computer 400, etc.) does not hold the public key for the IC card 300, the IC card Encryption can be performed by using the public key inside 300.
- the date and time of transmission of the personal identification number and account number and the processing contents are stored in the management log recording unit 3 17 of the IC card 300, so that the IC card
- the owner of the system itself can have a management log separate from the system, and can obtain security for a system with low trust.
- the verification log recording unit 310 of the IC card 300 stores the verification by the biometric characteristic data verification unit 303 and the time stamp verification unit 310. Since the result (OKZNG, etc.) is stored as a collation log only for a predetermined period, a record of the owner's collation action can be stored in the IC card 300.
- FIG. 3 is a block diagram showing a configuration of a personal authentication system as a first modification of the first embodiment of the present invention.
- the same reference numerals as those described above indicate the same or almost the same portions, and thus detailed description thereof will be omitted.
- the personal authentication system 100 OA as a first modification of the first embodiment is different from the IC card 300 in the personal authentication system 100 shown in FIG. It is a function added.
- the personal authentication system 100 OA is an extension of the personal authentication system 100.
- the personal identification number and account number are transmitted to the host computer 400 as an authentication result, the personal identification number and the account number are used as the host. It is encrypted with the public key for the computer 400, and a time stamp (verification date and time) is attached to the password and account number when performing the encryption.
- the IC card 300 of the personal authentication system 100 A uses a host computer public key registration unit (a management computer) that stores the public key for the host computer 400 in advance.
- Device public key registration unit) 3 1 1 It should be noted that the host computer public key registration unit 311 is actually realized by a storage unit such as a ROM, a RAM, and the like, which is built in the IC card 300.
- the person to be authenticated is the mobile electronic device 300. If it is determined that the owner is the owner, the collation date and time are obtained by the clock function section 304, and the collation date and time are used as a time stamp as a password and account number to be transmitted to the host combination user 400. It has a function to be attached to
- the above-described data encryption Z decryption unit 305 discloses the personal identification number and account number to be transmitted to the host computer 400 together with the time stamp (verification date and time) for the host computer 400. It fulfills the function of encrypting with a key.
- step S20 If it is determined in step S20 that the person to be authenticated is the owner of the IC card 300, the clock function unit 304 obtains the matching date and time, and then uses the matching time as a timestamp as the host. Attach it to the personal identification number and account number to be sent to the computer 400 (step S31).
- the personal identification number and the account number are encrypted by the data encryption / decryption unit 305 with the public key for the host computer 400 together with the time stamp (verification date and time) (step S32), the transmission / reception interface 301 transmits / transfers to the host computer 400 via the transmission / reception interface 205 of the IC card terminal 200 (step S33).
- the same operation and effect as those of the first embodiment can be obtained, and the IC card 300 can be obtained.
- the authentication results (PIN, account number, collation date, etc.) sent from the host computer 400 to the host computer 400 are all stored in the host computer in the IC card 300. Since it is encrypted with the public key for PC 400, even if the authentication result including the PIN output from the IC card 300 to the outside is stolen, the stolen ID is reused. It is difficult to do so, and higher security performance is ensured.
- the authentication result transmitted to the host computer 400 also has a time stamp attached to the verification time.
- the authentication result ( ⁇ PIN) transmitted from the IC card 300 to the host computer 400 is trapped. Even if the trapped PIN is used, the host computer 4 If the collation date and time attached to the password is monitored in 0 0, it is possible to recognize that the password has been trapped based on the time difference between the collation date and time (time stamp) and the current time. it can.
- the host computer 400 when the host computer 400 is accessed using the stolen password as described above, the time difference between the collation date and time attached to the password and the current time is inevitably large.
- the host computer 400 can recognize whether or not the PIN has been trapped, and can deny access using the trapped PIN. It becomes difficult to reuse, and higher security performance is secured. Reuse of this data becomes difficult.
- FIG. 5 is a block diagram showing a configuration of a personal authentication system as a second modification of the first embodiment of the present invention.
- the same reference numerals as those described above indicate the same or almost the same portions, and thus detailed description thereof will be omitted.
- a personal authentication system 100B as a second modification of the first embodiment is different from the personal authentication system 100 OA shown in FIG. Further, the following function (magnetic data reading unit 206) is added.
- the owner information such as the account number (account number, user number) is the same as the magnetic card, and the magnetic stripe on the surface of the IC card 300 (recording unit; (Not shown) and magnetic data is recorded in advance, and a magnetic stripe on the surface of the IC card 300 is stored in the IC card terminal 200.
- a magnetic data reading unit 206 for reading magnetic data from the computer is provided.
- the owner of the IC card 300 transfers the IC card 300 to the IC card terminal 200.
- the magnetic data reading unit 206 uses the magnetic stripe on the surface of the IC card 300 to read magnetic data, ie, account information (account number, user number) and other owner information. Is read (step S10).
- step S20 the verification function obtains the verification date and time from the clock function unit 304, and then compares the verification time with the time stamp. Is attached to the password to be transmitted to the host computer 400 (step S31 ').
- step S32 ′ After the personal identification number is encrypted by the data encryption / decryption unit 305 with the public key for the host computer 400 together with the time stamp (verification date and time) (step S32 ′), the transmission / reception interface 3 From 01, the transmission / reception interface 205 of the IC card terminal 200 is sent, and the encrypted personal identification number is sent along with the account number (account number, user number) read from the magnetic stripe.
- the data is transmitted and transmitted from the transmission / reception interface 205 to the host computer 400 (step S33 ').
- the owner information such as the account number (account number and user number) is recorded on the magnetic stripe on the surface of the IC card 300, so that the owner information in the IC card 300 is registered.
- the part 309 may be omitted.
- the personal authentication system 100 B as the second modification of the first embodiment of the present invention, the same operation and effect as those of the above-described first modification of the first embodiment can be obtained.
- the personal authentication system 100 B can respond.
- the IC card terminal 200 can handle both existing magnetic force and IC card, the existing magnetic card and IC card can be used together in the personal authentication system 100B. Becomes possible.
- FIG. 7 is a block diagram showing a configuration of a personal authentication system as a third modification of the first embodiment of the present invention.
- the same reference numerals as those described above indicate the same or almost the same portions, and thus detailed description thereof will be omitted.
- a personal authentication system 100C as a third modification of the first embodiment is different from the IC card 300 in the personal authentication system 100B shown in FIG.
- Such a function (a collation count section 3 13 and an IC card lock section 3 14) is added.
- the biometric feature data collating unit 3006 compares the biometric feature data for verification with the registered biometric feature data, and the matching result is less than the predetermined matching rate for a predetermined number of consecutive times.
- the IC card 300 has a function of locking the IC card 300.
- the IC card 300 of the personal authentication system 100 A has the functions of the number-of-times-of-collation counting section 3 13 and the IC card lock section 3 14.
- the number-of-times-of-collation counting section 313 and the IC card lock section (lock function section) 314 are actually realized by the CPU incorporated in the IC card 300.
- the matching number counting unit 3 13 counts the number of matching times when the matching result is less than a predetermined matching rate in the biometric data matching unit 3 06 continuously. is there.
- the IC card lock unit 314 locks the input of biometric feature data to the IC card 300 when the count value of the collation count unit 313 reaches a predetermined number. .
- step S17 If it is determined in step S17 that the matching rate (matching degree) between the biometric feature data for verification and the registered biometric feature data is not greater than or equal to a predetermined value (NO route in step S17), the number-of-matching count unit 3 13 is counted up by 1 (step S41), and it is determined whether or not the count value of the number-of-collations counting section 313 has reached a predetermined number (step S42).
- a signal (command to instruct the IC card terminal 200 to measure biometric information again from the IC card 3002) ) Is sent, and the processing of steps S11 to S17 is executed again.
- the IC card lock section 3 14 causes the biometric characteristic to the IC card 300 to be transmitted.
- the overnight input is locked (step S43).
- the same operation and effect as those of the above-described second modification of the first embodiment can be obtained.
- the biometric feature data matching unit 303 if a state in which the matching biometric feature data does not satisfy the predetermined matching condition with respect to the registered biometric feature data occurs continuously a predetermined number of times, Since the input of the biometric characteristic data to the IC card 300 is locked by the IC card lock section 3 14, the unauthorized access can be securely rejected.
- FIG. 9 is a block diagram showing a configuration of a personal authentication system as a second embodiment of the present invention.
- the same reference numerals as those described in the first embodiment denote the same or almost the same parts.
- the personal authentication system 500 of the second embodiment includes an IC card (portable electronic device) 300, and the IC card 300 mounted on the personal authentication system 500.
- IC card terminal (external data processing device) 200 for access.
- the IC card 300 in the second embodiment may or may not have a function as a debit card as in the first embodiment.
- the IC card terminal 200 in the second embodiment has a slot (not shown) for the IC card 300 as in the first embodiment, and the IC card 300 is inserted into this slot.
- the transmission / reception interface (first transmission / reception interface) 205 of the IC card terminal 200 contacts the transmission / reception interface (second transmission / reception interface) 301 of the IC card 300, and the IC card Data is transmitted and received between the terminal 200 and the IC card 300.
- the transmission and reception interfaces 205 In the second embodiment, the transmission and reception interfaces 205,
- 301 is a contact type
- the present invention is not limited to this, and it is of course possible to use a non-contact type interface.
- the IC card terminal 200 includes a biological information measuring unit 201, a biological characteristic data extracting unit 202, a data encrypting unit (first encrypting unit) 204, and a transmitting / receiving interface 210. It is configured with five.
- the biometric information measurement unit 201 is a person to be authenticated (IC card 3
- the biometric feature data extraction unit 202 extracts the biometric feature data for verification from the biometric information measured by the biometric information measurement unit 201, as in the first embodiment.
- the biometric information and the biometric feature data extracted from the biometric information the same data as described in the first embodiment is used, and the description is omitted here.
- the data encrypting unit 204 encrypts the matching biometric feature data extracted by the biometric feature data extracting unit 202 with the public key for the IC card 300.
- the public key for the IC card 300 is stored in a host computer (not shown; host computer) connected to the IC card terminal 300.
- IC card public key registration section 3 1 2 of C card 3 00 holds the public key for IC card 3 0, and IC card terminal 2 0
- the public key is obtained by issuing a specific order.
- the transmission / reception interface 205 transmits and receives data on the IC card 300 side. It is configured to contact the communication interface 301 to transmit and receive data between the IC card terminal 200 and the IC card 300.
- the IC card 300 of the second embodiment also has a storage unit such as ROM, RAM, etc., and processes based on data stored in the storage unit and external signals.
- a transmission / reception interface 301, a biometric feature data registration unit 302, a secret key registration unit 303, a data encryption Z decryption unit (second encryption unit, The decryption unit) has a function as a function of the function of the device, a biometric information data collating unit and an IC card public key registration unit.
- the transmission / reception interface 301 contacts the transmission / reception interface 205 of the IC card terminal 200 to transmit and receive data between the IC card terminal 200 and the IC card 300. It is what you do.
- the biometric feature data registration unit 302 stores the biometric feature data of the owner of the IC card 300 in advance. This registered biometric feature data is registered in advance in the biometric feature data registration unit 302 in the same manner as in the first embodiment, for example, when an IC card 300 is issued.
- the secret key registration unit 303 previously stores a registered secret key corresponding to the public key for the IC card 300, as in the first embodiment.
- the data encryption Z-decryption unit 304 functions as a decryption unit that decrypts the encrypted data received from the outside via the transmission / reception interface 310 with the registered secret key of the secret key registration unit 303, and IC It also has a function as an encryption unit (second encryption unit) that encrypts data to be transmitted to the card terminal 200 with the registered secret key of the secret key registration unit 303.
- the data encryption / decryption unit 304 functions only as a decryption unit, and the function of the encryption unit is used in the second and third modifications of the second embodiment.
- the encrypted data decrypted by the data encryption / decryption unit 305 is, as described later, biometric characteristic data for verification transmitted from the IC card terminal 200 after being encrypted.
- the biometrics information data collation unit 303 registers the biometric feature data for verification received from the outside through the transmission / reception interface 301 and the biometric feature data registration unit 3002. Compares and matches with biometric feature data and satisfies predetermined matching conditions. That is, it is determined whether or not the matching rate between the biometric feature data for verification and the registered biometric feature data is equal to or greater than a predetermined value.
- the IC card public key registration unit 312 is required to encrypt the biometric characteristic data for verification by the data encryption unit 204 of the IC card terminal 200.
- a public key for 300 (predetermined public key information) is registered and stored in advance, and the public key stored in the public key registration unit 312 is transmitted and received by the transmission / reception interface 301.
- a signal specific command
- it is transmitted from the transmission / reception interface 301 to the IC card terminal 200.
- biometric data registration unit 302, secret key registration unit 303, and IC card public key registration unit 3122 are actually built in the IC card 300. This is realized by a storage unit such as OM and RAM.
- the owner (authentication target) of the IC card 300 inserts the IC card 300 into the slot of the IC card terminal 200, and then, as biometric information, If you need a complete fingerprint image, place your finger on the fingerprint input surface.
- biometric information fingerprint image data
- biometric feature data extracting unit 2 is extracted from the biometric information.
- biometric feature data for collation is extracted by 02 (step S122).
- the biometric characteristic data for verification is encrypted by the data encryption unit 204 with the public key for the IC card 300 (step S1311).
- the public key for the IC card 300 is issued to the IC card 300 by issuing a specific instruction (a predetermined signal) to the IC card 300.
- Public key registration The data is read from the unit 312 and transmitted from the IC card 300 to the IC card terminal 200.
- the encryption key transmitted from the IC card 300 to the IC card terminal 200 is a public key, no problem occurs even if it is transmitted by a simple command.
- biometric feature data for verification encrypted with the public key in the data encryption unit 204 is transferred and transmitted from the transmission / reception interface 205 to the IC card 300 (step S 1). 4 1).
- the IC card 300 When the IC card 300 receives the encrypted data via the transmission / reception interface 301, the encrypted data is decrypted by the data decryption Z decryption unit 305 using the registered secret key, and the biometric data for verification is received. After obtaining the feature data (step S151), the biometric feature data for comparison and the registered biometric feature data are compared * collated by the biometric feature data matching unit 303 (step S16).
- the matching rate (matching degree) between the matching biometric feature data and the registered biometric feature data is not equal to or greater than a predetermined value (NO route in step S17)
- the person to be authenticated is the IC card 30. It is determined that it is not the owner of 0 (step S22), and predetermined measures (such as card lock) are performed.
- the person to be authenticated has the IC card 30 It is determined that it is the owner of the IC card 0 (step S24), and thereafter, data transmission and reception are performed between the IC card 300 and the IC card terminal 200 according to a predetermined protocol.
- the biometric characteristic data for verification is encrypted by the public key method, and then is transmitted from the IC card 200 All data transmitted to the IC card 300 and input to the IC card 300 for personal authentication is decrypted in the IC card 300. Therefore, it is not possible to input falsified biometric feature data for verification, and it becomes difficult for others to impersonate and higher security performance is secured.
- the biometric data for verification is stored in the public key system. Because it is encrypted, it is difficult to reuse and reuse it on other systems. Therefore, high security performance is secured and personal authentication is performed safely.
- the IC card public key registration unit 312 Since the public key is read and transmitted to the outside, even if the IC card terminal 200 does not hold the public key for the IC card 300, it uses the public key inside the IC card 300. Encryption can be performed.
- the portable electronic device is an IC card and the data processing device is an IC card terminal has been described.
- the present invention is applied to an ATM (Automatic Tele Machine), It can be applied to the fields of credit card terminals and PC access in the same manner as described above.
- FIG. 11 is a block diagram showing a configuration of a personal authentication system as a first modification of the second embodiment of the present invention.
- the same reference numerals as those described above indicate the same or almost the same portions, and thus detailed description thereof will be omitted.
- the personal authentication system 500 OA as a first modification of the second embodiment is the same as the personal authentication system 500 in the personal authentication system 500 shown in FIG. And the following functions are added to IC card 300.
- the IC card terminal 200 is provided with a time stamp generation unit 203 that generates, as a time stamp, the date and time when the biometric characteristic data for comparison is extracted by the biometric characteristic data extraction unit 202.
- the data encryption unit 204 combines the biometric feature data for collation extracted by the biometric feature data extraction unit 202 with the timestamp (extraction date and time) from the timestamp generation unit 203 and IC Encrypted with the public key for the card 300
- the transmission / reception interface 205 transmits the encrypted biometric characteristic data for verification with the time stamp attached to the IC card 300.
- the IC card 300 is provided with a clock function section 304 and a time stamp collation section 307. These clock functions 304 and time stamp reference The function as the joint part 307 is actually realized by the CPU built in the IC card 300.
- the clock function unit 304 calculates the current time
- the time stamp collation unit 307 uses the time stamp obtained by decryption by the data encryption / decryption unit 304.
- the current time calculated by the clock function unit 304 is compared and collated, and it is determined whether or not the time difference is within a predetermined range (for example, a predetermined value or less).
- a predetermined range for example, a predetermined value or less.
- step S 21 the output of the authentication result (user number and certificate number) (step S 21) performed in the first embodiment is described in FIG.
- the operations of the first embodiment and the operations of the first modification of the second embodiment are almost the same, except that they are not performed in the first modification of the second embodiment.
- the owner (authentication target) of the IC card 300 inserts the IC card 300 into the slot of the IC card terminal 200, and then as biometric information. For example, if you need fingerprint image data, place your finger on the fingerprint input surface.
- the biometric information measuring unit 201 measures biometric information (fingerprint image data) of the person to be authenticated (step S11), and extracts biometric data from the biometric information.
- biometric feature data for collation is extracted by the unit 202, and the extraction date (time stamp) of the biometric feature data for collation is generated by the time stamp generation unit 203, and the biometric feature data for collation is generated. Attached (step S12).
- the biometric characteristic data for verification is encrypted with the public key for the IC card 300 by the decryption unit 204 together with the attached time stamp (step S13).
- the data is transferred and transmitted from the transmission / reception interface 205 to the IC card 300 (step S14).
- the encrypted data is transmitted and received by the transmission / reception interface 301. After receiving the evening, the encrypted data is decrypted by the data encryption Z decryption unit 305 using the registered secret key, and the biometric characteristic data for verification and the time stamp are obtained (step S15). Then, the biometric feature data for verification and the registered biometric feature data are compared and collated by the biometric feature data collation unit 303 (step S16).
- the matching rate (matching degree) between the matching biometric feature data and the registered biometric feature data is not equal to or greater than a predetermined value (NO route in step S17)
- the person to be authenticated is the IC card 30. It is determined that it is not the owner of 0 (step S22), and predetermined measures (such as card lock) are performed.
- step S17 if the matching rate (matching degree) between the matching biometric feature data and the registered biometric feature data is equal to or greater than a predetermined value (YES route in step S17), then the time stamp matching unit 310 As a result, the time stamp obtained by decryption by the data encryption Z decryption unit 304 and the current time calculated by the clock function unit 304 are compared and collated (step S18).
- step S19 If the time difference between the time stamp (extraction date and time) and the current time is not less than a predetermined value (NO route in step S19), the person to be authenticated is not the owner of the IC card 300 Is determined (step S23), and a predetermined countermeasure (such as card lock) is performed.
- a predetermined countermeasure such as card lock
- Step S19 if the time difference between the time stamp (extraction date and time) and the current time is equal to or less than a predetermined value (YES route in step S19), the person to be authenticated is the owner of the IC card 300. (Step S20), and thereafter, data is transmitted and received between the IC card 300 and the IC card terminal 200 according to a predetermined protocol.
- the same operation and effect as those of the above-described second embodiment can be obtained, and in addition, an IC card terminal
- the biometric characteristic data for verification transmitted from 200 to the IC card 300 is trapped, and then a replay attack on the IC card 300 is performed using the trapped biometric characteristic data for verification.
- the time difference between the time stamp (extraction date and time) and the current time increases, and access using trapped biometric data for collation can be denied, resulting in higher security performance.
- the extraction date and time of the biometric characteristic data for verification and the current time are compared.
- the time difference inevitably increases.
- the personal authentication system 50 OA of the first modified example of the second embodiment utilizes this fact to compare the extraction date and time (time stamp) of the biometric characteristic data for verification with the current time, thereby achieving time If the time difference between the stamp (extraction date and time) and the current time is large, access using the biometric characteristic data for verification is rejected, making it difficult to perform a replay attack using stolen biometric characteristics for verification. Thus, higher security performance is ensured.
- FIG. 13 is a block diagram showing a configuration of a personal authentication system as a second modification of the second embodiment of the present invention.
- the same reference numerals as those described above indicate the same or almost the same portions, and thus detailed description thereof will be omitted.
- the personal authentication system 500 B as a second modification of the second embodiment is different from the personal identification system 500 OA shown in FIG.
- the following functions have been added.
- the personal authentication system 500B is executed after the person to be authenticated is determined to be the owner of the IC card 300 in the personal authentication system 500 or OA (step S2). 0), IC card 300 to IC card Yuichi Minaru 2
- the IC card 300 includes an owner information registration unit 309 and a verification log recording unit 310.
- the owner information registration unit 309 and the verification log recording unit 310 actually
- owner information registration unit 309 owner information such as an account number, an account number, and a user number is registered and stored in advance.
- the verification log recording unit 310 stores the biometric characteristic data.
- the collation result by the joining unit 302 and the time stamp collating unit 307 is stored as a collation log for a predetermined period together with the collation date and time obtained by the clock function unit 304.
- the data encryption / decryption unit 305 described above registers a secret key with a time stamp (verification date and time) along with a time stamp (verification date and time) to be transmitted to the IC card terminal 200. It performs the function of encrypting with the registered private key of part 303.
- step S200 After that, 1 the owner information such as the user number in the owner information registration unit 309, and 2 the biometric feature for verification obtained by the biometric feature data overnight verification unit 303.
- the coincidence rate with the feature data and (3) the collation date and time obtained by the clock function section 304 are merged as authentication data (collation result) (step S51).
- the authentication data is encrypted in the data encryption / decryption unit 305 with the registered secret key of the secret key registration unit 303 (step S52), and then the transmission / reception interface 301 sends the IC to the IC.
- the verification result is transmitted to the card terminal 200 (step S53).
- the matching result (OKZNG, etc.) by the biometric feature data matching unit 310 and the time stamp matching unit 307 is obtained by the clock function unit 304.
- the verification log is stored in the verification log recording unit 310 for a predetermined period.
- the authentication data merged in step S51 may be stored in the verification log recording unit 310 as the verification log.
- the same operation and effect as those of the above-described first modification of the second embodiment can be obtained.
- a simple OKZNG signal as a verification result after confirming with the person
- data obtained by encrypting the owner information, the matching rate at the time of verification, and the verification date and time with the registered private key stored in the IC card 300 is used as the verification result as a transmission / reception interface. Is sent to the IC card terminal 200 via.
- the verification result (OKZN) of the biometric feature data verification unit 310 and the time stamp verification unit 307 is stored in the verification log recording unit 310 of the IC card 300. G etc.)
- the merge result in step S51 is stored as a collation log for a predetermined period, a record of the owner's collation action can be retained in the IC card 300. .
- FIG. 15 is a block diagram showing a configuration of a personal authentication system as a third modification of the second embodiment of the present invention.
- the same reference numerals as those described above indicate the same or almost the same portions, and thus detailed description thereof will be omitted.
- the personal authentication system 500 C as a third modification of the second embodiment is different from the personal authentication system 500 B shown in FIG.
- the following functions have been added to IC Force 300.
- the IC card terminal 200 is provided with an electronic slip creation unit 2007 and a message digest generation unit 208.
- the electronic voucher creation unit 2007 creates an electronic voucher (transfer data) attached to the biometric characteristic data for verification when transmitting the biometric characteristic data for verification to the IC card 300.
- the message digest generator 208 generates a value (message digest) obtained by inputting the electronic slip (transfer data) generated by the electronic slip generator 206 into a predetermined one-way function. Things.
- the message digest generated by the message digest generation unit 208 is encrypted by the data encryption unit 204 together with the biometric characteristic data for verification, and transmitted from the transmission / reception interface 205 to the IC card 300. Sent. Further, the IC card 300 has a function as a message digest receiving unit 316. The message digest receiving unit 316 receives the message digest obtained by decryption by the data encryption / decryption unit 2005.
- step S200 the owner information such as the user number in the owner information registration unit 309 and 2 the matching of the biometric characteristic data for verification obtained by the biometric characteristic data collating unit 306 with the registered biometric characteristic data (3) Merge the rate, (3) the matching date and time obtained by the clock function section 304, and (4) the message digest received by the message digest receiving section 316 as authentication data (matching result). .
- the authentication data is encrypted by the data encryption Z decryption unit 305 using the registered private key of the private key registration unit 303 (step S62), and then the transmission / reception interface 310 Transmits to the IC card terminal 200 as a collation result (step S63).
- step S61 a new message digest generated in IC card 300 and its message The date and time at which the process was permitted may be added to the gest and merged.
- the same operation and effect as those of the above-described second modification of the second embodiment can be obtained.
- the same operation and effect as those of the above-described second modification of the second embodiment can be obtained.
- by transmitting a message digest to the IC card terminal 200 as a collation result it is possible to manage a record of which process has been authenticated.
- step S61 a new message digest generated in the IC card 300 and the date and time when the process was permitted are added to the message digest generated in the IC card 300. Merging may be performed. In this case, the possibility of tampering and forgery of the collation result can be reduced more reliably.
- the second embodiment also includes the same number-of-times-of-verification counting section 3 13 and IC card lock section 3 14 as the third modified example of the first embodiment, and the biometric data matching section of the IC card 300. If the matching biometric feature data does not satisfy the predetermined matching condition with the registered biometric feature data as a result of the matching by the third and the sixth times, the IC card 300 The input of the biometric characteristic data to 0 may be configured to be locked. As a result, unauthorized access can be more reliably denied.
- the portable electronic device is an IC card
- the present invention is not limited to this, and the portable electronic device has a built-in storage unit and CPU, and Any portable electronic device (for example, another card-type device such as an optical card or a wireless card) having a biometric characteristic data collation / authentication function may be used. The effect can be obtained.
- collation based on biometric characteristic data is performed in the portable electronic device, and when it is determined that the person to be authenticated is the owner of the portable electronic device, the personal identification number is transmitted from the portable electronic device. Sent to the management device. This makes it possible to link PIN input with personal authentication using biometric information that cannot be stolen or imitated. It can securely prevent personal identification number leakage and theft, ensure high security performance, and securely perform personal authentication.
- the present invention is suitable for use in a system such as a debit card that requires a process of inputting a personal identification number for personal authentication, and its usefulness is considered to be extremely high.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Human Computer Interaction (AREA)
- Finance (AREA)
- Storage Device Security (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP1999/006961 WO2001042938A1 (fr) | 1999-12-10 | 1999-12-10 | Systeme d'authentification personnelle et dispositif electronique portatif a fonction d'authentification personnelle utilisant des informations physiques |
EP99959766A EP1237091A4 (en) | 1999-12-10 | 1999-12-10 | IDENTITY TESTING SYSTEM AND PORTABLE ELECTRONIC DEVICE, CONTAINING THE PERSONAL IDENTIFICATION FUNCTION USING PHYSICAL INFORMATION |
EP08154782A EP1959369A1 (en) | 1999-12-10 | 1999-12-10 | User verification system, and portable electronic device with user verification function utilising biometric information |
US10/163,531 US6957339B2 (en) | 1999-12-10 | 2002-06-07 | User verification system, and portable electronic device with user verification function utilizing biometric information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP1999/006961 WO2001042938A1 (fr) | 1999-12-10 | 1999-12-10 | Systeme d'authentification personnelle et dispositif electronique portatif a fonction d'authentification personnelle utilisant des informations physiques |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/163,531 Continuation US6957339B2 (en) | 1999-12-10 | 2002-06-07 | User verification system, and portable electronic device with user verification function utilizing biometric information |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001042938A1 true WO2001042938A1 (fr) | 2001-06-14 |
Family
ID=14237536
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP1999/006961 WO2001042938A1 (fr) | 1999-12-10 | 1999-12-10 | Systeme d'authentification personnelle et dispositif electronique portatif a fonction d'authentification personnelle utilisant des informations physiques |
Country Status (3)
Country | Link |
---|---|
US (1) | US6957339B2 (ja) |
EP (2) | EP1237091A4 (ja) |
WO (1) | WO2001042938A1 (ja) |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001236324A (ja) * | 2000-02-24 | 2001-08-31 | Fujitsu Ltd | バイオメトリクス情報による個人認証機能を有する携帯電子装置 |
EP1271436A2 (en) * | 2001-06-25 | 2003-01-02 | NTT DoCoMo, Inc. | A mobile terminal authentication method and a mobile terminal therefor |
WO2006022019A1 (ja) * | 2004-08-27 | 2006-03-02 | Koji Kouda | 入出金システム |
JP2007503047A (ja) * | 2003-08-18 | 2007-02-15 | ブルームバーグ エル.ピー. | ポータブルアクセス装置 |
JP2007122529A (ja) * | 2005-10-31 | 2007-05-17 | Hitachi Omron Terminal Solutions Corp | 現金自動預払システム及び装置 |
JP2007323564A (ja) * | 2006-06-05 | 2007-12-13 | Hitachi Ltd | 生体認証装置と生体認証システム及びicカード並びに生体認証方法 |
JP2008065604A (ja) * | 2006-09-07 | 2008-03-21 | Toppan Printing Co Ltd | 携帯型生体情報記憶装置、生体情報記憶方法、プログラム及び記憶媒体並びに生体認証システム及び方法 |
JP2008513860A (ja) * | 2004-09-14 | 2008-05-01 | ギーゼッケ ウント デフリエント ゲーエムベーハー | アクセス有効化用の携帯装置 |
JP2008250923A (ja) * | 2007-03-30 | 2008-10-16 | Ntt Docomo Inc | 認証処理システム、移動通信端末、及び認証処理方法 |
US7529389B2 (en) | 2005-01-12 | 2009-05-05 | National University Corporation Gunma University | Device for verifying individual, and method for verifying individual |
US7724923B2 (en) * | 2001-07-09 | 2010-05-25 | Laurence Hamid | Removable swipe-imaging device and method for identifying same |
WO2010103663A1 (ja) | 2009-03-13 | 2010-09-16 | 富士通株式会社 | 個人認証システムおよび個人認証方法 |
JP2011096270A (ja) * | 2010-12-10 | 2011-05-12 | Hitachi Omron Terminal Solutions Corp | 現金自動預払システム及び装置 |
US8406478B2 (en) | 2002-08-08 | 2013-03-26 | Agency for Science, Technology and Research Nanyang Technological University | Distributed processing in authentication |
JP2016167201A (ja) * | 2015-03-10 | 2016-09-15 | 株式会社東芝 | 携帯可能電子装置、及びシステム |
Families Citing this family (137)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7239226B2 (en) | 2001-07-10 | 2007-07-03 | American Express Travel Related Services Company, Inc. | System and method for payment using radio frequency identification in contact and contactless transactions |
US7889052B2 (en) | 2001-07-10 | 2011-02-15 | Xatra Fund Mx, Llc | Authorizing payment subsequent to RF transactions |
US7172112B2 (en) | 2000-01-21 | 2007-02-06 | American Express Travel Related Services Company, Inc. | Public/private dual card system and method |
US7627531B2 (en) | 2000-03-07 | 2009-12-01 | American Express Travel Related Services Company, Inc. | System for facilitating a transaction |
FR2806187B1 (fr) * | 2000-03-10 | 2004-03-05 | Gemplus Card Int | Procede d'identification biometrique, dispositif electronique portatif et dispositif electronique d'acquisition de donnees biometriques pour sa mise en oeuvre |
US20020049714A1 (en) | 2000-05-11 | 2002-04-25 | Shunpei Yamazaki | Communication system |
AU2001282935A1 (en) | 2000-08-01 | 2002-02-13 | First Usa Bank, N.A. | System and method for transponder-enabled account transactions |
US7134016B1 (en) * | 2000-11-14 | 2006-11-07 | Harris Scott C | Software system with a biometric dongle function |
US7725427B2 (en) | 2001-05-25 | 2010-05-25 | Fred Bishop | Recurrent billing maintenance with radio frequency payment devices |
CN100347667C (zh) * | 2001-06-27 | 2007-11-07 | 索尼公司 | 集成电路器件、信息处理设备、信息存储器件的存储管理方法、移动终端设备、半导体集成电路器件、以及使用移动终端设备的通信方法 |
FR2826811B1 (fr) * | 2001-06-27 | 2003-11-07 | France Telecom | Procede d'authentification cryptographique |
US20040175023A1 (en) * | 2001-07-05 | 2004-09-09 | Ola Svedin | Method and apparatus for checking a person's identity, where a system of coordinates, constant to the fingerprint, is the reference |
US7746215B1 (en) | 2001-07-10 | 2010-06-29 | Fred Bishop | RF transactions using a wireless reader grid |
US8001054B1 (en) | 2001-07-10 | 2011-08-16 | American Express Travel Related Services Company, Inc. | System and method for generating an unpredictable number using a seeded algorithm |
US20040236699A1 (en) | 2001-07-10 | 2004-11-25 | American Express Travel Related Services Company, Inc. | Method and system for hand geometry recognition biometrics on a fob |
US7303120B2 (en) | 2001-07-10 | 2007-12-04 | American Express Travel Related Services Company, Inc. | System for biometric security using a FOB |
US8548927B2 (en) * | 2001-07-10 | 2013-10-01 | Xatra Fund Mx, Llc | Biometric registration for facilitating an RF transaction |
US9031880B2 (en) * | 2001-07-10 | 2015-05-12 | Iii Holdings 1, Llc | Systems and methods for non-traditional payment using biometric data |
US9454752B2 (en) * | 2001-07-10 | 2016-09-27 | Chartoleaux Kg Limited Liability Company | Reload protocol at a transaction processing entity |
US7735725B1 (en) * | 2001-07-10 | 2010-06-15 | Fred Bishop | Processing an RF transaction using a routing number |
US8284025B2 (en) | 2001-07-10 | 2012-10-09 | Xatra Fund Mx, Llc | Method and system for auditory recognition biometrics on a FOB |
US7705732B2 (en) * | 2001-07-10 | 2010-04-27 | Fred Bishop | Authenticating an RF transaction using a transaction counter |
US7119659B2 (en) | 2001-07-10 | 2006-10-10 | American Express Travel Related Services Company, Inc. | Systems and methods for providing a RF transaction device for use in a private label transaction |
US7668750B2 (en) * | 2001-07-10 | 2010-02-23 | David S Bonalle | Securing RF transactions using a transactions counter |
US8294552B2 (en) * | 2001-07-10 | 2012-10-23 | Xatra Fund Mx, Llc | Facial scan biometrics on a payment device |
US7249112B2 (en) | 2002-07-09 | 2007-07-24 | American Express Travel Related Services Company, Inc. | System and method for assigning a funding source for a radio frequency identification device |
US9024719B1 (en) | 2001-07-10 | 2015-05-05 | Xatra Fund Mx, Llc | RF transaction system and method for storing user personal data |
US7543738B1 (en) * | 2001-07-10 | 2009-06-09 | American Express Travel Related Services Company, Inc. | System and method for secure transactions manageable by a transaction account provider |
US7360689B2 (en) * | 2001-07-10 | 2008-04-22 | American Express Travel Related Services Company, Inc. | Method and system for proffering multiple biometrics for use with a FOB |
US7493288B2 (en) | 2001-07-10 | 2009-02-17 | Xatra Fund Mx, Llc | RF payment via a mobile device |
US20030179075A1 (en) * | 2002-01-24 | 2003-09-25 | Greenman Herbert A. | Property access system |
JP2003346149A (ja) * | 2002-05-24 | 2003-12-05 | Omron Corp | 顔照合装置および生体情報照合装置 |
JP4563662B2 (ja) * | 2002-07-17 | 2010-10-13 | パナソニック株式会社 | 記録媒体不正使用防止システム |
US7590861B2 (en) | 2002-08-06 | 2009-09-15 | Privaris, Inc. | Methods for secure enrollment and backup of personal identity credentials into electronic devices |
US6805287B2 (en) | 2002-09-12 | 2004-10-19 | American Express Travel Related Services Company, Inc. | System and method for converting a stored value card to a credit card |
DE10249801B3 (de) * | 2002-10-24 | 2004-05-06 | Giesecke & Devrient Gmbh | Verfahren zum Ausführen einer gesicherten elektronischen Transaktion unter Verwendung eines tragbaren Datenträgers |
US8171298B2 (en) * | 2002-10-30 | 2012-05-01 | International Business Machines Corporation | Methods and apparatus for dynamic user authentication using customizable context-dependent interaction across multiple verification objects |
JP4349789B2 (ja) * | 2002-11-06 | 2009-10-21 | 富士通株式会社 | 安全性判断装置及び安全性判断方法 |
FR2849248B1 (fr) * | 2002-12-20 | 2005-06-24 | Oberthur Card Syst Sa | Entite electronique securisee permettant une certification du temps |
US7571472B2 (en) * | 2002-12-30 | 2009-08-04 | American Express Travel Related Services Company, Inc. | Methods and apparatus for credential validation |
US7712675B2 (en) * | 2003-01-15 | 2010-05-11 | Hewlett-Packard Development Company, L.P. | Physical items for holding data securely, and methods and apparatus for publishing and reading them |
JP4352710B2 (ja) * | 2003-01-29 | 2009-10-28 | セイコーエプソン株式会社 | 情報視聴システム |
JP4470373B2 (ja) * | 2003-02-14 | 2010-06-02 | ソニー株式会社 | 認証処理装置及びセキュリティ処理方法 |
GB0309182D0 (en) * | 2003-04-23 | 2003-05-28 | Hewlett Packard Development Co | Security method and apparatus using biometric data |
US8185747B2 (en) * | 2003-05-22 | 2012-05-22 | Access Security Protection, Llc | Methods of registration for programs using verification processes with biometrics for fraud management and enhanced security protection |
US20040249765A1 (en) * | 2003-06-06 | 2004-12-09 | Neopost Inc. | Use of a kiosk to provide verifiable identification using cryptographic identifiers |
DE20309254U1 (de) | 2003-06-16 | 2003-11-06 | Scm Microsystems Gmbh | Zugangssystem |
US9412123B2 (en) | 2003-07-01 | 2016-08-09 | The 41St Parameter, Inc. | Keystroke analysis |
KR101025298B1 (ko) * | 2003-08-18 | 2011-03-29 | 블룸버그 파이낸스 엘.피. | 휴대용 액세스 장치 |
WO2005038729A1 (en) * | 2003-10-16 | 2005-04-28 | Scm Microsystems, Inc. | Access control system |
US20050138421A1 (en) * | 2003-12-23 | 2005-06-23 | Fedronic Dominique L.J. | Server mediated security token access |
JP4556103B2 (ja) * | 2004-02-24 | 2010-10-06 | ソニー株式会社 | 暗号化装置及び暗号化方法 |
FR2867002B1 (fr) * | 2004-02-27 | 2006-05-26 | Gemplus Card Int | Procede, support d'authentification, et dispositif perfectionnes pour la securisation d'un acces a un equipement |
US10999298B2 (en) | 2004-03-02 | 2021-05-04 | The 41St Parameter, Inc. | Method and system for identifying users and detecting fraud by use of the internet |
US20060010072A1 (en) * | 2004-03-02 | 2006-01-12 | Ori Eisen | Method and system for identifying users and detecting fraud by use of the Internet |
US7853533B2 (en) * | 2004-03-02 | 2010-12-14 | The 41St Parameter, Inc. | Method and system for identifying users and detecting fraud by use of the internet |
US7420456B2 (en) | 2004-03-19 | 2008-09-02 | Sentri Lock, Inc. | Electronic lock box with multiple modes and security states |
US7861006B2 (en) | 2004-03-23 | 2010-12-28 | Mcnulty Scott | Apparatus, method and system for a tunneling client access point |
US8842887B2 (en) * | 2004-06-14 | 2014-09-23 | Rodney Beatson | Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device |
US9286457B2 (en) | 2004-06-14 | 2016-03-15 | Rodney Beatson | Method and system for providing password-free, hardware-rooted, ASIC-based authentication of a human to a mobile device using biometrics with a protected, local template to release trusted credentials to relying parties |
JP4657668B2 (ja) | 2004-10-08 | 2011-03-23 | 富士通株式会社 | 生体認証方法及び生体認証装置 |
DE602005015057D1 (de) * | 2004-06-28 | 2009-08-06 | Fujitsu Ltd | Biometrische Authentisierung mit Übertragung von verschlüsselten Daten |
JP4515850B2 (ja) * | 2004-07-30 | 2010-08-04 | 富士通株式会社 | 生体認証装置の誘導画面制御方法、生体認証装置及びそのプログラム |
US7314164B2 (en) * | 2004-07-01 | 2008-01-01 | American Express Travel Related Services Company, Inc. | System for biometric security using a smartcard |
US7314165B2 (en) * | 2004-07-01 | 2008-01-01 | American Express Travel Related Services Company, Inc. | Method and system for smellprint recognition biometrics on a smartcard |
US7318550B2 (en) * | 2004-07-01 | 2008-01-15 | American Express Travel Related Services Company, Inc. | Biometric safeguard method for use with a smartcard |
US7724926B2 (en) * | 2004-09-15 | 2010-05-25 | Iannone Mary A | Foster care monitoring and verification device, method and system |
JP4616611B2 (ja) | 2004-10-08 | 2011-01-19 | 富士通株式会社 | 生体認証装置 |
JP4664644B2 (ja) | 2004-10-08 | 2011-04-06 | 富士通株式会社 | 生体認証装置及び端末 |
US20060110011A1 (en) * | 2004-11-19 | 2006-05-25 | Cohen Mark S | Method and apparatus for producing a biometric identification reference template |
US8049594B1 (en) | 2004-11-30 | 2011-11-01 | Xatra Fund Mx, Llc | Enhanced RFID instrument security |
US7522750B2 (en) * | 2005-01-18 | 2009-04-21 | International Biometrics Recognition Technologies Co., Ltd. | Biometrics verification system and a method thereof |
JP4449762B2 (ja) * | 2005-01-24 | 2010-04-14 | コニカミノルタビジネステクノロジーズ株式会社 | 人物照合装置、人物照合システム及び人物照合方法 |
US20060177113A1 (en) * | 2005-02-07 | 2006-08-10 | Liska Biometry Inc. | Method and apparatus for determining a stable repeatable code from biometric information |
US8820637B1 (en) * | 2005-02-26 | 2014-09-02 | James A. Roskind | Time-varying security code for enabling authorizations and other uses of financial accounts |
WO2006103561A1 (en) * | 2005-03-30 | 2006-10-05 | Actividentity Inc. | Method, system, personal security device and computer program product for cryptographically secured biometric authentication |
JP2007018050A (ja) * | 2005-07-05 | 2007-01-25 | Sony Ericsson Mobilecommunications Japan Inc | 携帯端末装置、暗証番号認証プログラム、及び暗証番号認証方法 |
JP4894254B2 (ja) * | 2005-07-14 | 2012-03-14 | ソニー株式会社 | 認証システム、認証装置、認証方法及び認証プログラム |
US7494067B1 (en) * | 2005-09-07 | 2009-02-24 | Sprint Communications Company L.P. | Alternate authorization for proximity card |
US20070081696A1 (en) * | 2005-09-22 | 2007-04-12 | Technology Licensing Corporation | Biometric control for kitchen appliance |
JP4341607B2 (ja) * | 2005-10-26 | 2009-10-07 | 株式会社日立製作所 | 記憶媒体発行方法 |
US7734068B2 (en) * | 2005-10-26 | 2010-06-08 | Sentrilock, Inc. | Electronic lock box using a biometric identification device |
TW200745957A (en) * | 2005-11-02 | 2007-12-16 | Toshiba Kk | Portable electronic apparatus, IC card, data processing apparatus and data processing system |
US8938671B2 (en) | 2005-12-16 | 2015-01-20 | The 41St Parameter, Inc. | Methods and apparatus for securely displaying digital images |
US11301585B2 (en) | 2005-12-16 | 2022-04-12 | The 41St Parameter, Inc. | Methods and apparatus for securely displaying digital images |
US8234494B1 (en) | 2005-12-21 | 2012-07-31 | At&T Intellectual Property Ii, L.P. | Speaker-verification digital signatures |
WO2007072238A1 (en) * | 2005-12-23 | 2007-06-28 | International Business Machines Corporation | Method and system for biometric authentication |
JP2007206991A (ja) * | 2006-02-02 | 2007-08-16 | Hitachi Ltd | 生体情報処理装置及び生体情報処理プログラム |
US20070233614A1 (en) * | 2006-03-30 | 2007-10-04 | Early Warning Services, Llc | Management of biometric information |
US8151327B2 (en) | 2006-03-31 | 2012-04-03 | The 41St Parameter, Inc. | Systems and methods for detection of session tampering and fraud prevention |
JP2007299031A (ja) * | 2006-04-27 | 2007-11-15 | Toshiba Corp | 情報記憶装置および制御方法 |
FR2905187B1 (fr) * | 2006-08-22 | 2012-11-16 | Ingenico Sa | Terminal de paiement electronique biometrique et procede de transaction |
US20080155151A1 (en) * | 2006-12-22 | 2008-06-26 | International Business Machines Corporation | Programmable Locking Mechanism For Secure Applications In An Integrated Circuit |
ITAQ20070002A1 (it) * | 2007-02-07 | 2007-05-07 | Fabio Antonini | Terminale dispensatore di banconote (atm), di pagamento elettronico e di effettuazione di operazioni con uso della carta bancomat, di credito o di debito, con autenticazione mediante impronta digitale e/o codice pin e con possibilita' di comunicazion |
US20120239458A9 (en) * | 2007-05-18 | 2012-09-20 | Global Rainmakers, Inc. | Measuring Effectiveness of Advertisements and Linking Certain Consumer Activities Including Purchases to Other Activities of the Consumer |
US9237018B2 (en) | 2007-07-05 | 2016-01-12 | Honeywell International Inc. | Multisystem biometric token |
US20100268961A1 (en) * | 2007-07-17 | 2010-10-21 | Valid8 Technologies Pty Ltd. | Method and Arrangement for User Validation |
US20090031139A1 (en) * | 2007-07-27 | 2009-01-29 | Mohammed Alawi Geoffrey | System and Method for Electronic Certification and Authentification |
US9060012B2 (en) * | 2007-09-26 | 2015-06-16 | The 41St Parameter, Inc. | Methods and apparatus for detecting fraud with time based computer tags |
US20090150437A1 (en) * | 2007-12-07 | 2009-06-11 | Gustavo De Los Reyes | System and method for tracking an individual using typeprinting |
US8132019B2 (en) * | 2008-06-17 | 2012-03-06 | Lenovo (Singapore) Pte. Ltd. | Arrangements for interfacing with a user access manager |
US9390384B2 (en) * | 2008-07-01 | 2016-07-12 | The 41 St Parameter, Inc. | Systems and methods of sharing information through a tagless device consortium |
US20100078472A1 (en) | 2008-09-30 | 2010-04-01 | Apple Inc. | Group peer-to-peer financial transactions |
US10380573B2 (en) * | 2008-09-30 | 2019-08-13 | Apple Inc. | Peer-to-peer financial transaction devices and methods |
US9112850B1 (en) | 2009-03-25 | 2015-08-18 | The 41St Parameter, Inc. | Systems and methods of sharing information through a tag-based consortium |
EP2443511A4 (en) * | 2009-06-16 | 2012-10-24 | Intel Corp | CAMERA APPLICATIONS IN A HAND-HELD DEVICE |
US9122851B2 (en) | 2010-08-02 | 2015-09-01 | 3 Fish Limited | Identity assessment method and system |
WO2012054646A2 (en) | 2010-10-19 | 2012-04-26 | The 41St Parameter, Inc. | Variable risk engine |
US8508338B1 (en) | 2010-11-07 | 2013-08-13 | Howard Owen Fiddy | Method and system for defeat of replay attacks against biometric authentication systems |
CN103415863B (zh) * | 2011-02-07 | 2020-06-16 | 世根卡控股(香港)有限公司 | 具有识别装置的智能卡 |
US8738925B1 (en) | 2013-01-07 | 2014-05-27 | Fitbit, Inc. | Wireless portable biometric device syncing |
US8516563B2 (en) | 2011-06-29 | 2013-08-20 | Infosys Technologies, Ltd. | Methods for authenticating a user without personal information and devices thereof |
US10754913B2 (en) | 2011-11-15 | 2020-08-25 | Tapad, Inc. | System and method for analyzing user device information |
US8799675B2 (en) | 2012-01-05 | 2014-08-05 | House Of Development Llc | System and method for electronic certification and authentication of data |
US9600443B2 (en) | 2012-01-30 | 2017-03-21 | International Business Machines Corporation | Tracking entities by means of hash values |
US9633201B1 (en) | 2012-03-01 | 2017-04-25 | The 41St Parameter, Inc. | Methods and systems for fraud containment |
US9521551B2 (en) | 2012-03-22 | 2016-12-13 | The 41St Parameter, Inc. | Methods and systems for persistent cross-application mobile device identification |
EP2880619A1 (en) | 2012-08-02 | 2015-06-10 | The 41st Parameter, Inc. | Systems and methods for accessing records via derivative locators |
WO2014078569A1 (en) | 2012-11-14 | 2014-05-22 | The 41St Parameter, Inc. | Systems and methods of global identification |
EP2920731B1 (en) * | 2012-11-16 | 2017-10-25 | Koninklijke Philips N.V. | Biometric system with body coupled communication interface |
WO2014093390A1 (en) * | 2012-12-10 | 2014-06-19 | Visa International Service Association | Authenticating remote transactions using a mobile device |
US20140278629A1 (en) * | 2013-03-12 | 2014-09-18 | PayrollHero.com Pte. Ltd. | Method for employee parameter tracking |
US10902327B1 (en) | 2013-08-30 | 2021-01-26 | The 41St Parameter, Inc. | System and method for device identification and uniqueness |
KR102190436B1 (ko) * | 2014-07-29 | 2020-12-11 | 삼성전자주식회사 | 데이터를 송수신하는 전자 장치 및 방법 |
US10091312B1 (en) | 2014-10-14 | 2018-10-02 | The 41St Parameter, Inc. | Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups |
US10868672B1 (en) | 2015-06-05 | 2020-12-15 | Apple Inc. | Establishing and verifying identity using biometrics while protecting user privacy |
US11140171B1 (en) | 2015-06-05 | 2021-10-05 | Apple Inc. | Establishing and verifying identity using action sequences while protecting user privacy |
WO2017037913A1 (ja) * | 2015-09-03 | 2017-03-09 | ブレイニー株式会社 | 多機能カード、カード決済端末、及びカード決済システム |
JP6507115B2 (ja) * | 2016-03-22 | 2019-04-24 | 株式会社日立製作所 | 1:n生体認証・暗号・署名システム |
US10621581B2 (en) | 2016-06-11 | 2020-04-14 | Apple Inc. | User interface for transactions |
DE102016123787A1 (de) * | 2016-12-08 | 2018-06-14 | Bundesdruckerei Gmbh | Chipimplantat mit Zweifaktorauthentifizierung |
GB2560031B (en) * | 2017-02-28 | 2020-05-27 | PQ Solutions Ltd | Binding data to a person's identity |
US11221744B2 (en) | 2017-05-16 | 2022-01-11 | Apple Inc. | User interfaces for peer-to-peer transfers |
CN110999228A (zh) | 2017-05-16 | 2020-04-10 | 苹果公司 | 用于对等传输的用户界面 |
CN107609362B (zh) * | 2017-10-19 | 2020-02-11 | 飞天诚信科技股份有限公司 | 一种智能卡登录Windows系统的方法及私有凭据提供装置 |
US11164206B2 (en) * | 2018-11-16 | 2021-11-02 | Comenity Llc | Automatically aggregating, evaluating, and providing a contextually relevant offer |
CN114757315B (zh) * | 2022-06-15 | 2022-08-26 | 深圳市成为信息股份有限公司 | 读写器快速输出标签数据的方法、读写器、接收终端 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0240781A (ja) * | 1988-07-29 | 1990-02-09 | Matsushita Refrig Co Ltd | 個人識別システム |
JPH06176220A (ja) * | 1992-12-09 | 1994-06-24 | Omron Corp | 携帯型記憶媒体 |
JPH07306924A (ja) * | 1994-05-13 | 1995-11-21 | Tokin Corp | Icカード |
JPH09297825A (ja) * | 1996-05-01 | 1997-11-18 | Toppan Printing Co Ltd | Icカードリーダ・ライタ |
EP0864996A2 (en) * | 1997-03-13 | 1998-09-16 | Hitachi, Ltd. | Portable electronic device and method for personal identification |
JPH11143833A (ja) * | 1997-11-14 | 1999-05-28 | Toshiba Corp | 生体データによるユーザ確認システム及びicカード並びに記録媒体 |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5280527A (en) * | 1992-04-14 | 1994-01-18 | Kamahira Safe Co., Inc. | Biometric token for authorizing access to a host system |
GB9323489D0 (en) * | 1993-11-08 | 1994-01-05 | Ncr Int Inc | Self-service business system |
US6104809A (en) * | 1993-12-29 | 2000-08-15 | Pitney Bowes Inc. | Apparatus for verifying an identification card |
US5521363A (en) * | 1994-02-16 | 1996-05-28 | Tannenbaum; David H. | System and method for tracking memory card transactions |
US6269348B1 (en) * | 1994-11-28 | 2001-07-31 | Veristar Corporation | Tokenless biometric electronic debit and credit transactions |
US6011858A (en) * | 1996-05-10 | 2000-01-04 | Biometric Tracking, L.L.C. | Memory card having a biometric template stored thereon and system for using same |
AUPO084896A0 (en) | 1996-07-05 | 1996-07-25 | Dynamic Data Systems Pty Ltd | Identification storage medium and system and method for providing access to authorised users |
WO1998013791A1 (en) * | 1996-09-27 | 1998-04-02 | Westinghouse Electric Corporation | Apparatus and method for personal identification |
US5917913A (en) * | 1996-12-04 | 1999-06-29 | Wang; Ynjiun Paul | Portable electronic authorization devices and methods therefor |
US6175922B1 (en) * | 1996-12-04 | 2001-01-16 | Esign, Inc. | Electronic transaction systems and methods therefor |
IES970165A2 (en) * | 1997-03-07 | 1998-06-17 | Alps Electric Ireland Ltd | Hybrid smart-card/magnetic card reader device |
JPH117507A (ja) | 1997-06-16 | 1999-01-12 | Hitachi Maxell Ltd | Icカード認証システム |
DE19734507C2 (de) * | 1997-08-08 | 2000-04-27 | Siemens Ag | Verfahren zur Echtheitsprüfung eines Datenträgers |
GB2329499B (en) * | 1997-09-19 | 2001-05-30 | Ibm | Method for controlling access to electronically provided services and system for implementing such method |
US6038666A (en) * | 1997-12-22 | 2000-03-14 | Trw Inc. | Remote identity verification technique using a personal identification device |
US6539101B1 (en) * | 1998-04-07 | 2003-03-25 | Gerald R. Black | Method for identity verification |
US6484260B1 (en) * | 1998-04-24 | 2002-11-19 | Identix, Inc. | Personal identification system |
US6044349A (en) * | 1998-06-19 | 2000-03-28 | Intel Corporation | Secure and convenient information storage and retrieval method and apparatus |
US6167518A (en) * | 1998-07-28 | 2000-12-26 | Commercial Electronics, Llc | Digital signature providing non-repudiation based on biological indicia |
US6330674B1 (en) * | 1998-09-30 | 2001-12-11 | Compaq Computer Corporation | Use of biometrics as a methodology for defining components for ECC encryption |
US6460138B1 (en) * | 1998-10-05 | 2002-10-01 | Flashpoint Technology, Inc. | User authentication for portable electronic devices using asymmetrical cryptography |
US6168077B1 (en) * | 1998-10-21 | 2001-01-02 | Litronic, Inc. | Apparatus and method of providing a dual mode card and reader |
GB9824697D0 (en) * | 1998-11-11 | 1999-01-06 | Ncr Int Inc | Terminal |
US6317834B1 (en) * | 1999-01-29 | 2001-11-13 | International Business Machines Corporation | Biometric authentication system with encrypted models |
US6721891B1 (en) * | 1999-03-29 | 2004-04-13 | Activcard Ireland Limited | Method of distributing piracy protected computer software |
GB9907515D0 (en) * | 1999-04-01 | 1999-05-26 | Ncr Int Inc | Self service terminal |
US6282304B1 (en) * | 1999-05-14 | 2001-08-28 | Biolink Technologies International, Inc. | Biometric system for biometric input, comparison, authentication and access control and method therefor |
US20020129285A1 (en) * | 2001-03-08 | 2002-09-12 | Masateru Kuwata | Biometric authenticated VLAN |
-
1999
- 1999-12-10 WO PCT/JP1999/006961 patent/WO2001042938A1/ja active Application Filing
- 1999-12-10 EP EP99959766A patent/EP1237091A4/en not_active Withdrawn
- 1999-12-10 EP EP08154782A patent/EP1959369A1/en not_active Withdrawn
-
2002
- 2002-06-07 US US10/163,531 patent/US6957339B2/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0240781A (ja) * | 1988-07-29 | 1990-02-09 | Matsushita Refrig Co Ltd | 個人識別システム |
JPH06176220A (ja) * | 1992-12-09 | 1994-06-24 | Omron Corp | 携帯型記憶媒体 |
JPH07306924A (ja) * | 1994-05-13 | 1995-11-21 | Tokin Corp | Icカード |
JPH09297825A (ja) * | 1996-05-01 | 1997-11-18 | Toppan Printing Co Ltd | Icカードリーダ・ライタ |
EP0864996A2 (en) * | 1997-03-13 | 1998-09-16 | Hitachi, Ltd. | Portable electronic device and method for personal identification |
JPH11143833A (ja) * | 1997-11-14 | 1999-05-28 | Toshiba Corp | 生体データによるユーザ確認システム及びicカード並びに記録媒体 |
Non-Patent Citations (2)
Title |
---|
See also references of EP1237091A4 * |
YOSHIAKI ISONO ET AL.: "Honnin ninsho IC card ni yoru kou-security system to kouchiku", RESEARCH REPORT, INFORMATION PROCESSIGNG SOCIETY OF JAPAN (IPSJ), vol. 99, no. 24, 5 March 1999 (1999-03-05), pages 161 - 165, XP002907780 * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001236324A (ja) * | 2000-02-24 | 2001-08-31 | Fujitsu Ltd | バイオメトリクス情報による個人認証機能を有する携帯電子装置 |
EP1271436A2 (en) * | 2001-06-25 | 2003-01-02 | NTT DoCoMo, Inc. | A mobile terminal authentication method and a mobile terminal therefor |
EP1271436A3 (en) * | 2001-06-25 | 2003-12-10 | NTT DoCoMo, Inc. | A mobile terminal authentication method and a mobile terminal therefor |
US7724923B2 (en) * | 2001-07-09 | 2010-05-25 | Laurence Hamid | Removable swipe-imaging device and method for identifying same |
US8406478B2 (en) | 2002-08-08 | 2013-03-26 | Agency for Science, Technology and Research Nanyang Technological University | Distributed processing in authentication |
JP2007503047A (ja) * | 2003-08-18 | 2007-02-15 | ブルームバーグ エル.ピー. | ポータブルアクセス装置 |
WO2006022019A1 (ja) * | 2004-08-27 | 2006-03-02 | Koji Kouda | 入出金システム |
JP2008513860A (ja) * | 2004-09-14 | 2008-05-01 | ギーゼッケ ウント デフリエント ゲーエムベーハー | アクセス有効化用の携帯装置 |
US7529389B2 (en) | 2005-01-12 | 2009-05-05 | National University Corporation Gunma University | Device for verifying individual, and method for verifying individual |
JP4671838B2 (ja) * | 2005-10-31 | 2011-04-20 | 日立オムロンターミナルソリューションズ株式会社 | 現金自動取引装置 |
JP2007122529A (ja) * | 2005-10-31 | 2007-05-17 | Hitachi Omron Terminal Solutions Corp | 現金自動預払システム及び装置 |
JP2007323564A (ja) * | 2006-06-05 | 2007-12-13 | Hitachi Ltd | 生体認証装置と生体認証システム及びicカード並びに生体認証方法 |
JP2008065604A (ja) * | 2006-09-07 | 2008-03-21 | Toppan Printing Co Ltd | 携帯型生体情報記憶装置、生体情報記憶方法、プログラム及び記憶媒体並びに生体認証システム及び方法 |
JP2008250923A (ja) * | 2007-03-30 | 2008-10-16 | Ntt Docomo Inc | 認証処理システム、移動通信端末、及び認証処理方法 |
WO2010103663A1 (ja) | 2009-03-13 | 2010-09-16 | 富士通株式会社 | 個人認証システムおよび個人認証方法 |
JP2011096270A (ja) * | 2010-12-10 | 2011-05-12 | Hitachi Omron Terminal Solutions Corp | 現金自動預払システム及び装置 |
JP2016167201A (ja) * | 2015-03-10 | 2016-09-15 | 株式会社東芝 | 携帯可能電子装置、及びシステム |
US10354055B2 (en) | 2015-03-10 | 2019-07-16 | Kabushiki Kaisha Toshiba | Portable electronic device and system |
Also Published As
Publication number | Publication date |
---|---|
US6957339B2 (en) | 2005-10-18 |
EP1959369A1 (en) | 2008-08-20 |
US20030005310A1 (en) | 2003-01-02 |
EP1237091A1 (en) | 2002-09-04 |
EP1237091A4 (en) | 2006-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2001042938A1 (fr) | Systeme d'authentification personnelle et dispositif electronique portatif a fonction d'authentification personnelle utilisant des informations physiques | |
JP3112076B2 (ja) | ユーザ認証システム | |
KR100486062B1 (ko) | 생측정 증명 | |
US4993068A (en) | Unforgeable personal identification system | |
US20030056100A1 (en) | Method and system for authenticating a digitized signature for execution of an electronic document | |
US20030115490A1 (en) | Secure network and networked devices using biometrics | |
JP2003517658A (ja) | 携帯型電子的課金/認証デバイスとその方法 | |
JP2001325549A (ja) | バイオメトリクス本人確認サービス提供システム | |
KR100788768B1 (ko) | 현금 자동예금지불시스템 및 현금자동거래장치 | |
JPH1139483A (ja) | 指紋認証カード、メモリカード、認証システム、認証装置及び携帯機器 | |
Braithwaite et al. | Application-specific biometric templates | |
JP2000358025A (ja) | 情報処理方法、情報処理装置及び情報処理プログラムを記憶した記録媒体 | |
Gyamfi et al. | Enhancing the security features of automated teller machines (ATMs): A Ghanaian perspective | |
KR19990078671A (ko) | 지문증명식 금융거래시스탬 | |
Bhanushali et al. | Fingerprint based ATM system | |
WO2013051010A2 (en) | A system and method for implementing biometric authentication for approving user's financial transactions | |
KR20080109118A (ko) | 스마트카드를 이용한 지문정보 인증방법 및 그 시스템 | |
KR100542595B1 (ko) | 신용카드와 현금카드의 보안시스템 | |
JPH09106456A (ja) | カード利用における本人確認方法及びicカードを用いた本人確認システム並びに当該システムに用いるicカード | |
JPH11212923A (ja) | 金融取引における認証方法及びシステム | |
JP2009205450A (ja) | 生体認証システムおよび生体認証装置 | |
US20020062441A1 (en) | Authentication apparatus for authentication to permit electronic document or payment by card using personal information of individual, verification apparatus for verifying individual at payment site, and electronic authentication system interconnecting the same | |
KR200208816Y1 (ko) | 카드판독기능을 갖는 무전원 전자 서명장치 | |
JP3090265B2 (ja) | 認証icカード | |
KR100542596B1 (ko) | 은행 현금 지급기와 카드 결제 조회기 사용자 id인증시스템과 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): JP US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 10163531 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1999959766 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1999959766 Country of ref document: EP |