AU2004254771A1 - User authentication system - Google Patents

User authentication system Download PDF

Info

Publication number
AU2004254771A1
AU2004254771A1 AU2004254771A AU2004254771A AU2004254771A1 AU 2004254771 A1 AU2004254771 A1 AU 2004254771A1 AU 2004254771 A AU2004254771 A AU 2004254771A AU 2004254771 A AU2004254771 A AU 2004254771A AU 2004254771 A1 AU2004254771 A1 AU 2004254771A1
Authority
AU
Australia
Prior art keywords
server
authentication
client
biometric
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
AU2004254771A
Other versions
AU2004254771B2 (en
Inventor
Shinji Hirata
Yoshiaki Isobe
Yoichi Seto
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Publication of AU2004254771A1 publication Critical patent/AU2004254771A1/en
Application granted granted Critical
Publication of AU2004254771B2 publication Critical patent/AU2004254771B2/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Description

VERIFICATION OF TRANSLATION National Stage in Australia Patent Application of PCT/JP2004/002411 I, Sekizo HAYASHI, a citizen of Japan, c/o Asamura Patent Office of 331-340, New Ohtemachi Building, 2-1, Ohtemachi-2-chome, Chiyoda-ku, Tokyo, Japan do hereby solemnly and sincerely declare: 1. THAT I am well acquainted with the Japanese language and English language, and 2. THAT the attached is a full, true and faithful translation into the English language made by me of the PCT Application No. PCT/JP2004/002411 and Amendment made under PCT Article 34. AND I, Sekizo HAYASHI, certify and state that the facts set forth above are true. DATED this 15th day of November, 2005 Signature of translator (j Sekizo HAYA; . Registered tent Attorney 39/9 1 DESCRIPTION USER AUTHENTICATION SYSTEM TECHNICAL FIELD The present invention relates to a user authentication protocol between a server device providing services on telecommunication and a client 5 device to receive information services. BACKGROUND ART Due to development and spread of broadband systems and cellular phones, an increasing need exists for safety of authentication to be conducted on 10 telecommunication. To meet the requirements, there have been proposed authentication systems using the biometric authentication techniques conventionally adopted to check an entry into and an exit or leaving from a high security area. 15 The conventional techniques regarding the situation above are as follows. For the user authentication associated with the conventional biometric authentication, a cabinet of visiting-card size includes a fingerprint input 20 function of electrostatic capacity type, a fingerprint registration function, a fingerprint authentication function, and a function conforming to a Public Key Cryptography standard (PKCS). A private key in the 2 cabinet is activated according to a result of fingerprint comparison based on fingerprint information beforehand registered to the cabinet. Using the activated private key, the user authentication and 5 signature are achieved by Public Key Infrastructure (PKI); (reference is to be made to, for example, an apparatus described in "Bio-Keys Sony FIU-710", PC Magazine, Vol. 20, No. 11, pp. 174 (2001/7/12), to be referred to as non-patent article 1 hereinbelow). 10 Additionally, an authentication server is installed to collate a plurality of biometric registration data items in.a centralized manner. The server includes a function to set a combination policy of authentication schemes using AND and/or OR for each 15 electronic settlement on business operations in ERP application to which authentication is provided. For terminal authentication, a template required for the authentication is downloaded via terminal software to conduct user authenticate by the terminal. Moreover, 20 the terminal software operates in cooperation with PKI terminal software separately installed to conduct user authentication and signature (for example, a system described in "Mandy Andress, 'Centralized security key - Authentication Suite 4.0 means managing multiple 25 authentication schemes is easy and cheap', InfoWorld, Aug. 13, 2001, Vol. 23, i33, p. 44, to be referred to as non-patent article 2 hereinbelow). Also, in biometric authentication associated 3 with PKI, there has been proposed a user authentication system which possesses information relating biometric registration data to a PKI certificate. For the biometric registration data and the information of the 5 PKI certificate, biometric authentication is conducted to confirm identity of the user (for example, reference is to be made to JP-A-2000-215280, to be referred to as patent article 1 hereinbelow). Furthermore, there has been proposed a format 10 of a PKI certificate in which a field of biometric template data is disposed in an X.509 extension area to store biometric data in the field (S. Santesson et al, "Internet X.509 Public Key Infrastructure Qualified Certificates Profile", RFC3039, Page 11 (2001/1), to be 15 referred to as non-patent article 3 hereinbelow). DISCLOSURE OF THE INVENTION The conventional techniques are attended with the following problems. In the technique of non-patent article 1, at 20 reception of a result of the fingerprint comparison, the user authentication is conducted using PKI with the server. However, it is not clear on the server side how the authentication is conducted on the client side for a subject of the private key. Therefore, the 25 security policy required by the application cannot be determined. In addition, since the method of authenticating the subject of the private key is 4 limited to a single biometric item installed in a token, there exists a problem unique to the biometric authentication that when the technique is expanded for mass users, there occurs a case to which the technique 5 cannot cope with. The technique of non-patent article 2 is a system for an in-house network in which the biometric authentication function is provided to the network application server limitatively only for biometrics 10 beforehand installed by an organization. Therefore, if the biometric authentication is assumed to be used in a case in which the users are an unspecified number of the general public via a public network such as the internet, the user authentication cannot be implemented 15 for each user request. Also, since it is necessary to transfer via a network the biometric information which is user's privacy information, there exits a problem of privacy protection. Moreover, the authentication policy is managed by a server conducting the 20 authentication service, and hence the policy of the application providing the service cannot be dynamically controlled. The technique of patent article 1 is a system to authenticate biometrics in the client and hence does 25 not cope with a system of various biometric authentication models. Non-patent article 3 only defines a field in the certificate, and does not define at all how to 5 conduct the user authentication associated with biometrics having various unique problems (such as a problem of aging and a failure to enroll). The present invention provides a user 5 authentication system in which both of a server and a client manage user authentication methods including biometric authentication possessed respectively by the serve and the client as functions. Through a session between the server and the client, the user 10 authentication methods possessed by the server and the client are exchanged to select a user authentication method matching the server's application policy and the user's desire. In addition, when a user authentication 15 method in which biometric comparison in the client is also conducted is allowed according to the server's policy, the user authentication method may be selectively added. Furthermore, to protect privacy, request 20 information restricting a range of use of biometric information may be attached to the information sent from the client to the server. Additionally, when a method in which the biometric comparison is conducted in the client is 25 selected, a result of the comparison and registered information as a reference of the comparison may be notified to the server. Also, when the server entrusts biometric 6 authentication to another server which as a user authentication server function and which is trusted by the server, information of the trusted server may be added as the biometric authentication method. 5 BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a configuration diagram of an entire system in an embodiment, FIG. 2 is a configuration diagram of a client in the embodiment, FIG. 3 is an explanatory diagram of a first biometric 10 authentication model to conduct biometric comparison on the client side in the embodiment, FIG. 4 is an explanatory diagram of a second biometric authentication model to conduct biometric comparison on a server side in the embodiment, FIG. 5 is a block 15 diagram showing a functional configuration of the client 110 of a user in the embodiment, FIG. 6 is a table to control-user authentication algorithms possessed by the user client 110 in the embodiment, FIG. 7 is a table of setting items of the user client 20 110 in the embodiment, FIG. 8 is a control table of user templates possessed by the user client 110 in the embodiment, FIG. 9 is a block diagram showing a functional configuration of an AP server 140 in the embodiment, FIG. 10 is a table to control user 25 authentication algorithms possessed by the AP server 140, FIG. 11 is a table to set policies regarding a safety level for each user authentication method of the 7 AP server 140, FIG. 12 is a table to set a safety level for each policy of the AP server 140, FIG. 13 is a first overall processing flow of user authentication conducted between the client and the AP server 140, 5 FIG. 14 is a second overall processing flow of user authentication conducted between the client and the AP server 140 when the templates are stored in other than the device which executes comparison, FIG. 15 is a table indicating items of messages for the AP server 10 140 to request the client to conduct user authentication, FIG. 16 is a table indicating items of response messages of the client for the messages of FIG. 15, FIG. 17 is a table indicating items of messages to the client each of which includes a 15 response and a challenge code for the messages of FIG. 16, FIG. 18 is a table indicating items of response messages to the server for the messages of FIG. 17 in the embodiment, FIG. 19 is a table indicating items of notification messages including user authentication 20 results of the client for the messages of FIG. 18 in the embodiment, FIG. 20 is a third overall processing flow of user authentication conducted between the client and the AP server 140 in the embodiment when the authentication server executes by proxy biometric 25 authentication processing of an application, FIG. 21 is a table indicating items of messages for the AP server 140 to send authentication information to the authentication server when the authentication server 8 executes biometric authentication processing by proxy in the embodiment, FIG. 22 is a table indicating items of notification messages for the authentication server to send a comparison result to the AP server 140 when 5 the authentication server executes biometric authentication processing by proxy in the embodiment, FIG. 23 is an example of a setting screen set by the user of the client 110, FIG. 24 is an example of a setting screen of a security policy in the server for 10 each application, and FIG. 25 is an example of a setting screen of a security policy of each authentication method in the server. BEST MODE FOR CARRYING OUT THE INVENTION Description will be given of an embodiment of 15 the present invention in the following order. (1) System configuration (2) User authentication model (3) Biometric authentication protocol (4) Client functional configuration 20 (5) Server functional configuration (6) Authentication server functional configuration (7) Examples of various information setting screens (1) System configuration FIG. 1 shows an overall system configuration 25 of the embodiment. The system of the embodiment is desirably constructed on public key structure, and each device 9 and the server device are connected to a communication network (to be referred to as the internet hereinbelow) such as the internet to communicate with each other using an Internet Protocol (IP). 5 Each user connects with the internet 120 by a terminal (to be referred to as a client) 110 possessed by the user and issues a request to each server device (to be referred to as an AP server hereinbelow) 140 for a service. The internet 120 is connected to a 10 Certificate Authority (to be abbreviated as CA hereinbelow) 150 authenticating a public key, a Biometric Certificate Authority (to be abbreviated as BCA hereinbelow) authenticating registered information (to be referred to as a template hereinbelow) 160 of 15 biometric authentication, and an authentication server device (to be referred to as an authentication server hereinbelow) 170 to conduct biometric comparison by proxy in response to a request from the AP server 140. The biometric authentication functions of the 20 client 110 are classified into the following three cases depending on respective methods. . The client 110 possesses an authentication information acquisition function 111 and an individual information storage function 112. 25 - The client 110 possesses only the authentication information acquisition function 111. - The client 110 possesses the authentication information acquisition function 111, a comparison 10 function 113, and the individual information storage function 112. Each AP server 140 provides services to each user and includes a function to manage a user 5 authentication policy for each service to conduct user authentication according to information presented form the client 110. The CA 150 authenticates a public key of the user, the client 110, the AP server 140, the BCA 160, 10 and the authentication server 170 and issues a certificate of the authentication. The BCA 160 authenticates a template for biometric authentication of a user and issues a certificate of the authentication. 15 The authentication server 170 prepares various biometric authentication functions in place of the AP server 140 and provides a biometric authentication result to the AP server 140. The embodiment provides, in consideration of 20 such variety of biometric authentication methods, a protocol to relate electronic authentication by a public key to biometric authentication to confirm whether or not a user issuing a request for a service to the AP server 140 is a person possessing an 25 appropriate privilege. FIG. 2 shows a functional configuration of each device shown in FIG. 1. The device includes an information input unit 240, a display 220, a storage 11 250, and a communication device 230 which are connected to a processing unit (CPU) 210. A processing procedure (program) is stored in the storage 250. The processing unit 210 calls and executes the program to issue an 5 operation request to a user through the display 220, to receive an input from the user through the information input unit 240, to communicate information via the communication device 230 with an external device, and to implement other functions possessed by each device. 10 The program may be stored in the storage 250 in advance or may be stored in the storage 250 via a portable storage medium or.a communication medium (a communication network or a carrier propagating through the communication network) from another device. 15 (2) User authentication model (2-1) User authentication model of PKI Description will be given of a user authentication model between the client 110 and the AP server 140 using public key structure. 20 The user beforehand creates a private key to be paired with a public key and requests the CA 150 for authentication to receive a public key certificate issued from the CA 150. The client 110 of the user keeps a private key to be paired with the authenticated 25 public key. In the user authentication, the AP server 140 having received the request from the client 110 sends a challenge code created by a random number generation 12 function to the client 110. The client 110 encrypts by its signature function the challenge code using the private key to create a digital signature and returns the digital signature to the AP server 140. The AP 5 server 140 makes a check to determine whether or not data obtained through decryption using the public key of the certificate matches the challenge code to thereby confirm whether or not the pertinent person is the person of the certificate having issued the service 10 request. The user authentication is user authentication according to the property in which the authentication is based on a condition that only the user possesses the private key. 15 (2-2) Biometric authentication model of client comparison type FIG. 3 shows a model of processing in which the comparison processing of biometric authentication is executed on the side of the client 110. The model 20 is classified into two types according to biometric authentication template control methods as below. - Client's control method controlling templates on the client 110 side - Server's control method controlling in a centralized 25 fashion the templates of each user on the server side (includingcontrol by the BCA 160) In the client's control method, a template 15 authenticated by the BCA 160 is installed in the client 13 110 in advance. The comparison function 113 compares the template 15 with biometric information collected by the authentication information acquisition function 111 and sends a result of the user authentication to the AP 5 server 140. In the server's control method, the template 15 authenticated by the BCA 160 is similarly sent to the client 110 at authentication. The comparison function 113 compares the template 15 with biometric 10 information collected by the authentication information acquisition function 111 and sends a result of the user authentication to the AP server 140. (2-3) Biometric authentication model of server comparison type 15 FIG. 4 shows a model of processing in which biometric authentication is executed on the (application) server side. The model is classified into two types according to biometric authentication template control methods as below. 20 Server's control method controlling in a centralized fashion the templates of each user on the server side (including control by the BCA) - Client's control method controlling templates on the client 110 side 25 In the server's control method, the authentication information acquisition function 111 of the client 110 sends the collected biometric information and an ID of the user to the AP server 140.
14 In the AP server 140, the comparison function 113 thereof compares a template 15 retrieved using the user ID with the biometric information to thereby conduct the user authentication. 5 In the client's control method, the authentication information acquisition function 111 of the client 110 sends the collected biometric information and a template to the AP server 140. The AP server 140 compares the transmitted template 15 with 10 the biometric information to thereby conduct the user authentication. It is assumed in.the operation, the template 15 is beforehand authenticated by the BCA 160. (2-4) Problems 15 In the operation in which only by simply combining the PKI user authentication described in (2 1) with the biometric authentication described in (2-2) and (2-3), there exist problems as below. - Identification of the persons to which IDs are 20 respectively assigned by the biometric authentication and the PKI user authentication are not guaranteed. As described in (2-2) and (2-3), although various biometric authentication methods have been proposed, there does not exists a platform (protocol) to select a 25 biometric authentication method at operation thereof for user authentication. - In the model to complete biometric authentication on the client 110 side, there does not exists on the side 15 providing the application a platform (protocol) to determine how the user authentication is conducted to identify the user. To cope with these problems, the embodiment 5 clarifies a protocol to negotiate the functions possessed by the client side and the server side to determine a biometric authentication function to conduct user authentication and provides a negotiation function for this purpose. Also, for the 10 identification of the IDs assigned by the biometric authentication and the PKI user authentication, the identification is guaranteed, for example, by the digital signature by the BCA described in patent article 1. 15 (3) Client functional configuration FIG. 5 shows a functional configuration of the client 110. The client 110 includes a communication function 201, an encryption function 202, a certificate 20 and private key control function 203, an authentication method negotiation function 204, an authentication method setting function 205, an authentication method control function 206, and authentication functions 2100, 2200, 2300, and 2400 possessed by the client 110. 25 The authentication functions possessed by the client 110 are classified into four types as below. - Authentication function 2100 which includes a template storage function 212, a comparison function 213, and an 16 authentication information acquisition function 211 and which conducts comparison in the client. . Authentication function 2200 which includes a template storage function 222 and an authentication information 5 acquisition function 221 and which conducts comparison in the server. . Authentication function 2300 which includes an authentication information acquisition function 231 and which conducts comparison in the server. 10 - Authentication function 2400 which includes a comparison function 243 and an authentication information acquisition function 241 and which conducts comparison in the client using a template transferred from the server. 15 Since the clients 110 include mutually different authentication functions in a duplicated fashion or a client 110 does not include an authentication function required for a configuration of the client, the embodiment makes it possible to achieve 20 user authentication between the server and the client regardless of the configuration of the client such that an authentication function is selected according to a state of the server. FIG. 6 shows a control table of 25 authentication functions possessed by the client 110. The control table includes an ID to uniquely identify an authentication function of each vendor and an authentication model type. The authentication models 17 are classified into four types as below. - Type S: Type in which the server side controls templates and the server conducts comparison. - Type C: Type in which the client controls templates 5 and the client conducts comparison. Type D: Type in which the server side controls templates and the client conducts comparison. . Type A: Type in which the client controls templates and the server conducts comparison. 10 The discrimination is conducted according to which one of the authentication functions conducts user authentication by use of which one of the models. FIG. 7 shows setting items which the user of the client 110 sets for the authentication function. 15 The user sets five setting items of the authentication function as follows. User information: ID uniquely identifying the user and user's certificate information (e.g., issued CA name + serial no.) 20 - Template information: Templates possessed by the user and number thereof - Priority template: Template which the user most desires to use for comparison Privacy mode: Designation of whether or not secret 25 communication is used for biometric information - Use range limit declaration: Designation of whether or not declaration is issued to application to limit to the user authentication to use an application requiring 18 a biometric information use range FIG. 8 shows a control table of template information possessed by the client 110 as described above. The table includes an ID (a template issuance 5 organization BCA and a serial number thereof) uniquely identifying a template, a user ID of a person of the template, and ID uniquely identifying an authentication function to collate the template. (4) Server function configuration 10 FIG. 9 shows a functional configuration of the AP server 140. The AP server 140 includes a communication function 301, an encryption function 302, a certificate and private key control function 303, an authentication method negotiation function 304, an 15 authentication method setting function 305, an authentication method control function 306, authentication functions 310, 320, and 330 possessed by the AP server 140, and an authentication function result determination function 307. Three kinds of 20 authentication functions are effective in the AP server 140. - First authentication function which includes a template control function 312 and a comparison function 313 and which conducts comparison in the server. 25 - Second authentication function which includes only a template control function 322 and which conducts comparison in the client 110. Third authentication function which includes only a 19 comparison function 330 and which compares a template sent from the client with biometric information in the server. When the client 110 controls the templates 5 for comparison, it is not required for the AP server 140 to possess the associated authentication function. As in the case of the client 110, the embodiment has an aspect in which the embodiment is independent of the functional configuration and the 10 user authentication is achieved between the server and the client, and the embodiment selects an authentication function according to a state of the client. In this connection, the authentication server 15 170 has a configuration similar to that of the AP server 140. FIG. 10 shows a table to control authentication methods (algorithms) possessed by the AP server 140. The control table includes an ID uniquely 20 identifying a method algorithm and a template control type. Three template control types exist as below. . Type S: Type in which AP server 140 controls a template - Type C: Type in which the client controls a template 25 - Type 0: Type in which another server such as the BCA controls a template FIG. 11 shows a table to set safety levels for the user authentication methods of the AP server 20 140. The table includes an algorithm ID, a comparison type, and a safety level of a comparison algorithm. Using the table, a safety level can be selected for an authentication method according to an application 5 policy provided by the AP server 140. The safety levels are, for example, as follows. - Assigning levels according to discrimination performance (such as a false acceptance rate) of comparison software 10 - Safety evaluation level of the client 110 in which comparison software is installed (e.g., EAL of IS015408) ' Assigning levels according to authentication models of comparison software 15 In consideration of the conditions above, a safety level of each comparison software is set by the policy of each AP server 140. FIG. 12 shows a table to set the policy of the AP server 140. The table is constructed as below. 20 - Service ID: Code identifying a service provided by the AP server 140 - Required authentication model: Authentication model required by the service - Required safety level: Safety level (e.g., EAL of 25 IS015408) required by the service Required FAR: FAR required by the service - Validity verification flag: Processing content of validity verification in the service 21 Moreover, to these items, Level regarding quality of biometric information such as an inputted image: Policy in consideration of a picture quality level 5 may be added. To satisfy the security policy of the AP server described above, each biometric authentication algorithm has functions as below. (a) Function to output as an S/N ratio a noise 10 level of picture quality of an input image. When compared with a noise level in an ordinary use, there is obtained an advantage to remove an input image including remarkable variation. (b) Function to output a quantity of variation in 15 successively collected images. When compared with a quantity of variation in an ordinary case, there is obtained, if there appears no variation, an advantage to remove an input image as a forgery of a photo or the like. 20 (c) Function to output information indicating that input features are excessive or insufficient. In a case of face comparison, by evaluating whether or not the face structure is appropriately inputted, it can be expected to increase certainty of comparison. 25 (5) Authentication protocol FIG. 13 shows an authentication flow of the embodiment. First, the client 110 sends a service request 22 811 to the AP server 140. The AP server 140 in which the protocol of the embodiment is installed makes a check to determine whether the requested service is a service requiring 5 user authentication (821). If the service requires the user authentication, the AP server 140 sends to the client 110 a user authentication request 831 including a list of authentication methods possessed by the AP server 140. 10 The client 110 selects from the authentication method list an authentication method which can be handled by the authentication information acquisition function under control of the client 110. In addition, a comparison function controlled by the 15 client 110 is added to the selected list (801). In the created list, if there exists an authentication method using a template which is desired to be used with highest priority, the method is rearranged to an upper most position in the list. The client 110 returns the 20 user authentication specification 812 created as above to the AP server 140. The AP server 140 determines using the policy control table an authentication method most suitable for the requested service. In a case in which there 25 exist many authentication methods satisfying the safety level and the FAR and there exists an authentication method desired by the user (the authentication method at the upper-most position), the AP server 140 selects 23 the desired authentication method (822). If the safety level is not known for the authentication method added by the client 110, information of FAR such as the authentication method, a vendor having developed the 5 authentication method, and the BCA authenticating performance thereof is obtained through an online operation to determine whether or not the safety level is satisfied. The AP server 140 notifies the user 10 authentication method thus determined and a challenge code created by the application to the client 110. If there does not exists an authentication method conforming to the policy, the AP server 140 notifies the end of session (832). 15 The client 110 collects authentication information according to the determined authentication method (802). In a case of an authentication method in which the client 100 controls and compares the 20 template, the authentication information collected in step 802 is compared (803). For the challenge code and the authentication information collected in step 802, the client 110 creates a signature by a private key of a user of the 25 template (804). The client 110 returns the collected authentication information and the user signature 813 to the application.
24 The server 140 verifies integrity of the certificate, the user signature 813, and integrity of the template through signature verification processing (823). 5 Additionally, the AP server 140 verifies integrity of the certificate and the template using information of the certification authority, BCA (824). When the AP server 140 controls and compares the template, the template and the delivered 10 authentication information are compared (825). According to information of a result of the comparison and results of verification in steps 823 and 824, the AP server 140 confirms whether or not there exists a comparison score satisfying the FAR and 15 whether or not the verification is conducted using effective information to determine whether or not the service can be provided (826). The AP server 140 notifies a result of the authentication to the client 110. If it is determined 20 in step 826 that the service can be provided, the AP server 140 provides the service (833). FIG. 14 shows a case in which templates are controlled by other than the AP server 140 and the client 110. FIG. 14 differs from FIG. 13 in that step 25 805 is added and step 827 is executed in place of step 824. The other steps assigned with the same reference numbers as those of FIG. 13 are duplicated, and hence description thereof will be avoided.
25 After step 802, if there is used an authentication method in which the client 110 conducts comparison and the client 110 does not control templates, the client 110 issues a template request to, 5 for example, the BCA controlling templates so that a template is sent therefrom (805). Thereafter, the client 110 compares the authentication information collected in step 802 (803). After step 823, when a template is received 10 from the client 110, the server 140 verifies, according to template integrity information controlled by the BCA, integrity of the template (824). After step 823, in a case in which the AP server 140 conducts comparison and templates are 15 controlled by other servers such as the BCA, the AP server 140 issues a template request to the BCA so that a template is sent therefrom (827). Thereafter, control goes to comparison (825) of the authentication information sent from the client 110. 20 FIG. 15 shows communication data 831 from the AP server 140 to request user authentication. The communication data 831 requesting the user authentication includes data items as follows. Data identification code: Code to identify 25 the communication data requesting user authentication Service request information: Session information of the service requested by the user Requested user authentication model: 26 Information designating a user authentication model requested by the AP server 140. For example, there are designated 0: execute only PKI authentication, 1: execute biometric comparison by client 110, 2: execute 5 biometric comparison by AP server 140, 3: execute biometric comparison by either one of client 110 and AP server 140. Number of lists of authentication methods: Number of authentication methods possessed by AP server 10 140 List of authentication methods: List of the above authentication methods. For example, there are described an ID uniquely designating an authentication method and a flag of its comparison model. 15 FIG. 16 shows response data 812 to the user authentication request from the client 110, the data reflecting a function of the client 110. The response data 812 to the user authentication request includes the following data items. 20 Data identification code: Code to identify the response data to user authentication request Service request information: Session information of the service requested by the user Number of lists of authentication methods: 25 Number obtained by adding the number of authentication methods which can be used by the client 110 to collect biometric information for comparison when the AP server 140 allows authentication models for client comparison 27 to the number of authentication methods which are attained from the authentication methods of the AP server 140 and which can be used by the client 110 to collect biometric information 5 List of authentication methods: List of the above authentication methods. For example, there are described an ID uniquely designating an authentication method and a flag of its comparison model. FIG. 17 shows determination notification data 10 832 of the user authentication method from the AP server 140. The determination notification data 832 of the user authentication method includes data items as below. Data identification code: Code to identify 15 the determination notification data of the user authentication method Service request information: Session information of the service requested by the user Determined authentication method: 20 Authentication method for comparison in the session. Challenge code: Random number generated by the AP server 140 for the user authentication by PKI. FIG. 18 shows communication data 813 including a user signature and authentication 25 information from the client 110. The communication data 813 includes data items as below. Data identification code: Code to identify the communication data from the client 110 28 Service request information: Session information of the service requested by the user Determined authentication method: Authentication method for comparison in the session. 5 Authentication information: The authentication information is classified into the following three cases. 1) Biometric information collected by the client 110 in a case of a model in which the AP server 140 10 controls templates and conducts comparison 2) The comparison result and the template for the comparison by the client 110 in a case of a model in which the client 110 conducts comparison 3) Biometric information and the template collected by 15 the client 110 in a case of a model in which the client 110 controls templates and the AP server 140 conducts comparison User signature: Signature generated by encrypting the challenge code using a private key of 20 the user. The signature may be attached to the data and the challenge code constituting the above communication data. FIG. 19 shows notification data 833 of the user authentication result from the AP server 140. The 25 result notification data includes data items as below. Data identification code: Code to identify the notification data of the user authentication result Service request information: Session 29 information of the service requested by the user Employed authentication method: Authentication method employed by the session Result: Authentication result of the 5 session. For example, 0: user authentication succeeded, 1: PKI authentication failed, 2: biometric template failed, 3: biometric comparison failed Signature of AP server 140: Signature by a private key of the AP server 140 in response to the 10 above result; (6) authentication protocol in a case when an authentication server is used In a case in which many users employ biometric authentication methods, if one biometric 15 authentication method is used, there exists a fear that the biometric authentication is not sufficient and hence usability is deteriorated for the user. Therefore, it is desirable that the SP server 140 prepares a plurality of authentication methods. 20 However, when the SP server 140 possesses various authentication methods, a high configuration cost is required. Therefore, it is also possible to entrust comparison processing to an authentication server having prepared various authentication methods. 25 Moreover, since a long period time is required when the comparison processing is entirely entrusted to the authentication server, it is also possible to partially entrust the processing to the authentication server.
30 Protocols to entrust biometric comparison to the authentication server are as follows. It is necessary for the server 140 to beforehand configure a confident relationship with the 5 authentication server. The embodiment assumes that the AP server 140 gives credence to the comparison result from the authentication server. The AP server 140 beforehand acquires information regarding the authentication methods 10 possessed by the authentication server to determine a security policy for the authentication methods possessed by the authentication serve. Also, it can also be considered that the client 110 proposes an authentication method obtained 15 via an authentication server with which the AP server has not constructed the confident relationship. In this case, a check is first made according to a PKI authentication mechanism to determine whether or not credence can be given to the proposed authentication 20 server to thereby entrust the comparison to the proposed server. In this situation, it can also be considered that the authentication server and the client 110 cooperatively attempt "purporting". Therefore, the condition of credence is that the 25 authentication server is an authentication server having (PKI) authenticated by a reliable organization. It is required for the AP server 140 to beforehand set a policy for the credence. In addition, it is 31 necessary to verify whether or not an authentication of an unknown authentication server matches with the safety policy of the application. Therefore, whether or not the requirement of FAR (False Acceptance Rate) 5 is satisfied is determined according to a reliable evaluation result. The scheme of the determination can be implemented according to the authentication method disclosed in Japanese Patent Application No. 2002-50884 filed by the present applicant. 10 FIG. 20 shows a processing flow when biometric comparison is entrusted to an authentication server. The processing flow differs from that shown in FIG. 13 as below. Description will be given of operation to 15 entrust comparison step 825 to the authentication server. In this connection, the user authentication request 831 includes an authentication method possessed by the AP server 140 and a list of authentication methods possessed by the authentication server. 20 After step 824, to conduct the comparison by the authentication server, a template and the transmitted authentication information are sent to the authentication server (952). The authentication server compares the 25 template with the authentication information received therefrom (941), returns a result thereof to the AP server 140 (962), and then goes to step 826. (7) Examples of various information setting screens 32 Description will be given of an example of a setting screen for various information items. FIG. 23 shows an example of a setting screen for each user in the client 110. 5 As individual information, certificate information of a public key of PKI is displayed in addition to a name and an address to identify an individual. Since issuance of a certificate is received from a plurality of organizations, the setting 10 screen can be changed for each certificate on the display. As template information, there can be displayed all templates issued for IDs of the individuals displayed by changing the screen. In 15 addition, the templates are displayed in an order of priority desired by the user so that the priority is changed by depressing a priority increase button or a priority increase button after designating a template. As security information, the secret 20 communication and the use range limit declaration can be designated using check boxes. FIG. 24 shows an example of a screen to set security policies of applications in the AP server 140. For each application of the AP server 140, it 25 is possible to set a safety level (such as an EAL guarantee level) required for the client 110, an FAR required for authentication, an authentication model, and necessity of integrity verification of a template.
33 FIG. 25 shows an example of a screen to set security policies of authentication methods in the AP server 140. For an authentication method granted by the AP server 140, it is possible to set FAR, a 5 comparison type, and a safety level according to a policy of a server owner (service provider). In accordance with the user authentication system of each of the above embodiments, there can be obtained remarkable advantages as below. 10 First, in the AP server 40 and the client 110 receiving provided services, each thereof controls its own authentication method such that before a service providing session, it is possible to select a user authentication method according to a policy of the AP 15 server 140 and the desire of the user. Also, when the policy of the AP server 140 admits a user authentication method in which the client 110 conducts biometric comparison, the method can be added as an option. 20 Furthermore, to protect privacy, request information to limit the biometric information use range to the authentication processing for the use of the service can be attached to the information sent from the client 110 to the AP server 140. 25 In addition, when a method in which the client conducts the biometric comparison is selected, a result of the comparison and a template as the reference of the comparison can be notified to the 34 server. Moreover, when a first server entrusts biometric authentication to a second server which has a user authentication function and which is trusted by 5 the first server, information of the second server can be added as the biometric authentication method of the first server. INDUSTRIAL APPLICABILITY As above, in the communication of information 10 services on a network in which an unspecified number of the general public participate, the user authentication can be implemented according to a server policy irrespectively of the system configurations respectively of the client and the server.

Claims (10)

1. A user authentication system operating between a server providing information services and a client receiving the information services, wherein: the server notifies feasible biometric authentication methods to the client; the client selects feasible biometric authentication methods to notify the methods; the server determines, using the biometric authentication methods thus selected and notified, a biometric authentication method matching with a security policy of the server and notifies the biometric authentication method to the client; the client sends biometric information conforming to the biometric authentication method thus determined to the server; and the server conducts biometric comparison using the biometric information thus sent thereto to thereby conduct user authentication.
2. A user authentication system operating between a server providing information services and a client receiving the information services, wherein: the server notifies feasible biometric authentication methods to the client; the client selects feasible biometric authentication methods to return the methods; the server determines, using the biometric authentication methods thus selected and notified, a 36 biometric authentication method matching with a security policy of the server and notifies the biometric authentication method and a challenge code to the client; the client sends to the server, biometric information conforming to the biometric authentication method thus determined and a result obtained by encrypting the challenge code from the server using a user private key in a public key cipher; and the server deciphers data resultant from the encryption using a user public key in a public key cipher to verify the challenge code and conducts biometric comparison using the biometric information to thereby conduct user authentication.
3. The user authentication system according to claim 2, wherein the client adds, when it is notified that biometric authentication in the client is included as the feasible biometric authentication method feasible for the server, a biometric authentication method possessed by the client to the selection result and returns the selection result.
4. The user authentication system according to claim 2, wherein the client attaches request information limiting a use range of biometric information regarding a user of the client in the biometric comparison and sends the request information to the server. 37
5. The user authentication system according to claim 2, wherein when a method in which biometric comparison is conducted in the client is selected and the user is confirmed through the biometric comparison in the client, the client encrypts the challenge code from the server using a user private key in a public key cipher and sends registered information as a reference of the comparison together with the result of the biometric comparison to the server, and the server confirms validity of the registered information of the user.
6. The user authentication system according to claim 2, wherein the server adds information of a biometric authentication method of an authentication server to the information notifying the biometric authentication methods of the server.
7. The user authentication system according to claim 2, wherein a safety guarantee level regarding the client is employed as a criterion of determining the security policy of the server.
8. The user authentication system according to claim 2, wherein false acceptance rate in a biometric comparison method is employed as a criterion of determining the security policy of the server.
9. The user authentication system according to claim 2, wherein safety as a result of evaluation according to quality of information iputted for user authentication is employed as a criterion of 38 determining the security policy of the server. 38 determining the security policy of the server.
10. (Added) A user authentication system operating between a client providing an information service and a client receiving the information service, wherein: the server notifies a specification of an authentication model, required by the information service, including a category indicating which one of the client and the server conducts comparison for user authentication and a list of feasible biometric authentication methods to the client; the client selects a list of feasible biometric authentication methods to notify the list; the server determines, using the list of biometric authentication methods thus selected and notified, a biometric authentication method matching with a safety guarantee level and authentication accuracy of the client required by the -information service to the client; the client collects biometric information conforming to the biometric authentication method thus determined; and ether one of the server and the client conducts biometric comparison to perform user authentication by use of the biometric information and according to the category of the authentication model thus specified. Ago\ a C S
AU2004254771A 2003-05-21 2004-02-27 User authentication system Ceased AU2004254771B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2003142838A JP4374904B2 (en) 2003-05-21 2003-05-21 Identification system
JP2003-142838 2003-05-21
PCT/JP2004/002411 WO2005003985A1 (en) 2003-05-21 2004-02-27 User authentication system

Publications (2)

Publication Number Publication Date
AU2004254771A1 true AU2004254771A1 (en) 2005-01-13
AU2004254771B2 AU2004254771B2 (en) 2008-03-20

Family

ID=33530788

Family Applications (1)

Application Number Title Priority Date Filing Date
AU2004254771A Ceased AU2004254771B2 (en) 2003-05-21 2004-02-27 User authentication system

Country Status (3)

Country Link
JP (1) JP4374904B2 (en)
AU (1) AU2004254771B2 (en)
WO (1) WO2005003985A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2000941A1 (en) * 2006-03-24 2008-12-10 Hitachi, Ltd. Biometric authentication system and method with vulnerability verification
EP2110774A1 (en) * 2007-02-07 2009-10-21 Nippon Telegraph and Telephone Corporation Client device, key device, service providing device, user authentication system, user authentication method, program, and recording medium
EP2479699A4 (en) * 2009-09-18 2014-09-24 Fujitsu Ltd Biometric authentication system and control method

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006128761A (en) * 2004-10-26 2006-05-18 Sony Corp Communication method and communication system employing encryption technology, and biological information verification apparatus
JP2006268411A (en) * 2005-03-24 2006-10-05 Nomura Research Institute Ltd Method and system for authenticating remote accessing user by using living body data and user device
JP2006293473A (en) * 2005-04-06 2006-10-26 Sony Corp Authentication system and authentication method, terminal device, and authentication device
WO2007020942A1 (en) * 2005-08-18 2007-02-22 Nec Corporation User authentication system, terminal used for it, authentication verification device, and program
JP5043857B2 (en) * 2005-12-13 2012-10-10 インターナショナル・ビジネス・マシーンズ・コーポレーション Transaction confirmation method and system
CN100365974C (en) * 2006-03-31 2008-01-30 北京飞天诚信科技有限公司 Device and method for controlling computer access
JP2007299153A (en) * 2006-04-28 2007-11-15 Hitachi Software Eng Co Ltd Biometrics system and biometrics method
JP4820342B2 (en) * 2007-08-09 2011-11-24 日本電信電話株式会社 User authentication method, user authentication apparatus, program, and recording medium
JP5132222B2 (en) * 2007-08-13 2013-01-30 株式会社東芝 Client device, server device, and program
JP4979127B2 (en) * 2007-08-22 2012-07-18 株式会社日立ソリューションズ Account information leak prevention service system
JP5514200B2 (en) * 2008-06-20 2014-06-04 コーニンクレッカ フィリップス エヌ ヴェ Improved biometric authentication and identification
JP5844001B2 (en) * 2012-04-01 2016-01-13 オーセンティファイ・インクAuthentify Inc. Secure authentication in multi-party systems
CN102769531A (en) * 2012-08-13 2012-11-07 鹤山世达光电科技有限公司 Identity authentication device and method thereof
US9306754B2 (en) 2012-12-28 2016-04-05 Nok Nok Labs, Inc. System and method for implementing transaction signing within an authentication framework
US9172687B2 (en) 2012-12-28 2015-10-27 Nok Nok Labs, Inc. Query system and method to determine authentication capabilities
JP6391101B2 (en) * 2012-12-28 2018-09-19 ノック ノック ラブズ, インコーポレイテッドNok Nok Labs, Inc. Query system and method for determining authentication capability
US9887983B2 (en) 2013-10-29 2018-02-06 Nok Nok Labs, Inc. Apparatus and method for implementing composite authenticators
US9396320B2 (en) 2013-03-22 2016-07-19 Nok Nok Labs, Inc. System and method for non-intrusive, privacy-preserving authentication
US10270748B2 (en) 2013-03-22 2019-04-23 Nok Nok Labs, Inc. Advanced authentication techniques and applications
US9961077B2 (en) 2013-05-30 2018-05-01 Nok Nok Labs, Inc. System and method for biometric authentication with device attestation
US20150242605A1 (en) * 2014-02-23 2015-08-27 Qualcomm Incorporated Continuous authentication with a mobile device
US10032008B2 (en) * 2014-02-23 2018-07-24 Qualcomm Incorporated Trust broker authentication method for mobile devices
US9654469B1 (en) 2014-05-02 2017-05-16 Nok Nok Labs, Inc. Web-based user authentication techniques and applications
US20170109751A1 (en) * 2014-05-02 2017-04-20 Nok Nok Labs, Inc. System and method for carrying strong authentication events over different channels
US9577999B1 (en) 2014-05-02 2017-02-21 Nok Nok Labs, Inc. Enhanced security for registration of authentication devices
US10148630B2 (en) 2014-07-31 2018-12-04 Nok Nok Labs, Inc. System and method for implementing a hosted authentication service
US9875347B2 (en) 2014-07-31 2018-01-23 Nok Nok Labs, Inc. System and method for performing authentication using data analytics
US9749131B2 (en) 2014-07-31 2017-08-29 Nok Nok Labs, Inc. System and method for implementing a one-time-password using asymmetric cryptography
US9736154B2 (en) 2014-09-16 2017-08-15 Nok Nok Labs, Inc. System and method for integrating an authentication service within a network architecture
JP5977846B2 (en) * 2015-02-13 2016-08-24 エヌ・ティ・ティ・インターネット株式会社 Biometric authentication platform system, biometric authentication information management apparatus, biometric authentication information management method, and biometric authentication information management program
JP6555983B2 (en) * 2015-08-27 2019-08-07 Kddi株式会社 Apparatus, method, and program for determining authentication method
CN106549919B (en) 2015-09-21 2021-01-22 创新先进技术有限公司 Information registration and authentication method and device
US10637853B2 (en) 2016-08-05 2020-04-28 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
US10769635B2 (en) 2016-08-05 2020-09-08 Nok Nok Labs, Inc. Authentication techniques including speech and/or lip movement analysis
CN106899567B (en) 2016-08-24 2019-12-13 阿里巴巴集团控股有限公司 User body checking method, device and system
US10091195B2 (en) 2016-12-31 2018-10-02 Nok Nok Labs, Inc. System and method for bootstrapping a user binding
US10237070B2 (en) 2016-12-31 2019-03-19 Nok Nok Labs, Inc. System and method for sharing keys across authenticators
US11868995B2 (en) 2017-11-27 2024-01-09 Nok Nok Labs, Inc. Extending a secure key storage for transaction confirmation and cryptocurrency
US11831409B2 (en) 2018-01-12 2023-11-28 Nok Nok Labs, Inc. System and method for binding verifiable claims
KR101936941B1 (en) * 2018-02-22 2019-01-11 스티븐 상근 오 Electronic approval system, method, and program using biometric authentication
JP7115167B2 (en) 2018-09-11 2022-08-09 富士フイルムビジネスイノベーション株式会社 Information processing device and program
US11792024B2 (en) 2019-03-29 2023-10-17 Nok Nok Labs, Inc. System and method for efficient challenge-response authentication
JP2021005870A (en) * 2020-07-21 2021-01-14 株式会社ビットキー Use control system, use permit issuance device, use control method, and computer-readable program

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000092046A (en) * 1998-09-11 2000-03-31 Mitsubishi Electric Corp Remote authentication system
JP2000122975A (en) * 1998-10-14 2000-04-28 Toshiba Corp User confirmation system by means of biometrics and storage medium
JP2001344212A (en) * 2000-05-31 2001-12-14 Base Technology Inc Method for limiting application of computer file by biometrics information, method for logging in to computer system, and recording medium
JP3827600B2 (en) * 2001-04-17 2006-09-27 松下電器産業株式会社 Personal authentication method and apparatus
JP2003050783A (en) * 2001-05-30 2003-02-21 Fujitsu Ltd Composite authentication system
JP2002366527A (en) * 2001-06-11 2002-12-20 Ntt Advanced Technology Corp Personal identification method
JP4695310B2 (en) * 2001-09-18 2011-06-08 ナイルス株式会社 Lever switch for vehicle

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2000941A1 (en) * 2006-03-24 2008-12-10 Hitachi, Ltd. Biometric authentication system and method with vulnerability verification
EP2000941A4 (en) * 2006-03-24 2013-08-07 Hitachi Ltd Biometric authentication system and method with vulnerability verification
EP2110774A1 (en) * 2007-02-07 2009-10-21 Nippon Telegraph and Telephone Corporation Client device, key device, service providing device, user authentication system, user authentication method, program, and recording medium
EP2110774A4 (en) * 2007-02-07 2010-08-11 Nippon Telegraph & Telephone Client device, key device, service providing device, user authentication system, user authentication method, program, and recording medium
EP2479699A4 (en) * 2009-09-18 2014-09-24 Fujitsu Ltd Biometric authentication system and control method
US8863259B2 (en) 2009-09-18 2014-10-14 Fujitsu Limited Method of controlling biometric authentication system, non-transitory, computer readable storage medium and biometric authentication system

Also Published As

Publication number Publication date
JP4374904B2 (en) 2009-12-02
AU2004254771B2 (en) 2008-03-20
JP2004348308A (en) 2004-12-09
WO2005003985A1 (en) 2005-01-13

Similar Documents

Publication Publication Date Title
AU2004254771B2 (en) User authentication system
US9300649B2 (en) Context sensitive dynamic authentication in a cryptographic system
RU2434340C2 (en) Infrastructure for verifying biometric account data
US9189777B1 (en) Electronic commerce with cryptographic authentication
US9544297B2 (en) Method for secured data processing
JP4129783B2 (en) Remote access system and remote access method
US7577621B2 (en) Cryptographic server with provisions for interoperability between cryptographic systems
JP4508331B2 (en) Authentication agent device, authentication agent method, authentication agent service system, and computer-readable recording medium
US20040059924A1 (en) Biometric private key infrastructure
US7366904B2 (en) Method for modifying validity of a certificate using biometric information in public key infrastructure-based authentication system
JP2003143136A (en) Identification system and apparatus
KR20150052260A (en) Method and system for verifying an access request
US20050228687A1 (en) Personal information management system, mediation system and terminal device
US20050021954A1 (en) Personal authentication device and system and method thereof
JP4857657B2 (en) Access management system and access management method
JP2005149341A (en) Authentication method and apparatus, service providing method and apparatus, information input apparatus, management apparatus, authentication guarantee apparatus, and program
JP3793042B2 (en) Electronic signature proxy method, apparatus, program, and recording medium
JP4794939B2 (en) Ticket type member authentication apparatus and method
JP2003224554A (en) Communication connection system, method and program and electronic voting system
EP1959607B1 (en) A method and system for authenticating the identity
AU2003253777B2 (en) Biometric private key infrastructure

Legal Events

Date Code Title Description
FGA Letters patent sealed or granted (standard patent)
MK14 Patent ceased section 143(a) (annual fees not paid) or expired