JP2002269045A - Method and device for identification - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide inexpensive and highly reliable identification method/device. SOLUTION: Information (1) and information (2), which are obtained by dividing original information, are stored in a user portable device 10a which a user carries and a user device 20a arranged in a user unit (a card and a portable telephone set) which the user uses. The user device 20a ciphers information (1) received from the user portable device 10a and information (2) which it itself stores by a prescribed public key PK and transmits them to an authentication center. In the authentication center, information received from the user device is decoded by using a secret key corresponding to the public key. When original information can be formed by using decoded information, the user is confirmed to be the original user of the user unit.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an identification method and an identification device for confirming that a user using a user device is an original user of the user device (identity). In particular, the present invention relates to an identification method and an identification device that can be suitably used for a system that requires authentication.

[0002]

2. Description of the Related Art When a user uses a service provided by a service company, the service company performs authentication in order to confirm that the user who intends to use the service is himself. As the authentication method, for example, a method using a personal identification number, a method using a signature, a method using a seal, a method using an ID code (a small communication device that transmits or transmits an ID code to a user device in a non-contact manner), and the like are used. I have. The method using a personal identification number is used, for example, when withdrawing cash from a bank account using a cash card. When a user withdraws cash, the bank ATM
Insert a cash card into the card slot of the (cash machine) and enter your PIN. The ATM transmits card information (for example, ID) read from the cash card and a password input by the user to the authentication center. The authentication center, based on the password input to the ATM and the read card information, and a database containing the correspondence between the card information and the password stored in the storage means,
Perform authentication. The method using a signature is used, for example, when paying for a product using a credit card. When a user pays by credit card,
Sign the product purchase slip. The product seller performs authentication by comparing the signature on the product purchase slip with the signature on the credit card. The method using a seal is used, for example, when withdrawing cash from a bank account using a bankbook. When a user withdraws cash from a bank account using a bankbook, the user stamps a cash withdrawal sheet using a seal. The bank performs authentication by comparing the seal stamped on the cash withdrawal sheet with a previously registered seal. A method using an ID code is, for example,
This is used to prevent unauthorized use of user equipment used by the user. In this method, the same ID code is stored in a tag (a card member with a transmission / reception function) carried by the user and a user device (for example, a mobile phone) used by the user. The tag can be used by connecting to a user device, but is often used as a wireless tag. The user device compares the ID code transmitted from the tag with the ID code stored therein, and releases the use restriction of the user device if the ID code matches (outputs a use permission signal).
I do. As another authentication method for confirming the identity of a user, a method using biometric information unique to each person (voiceprint, fingerprint, palmprint, retinal pattern, face image, or the like) is known. In this authentication method, biometric information of a user is read by a biometric information reading device, and authentication is performed by comparing the read biometric information with pre-registered biometric information. Since this authentication method uses biometric information unique to each person, authentication accuracy is high.

[0003]

The conventional method of verifying the identity of a person using a personal identification number, a signature, a seal, or an ID code is performed by a person using a cash card, a person using a credit card, or a person using a bankbook. Even when the person carrying the tag storing the ID code is not the original user, the tag may be authenticated as a correct user. For example, user equipment (eg, cash card)
If information theft or information leakage such as theft of a personal information, a seal, a personal identification number, a signature, an ID code, etc. occurs, the user equipment is illegally used. Conventional personal identification methods for performing personal identification using biological information include a biological information reading device (for example, an imaging unit) and a biological information processing device (for example, an image processing device,
Since a large-capacity storage device or the like is required, the cost of the entire system increases. In addition, when a finger is damaged or suffers from eye disease, a fingerprint or a retinal pattern changes, and authentication accuracy may be reduced. In addition, when a retinal pattern is used, it is necessary to bring the eye to a measurement position, which is troublesome. In addition, when a fingerprint is used, it is necessary to bring the finger into contact with the fingerprint reader, so that a person who likes cleanliness has a psychological discomfort. Accordingly, an object of the present invention is to provide a low-cost and highly reliable personal identification method and personal identification device.

[0004]

According to a first aspect of the present invention, there is provided an identity verification method as set forth in claim 1. The personal identification method according to claim 1, wherein the first information and the second information obtained by dividing the original information are held in a user portable device carried by a user and a user device provided in a user device, respectively. Is
Transmitting the first information, the user device transmits the received information and the second information held by the user device to the authentication center,
The authentication center confirms the identity of the user when the original information can be created using the received information. By using the personal identification method according to the first aspect, the configuration can be made at a lower cost than when using the biological information. In addition, there is no fear of unauthorized use even if a PIN or card is stolen. Also, since the first information and the second information obtained by dividing the original information are stored in the user portable device and the user device (not the same information), there is no fear of unauthorized use even if the user device is stolen. Thus, the reliability is higher than when a password, a signature, a seal, an ID code, or the like is used. A second invention of the present invention is an identification method as set forth in claim 2. In the personal identification method according to the second aspect, the user carries the first information and the second information obtained by dividing the original information and the first public key and the second public key obtained by dividing the public key. The user portable device and the user device provided in the user equipment hold the user portable device, the user portable device stores the first information and the first information.
Transmitting the public key, the user device encrypts the received information and the second information held by the user device using the received key and the second public key held by the user device, and transmits the encrypted information; The authentication center confirms the identity of the user when the original information can be created using the received information. According to the second aspect of the present invention, the first information and the second information obtained by dividing the original information are stored in the user portable device and the user device. It has a similar effect. Also, the first information and the second information are encrypted using the public key and transmitted, and the first public key and the second public key obtained by dividing the public key are transmitted to the user portable device and the user device. Because they are stored, the reliability is higher. According to a third aspect of the present invention, there is provided an identity verification device as described in claim 3. In the personal identification device according to claim 3, the first information and the second information obtained by dividing the original information are stored in the user portable device and the user device, and the user portable device transmits the first information, The device transmits the received information and the second information to the authentication center, and the authentication center confirms the identity of the user when the original information can be formed using the information transmitted from the user device. The personal identification device according to the third aspect has the same effect as the invention according to the first aspect. A fourth invention of the present invention is the invention as described in claim 4. In the personal identification device according to the third aspect, an encryption function is used for transmitting information between the user portable device and the authentication center. Thereby, the possibility of information leakage is reduced, and the reliability is improved. A fifth invention of the present invention is an identity verification device as described in claim 5. In the personal identification device according to the fifth aspect, an encryption function using a public key is used. Thereby, the possibility of information leakage is further reduced, and the reliability is further improved. According to a sixth aspect of the present invention, there is provided a personal identification device for a bird according to the sixth aspect.
In the personal identification device according to claim 6, the first information and the second information obtained by dividing the original information, and the first information and the second information obtained by dividing the public key.
The public key and the second public key are held in a user portable device carried by the user and a user device provided in the user device, respectively, the user portable device transmits the first information and the first public key, and the user device receives the first information and the first public key. The received information and the second information held by the user device are encrypted using the received key information and the second public key held by the user device and transmitted, and the authentication center uses the received information to If you can create the original information, confirm your identity. Claim 6
The same effect as the invention described in claim 2 can be obtained by using the personal identification device described in (2).

[0005]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a schematic diagram of a first embodiment of the personal identification device according to the present invention. FIG.
FIG. 1 shows a diagram in which an authentication system is configured using the personal identification device of the present invention. For example, when the user 1 makes a decision using a debit card 40a, which is a type of user device (payment for the purchased product), the conventional authentication method uses:
User authentication is performed as follows. First, the user 1 inserts the debit card 40a into the card insertion slot of the authentication terminal device 50a and inputs a personal identification number using an input unit or the like. The authentication terminal device 50a reads card information (ID or the like) stored in the debit card 40a, and transmits the read card information and user information including the password input by the user 1 to a communication line (wired telephone network, wireless telephone (The network, the Internet, etc.) 70 to the authentication center 60a. The authentication center 60a performs authentication by checking the card information and the password transmitted from the authentication terminal device 50a with a database storing the password in association with the card information. Then, the authentication center 60a transmits an authentication OK signal to the authentication terminal device 50a if the authentication is OK, and transmits an authentication NG signal to the authentication terminal device 50a if the authentication is NG.

[0006] In this authentication process, as described above, confirmation that the user 1 is the original user of the debit card 40a (identification) is not performed. Therefore, in the present embodiment, the identity verification processing is performed in the authentication center 60a as follows. In the present embodiment, the personal identification device includes a user portable device 10a provided on a user portable device (for example, a wristwatch) 30a carried by the user 1, and a user device (for example, a debit card) 4 used by the user.
A user device 20a provided in the authentication center 60a
a. The user portable device 10a and the user device 20a are prepared, for example, by a service company that performs user authentication. User portable device 10a and user device 20
Various methods are possible for attaching a to the user portable device 30a and the user device 40a. For example, a method using an attaching means such as an adhesive or an adhesive tape, a method built in (integrated with) the user portable device 30a or the user device 40a, or the like can be used. In the embodiment shown in FIG. 1, the user portable device 10a is adhered to the user portable device 30a, and the user device 20a is attached to the user device 40a.
a is integrally formed.

Next, FIG. 2 shows a block diagram of the user portable device 10a and the user device 20a used in the present embodiment. The user portable device 10a includes a signal output unit 11a, a modulation / demodulation unit 12a, and a communication unit 13a. The signal output unit 11a has, for example, a storage unit that stores information (1), which is one of the divided information, and outputs the information (1). Various formats can be used as the format of the information (1). The modulation / demodulation means 12a modulates the information (1) output from the signal output means 11a,
a. Alternatively, the modulation / demodulation means 12a
Demodulates the signal received via the communication means 13a.
Then, when the demodulated signal includes the transmission request signal of the information (1), the information (1) is modulated and the communication unit 13a
To send over. The user portable device 10a is provided with a battery for supplying power to each unit. In addition, information
As a method of transmitting (1), a radio wave may be used, or an ultrasonic wave or light (infrared ray) may be used.

[0008] The user device 20a has a communication means 21a, a modulation / demodulation means 22a, an encryption means 23a, and a signal output means 24a. The modulation / demodulation unit 22a demodulates the signal received via the communication unit 21a, and
Output to 3a. Alternatively, the modulation / demodulation means 22a
The transmission request signal for the information (1) is modulated and transmitted via the communication means 21a. After that, the signal received via the communication unit 21a is demodulated and output to the encryption unit 23a. The signal output unit 24a includes, for example, a storage unit that stores information (2), which is the other division information, and a key (a public key PK in the present embodiment) used for encryption.
(2) and output the key PK. The encryption unit 23a outputs the information (information (1) for the original user) input from the demodulation / modulation unit 22a and the information (2) output from the signal output unit 24a from the signal output unit 24a. It is encrypted using a public key PK and transmitted to the outside (authentication center 60a) by communication means (not shown). A communication unit that transmits information to the authentication center 60a may also serve as the communication unit 21a, or may use a communication unit provided in the user device 40a. The user device 20a is provided with a battery for supplying power to each unit. The public key PK
May be stored in the encryption means 23a.

FIG. 3 is a perspective view of one embodiment of the user equipment 40a. The user device 40a shown in FIG. 3 is formed in a card shape. The means 21a to 24a shown in FIG. 2 are provided inside the card. The user device 40a is also a communication device having a communication function for communicating with the user portable device 10a. As the user device 40a, a magnetic card, an IC card, a debit card, a credit card, a cash card, or the like can be used. For example, by providing communication means on a payment card such as a debit card, credit card, or cash card, the payment card can have an identity verification function. It should be noted that the card is not limited to a payment card or a financial card, and it is a matter of course that a communication device such as a wireless device may be formed in a card shape.

When the user device 20a and the user device 40a are separate units, signal transmission between the user device (encryption means 23a) and the user device 40a is performed by radio or via a cable. If connection terminals that can be connected to each other are provided in the user device 20a and the user device 40a,
Since the user device 20a and the user device 40a can be connected only by connecting the connection terminals, the connection operation is facilitated. Note that the signal output unit 11a, the modulation / demodulation unit 12a, the communication unit 13a of the user portable device 10a,
Communication means 21a, modulation / demodulation means 2 of user apparatus 20a
2a, the encryption unit 23a, and the signal output unit 24a may be realized by hardware or software. Further, the encrypting means 23a includes a signal output means 24.
a or the modulation / demodulation means 22a. Further, each means of the user portable device 10a and the user device 20a may be individually constituted by an IC chip, or may be constituted by an IC chip collectively.

First, an outline of the present embodiment will be described. In the present embodiment, information (original information) originally recognized as one piece of information is divided to form information (1) and information (2), and one of the pieces of divided information (information (1)) is The other division information (information (2)) is held (stored) in the user device 20a provided in the user device 40a. Source information includes characters, symbols, figures, formulas,
Various information such as numerical values can be used, and various methods can be used to divide the original information. The user device 20a encrypts the received information (usually the information (1)) and the information (2) stored therein by using a public key,
Send to authentication center. In the authentication center, the user device 2
The information received from Oa is decrypted using a private key corresponding to a public key obtained by encrypting the information. If the original information can be formed using the decrypted information (usually, information (1) and information (2)), the user 1 must be the original user of the user device 40a. Confirm (identify).

The public key cryptosystem is a publicly known cryptosystem, and a detailed description is omitted, but a public key and a secret key are used. Information encrypted using a public key cannot be decrypted except by a private key corresponding to the public key. The information transmitting side encrypts the transmission information using the public key of the information receiving side and transmits it. The information receiving side decrypts the received information using its own secret key. When this public key cryptosystem is used, there is no need to inform the other party of the secret key as in the case of the common key cryptosystem, so that the secret key is less likely to leak. Also, the number of keys is smaller than in the common key cryptosystem. Various methods are possible for storing the public key in the user device 20a. For example, a method of storing the information in the signal output unit 24a of the user device 20a in advance is used. Alternatively, when it is necessary to perform identity verification or at an arbitrary time, the authentication center 60a sends the user device 20a
Is used. Alternatively, a method is used in which the authentication center 60a transmits a public key from a third-party authentication organization that has registered the public key when it is necessary to perform identity verification or at any time.

Next, the operation of this embodiment will be described. The user device 20a recognizes information stored in the user portable device 10a when identification is necessary (for example, when a debit card is inserted into the card insertion slot of the authentication terminal device). The user portable device 1 with the user device 20a
Various methods are possible for recognizing the information stored in Oa. For example, the information (1) from the user portable device 10a at an appropriate time (for example, at a predetermined time interval)
Send In this case, the user device 20a
It is determined that the information received within a predetermined period including the time when the personal identification is required is the information of the user portable device 10a at that time. Using this method, the user device 20a transmits the information transmitted from the user portable device 10a.
Since (1) is always received, the time for transmitting information to the authentication center described later is short. Alternatively, when the personal identification is required, the user portable device 1
0a, a transmission request signal for information is transmitted. In the case of this method, the user portable device 10a is normally in a reception standby state, and transmits information (1) when receiving the transmission request signal transmitted from the user device 20a. With this method, the power consumption of the user portable device 10a can be reduced.

The user device 20a transmits the received information (information (1) in the case of the correct user portable device 10a) and the information (2) stored therein to an encryption key (in this case, , Public key), and the authentication center 6
0a. From the user device 20a to the authentication center 60
Various methods are possible for transmitting information to a.
For example, when the user device 40a is a debit card without a non-contact type communication unit (wireless communication unit), the connection terminal between the debit card and the authentication terminal device 50a, the authentication terminal device 50a, and the communication line 70 are connected. The information is transmitted to the authentication center 6 via the transmission route R1 to the authentication center 60a through the
0a. If the user device 40a is a mobile phone or the like having wireless communication means, the transmission route R to the authentication center 60a via the wireless communication line and the communication line 70
In step 2, information is transmitted to the authentication center 60a.

Storage means of authentication center 60a (not shown)
The original information, which is the basis of the information stored in the user device 20a provided in each user device 40a, and the secret key corresponding to the public key used in each user device 20a are stored in each user device 20a. (User device 40a). Upon receiving the information transmitted from the user device 20a (communication means), the authentication center 60a refers to the database and refers to the user device 20a.
A search is made for the original information corresponding to a and the secret key corresponding to the public key used in the user device 20a. Then, using the retrieved secret key corresponding to the user device 20a,
The received information is decoded (decoding means). That is,
The information (1) received by the user device 20a and the user device 2
The information (2) stored in 0a is extracted. Further, information (3) is formed by a predetermined algorithm using the decrypted information. That is, information (1) and information (2) are combined by a predetermined algorithm (combining method) to form information (3). An algorithm for combining the information (1) and the information (2) is determined according to a division method of dividing the information (1) and the information (2) from the original information. The authentication center 60a performs identity verification by comparing the information (3) with the original information. That is, when the original information can be created using the decrypted information, it is confirmed that the user is the original user of the user device. Information (3)
When the authentication information and the original information match (when the identity is confirmed), the authentication center 60a transmits, for example, an authentication OK signal to the authentication terminal device 50a. As a result, the authentication terminal device 50a permits use of the user device 40a (debit card). For example, it is possible to read card information of a debit card and input a personal identification number, or to make payment.

Next, a method of dividing and combining the original information will be specifically described. FIG. 4 shows a first example. In this embodiment,
The original information [0111] is replaced with information (1) [0011] and information (2)
[0101]. And one (for example,
Information (1)) is stored in the user portable device 10, and the other (for example, information (2)) is stored in the user device 20.
The original information may be stored in the authentication center 60a or may be stored in another storage unit. When the user device 20 receives the information (1) from the user portable device 10, the user device 20 encrypts the received information (1) and the information (2) stored therein by using a predetermined public key PK (“PK ( Information (1)) and PK
(Information (2)) ”). Then, information (1) and information (2) encrypted with the public key PK are transmitted to the authentication center 60.
Upon receiving the information from the user device 20, the authentication center 60 receives the original information corresponding to the user device 20,
Search for a secret key SK corresponding to the public key PK used in the step (a). Then, the received information (“PK (information (1))” and “PK (information (2))”) is decrypted by the secret key SK (“SK [PK (information (1))]” and “ SK [PK (information
(2))]]) Obtain information (1) and information (2). Further, information (3) is formed by combining the decrypted information (1) and information (2) with a predetermined algorithm. In the case of this embodiment, information (1) and information
(2) is ORed. User portable device 1 with correct information (1)
0a, the information (1) and the information (2) are OR-processed to obtain the original information [011].
1] is formed. Next, the information (3) is compared with the original information to confirm the identity. In the present embodiment, it is determined whether or not the information (3) is the same as the original information. For example, the information (3) and the original information are XORed (exclusive OR). The division method is not limited to the example shown in FIG. 4, and the divided information (1) and the information (2)
The original information may be formed by performing a predetermined logical operation on.

FIG. 5 shows a second example. In this embodiment, the original information [bit matrix of the figure of the numeral 7] is divided into upper information (1) and lower information (2) at the dividing line drawn left and right in FIG. Then, one (for example, information (1)) is stored in the user portable device 10, and the other (for example, information (2)) is stored in the user device 20. The original information is stored in the authentication center 60
a, or may be stored in another storage unit. Upon receiving the information (1) from the user portable device 10a, the user device 20 encrypts the received information (1) and the information (2) stored therein with a predetermined public key PK (“P
K (information (1)) "and" PK (information (2)) "). And
The information (1) and the information (2) encrypted with the public key PK are transmitted to the authentication center 60. Upon receiving the information from the user device 20, the authentication center 60 searches for original information corresponding to the user device 20 and a secret key SK corresponding to the public key PK used in the user device 20. Then, the received information (“PK (information (1))” and “PK (information (2))”) is
Decrypt with the secret key SK (“SK [PK (information (1))]”
And "SK [PK (information (2))]"). Further, information (3) is formed by combining the decrypted information (1) and information (2) with a predetermined algorithm. In the case of this embodiment, the bit matrix of information (1) and the bit matrix of information (2) are combined. Information (1)
Is transmitted from the correct user portable device 10a, the bit matrix of the information (1) and the bit matrix of the information (2) are combined to obtain the original information [the bit matrix of the figure of the numeral 7].
Is formed. Further, the information (3) is compared with the original information to confirm the identity. In this embodiment, it is determined whether the graphic represented by the bit matrix of the information (3) is the same as the graphic represented by the bit matrix of the original information. The place where the dividing line is drawn, how to draw the dividing line, the number of dividing lines, and the like can be appropriately selected.

It should be noted that the number of divisions of the original information and the division position can be variously changed. For example, the original information is the first information,
The first information and the third information may be divided into information (1) and the second information may be divided into information (2). Further, the same information can be used as the information (1) and the information (2). In this case, for example, information (2) [0111] (= information
(1)) is stored in the user device 20a, and the original information [000]
. 0] is stored in the authentication center 60a. User device 20
XO converts the received information and the information (2)
R processing is performed to form information (3). Then, the information (3) is compared with the original information to confirm the identity. An algorithm for combining the received information with the information held by itself is determined by a division method for dividing the original information.

In this embodiment, one piece of original information is divided into information (1) (first information) and information (2) (second information) like a tally.
The one information (1) is stored in the user portable device 10a, and the other information (2) is stored in the user device 20a. The authentication center 60a confirms the identity of the user device 20a when the user device 20a receives the correct information (1). Therefore, the configuration can be made at a lower cost as compared with the case where the biological information is used. Further, even if the personal identification number or the card is stolen or lost, there is no fear of unauthorized use unless the user portable device (user portable device) is stolen or lost. Also, since different information is stored in the user portable device 10a and the user device 20a, there is no fear of unauthorized use if one is stolen or lost. Therefore, the identity verification can be performed more reliably than when the personal identification number, signature, ID data, and the like are used. The present invention relates to a method for confirming (identifying) whether a user is a real user of the user device when the user uses the user device. Therefore, how to use the result of the user identification processing performed by the user device is appropriately selected according to the type of the user device and the form in which the user device is used. For example, in FIG. 1, when the authentication center 60a confirms the identity, the authentication center 60a permits the authentication terminal device 50a to read the card information of the debit card (user portable device) 40a. Thereby, the card information of the debit card 40a is read by the authentication terminal device 50a. Further, the user 1 inputs a personal identification number using an input unit or the like of the authentication terminal device 50a. Thereafter, user authentication processing (processing for authenticating the validity of the debit card) is performed in each authentication center 60a in the same procedure as in the conventional example.

The user portable device 30a is not limited to a wristwatch, but may be any device that can be carried or carried by the user 1. For example, rings, glasses, belt buckles, bracelets, pendants, earrings, earrings,
Wallets, commuter passes, licenses, etc. can be used. Also,
As the user portable device 10a, a user portable device 30a
It is not necessary to carry it with the user, for example, it may be carried in a pocket or bag. Also, the user device 40a
The device is not limited to a card, and may be any device that requires identification. For example, a mobile phone or a personal computer may be used. The user device 40a may be shared by a plurality of users. In addition, other than a mobile phone, a PH
S (Personal Handyphone System) telephone, PDA (Pe
rsonal Data Assistance, personal digital assistant, radio, ETC (Electronic Toll Collection System,
Communication equipment for non-stop automatic fee payment system), ITS
(Intelligent Transport Systems, intelligent transportation systems), a vehicle communication device, a telephone communication terminal (eg, a public telephone, a FAX terminal), a data communication terminal (eg, a personal computer), or the like can be used. What to use as user equipment is a matter of business or design choice. As the authentication terminal, for example, ATM, store equipment, personal computer,
A mobile phone, a vending machine, a television, a car navigation, and the like can be used.

In the first embodiment, the user device 20a
FIG. 6 shows a second embodiment in which the public key is divided and stored, and the public key is divided and stored, whereby the public key is divided and stored. In the second embodiment shown in FIG.
Since the mobile phone is the same as the mobile phone of the first embodiment except that it is stored in 0b and the user device 20b, only the parts that are different from the first embodiment will be described. The first point is that the original information is divided to form information (1) and information (2), the information (1) is stored in the user portable device 10b, and the information (2) is stored in the user device 20b. This is the same as the embodiment. Further, the public key PK (1) and the public key PK (2) are divided by dividing the predetermined public key PK.
To form Then, the public key PK (1) is stored in the user portable device 10b, and the public key PK (2) is stored in the user device 20b.
To memorize.

Next, the operation of the second embodiment will be described. The user portable device 10b transmits the information (1) and the public key (1) to the user device 20b. When the user device 20b receives the information transmitted from the user portable device 10b,
The public key PK (1) included in the received information and the public key PK (2) stored therein are combined by a predetermined algorithm to form a public key PK. The predetermined algorithm is determined by the method of dividing the public key PK. Then, the information (1) included in the received information and the information (2) stored by itself are combined using the public key PK formed by combining the public keys PK (1) and PK (2). The data is encrypted and transmitted to the authentication center 60a. The processing in the authentication center 60a is the same as in the first embodiment, and a description thereof will not be repeated. In the second embodiment, if both the information (1) and the public key PK (1) are incorrect, it is not confirmed that the user is the person, and therefore, the second embodiment has high reliability.

FIG. 7 shows a third embodiment using a portable telephone as the user equipment. In the third embodiment, the user portable device 10c is carried in the breast pocket of the user 1. The user device 20c is attached to a mobile phone. In the user device 20c,
When a connection terminal connectable to a data input / output terminal of a mobile phone as the user device 40c is provided, the user device 20c
The connection operation between the user device 40c and the user device 40c is facilitated. In the third embodiment, the mobile phone cannot be used unless the identity is confirmed.

In the above description, the transmission and reception of information between the user portable device and the user device is performed in a non-contact manner. For example,
A magnetic or electric ID card, ID card tag, or mobile phone as a user portable device may be inserted into a card insertion slot of a personal computer as a user device or connected with a cable. In this case, the first information is transmitted from the ID card or the mobile phone to the personal computer. The personal computer permits the use of the personal computer if the received information and the information held by the personal computer can be combined to form the original information. Or, conversely, a personal computer can be used as a user portable device, and an ID card or a mobile phone can be used as a user device.

[0025]

The present invention has the following effects. The present invention provides biometric information, personal identification number, signature (signature),
Instead of using a seal or an ID code, information such as a tally is originally used as information or a signal obtained by dividing a signal. Then, each divided information is stored in a user portable device carried by the user and a user device provided in a user device used by the user, and the information held by the user portable device and the information held by the user device are combined (tally matching).
To confirm the identity. Such information does not fluctuate unlike biological information. In addition, the communication means and the means for combining the information can be easily implemented by an IC chip or the like.
It can be configured at low cost. Therefore, the identification can be performed with high accuracy and at low cost. Also, in the present invention, identity verification is not performed unless the information held by the user portable device and the information held by the user device are combined to restore the original information (original information). Therefore, there is no fear of unauthorized use even if a password, a card, an ID tag, or the like is stolen. That is, as long as the user device and the user portable device are not dropped or stolen, there is no possibility of unauthorized use. If the user portable device is configured by an IC chip, it can be attached to many members (for example, rings and glasses) that can be carried by the user. In this case, since the user portable device can be attached to a member determined by the user, there is almost no risk of the user portable device being stolen. If there is a possibility that information is leaked, a predetermined IC chip of the user portable device and the user device may be replaced with a new chip. As described above, by using the present invention, it is possible to perform an identity verification process with simple, low cost, high reliability, and high security for an unspecified number of users.

The present invention is not limited to the configuration of the portable embodiment described above, and various changes, additions, and deletions can be made without changing the gist of the present invention. For example, the manner of assembling the user device and the user device and the manner of assembling the user portable device and the user portable device can be variously changed, such as an integrated configuration or a separate configuration. For example, if the user portable device is
In addition to the C chip, the IC chip can be attached to a user portable device (watch, eyeglasses, or the like) with an adhesive, an adhesive tape, or the like. Further, the user device and the user device can be integrally configured. Further, the means constituting the user device may also be used as the means constituting the user equipment. When the user portable device is provided integrally with the user portable device, and when the user device is provided integrally with the user device, the user portable device and the user device are referred to as the user portable device and the user device, respectively. It can also be called a device. A first storage unit for storing information, a first communication unit for transmitting the first information stored in the first storage unit, and a communication unit for receiving information (1) of the user device; Communication means for transmitting information (2) may be provided separately, may be provided in common, or may use communication means of the user equipment. When provided in common, the common communication means corresponds to the second communication means and the third communication means of the present invention. When the communication means of the user equipment is used, the communication means of the user equipment corresponds to the second communication means or the third communication means of the present invention. Further, although the public key cryptosystem is used as the encryption system, another encryption method such as a common key cryptosystem may be used. Further, the personal identification device is configured by one user portable device and one user device, but the personal identification device may be configured by a plurality of user portable devices. In this case, for example, the original information is divided to form N pieces of divided information, and the first divided information to the (N
-1) The division information is stored in each of the first user portable device to the (N
-1) Store the N-th division information in the user device while storing it in the user portable device. Then, the user device encrypts the received information and its own information with a predetermined key, and transmits the encrypted information to the authentication center.

As described above, by using the personal identification method according to the first and second aspects and the personal identification apparatus according to the third to sixth aspects, it is possible to inexpensively and securely identify the individual. it can.

[Brief description of the drawings]

FIG. 1 is a schematic diagram of a first embodiment of the present invention.

FIG. 2 is a block diagram of a user portable device and a user device used in the first embodiment of the present invention.

FIG. 3 is a diagram illustrating one embodiment of a user device.

FIG. 4 is a diagram illustrating an example of dividing original information.

FIG. 5 is a diagram illustrating another example of dividing original information.

FIG. 6 is a schematic view of a second embodiment of the present invention.

FIG. 7 is a schematic diagram of a third embodiment of the present invention.

[Explanation of symbols]

 1 User 10, 10a to 10c User portable device 20, 20a to 20j User device 30a User portable device 40a, 40b User device 11a Signal output unit 12a Modulation / demodulation unit 13a Communication unit 21a Communication unit 22a Modulation / demodulation unit 23a Encryption unit 24a Signal output means 60, 60a, 60c Authentication center

Continuing from the front page (72) Inventor Hirokazu Fukatsu 2-13-1, Chigama-dori, Minami-ku, Nagoya-shi F-term in Taitec Co., Ltd. 5B085 AA08 AE08 AE09 AE11 AE15 AE29 BA07 BC01 BG07 5J104 AA07 KA01 MA02 NA02 NA38 PA02

Claims (6)

[Claims] 1. An identity verification method for confirming that a person using a user device is an original user of the user device, comprising: dividing original information into first information and second information; Causing the user portable device carried by the user to retain the second information in a user device provided in a user device used by the user; transmitting the first information from the user portable device; Receiving the information, transmitting the information received by the user device and the second information held by the user device from the user device, receiving the information at the authentication center, and using the information received at the authentication center. A step of confirming the identity of the user when the original information can be created. 2. An identity verification method for confirming that a person using a user device is an original user of the user device, wherein the original information is divided into first information and second information, and the first information is Storing the second information in a user device provided in a user device used by the user while retaining the second information in a user portable device carried by the user; dividing the public key into a first public key and a second public key; Holding the first public key in the user form device and holding the second public key in the user device; transmitting the first information and the first public key from the user portable device; Receiving, encrypting the information received by the user device and the second information held by the user device using the key received by the user device and the second public key held by the user device Transmitting to the authentication center, receiving information at the authentication center, decrypting the information received at the authentication center using a private key corresponding to a public key, and creating original information using the decrypted information Confirming the identity of the user when the identification is successful. 3. An identity verification device for confirming that a person using a user device is an original user of the user device, the device being provided in a user portable device carried by the user and a user device used by the user. A user device, and an authentication center, wherein the user portable device stores the first information of the first information and the second information obtained by dividing the original information; First communication means for transmitting the stored first information, wherein the user device stores the second information of the first information and the second information obtained by dividing the original information. Means, a second communication means, and third communication means for transmitting the information received by the second communication means and the second information stored in the second storage means to an authentication center. Forming the original information using the information transmitted from the device An identity verification device having an identity verification means for confirming the identity of the user when the verification is completed. 4. The personal identification device according to claim 3, wherein the user portable device stores the information received by the second communication means and the second information.
An identity verification device having encryption means for encrypting information stored in a storage means, and wherein the authentication center has decryption means for decrypting information transmitted from the user device. 5. The personal identification device according to claim 4, wherein the encrypting means performs encryption using a public key, and the decrypting means decrypts using a secret key corresponding to the public key. , An identity verification device. 6. An identity verification device for confirming that a person using a user device is an original user of the user device, the device being provided in a user portable device carried by the user and a user device used by the user. A user device, and an authentication center, wherein the user portable device obtains the first information obtained by dividing the original information and the first information obtained by dividing the first information and the public key of the second information.
A first storing a first public key of the public key and the second public key
Storage means, and first communication means for transmitting the first information and the first public key stored in the first storage means, wherein the user device is configured to store the first information obtained by dividing the original information and the first information A second storage unit that stores a first public key obtained by dividing the second information and the public key of the two pieces of information and a second public key of the second public key; a second communication unit; Authentication is performed by encrypting the information received by the communication means and the second information stored in the second storage means using the key received by the second communication means and the second public key stored in the second storage means. A third communication means for transmitting to the center, and the authentication center has an identity confirmation means for confirming the identity when the original information can be formed by using the information transmitted from the user device. , Identity verification device.