JP2003060635A - Personal authentication system, method therefor, authentication device and computer program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a personal authentication system capable of making a personal authentication in safety and reliably. SOLUTION: An authentication starting condition with an external connection apparatus (e.g. a server) is that an authentication by communication is executed via the human body between a plurality of authentication devices mounted by a user, and the plurality of authentication devices are a device which belongs to the same user. Alternatively, the server inspects that at least two authentication devices mounted by the user are an authentication device which belongs to the legal same user. Alternatively, fragmentated information of a device obtained by fragmentating key information or ID is accumulated to produce the key information or ID, thereby producing information required for authentication with the server in this arrangement.

Description

Detailed Description of the Invention

[0001]

TECHNICAL FIELD The present invention relates to an individual authentication system, an individual authentication method, an authentication device, and a computer program. More specifically, the present invention relates to a personal authentication system, a personal authentication method, an authentication device, and a computer program for performing authentication by communication through a human body using a plurality of authentication function execution elements mounted on the human body.

[0002]

2. Description of the Related Art Recently, various software data such as music data, image data, game programs, etc. (hereinafter referred to as “contents”) are communicated via the Internet, satellites, various wired and wireless. Services for distribution via communication networks are becoming popular, and
The use of electronic payments and electronic money on networks is increasing rapidly. Further, many companies or individuals frequently store confidential documents using various storage media such as hard disks and optical disks. An important issue is how to secure the security of data transferred via such a network or data stored in various storage media.

There are various methods for ensuring security, one of which is to limit the use of a computer to authorized users. The process of determining who the user is is a so-called personal authentication process. A typical example of this method is a configuration in which a user ID and a password are given to an authorized user in advance, and only a person who inputs a correct password can access the data.

However, under the present circumstances, there are various problems in managing passwords such as user IDs individually. Although it is considered to be advantageous to have a complicated password in order to enhance security, it is difficult for a human to remember the complicated password. In order to supplement human memory, it is possible to store the password in some storage device such as a hard disk and save it, but if the password is stored in such a storage device, a third party steals the password from the storage device. Therefore, there is a problem regarding safety.

As one method for solving the problem of password management, there is a method of using an individual's biometric information such as a fundus image or a fingerprint to verify whether or not the user is an authorized user. For example, when the biometric information of an authorized user, such as code information obtained from the fundus image, is registered in the system in advance and a process such as a payment process that needs to authenticate the individual is executed, the user first needs to obtain his / her fundus information. Etc. causes the system to read biometric information. Next, the system compares and verifies the biometric information read from the user with the registered biometric information to confirm whether or not the user is an authorized registered user. The verification process confirms the user's legitimacy.

However, in order to realize the personality confirmation processing using such biometric information, the newly read biometric information such as the fundus image and fingerprint of the individual and the collation information to be compared are stored in the system. Need to be stored in the storage device, and a collation processing system is required.

Further, a portable element capable of storing data such as an IC card storing user information is distributed only to registered users, and when personal authentication processing is required, data is read from the IC card to identify an individual. There is also a way to do it. However, such an IC card is often carried in a wallet or the like, and is highly likely to be stolen, and also has a problem of forgery.

[0008]

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and is a personal authentication system capable of easily and reliably executing personal authentication processing.
An object is to provide an individual authentication method, an authentication device, and a computer program.

[0009]

The first aspect of the present invention is as follows.
A personal authentication system for performing personal authentication, comprising a plurality of authentication devices having contacts for data communication via a human body, and performing inter-device authentication processing as authentication processing via the human body among the plurality of authentication devices. A personal authentication system characterized by executing authentication processing between a representative authentication device selected from the plurality of authentication devices and an externally connected device, at least on condition that the inter-device authentication processing is established. is there.

Further, in one embodiment of the personal authentication system of the present invention, the plurality of authentication devices store user IDs set corresponding to users having the authentication devices, and authentication is performed in the inter-device authentication processing. An authentication process is performed between the representative authentication device and an externally connected device on condition that it is confirmed that the plurality of devices that have executed the process are the authentication devices storing the same user ID.

Further, in one embodiment of the personal authentication system of the present invention, one of the plurality of authentication devices that has received the personal authentication request transmitted by the external connection device sends a response signal to the external connection device. By doing so, the authentication device that has transmitted the response signal is set as the representative authentication device.

Further, in one embodiment of the personal authentication system of the present invention, the external connection device transmits designated data of the number of authentication devices for executing the inter-device authentication process to the authentication device, and the representative authentication device , A configuration in which a number of inter-device authentication processes according to designated data is executed, and an authentication process between the representative authentication device and an externally connected device is performed on condition that the designated number of inter-device authentication processes are established. It is characterized by

Further, in one embodiment of the personal authentication system of the present invention, the authentication process between the representative authentication device and the externally connected device is executed by communication through a human body.

Further, in one embodiment of the personal authentication system of the present invention, each of the plurality of authentication devices stores key information necessary for executing inter-device authentication processing by a common key system or a public key system in a storage means. In addition to storing the key information, the key information necessary for executing the authentication process with the externally connected device by the common key method or the public key method is stored in the storage means.

Further, in one embodiment of the personal authentication system of the present invention, the plurality of authentication devices have fragment information obtained by fragmenting at least one of key information and user identification information required for authentication with an externally connected device. Then, the representative authentication device generates key information or user identification information necessary for authentication with an external connection device based on a plurality of pieces of fragment information accumulated in the inter-device authentication processing, and the generated key information or user identification information Is applied to execute authentication processing between the representative authentication device and the externally connected device.

Further, a second aspect of the present invention is a personal authentication system for executing personal authentication, which has a plurality of authentication devices having contacts for data communication via a human body, and an external connection device and the above-mentioned plurality of devices. In the personal authentication system, the determination of personal authentication establishment is executed on condition that a plurality of authentications are established by an authentication process based on data communication with at least two or more authentication devices selected from the above authentication devices. is there.

Further, in one embodiment of the personal authentication system of the present invention, the plurality of authentication devices store user IDs set corresponding to the users having the authentication devices, and the authentication process is performed in the authentication process. It is characterized in that the determination of success of personal authentication is executed on condition that confirmation is made that the plurality of executed devices are the authentication devices storing the same user ID.

Further, in one embodiment of the personal authentication system of the present invention, each of the plurality of authentication devices provides key information necessary for executing an authentication process with an externally connected device by a common key method or a public key method. It is characterized in that it is stored in a storage means.

Further, a third aspect of the present invention is an authentication device having a contact for data communication via a human body,
An authentication device having a configuration in which fragment information obtained by fragmenting at least one of key information and user identification information required for authentication with an externally connected device is stored in a storage means.

Further, in an embodiment of the authentication device of the present invention, the authentication device has a structure in which key information necessary for executing inter-device authentication processing by a common key method or a public key method is stored in a storage means. It is characterized by

Further, in one embodiment of the authentication device of the present invention, the authentication device provides key information or user identification information required for authentication with an externally connected device based on the fragment information accumulated from another authentication device. It is characterized in that it is configured to generate and apply the generated key information or user identification information to execute an authentication process with an externally connected device.

Further, a fourth aspect of the present invention is a device-to-device authentication process for executing a device-to-device authentication process as an authentication process via a human body between a plurality of authentication devices having contacts for data communication via the human body. And a step of performing an authentication process between a representative authentication device selected from the plurality of authentication devices and an externally connected device, at least on condition that the inter-device authentication process is established. There is a personal authentication method.

Further, in an embodiment of the personal authentication method of the present invention, the plurality of authentication devices store a user ID set corresponding to a user having the authentication device, and in the inter-device authentication processing step, The authentication process is performed between the representative authentication device and an externally connected device on condition that it is confirmed that the plurality of devices that have performed the authentication process are the authentication devices that store the same user ID. .

Furthermore, in one embodiment of the personal authentication method of the present invention, in the personal authentication method, one of the plurality of authentication devices that has received the personal authentication request transmitted by the externally connected device sends a response signal. It is characterized by including a step of transmitting to the external connection device and a step of setting the authentication device that has transmitted the response signal as a representative authentication device.

Furthermore, in one embodiment of the personal authentication method of the present invention, the personal authentication method further transmits, from the externally connected device, designation data of the number of authentication devices for performing inter-device authentication processing to the authentication device. The representative authentication device executes a number of inter-device authentication processes according to designated data, and the representative authentication device and an externally connected device are provided on condition that the designated number of device-to-device authentication processes are established. It is characterized in that the authentication process between the two is executed.

Further, in one embodiment of the personal authentication method of the present invention, the authentication processing between the representative authentication device and the externally connected device is performed by communication through a human body.

Further, in one embodiment of the personal authentication method of the present invention, the inter-device authentication process is executed by a common key system or a public key system, and the authentication process between the representative authentication device and the external connection device is common. It is characterized by executing by the key system or the public key system.

Furthermore, in one embodiment of the personal authentication method of the present invention, in the personal authentication method, the representative authentication device further includes key information necessary for authentication with an external connection device included in the plurality of authentication devices, or Fragment information of at least one of user identification information is accumulated, key information or user identification information required for authentication with an externally connected device is generated based on the accumulated plural pieces of fragment information, and the generated key information or user identification information Is applied to execute authentication processing between the representative authentication device and the externally connected device.

Further, a fifth aspect of the present invention has a plurality of authentication devices having contacts for data communication via a human body, and at least two or more authentication devices selected from an external connection device and a plurality of authentication devices. A personal authentication method is characterized in that determination of personal authentication establishment is executed on condition that a plurality of authentications are established by an authentication process based on data communication with an authentication device via a human body.

Further, in an embodiment of the personal authentication method of the present invention, the plurality of authentication devices store user IDs set corresponding to the users having the authentication devices, and the authentication process is performed in the authentication process. It is characterized in that the determination of success of personal authentication is executed on condition that confirmation is made that the plurality of executed devices are the authentication devices storing the same user ID.

Further, in one embodiment of the personal authentication method of the present invention, the authentication processing is performed by a common key system or a public key system.

Further, a sixth aspect of the present invention is a computer program for executing a personal authentication process on a computer system, wherein a plurality of authentication devices having contact points for data communication through the human body are connected to the human body. Device-to-device authentication processing step for executing device-to-device authentication processing as authentication processing via the authentication device, and a representative authentication device selected from the plurality of authentication devices on condition that at least the device-to-device authentication processing is established; And a step of performing an authentication process between and.

Furthermore, in an embodiment of the computer program of the present invention, the computer program further includes at least one of key information and user identification information required for authentication with an externally connected device included in the plurality of authentication devices. Collecting pieces of fragment information,
A step of generating key information or user identification information necessary for authentication with an external connection device based on the accumulated plural pieces of fragment information; a representative authentication device by applying the generated key information or user identification information; and an external connection device And a step of performing an authentication process between and.

Further, a seventh aspect of the present invention is a computer program for executing a personal authentication process on a computer system, wherein at least two or more authentication devices selected from an externally connected device and a plurality of authentication devices. There is provided a computer program characterized by comprising a step of executing determination of individual authentication establishment on condition that a plurality of authentications are established by an authentication process based on data communication with a device via a human body.

The computer program of the present invention is, for example, a storage medium or communication medium provided in a computer-readable format for a general-purpose computer system capable of executing various program codes, such as a CD or FD. , MO, etc., or a computer program that can be provided by a communication medium such as a network. By providing such a program in a computer-readable format, processing according to the program is realized on the computer system.

Further objects, features and advantages of the present invention are as follows.
It will be clarified by a more detailed description based on embodiments of the present invention described below and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to a device in which each configuration is provided in the same housing.

[0037]

BEST MODE FOR CARRYING OUT THE INVENTION [System Configuration] FIG. 1 is a diagram illustrating an outline of a personal authentication system of the present invention. The user wears a necklace type authentication device 31, a wristwatch type authentication device 32, and a ring type authentication device 33. These authentication devices are devices that incorporate a tamper-resisting IC chip, have a function of performing mutual authentication processing that applies a common key or public key method, and through the human body through a contact point that contacts the human body. For example, the authentication process is performed with the personal computer 10 that performs communication and mutually performs the authentication process. Alternatively, from the personal computer 10 via the network, the authentication server 20
Communication is performed and authentication processing is executed.

The authentication device worn by the user and P
The transmission signal between C is the authentication processing unit of the authentication device,
It is performed through a contact point on the surface of the authentication device, which is in close contact with the human body, a contact point on the surface of the mouse 40, which is in close contact with the human body, and a connection line between the mouse 40 and the PC. Although the mouse is used as a communication mediation means from the human body to the PC here, the communication mediation is not limited to the mouse, and a contact may be formed on a part of the keyboard, or a communication mediation having a contact with a dedicated human body. The means may be configured between the PC and the human body to form a signal transmission path.

The authentication devices 31, 32, 33 are, for example, accessories such as wristwatches, and the contacts formed on each device are basically always in contact with the human body or extremely close to each other so as to be able to conduct electricity. Since most of the human body is considered to be a conductive container made of water containing salt, it is almost a conductor in the several MHz band. If you measure the DC resistance between your hands with a tester, you will see 5
Values from 00 kΩ to 2.3 MΩ are shown.

FIG. 2 shows the transfer characteristics of the human body under alternating current. FIG. 2A is a characteristic diagram showing a transmission characteristic (both hands) of a human body measured using a spectrum analyzer in a range of 1 MHz to 20 MHz and FIG. 2B is a range of 1 MHz to 30 MHz. Both are examples in the case where a coaxial cable is connected to the tracking generator and the input terminal. The ground GNDs of the coaxial cables were connected to each other so that they would not function as an antenna. 2 (a) and (b)
As shown in, the transfer characteristic in the range of about 1 MHz to 20 MHz is substantially flat and has an attenuation characteristic of 30 dB to 40 dB.

In the measurement shown in FIGS. 2 (a) and 2 (b),
The output impedance of the tracking generator and the input impedance of the spectrum analyzer are both 75Ω. Therefore, if the impedance between both hands in terms of alternating current is, for example, 1 megohm, the amount of attenuation should reach -80 dB. However, in reality, the amount of attenuation is much smaller, which proves the possibility of signal transmission through the human body.

The data transmitting side is considered to be a small dipole antenna, and the state of the electromagnetic field generated by this is well analyzed. According to this, the electromagnetic field generated by the human body becomes the electromagnetic field generated by the minute dipole antenna. The strength of the electromagnetic field is the distance R from the antenna, the square of the distance R, the distance R
It is represented by a vector sum of components inversely proportional to the cube of, and is called a radiation electromagnetic field, an induction electromagnetic field, and an electrostatic magnetic field, respectively. Note that these relational expressions are described in JP-A-7-17021.
It is described in detail in No. 5.

FIG. 3 shows the electric field strength.
(A) is a characteristic diagram showing the relationship between the electric field strength of each item described above and the distance from the antenna. In addition, FIG.
Frequency f = 200 MHz, transmission terminal voltage = 100 dBμ
In the case of V (75Ω), a λ / 2.2 dipole antenna and a 3.4 cmφ loop antenna, and 8c
It is a figure which shows the electric field strength and distance of a loop antenna of mφ and 3.4 cmφ. As shown in FIGS. 3A and 3B, the radiation electromagnetic field (1 / R term) and the induction electromagnetic field (1 /
The strengths of the (R squared) term and the electrostatic magnetic field (1 / (R cubed) term) become equal at a distance of λ / 2π, and sharply increase when the distance is less than this. If f = 11 MHz, this distance is about 4.3 m. In the system of the present invention, it is preferable to apply a transmission method mainly using an electrostatic magnetic field.

The electric field strength is the EMI of the Radio Law.
(Electromagneticinterfere
It is preferable to select a range that can be used without restriction by regulations, for example, a frequency of 332 MHz or less and an electrolytic strength of 500 μV / M or less.

As described above, the electrostatic magnetic field attenuates with the cube of the distance R. For example, when the distance changes from 1 m to 3 m, the electric field strength becomes 1/27 (1 / (3 × 3 × 3)). Therefore,
As the distance from the data transmission means increases, the signal strength is greatly attenuated, so that it is less likely that other users' signals will be perceived as noise even when multiple users are using the same device. For example, even in an environment in which a large number of users having similar devices exist close to each other, good communication can be performed mainly using the electrostatic magnetic field.

It is desirable that the contacts formed in each authentication device have a large area, for example, a wristwatch,
A necklace, a ring, a bracelet, or the like, which can be wound around a finger, an arm, a neck, or the like of a human body, is preferably configured to come into contact with the skin of the human body in a larger area. Although only a wristwatch, a necklace, and a ring are shown as personal accessories constituting the authentication device in FIG. 1, other authentication devices can be applied as long as they are worn in a state where they are in daily contact with the human body.

FIG. 4 shows an example of the configuration of each authentication device. C
A PU (Central Processing Unit) 101 is a processor that executes an authentication processing program executed by an authentication device and executes data transfer control in each processing unit. R
An OM (Read-Only-Memory) 102 stores a program executed by the CPU 101 or fixed data as a calculation parameter. RAM (Random Access Memory)
Reference numeral 103 is used as a storage area and a work area for programs executed in the processing of the CPU 101 and parameters that change appropriately in the program processing.

The EEPROM stores various keys applied at the time of the authentication processing, for example, the public key of the device which executes the public key method authentication, the private key pair, the public key certificate of the certificate authority, etc. A common key is stored if the device executes common key authentication. Details of the authentication process using these pieces of information will be described later in detail.

The DES encryption processing unit 106 performs DES (data encryption standard: Deta) as encryption processing of the common key encryption method.
encryption standard) Run the algorithm. The common key encryption method uses a common encryption key for data encryption processing and a decryption key for data decryption.
The common key used for the encryption processing and the decryption is given to a legitimate user to exclude data access by an unauthorized user who does not have the key. A typical encryption method of the common key encryption method is DES.

The cryptographic processing unit 107, which is composed of the ALU controller 108, the arithmetic unit (ALU) 109, and the ALURAM 110, executes an elliptic curve cryptosystem (ECC) algorithm as a public key cryptosystem. The public key encryption method is a method in which processing by an encryption key used for encryption and processing by a decryption key used for decryption are different algorithms. The public key encryption method is a method of using a public key that can be used by an unspecified user, and an encrypted document for a specific individual is encrypted using a public key issued by the specific individual. A document encrypted by the public key can be decrypted only by the secret key corresponding to the public key used for the encryption process. Since the private key is owned only by the individual who issued the public key, the document encrypted by the public key can be decrypted only by the individual who has the private key. Elliptic curve cryptography and RSA are typical public key cryptography.
(Rivest-Shamir-Adleman) Cryptography, etc.

Note that the device shown in FIG. 4 is an example configured as a device capable of executing both the common key cryptosystem and the public key cryptosystem, but it is the configuration capable of executing only one of the systems. May be.

The transmission signal of the human body is input / output through the input / output contact 111, and the modulation / amplification unit 105 executes the modulation / amplification process. The transmission of the human body is generally performed in the band of 10 to 30 MHz, and the modulation unit 105 modulates the carrier to perform data transmission / reception. As the modulation method, various modulations such as FM modulation such as FSK modulation, AM modulation such as ASK modulation, and modulation such as code modulation can be used.

Note that the communication mediating means set between the human body and the PC, for example, the mouse 40 in FIG. 1 is also provided with a contact point with the human body and a modulation amplification processing section similar to the above, and the PC and the communication mediating means (mouse). It mediates the communication between the human body and the contact point of the communication mediating means (mouse).

In the personal identification system of the present invention, the human body is
Install multiple authentication devices that are different from each other and perform advanced authentication processing using multiple authentication devices. For example, as shown in FIG. 5, the user has three authentication devices, a device A201, a device B202, and a device C20.
Wear 3. As described with reference to FIG. 1, these are configured as a wristwatch, a necklace, a ring, a bracelet, or the like.

Each of these devices transfers data to and from the authentication device 70, which is a partner of the authentication process, via the human body and further via the communication mediating means (for example, a mouse) 210 to perform public key encryption or Performs authentication processing according to the common key cryptosystem. Hereinafter, the details of the authentication process will be described.

[Authentication Processing Example 1] First, as an example of a method for more secure personal authentication by mounting a plurality of authentication devices by a user, authentication is performed between a plurality of devices worn by the user, and then An example of authentication processing for performing authentication with the server side will be described.

(A) Authentication by the common key method First, the case of executing the authentication processing by the common key method will be described. Each authentication device has the DES encryption processing unit 106 described earlier with reference to FIG. 3, and DES (data encryption standard: Deta enc) as encryption processing of the common key encryption method.
ryption standard) Run the algorithm.

Each authentication device stores an ID (user ID) common to users who have the authentication device in a memory (eg, FIG. 4).
It is stored in the EEPROM 104 shown in FIG.

Each authentication device has a memory (EEPROM1
The information stored in 04) is as follows. Common key for mutual authentication with the server Common key for mutual authentication between the individual authentication devices User ID as an identifier for the individual However, if and are the same key, is required,
If and are different, the common key of can be used as the ID number of, and can be omitted.

With reference to FIG. 6 and subsequent figures, a user wearing three authentication devices as a plurality of authentication devices is a PC.
An example of connecting to a server of a service provider via the Internet, performing authentication, and performing purchase processing of a product will be described.

From FIG. 6 onward, from the left end, a server as a communication partner for performing authentication processing, and authentication devices A and B as personal accessories worn by a PC user who is connected to the server and is a personal authentication target user are used. , C processing will be described.

First, the PC connects to a target server by surfing the Internet, displays a Web page showing products to be shopped on the display using a browser on the PC, and the user makes a purchase request from the displayed products. Select a product by clicking it with the mouse,
Data indicating that the purchase is desired is transmitted to the server side. The server side presents a screen including detailed information such as price and specifications regarding the designated product to the user PC as a purchase intention confirmation screen. The user decides the purchase and clicks the purchase button displayed on the display to send a purchase request indicating that the purchase is decided to the server side. Upon receiving the purchase request, the server side presents the user with personal information for identifying the user, for example, an input instruction drawing such as a delivery address, a name, and a telephone number, and the user inputs according to the instruction and transmits data. .

Next, a screen for selecting various settlement methods is displayed on the browser on the PC, and the user selects, for example, "bank withdrawal" from the screen. The server side refers to a bank account known in advance from the input personal information, and determines the existence and the possibility of settlement.

Next, the server side presents the authentication execution screen to the browser on the PC, and instructs the user to touch the contact point of the mouse during the authentication. When the user follows the instruction and touches the contact provided on the mouse and is ready, the user clicks the start button and the personal authentication process starts from that point.

With the start of the authentication processing, the server sends a personal authentication processing request command to each authentication device via the PC, the communication mediating means (mouse), and the human body. The first authenticating device to receive the command sends a response (ACK) message. The ACK message is transferred to the communication mediating means (mouse) and the PC via the human body and transmitted to the server. Further, all the authentication devices monitor the signal of a specific transmission channel input via the contact, and when any authentication device detects that the authentication device has transmitted ACK, it does not execute ACK transmission by itself. Thereby, one of the plurality of authentication devices is selected and the only authentication device sends an ACK. In the example of FIG. 6, the authentication device A is the ACK transmission device (representative authentication device).

The device that has transmitted the ACK to the server becomes the representative authentication device, and thereafter, the authentication process is started among the plurality of authentication devices worn by the user. First, the device A, which is the representative authentication device, outputs an authentication request to other devices. The one authentication device that first receives the authentication request sends a response (ACK) message. The ACK message is sent to the representative authentication device via the human body. All the authentication devices do not execute the ACK transmission by themselves when detecting that any of the authentication devices has transmitted the ACK by monitoring the signal input via the contact. As a result, the representative authentication device and another device that executes authentication are determined. In the example of FIG. 6, the authentication device B transmits ACK, and the authentication process is first executed between the devices A and B.

The inter-device authentication processing by the common key method will be described with reference to the sequence diagram of FIG. Figure 7
In (1), first, the device B generates a random number Rb (for example, a 64-bit random number), and uses Rb as the common key Ku of the user.
Then, it is encrypted (for example, DES) and transmitted to A.

(2) Upon receiving this, the device A newly generates a 64-bit random number Ra, and in the order of Ra and Rb,
In the CBC mode of DES, it is encrypted using the user's common key Ku and returned to the device B. The common key Ku of the user is a secret key common to the authentication device of the user and is used as a recording element (for example, the EEPROM 1 of FIG. 4).
04) is the key stored in. In the encryption process using the key Ku using the CBC mode of DES, for example, in the process using DES, an exclusive OR of the initial value and Ra is performed, and the DES encryption processing unit performs encryption using the key Ku. The ciphertext E1 is generated, followed by the ciphertext E1 and the random number Rb.
And an exclusive OR of the
It is a ciphertext E2 generated by encryption using u.

(3) The device B which receives this decrypts the received data with the key Ku which is also stored in each recording element as a common secret key. The received data is decrypted by first decrypting the ciphertext E1 with the key Ku and then generating the random number R
get a. Next, the ciphertext E2 is decrypted with the key Ku, and the result and E1 are exclusive-ORed to obtain Rb. Of Ra and Rb thus obtained, it is verified whether Rb matches that transmitted by B. If this verification is successful, device B
Authenticates device A as authentic.

Next, the device B again generates the random number Rb2. Then, in the order of Ra and Rb2, encryption is performed using the common key Ku in the CBC mode of DES, and the encrypted data is returned to the device A.

(4) The device A which received this decrypts the received data with the common key Ku. The method of decoding the received data is the same as the decoding process of the device B, and therefore the details are omitted here. Ra and Rb2 thus obtained
Among them, it is verified whether Ra matches the one transmitted by the device A. If this verification is successful, A authenticates B as valid.

When the received data is verified, if any illegality or inconsistency is found, the mutual authentication fails and the process is stopped.

After the authentication between the devices, the process of authenticating between the server and the device will be executed. The common key used for the authentication between the devices and the common key used for the authentication between the server and the device. If they are different from each other, authentication between devices is established by the above processing.

When the common key used for device-to-device authentication and the common key used for server-to-device authentication are the same, the process shown in parentheses in FIG. 7 is further executed. . That is, device A and device B
Sets the above-mentioned random number Rb2 as a session key (Kses).
Request that D be encrypted with the session key and sent.

Upon receiving this, the device B uses the session key (Kses = Rb2) to set the user ID stored in its own memory (for example, the EEPROM 104 in FIG. 4).
S-encrypt and send to device A. The device A decrypts the received data with the session key, and the received user I
Verify that D matches the user ID stored in its memory. If this verification is successful, the authentication is successful.

As described above, at least 2 pieces worn by the user
It is a condition for starting authentication with an externally connected device (for example, a server) that the two authentication devices are verified to be the authentication devices belonging to the same legitimate user. The probability of a user losing multiple authentication devices at the same time is expected to be significantly lower than the risk of losing one authentication device at the same time. However, since the conditions for starting the authentication with the external server or the PC cannot be cleared, it is possible to effectively prevent the occurrence of illegal transactions.

It should be noted that, in addition to the configuration in which the authentication establishment between the two authentication devices worn by the user is used as the authentication start condition with the external connection device, the fact that the authentication has been established in the three or four devices is also referred to as the external connection device. May be used as the authentication start condition. A representative authentication device that receives an authentication request and issues an ACK is required by including data on how many authentication devices are required to establish authentication in the authentication request received by the authentication device from the external device that is the authentication partner. The number of authentication devices is stored, and authentication is performed according to the number of requests. If the number of requests is 3, the representative authentication device A executes the authentication with the device C after the authentication with the device B is established, and the device AB
Authentication between the externally connected device (for example, server, PC) and the device is started on the condition that the authentication between the device and the device AC is established.

When the authentication is established among the plurality of devices worn by the user, the representative authentication device next authenticates with the externally connected device (server). The authentication processing method includes a common key method and a public key method. Here, processing of the common key method will be described with reference to FIG.

In FIG. 8, first, (1) if the device A, which is the representative authentication device, fails in the authentication between the devices, a message to that effect is given to the representative authentication device (device A).
Notifies the server and stops the processing thereafter. When the device-to-device authentication is established, a random number Ra (for example, a 64-bit random number) is generated, Ra and the user ID are encrypted with a common key (for example, DES) and transmitted to the server. The common key used here may be the same key as the common key Ku commonly stored between the devices, or the common key Ku2 different from Ku that is used for communication with the server. Good. If different, each authentication device stores a common key Ku common to the authentication devices and a common key Ku2, 3, ... For communication with an externally connected device in a memory (EEPROM 10 in FIG. 4).
Store in 4).

(2) The server that received this newly added 6
A 4-bit random number Rs is generated, and DE is set in the order of Rs and Ra.
S is encrypted with the common key in the CBC mode and returned to the device A.

(3) The device A which receives this decrypts the received data with the common key. Of the Rs and Ra thus obtained, it is verified whether Ra matches the one transmitted by A. If the device passes this verification, the device A authenticates the server as valid.

Next, the device A generates a session key Kses with a random number. And Ra, Rs, Kse
s is encrypted with the common key in the CBC mode of DES, and returned to the server.

(4) The server receiving this decrypts the received data with the common key. Ra and Rs thus obtained
Verify that it matches what the server sent. If this verification is successful, the server authenticates device A as valid.

(5) After the establishment of the authentication between the server and the representative authentication device, the server presents the personal authentication completion screen to the PC, and informs the user that the product shipping and the payment processing are permitted. To present.

Note that when the received data is verified, if any illegality or non-coincidence is found, it is considered that mutual authentication has failed, and the processing is stopped.

(B) Authentication by Public Key Method Next, the case of executing the authentication processing by the public key method will be described. Each authentication device includes the ALU controller 108 and the arithmetic unit (ALU) 10 described above with reference to FIG.
9, an encryption processing unit 107 including an ALURAM 110, and an elliptic curve encryption method (E
CC) algorithm is executed. It should be noted that here, the authentication process by the algorithm of the elliptic curve cryptosystem (ECC) will be described, but the process by the public key system to which other algorithms are applied can be similarly executed.

As shown in FIG. 9, each authentication device stores an ID (user ID) common to the user having the authentication device in a memory (for example, the EEPROM 104 shown in FIG. 4. Further, a public key for each device is stored. The public key certificate and the private key pair are stored, and the public key certificate of the CA (Certificate Authority), which is the certificate authority of the public key certificate, is also stored. For example, a server stores a pair of a public key certificate and a private key that store the public key of the server, and further, a CA (Certificate Authorit
Contains the public key certificate of y). Further, in the database having the database storing the user information of the registered user in the server, for example, as shown in the figure, the user ID
The name, address, telephone number, account number, credit information, etc. are registered in association with.

The process of accessing the server using the PC, receiving the authentication request, and determining the representative authentication device is the same as in the case of the common key method described above, and therefore description thereof is omitted. The inter-device authentication process by the public key method will be described with reference to FIG. Here, the device A is the representative authentication device, and the device
It is assumed that mutual authentication using 0-bit length elliptic curve cryptography is executed.

First, (1) device B generates a 64-bit random number Rb and sends it to device A. Upon receiving this, the device A (2) newly generates a 64-bit random number Ra.
And a random number Ak smaller than the prime number p is generated. And
A point Av = Ak × G obtained by multiplying the base point G by Ak is obtained, and the digital signature A.A. for Ra, Rb, Av (X coordinate and Y coordinate) is obtained. Sig is generated and returned to the device B together with the public key certificate of the device A. Here, Ra and Rb each have 64 bits, and the X and Y coordinates of Av each have 160 bits, so an electronic signature for a total of 448 bits is generated.

(3) Device A's public key certificate, Ra,
Rb, Av, electronic signature A. Device B that received Sig
Verifies that the Rb transmitted by device A matches the one generated by B. As a result, if they match, the electronic signature in A's public key certificate is verified with the public key of the certificate authority, and A's public key is extracted. Then, the digital signature A. Verify Sig.

Next, B generates a random number Bk smaller than the prime number p. Then, a point B obtained by multiplying the base point G by Bk
v = Bk × G is calculated, and the electronic signature B.B.R.A. for Rb, Ra, and Bv (X coordinate and Y coordinate) is obtained. Sig is generated and sent back to A along with B's public key certificate.

(4) Public key certificate of B, Rb, Ra, A
v, electronic signature B. A receiving Sig verifies that Ra transmitted by B matches the one generated by A.
As a result, if they match, the electronic signature in B's public key certificate is verified with the public key of the certificate authority, and B's public key is extracted. Then, the digital signature B. Verify Sig. After successfully verifying the electronic signature,
A authenticates B as legitimate.

If both parties succeed in authentication, B is Bk.
XAv (Bk is a random number, but Av is a point on the elliptic curve, so scalar multiplication of points on the elliptic curve is required), and A calculates Ak × Bv, and X of these points is calculated. The lower 64 bits are used as a session key in the subsequent communication (when the common key encryption is a 64-bit key length common key encryption). Of course, the session key may be generated from the Y coordinate, or may not be the lower 64 bits. In the secret communication after mutual authentication, not only the transmission data is encrypted with the session key but also the digital signature may be attached.

When an illegality or inconsistency is found during the verification of the electronic signature or the received data, the mutual authentication is considered to have failed, and the processing is interrupted.

(5) Further, the device A requests the device B to encrypt the user ID with the session key and transmit the encrypted user ID.

(6) Upon receiving this, the device B encrypts the user ID stored in its own memory (for example, the EEPROM 104 in FIG. 4) with the session key (Kses) and sends it to the device A. (7) The device A decrypts the received data with the session key and receives the received user ID.
Verifies that matches the user ID stored in its own memory. If this verification is successful, it is determined that each device belongs to the same user, and authentication is established.

As described above, the user wears at least 2
It is a condition for starting authentication with an externally connected device (for example, a server) that the two authentication devices are verified to be the authentication devices belonging to the same legitimate user. The probability of a user losing multiple authentication devices at the same time is expected to be significantly lower than the risk of losing one authentication device at the same time. However, since the conditions for starting the authentication with the external server or the PC cannot be cleared, it is possible to effectively prevent the occurrence of illegal transactions.

Note that, in addition to the configuration in which the authentication establishment between the two authentication devices worn by the user is the authentication start condition with the external connection device, the fact that the authentication has been established in the three or four devices is also referred to as the external connection device. May be used as the authentication start condition. A representative authentication device that receives an authentication request and issues an ACK is required by including data on how many authentication devices are required to establish authentication in the authentication request received by the authentication device from the external device that is the authentication partner. The number of authentication devices is stored, and authentication is performed according to the number of requests. If the number of requests is 3, the representative authentication device A executes the authentication with the device C after the authentication with the device B is established, and the device AB
Authentication between the externally connected device (for example, server, PC) and the device is started on the condition that the authentication between the device and the device AC is established.

When the authentication is established among the plurality of devices worn by the user, the representative authentication device next authenticates with the externally connected device (server). Hereinafter, with reference to FIG.
The public key type external connection device (server) -device authentication process will be described.

In FIG. 11, first, in the case of (1) the device A, which is the representative authentication device, when the authentication between the devices is not established, the representative authentication device (device A) notifies the server of that fact, and thereafter, Cancel the process of. When the device-to-device authentication is established, first, the device A
A 4-bit random number Ra2 is generated and transmitted to the server.
(2) Upon receiving this, the server newly generates a 64-bit random number Rs and a random number Sk smaller than the prime number p. Then, a point obtained by multiplying the base point G by Sk Sv = Sk × G
, And the digital signature S.S.A. for Ra2, Rs, and Sv (X coordinate and Y coordinate). Sig is generated and returned to the device A together with the public key certificate of the server.

(3) Server public key certificate, Ra2, R
s, Sv, electronic signature S.S. Device A that received Sig
Verifies that Ra2 sent by the server matches the one generated by A. As a result, if they match, the electronic signature in the public key certificate of the server is verified with the public key of the certificate authority, and the public key of the server is extracted. Then, the electronic signature S. Verify Sig.

Next, A is a random number Ak2 smaller than the prime number p.
To generate. Then, a point Av2 = Ak2 × G obtained by multiplying the base point G by Ak2 is obtained, and Ra2, Rs, and Av2 are obtained.
Electronic signature for (X coordinate and Y coordinate) A. Sig is generated and sent back to the server together with A's public key certificate.

(4) Public key certificate of A, Ra2, Rs,
Av2, electronic signature A. The server receiving Sig verifies that the Rs transmitted by A matches the one generated by the server. As a result, if they match, the digital signature in A's public key certificate is verified with the public key of the certificate authority, and A
Take out the public key of. Then, the digital signature A. Verify Sig. After the successful verification of the electronic signature, the server authenticates device A as valid.

If both parties succeed in authentication, the device A calculates Ak2 × Sv (Ak is a random number, but since Sv is a point on the elliptic curve, scalar multiplication of the point on the elliptic curve is necessary). Then, the server calculates Sk × Av2 and uses the lower 64 bits of the X coordinate of these points as the session key for the subsequent communication (when the common key encryption is the common key encryption with the 64-bit key length). Of course, the session key may be generated from the Y coordinate, or may not be the lower 64 bits. In the secret communication after mutual authentication, not only the transmission data is encrypted with the session key but also the digital signature may be attached.

When an illegality or inconsistency is found in the verification of the electronic signature or the verification of the received data, it is considered that the mutual authentication has failed, and the processing is interrupted.

(5) Further, the server requests the device A to encrypt the user ID with the session key and transmit the encrypted user ID. (6) The device A encrypts the user ID with the session key and transmits it.

(7) Upon receipt of this, the server decrypts with the session key to retrieve the user ID, confirms the information corresponding to the user ID stored in its own database (see FIG. 9), and (8) A confirmation screen of an address, a transaction account, etc. is presented to the PC, and the user is informed that shipment of the product and execution of the payment process are permitted.

As described above, in the configuration of the present embodiment, it is verified that at least two authentication devices worn by the user are authentication devices belonging to the same legitimate user, as an external connection device (for example, a server). Since it is used as the authentication start condition, it is not possible to clear the authentication start condition with an external server or PC even if one authentication device stolen by an unauthorized third party is used, so it is effective to generate illegal transactions. Can be prevented.

In the above-described embodiment, the server-to-device authentication after the device-to-device authentication is performed by the common-key method is the common-key method, and the server-to-device authentication after the device-to-device authentication is the public-key method is performed. An example in which the authentication is a public key method has been described, but it is also possible to execute one authentication by using a common key method and the other authentication by using a public key method in combination with different methods.

[Authentication Processing Example 2] Next, as an example of a method for more secure personal authentication by mounting a plurality of authentication devices by a user, a plurality of devices worn by the user and a server are directly authenticated. An example of authentication processing to be performed will be described.

(A) Authentication by the common key method First, the case of executing the authentication processing by the common key method will be described. Each authentication device has the DES encryption processing unit 106 described earlier with reference to FIG. 3, and DES (data encryption standard: Deta enc) as encryption processing of the common key encryption method.
ryption standard) Run the algorithm.

Each authentication device stores an ID (user ID) common to users who have the authentication device in a memory (eg, FIG. 4).
It is stored in the EEPROM 104 shown in FIG.

Each authentication device has a memory (EEPROM1
The information stored in 04) is as follows. Common key for mutual authentication with the server User ID as the individual identifier

Referring to FIG. 12, a user wearing three authentication devices as a plurality of authentication devices uses a PC to connect to a server of a service provider via the Internet, performs authentication, and purchases a product. An example of performing the processing will be described. Since the process of accessing the server using the PC, receiving the authentication request, and determining the representative authentication device is the same as the process described above (see FIG. 6), description thereof will be omitted.

With the start of the authentication processing, the server sends a personal authentication processing request command to each authentication device via the PC, communication mediating means (mouse), and human body. The first authenticating device to receive the command sends a response (ACK) message. The ACK message is transferred to the communication mediating means (mouse) and the PC via the human body and transmitted to the server. Further, all the authentication devices monitor the signal of a specific transmission channel input via the contact, and when any authentication device detects that the authentication device has transmitted ACK, it does not execute ACK transmission by itself. Thereby, one of the plurality of authentication devices is selected and the only authentication device sends an ACK. In the example of FIG. 12, the authentication device A
Is the ACK transmitting device (first authentication device).

The device that has transmitted the ACK to the server becomes the first authentication device, and thereafter, the authentication process according to the common key authentication method is executed between the first authentication device and the server. The common key authentication process is the same as the processes (1) to (4) described above with reference to FIG. After that, the server requests the device A to encrypt the user ID with the session key and transmit the encrypted user ID.
The device A encrypts the user ID with the session key and transmits it to the server. The server that received this
The user ID is decrypted with the session key, extracted, and stored in its own storage means.

Next, the server sends the second authentication request to P
The data is transmitted to each authentication device via C, the communication mediating means (mouse), and the human body. One authentication device that receives the command first among unauthenticated devices responds (ACK)
Send a message. All authentication devices monitor the signal of a specific transmission channel input through the contact, and any authentication device that has not been authenticated is A
When it detects that CK has been transmitted, it does not execute ACK transmission itself. As a result, one of the authentication devices that have not been authenticated is selected, and ACK is selected as the second authentication device.
To the server. In the example of FIG. 12, the authentication device B
Is the ACK transmitting device (second authentication device).

The device that has transmitted the ACK to the server becomes the second authentication device, and thereafter, the authentication process according to the common key authentication method is executed between the second authentication device and the server. The common key authentication process is the same as the processes (1) to (4) described in FIG. After that, the server requests the device B to encrypt the user ID with the session key and transmit the encrypted user ID. The device B encrypts the user ID with the session key and transmits it to the server. Upon receiving this, the server decrypts it with the session key, extracts the user ID, and compares it with the ID already received from the device A stored in its own storage means. If these match, it is confirmed that the devices A and B are devices belonging to the same user, and authentication is established, and the server presents a personal authentication completion screen to the PC to ship the product. , Presenting to the user that execution of the payment process has been permitted.

It should be noted that, if any invalidity or inconsistency is found at the time of verifying the received data, it is considered that mutual authentication has failed, and the processing is stopped.

As described above, in this embodiment, the server verifies that at least two authentication devices worn by the user are authentic authentication devices belonging to the same user. The probability of a user losing multiple authentication devices at the same time is expected to be significantly lower than the risk of losing one authentication device at the same time. However, since the conditions for starting the authentication with the external server or the PC cannot be cleared, it is possible to effectively prevent the occurrence of illegal transactions.

Note that, in addition to the establishment of the authentication with the two authentication devices worn by the user, the authentication between the three and four devices and the server may be executed. In this case, the server executes the process of transmitting the third and fourth authentication requests to the authentication device.

(B) Authentication by Public Key Method Next, the case of executing the authentication processing by the public key method will be described. Each authentication device includes the ALU controller 108 and the arithmetic unit (ALU) 10 described above with reference to FIG.
9, an encryption processing unit 107 including an ALURAM 110, and an elliptic curve encryption method (E
CC) algorithm is executed. It should be noted that here, the authentication process by the algorithm of the elliptic curve cryptosystem (ECC) will be described, but the process by the public key system to which other algorithms are applied can be similarly executed.

As described above with reference to FIG. 9, each authentication device stores an ID (user ID) common to users having the authentication device in a memory (for example, the EEPROM 1 shown in FIG. 4).
It is stored in 04. In addition, a public key certificate that stores the public key of each device and a private key pair are stored, and the CA (Certificate Author) that is the certificate authority of the public key certificate is also stored.
ity) public key certificate is stored. In addition, a pair of a public key certificate and a private key that store the public key of the server is stored in an externally connected device (for example, a server) that is an authentication partner, and a CA (Certificate) that is a certificate authority of the public key certificate is stored.
ate Authority) public key certificate is stored. Further, in a database having a database in which user information of registered users is stored in the server, for example, a name, an address, a telephone number, an account number, credit information and the like are registered in association with a user ID as shown in the figure.

Referring to FIG. 13, a user wearing three authentication devices as a plurality of authentication devices connects to a server of a service provider via the Internet using a PC, performs authentication, and purchases a product. An example of performing the processing will be described. Since the process of accessing the server using the PC, receiving the authentication request, and determining the representative authentication device is the same as the process described above (see FIG. 6), description thereof will be omitted.

With the start of the authentication processing, the server sends a personal authentication processing request command to each authentication device via the PC, communication mediating means (mouse), and human body. The first authenticating device to receive the command sends a response (ACK) message. The ACK message is transferred to the communication mediating means (mouse) and the PC via the human body and transmitted to the server. Further, all the authentication devices monitor the signal of a specific transmission channel input via the contact, and when any authentication device detects that the authentication device has transmitted ACK, it does not execute ACK transmission by itself. Thereby, one of the plurality of authentication devices is selected and the only authentication device sends an ACK. In the example of FIG. 13, the authentication device A
Is the ACK transmitting device (first authentication device).

The device that has transmitted the ACK to the server becomes the first authentication device, and thereafter, the authentication process according to the public key authentication method is executed between the first authentication device and the server. The public key authentication process is the same as the processes (1) to (4) described with reference to FIG. After that, the server requests the device A to encrypt the user ID with the session key and transmit the encrypted user ID.
The device A encrypts the user ID with the session key and transmits it to the server. The server that received this
The user ID is decrypted with the session key, extracted, and stored in its own storage means.

Next, the server sends the second authentication request to P
The data is transmitted to each authentication device via C, the communication mediating means (mouse), and the human body. One authentication device that receives the command first among unauthenticated devices responds (ACK)
Send a message. All authentication devices monitor the signal of a specific transmission channel input through the contact, and any authentication device that has not been authenticated is A
When it detects that CK has been transmitted, it does not execute ACK transmission itself. As a result, one of the authentication devices that have not been authenticated is selected, and ACK is selected as the second authentication device.
To the server. In the example of FIG. 12, the authentication device B
Is the ACK transmitting device (second authentication device).

The device that has transmitted the ACK to the server becomes the second authentication device, and thereafter, the authentication process according to the public key authentication method is executed between the second authentication device and the server. The public key authentication process is the same as the processes (1) to (4) described with reference to FIG. After that, the server requests the device B to encrypt the user ID with the session key and transmit the encrypted user ID. The device B encrypts the user ID with the session key and transmits it to the server. Upon receiving this, the server decrypts it with the session key, extracts the user ID, and compares it with the ID already received from the device A stored in its own storage means. If these match, it is confirmed that the devices A and B are devices belonging to the same user, and authentication is established, and the server presents a personal authentication completion screen to the PC to ship the product. , Presenting to the user that execution of the payment process has been permitted.

[0129] In the verification of the received data, if any illegality or inconsistency is found, it is considered that mutual authentication has failed, and the processing is stopped.

As described above, in this embodiment, the server verifies that at least two authentication devices worn by the user are authentic authentication devices belonging to the same user. The probability of a user losing multiple authentication devices at the same time is expected to be significantly lower than the risk of losing one authentication device at the same time. However, since the conditions for starting the authentication with the external server or the PC cannot be cleared, it is possible to effectively prevent the occurrence of illegal transactions.

Note that, in addition to the establishment of the authentication with the two authentication devices worn by the user, the authentication between the three or four devices and the server may be executed. In this case, the server executes the process of transmitting the third and fourth authentication requests to the authentication device.

[Authentication Processing Example 3] Next, as a third example of a method for carrying out more secure personal authentication by holding a plurality of devices, authentication is performed between devices as in Authentication Processing Example 1. After that, in the processing configuration for performing authentication with the server side, each authentication device holds secret key or user ID fragment information, and during inter-device authentication processing executed between multiple authentication devices, secret key or user ID fragment information An example of a process of accumulating the above, generating a completed secret key or user ID based on the accumulated information, and applying the completed secret key or user ID to execute the authentication process between the device and the server will be described.

(A) Common Key Method Authentication First, the case of executing the common key method authentication process will be described. Each authentication device has the DES encryption processing unit 106 described earlier with reference to FIG. 3, and DES (data encryption standard: Deta enc) as encryption processing of the common key encryption method.
ryption standard) Run the algorithm.

Each authentication device has a fragment of a secret key as a secret key (a common key used for authentication between servers) distributed to a user having the authentication device, or a user ID.
Fragment information of a memory (for example, EEPROM 1 shown in FIG. 4).
It is stored in 04.

Each authentication device has a memory (EEPROM1
The information stored in 04) is as follows. Common key for mutual authentication between authentication devices of the individual Fragment information of user ID or secret key (common key used for authentication between servers) as an identifier of the individual

In this embodiment, after mutual authentication between devices,
The necessary fragment information transfer processing is executed between devices, a private key or user ID is generated in one device based on the integrated information, and the generated private key or user ID is generated.
Is applied to execute the authentication process between the device and the server. Hereinafter, the details of the processing will be described with reference to FIG. 14 regarding the processing example.

In this embodiment, it is assumed that a secret key (a common key used for server-to-server authentication) is generated based on fragment information of three correct devices. Device A has a fragment of private key information Ku: aKu / (a + b
+ C) Device B has a fragment of secret key information Ku: bKu / (a + b
+ C) Device C has a fragment of secret key information Ku: cKu / (a + b
+ C), and the secret key Ku can be generated by concatenating all the information.

The processing sequence of this embodiment will be described with reference to FIG. With the start of the authentication process, the server P
The personal authentication processing request command is transmitted to each authentication device via C, the communication mediating means (mouse), and the human body. The first authentication device that receives the command responds (ACK)
Send a message. The ACK message is transferred to the communication mediating means (mouse) and the PC via the human body and transmitted to the server. Further, all the authentication devices monitor the signal of a specific transmission channel input via the contact, and when any authentication device detects that the authentication device has transmitted ACK, it does not execute ACK transmission by itself. Thereby, one of the plurality of authentication devices is selected and the only authentication device sends an ACK. In the example of FIG. 14, the authentication device A is the ACK transmission device (representative authentication device).

The device that has transmitted the ACK to the server becomes the representative authentication device, and thereafter, the authentication process is started between the plurality of authentication devices worn by the user. First, the device A, which is the representative authentication device, outputs an authentication request to other devices. The one authentication device that first receives the authentication request sends a response (ACK) message. The ACK message is sent to the representative authentication device via the human body. All the authentication devices do not execute the ACK transmission by themselves when detecting that any of the authentication devices has transmitted the ACK by monitoring the signal input via the contact. As a result, the representative authentication device and another device that executes authentication are determined. In the example of FIG. 14, the authentication device B transmits ACK, and the authentication process is first executed between the devices A and B.

Between the device A and the device B, the common key method authentication of FIGS. 7 (1) to 7 (4) described above is executed. When the authentication is established between the device A and the device B, the device A requests the device B to encrypt the fragmented secret key information (bKu / (a + b + c)) with the session key and transmit the encrypted secret key information.

The device B receiving this encrypts the fragmented secret key information (bKu / (a + b + c)) stored in its own memory (eg, the EEPROM 104 of FIG. 4) with the session key (Kses), Send to device A. Upon receiving this, the device A decrypts it with the session key and decrypts the fragment secret key information (bKu / (a + b +
c)) is taken out and stored in its own storage means.

Next, the device A executes the mutual authentication with the device C according to the common key method authentication process of FIGS. 7 (1) to 7 (4) described above. When the authentication is established between the device A and the device C, the device A requests the device C to encrypt the fragmented secret key information (cKu / (a + b + c)) with the session key and transmit it.

The device C receiving this encrypts the fragmented secret key information (cKu / (a + b + c)) stored in its own memory (eg, the EEPROM 104 of FIG. 4) with the session key (Kses), Send to device A. Upon receiving this, the device A decrypts it with the session key and decrypts the fragment secret key information (cKu / (a + b +
c)) is taken out and stored in its own storage means.

Next, device A receives fragment secret key information (bKu / (a + b + c)) received from device B and fragment secret key information (cKu / (a + b) received from device C.
+ C)) and the fragment secret key information (aKu / (a + b + c)) stored in advance in its own device to generate the secret key Ku. This secret key Ku is a secret key shared with the external connection device (server), and
It can be used in the authentication process using the common key method with the (server). The device A uses the generated private key to execute mutual authentication processing with the server. This processing is the processing according to FIG. 8 described above, and thus the description will be omitted.

In the present embodiment, the condition for generating a key required for authentication with the server is that the user has a plurality of devices (here, three) of the same legitimate registered user. It should be noted that the number of fragments can be set to any number as long as it is 2 or more, and inter-device authentication processing corresponding to the number of fragments is required.

In the above example, the fragment information is used as the secret key, but the representative authentication device that holds the user ID as a fragment in each device and authenticates with the server is composed of a plurality of fragmented user IDs. Generate one user ID and generate user I in mutual authentication between servers
The configuration may be such that the common key mutual authentication is executed using D. In this case, each device shall have a completed common key required for mutual authentication between servers.

(B) Authentication by Public Key System Next, the case of executing the authentication process by the public key system will be described. Each authentication device includes the ALU controller 108 and the arithmetic unit (ALU) 10 described above with reference to FIG.
9, an encryption processing unit 107 including an ALURAM 110, and an elliptic curve encryption method (E
CC) algorithm is executed. It should be noted that here, the authentication process by the algorithm of the elliptic curve cryptosystem (ECC) will be described, but the process by the public key system to which other algorithms are applied can be similarly executed.

Also in this example, after mutual authentication between the devices, necessary fragment information transfer processing is executed between the devices, a private key or a user ID is generated in one device based on the integrated information, and the generated secret is generated. Authentication processing between the device and the server is executed by applying the key or the user ID.

FIG. 15 shows an example of data stored in each authentication device.
Shown in. FIG. 15 shows an example of data stored in the memories of the four devices A to D (for example, the EEPROM 104 shown in FIG. 4). A public key certificate and private key pair that store the public key of each device, the public key certificate of the CA (Certificate Authority) that is the certificate authority of the public key certificate, and the public key that corresponds to the user. It has a user public key certificate and user private key fragment information.

In this embodiment, it is assumed that the user secret key (used for server-to-server authentication) can be generated based on the fragment information of three correct devices.

Device A has a fragment of user secret key information Kus: αKus / (α + β + γ), and a fragment of user secret key information Kus encrypted with the secret key of device B: Kbs [αKus / (α + β + γ). )], Kbs
It has [γKus / (α + β + γ)]. Note that Kx
[Y] represents y encrypted with the key Kx.
Further, the device A has a fragment of the user secret key information Kus encrypted with the secret key of the device C: Kcs [αKus
/ (Α + β + γ)], Kcs [βKus / (α + β +
γ)]. Further, the device A has a fragment of the user secret key information Kus encrypted with the secret key of the device D:
Kds [βKus / (α + β + γ)], Kds [γKu
s / (α + β + γ)].

The device B uses the user secret key information K
a fragment of us: having βKus / (α + β + γ), and
User secret key information K encrypted with the secret key of device A
Fragment of us: Kas [βKus / (α + β + γ)], K
as [γKus / (α + β + γ)], fragment of user secret key information Kus encrypted with the secret key of device C: Kc
s [αKus / (α + β + γ)], Kcs [βKus /
(Α + β + γ)], a fragment of the user secret key information Kus encrypted with the secret key of the device D: Kds [βKus /
(Α + β + γ)], Kds [γKus / (α + β +
γ)].

The device C uses the user secret key information K
a fragment of us: having γKus / (α + β + γ), and
User secret key information K encrypted with the secret key of device A
Fragment of us: Kas [βKus / (α + β + γ)], K
as [γKus / (α + β + γ)], a fragment of user secret key information Kus encrypted with the secret key of device B: Kb
s [αKus / (α + β + γ)], Kbs [γKus /
(Α + β + γ)], a fragment of the user secret key information Kus encrypted with the secret key of the device D: Kds [βKus /
(Α + β + γ)], Kds [γKus / (α + β +
γ)].

The device D uses the user secret key information K
a fragment of us: having αKus / (α + β + γ), and
User secret key information K encrypted with the secret key of device A
Fragment of us: Kas [βKus / (α + β + γ)], K
as [γKus / (α + β + γ)], a fragment of user secret key information Kus encrypted with the secret key of device B: Kb
s [αKus / (α + β + γ)], Kbs [γKus /
(Α + β + γ)], a fragment of user secret key information Kus encrypted with the secret key of device C: Kcs [αKus /
(Α + β + γ)], Kcs [βKus / (α + β +
γ)].

Further, as shown in FIG. 16, a pair of public key certificate and private key storing the public key of the server is stored in the externally connected device (for example, server) which is the authentication partner,
In addition, CA (Certificate
Authority's public key certificate is stored. Further, in a database having a database in which user information of registered users is stored in the server, for example, a name, an address, a telephone number, an account number, credit information and the like are registered in association with a user ID as shown in the figure.

The process of accessing the server using the PC, receiving the authentication request, and determining the representative authentication device is the same as the above-described processing (see FIG. 6), so description will be omitted. The inter-device authentication process by the public key method will be described with reference to FIG.

The processing sequence of this embodiment will be described with reference to FIG. With the start of the authentication process, the server P
The personal authentication processing request command is transmitted to each authentication device via C, the communication mediating means (mouse), and the human body. The first authentication device that receives the command responds (ACK)
Send a message. The ACK message is transferred to the communication mediating means (mouse) and the PC via the human body and transmitted to the server. Further, all the authentication devices monitor the signal of a specific transmission channel input via the contact, and when any authentication device detects that the authentication device has transmitted ACK, it does not execute ACK transmission by itself. Thereby, one of the plurality of authentication devices is selected and the only authentication device sends an ACK. In the example of FIG. 17, the authentication device A is the ACK transmission device (representative authentication device).

The device that has transmitted the ACK to the server becomes the representative authentication device, and thereafter, the authentication process is started between the plurality of authentication devices worn by the user. First, the device A, which is the representative authentication device, outputs an authentication request to other devices. The one authentication device that first receives the authentication request sends a response (ACK) message. The ACK message is sent to the representative authentication device via the human body. All the authentication devices do not execute the ACK transmission by themselves when detecting that any of the authentication devices has transmitted the ACK by monitoring the signal input via the contact. As a result, the representative authentication device and another device that executes authentication are determined. In the example of FIG. 17, the authentication device B transmits ACK, and the authentication process is first executed between the devices A and B.

Between the device A and the device B, the public key method authentication of FIGS. 10 (1) to 10 (4) described above is executed. When the authentication is established between the device A and the device B, the device A applies the public key of the device B extracted from the public key certificate of the device B and encrypts it with the secret key of the device B stored in the device A. Fragment of the generated user secret key information Kus: Kbs [αKus / (α + β + γ)],
Kbs [γKus / (α + β + γ)], Kbs
[ΓKus / (α + β + γ)] is decrypted, a fragment of the user secret key information Kus: γKus / (α + β + γ) is acquired and stored in the memory.

Next, the device A executes the mutual authentication with the device C according to the public key method authentication processing of FIGS. 10 (1) to 10 (4) described above. When the authentication is established between the device A and the device C, the device A applies the public key of the device C extracted from the public key certificate of the device C and encrypts it with the secret key of the device C stored in the device A. Fragment of the generated user secret key information Kus: Kcs [αK
us / (α + β + γ)], Kcs [βKus / (α + β
+ Γ)], Kcs [βKus / (α + β + γ)]
Fragment of user secret key information Kus: βKus /
(Α + β + γ) is acquired and stored in the memory.

Next, the device A decrypts the fragment user secret key information γK with the public key received from the device B.
us / (α + β + γ), fragment user secret key information βKus / (α that is decrypted by the public key received from device C
+ Β + γ) and the fragment user secret key information (αKu / (α + β + γ)) stored in advance in its own device to generate the user secret key Kus. The private key Kus is a pair of private keys corresponding to the user's public key, and is applied in public key system authentication with the externally connected device (server). The device A uses the generated user private key to execute mutual authentication processing with the server. This process is the process according to FIG. 11 described above, and the description will be omitted.

In the present embodiment, the condition for generating a key required for authentication with the server is that the user has a plurality of devices (here, three) of the same registered user who is valid. It should be noted that the number of fragments can be set to any number as long as it is 2 or more, and inter-device authentication processing corresponding to the number of fragments is required.

In the above-mentioned example, the fragment information is used as the secret key, but the representative authentication device that holds the user ID as a fragment in each device and performs authentication with the server is composed of a plurality of fragmented user IDs. Generate one user ID and generate user I in mutual authentication between servers
Public key mutual authentication may be performed using D. In this case, each device shall have the completed user private key required for mutual authentication between the servers.

FIG. 18 shows an example of data stored in each authentication device when the user ID is fragmented and stored in each device. FIG. 18 shows an example of data stored in the memories of the four devices A to D (for example, the EEPROM 104 shown in FIG. 4). The public key certificate and private key pair that store the public key of each device, and the public key certificate of the CA (Certificate Authority), which is the certificate authority of the public key certificate,
Further, it has a user public key certificate storing a public key corresponding to the user and fragment information of the user private key.

In this example, it is assumed that the user ID (used for server-to-server authentication) can be generated based on the fragment information of three correct devices.

Device A has a fragment of user ID: αID
A fragment of the user ID that has / (α + β + γ) and is encrypted with the secret key of the device B: Kbs [αID / (α
+ Β + γ)], Kbs [γID / (α + β + γ)]. Note that Kx [y] represents y encrypted with the key Kx. Furthermore, the device A uses the fragment of the user ID encrypted by the secret key of the device C: Kcs [αI
D / (α + β + γ)], Kcs [βID / (α + β +
γ)]. Further, the device A has the user ID fragment encrypted with the secret key of the device D: Kds [βI
D / (α + β + γ)], Kds [γID / (α + β +
γ)].

Device B also has a user ID fragment:
Fragment of user ID having βID / (α + β + γ) and encrypted with the secret key of device A: Kas [βID
/ (Α + β + γ)], Kas [γID / (α + β +
γ)], user ID encrypted with the private key of device C
Fragment: Kcs [αID / (α + β + γ)], Kcs
[ΒID / (α + β + γ)], user ID fragment encrypted with the secret key of device D: Kds [βID / (α +
β + γ)], Kds [γID / (α + β + γ)].

Device C has a user ID fragment:
Fragment of user ID having γID / (α + β + γ) and encrypted with the secret key of device A: Kas [βID
/ (Α + β + γ)], Kas [γID / (α + β +
γ)], user ID encrypted with the private key of device B
Fragment: Kbs [αID / (α + β + γ)], Kbs
[ΓID / (α + β + γ)], user ID fragment encrypted with the secret key of device D: Kds [βID / (α +
β + γ)], Kds [γID / (α + β + γ)].

Device D has a user ID fragment:
Fragment of user ID having αID / (α + β + γ) and encrypted with the secret key of device A: Kas [βID
/ (Α + β + γ)], Kas [γID / (α + β +
γ)], user ID encrypted with the private key of device B
Fragment: Kbs [αID / (α + β + γ)], Kbs
[ΓID / (α + β + γ)], a fragment of the user ID encrypted with the secret key of the device C: Kcs [αID / (α +
β + γ)], Kcs [βID / (α + β + γ)].

The process of generating the completed user ID from the fragmented user ID is executed in the authentication process between the plurality of authentication devices described with reference to FIG. The number of fragmented user IDs can be set to any number as long as it is 2 or more, and inter-device authentication processing corresponding to the fragmented number is required.

In the above-described embodiment, the server-device authentication after the device-to-device authentication is performed by the common key method is the common key method, and the server-device authentication after the device-to-device authentication is the public key method is performed. An example in which the authentication is a public key method has been described, but it is also possible to execute one authentication by using a common key method and the other authentication by using a public key method in combination with different methods.

In the above-described authentication processing examples 1 to 3, the server is set as the external connection device and the authentication processing example with the server is described. However, the external connection device is not the server but the PC operated by the user, and the authentication with the PC is performed. Even when the device-to-device authentication process is performed, each processing example can be similarly executed.

The present invention has been described in detail above with reference to the specific embodiments. However, it is obvious that those skilled in the art can modify or substitute the embodiments without departing from the scope of the present invention. That is, the present invention has been disclosed in the form of exemplification, and should not be limitedly interpreted. In order to determine the gist of the present invention, the section of the claims described at the beginning should be taken into consideration.

The series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing the processing by software, the program recording the processing sequence is installed in the memory in the computer incorporated in the dedicated hardware and executed, or the program is stored in a general-purpose computer capable of executing various processing. It can be installed and run.

For example, the program can be recorded in advance in a hard disk or a ROM (Read Only Memory) as a recording medium. Alternatively, the program may be a floppy (registered trademark) disc or a CD-ROM (Compact Disc).
Read Only Memory), MO (Magneto optical) disk,
It can be temporarily or permanently stored (recorded) in a removable recording medium such as a DVD (Digital Versatile Disc), a magnetic disk, or a semiconductor memory. Such a removable recording medium can be provided as so-called package software.

The program is installed in the computer from the removable recording medium as described above, is wirelessly transferred from the download site to the computer, or is wired to the computer via a network such as LAN (Local Area Network) or the Internet. Then, the computer can receive the program thus transferred and install it in a recording medium such as a built-in hard disk.

The various processes described in the specification are
The processing may be executed not only in time series according to the description, but also in parallel or individually according to the processing capability of the device that executes the processing or the need. Further, the system in the present specification is a logical set configuration of a plurality of devices,
The devices of the respective configurations are not limited to being in the same housing.

[0178]

As described above, in one aspect of the personal authentication system of the present invention, authentication is performed between at least two authentication devices worn by a user, and a plurality of authentication devices belong to the same user. Since verification that the device is a device is a condition for starting authentication with an external connection device (for example, a server), even if one authentication device stolen by an unauthorized third party is used, the external connection device, for example, Since the conditions for starting the authentication with the server or the PC cannot be cleared, it is possible to effectively prevent the occurrence of illegal transactions.

Furthermore, in one mode of the personal authentication system of the present invention, the server verifies that at least two authentication devices worn by the user are authentic authentication devices belonging to the same user. Even if one authentication device stolen by a person is used, the start condition for authentication with an externally connected device, for example, a server or a PC cannot be cleared, so that illegal transactions can be effectively prevented.

Further, according to one aspect of the personal authentication system of the present invention, the user has a plurality of devices in which the key information or ID of the same legitimate registered user is fragmented, and mutual authentication is established between these devices. Since the configuration is such that the fragmentation information is accumulated to generate the key information or the ID to generate the information required for the authentication with the server, even if one authentication device stolen by a third party is used, the external connection device, For example, since the condition for starting the authentication with the server or the PC cannot be cleared, it is possible to effectively prevent the occurrence of illegal transactions.

[Brief description of drawings]

FIG. 1 is a diagram illustrating a processing configuration of a personal authentication system of the present invention.

FIG. 2 1 MHz to 20 MHz, 1 MHz to 30 MHz
FIG. 6 is a characteristic diagram showing the transmission characteristics (both hands) of the human body measured with a spectrum analyzer in the range of.

FIG. 3 is a diagram illustrating electric field strength.

FIG. 4 is a configuration diagram of an authentication device applied in the personal authentication system of the present invention.

FIG. 5 is a diagram illustrating a signal transmission path in the personal identification system of the present invention.

FIG. 6 is a sequence diagram illustrating processing between devices in the personal authentication system of the present invention.

FIG. 7 is a sequence diagram illustrating a common key method device-to-device authentication process in the personal authentication system of the present invention.

FIG. 8 is a sequence diagram illustrating a common key method server-device authentication process in the personal authentication system of the present invention.

FIG. 9 is a diagram illustrating stored information of each device when executing public key method authentication processing in the personal authentication system of the present invention.

FIG. 10 is a sequence diagram for explaining public key method inter-device authentication processing in the personal authentication system of the present invention.

FIG. 11 is a sequence diagram illustrating a public key method server-device authentication process in the personal authentication system of the present invention.

FIG. 12 is a sequence diagram illustrating an authentication process between a server and a device using a common key method in the personal authentication system of the present invention and process example 2;

FIG. 13 is a sequence diagram for explaining a server-device authentication process using the public key system in the personal authentication system of the present invention and Process Example 2;

FIG. 14 is a sequence diagram illustrating an authentication process of a common key method in a personal authentication system of the present invention and a processing example 3;

FIG. 15 is a diagram illustrating stored information of each device when executing the public key method authentication process in the personal authentication system and process example 3 of the present invention.

FIG. 16 is a diagram illustrating stored information of an externally connected device (server) when executing public key method authentication processing in processing example 3 of the personal authentication system of the present invention.

FIG. 17 is a sequence diagram for explaining an authentication process of a public key system in the personal authentication system of the present invention and process example 3;

FIG. 18 is a diagram illustrating stored information of each device when executing the public key method authentication processing in the personal authentication system and processing example 3 of the present invention.

[Explanation of symbols]

10 PC 20 Authentication server 31, 32, 33 Authentication device 101 CPU (Central processing Unit) 102 ROM (Read-Only-Memory) 103 RAM (Random Access Memory) 104 EEPROM 105 Modulation amplifier 106 DES encryption processing unit 107 cryptographic processing unit 108 ALU controller 109 arithmetic unit (ALU) 110 ALURAM 111 I / O contact 201,202,203 Authentication device 210 Communication mediating means 220 Authentication equipment

Claims (26)

[Claims] 1. A personal authentication system for performing personal authentication, comprising a plurality of authentication devices having contact points for data communication via a human body, wherein the plurality of authentication devices perform authentication processing via the human body. Characterized in that a device-to-device authentication process is executed, and at least a representative authentication device selected from the plurality of authentication devices and an externally connected device are executed on condition that the device-to-device authentication process is established. Personal authentication system to do. 2. The plurality of authentication devices store a user ID set corresponding to a user having the authentication device, and in the inter-device authentication process, the plurality of devices that have executed the authentication process have the same user ID. 2. The personal authentication system according to claim 1, wherein an authentication process between the representative authentication device and an externally connected device is executed on condition that it is confirmed that the authentication device has stored therein. 3. An authentication device that sends a response signal by one of the plurality of authentication devices that has received a personal authentication request transmitted by the external connection device sending a response signal to the external connection device. The personal authentication system according to claim 1, wherein the personal authentication system has a configuration in which is set as a representative authentication device. 4. The external connection device transmits designated data of the number of authentication devices for performing the inter-device authentication processing to the authentication device, and the representative authentication device performs the inter-device authentication processing of the number according to the designated data. 2. The individual according to claim 1, further comprising: a configuration for executing authentication processing between the representative authentication device and an externally connected device on condition that a specified number of inter-device authentication processing is established. Authentication system. 5. The personal authentication system according to claim 1, wherein the authentication process between the representative authentication device and the externally connected device is executed by communication through a human body. 6. Each of the plurality of authentication devices stores key information required for executing inter-device authentication processing by a common key method or a public key method in a storage means and performs authentication processing with an externally connected device. 2. The personal authentication system according to claim 1, wherein the storage unit stores the key information required to execute the common key method or the public key method. 7. The plurality of authentication devices have fragment information obtained by fragmenting at least one of key information and user identification information required for authentication with an externally connected device, and the representative authentication device is the inter-device authentication. Key information or user identification information necessary for authentication with an external connection device is generated based on a plurality of pieces of fragment information accumulated in the process, and the generated key information or user identification information is applied to the representative authentication device and the external connection device. The personal authentication system according to claim 1, wherein the personal authentication system performs authentication processing between the personal authentication system and the personal computer. 8. A personal authentication system for executing personal authentication, comprising a plurality of authentication devices having contacts for data communication through a human body, and at least 2 selected from an externally connected device and the plurality of authentication devices. A personal authentication system, characterized in that determination of personal authentication establishment is executed on condition that a plurality of authentications are established by an authentication process based on data communication with the authentication device via a human body. 9. The plurality of authentication devices store a user ID set corresponding to a user having the authentication device, and in the authentication processing, a plurality of devices that have executed the authentication processing store the same user ID. 9. The personal authentication system according to claim 8, wherein the personal authentication is determined to be established on the condition that the authentication device is confirmed. 10. Each of the plurality of authentication devices has a configuration in which key information necessary for executing authentication processing with an externally connected device by a common key method or a public key method is stored in a storage means. The personal authentication system according to claim 8. 11. An authentication device having a contact for data communication through a human body, wherein fragment information obtained by fragmenting at least one of key information and user identification information necessary for authentication with an externally connected device is stored in a storage means. An authentication device having a stored configuration. 12. The authentication device according to claim 11, wherein the storage device stores the key information necessary for executing the inter-device authentication process by the common key system or the public key system. Authentication device. 13. The authentication device generates key information or user identification information necessary for authentication with an externally connected device based on the fragment information accumulated from another authentication device, and the generated key information or user identification information. 12. The authentication device according to claim 11, wherein the authentication device has a configuration for executing authentication processing with an externally connected device by applying the above. 14. An inter-device authentication processing step for executing inter-device authentication processing as an authentication processing via a human body between a plurality of authentication devices having contacts for data communication via a human body, and at least the inter-device authentication processing. And a step of performing an authentication process between a representative authentication device selected from the plurality of authentication devices and an externally connected device on the condition that the above condition is satisfied. 15. The plurality of authentication devices store a user ID set corresponding to a user having the authentication device, and in the inter-device authentication processing step, the plurality of devices that have executed the authentication processing are the same user. The personal authentication method according to claim 14, wherein an authentication process is performed between the representative authentication device and an externally connected device on condition that it is confirmed that the authentication device stores an ID. 16. The personal authentication method further comprises a step in which one of the plurality of authentication devices that receives the personal authentication request transmitted by the external connection device sends a response signal to the external connection device. 15. The personal authentication method according to claim 14, further comprising: setting the authentication device that has sent the response signal as a representative authentication device. 17. The personal authentication method further includes a step of transmitting, from the externally connected device, designated data of the number of authentication devices for performing inter-device authentication processing to the authentication device, wherein the representative authentication device comprises: Characterized in that the number of device-to-device authentication processes according to the designated data is executed, and the condition of performing the specified number of device-to-device authentication processes is to perform the authentication process between the representative authentication device and the externally connected device. The personal authentication method according to claim 14. 18. The personal authentication method according to claim 14, wherein the authentication process between the representative authentication device and the externally connected device is executed by communication through a human body. 19. The device-to-device authentication process is executed by a common key system or a public key system, and the authentication process between the representative authentication device and an external device is executed by a common key system or a public key system. The personal authentication method according to claim 14. 20. In the personal authentication method, further, the representative authentication device accumulates at least one piece of fragment information of key information or user identification information required for authentication with an external connection device of the plurality of authentication devices. Then, the key information or user identification information required for authentication with the external connection device is generated based on the accumulated multiple pieces of fragment information, and the generated key information or user identification information is applied to the representative authentication device and the external connection device. 15. The personal authentication method according to claim 14, wherein an authentication process between and is executed. 21. Data through a human body having a plurality of authentication devices having contacts for data communication through the human body, and an external connection device and at least two or more authentication devices selected from the plurality of authentication devices. A personal authentication method, characterized in that determination of personal authentication establishment is performed on condition that a plurality of authentication establishments are established by communication-based authentication processing. 22. The plurality of authentication devices store a user ID set corresponding to a user having the authentication device, and in the authentication processing, a plurality of devices that have executed the authentication processing store the same user ID. 22. The personal authentication method according to claim 21, further comprising the step of determining whether personal authentication has been established, on condition that it is confirmed that the device is an authenticated authentication device. 23. The personal authentication method according to claim 21, wherein the authentication processing is executed by a common key method or a public key method. 24. A computer program for causing a personal authentication process to be executed on a computer system, wherein a plurality of authentication devices having contacts for data communication via the human body are used as authentication processes via the human body. An inter-device authentication process step for executing an authentication process, and an authentication process between a representative authentication device selected from the plurality of authentication devices and an external connection device, at least on condition that the inter-device authentication process is established. A computer program comprising steps: 25. The computer program further comprises a step of accumulating fragment information of at least one of key information and user identification information necessary for authentication with an external connection device included in the plurality of authentication devices, A step of generating key information or user identification information required for authentication with an externally connected device based on a plurality of pieces of fragment information, and applying the generated key information or user identification information to the representative authentication device and the externally connected device. 25. The computer program according to claim 24, further comprising: performing an authentication process between the two. 26. A computer program for executing personal authentication processing on a computer system, comprising data communication between an externally connected device and at least two or more authentication devices selected from a plurality of authentication devices via a human body. A computer program comprising: a step of executing determination of individual authentication establishment on condition that a plurality of authentications are established by an authentication process based on.