JP2003143136A - Identification system and apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To carry out identification via a network while ensuring the reliability of the authentication of a living body. SOLUTION: With respect to the result of collation by a living body authentication system, collation related data imparted with double digital signatures of a living body authentication device 50 and a secure medium 40 are transmitted to an authentication server 10 via the network.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a personal identification system and device for performing personal identification using a biometric authentication method, and in particular, performing personal identification via a network while guaranteeing the reliability of biometric authentication. The present invention relates to a personal identification system and a device to be obtained.

[0002]

2. Description of the Related Art In general, a biometrics system based on human biometric information is widely known as one of identification methods. Here, the biometric authentication method is a technique for determining whether or not the user is the individual by comparing the biometric characteristic peculiar to each individual with the biometric information of each individual registered in advance. The biometric information is information (numerical value) of biometric features in a broad sense such as a fingerprint, an iris, a retina, a face, a voice, a keystroke, and a sign.

Thus, unlike the existing authentication methods such as passwords, the biometric authentication method uses biometric characteristics that are unlikely to be forgotten or lost.
It is a method of confirming the identity that the load of (user) is light. In addition, since the biological characteristics are assumed to be difficult to copy, they are effective in preventing spoofing attacks.

[0004] At present, with the spread of open networks represented by the Internet, introduction of a biometric authentication method into network communication such as electronic commerce is under study.

However, when the biometric authentication system is introduced into the network communication, the collation result and biometric information may be stolen or falsified on the network. However, this possibility is due to the Public Key Infrastructur
It is considered possible to reduce the number by combining with e) or a secure medium such as an IC card (smart card).

On the other hand, a more highly accurate personal identification system has been realized by a composite biometric authentication system that combines a plurality of types of biometrics to comprehensively identify an individual.

[0007]

However, the identity verification system as described above has no particular problem in the present case where it is applied to a closed system, but according to the consideration of the inventor, it can be applied to an open network. The following problems (a) to (d) are expected to occur in the near future when applied.

(A) When authenticating a communication partner via a network, it is difficult for the personal identification system to know whether the execution environment (client environment) for personal identification is truly safe and reliable. Is.

That is, the personal identification system relates to a biometric authentication device and a matching algorithm which are different for each user,
It is necessary to confirm whether it has been tampered with, whether it is at the required level (reliable level), whether it is legitimate, and so on. However, this confirmation is extremely difficult.

(B) Regarding the problem (a), the personal identification system needs to protect the request level or its response from theft or falsification on the network when transmitting the request level to the user side.

For example, an entity that provides a certain service notifies the user side of a request level satisfying the security policy of the provided service at the time of biometric authentication, and the biometric authentication device or the matching algorithm on the user side exceeds the request level. Suppose to confirm that. In this case, the request level or its response must not be stolen or tampered with on the network.

(C) Since the collation algorithm of the personal identification system and the biometric authentication devices such as the collating device and the reading device are assumed to be used in a closed system, there is often no connectivity between manufacturers. In particular, the collation algorithm may extract different biometric information between manufacturers for the same biometric feature. Therefore, the biometric information extracted by the collation algorithm of the company A cannot be used as the biometric information registered in advance in the collation algorithm of the company B (hereinafter also referred to as reference information) in many cases.

(D) An authentication infrastructure having a mechanism for solving the above problems (a) to (c) and commonly available to all users who use the open network is required.

The present invention has been made in consideration of the above circumstances, and an object of the present invention is to provide a personal identification system and apparatus capable of performing personal identification via a network while guaranteeing the reliability of biometric authentication. .

[0015]

A first aspect of the present invention is a personal identification system for confirming the identity of a user by a biometric authentication method, wherein each user is a user based on a public key cryptosystem. A user registration authority for issuing a certificate and a user private key, a device certification authority for issuing a device certificate and a device private key based on a public key cryptosystem for each biometric authentication device, and the device certification authority When the device certificate and the device private key issued by are stored in advance and it is confirmed that the user is the principal by a predetermined biometric authentication method,
A biometric authentication device that adds and transmits a first digital signature based on the device private key and the device certificate to the obtained personal identification information, a user certificate and a user private key issued by the user registration authority. Is stored in advance, and when the personal identification information, the first digital signature and the device certificate transmitted from the biometric authentication device are received, a signature process using the user private key is performed on the first digital signature to obtain The second digital signature, the personal identification information, the device certificate, and the user certificate, and a medium holding unit that detachably holds the user signature device. A client device connected to the client device, and a second digital signature transmitted from the user signature device, which is connected to the client device via a network, Upon receiving the personal identification information, the device certificate, and the user certificate, the user certificate and the device certificate are verified with reference to the user registration authority and the device certificate authority, or the second digital signature is verified. An authentication device that authenticates the personal identification information when the verification results of the respective certificates and the second digital signature are valid.

Here, as the personal identification information, for example,
The collation result and / or the biometric information can be used.
Further, as the user signature device, a personal and portable device such as an IC card or a smart card can be used.

As described above, since the double digital signature of the biometric authentication device and the user signature device is given to the personal identification information by the biometric authentication method, the reliability of the biometric authentication is ensured and the information is transmitted via the network. You can perform identity verification.

In a second aspect based on the first aspect, the authentication device is a request level notifying means for notifying the client device of a biometric authentication level requested by a service based on a service request received from the client device. It is an identity verification system equipped with.

Thus, in addition to the operation of the first invention, it is guaranteed that the obtained personal identification information satisfies the biometric authentication level required by the service side (such as the matching accuracy of the biometric authentication method and the strength of tamper resistance). can do.

In a third aspect based on the second aspect, when a plurality of biometric authentication devices are connected as the client device, the biometric authentication evaluation data described in the device certificate of each biometric authentication device. The personal identification system is provided with an authentication device selection unit that selects a biometric authentication method or a biometric authentication device that satisfies the required level, based on an authentication device connection list created including.

Thus, in addition to the operation of the second invention, it is possible to select an appropriate biometric authentication system or biometric authentication device from a plurality of biometric authentication devices without fixing the biometric authentication system to be used.

In a fourth aspect based on the third aspect, when a new biometric authentication device is connected to the client device, the contents of the authentication device connection list are dynamically changed so as to add the biometric authentication device. This is a personal identification system equipped with a dynamic changing means for changing.

Thus, in addition to the operation of the third invention, a new biometric authentication device can be added easily and surely.

Although each of the above inventions is expressed by the name "system", the invention is not limited to this, but may be expressed by other names or categories such as the whole or each "device", "method", and "program". Good.

[0025]

BEST MODE FOR CARRYING OUT THE INVENTION Embodiments of the present invention will be described below with reference to the drawings. The personal identification system described in each embodiment is a system that provides an arbitrary service (WWW service or the like) via a network, and in response to a personal identification request such as logon to the service, a client device (personal computer or workstation). , Mobile terminals, etc.), the service provider can verify that the identity has been verified in a valid and safe environment. Here, the connection line of the network is assumed to be a general-purpose open network represented by the Internet, but it may be a local network such as LAN or a dedicated line.

(First Embodiment) FIG. 1 is a schematic diagram showing the configuration of an identification system according to a first embodiment of the present invention. This personal identification system includes a user registration station 1, a certification station 2, a device certification station 3, a certification server 10, a client device 20, a medium reading device 30, a secure medium 40, and a biometric device 50.

Here, the user registration station 1 performs user initial registration, and based on a user registration application, a user certificate (user's public key certificate) and a user private key (this public key certificate). , A function of issuing a public key encryption method private key), a function of storing the issued user information in the secure medium 40, a reference information presented at the time of issue, and a biometric authentication correspondence list (corresponding to the reference information). Biometric authentication method) in the secure medium 40,
It has a function of transmitting a user certificate to the authentication server 10 by access from the authentication server 10.

Here, the reference information is, as shown in FIG.
Header (biometric authentication compatible list) and standard biometric information (eg,
Standard fingerprint reference information, standard face reference information) and biometric authentication method specific information (eg, fingerprint authentication method A unique information, fingerprint authentication method B unique information, face authentication method C unique information) are provided.

Examples of the reference information include biometric information read by a biometric information sensor (a fingerprint image before extraction in the case of fingerprint authentication), data after feature extraction processing corresponding to different matching algorithms, a standardization organization, etc. There are data according to the specified format, or a combination thereof.
The selection of reference information in the initial registration depends on the judgment of the user or the usage pattern of the system.

The certification authority 2 evaluates the collation accuracy (rejection rate of others, acceptance rate of others, response rate, etc.) and tamper resistance of the biometric device 50, and the biometric device 50 to be evaluated.
To certify the biometric authentication level satisfied by, specifically, the function of certifying the biometric authentication device 50 based on an application from the manufacturer of the biometric authentication device 50 and notifying the device certification authority 3 of the certification content. I have

Here, the biometric authentication level indicates the overall performance (safety performance, collation performance, etc.) of the single biometric authentication device 50 to be certified.

As the matching accuracy evaluation standard, any standard can be used, but it is desirable to use, for example, a standardized matching accuracy evaluation standard defined by a standardization organization or the like. The same applies to the tamper resistance evaluation criteria.

The device certification authority 3 issues a device certificate to the biometric device 50 certified by the certification authority 2. Specifically, when the certification authority 2 receives an issuance request or issuance permission. Issue a device certificate (device public key certificate). The device certification authority 3 may be provided in the same element as the certification authority 2 (a computer such as a server). The stations 2 and 3 may have a simple configuration example as shown in FIG. 1, but the stations 2 and 3 may be independent as a personal identification guarantee base of the present system. A detailed description of another form of the personal identification assurance infrastructure composed of the certification authority 2 and the device certification authority 3 will be given later.

The device certificate is, for example, as shown in FIG.
Field, version, public key of device certificate issuance, device certificate serial number, signature algorithm, expiration date, device certificate issuer, device certificate issuance target, biometric device manufacturer, biometric device evaluation standard, Data of each item of the biometric device evaluation result and digital signature are provided, and evaluation items such as safety may be attached.

The device certificate is a public key certificate X. The certificate may be in conformity with the format of the 509 certificate or may be in a newly defined format. At this time, X. Field items not specified by the 509 certificate can be used by defining them as private extension areas. Further, the field items shown in FIG. 3 are examples, and may be appropriately modified. The biometric device evaluation standard indicates the evaluation standard used at the time of certification by the device certification authority 3. The biometric device evaluation result may be any one that indicates the result of evaluation according to each evaluation criterion, and may be, for example, an index or an ID indicating the evaluation result.

The authentication server 10 belongs to a system that provides services, and includes a communication unit 11, a request response unit 12, a certificate verification unit 13, a level verification unit 14, and a result verification unit 15, as shown in FIG. There is.

Here, the communication unit 11 is for communication between the client device 20 on the network and the request response unit 12 or the certificate verification unit 13 in the own server 10.

The request response section 12 is a client device 20.
It has a function of sending a response such as a level request to the communication unit 11 to the client device 20 in response to a request received from the network and the communication unit 11, and a function of sending this level request to the level matching unit 14. .

The certificate verification unit 13 is used by the client device 2
For the verification result related data (device certificate, user certificate, verification result, signature data SM [SD [verification result]] received from 0 through the network and the communication unit 11, the user registration authority 1 and the equipment certification authority 3 has a function of verifying the authenticity of each certificate and transmitting the verification-related data to the level verification unit 14 when the verification result is correct.

Here, SM [] means the digital signature of the secure medium 40 with respect to the data "SD [verification result]" in [parentheses], and SD [verification result] is the data "verification" in [parentheses]. It means a digital signature of the biometric authentication device 50 for “result”.

The verification process of the validity of the certificate includes, for example, whether each certificate is within the expiration date, CRL (Certificate Revocation) which is a revocation list of the public key certificate.
List) to verify whether each certificate has been revoked, whether the digital signature of each certificate is valid, whether each certificate authority in the certificate trust path is reliable, etc. Is.

The level verification unit 14 evaluates the device certificate evaluation result data (and / or evaluation reference data) among the verification result related data received from the certificate verification unit 13 and the level request received from the request response unit 12. When the evaluation result data satisfies the level request, the verification result related data is sent to the result verification unit 15.

The result verification unit 15 selects the signature data SM [SD from the verification result related data received from the level verification unit 14.
[Verification result] is verified based on each certificate, and the validity of the verification result is verified.

As shown in FIG. 5, the client device 20 has a communication section 21 and an authentication control program section 22,
Other components (not shown) (monitor, mouse, keyboard, etc.) are provided.

The communication section 21 includes an authentication control program section 22.
For performing communication between the authentication server 10 and the authentication server 10.

The authentication control program unit 22 is a functional unit that is realized by an authentication control program that is resident and operates when the system is operating, and controls the identity verification processing of the client device 20, and operates when the authentication server 10 is accessed. When it is not operating, it is activated by calling a communication interface (browser etc.) or by a user operation. The authentication control program may be included in the OS, or may be a program outside the OS such as application software or middleware.

Specifically, the authentication control program section 22 is
The communication data control unit 23, the biometric authentication selecting unit 24, and the biometric device adding / deleting unit 25 are provided.

The communication data control unit 23 stores communication data (eg, reference information, collation result, signature data SM, SD) between the client device 20 and the secure medium 40 or the biometric authentication device 50 during the biometric authentication process. It controls transfer and does not participate in the contents of communication data.

The biometric authentication selection unit 24 uses the secure medium 40.
It has a function of selecting a biometric matching algorithm (matching routine) satisfying the biometric authentication request level received from the authentication server 10 based on the biometric device connection list received from the.

Here, the biometric device connection list is
As shown in FIG. 6, a device name, target biometric information, a matching algorithm, a manufacturer, and a biometric authentication level are described for each biometric authentication device 50 connected to the client device 20.

The biometric device addition / deletion unit 25 adds / deletes the corresponding contents on the biometric device connection list when the biometric device 50 is added / deleted. At the time of addition, the device certificate transmitted from the additionally connected biometric authentication device 50 is verified, and when the device certificate is valid, the corresponding data is added to the biometric authentication device connection list. When deleting, the corresponding data is deleted from the biometric device connection list.

The medium reading device 30 has a function of detachably holding the secure medium 40 and a function of an interface between the secure medium 40 and the client device 20.

The secure medium 40 has tamper resistance,
Internal information cannot be accessed by any means other than authorized access means. It is also equipped with a function of preventing leakage of internal information by erasing internal information, etc., even for attacks such as illegal reading of internal information by physical means, and for example, an IC card with a tamper resistant function is applicable.

Specifically, the secure medium 40 includes a secure communication unit 41 and a secure medium control unit 4 as shown in FIG.
2. A personal information management unit 43, a signature generation unit 44, and a signature verification unit 45 are provided.

The secure communication unit 41 is provided between the secure medium control unit 42 and the outside, and is mainly intended for authentication of an external communication partner, authentication of communication contents, and concealment of communication contents. , Key exchange processing, communication partner authentication processing, data authentication processing, encryption / decryption processing, and the like. A user certificate and a user private key managed by the personal information managing unit 43 may be used as the information for certifying oneself in the secure communication.

The secure medium control unit 42 individually controls the personal information management unit 43, the signature generation unit 44, and the signature verification unit 45 based on the communication contents received from the secure communication unit 41. When the verification result, signature data SD [verification result] and device certificate from the biometric authentication device 50 are received from the secure communication unit 41, the signature verification unit 45 verifies the signature data SD [verification result] based on the device certificate. When the function and the verification result of the signature verification unit 45 are “valid”, the signature data SD [verification result] is set to the personal information management unit 43.
And a signature data S obtained by the signature generation unit 44.
It has a function of sending M [SD [verification result]], a verification result, a device certificate and a user certificate as verification result related data to the secure communication unit 41 addressed to the authentication server 10.

The personal information management unit 43 manages the user private key, the user certificate, and the reference information so that the secure medium control unit 42 can read / write the information. The user certificate is a public key certificate issued by the user registration authority 1 to the user, and has a digital signature with the private key of the user registration authority 1. The user private key is a private key corresponding to the user certificate. Also, in order to reduce the burden of authentication processing, the public key certificate of the authentication server 10 or the authentication server 1
The public key certificate of the root certificate authority of 0 may be stored.

The signature generation unit 44 includes the secure medium control unit 4
The signature data SD [verification result] received from the biometric authentication device from 2 is digitally signed with the user private key corresponding to the user certificate, and the obtained double signature data SM [SD [verification result] ] And the collation result are sent to the secure medium control unit 42.

The signature verification unit 45 is connected to the secure medium control unit 4
The signature data SD [verification result] is verified on the basis of the verification result by the biometric authentication device received from 2, the signature data SD [verification result] and the device certificate, and when the verification result is valid, the signature generation unit 44 signs the signature. Is sent to the secure medium control unit 42 as a verification result "valid" for permitting.

The biometric authentication device 50 is connected to the client device 20 and has a sensor function of reading biometric information such as a fingerprint and an iris from a living body, and a function of collating the read biometric information with biometric information registered in advance. It is a module.

The biometric authentication device 50 has tamper resistance, and as shown in FIG. 8, a secure communication section 51, a biometric authentication device control section 52, a device information management section 53, and a reading section 5.
4, a verification unit 55 and a signature generation unit 56.

The biometric authentication device 50 is evaluated and certified by the certification authority 2 in accordance with a predetermined evaluation standard for reading accuracy, collation accuracy evaluation such as false rejection rate and other person acceptance rate, and performance such as tamper resistance performance. The certified biometric authentication device 50 has the device certification authority 3 issue a device certificate (device public key certificate) to the biometric authentication device 50 as proof of being certified by the certification authority 2. The private key (hereinafter referred to as device private key) corresponding to the secure area of the biometric device 50 (device information management unit 53)
To store.

The secure communication section 51 is mainly intended to authenticate the communication partner, authenticate the communication content, and keep the communication content confidential. The secure communication unit 51 performs key exchange processing, communication partner authentication processing, data authentication processing, and encryption. / This includes decoding processing and the like. A device certificate and a device private key managed by the device information management unit 53 may be used as the information for certifying oneself in the secure communication.

The biometric authentication device control unit 52 controls the respective functional units 51, 53 to 56 in the biometric authentication device 50, and mainly refers to the reference information received from the secure communication unit 51 to the collation unit 55. Function for sending and signature generation unit 56
It has a function of transmitting the verification result, signature data SD [verification result] and device certificate received from the secure communication unit 51 to the secure medium 40.

The device information management unit 53 manages the device private key and, if necessary, the device certificate. That is, the device certificate may be managed in an external repository such as a directory server, if desired.

As shown in FIG. 3, the device certificate is a public key certificate issued to the biometric device 50 and is digitally signed by the private key of the device certification authority 3. The device private key is a private key corresponding to the device certificate.

The reading unit 54 performs a process of reading biometric information and sends the read biometric information to the collating unit.

The collation unit 55 is reference information sent from the secure medium 40 and received from the biometric authentication device control unit 52 (biological information registered in advance in the secure medium 40).
And the collation information read by the reading unit 54 (the read biometric information or the information obtained by subjecting the biometric information to the feature extraction processing peculiar to the collation algorithm) to operate the biometric collation routine. It has a function of sending to the signature generation unit 56. Note that the biometric matching routine also performs processing unique to the matching algorithm such as feature extraction processing when necessary.

The signature generation unit 56 digitally signs the verification result received from the verification unit 55 with the device private key corresponding to the device certificate of the device information management unit 53, and obtains the obtained signature data SD [verification result]. ], The verification result and the device certificate are sent to the biometric authentication medium control unit 52.

Next, the operation of the personal identification system configured as described above will be described.

(Biometric Authentication Device Certification) As shown in FIG. 9, a vendor having a biometric device manufacturer (hereinafter referred to as “vendor”) device 4 presents the biometric device 50 or its specifications to the certification authority 2. Then biometrics device 5
Request biometric authentication level 0 certification.

The certification authority 2 carries out certification based on this certification request, and issues the issuance request and equipment certificate information to the equipment certification authority 3
To provide.

The device certification authority 3 issues a device certificate based on the provided contents, and sends this device certificate to the vendor 4.

When the vendor 4 stores the device certificate, the vendor 4 stores the device certificate in the device information management section 53 of each biometric authentication device 50.

(User Initial Registration) The user performs the initial registration of the user at the user registration station 1 in order to receive a service utilizing the personal identification system.

When the user registration station 1 receives a registration application from the user, the user registration station 1 inquires about the user's identity (ST1) and determines whether or not to permit the initial registration (ST2). When the initial registration is permitted, the user certificate and the user private key are issued to the user (ST3). At this time, it is preferable to use a general PKI framework for the public key infrastructure of the user certificate.

At the same time, when the user selects the biometric authentication method and collects biometric information by this biometric authentication method (ST4), the biometric information is presented as reference information (ST).
5).

The user registration station 1 creates a biometric authentication correspondence list indicating the biometric authentication method corresponding to the reference information based on the presented contents (ST6), and issues the issued user certificate, user private key, and reference. The information and the biometric authentication correspondence list are stored in the personal information management unit 53 of the secure medium 40 (ST7), and also registered in the own station 1 and the process is ended.

(Identity Confirmation) The client device 20 accesses a service that requires the user's identity confirmation by a user operation. At this time, the authentication server 10 on the service side
Sends an identity verification request to the client device 20. Specifically, when the authentication server 10 on the service side receives a service request from the client device 20, the authentication server 10 establishes a connection to the authentication control program unit 22 of the client device 20 through another channel, and notifies the client device 20 of the identity confirmation request. To do.

The client device 20 calls the authentication control program section 22 based on the request for confirmation of the identity.
The authentication control program unit 22 is always activated or is activated by calling the activation program.

As shown in FIG. 11, the authentication control program section 22 displays a screen requesting insertion of the secure medium 40 owned by the user (ST11), and the secure medium 4
It is confirmed whether 0 is inserted (ST12).

When it is confirmed that the secure medium 40 is inserted, the authentication control program unit 22 starts the secure communication path establishing process between the secure medium 40 and the authentication server 10 (ST13).

The purpose of the secure communication path building process here is to build a reliable communication path between the secure medium 40 and the authentication server 10. As a specific example, a method using a challenge-and-response method based on a public key encryption method for mutual authentication will be described, but the method is not limited to this and other means may be used.

The communication paths are basically constructed by the secure communication units 41 and 11. Although it is assumed that mutual public key certificates are held by each other, a payload for transmitting the certificate may be provided in the transmission message and transmitted. It should be noted that both the public key and the private key of the public key cryptosystem described here can be encrypted and decrypted.

Upon receiving the secure communication path construction processing start message, the secure medium 40 generates a challenge C1 which is a random number and transmits it to the authentication server 10.

The authentication server 10 encrypts the challenge C1 with its own secret key Sk _S to generate the response R1.

The authentication server 10 generates a challenge C2, encrypts it with the response R1 and the biometric authentication level required by the service with the user's public key (user certificate) Cert _U , and transmits the encrypted data.

The secure medium 40 decrypts this encrypted data with the user secret key Sk _U and obtains the response R1 and the challenge C2. The response R1 is verified with the public key Cert _S of the authentication server 10, and if it is determined to be valid, the challenge C2 is shared as a session key for data encryption.

Similarly, an example in which the secure medium 40 generates a session key will be described. Upon receiving the secure communication path construction processing start message, the secure medium 40 generates a challenge C1 that is a random number and transmits it to the authentication server 10.

The authentication server 10 encrypts the challenge C1 and the biometric authentication level required by the service with the secret key Sk _S of the authentication server 10 to generate the response R1, and sends the response R1 to the secure medium 40.

In the secure medium 40, the response R1 is
Public key Cert of the authentication server 10_SAnd validated with
If judged, challenge C3 is generated and the public key of the server
Cert _SEncrypt with. Encrypted Challenge C3 'and J
User secret key Sk in the arrangement C1 and response R1_Uso
Digitally signed and encrypted with Challenge C3 '
To the authentication server 10.

The authentication server 10 verifies the digital signature,
If judged to be valid, encrypted challenge C3 '
To obtain challenge C3. The challenge C3 is shared as a session key for data encryption.

Now, the authentication control program unit 22 performs the secure communication path construction processing, and judges whether or not the secure communication path is secured by judging that the communication partners of each other are valid (ST14), and the secure communication path is not secured. When it is ensured, the biometric authentication correspondence list is received from the secure medium 40 (ST15).

The biometric authentication selection unit 24 of the authentication control program unit 22 is requested based on the biometric authentication level requested from the service side and the biometric authentication connected device list as shown in FIG. 6 received from the secure medium 40. A biometric matching algorithm that satisfies the biometric authentication level (hereinafter, also referred to as a biometric matching routine) is selected (ST16). The population of the combination at this time is a usable biometric matching routine obtained from the common part of the biometric authentication level and the biometric authentication connected device list.

The biometric authentication level here refers to a comprehensive performance level in the case of combining a single biometric authentication device 50 or a plurality of biometric authentication devices 50. The authority provided to the user can be controlled according to the biometric authentication level required by this service. In other words, it is possible to perform flexible identification such as requesting a higher biometric authentication level for a service requiring a higher security level.

At the time of this selection, the authentication control program section 22 determines whether or not a combination of biometric matching routines that can satisfy the biometric authentication level can be determined (ST1
7) If the determination cannot be made, the processing is terminated, but if the determination is possible, the determined biometric matching routine is notified to the secure medium 40.

The secure medium 40 determines the biometric authentication device 50 from this biometric matching algorithm, and shifts to the matching processing by this device 50.

At the start of the matching process, as shown in FIG. 12, the secure medium 40 directly establishes a secure communication path with the biometric authentication device 50 via the authentication control program section 22 (ST21).

The secure communication path here is the device 50.
The purpose is to protect the transmission path between the media 40 and mutually authenticate that the device of the communication partner is legitimate. As an example of a specific secure communication path building process, a secure medium 40 and a biometric device 50
There is a method of using the public key (public key certificate) and the private key of the public key cryptosystem that are mutually held.

The biometric authentication device 50 sends the device certificate to the secure medium 40. The secure medium 40 verifies the device certificate, and if it is valid, generates an encryption key (session key) of the common key cryptosystem and encrypts it with the device certificate.

At this time, a digital signature is made with the private key corresponding to the user certificate stored in the secure medium 40, and the digital signature is sent to the biometric authentication device 50 together with the user certificate.

The biometric authentication device 50 verifies the user certificate and the digital signature, and decrypts the encrypted session key. Data encryption for secure communication is performed using this session key.

At this time, the secure medium 40 and the biometric device 50 must store in advance the public key certificates of the institutions (root certificate authority, device certificate authority 3 etc.) that authenticate each other's public key certificates. Any means that is desirable or separately obtained from a repository or the like may be provided. Although the communication between the secure medium 40 and the biometric authentication device 50 is performed via the authentication control program unit 22, the communication path is omitted in FIG. 1 for convenience of the drawing.

When the secure communication path is established (ST22), the secure medium 40 transmits the reference information to the biometric authentication device 50.

Upon receiving the reference information, the biometric authentication device 50 notifies the authentication control program section 22 to display a screen prompting the user to present the biometric information.

Specifically, in the case of fingerprint collation, a message such as "Place your finger on the reading unit" is displayed on the screen. To confirm that the preparation for presenting the biometric information has been completed, confirmation is performed by means of inputting a return key or pressing an OK button on the screen.

When the biometric authentication device 50 confirms the preparation for the presentation of the biometric information, the reading unit 54 reads the biometric information and transfers the read biometric information to the collating unit 55. The collating unit collates the collation information with the received reference information (ST2
3).

The collating unit 55 judges whether the two match or not (ST24), and if they match, a digital signature is given to the collation result "valid (OK)" by the device secret key (ST).
25) The obtained signature data SD [verification result], the verification result and the device certificate are transmitted to the secure medium 40. On the other hand, as a result of step ST24, the collating unit 55 suspends the authentication process when the two do not match.

If necessary, the secure medium 40 and the authentication control program section 22 are notified of the authentication failure as the personal identification information, and a message such as “Authentication failed” is displayed on the screen. In addition, as an example of the screen display item at this time, information indicating whether the matching is successful or unsuccessful (may include the matching reliability by percentage or the like), the used biometric authentication method (including the biometric authentication device 50), and use Examples of the biometric authentication level of the biometric authentication method described above (total level when a plurality of biometric authentication methods are used) and the like.

The secure medium 40 verifies the signature data SD [verification result], and if it is valid, applies a digital signature with the user private key, and the obtained signature data SM [SD [verification result] has the verification result, The verification result related data with the device certificate and the user certificate attached is the authentication control program unit 2
Send to 2.

The authentication control program section 22 sends this collation result related data to the authentication server 10. Here, since the collation result related data is encrypted by the shared session key, the secure medium 40 and the authentication server 10 are
It is difficult for others to know the contents.

In the authentication server 10, the certificate verification unit 13 receives the verification result related data (device certificate, user certificate, SM [SD [verification result]) from the client device 20 via the network and the communication unit 11. ]) To
The validity of each certificate is verified with reference to the user registration station 1 and the device certification station 3, and when the verification result is valid, the verification related data is sent to the level verification unit 14.

The level collating unit 14 collates the evaluation result data (and / or evaluation standard data) of the device certificate with the level request received from the request responding unit 12 among the collation result related data, and evaluates the evaluation result data. When the above satisfies the level requirement, the collation result related data is sent to the result verification unit 15.

The result verifying unit 15 verifies the signature data SM [SD [verification result]] of the verification result related data based on each certificate, and verifies the validity of the verification result. Here, if the collation result is valid, the identity verification is completed, and the service side provides the service to the client device 20.

(Biometric Authentication Device Addition) The biometric authentication device addition / deletion unit 25 adds / deletes the corresponding contents on the biometric authentication device connection list when the biometric authentication device 50 is added / deleted. At the time of addition, the device certificate transmitted from the additionally connected biometric authentication device 50 is verified, and when the device certificate is valid, the corresponding data is added to the biometric authentication device connection list. When deleting, the corresponding data is deleted from the biometric device connection list.

As described above, according to the present embodiment, the biometric authentication device 50 is compared with the collation result by the biometric authentication method.
Since the double digital signatures of the secure medium 40 and the secure medium 40 are given, the identity verification can be performed via the network while guaranteeing the reliability of the biometric authentication.

That is, it is possible to guarantee the validity of the result of collation processing or reading processing of biometric authentication at a remote place via a network and that it is performed under a safe environment, and the problem considered by the present inventor. (A) can be solved.

Further, since the authentication server 10 notifies the client device of the biometric authentication level required by the service, the obtained verification result indicates the biometric authentication level requested by the service side (the verification accuracy and tamper resistance of the biometric authentication method). It is possible to guarantee that the strength of the above) is satisfied, and solve the problem (b) considered by the present inventor.

However, the configuration for notifying the biometric requirement level is not essential, and it may be finally confirmed that the biometric requirement level is satisfied. For example, the biometric authentication device 50 having the highest biometric authentication level is selected on the client device 20 side, the matching result related data is transmitted to the authentication server 10, and the biometric authentication level is confirmed on the authentication server 10 side by referring to the device certificate. It may be configured to.

Also, the biometric authentication selection unit 24, when a plurality of biometric authentication devices 50 are connected, is an authentication device created including the biometric authentication evaluation data described in the device certificate of each biometric authentication device 50. Based on the connection list
Since the biometric authentication method or the biometric authentication device 50 that satisfies the required level is selected, it is possible to select an appropriate biometric authentication method or the biometric authentication device 50 from a plurality of biometric authentication devices 50 without fixing the biometric authentication method to be used. it can.

That is, the user or the system itself can select a free biometric authentication method if the biometric authentication method to be used is not fixed and the biometric authentication level required by the service using the authentication server 10 or the personal identification system is satisfied. You can Therefore, the problem (c) considered by the present inventor can be solved.

Further, the biometric device adding / deleting unit 25
However, when the new biometric authentication device 50 ′ is connected to the client device 20, the contents of the authentication device connection list are dynamically changed so as to add the biometric authentication device 50 ′, so that the new biometric authentication device 50 ′ can be easily and surely It is possible to add a biometric authentication device.

As a result, even if the existing matching algorithm or biometric authentication device is newly updated, the addition of the matching algorithm or biometric authentication device
Alternatively, it can be easily discarded.

In the case of the combined biometric authentication system, since a plurality of biometric authentication methods are handled, for example, fingerprint information, face information,
Although it is necessary to register a plurality of biometric information such as voice information in advance, the biometric device addition / deletion unit 25 can easily register these.

Further, even if the same biometric authentication method is used, there are a plurality of types of collation algorithms, and therefore there are a plurality of types of biometric information formats to be used (for example, even if the same fingerprint is used, different collation algorithms differ. However, according to the biometric device addition / deletion unit 25, these can be easily registered.

Further, when any one of a plurality of types of biometric authentication methods is arbitrarily selected, whether or not the required level of the security policy is satisfied may change depending on the selected method. As described in the problem (a), it is extremely difficult to know whether or not the required level is satisfied, but according to the present embodiment, similarly to the above, biometric authentication is performed at a remote place via a network. It is possible to guarantee the correctness of the result of the collation process or the read process and that it is performed in a safe environment.

Further, since the user registration station 1 and the device authentication station 3 are provided, an authentication base that can be commonly used by all users can be realized, and therefore the problem (d) considered by the present inventor can be solved. it can. Further, since the authentication base is divided into the user registration station 1 side for the user and the device certification station 3 for the biometric authentication device 50, it can be realized without imposing an excessive burden on one station.

The present embodiment is not limited to the above-mentioned configuration, the secure medium 40 is omitted, and the biometric authentication device 50 is omitted.
The configuration may be modified such that only the processing result of (1) is transmitted to the authentication server 10. In this case, the authentication server 10 guarantees only the biometric information read by the biometric authentication device 50 or the information extracted from this biometric information (matching information).

(Second Embodiment) FIG. 13 shows a second embodiment of the present invention.
15 is a schematic diagram showing the configuration of the personal identification system according to the embodiment of the present invention, FIG. 14 is a schematic diagram showing the biometric authentication device of the system and its peripheral configuration, and FIG. 15 is a biometric matching server of the system and its peripheral configuration. FIG. 3 is a schematic diagram showing the same as in FIG. 3, and the same parts as those in the above-mentioned drawings are denoted by the same reference numerals and detailed description thereof will be omitted. Here, different parts will be mainly described. In addition, in each of the following embodiments, the description of the overlapping portions will be omitted in the same manner.

That is, the present embodiment is a modification of the first embodiment and is applied to a biometrics authentication device as a reading device having no collating function, and is specifically shown in FIG. As described above, the biometric authentication device 50a in which the matching unit 55 is omitted and the biometric matching server 60 that is connected to the client device 20a and has a matching unit are provided.

Here, in the case of fingerprint authentication, the biometric device 50a corresponds to a reading device having a reading unit 54 such as a fingerprint sensor (electrostatic capacitance type or optical reading type) but not having a collating function. ing.

As shown in FIG. 15, the biometric collation server 60 includes a secure communication unit 61, a user information management unit 62, a signature verification unit 63, a collation unit 64, and a signature generation unit 65.

The secure communication section 61 has a function of establishing a secure communication path with the secure medium 40 via the authentication control program section 22 and performing secure communication with the secure medium 40.

The user information management section 62 uses the user certificate,
A device certificate, a biometric matching server certificate, a biometric matching server private key, and reference information are stored in advance. The reference information may not be managed by the user information management unit 62, but may be managed by the personal information management unit of the secure medium 40 as described above.

When the signature verification unit 63 receives the signature data SM [SD [Biometric information]], biometric information, device certificate and user certificate from the secure medium 40 from the secure communication unit 61, the signature verification unit 63 causes the user information management unit 62 to operate. While referring to the device certificate and the user certificate, if valid, the function of verifying the signature data SM [SD [biometric information]] based on each certificate and the verification result are valid. For example, it has a function of sending the biometric information to the matching unit 64.

The collation unit 64 collates the biometric information received from the signature verification unit 63 with the reference information in the user information management unit 62. If they match, the collation result “valid” is sent to the signature generation unit 65. It has the function of sending. The matching unit 64
Has a plurality of biometric verification routines and can select a verification routine corresponding to the contents of the device certificate.

The signature generation unit 65 signs the verification result received from the verification unit 64 with the biometric verification server private key in the user information management unit 62, and obtains the obtained signature data SS [verification result],
The verification result and the biometric verification server certificate are sent to the secure communication unit 6
1 has a function of sending to the authentication control program section 22.

Next, the operation of the personal identification system configured as described above will be described. (User Initial Registration) The user initial registration is the same as described above, but the user reference information is stored in the biometric matching server 60 or the secure medium 40.

(Personal Confirmation) The processing up to the start of biometric authentication is the same as that described above. As a different procedure, the procedure after the biometric information reading process will be described below.

The biometric authentication device 50a digitally signs the read biometric information using the device secret key, and transmits the obtained signature data SD [biometric information], biometric information and a device certificate to the secure medium 40. If there is a need at this time,
You may perform the processing (feature extraction etc.) peculiar to a biometric matching routine.

The secure medium 40 digitally signs the received signature data SD [biometric information] with the user secret key, and then obtains the obtained signature data SM [SD [biometric information]],
The biometric information, the user certificate, and the device certificate are transmitted to the biometric matching server via the authentication control program unit 22. At this time, if necessary, the biometric information may be encrypted.

In the biometric matching server 60, as shown in FIG. 16, the signature verification unit 63 sends the signature data SM [SD [biometric information]], biometric information, device certificate and user certificate from the secure medium 40. When received from the secure communication unit 61, the device certificate and the user certificate are verified with reference to the user information management unit 62, and if they are valid, the signature data SM [SD [Biometric information ]] Is verified (ST31).

Here, the signature verification unit 63 determines whether the signature is valid (OK) (ST32), and if the verification result is not valid (NG), the verification process is rejected and the process ends. However, if the verification result is valid, the biometric information is sent to the matching unit 64.

The collation unit 64 collates this biometric information with the reference information in the user information management unit 62, and if they match, sends the collation result “valid” to the signature generation unit 65.

The signature generation unit 65 signs this verification result with the biometric verification server private key in the user information management unit 62, and secures the obtained signature data SS [verification result], verification result and biometric verification server certificate. It is sent to the authentication control program unit 22 via the communication unit 61.

The authentication control program section 22 sends the signature data SS [verification result], the verification result and the biometric verification server certificate to the authentication server 10. However, the authentication control program unit 22 sends these data to the secure medium 40, and the signature data SM [SS [verification result]], the verification result, the biometric verification server certificate, and the user through the signature process of the secure medium 40. It may be transmitted as a certificate to the authentication server 10.

In the authentication server 10, the certificate verification unit 13, the level verification unit 14, and the result verification unit 15 respectively confirm the contents received from the client device 20 as described above.

As described above, according to this embodiment, even when the biometric authentication device 50a having no collating function is provided, the same effect as that of the first embodiment can be obtained.

Supplementally, in the current biometric authentication, an application having a collation function is often arranged in the client device 20 such as a personal computer and the collation processing is performed in the client device 20.

However, it is difficult to guarantee that the client device 20 has a safe environment. Therefore, arranging the collation function using reference information such as a fingerprint template in the client device 20 is unsafe for security.

Therefore, as a modification of the first embodiment, it is possible to realize a personal identification system using the biometric authentication device 50a as the reading device and the biometric verification server 60) having a verification function installed outside the client device 20. It has important significance.

(Third Embodiment) FIG. 17 shows a third embodiment of the present invention.
FIG. 18 is a schematic diagram showing the configuration of the personal identification system according to the embodiment, and FIG. 18 is a schematic diagram showing the client device of the system and its peripheral configuration.

That is, the present embodiment is a modification of the first embodiment, and the biometric matching routine can be dynamically acquired without using the biometric matching routine that can be used. Is a biometric matching routine acquisition unit 26 added to the authentication control program unit 22b and a biometric matching routine DB (database) 7 connected to the client device 20b.
It has 0.

Here, the biometric matching routine acquisition section 26
The biometric verification routine can be acquired from the biometric verification routine DB based on the acquisition request from the biometric authentication selection unit 24, and the biometric verification routine can be sent to the communication data control unit 23 addressed to the biometric authentication device 50.

A plurality of biometric matching routines are stored in advance in the biometric matching routine DB 70, and search conditions (eg, information of each biometric authentication device 50, data format of reference information) notified from the biometric matching routine acquisition unit 26 are stored. It has a function of sending a biometric matching routine that matches the search condition to the biometric matching routine acquisition unit 26 based on the type of data and the biometric authentication level).

However, the biometric authentication device 50 describes a biometric verification routine that can be used by the verification unit 55 of itself in the extended field of the device certificate when the certification authority 2 authorizes.
For example, it is preferable that the biometric matching routine has a rule that it is categorized in advance by target biometric information, unique feature extraction processing, and the like, and can be identified by the matching routine ID.

Next, the operation of the personal identification system configured as described above will be described. (Obtaining biometric matching routine) Now, as shown in FIG.
The same operation is performed in steps ST11 to ST16 described above. Subsequently, in step ST17b, when the biometric authentication selection unit 24 of the authentication control program unit 22 selects the biometric matching routine, there is no combination in the client device 20 that can satisfy the biometric authentication level required by the service. When it is determined that the acquisition request is made, the biometric matching routine acquisition unit 26 is requested to acquire it (ST18).

In response to this acquisition request, the biometric matching routine acquisition section 26 receives information on each biometric authentication device 50 connected to the client device 20b and the data format and data type of the reference information stored in the secure medium 40. When,
Biometric verification routine DB70 with the requested biometric authentication level
And the biometric matching routine that matches the condition is acquired from the biometric matching routine DB 70.

The acquired biometric matching routine is transmitted to the corresponding biometric authentication device 50. If necessary, the biometric matching routine to be transmitted includes the biometric matching routine DB7.
A digital signature such as 0 may be given and verified by the biometric device 50 or the authentication control program unit 22. In this case, the root CA public key certificate (or public key itself) of the public key certificate in the biometric matching routine DB 70 may be incorporated in the biometric authentication device 50 at the time of certification.

As described above, according to this embodiment, the first
In addition to the effect of this embodiment, even when there is no biometric matching routine that can be used, the biometric matching routine acquisition unit 26 can dynamically acquire the biometric matching routine from the biometric matching routine DB 70.

The present embodiment is not limited to the modification of the first embodiment and may be a modification of the second embodiment.
In this case, the processing procedure may follow the processing procedure described in the second and third embodiments.

(Fourth Embodiment) FIG. 20 shows a fourth embodiment of the present invention.
It is a schematic diagram which shows the structure of the identity verification guarantee base applied to the identity authentication system which concerns on embodiment.

That is, this embodiment is a modification of the first to third embodiments, and instead of the simple structure of the certification authority 2 and the device certification authority 3, the certification authority 5 and the vendor (the biometric device manufacturing Person) 4c and a personal identification assurance base having a hierarchical structure.

The accreditation body 5 has an accreditation authority 2c and a vendor certification authority 6.

The certification authority 2c has a function of sending an issuance request to the vendor certification authority 5 when the vendor 4c and the biometrics authentication device 50 are certified according to a request from the vendor 4c.

The vendor certification authority 6 has a function of issuing a vendor certificate (vendor public key certificate) to the vendor 4c based on the issuance request received from the certification authority 2c.

The vendor 4c includes a device certification authority 3c. The device certification authority 3c uses the biometric authentication devices 50, 5 based on the vendor certificate issued by the vendor certification authority 6.
0a, a device certificate is issued and the device certificate is stored in the biometric authentication devices 50 and 50a.

Next, the operation of the personal identification guarantee infrastructure constructed as described above will be described. The vendor 4c requests the certification authority 2c to issue a vendor certificate. The certification authority 2c determines whether a vendor certificate can be issued to the vendor 4c. The judgment standard depends on the policy in the operation of the certification authority 2c and is not specified in this embodiment.

When the certification authority 2c determines that the vendor certificate can be issued, it requests the vendor certification authority 6 to issue the vendor certificate. At this time, necessary information of the vendor 4c (which may be information described in a general public key certificate) is provided.

The vendor certificate authority 6 issues a vendor certificate to the vendor 4c. Enter each item to be described in Vendor Certification Authority 6
Is attached to the public key generated by, and digitally signed by the public key certificate of the vendor certificate authority 6. Here, each item of the vendor certificate is X. Although it is suitable to use the field items defined by the 509 certificate, extended items may be added if there are necessary items.

The vendor 4c uses the certification authority 2c as described above.
Biometric device 5 manufactured by itself according to the certification standards of
Equipment Certification Authority 3 that evaluates 0 and is operated by vendor 4c
Issue a device certificate from c. However, the device certification authority 3c may be an external component of the vendor 4c as long as the vendor 4c trusts it.

The device certificate is the same as that shown in FIG. 3, but is digitally signed by the vendor certificate. That is, in the trust hierarchy of the certification authority of the device certificate, the certification authority 2c is the highest and the vendor certification authority 6 is next.

The vendor 4c stores the issued device certificate in the manufactured biometric authentication device 50. The device certificate issued at this time may be submitted to the certification authority 2c.

The certification authority 2c regularly checks the biometric device 5
By verifying the device certificate stored in 0, the reliability of the vendor 4c is inspected at any time.

As the verification target of the device certificate at this time, the validity of the certificate itself and the items described in the device certificate are verified as in the first embodiment. In the verification of the described items, the consistency between the evaluation result of the biometric authentication device 50 described in the device certificate and the actual biometric authentication device 50 is actually evaluated and verified.

If it is determined that the certificate is illegal, the certificate authority 2
The c performs revocation processing of the device certificate and the vendor certificate. That is, the certificate authority 2c sends the device certificate and the vendor certificate to the revocation list (CRL, ARL (Authority Revoca
Option List) etc.). The same processing is also performed when the certificate revocation request is presented by the authentication server 10 or the like.

As described above, according to the present embodiment, the effects of the first to third embodiments can be obtained even if a personal identification assurance base having a hierarchical structure of the certification body 5 and the vendor 4c is provided. Obtainable.

The method described in each of the above embodiments is
As a program that can be executed by a computer, a magnetic disk (floppy (registered trademark) disk,
Hard disk, etc., Optical disk (CD-ROM, D
It can be stored in a storage medium such as a VD), a magneto-optical disk (MO), a semiconductor memory or the like and distributed.

The storage medium may have any storage format as long as it can store the program and is readable by the computer.

[0180] Further, an OS (operating system) running on the computer based on the instructions of the program installed in the computer from the storage medium,
MW such as database management software and network software
(Middleware) or the like may execute a part of each processing for realizing the present embodiment.

Further, the storage medium in the present invention is not limited to a medium independent of a computer, but includes a storage medium in which a program transmitted via a LAN, the Internet or the like is downloaded and stored or temporarily stored.

Further, the number of storage media is not limited to one, and a case in which the processing in this embodiment is executed from a plurality of media is also included in the storage media of the present invention, and the medium configuration may be any configuration.

The computer according to the present invention executes each processing in the present embodiment based on the program stored in the storage medium, and a device such as a personal computer or a plurality of devices are connected to the network. It may have any configuration such as an established system.

The computer in the present invention means
Not only a personal computer but also an arithmetic processing unit, a microcomputer, and the like included in an information processing device, which collectively refer to a device and a device that can realize the functions of the present invention by a program.

The invention of the present application is not limited to the above-described embodiments, but can be variously modified at the stage of implementation without departing from the spirit of the invention. Further, the respective embodiments may be implemented by being combined appropriately as far as possible, in which case the combined effects can be obtained. Further, the above embodiments include inventions at various stages, and various inventions can be extracted by appropriately combining a plurality of disclosed constituent requirements. For example, when the invention is extracted by omitting some of the constituent elements shown in the embodiment, when omitting the extracted invention, the omitted portions are appropriately supplemented by well-known and common techniques. It is something that will be done.

In addition, the present invention can be variously modified and implemented without departing from the scope of the invention.

[0187]

As described above, according to the present invention, it is possible to perform identity verification via a network while guaranteeing the reliability of biometric authentication.

[Brief description of drawings]

FIG. 1 is a schematic diagram showing a configuration of an identity verification system according to a first embodiment of the present invention.

FIG. 2 is a schematic diagram for explaining reference information in the same embodiment.

FIG. 3 is a schematic diagram for explaining a device certificate in the same embodiment.

FIG. 4 is a schematic diagram showing an authentication server and its peripheral configuration in the embodiment.

FIG. 5 is a schematic diagram showing a client device and its peripheral configuration according to the embodiment.

FIG. 6 is a schematic diagram for explaining a biometric device connection list in the same embodiment.

FIG. 7 is a schematic diagram showing a secure medium and its peripheral configuration in the same embodiment.

FIG. 8 is a schematic view showing a biometric authentication device and its peripheral configuration in the same embodiment.

FIG. 9 is a schematic diagram for explaining a certifying operation of the biometric authentication device according to the same embodiment.

FIG. 10 is a flowchart for explaining a user initial registration operation in the same embodiment.

FIG. 11 is a flowchart for explaining an identification process in the same embodiment.

FIG. 12 is a flowchart for explaining an identification operation in the same embodiment.

FIG. 13 is a schematic diagram showing a configuration of an identity verification system according to a second embodiment of the present invention.

FIG. 14 is a schematic view showing a biometric authentication device and its peripheral configuration in the same embodiment.

FIG. 15 is a schematic diagram showing a biometric matching server and its peripheral configuration in the embodiment.

FIG. 16 is a flowchart for explaining the operation of the embodiment.

FIG. 17 is a schematic diagram showing a configuration of an identity verification system according to a third embodiment of the present invention.

FIG. 18 is a schematic diagram showing a client device and its peripheral configuration in the embodiment.

FIG. 19 is a flowchart for explaining a matching routine acquisition operation in the same embodiment.

FIG. 20 is a schematic diagram showing the configuration of an identity verification assurance platform applied to the identity authentication system according to the fourth embodiment of the present invention.

[Explanation of symbols]

1 ... User Registration Bureau 2 ... Certification Authority 3,3c ... Equipment Certification Authority 4, 4c ... Vendor 5 ... Vendor Certification Authority 10 ... Authentication server 11, 21 ... Communication unit 12 ... Request response section 13 ... Certificate Verification Department 14 ... Level matching unit 15 ... Result verification unit 20, 20a, 20b ... Client device 22 ... Authentication control program section 23 ... Communication data control unit 24 ... Biometrics selection section 25 ... Biometric device add / delete unit 26 ... Biometric matching routine acquisition unit 30 ... Medium reading device 40 ... Secure medium 41, 51, 61 ... Secure communication unit 42 ... Secure medium control unit 43 ... Personal Information Management Department 44, 56, 65 ... Signature generation unit 45, 63 ... Signature verification unit 50, 50a ... Biometric device 52 ... Biometric device control unit 53 ... Device information management section 54 ... Reading unit 55, 64 ... Collating unit 60 ... biometric matching server 62 ... User information management section 70 ... Biometric matching routine DB

Continued front page    (72) Inventor Toshiaki Saisho             No. 1 Toshiba-cho, Fuchu-shi, Tokyo Toshiba Corporation             Fuchu Office F term (reference) 5B085 AA01 AE25 AE29 BE01                 5J104 AA07 AA09 KA01 LA03 MA03                       NA02 NA05 PA07

Claims (9)

[Claims] 1. A personal identification system for confirming the identity of a user by a biometrics authentication method, for issuing a user certificate and a user private key based on a public key encryption method for each user. User registration authority, a device certificate authority for issuing a device certificate and a device private key based on public key cryptography for each biometric device, and a device certificate and a device secret issued by the device certificate authority. When the key is stored in advance and it is confirmed that the user is the principal by a predetermined biometric authentication method, a first digital signature by the device secret key and the device certificate are added to the obtained personal identification information. And a biometric authentication device to be transmitted, and a user certificate and a user private key issued by the user registration authority are stored in advance, the personal identification information transmitted from the biometric authentication device, Upon receiving the digital signature and the device certificate, performs signature processing by the user private key to the first digital signature, the obtained 2
A digital signature, a user signature device that transmits the personal identification information, the device certificate, and the user certificate, and a medium holding unit that detachably holds the user signature device, and were connected to the biometric device. When the client device is connected to the client device via a network and receives the second digital signature, the personal identification information, the device certificate, and the user certificate transmitted from the user signature device, the user registration station and the device Verify the user certificate and the device certificate while referring to a certificate authority,
Or, an authenticating device that verifies the second digital signature, and authenticates the personal identification information when the verification results of the respective certificates and the second digital signature are valid, respectively. Confirmation system. 2. The identity verification system according to claim 1, wherein the authentication device notifies the client device of a biometric authentication level requested by a service based on a service request received from the client device. A personal identification system characterized by having. 3. The personal identification system according to claim 2, wherein when the plurality of biometric authentication devices are connected to the client device, the biometric authentication evaluation data described in the device certificate of each biometric authentication device. An identification device selecting means for selecting a biometrics authentication method or a biometrics authentication device satisfying the required level based on an authentication device connection list created including the above. 4. The personal identification system according to claim 3, wherein when a new biometric authentication device is connected to the client device, the contents of the authentication device connection list are dynamically changed so as to add the biometric authentication device. A personal identification system characterized by having a dynamic changing means for changing to. 5. A biometric authentication device that adds a first digital signature to personal identification information that confirms that the user is who he / she is by a biometric authentication method and sends it together with a device certificate, and for confirming the personal identification information. Used in a personal identification system including an authentication device and a client device for transmitting the personal identification information obtained by the biometric authentication device to the authentication device via a network, and attached to or detached from a medium holding unit of the client device. A user signature device that is freely held, including user information storage means in which a user certificate and a user private key based on a public key cryptosystem are stored in advance; personal identification information transmitted from the biometric authentication device; 1 receiving means for receiving the digital signature and the device certificate, and a first digital signature received by the receiving means based on the device certificate. A signature verifying unit for verifying based on the signature verification unit; and a signature generating unit for performing a signature process on the first digital signature with the user private key in the user information storage unit when the verification result by the signature verifying unit is valid, A user signature device, comprising: a second digital signature obtained by signature generation means, the personal identification information, the device certificate, and the user certificate in the client device. 6. The personal identification information and the device certificate, the user certificate, and the personal identification information are signed by a device private key corresponding to the device certificate and a user private key corresponding to the user certificate, respectively. An authentication device for authenticating the personal identification information when a digital signature including the following is received from a client device via a network, the digital signature, the personal identification information, the device certificate, and the user certificate. Receiving means for receiving the certificate, a certificate verifying means for verifying the device certificate and the user certificate received by the receiving means while communicating with the issuer of each certificate, and verification by the certificate verifying means. When the result is valid, the signature verification means for verifying the digital signature based on each certificate and the verification result by the signature verification means are correct. A case, the authentication device characterized by comprising a a credential authenticating means for authenticating the credential. 7. A biometric authentication device for confirming that the user is who he / she is by a biometric authentication method, and a device information storage means in which a device certificate and a device private key based on a public key cryptosystem are stored in advance. And a reading unit for reading the biometric information of the user, and the biometric information obtained by the reading unit and the reference information of the user separately transmitted are collated, and if the both match, the personal identification information indicating legitimacy is transmitted. Verification means, signature generation means for performing signature processing on the personal identification information sent from the verification means by the device private key in the device information storage means, and first digital signature obtained by the signature generation means. A biometric authentication device, comprising: a transmitting unit that transmits the personal identification information and the device certificate. 8. A device certificate based on a public key cryptosystem when an issue request or issuance permission is received from a certification authority for each biometric device for confirming that the user is who he / she is by the biometric authentication system. And a device certificate authority that issues a device private key. 9. A personal identification system for confirming the identity of a user by a biometric authentication method, for issuing a user certificate and a user private key based on a public key encryption method for each user. User registration authority, a device certification authority for issuing a device certificate and a device private key based on public key cryptography for each biometric authentication device, and a user certificate and a user secret issued by the user registration authority When the key is stored in advance and the personal identification information, the first digital signature, and the device certificate transmitted from the outside are received, the signature process using the user private key is performed on the first digital signature to obtain the key. A second digital signature, the user identification information, the device certificate, and a user signature device that transmits the user certificate, and a medium storage device that detachably holds the user signature device. Has a section, and a client device having a communication function, a second digital signature transmitted from the user signature device,
When the personal identification information, the device certificate and the user certificate are received via the client device, the user certificate and the device certificate are verified with reference to the user registration authority and the device authentication authority, or (2) A personal identification system, comprising: an authenticating device that verifies the digital signature, and authenticates the personal identification information when the verification results of the respective certificates and the second digital signature are valid.