JP2010218291A - Information processor, acting authority assignment method, program and information processing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processor, an acting authority assignment method, a program, an information processing system which allow a person to assign an acting authority for performing a part of the authority owned by himself/herself to the other person without impairing security strength and convenience when execution is limited by biometric authentication. <P>SOLUTION: The information processor includes a biometric authentication unit which performs the authentication of biological information based on biological information and a template; a service execution unit which executes service according to an authority associated with a template corresponding to successfully authenticated biological information; an authority assignment unit which assigns an acting authority for the other template to perform at least a part of the authority associated with one template to the other template; and an attribute certificate generation unit which generates an attribute certificate including information for the authority the template to which the acting authority is assigned can act, and makes the certificate associated with the template to which the acting authority is assigned. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an information processing apparatus, a proxy authority granting method, a program, and an information processing system.

  2. Description of the Related Art Conventionally, a communication system has been proposed in which mutual authentication is performed between communication terminals using a public key cryptosystem, and information relating to a predetermined service is communicated when mutual authentication is successful.

  In this communication system, each communication terminal can confirm that the other communication terminal is a valid communication terminal by mutual authentication. However, even if the user who uses the other communication terminal is not a regular user, As long as mutual authentication is successful, communication is possible.

  Therefore, for example, using a communication terminal that can be used by multiple people, such as a personal computer at a company, or a personal communication terminal that has been stolen, a third party can impersonate an authorized user and receive services. There is a problem such as.

  In order to solve such a problem, a technique has been proposed in which a service providing terminal performs biometric authentication using biometric information and provides a service to a user when biometric authentication is successful ( For example, see the following Patent Document 1.)

JP 2007-172431 A

  By the way, in a company or the like, there may be a case where a schedule management application that collectively manages a schedule of a plurality of persons is used, and biometric authentication using the biometric information of the person is required when inputting a personal schedule. However, even if you want someone else to input your personal schedule for some reason, the biometric authentication required by the application is not successful with other people's biometric information, so you can not ask others to enter the schedule. Such a problem may occur.

  Therefore, the present invention has been made in view of the above problems, and the object of the present invention is, without any loss of security strength and convenience, when execution is restricted by biometric authentication. An object of the present invention is to provide an information processing apparatus, a proxy authority granting method, a program, and an information processing system capable of granting a proxy authority for substituting a part of authority owned by itself to another person.

  In order to solve the above problems, according to an aspect of the present invention, biological information that is information unique to the living body extracted from biological imaging data obtained by imaging a part of the living body is registered in advance. A biometric authentication unit that authenticates the biometric information based on a template that is biometric information, and the biometric information that has been successfully authenticated by the biometric authentication unit. A service execution unit that executes a service in accordance with the authority associated with the template, and a proxy authority for the other template to delegate at least part of the authority associated with the one template. Attribute certificate that includes an authority granting section to be granted to a template and proxy authority information that is information relating to the authority that the template to which the proxy authority is granted can be delegated It generates a write, and the attribute certificate generation unit associating the attribute certificate to the template that the proxy Privileged, information processing apparatus including a is provided.

  According to such a configuration, the biometric authentication unit includes biometric information that is information unique to a living body extracted from biometric image data obtained by imaging a part of the living body, and a template that is biometric information registered in advance. Based on the above, biometric information is authenticated. In addition, the service execution unit executes the service on the biometric information successfully authenticated by the biometric authentication unit according to the authority associated with the template corresponding to the biometric information that has been successfully authenticated. In addition, the authority granting section grants, to another template, proxy authority for another template to substitute at least part of the authority associated with one template. In addition, the attribute certificate generation unit generates an attribute certificate including proxy authority information, which is information related to the authority that can be delegated by the template to which proxy authority has been granted, and the attribute certificate for the template to which proxy authority has been granted. Associate.

  The attribute certificate generation unit generates the attribute certificate including a serial number assigned to a qualified certificate associated with the template to which the proxy authority is granted and the proxy authority information, and the proxy certificate It is preferable to add a digital signature to the generated attribute certificate using a private key corresponding to a qualified certificate associated with a template to which authority has been granted.

  The information processing apparatus, when the attribute certificate is associated with the template corresponding to the biometric information that has been successfully authenticated, authority to verify the authority associated with the template based on the attribute certificate A verification unit may be further provided.

  The authority verification unit verifies the digital signature using a public key corresponding to the digital signature added to the attribute certificate, and the service execution unit, when the verification of the digital signature is successful, It is preferable to allow the execution of the proxy authority described in the attribute certificate to the template to which the attribute certificate is added.

  Moreover, in order to solve the said subject, according to another viewpoint of this invention, it is the information intrinsic | native to the said biological body extracted from the biological imaging data obtained by imaging a part of an authorized person's biological body. Based on biological information and a template that is biological information registered in advance, a step of authenticating the biometric information of the authorized person, and a biological image obtained by imaging a part of the ecology of the authorized agent And authenticating the biometric information extracted from the data, and information related to the authority associated with the template corresponding to the authority agent among the authorities associated with the template corresponding to the authority Generating an attribute certificate including proxy authority information, and associating the attribute certificate with a template corresponding to the proxy authority, It is subjected.

  In order to solve the above problem, according to still another aspect of the present invention, a computer having an imaging function for imaging a part of a living body and generating biological imaging data that is imaging data of the biological body is provided. An authentication processing function for authenticating the biometric information based on biometric information extracted from the biometric image data and biometric information that is unique to the biometric and a template that is biometric information registered in advance. For the successful biometric information, a service execution function for executing a service according to the authority associated with the template corresponding to the biometric information that has been successfully authenticated, and at least the authority associated with the one template An authority granting function for granting a substitute authority for the other template to substitute for the other template, and the substitute authority An attribute certificate generation function that generates an attribute certificate including proxy authority information, which is information about authority that can be delegated by the template, and associates the attribute certificate with the template to which the proxy authority is granted is realized. A program is provided.

  In order to solve the above-described problem, according to still another aspect of the present invention, biological information that is information unique to the living body extracted from biological imaging data obtained by imaging a part of the living body, and The biometric authentication unit authenticates the biometric information based on a template that is biometric information registered in advance and a service providing server that can communicate via a predetermined network. A service start request unit that requests the start of service provision according to the authority associated with the template corresponding to the biometric information that has been successfully authenticated, and at least a part of the authority associated with the one template An authority granting unit that grants a proxy authority for the template to the other template and a template to which the proxy authority is granted An information processing apparatus is provided that includes an attribute certificate that includes proxy authority information that is information related to a valid authority, and an attribute certificate generation unit that associates the attribute certificate with a template to which the proxy authority is granted Is done.

  According to such a configuration, the biometric authentication unit includes biometric information that is information unique to a living body extracted from biometric image data obtained by imaging a part of the living body, and a template that is biometric information registered in advance. Based on the above, biometric information is authenticated. In addition, the service start request unit provides a service according to the authority associated with the template corresponding to the biometric information successfully authenticated by the biometric authentication unit to a service providing server that can communicate via a predetermined network. Request to start. In addition, the authority granting section grants, to another template, proxy authority for another template to substitute at least part of the authority associated with one template. In addition, the attribute certificate generation unit generates an attribute certificate including proxy authority information, which is information related to the authority that can be delegated by the template to which proxy authority has been granted, and the attribute certificate for the template to which proxy authority has been granted. Associate.

  In order to solve the above problem, according to still another aspect of the present invention, a computer having an imaging function for imaging a part of a living body and generating biological imaging data that is imaging data of the biological body is provided. An authentication processing function for authenticating the biometric information based on biometric information extracted from the biometric image data and biometric information that is unique to the biometric and a template that is biometric information registered in advance. A service start request function for requesting a service providing server capable of communicating via a network to start providing a service according to an authority associated with the template corresponding to the biometric information that has been successfully authenticated; Delegate authority for the other template to delegate at least part of the authority associated with the template. An attribute certificate including an authority granting function to be granted and proxy authority information that is information relating to an authority that the template to which the proxy authority is granted can be delegated, and the attribute certificate for the template to which the proxy authority is granted An attribute certificate generation function for associating a certificate is provided.

  In order to solve the above-described problem, according to still another aspect of the present invention, biological information that is information unique to the living body extracted from biological imaging data obtained by imaging a part of the living body, and The biometric authentication unit authenticates the biometric information based on a template that is biometric information registered in advance and a service providing server that can communicate via a predetermined network. A service start request unit that requests the start of service provision according to the authority associated with the template corresponding to the biometric information that has been successfully authenticated, and at least a part of the authority associated with the one template An authority granting unit that grants a proxy authority for the template to the other template and a template to which the proxy authority is granted An information processing apparatus comprising: an attribute certificate that includes proxy authority information that is information related to the right to generate, and associates the attribute certificate with a template to which the proxy authority is granted; and A service providing server comprising a service execution unit that executes a service in response to the authority associated with the template corresponding to the biometric information that has been successfully authenticated with respect to the biometric information that has been successfully biometrically authenticated by the information processing apparatus And an information processing system is provided.

  As described above, according to the present invention, when a restriction is imposed on execution by biometric authentication, a proxy authority for substituting a part of the authority that the user owns without impairing the security strength and convenience. Can be given to others.

It is explanatory drawing for demonstrating a qualified certificate and an attribute certificate. It is a block diagram for demonstrating the structure of the information processing apparatus which concerns on the 1st Embodiment of this invention. It is explanatory drawing for demonstrating a qualified certificate. It is explanatory drawing for demonstrating an attribute certificate. It is a flowchart for demonstrating the authorization method which concerns on the embodiment. It is a flowchart for demonstrating the personal authentication method which concerns on the embodiment. It is a flowchart for demonstrating the authority verification method which concerns on the embodiment. It is a block diagram for demonstrating the structure of the information processing apparatus which concerns on the 2nd Embodiment of this invention. It is a block diagram for demonstrating the structure of the service provision server which concerns on the embodiment. It is a flowchart for demonstrating the authorization method which concerns on the embodiment. It is a flowchart for demonstrating the personal authentication method which concerns on the embodiment. It is a flowchart for demonstrating the authority verification method which concerns on the embodiment. It is a flowchart for demonstrating the mutual authentication method which concerns on the embodiment. It is a block diagram for demonstrating the hardware constitutions of the information processing apparatus which concerns on embodiment of this invention.

  Exemplary embodiments of the present invention will be described below in detail with reference to the accompanying drawings. In addition, in this specification and drawing, about the component which has the substantially same function structure, duplication description is abbreviate | omitted by attaching | subjecting the same code | symbol.

The description will be made in the following order.
(1) Qualifying certificate and attribute certificate (2) First embodiment (2-1) Information processing apparatus configuration (2-2) Proxy authority granting method (2-3) Proxy authority verification method (3) Second embodiment (3-1) About configuration of information processing apparatus (3-2) About configuration of service providing server (3-3) About proxy authority granting method (3-4) About proxy authority verification method (4) Hardware configuration of information processing apparatus according to the embodiment of the present invention (5) Summary

<About qualified certificates and attribute certificates>
Prior to describing the information processing apparatus and the proxy authority grant method according to the first embodiment of the present invention, first, with reference to FIG. 1, qualified certificates and attributes used by the information processing apparatus according to the embodiment of the present invention. The certificate will be described in detail.

Biometric authentication is performed on a user who uses an information processing apparatus according to an embodiment of the present invention when using a service provided by the information processing apparatus. Therefore, the user of the information processing apparatus registers biometric information, which is information unique to his / her own living body, as a template 171 in advance in the information processing apparatus or the like. For example, as shown in FIG. 1, when there are two users, user A and user B, the biometric information of user A and user B is registered in the information processing apparatus or the like as tmp _A and tmp _B , respectively. Is done.

  Further, for example, as shown in FIG. 1, an electronic certificate 173 called a qualified certificate is associated with the registered template 171. A Qualified Certificate (QC) is a public key certificate defined as RFC3739 in the Internet Engineering Task Force (IETF). This qualified certificate is a certificate in which various conditions necessary for an individual to be legally recognized are listed for natural persons (individuals).

Since the qualified certificate is a kind of public key certificate, the qualified certificate is associated with a key pair composed of the public key K _pub and the private key K _pri generated according to a predetermined method. In addition, a digital signature is added to the qualified certificate by the certificate authority 12 to which the public key certificate 175 is assigned.

  Here, the certificate authority (CA) 12 is a server that proves the identity of the user. The certificate authority 12 generates a public key certificate for certifying an information processing apparatus that has requested proof of identity via a predetermined communication network, or a predetermined certificate for a qualified certificate generated by the information processing apparatus. Or add a digital signature. Further, the certificate authority 12 stores the above-described certificate with the digital signature added thereto in a predetermined directory or the like of its own device, and discloses the stored certificate upon request.

  A public key certificate (Public Key Certificate: PKC) is generated using a public key infrastructure (PKI). The public key certificate 175 is obtained by adding a digital signature to a user ID (Identification) such as a user's name, MAC address or mail address, and a public key corresponding to the user ID. The digital signature is generated by encrypting fixed-length data such as a hash value derived from a user ID and a public key using a one-way function using a signature private key.

Note that the above-described key pair (public key K _pub and secret key K _pri ) is held in an environment with enhanced security. Examples of environments with enhanced security include, for example, a security chip with tamper resistance, a server with a predetermined security level, and the like. Moreover, the key pair corresponding to each person may be stored in a different security chip or the like, and may be stored in the same security chip or the like as long as the management is performed for each user.

  In the embodiment according to the present invention, the personal authentication is performed using a qualified certificate. Since a template is associated with a qualified certificate as described above, a device that performs personal authentication (in other words, a device that performs biometric authentication) by referring to the qualified certificate, A template can be acquired. In addition, since the qualified certificate also functions as a public key certificate as described above, when a template, which is biometric information, is stored in an external device such as an authentication server, between the server and the device that performs authentication. Mutual authentication can be performed.

  Here, consider a case where the user B acts on behalf of the authority of the user A. As an example of such a case, for example, a user B can fill in a schedule on behalf of the user A in the schedule column of the user A in the schedule management application. At this time, the user A needs to give a part of the authority held by the user A to the user B. In the following explanation, a person who grants a part of his / her authority to another person and permits the other person to perform the authority is called a substitute authority grantor or an authority granter. I will do it. Similarly, a person who is granted a part of authority of another person and exercises authority on behalf of the other person is referred to as an authority agent.

  In the example illustrated in FIG. 1, a case where the user A grants part of the authority that the user A has as an authority to the user B is illustrated. In this case, the user A issues to the user B an attribute certificate 177 in which information related to authority that the user B can substitute is described. An attribute certificate (AA) according to an embodiment of the present invention describes an authority of the authority, and the authority grants the attribute certificate with its own private key. And guarantees completeness. The attribute certificate 177 is associated with the qualified certificate 173 of the authorized agent, and when the authorized agent exercises the authorized authority, the user is authenticated based on the associated qualified certificate 173 to obtain the authorized authority. Can be exercised.

(First embodiment)
<Configuration of information processing device>
Next, the configuration of the information processing apparatus according to the first embodiment of the present invention that realizes the granting of proxy authority will be described in detail with reference to FIG. FIG. 2 is a block diagram for explaining the configuration of the information processing apparatus according to the present embodiment.

  The information processing device 10 is, for example, a device such as a portable information terminal, a mobile phone, a portable game machine, a portable music player, a personal computer, or an information home appliance, and the information processing device 10 depends on the functions of these devices. A predetermined service is provided to the user. The information processing apparatus 10 further includes a function for imaging a living body as described below, and a biometric authentication function for performing authentication using biometric information extracted from the imaging result of the living body. The information processing apparatus 10 can use this biometric authentication function for user confirmation when performing a service that can be provided by the apparatus itself.

  In the following description, vein authentication is taken as an example of biometric authentication. However, the present invention is not limited to vein authentication alone, and can be applied to various other biometric authentications such as fingerprint authentication, face authentication, and iris authentication.

  For example, as illustrated in FIG. 2, the information processing apparatus 10 according to the present embodiment mainly includes a biometric authentication unit 101, a service providing unit 103, an authority setting unit 105, an input unit 107, a storage unit 141, and a secure memory 143. .

  The biometric authentication unit 101 extracts biometric information, which is information unique to a living body, from biometric image data obtained by imaging a part of the living body, and is the extracted biometric information and pre-registered biometric information. It is a processing unit that performs biometric information authentication based on the template. For example, as illustrated in FIG. 1, the biometric authentication unit 101 includes an imaging unit 111, an imaging control unit 113, a vein information extraction unit 115, an authentication processing unit 117, and a qualified certificate verification unit 119. .

  The imaging unit 111 includes a light source unit that irradiates near-infrared light having a predetermined wavelength band with respect to a body surface BS that is a part of a living body, an optical system including an imaging element and an optical element such as a lens, including.

  Near-infrared light is highly permeable to body tissues, but is absorbed by hemoglobin in the blood (reduced hemoglobin), so when irradiating near-infrared light on the fingers, palms and back of the hand, The veins distributed inside the fingers, palms and back of the hand appear in the image as shadows. The shadow of the vein that appears in the image is called the vein pattern. In order to image such a vein pattern satisfactorily, a light source unit such as a light emitting diode irradiates near infrared light having a wavelength of about 600 nm to 1300 nm, preferably about 700 nm to 900 nm.

  Here, when the wavelength of near-infrared light emitted by the light source unit is less than 600 nm or more than 1300 nm, the proportion absorbed by hemoglobin in the blood is small, and it is difficult to obtain a good vein pattern. Become. Further, when the wavelength of near infrared light emitted from the light source unit is about 700 nm to 900 nm, the near infrared light is specifically absorbed by both deoxygenated hemoglobin and oxygenated hemoglobin. A good vein pattern can be obtained.

  Near-infrared light emitted from the light source unit propagates toward the body surface BS, and enters the inside from the side surface of the living body as direct light. Here, since the human body is a good scatterer of near-infrared light, the direct light entering the living body propagates while being scattered in all directions. Near-infrared light transmitted through the living body is incident on an optical element constituting the optical system.

  The optical system that forms the imaging unit 111 includes one or more optical elements and one or more imaging elements.

  It is known that the human skin has a three-layer structure of an epidermis layer, a dermis layer, and a subcutaneous tissue layer, but a vein layer in which a vein exists exists in the dermis layer. The dermis layer is a layer present at a thickness of about 2 mm to 3 mm from a position of about 0.1 mm to 0.3 mm with respect to the finger surface. Therefore, by setting the focal position of an optical element such as a lens at the position where such a dermis layer is present (for example, a position of about 1.5 mm to 2.0 mm from the finger surface), the transmitted light transmitted through the vein layer can be reduced. It is possible to collect light efficiently.

  The transmitted light that has passed through the vein layer collected by the optical element is imaged on an image sensor such as a CCD or CMOS, and becomes vein image data. The generated vein imaging data is transmitted to the vein information extraction unit 115 described later.

  The imaging control unit 113 is realized by, for example, a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like. The imaging control unit 113 controls the light source unit, the optical system, and the imaging device to generate vein imaging data.

  The imaging control unit 113 causes the vein information extraction unit 115 described later to output imaging data generated by the imaging element. Note that the generated imaging data may be an RGB (Red-Green-Blue) signal, or image data of other colors or gray scales.

  The vein information extraction unit 115 is realized by a CPU, a ROM, a RAM, and the like, for example. The vein information extraction unit 115 extracts vein information including information indicating the vein pattern from the vein imaging data based on the vein imaging data transmitted from the imaging unit 111. More specifically, the vein information extraction unit 115 has a function of performing vein pattern extraction preprocessing on vein imaging data, a function of extracting vein patterns from the preprocessed vein imaging data, and veins. And a function of performing post-processing of pattern extraction.

  The pre-processing of vein pattern extraction is, for example, processing for detecting the contour of a finger from an image (vein image) represented by vein imaging data and identifying where the finger is located in the vein image, This includes processing for rotating the captured image using it and correcting the angle of the captured image.

  The vein pattern is extracted by applying a difference filter to the captured image for which the contour detection and angle correction have been completed. The difference filter is a filter that outputs a large value as an output value at a portion where the difference between the pixel of interest and the surrounding pixels is large between the pixel of interest and the surrounding pixels. In other words, the difference filter is a filter that emphasizes lines and edges in an image by calculation using a difference between a pixel of interest and a gradation value in the vicinity thereof.

  In general, when filter processing is performed on image data u (x, y) having a lattice point (x, y) on a two-dimensional plane as a variable using a filter h (x, y), the following formula 1 As shown in FIG. 4, image data ν (x, y) is generated. Here, in the following formula 1, “*” represents a convolution (convolution).

・・・（式１）

... (Formula 1)

  In the extraction of the vein pattern according to the present embodiment, a differential filter such as a primary spatial differential filter or a secondary spatial differential filter may be used as the differential filter. The primary spatial differential filter is a filter that calculates a difference between gradation values of adjacent pixels in the horizontal direction and the vertical direction for the pixel of interest, and the secondary spatial differential filter is the pixel of interest. Is a filter that extracts a portion where the amount of change in the difference in gradation value is large.

  As the second-order spatial differential filter, for example, the following Log (Laplacian of Gaussian) filter can be used. The Log filter (Equation 3) is expressed by the second derivative of a Gaussian filter (Equation 2) that is a smoothing filter using a Gaussian function. Here, in Expression 2 below, σ represents a standard deviation of a Gaussian function, and is a variable representing the degree of smoothing of the Gaussian filter. In addition, σ in Equation 3 below is a parameter that represents the standard deviation of the Gaussian function as in Equation 2, and by changing the value of σ, the output value when the Log filter processing is performed can be changed. it can.

・・・（式２）

・・・（式３）

... (Formula 2)

... (Formula 3)

  Further, the post-processing of vein pattern extraction includes, for example, threshold processing, binarization processing, thinning processing, and the like performed on the captured image after application of the difference filter. Through such post-processing, it is possible to extract a skeleton of a vein pattern.

  The vein information extraction unit 115 transmits vein information including the vein pattern extracted in this way to an authentication processing unit 117 and the like described later.

  The authentication processing unit 117 is realized by a CPU, a ROM, a RAM, and the like, for example. When the vein information is transmitted from the vein information extraction unit 115, the authentication processing unit 117 sends a template to be compared with the transmitted vein information to the qualified certificate verification unit 119 described later prior to the vein information authentication process. Request verification of associated eligibility certificates. When the qualified certificate verification unit 119 transmits a message indicating that the verification of the corresponding qualified certificate has failed, the authentication processing unit 117 stops the process without executing the authentication process. Further, when a message indicating that the verification of the qualified certificate is successful is transmitted from the qualified certificate verifying unit 119, information indicating the location of the template described in the qualified certificate is referred to, and a template used for the authentication process will be described later. Obtained from the secure memory 143. Thereafter, the authentication processing unit 117 performs authentication of the vein information by comparing the vein information transmitted from the vein information extraction unit 115 with the acquired template.

  More specifically, the vein information authentication unit 117 compares the template acquired from the secure memory 143 with the vein information transmitted from the vein information extraction unit 115. The comparison between the template and the transmitted vein information can be executed based on the calculated correlation coefficient, for example, by calculating a correlation coefficient as shown below. The authentication processing unit 117 determines that authentication of the transmitted vein information is successful when the template and the transmitted vein information are similar as a result of the comparison, and fails when the template is not similar. Judge that

The correlation coefficient is defined by Equation 4 below, and is a statistical index indicating the similarity between two data x = {x _i }, y = {y _i }, and is from −1 to 1 Take real values up to. When the correlation coefficient indicates a value close to 1, it indicates that the two data are similar. When the correlation coefficient indicates a value close to 0, the two data indicate that they are not similar. Show. Further, when the correlation coefficient shows a value close to -1, the case where the signs of the two data are inverted is shown.

・・・（式４）

：データｘの平均値

：データｙの平均値

... (Formula 4)

: Average value of data x

: Average value of data y

  The authentication processing unit 117 may record the authentication result in the storage unit 141, the secure memory 143, or the like as an authentication history in association with the authentication time. By generating such an authentication history, it becomes possible to know who requested the vein pattern authentication and who used the information processing apparatus 10.

  The qualified certificate verification unit 119 is realized by, for example, a CPU, a ROM, a RAM, and the like. When the certification processing unit 117 requests the certification processing unit 117 to verify the certification certificate associated with the template to be verified with the vein information processed by the certification processing unit 117, the certification processing unit 117 becomes a processing target. A certificate is acquired from the secure memory 143. Thereafter, the qualified certificate verification unit 119 verifies the acquired qualified certificate. The qualified certificate is a kind of public key certificate generated in accordance with the profile as shown in FIG. 3, and the qualified certificate includes information (location information) on the location where the biometric information is stored. Is described.

  Specifically, the qualified certificate verification unit 119 decrypts the digital signature added to the qualified certificate using the public key corresponding to the qualified certificate, and obtains the decrypted result of the qualified certificate. Check against fixed-length data derived from the content. If the content of the qualified certificate does not match the fixed-length data, a mismatch between the two means that the qualified certificate has been altered and the content of the qualified certificate has been changed. 119 determines that the verification has failed. When the content of the qualified certificate matches the fixed length data, the qualified certificate verification unit 119 determines that the verification of the qualified certificate has succeeded.

  When the verification result of the qualified certificate is confirmed, the qualified certificate verification unit 119 transmits the obtained verification result to the authentication processing unit 117.

Next, the configuration of the service providing unit 103 will be described in detail.
The service providing unit 103 provides a predetermined service to the user of the information processing apparatus 10 according to a control signal based on a user operation transmitted from the input unit 107 described later. An example of this service is a service realized by executing a predetermined program stored in the storage unit 141 or the like. For example, as illustrated in FIG. 2, the service providing unit 103 includes a service execution unit 121 and an authority verification unit 123.

  The service execution unit 121 is realized by, for example, a CPU, a ROM, a RAM, and the like. The service execution unit 121 starts execution of a predetermined program or the like according to a control signal transmitted from the input unit 107 described later, and provides a predetermined service to the user of the information processing apparatus 10.

  More specifically, when a service execution start is requested, the service execution unit 121 requests the biometric authentication unit 101 to perform biometric authentication of the user who requested the service execution start. When the fact that the biometric authentication has failed is transmitted from the biometric authentication unit 101, the service execution unit 121 does not start execution of a program or the like for providing a service, and stops the processing. Further, when the fact that the biometric authentication is successful is transmitted from the biometric authentication unit 101, the authority verification unit 123, which will be described later, is requested to verify the authority possessed by the user corresponding to the biometric information that has succeeded in the biometric authentication. Thereafter, the service execution unit 121 provides a predetermined service to the user who has requested the start of execution of the service in accordance with the authority verification result transmitted from the authority verification unit 123.

  The authority verification unit 123 is realized by a CPU, a ROM, a RAM, and the like, for example. In response to the authority verification request transmitted from the service execution unit 121, the authority verification unit 123 verifies the authority held by the user corresponding to the biometric information that has been successfully biometrically authenticated.

  More specifically, the authority verification unit 123 determines whether or not an attribute certificate described later is associated with a template corresponding to biometric information that has been successfully biometrically authenticated. If the attribute certificate is not associated with the template corresponding to the biometric information that has succeeded in the biometric authentication, the authority verification unit 123 displays the information on the authority of the user corresponding to the biometric information that has succeeded in the biometric authentication as a service. The data is transmitted to the execution unit 121.

  If the attribute certificate is associated with the template corresponding to the biometric information that has been successfully biometrically authenticated, the authority verification unit 123 performs the following processing. That is, the authority verification unit 123 verifies the digital signature added to the attribute certificate using the public key corresponding to the digital signature. If verification of the digital signature fails, the authority verification unit 123 transmits the authority held by the user corresponding to the biometric information that has been successfully biometrically authenticated to the service execution unit 121. In addition, when the verification of the digital signature is successful, the authority verification unit 123, in addition to the authority that the user himself / herself corresponding to the biometric information that has succeeded in the biometric authentication has, the proxy authority described in the attribute certificate, It transmits to the service execution part 121 as a user's authority. Details of the attribute certificate verification processing will be described later in detail.

Next, the configuration of the authority setting unit 105 will be described in detail.
The authority setting unit 105 sets proxy authority for other users specified by the user who performed the user operation in response to a control signal based on the user operation transmitted from the input unit 107 described later. The authority setting unit 105 includes, for example, an authority assigning unit 131 and an attribute certificate generating unit 133 as illustrated in FIG.

  The authority grant unit 131 is realized by a CPU, a ROM, a RAM, and the like, for example. The authority granting unit 131 assigns a proxy authority for another user designated by the user who performed the user operation to perform at least a part of the authority associated with the template corresponding to the user who performed the user operation. To a template corresponding to the user.

  Specifically, when the control signal based on the user operation is transmitted from the input unit 107, the authority granting unit 131 requests the biometric authentication unit 101 to authenticate the user. Thereafter, the authority granting unit 131 causes the display unit (not shown) to display a list of authorities possessed by the user who has performed the user operation and a designation field for a user who wishes to be given proxy authority.

  When a user who grants proxy authority and the proxy authority are transmitted via the input unit 107, the authority grant unit 131 transmits information regarding the transmitted user authority and proxy authority (hereinafter referred to as proxy authority information). .) Is transmitted to the attribute certificate generation unit 133 described later. Further, when the fact that generation of the attribute certificate is completed is transmitted from the attribute certificate generation unit 133, the authority granting unit 131 associates the generated attribute certificate with the designated user template.

  The attribute certificate generation unit 133 is realized by a CPU, a ROM, a RAM, and the like, for example. The attribute certificate generation unit 133 generates an attribute certificate based on the proxy authority information transmitted from the authority grant unit 131. The attribute certificate is, for example, a certificate having a profile as shown in FIG. 4, and a digital signature is added by an attribute certificate generation organization (in this embodiment, a user who grants proxy authority). For example, as shown in FIG. 4, various types of information can be described in the attribute certificate, but the attribute certificate generation unit 133 is information regarding the proxy authority that the authority grants to the authority agent. And the serial number of the qualified certificate corresponding to the authorized agent. Further, the attribute certificate generation unit 133 may describe the attribute certificate to be generated together with information on the qualified certificate corresponding to the authority (for example, the serial number of the qualified certificate). This makes it possible for a third party who has referred to the attribute certificate to know the existence of a qualified certificate associated with the attribute certificate. Can be grasped.

  In addition, the attribute certificate generation unit 133 may describe information such as the title of the attribute certificate and the title and personal information related to the authority agent as necessary for the attribute certificate.

  Upon completion of the generation of the attribute certificate, the attribute certificate generation unit 133 adds a digital signature to the generated attribute certificate using the private key corresponding to the public key associated with the authorized person's qualified certificate. To do. After that, the attribute certificate generation unit 133 associates the attribute certificate with the digital signature with the authority proxy template and stores it in the secure memory 143 or the like.

  The input unit 107 is realized by, for example, a CPU, a ROM, a RAM, an input device, and the like. When the user operates the input device included in the information processing apparatus 10 and inputs a predetermined operation, the input unit 107 converts the input operation into a predetermined control signal, and goes to a processing unit for realizing the user operation. Send a control signal.

  For example, consider a case where the user inputs an operation for requesting the information processing apparatus 10 to start providing a service to the information processing apparatus 10. At this time, the input unit 107 displays a message on a display unit (not shown) so that a part of a living body such as a finger is placed at a predetermined location, and then sends a predetermined control signal to the service execution unit 121. Transmit to.

  On the other hand, let us consider a case where the user inputs an operation for allowing another user to act on behalf of the authority related to the service provided by the information processing apparatus 10. At this time, the input unit 107 displays a message on a display unit (not shown) so that a part of a living body such as a finger is placed at a predetermined location, and then sends a predetermined control signal to the authority granting unit 131. Transmit to.

  The storage unit 141 appropriately records various parameters, the progress of processing, or various databases that need to be saved when the information processing apparatus 10 according to the present embodiment performs some processing. The The storage unit 141 can be freely read and written by each processing unit of the information processing apparatus 10.

  The secure memory 143 is a storage unit having tamper resistance that the information processing apparatus 10 has. The secure memory 143 stores a tamper resistant program such as a program for protecting the secure memory 143 from unauthorized access or a program for erasing data in the secure memory 143 in response to unauthorized access. The information processing apparatus 10 according to the present embodiment manages the secure memory 143 in a state where the security level is higher than that of the storage unit 141 based on this tamper resistance program.

  The secure memory 143 stores a template used for biometric authentication processing, a secret key associated with the qualified certificate, and a qualified certificate. Further, the secure memory 143 may store information related to imaging conditions suitable for the user of the information processing apparatus 10.

  Heretofore, an example of the function of the information processing apparatus 10 according to the present embodiment has been shown. Each component described above may be configured using a general-purpose member or circuit, or may be configured by hardware specialized for the function of each component. In addition, the CPU or the like may perform all functions of each component. Therefore, it is possible to appropriately change the configuration to be used according to the technical level at the time of carrying out the present embodiment.

  It should be noted that a computer program for realizing each function of the information processing apparatus according to the present embodiment as described above can be produced and installed in a personal computer or the like. In addition, a computer-readable recording medium storing such a computer program can be provided. The recording medium is, for example, a magnetic disk, an optical disk, a magneto-optical disk, a flash memory, or the like. Further, the above computer program may be distributed via a network, for example, without using a recording medium.

<About proxy authority grant method>
Next, the proxy authority grant method according to this embodiment will be described in detail with reference to FIGS. 5 and 6. FIG. 5 is a flowchart for explaining the proxy authority granting method according to the present embodiment, and FIG. 6 is a flowchart for explaining the personal authentication method performed by the information processing apparatus according to the present embodiment.

  In order to exercise the rights granted to the user (for example, user A), it is necessary to confirm that the user A is himself. The information processing apparatus used by the user A can be confirmed by mutual authentication based on PKI (mutual authentication using QC), but the information processing apparatus is not always used by the user A itself. Absent. Therefore, in the information processing apparatus according to the present embodiment, the user A uses the authenticated information processing apparatus by performing biometric authentication using the biometric authentication template associated with the QC used for mutual authentication. I can confirm that. Thereby, the user A can exercise the rights granted to the user A in the information processing apparatus.

  Here, in order for the user B to act on behalf of the authority granted to the user A, the user A issues an attribute certificate (AC) to the user B. In the AC, the ID of the QC of the user B to be linked is embedded, and the authority that the user A has on behalf of the user B is also described. Further, the AC is digitally signed with a secret key that is paired with a public key disclosed by the user A's QC. As a result, the integrity of the AC itself can be verified by the public key of the QC of the user A. Further, the QC of the user A can be verified by the public key certificate (PKC) of the issuer CA.

  In the following, a method for granting proxy authority will be described in detail with reference to FIG.

First, when a control signal based on a user operation is transmitted from the input unit 107, the proxy authority granting unit 131 of the information processing apparatus 10 authenticates the identity of the authorizing person (hereinafter referred to as user A). A request is made to the biometric authentication unit 101 (step S101). This personal authentication process is performed by the biometric authentication unit 101 using the qualified certificate (QC _A ) of the user A who is the authority. The personal authentication process performed by the biometric authentication unit 101 will be described in detail later.

  When the fact that the user A's personal authentication has failed is transmitted from the biometric authentication unit 101, the authority granting unit 131 stops the proxy authority granting process. In addition, when the fact that user A's personal authentication is successful is transmitted from the biometric authentication unit 101, the authority granting unit 131 gives a list of authorities held by the user A and granting proxy authority to the display unit (not shown). The user's designation field etc. that want to be displayed are displayed. The user A who is an authority gives the designation of the authority agent (hereinafter referred to as user B) and the authority to be granted (step S103). It is transmitted to the authority granting unit 131 via 107.

When an authority agent is designated by the user A, the authority granting unit 131 displays on the display unit (not shown) that biometric authentication of the authority agent (user B) is performed, and causes the biometric authentication unit 101 to display. User B's identity authentication is requested (step S105). This personal authentication process is performed by the biometric authentication unit 101 using the qualified certificate (QC _B ) of the user B who is the authority substitute.

When the fact that the user B user authentication has failed is transmitted from the biometric authentication unit 101, the authority granting unit 131 stops the proxy authority granting process. When the fact that user B's personal authentication is successful is transmitted from the biometric authentication unit 101, the authority granting unit 131 refers to the qualified certificate (QC _B ) of the user _B and serializes the qualified certificate QC _B. A number is acquired (step S107).

  Subsequently, the authority assigning unit 131 transmits the proxy authority information and the acquired serial number of the qualified certificate of the user B to the attribute certificate generating unit 133. The attribute certificate generation unit 133 uses the transmitted proxy authority information and the serial number of the user B's qualified certificate to obtain the user B's attribute certificate (AC) according to the format shown in FIG. Generate (step S109).

  Next, the attribute certificate generation unit 133 acquires the private key of the user A who is the grantor from the secure memory 143 and the like, and adds a digital signature to the generated attribute certificate (AC) of the user B (Step) S111). As a result, when the user B acts on behalf of the user A, the information processing apparatus 10 can verify the safety of the attribute certificate of the user B.

Subsequently, the attribute certificate generation unit 133 associates the attribute certificate added with the digital signature with the user B's qualified certificate QC _B. Thereby, the information processing apparatus 10 can grasp that the user B has the authority to substitute by referring to the qualified certificate QC _B.

  As described above, in the proxy authority granting method according to the present embodiment, the information processing apparatus 10 has described the description regarding the proxy authority and the serial number of the qualified certificate of the authority proxy for the authority proxy. Generate an attribute certificate and associate the attribute certificate with the qualified certificate of the authorized agent. As a result, the authority granter can delegate at least a part of the authority that he / she has to the authority agent.

  Here, the personal authentication process performed by the information processing apparatus 10 according to the present embodiment will be described in detail with reference to FIG.

  When the biometric authentication unit 101 included in the information processing apparatus 10 according to the present embodiment is requested by each processing unit to execute personal authentication regarding a certain user, the biometric authentication unit 101 executes a personal authentication process as described below.

  First, when information for designating a user who wishes to perform personal authentication is transmitted from each processing unit that requests execution of personal authentication, the biometric authentication unit 101 transmits information for designating the acquired user. And transmitted to the qualified certificate verification unit 119. The qualified certificate verification unit 119 acquires the corresponding qualified certificate from the secure memory 143 or the like based on the transmitted information for designating the user, and verifies the acquired qualified certificate (step S201).

Specifically, the qualified certificate verification unit 119 decrypts the digital signature added to the qualified certificate QC using the public key K _pub corresponding to the qualified certificate, and the obtained decryption result is qualified. Check against fixed-length data derived from certificate contents. If the content of the qualified certificate does not match the fixed-length data, a mismatch between the two means that the qualified certificate has been altered and the content of the qualified certificate has been changed. 119 determines that verification of the qualified certificate has failed. When the content of the qualified certificate matches the fixed length data, the qualified certificate verification unit 119 determines that the verification of the qualified certificate has succeeded.

  Next, the imaging unit 111 of the biometric authentication unit 101 captures a part of the living body, generates biometric image data, and transmits the biometric image data to the vein information extraction unit 115. The vein information extraction unit 115 extracts biological information (more specifically, vein information) info from the transmitted biological imaging data (step S203), and transmits it to the authentication processing unit 117.

  Subsequently, the authentication processing unit 117 to which the biometric information info is transmitted receives the template tmp from the secure memory 143 based on the information specifying the template associated with the qualified certificate (hereinafter referred to as link information ptr). Obtain (step S205).

  Next, the authentication processing unit 117 performs biometric authentication processing using the acquired template tmp and the extracted biometric information info (step S207). If the authentication processing unit 117 determines that the extracted biometric information is similar to the template, the authentication processing unit 117 notifies the processing unit that has requested the execution of the personal authentication that the personal authentication has been successful. If it is determined that the extracted biometric information is not similar to the template, the processing unit that has requested the execution of the personal authentication is notified that the personal authentication has failed.

  Through the processing described above, the biometric authentication unit 101 according to the present embodiment can authenticate the specified user.

<About proxy authority verification method>
Next, the proxy authority verification method according to the present embodiment will be described in detail with reference to FIG. FIG. 7 is a flowchart for explaining the proxy authority verification method according to the present embodiment.

  In order for the user B to exercise his / her rights, it is necessary for the information processing apparatus used by the user B to confirm that the authority exerciser is the user B himself / herself. The information processing device used by the user B can be confirmed by mutual authentication based on PKI (mutual authentication using QC), but the information processing device is not always used by the user B itself. Absent. Therefore, the information processing apparatus according to the present embodiment uses the authenticated information processing apparatus by the user B by performing the mutual authentication using the biometric authentication template associated with the QC used for the mutual authentication. I can confirm that.

  In order for the user B to exercise the proxy authority given by the user A, it is necessary to verify the attribute certificate (AC) by the information processing apparatus. Since the attribute certificate includes the serial number of the certificate (PKC or QC) associated with this AC, the verification process is executed using these certificates. In the attribute certificate according to the present embodiment, the QC of the user B who has proxy authority is described, and the QC is verified. Next, the information processing apparatus 10 recognizes that the authority is the user A with reference to the AC. The information processing apparatus 10 verifies the QC of the user A, acquires a public key from the QC of the user A, and verifies the signature of the AC. As a result, the information processing apparatus 10 verifies that the user A who is the granting authority of the proxy guarantees the integrity of the AC in which the proxy authority is described. As a result, the user B himself / herself can exercise the proxy authority described in AC.

  The proxy authority verification method will be described in detail below with reference to FIG.

First, when a control signal based on a user operation is transmitted from the input unit 107, the service execution unit 121 of the information processing apparatus 10 performs a user operation (hereinafter referred to as a user B who is an authority agent). Is requested from the biometric authentication unit 101 (step S301). This personal authentication process is performed by the biometric authentication unit 101 using the qualified certificate (QC _B ) of the user B who is the authority substitute.

  When the fact that the user B user authentication has failed is transmitted from the biometric authentication unit 101, the service execution unit 121 stops the service providing process. In addition, when the fact that user B's personal authentication is successful is transmitted from the biometric authentication unit 101, the service execution unit 121 requests the authority verification unit 123 to verify the authority that the user B has.

  The authority verification unit 123 determines whether the attribute certificate is associated with the qualified certificate corresponding to the user B. When the authority verification unit 123 detects that the attribute certificate is associated with the qualified certificate corresponding to the user B, the authority verification unit 123 acquires the associated attribute certificate (AC) from the secure memory 143 or the like, and obtains the attribute certificate. Document verification is started (step S303).

The authority verification unit 123 refers to the acquired attribute certificate, acquires information about the authority grantor (that is, user A) that is the issuer of the attribute certificate, and qualifies the user A who is the authority granter. (QC _A ) is acquired from the secure memory 143 or the like. Subsequently, the authority verification unit 123 performs verification processing of the acquired user A's qualified certificate (step S305).

Subsequently, the authority verification unit 123 obtains the public key (K _pub ^A ) of the user A corresponding to the qualified certificate (QC _A ) of the user A who is the authority from the secure memory 143 (step S307). .

Next, the authority verification unit 123 uses the acquired public key of the user A (K _pub ^A ) for the digital signature of the attribute certificate (AC) associated with the qualifying certificate (QC _B ) of the user B. A verification process is performed (step S309).

  When the verification of the digital signature of the attribute certificate fails, the authority verification unit 123 notifies the service execution unit 121 to that effect, and only the authority owned by the user B (authorization excluding proxy authority) Is notified to the service execution unit 121. If the verification of the digital signature of the attribute certificate is successful, the authority verification unit 123 notifies the service execution unit 121 to that effect, and also the proxy authority described in the attribute certificate and the user B himself / herself Is notified to the service execution unit 121.

  Subsequently, the service execution unit 121 starts providing a service to the user B based on the information regarding the authority of the user B transmitted from the authority verification unit 123 (step S311).

  As described above, in the proxy authority verification method according to the present embodiment, after the authentication process of the user B who is the authority proxy, the attribute certificate associated with the qualified certificate of the user B is verified. I do. In the proxy authority verification method according to the present embodiment, only when the verification of the attribute certificate is successful, the proxy of the authority of the attribute certificate issuer (user A) is permitted to the user B. Since the verification of the attribute certificate includes a verification process for the user A who is the authority, the information processing apparatus 10 performs the verification for the authority agent after verifying the authority grantor and the authority agent. The exercise of authority will be permitted. As a result, in the information processing apparatus 10 according to the present embodiment, it is possible to prevent the use of proxy authority other than the authority proxy.

(Second Embodiment)
In the first embodiment of the present invention described above, the case where the device that provides the service and the device that performs various authentication processes are the same device has been described. In a second embodiment of the present invention described below, an information processing system includes an apparatus (information processing apparatus) that receives user operation and performs personal authentication and an apparatus that provides a service (service providing server). The case where it is configured will be described in detail.

<Configuration of information processing device>
First, the configuration of the information processing apparatus according to the present embodiment will be described in detail with reference to FIG. FIG. 8 is a block diagram for explaining the configuration of the information processing apparatus according to the present embodiment.

  For example, as illustrated in FIG. 8, the information processing apparatus 10 according to the present embodiment includes a biometric authentication unit 101, an authority setting unit 105, an input unit 107, a storage unit 141, and a secure memory 143. Furthermore, the information processing apparatus 10 according to the present embodiment includes a communication unit 151, a service start request unit 153, a mutual authentication processing unit 155, and a provided data acquisition unit 157.

  Here, the biometric authentication unit 101, the input unit 107, the storage unit 141, and the secure memory 143 according to the present embodiment have the same configuration as each processing unit according to the first embodiment of the present invention, and have the same effects. Detailed description will be omitted.

  The authority setting unit 105 according to the present embodiment includes an authority granting unit 131 and an attribute certificate generating unit 133 as illustrated in FIG. Here, the attribute certificate generation unit 133 according to the present embodiment has the same configuration as the attribute certificate generation unit 133 according to the first embodiment of the present invention, and has the same effect. Detailed description is omitted.

  In addition, the authority granting unit 131 according to the present embodiment is the first embodiment of the present invention, except that the authentication process of the authorizer and the authority agent is performed between the information processing apparatus 10 and the service providing server 20. It has the same configuration as that of the authority granting unit 131 and produces the same effect. For this reason, in the present embodiment, detailed description regarding the authority grant unit 131 is omitted. The proxy authority grant method performed by the authority setting unit 105 according to the present embodiment will be described in detail later.

  The communication unit 151 is realized by, for example, a CPU, a ROM, a RAM, a communication device, and the like. The communication unit 151 controls communication performed between the information processing apparatus 10 and the service providing server 20 via the communication network 14. Here, the communication network 14 is a communication line network that connects the information processing apparatus 10 and the service providing server 20 so as to be capable of bidirectional communication or one-way communication. Examples of the communication network 14 include the Internet and NGN (Next Generation Network).

  The service start request unit 153 is realized by a CPU, a ROM, a RAM, and the like, for example. When a control signal based on a user operation is transmitted from the input unit 107, the service start request unit 153 requests the service providing server 20 to start a service. Specifically, when a control signal based on a user operation is transmitted from the input unit 107, the service start request unit 153 transmits information about the user who performed the user operation to the service providing server 20, and starts the service. Request. The service providing server 20 requests the biometric authentication unit 101 to authenticate the user who performed the user operation. Further, the service start request unit 153 requests the mutual authentication processing unit 155 to perform mutual authentication with the service providing server 20 in the process of the personal authentication process by the biometric authentication unit 101.

The mutual authentication processing unit 155 is realized by a CPU, a ROM, a RAM, and the like, for example. The mutual authentication processing unit 155, and eligibility certificate when the device itself holds, using the public key certificate of the service providing server 20 service providing server 20 holds the (PKC _S), the own device and the service providing server 20 Mutual authentication process between. As a result, a safe communication path (secure path) is established between the information processing apparatus 10 and the service providing server 20. When the secure path is established, communication between the information processing apparatus 10 and the service providing server 20 is performed via the established secure path.

  The provided data acquisition unit 157 is realized by, for example, a CPU, a ROM, a RAM, and the like. The provided data acquisition unit 157 acquires data related to the service (hereinafter referred to as provided data) transmitted from the service providing server 20. The provided data acquisition unit 157 displays the acquired provided data on a display unit (not shown) of the device itself. Thereby, the user of the information processing apparatus 10 can use the service provided from the service providing server 20.

  Heretofore, an example of the function of the information processing apparatus 10 according to the present embodiment has been shown. Each component described above may be configured using a general-purpose member or circuit, or may be configured by hardware specialized for the function of each component. In addition, the CPU or the like may perform all functions of each component. Therefore, it is possible to appropriately change the configuration to be used according to the technical level at the time of carrying out the present embodiment.

  It should be noted that a computer program for realizing each function of the information processing apparatus according to the present embodiment as described above can be produced and installed in a personal computer or the like. In addition, a computer-readable recording medium storing such a computer program can be provided. The recording medium is, for example, a magnetic disk, an optical disk, a magneto-optical disk, a flash memory, or the like. Further, the above computer program may be distributed via a network, for example, without using a recording medium.

<About the configuration of the service providing server>
Next, the configuration of the service providing server according to the present embodiment will be described in detail with reference to FIG. FIG. 9 is a block diagram for explaining the configuration of the service providing server according to the present embodiment.

  For example, as illustrated in FIG. 9, the service providing server 20 according to the present embodiment includes a mutual authentication processing unit 201, a service execution unit 203, an authority verification unit 205, a communication unit 207, a storage unit 209, a secure And a memory 211.

The mutual authentication processing unit 201 is realized by a CPU, a ROM, a RAM, and the like, for example. The mutual authentication processing unit 201 uses the public key certificate held by the own device and the qualified certificate (QC _S ) held by the information processing device 10 to perform mutual authentication between the own device and the information processing device 10. Process. As a result, a safe communication path (secure path) is established between the service providing server 20 and the information processing apparatus 10.

  The service execution unit 203 is realized by a CPU, a ROM, a RAM, and the like, for example. The service execution unit 203 starts execution of a predetermined program or the like in response to a service start request transmitted from the information processing apparatus 10 and provides a predetermined service to the user of the information processing apparatus 10.

  More specifically, the service execution unit 203 requests the mutual authentication processing unit 201 to execute the mutual authentication process with the information processing device 10 when the information processing device 10 requests the service execution start. . In addition, when the mutual authentication process between the own apparatus and the information processing apparatus 10 is completed, the service execution unit 203 requests the information processing apparatus 10 to perform biometric authentication of the user who has requested start of execution of the service.

  When the fact that the biometric authentication has failed is transmitted from the information processing apparatus 10, the service execution unit 203 stops the process without starting execution of a program or the like for providing the service. When the information processing apparatus 10 transmits information indicating that biometric authentication is successful, it requests the authority verification unit 205 (to be described later) to verify the authority possessed by the user corresponding to the biometric information that has succeeded in biometric authentication. Thereafter, the service execution unit 203 provides a predetermined service to the information processing apparatus 10 according to the authority verification result transmitted from the authority verification unit 205.

  The authority verification unit 205 is realized by, for example, a CPU, a ROM, a RAM, and the like. In response to the authority verification request transmitted from the service execution unit 203, the authority verification unit 205 verifies the authority held by the user corresponding to the biometric information that has been successfully biometrically authenticated.

  More specifically, the authority verification unit 205 determines whether or not an attribute certificate described later is associated with a template corresponding to biometric information that has been successfully biometrically authenticated. When the attribute certificate is not associated with the template corresponding to the biometric information that has succeeded in biometric authentication, the authority verification unit 205 displays information on the authority of the user corresponding to the biometric information that has succeeded in biometric authentication. The data is transmitted to the execution unit 203.

  When the attribute certificate is associated with the template corresponding to the biometric information that has been successfully biometrically authenticated, the authority verification unit 205 performs the following processing. That is, the authority verification unit 205 requests the information processing apparatus 10 to transmit a corresponding attribute certificate, and acquires the attribute certificate from the information processing apparatus 10. In addition, the authority verification unit 205 verifies the digital signature added to the attribute certificate using a public key corresponding to the digital signature. If verification of the digital signature fails, the authority verification unit 205 transmits the authority of the user corresponding to the biometric information that has been successfully biometrically authenticated to the service execution unit 203. When the verification of the digital signature is successful, the authority verification unit 205 includes the authority that is included in the attribute certificate in addition to the authority of the user corresponding to the biometric information that has been successfully biometrically authenticated. This is transmitted to the service execution unit 203 as the user authority. Details of the attribute certificate verification processing will be described later in detail.

  The communication unit 207 is realized by, for example, a CPU, a ROM, a RAM, a communication device, and the like. The communication unit 207 controls communication performed between the service providing server 20 and the information processing apparatus 10 via the communication network 14.

  In the storage unit 209, various parameters that need to be saved when the service providing server 20 according to the present embodiment performs some processing, the progress of the processing, or various databases or the like are appropriately recorded. The The storage unit 209 can be freely read and written by each processing unit of the service providing server 20.

  The secure memory 211 is a storage unit having tamper resistance that the service providing server 20 has. The secure memory 211 stores a tamper resistant program such as a program for protecting the secure memory 211 from unauthorized access or a program for erasing data in the secure memory 211 in response to unauthorized access. The service providing server 20 according to the present embodiment manages the secure memory 211 in a state where the security level is higher than that of the storage unit 209 based on this tamper resistance program.

  The secure memory 211 also stores a public key certificate held by the service providing server 20 and a key pair composed of a public key and a private key associated with the public key certificate.

  Heretofore, an example of the function of the service providing server 20 according to the present embodiment has been shown. Each component described above may be configured using a general-purpose member or circuit, or may be configured by hardware specialized for the function of each component. In addition, the CPU or the like may perform all functions of each component. Therefore, it is possible to appropriately change the configuration to be used according to the technical level at the time of carrying out the present embodiment.

  It is possible to create a computer program for realizing each function of the service providing server according to the present embodiment as described above and mount the computer program on a personal computer or the like. In addition, a computer-readable recording medium storing such a computer program can be provided. The recording medium is, for example, a magnetic disk, an optical disk, a magneto-optical disk, a flash memory, or the like. Further, the above computer program may be distributed via a network, for example, without using a recording medium.

<About proxy authority grant method>
Next, the proxy authority grant method according to this embodiment will be described in detail with reference to FIGS. 10 and 11. FIG. 10 is a flowchart for explaining the proxy authority granting method according to the present embodiment, and FIG. 11 is a flowchart for explaining the personal authentication method performed by the information processing apparatus according to the present embodiment.

First, when a control signal based on a user operation is transmitted from the input unit 107, the proxy authority granting unit 131 of the information processing apparatus 10 authenticates the identity of the authorizing person (hereinafter referred to as user A). A request is made to the biometric authentication unit 101 (step S401). This personal authentication process is performed by the biometric authentication unit 101 using the qualified certificate (QC _A ) of the user A who is the authority. In the course of the personal authentication process by the biometric authentication unit 101, the mutual authentication processing unit 155 of the information processing apparatus 10 and the mutual authentication processing unit 201 of the service providing server 20 perform the eligibility certificate of the user A and the service providing server 20. Mutual authentication processing is performed using a public key certificate. The personal authentication process performed by the biometric authentication unit 101 will be described in detail later.

  When the fact that the user A's personal authentication has failed is transmitted from the biometric authentication unit 101, the authority granting unit 131 stops the proxy authority granting process. In addition, when the fact that user A's personal authentication is successful is transmitted from the biometric authentication unit 101, the authority granting unit 131 gives a list of authorities held by the user A and granting proxy authority to the display unit (not shown). The user's designation field etc. that want to be displayed are displayed. The user A who is the authority granter selects designation of the authority substitute (user B in the following description) and the substitute authority to be granted (step S403), and the substitute authority information is input to the input unit. It is transmitted to the authority granting unit 131 via 107.

When an authority agent is designated by the user A, the authority granting unit 131 displays on the display unit (not shown) that biometric authentication of the authority agent (user B) is performed, and causes the biometric authentication unit 101 to display. User B's identity authentication is requested (step S405). This personal authentication process is performed by the biometric authentication unit 101 using the qualified certificate (QC _B ) of the user B who is the authority substitute. This personal authentication process is also performed between the information processing apparatus 10 and the service providing server 20.

When the fact that the user B user authentication has failed is transmitted from the biometric authentication unit 101, the authority granting unit 131 stops the proxy authority granting process. When the fact that user B's personal authentication is successful is transmitted from the biometric authentication unit 101, the authority granting unit 131 refers to the qualified certificate (QC _B ) of the user _B and serializes the qualified certificate QC _B. A number is acquired (step S407).

  Subsequently, the authority assigning unit 131 transmits the proxy authority information and the acquired serial number of the qualified certificate of the user B to the attribute certificate generating unit 133. The attribute certificate generation unit 133 uses the transmitted proxy authority information and the serial number of the user B's qualified certificate to obtain the user B's attribute certificate (AC) according to the format shown in FIG. Generate (step S409).

  Next, the attribute certificate generation unit 133 acquires the private key of the user A who is the grantor from the secure memory 143 and the like, and adds a digital signature to the generated attribute certificate (AC) of the user B (Step) S411). Thereby, when the user B acts as the authority of the user A, the service providing server 20 can verify the safety of the attribute certificate of the user B.

Subsequently, the attribute certificate generation unit 133 associates the attribute certificate added with the digital signature with the user B's qualified certificate QC _B. Thereby, the information processing apparatus 10 and the service providing server 20 can grasp that the user B has the authority to substitute by referring to the qualified certificate QC _B.

  As described above, in the proxy authority granting method according to the present embodiment, the information processing apparatus 10 has described the description regarding the proxy authority and the serial number of the qualified certificate of the authority proxy for the authority proxy. Generate an attribute certificate and associate the attribute certificate with the qualified certificate of the authorized agent. As a result, the authority granter can delegate at least a part of the authority that he / she has to the authority agent.

  Here, the personal authentication process performed by the information processing apparatus 10 according to the present embodiment will be described in detail with reference to FIG.

  When the biometric authentication unit 101 included in the information processing apparatus 10 according to the present embodiment is requested by each processing unit to execute personal authentication regarding a certain user, the biometric authentication unit 101 executes a personal authentication process as described below.

  First, when information for designating a user who wishes to perform personal authentication is transmitted from each processing unit that requests execution of personal authentication, the biometric authentication unit 101 transmits information for designating the acquired user. And transmitted to the qualified certificate verification unit 119. The qualified certificate verification unit 119 acquires the corresponding qualified certificate from the secure memory 143 or the like based on the transmitted information for designating the user, and verifies the acquired qualified certificate (step S501).

Specifically, the qualified certificate verification unit 119 decrypts the digital signature added to the qualified certificate QC using the public key K _pub corresponding to the qualified certificate, and the obtained decryption result is qualified. Check against fixed-length data derived from certificate contents. If the content of the qualified certificate does not match the fixed-length data, a mismatch between the two means that the qualified certificate has been altered and the content of the qualified certificate has been changed. 119 determines that verification of the qualified certificate has failed. When the content of the qualified certificate matches the fixed length data, the qualified certificate verification unit 119 determines that the verification of the qualified certificate has succeeded.

Next, the mutual authentication processing unit 155 of the information processing apparatus 10 acquires a public key certificate (PKC _S ) from the service providing server 20 in order to perform mutual authentication with the service providing server 20, and acquires the acquired service. The public key certificate of the providing server 20 is verified (step S503). In addition, the mutual authentication processing unit 201 of the service providing server 20 acquires a qualified certificate (QC) from the information processing apparatus 10 and verifies the acquired qualified certificate (step S505).

  Note that the public key certificate verification process performed by the mutual authentication processing unit 155 of the information processing apparatus 10 is the same process as the qualified certificate verification process performed by the qualified certificate verification unit 119, and thus detailed processing is performed. Description is omitted.

  When the verification of the qualified certificate and the public key certificate ends normally, the mutual authentication processing unit 155 of the information processing apparatus 10 and the mutual authentication processing unit 201 of the service providing server 20 use the acquired public key certificate and qualified certificate. Utilizing this, mutual authentication processing is performed (step S507).

  When the mutual authentication process fails, the mutual authentication processing unit 155 of the information processing apparatus 10 transmits information indicating that the mutual authentication has failed to the biometric authentication unit 101, and the biometric authentication unit 101 stops the personal authentication process. When the mutual authentication process is successful, the mutual authentication processing unit 155 of the information processing apparatus 10 transmits information indicating that the mutual authentication has been successful to the biometric authentication unit 101, and the biometric authentication unit 101 performs processing described below. To implement.

  Next, the imaging unit 111 of the biometric authentication unit 101 captures a part of the living body, generates biometric image data, and transmits the biometric image data to the vein information extraction unit 115. The vein information extraction unit 115 extracts biological information (more specifically, vein information) info from the transmitted biological imaging data (step S509), and transmits it to the authentication processing unit 117.

  Subsequently, the authentication processing unit 117 to which the biometric information info is transmitted receives the template tmp from the secure memory 143 based on the information specifying the template associated with the qualified certificate (hereinafter referred to as link information ptr). Obtain (step S511).

  Next, the authentication processing unit 117 performs biometric authentication processing using the acquired template tmp and the extracted biometric information info (step S513). If the authentication processing unit 117 determines that the extracted biometric information is similar to the template, the authentication processing unit 117 notifies the processing unit that has requested the execution of the personal authentication that the personal authentication has been successful. If it is determined that the extracted biometric information is not similar to the template, the processing unit that has requested the execution of the personal authentication is notified that the personal authentication has failed.

  Through the processing described above, the biometric authentication unit 101 according to the present embodiment can authenticate the specified user.

<About proxy authority verification method>
Next, the proxy authority verification method according to the present embodiment will be described in detail with reference to FIG. FIG. 12 is a flowchart for explaining the proxy authority verification method according to this embodiment.

First, when a control signal based on a user operation is transmitted from the input unit 107, the service start request unit 153 of the information processing apparatus 10 is assumed to be a user who performs a user operation (hereinafter, a user B who is an authority agent). ) Is requested to the biometric authentication unit 101 (step S601). This personal authentication process is performed by the biometric authentication unit 101 using the qualified certificate (QC _B ) of the user B who is the authority substitute.

  When the fact that user B's personal authentication has failed is transmitted from the biometric authentication unit 101, the service start request unit 153 transmits that fact to the service providing server 20. The service execution unit 203 of the service providing server 20 stops the service providing process when the fact that the personal authentication has failed is transmitted. When the fact that user B's personal authentication is successful is transmitted from the biometric authentication unit 101, the service start request unit 153 determines whether an attribute certificate is associated with the eligible certificate corresponding to the user B. To do. When the service start request unit 153 detects that the attribute certificate is associated with the eligible certificate corresponding to the user B, the service start request unit 153 acquires the associated attribute certificate (AC) from the secure memory 143 or the like, The data is transmitted to the providing server 20 (step S603).

The authority verification unit 205 of the service providing server 20 starts the attribute certificate verification process while referring to the acquired attribute certificate (step S605). First, the authority verification unit 205 acquires information on an authority grantor (that is, user A) that is an issuer of the attribute certificate, and processes the qualified certificate (QC _A ) of the user A who is the authority granter. Obtained from the device 10 or the like. Subsequently, the authority verification unit 205 performs verification processing of the acquired user A's qualified certificate (step S607).

Subsequently, the authority verification unit 205 acquires the public key (K _pub ^A ) of the user A corresponding to the qualified certificate (QC _A ) of the user A who is the authority from the information processing apparatus 10 or the like (Step S609). ).

Next, the authority verification unit 205 uses the acquired public key (K _pub ^A ) of user A to verify the digital signature of the attribute certificate (AC) associated with the qualifying certificate (QC _B ) of user B. A verification process is performed (step S611).

  If verification of the digital signature of the attribute certificate fails, the authority verification unit 205 notifies the service execution unit 203 to that effect and only the authority that the user B himself has (authorization excluding proxy authority) Is notified to the service execution unit 203. In addition, when the verification of the digital signature of the attribute certificate is successful, the authority verification unit 205 notifies the service execution unit 203 to that effect, and the proxy authority described in the attribute certificate and the user B himself / herself Is notified to the service execution unit 203.

  Subsequently, the service execution unit 203 starts providing a service to the user B based on the information regarding the authority of the user B transmitted from the authority verification unit 205 (step S613).

  As described above, in the proxy authority verification method according to the present embodiment, after the authentication process of the user B who is the authority proxy, the attribute certificate associated with the qualified certificate of the user B is verified. I do. In the proxy authority verification method according to the present embodiment, only when the verification of the attribute certificate is successful, the proxy of the authority of the attribute certificate issuer (user A) is permitted to the user B. Since the verification of the attribute certificate includes verification processing for the user A who is the authority, the service providing server 20 performs verification for the authority agent after verifying the authority grantor and the authority agent. The exercise of authority will be permitted. As a result, in the information processing apparatus 10 and the service providing server 20 according to the present embodiment, it becomes possible to prevent the use of proxy authority other than the authority proxy.

  Next, the mutual authentication process executed in the information processing system according to the present embodiment will be described in detail with reference to FIG.

  First, the mutual authentication processing unit 155 of the information processing apparatus 10 acquires a public key certificate (PKC) held by the service providing server from the service providing server 20 (step 701). Also, the mutual authentication processing unit 201 of the service providing server 20 acquires a qualified certificate (QC) used for the mutual authentication processing from the information processing apparatus 10 (step S703).

  Next, the mutual authentication processing unit 155 of the information processing apparatus 10 refers to the acquired public key certificate of the server and generates the public key corresponding to the public key certificate based on predetermined data, random numbers, and the like. The message (hereinafter referred to as A message) is encrypted (step S705). Subsequently, the mutual authentication processing unit 155 of the information processing apparatus 10 transmits the encrypted message to the service providing server 20.

  On the other hand, the mutual authentication processing unit 201 of the service providing server 20 waits for data transmitted from the information processing apparatus 10. When the mutual authentication processing unit 201 receives the encrypted message transmitted from the information processing apparatus 10, the mutual authentication processing unit 201 decrypts the received encrypted message with the secret key concealed by the own apparatus 20, and obtains plaintext (A message) (step S707). .

  Next, the mutual authentication processing unit 201 of the service providing server 20 acquires the A message and the message (hereinafter referred to as B message) generated based on predetermined data, random numbers, and the like from the apparatus 10. Encryption is performed with the public key corresponding to the certificate (step S709). Subsequently, the secure path establishing unit 129 of the information processing apparatus 10B transmits the encrypted message to the information processing apparatus 10A.

  When the mutual authentication processing unit 155 of the information processing apparatus 10 receives the encrypted message returned from the service providing server 20, the mutual authentication processing unit 155 decrypts the received encrypted message with the secret key concealed by the own apparatus 10, and plaintext (A message and B message). ) Is acquired (step S711). Subsequently, the mutual authentication processing unit 155 determines whether or not the obtained plaintext includes the same A message generated by the own device 10 (step S713).

  Here, when the same message as the A message generated by the own device 10 does not exist in the plaintext, the mutual authentication processing unit 155 does not transmit the A message to the server 20 or obstructs communication with the server 20. Judge that there is a harmful effect such as the existence of something. As a result, the mutual authentication processing unit 155 of the information processing apparatus 10 determines that the mutual authentication has failed.

  On the other hand, if the same message as the A message generated by the own device 10 exists in the plaintext, the mutual authentication processing unit 155 determines that the communication partner is a regular communication partner, and relates to a common key to be used in subsequent communication. Information (hereinafter referred to as common key information) is generated. Subsequently, the mutual authentication processing unit 155 encrypts the generated common key information and the B message with a public key corresponding to the public key certificate of the service providing server 20 (step S715). Subsequently, the mutual authentication processing unit 155 of the information processing apparatus 10 transmits the encrypted message to the service providing server 20. Next, the mutual authentication processing unit 155 of the information processing apparatus 10 generates a common key based on the generated common key information (step S717).

  Further, when the mutual authentication processing unit 201 of the service providing server 20 receives the encrypted message returned from the information processing apparatus 10, the mutual authentication processing unit 201 decrypts the received encrypted message with the private key of the own apparatus 20 to obtain plaintext (common key information and B message) is acquired (step S719). Subsequently, the mutual authentication processing unit 201 determines whether or not the obtained plaintext includes the same B message generated by the own device 10 (step S721).

  Here, if the same message as the B message generated by the own device 20 does not exist in the plaintext, the mutual authentication processing unit 201 is not the device 10 or the communication with the device 10 is interrupted. Judge that there is a harmful effect such as the existence of something. As a result, the mutual authentication processing unit 201 of the service providing server 20 determines that the mutual authentication has failed.

  On the other hand, if the same message as the B message generated by the own device 20 exists in the plaintext, the mutual authentication processing unit 201 determines that the communication partner is a regular communication partner, and based on the common key information acquired from the plaintext. Thus, a common key is generated (step S723). Thereafter, the mutual authentication processing unit 201 of the service providing server 20 encrypts a message indicating that the authentication has been successful using the generated common key, and transmits the encrypted message to the information processing apparatus 10.

  When receiving the encrypted message from the server 20, the mutual authentication processing unit 155 of the information processing device decrypts the received encrypted message with the generated common key. When the encrypted message can be decrypted with the common key, the mutual authentication processing unit 155 of the information processing apparatus 10 determines that the mutual authentication is successful. Further, when the received encrypted message cannot be decrypted with the common key, or when the communication path with the service providing server 20 is disconnected, the mutual authentication processing unit 155 of the information processing apparatus 10 determines that the mutual authentication has failed. to decide.

  In this way, the mutual authentication processing unit 155 of the information processing device 10 and the mutual authentication processing unit 201 of the service providing server 20 perform mutual authentication processing, and share information regarding the common key between both devices.

<About hardware configuration>
Next, the hardware configuration of the information processing apparatus 10 according to the embodiment of the present invention will be described in detail with reference to FIG. FIG. 14 is a block diagram for explaining a hardware configuration of the information processing apparatus 10 according to each embodiment of the present invention.

  The information processing apparatus 10 mainly includes a CPU 901, a ROM 903, and a RAM 905. The information processing apparatus 10 further includes a host bus 907, a bridge 909, an external bus 911, an interface 913, an input device 915, an output device 917, a storage device 919, a drive 921, and a connection port 923. And a communication device 925.

  The CPU 901 functions as an arithmetic processing unit and a control unit, and controls all or a part of the operation in the information processing apparatus 10 according to various programs recorded in the ROM 903, the RAM 905, the storage device 919, or the removable recording medium 927. The ROM 903 stores programs used by the CPU 901, calculation parameters, and the like. The RAM 905 primarily stores programs used in the execution of the CPU 901, parameters that change as appropriate during the execution, and the like. These are connected to each other by a host bus 907 constituted by an internal bus such as a CPU bus.

  The host bus 907 is connected to an external bus 911 such as a PCI (Peripheral Component Interconnect / Interface) bus via a bridge 909.

  The input device 915 is an operation unit operated by the user, such as a mouse, a keyboard, a touch panel, a button, a switch, and a lever. Further, the input device 915 may be, for example, remote control means (so-called remote controller) using infrared rays or other radio waves, or an external connection device such as a mobile phone or a PDA corresponding to the operation of the information processing device 10. 929 may be used. Furthermore, the input device 915 includes, for example, an input control circuit that generates an input signal based on information input by the user using the above-described operation means and outputs the input signal to the CPU 901. The user of the information processing apparatus 10 can input various data and instruct a processing operation to the information processing apparatus 10 by operating the input device 915.

  The output device 917 is configured by a device capable of visually or audibly notifying acquired information to the user. Examples of such devices include CRT display devices, liquid crystal display devices, plasma display devices, EL display devices and display devices such as lamps, audio output devices such as speakers and headphones, printer devices, mobile phones, and facsimiles. For example, the output device 917 outputs results obtained by various processes performed by the information processing apparatus 10. Specifically, the display device displays results obtained by various processes performed by the information processing device 10 as text or images. On the other hand, the audio output device converts an audio signal composed of reproduced audio data, acoustic data, and the like into an analog signal and outputs the analog signal.

  The storage device 919 is a data storage device configured as an example of a storage unit of the information processing device 10. The storage device 919 includes, for example, a magnetic storage device such as an HDD (Hard Disk Drive), a semiconductor storage device, an optical storage device, or a magneto-optical storage device. The storage device 919 stores programs executed by the CPU 901, various data, various data acquired from the outside, and the like.

  The drive 921 is a recording medium reader / writer, and is built in or externally attached to the information processing apparatus 10. The drive 921 reads information recorded on a removable recording medium 927 such as a mounted magnetic disk, optical disk, magneto-optical disk, or semiconductor memory, and outputs the information to the RAM 905. In addition, the drive 921 can write a record on a removable recording medium 927 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory. The removable recording medium 927 is, for example, a DVD medium, an HD-DVD medium, a Blu-ray medium, or the like. Further, the removable recording medium 927 may be a compact flash (registered trademark) (CompactFlash: CF), a memory stick, an SD memory card (Secure Digital memory card), or the like. Further, the removable recording medium 927 may be, for example, an IC card (Integrated Circuit card) on which a non-contact IC chip is mounted, an electronic device, or the like.

  The connection port 923 is a port for directly connecting a device to the information processing apparatus 10. An example of the connection port 923 is a USB (Universal Serial Bus) port, i. There are IEEE 1394 ports such as Link, SCSI (Small Computer System Interface) ports, and the like. As another example of the connection port 923, there are an RS-232C port, an optical audio terminal, a high-definition multimedia interface (HDMI) port, and the like. By connecting the external connection device 929 to the connection port 923, the information processing apparatus 10 acquires various data directly from the external connection device 929 or provides various data to the external connection device 929.

  The communication device 925 is a communication interface including a communication device for connecting to the communication network 931, for example. The communication device 925 is, for example, a communication card for wired or wireless LAN (Local Area Network), Bluetooth, or WUSB (Wireless USB). The communication device 925 may be a router for optical communication, a router for ADSL (Asymmetric Digital Subscriber Line), or a modem for various communication. The communication device 925 can transmit and receive signals and the like according to a predetermined protocol such as TCP / IP, for example, with the Internet or other communication devices. The communication network 931 connected to the communication device 925 is configured by a wired or wireless network, and may be, for example, the Internet, a home LAN, infrared communication, radio wave communication, satellite communication, or the like. .

  Heretofore, an example of the hardware configuration capable of realizing the function of the information processing apparatus 10 according to the embodiment of the present invention has been shown. Each component described above may be configured using a general-purpose member, or may be configured by hardware specialized for the function of each component. Therefore, the hardware configuration to be used can be changed as appropriate according to the technical level at the time of carrying out the present embodiment.

<Summary>
As described above, in the embodiment of the present invention, an attribute certificate in which information on proxy authority is described is generated, and the generated attribute information is applied to a qualified certificate associated with a template that is biometric information. Further associate. Thereby, in the embodiment of the present invention, the proxy authority given to the user is managed in association with the biological information of the user. When granting proxy authority and exercising proxy authority, biometric information is authenticated, so that it is possible to realize a highly secure proxy authority grant method and proxy authority verification method.

  The preferred embodiments of the present invention have been described in detail above with reference to the accompanying drawings, but the present invention is not limited to such examples. It is obvious that a person having ordinary knowledge in the technical field to which the present invention pertains can come up with various changes or modifications within the scope of the technical idea described in the claims. Of course, it is understood that these also belong to the technical scope of the present invention.

  For example, in the proxy authority granting method according to the second embodiment of the present invention, the case where the personal authentication process is performed also for the authority proxy has been described. However, when the authority granter can freely grant the proxy authority without involving the service providing server 20 side, the personal authentication process regarding the authority proxy does not have to be performed.

DESCRIPTION OF SYMBOLS 10 Information processing apparatus 12 Authentication station 14 Communication network 20 Service provision server 101 Biometric authentication part 103 Service provision part 105 Authority setting part 107 Input part 111 Imaging part 113 Imaging control part 115 Vein information extraction part 117 Authentication process part 119 Eligible certificate verification Unit 121 service execution unit 123 authority verification unit 131 authority grant unit 133 attribute certificate generation unit 141 storage unit 143 secure memory 151 communication unit 153 service start request unit 155 mutual authentication processing unit 157 provided data acquisition unit 171 template 173 qualified certificate 175 Public key certificate 177 Attribute certificate 201 Mutual authentication processing unit 203 Service execution unit 205 Authority verification unit 207 Communication unit 209 Storage unit 211 Secure memory

Claims (9)

Authentication of the biological information based on biological information that is information unique to the biological body extracted from biological imaging data obtained by imaging a part of the biological body and a template that is biological information registered in advance. A biometric authentication unit,
A service execution unit that executes a service according to the authority associated with the template corresponding to the biometric information that has been successfully authenticated, with respect to the biometric information that has been successfully authenticated by the biometric authentication unit;
An authority granting unit that grants, to the other template, a proxy authority for the other template to delegate at least a part of the authority associated with the one template;
Generating an attribute certificate including proxy authority information, which is information relating to authority that can be delegated by the template to which the proxy authority is granted, and generating an attribute certificate that associates the attribute certificate with the template to which the proxy authority has been granted And
An information processing apparatus comprising:   The attribute certificate generation unit generates the attribute certificate including a serial number assigned to a qualified certificate associated with the template to which the proxy authority is granted and the proxy authority information, and the proxy certificate The information processing apparatus according to claim 1, wherein a digital signature is added to the generated attribute certificate using a secret key corresponding to a qualified certificate associated with a template to which authority is granted.   The information processing apparatus, when the attribute certificate is associated with the template corresponding to the biometric information that has been successfully authenticated, authority to verify the authority associated with the template based on the attribute certificate The information processing apparatus according to claim 2, further comprising a verification unit. The authority verification unit verifies the digital signature using a public key corresponding to the digital signature added to the attribute certificate,
The service execution unit permits execution of the proxy authority described in the attribute certificate for the template to which the attribute certificate is added when the verification of the digital signature is successful. The information processing apparatus described in 1. Based on biological information that is information unique to the biological body extracted from biological imaging data obtained by imaging a part of the biological body of the authorized person, and a template that is biological information registered in advance, Authenticating the biometric information of the authorized person;
Authenticating the biometric information extracted from biometric image data obtained by imaging a portion of the authority agent's ecology;
Generating an attribute certificate including proxy authority information, which is information related to the authority corresponding to the authority representative among the authorities associated with the template corresponding to the authority, Associating the attribute certificate with a template corresponding to an authorized agent;
Substituting authority grant method including To a computer having an imaging function for imaging a part of a living body and generating biological imaging data that is imaging data of the living body,
An authentication processing function for authenticating the biometric information based on biometric information extracted from the biometric image data and biometric information that is unique to the biometric and a template that is biometric information registered in advance;
For the biometric information that has been successfully authenticated, a service execution function that executes a service in accordance with the authority associated with the template corresponding to the biometric information that has been successfully authenticated,
An authority granting function for granting, to the other template, proxy authority for the other template to delegate at least part of the authority associated with the one template;
Generating an attribute certificate including proxy authority information, which is information relating to authority that can be delegated by the template to which the proxy authority is granted, and generating an attribute certificate that associates the attribute certificate with the template to which the proxy authority has been granted Function and
A program to realize Authentication of the biological information based on biological information that is information unique to the biological body extracted from biological imaging data obtained by imaging a part of the biological body and a template that is biological information registered in advance. A biometric authentication unit,
A service that requests a service providing server that can communicate via a predetermined network to start providing a service according to the authority associated with the template corresponding to the biometric information that has been successfully authenticated by the biometric authentication unit. An initiation request department;
An authority granting unit that grants, to the other template, a proxy authority for the other template to delegate at least a part of the authority associated with the one template;
Generating an attribute certificate including proxy authority information, which is information relating to authority that can be delegated by the template to which the proxy authority is granted, and generating an attribute certificate that associates the attribute certificate with the template to which the proxy authority has been granted And
An information processing apparatus comprising: To a computer having an imaging function for imaging a part of a living body and generating biological imaging data that is imaging data of the living body,
An authentication processing function for authenticating the biometric information based on biometric information extracted from the biometric image data and biometric information that is unique to the biometric and a template that is biometric information registered in advance;
A service start request function for requesting a service providing server communicable via a predetermined network to start providing a service according to the authority associated with the template corresponding to the biometric information that has been successfully authenticated;
An authority granting function for granting, to the other template, proxy authority for the other template to delegate at least part of the authority associated with the one template;
Generating an attribute certificate including proxy authority information, which is information relating to authority that can be delegated by the template to which the proxy authority is granted, and generating an attribute certificate that associates the attribute certificate with the template to which the proxy authority has been granted Function and
A program to realize Authentication of the biological information based on biological information that is information unique to the biological body extracted from biological imaging data obtained by imaging a part of the biological body and a template that is biological information registered in advance. A biometric authentication unit,
A service that requests a service providing server that can communicate via a predetermined network to start providing a service according to the authority associated with the template corresponding to the biometric information that has been successfully authenticated by the biometric authentication unit. An initiation request department;
An authority granting unit that grants, to the other template, a proxy authority for the other template to delegate at least a part of the authority associated with the one template;
Generating an attribute certificate including proxy authority information, which is information relating to authority that can be delegated by the template to which the proxy authority is granted, and generating an attribute certificate that associates the attribute certificate with the template to which the proxy authority has been granted And
An information processing apparatus comprising:
A service providing server comprising a service execution unit that executes a service in response to the authority associated with the template corresponding to the biometric information that has been successfully authenticated with respect to the biometric information that has been successfully biometrically authenticated by the information processing apparatus When,
Including an information processing system.

Images