JP2017055384A5 - - Google Patents
Download PDFInfo
- Publication number
- JP2017055384A5 JP2017055384A5 JP2016113928A JP2016113928A JP2017055384A5 JP 2017055384 A5 JP2017055384 A5 JP 2017055384A5 JP 2016113928 A JP2016113928 A JP 2016113928A JP 2016113928 A JP2016113928 A JP 2016113928A JP 2017055384 A5 JP2017055384 A5 JP 2017055384A5
- Authority
- JP
- Japan
- Prior art keywords
- information
- authentication
- authentication server
- generation
- terminal device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 235000021171 collation Nutrition 0.000 claims 4
- 238000000034 method Methods 0.000 claims 4
- 230000001276 controlling effect Effects 0.000 claims 2
- 230000000875 corresponding Effects 0.000 claims 2
- 230000005540 biological transmission Effects 0.000 claims 1
Claims (12)
予め登録された登録データと所定の入力データとの照合結果に基づき前記ユーザの認証を行う認証器であって、当該ユーザの認証に用いられる認証手段が互いに異なる複数の認証器に関する情報を記憶する記憶部と、
前記記憶部に記憶された複数の認証器の各々の信頼性に関する情報を前記認証サーバと同期させることで、当該認証サーバ側と共通した当該信頼性に関する情報を管理する管理部と、
前記ユーザの本人性を前記認証サーバが認証するための情報であり、前記複数の認証器のいずれかから取得された照合結果から生成される情報であって、前記端末装置と前記認証サーバとの間で用いられる特定のプロトコルで処理される情報である認証結果情報の生成を制御するとともに、前記端末装置を介して当該認証結果情報を当該認証サーバに送信させるよう制御する生成部と、
を備えることを特徴とする生成装置。 In cooperation with the terminal device, a generation device that performs processing for authenticating the identity of the user who uses the terminal device to the authentication server,
An authenticator that authenticates the user based on a result of collation between registered data registered in advance and predetermined input data, and stores information related to a plurality of authenticators with different authentication means used for authenticating the user. A storage unit;
A management unit that manages information related to the reliability common to the authentication server side by synchronizing information about the reliability of each of the plurality of authenticators stored in the storage unit with the authentication server;
Information for authenticating the identity of the user by the authentication server, information generated from a verification result obtained from any of the plurality of authenticators, the terminal device and the authentication server a generation unit the rewritable control the generation of the authentication result information is information that is processed by a specific protocol, the authentication result information via the terminal device controls to transmit to the authentication server to be used between,
A generating apparatus comprising:
前記認証器から取得された照合結果に対して、前記生成装置内に保持されている鍵を用いて署名することにより、前記認証結果情報を生成する、
ことを特徴とする請求項1に記載の生成装置。 The generator is
Generating the authentication result information by signing the verification result acquired from the authenticator by using a key held in the generation device;
The generating apparatus according to claim 1, wherein:
前記記憶部に記憶された複数の認証器から取得される各々の照合結果に対して、共通する前記鍵を用いて前記認証結果情報を生成する、
ことを特徴とする請求項2に記載の生成装置。 The generator is
For each matching result obtained from multiple authenticator stored in the storage unit, generates the authentication result information by using the key in common,
The generating apparatus according to claim 2, wherein:
前記記憶部に記憶された複数の認証器から取得される各々の照合結果に対して、対応する認証器ごとに発行された個別の鍵を用いて前記認証結果情報を生成する、
ことを特徴とする請求項2に記載の生成装置。 The generator is
It generates the authentication result information by using the individual key issued for each authenticator that for each of the matching result obtained from multiple authenticator stored in the storage unit, corresponding,
The generating apparatus according to claim 2, wherein:
前記特定のプロトコルで処理される情報を生成可能な外部装置に対して、前記認証器から取得された照合結果に基づいて前記認証結果情報を生成させる、
ことを特徴とする請求項1に記載の生成装置。 The generator is
Causing an external device capable of generating information processed by the specific protocol to generate the authentication result information based on a matching result acquired from the authenticator;
The generating apparatus according to claim 1, wherein:
前記認証サーバと、前記生成装置及び前記外部装置との信頼性に基づいて、前記生成部が前記認証結果情報を生成するか、あるいは、前記外部装置によって前記認証結果情報を生成させるか、を選択する、
ことを特徴とする請求項5に記載の生成装置。 The generator is
Based on the reliability between the authentication server, the generation device, and the external device, the generation unit selects whether to generate the authentication result information or to generate the authentication result information by the external device To
The generating apparatus according to claim 5, wherein:
前記認証サーバが指定する前記認証器の信頼性に基づいて、前記認証器の信頼性に関する情報を更新し、
前記生成部は、
前記認証サーバが指定する前記認証器の信頼性に基づいて、前記認証結果情報を生成する元となる前記認証器を選択する、
ことを特徴とする請求項1〜6のいずれか一つに記載の生成装置。 The management unit
Based on the authenticity of the authenticator specified by the authentication server, the information on the authenticity of the authenticator is updated,
The generator is
Based on the authenticity of the authenticator specified by the authentication server, select the authenticator from which the authentication result information is generated.
The generating apparatus according to claim 1, wherein
前記認証器から取得された照合結果から生成される前記認証結果情報に、当該認証器の信頼性に関する情報を含ませる、
ことを特徴とする請求項7に記載の生成装置。 The generator is
Including information related to reliability of the authenticator in the authentication result information generated from the verification result acquired from the authenticator,
The generating apparatus according to claim 7 .
前記生成装置から取得した前記認証結果情報を前記認証サーバに送信する送信部と、
を備えたことを特徴とする端末装置。 A communication unit that communicates with the generation device according to any one of claims 1 to 8 ,
A transmission unit that transmits the authentication result information acquired from the generation device to the authentication server;
A terminal device comprising:
前記生成装置が、予め登録された登録データと所定の入力データとの照合結果に基づき前記ユーザの認証を行う認証器であって、当該ユーザの認証に用いられる認証手段が互いに異なる複数の認証器に関する情報を所定の記憶部に記憶する記憶工程と、
前記生成装置が、前記記憶部に記憶された複数の認証器の各々の信頼性に関する情報を前記認証サーバと同期させることで、当該認証サーバ側と共通した当該信頼性に関する情報を管理する管理工程と、
前記生成装置が、前記ユーザの本人性を前記認証サーバが認証するための情報であり、前記複数の認証器のいずれかから取得された照合結果から生成される情報であって、前記端末装置と前記認証サーバとの間で用いられる特定のプロトコルで処理される情報である認証結果情報の生成を制御するとともに、前記端末装置を介して当該認証結果情報を当該認証サーバに送信させるよう制御する生成工程と、
を含んだことを特徴とする生成方法。 A generation method executed by a generation device that performs processing for causing the authentication server to authenticate the identity of a user who uses the terminal device in cooperation with the terminal device,
A plurality of authenticators in which the generating device authenticates the user based on a result of collation between registered data registered in advance and predetermined input data, and authentication means used for authenticating the user are different from each other. A storage step for storing information on a predetermined storage unit;
A management process in which the generation device manages information related to the reliability common to the authentication server side by synchronizing information related to the reliability of each of the plurality of authenticators stored in the storage unit with the authentication server. When,
The generating device is information for the authentication server to authenticate the identity of the user, and is information generated from a verification result acquired from any of the plurality of authenticators, the terminal device and It controls to transmit the rewritable control the generation of the authentication result information is information that is processed by the particular protocol used between the authentication server, the authentication result information via the terminal device to the authentication server Generation process;
The generation method characterized by including.
予め登録された登録データと所定の入力データとの照合結果に基づき前記ユーザの認証を行う認証器であって、当該ユーザの認証に用いられる認証手段が互いに異なる複数の認証器に関する情報を所定の記憶部に記憶する記憶手順と、
前記記憶部に記憶された複数の認証器の各々の信頼性に関する情報を前記認証サーバと同期させることで、当該認証サーバ側と共通した当該信頼性に関する情報を管理する管理手順と、
前記ユーザの本人性を前記認証サーバが認証するための情報であり、前記複数の認証器のいずれかから取得された照合結果から生成される情報であって、前記端末装置と前記認証サーバとの間で用いられる特定のプロトコルで処理される情報である認証結果情報の生成を制御するとともに、前記端末装置を介して当該認証結果情報を当該認証サーバに送信させるよう制御する生成手順と、
を含んだことを特徴とする生成プログラム。 A generation program that is executed by a generation device that performs processing for causing the authentication server to authenticate the identity of a user who uses the terminal device in cooperation with the terminal device,
An authenticator for performing authentication of the user based on a result of collation between registered data registered in advance and predetermined input data, and information relating to a plurality of authenticators having different authentication means used for authenticating the user A storage procedure stored in the storage unit;
A management procedure for managing information related to the reliability common to the authentication server side by synchronizing information related to the reliability of each of the plurality of authenticators stored in the storage unit with the authentication server;
Information for authenticating the identity of the user by the authentication server, information generated from a verification result obtained from any of the plurality of authenticators, the terminal device and the authentication server a generating step of controlling so as to transmit the authentication result information to the authentication server via specific the rewritable control the generation of the authentication result information is information that is processed by the protocol, the terminal device used between,
A generation program characterized by including
前記生成装置は、
予め登録された登録データと所定の入力データとの照合結果に基づき前記ユーザの認証を行う認証器であって、当該ユーザの認証に用いられる認証手段が互いに異なる複数の認証器に関する情報を記憶する記憶部と、
前記記憶部に記憶された複数の認証器の各々の信頼性に関する情報を前記認証サーバと同期させることで、当該認証サーバ側と共通した当該信頼性に関する情報を管理する管理部と、
前記ユーザの本人性を前記認証サーバが認証するための情報であり、前記複数の認証器のいずれかから取得された照合結果から生成される情報であって、前記端末装置と前記認証サーバとの間で用いられる特定のプロトコルで処理される情報である認証結果情報であり、かつ、前記生成装置内に保持される鍵を用いて署名される情報である認証結果情報の生成を制御するとともに、前記端末装置を介して当該認証結果情報を当該認証サーバに送信させるよう制御する生成部と、を備え、
前記認証サーバは、
前記鍵を有する生成装置と、当該鍵に対応する公開鍵とを対応付けて管理する管理部、
を備えることを特徴とする認証処理システム。 An authentication processing system including a generation device that performs processing for causing an authentication server to authenticate the identity of a user who uses the terminal device in cooperation with the terminal device, and an authentication server,
The generator is
An authenticator that authenticates the user based on a result of collation between registered data registered in advance and predetermined input data, and stores information related to a plurality of authenticators with different authentication means used for authenticating the user. A storage unit;
A management unit that manages information related to the reliability common to the authentication server side by synchronizing information about the reliability of each of the plurality of authenticators stored in the storage unit with the authentication server;
Information for authenticating the identity of the user by the authentication server, information generated from a verification result obtained from any of the plurality of authenticators, the terminal device and the authentication server an authentication result information is information that is processed by the particular protocol used between, and, the rewritable control the generation of the authentication result information is information that is signed with a key held in the generator A generation unit for controlling the authentication result information to be transmitted to the authentication server via the terminal device ,
The authentication server is
A management unit that manages the generation device having the key and the public key corresponding to the key,
An authentication processing system comprising:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016113928A JP6570480B2 (en) | 2016-06-07 | 2016-06-07 | Generation device, terminal device, generation method, generation program, and authentication processing system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016113928A JP6570480B2 (en) | 2016-06-07 | 2016-06-07 | Generation device, terminal device, generation method, generation program, and authentication processing system |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2015175486A Division JP5951094B1 (en) | 2015-09-07 | 2015-09-07 | Generation device, terminal device, generation method, generation program, and authentication processing system |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2017055384A JP2017055384A (en) | 2017-03-16 |
JP2017055384A5 true JP2017055384A5 (en) | 2018-09-27 |
JP6570480B2 JP6570480B2 (en) | 2019-09-04 |
Family
ID=58317745
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2016113928A Active JP6570480B2 (en) | 2016-06-07 | 2016-06-07 | Generation device, terminal device, generation method, generation program, and authentication processing system |
Country Status (1)
Country | Link |
---|---|
JP (1) | JP6570480B2 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6936169B2 (en) | 2018-02-27 | 2021-09-15 | ヤフー株式会社 | Authenticator management device, authenticator management method, authenticator management program and authenticator management system |
KR102188925B1 (en) * | 2019-04-30 | 2020-12-10 | 주식회사 슈프리마아이디 | Authentication system for providing log-in service based on biometric information |
CN113297552B (en) | 2021-02-05 | 2023-11-17 | 中国银联股份有限公司 | Verification method based on biological characteristic ID chain, verification system and user terminal thereof |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4111810B2 (en) * | 2002-11-28 | 2008-07-02 | 富士通株式会社 | Personal authentication terminal, personal authentication method, and computer program |
JP4819542B2 (en) * | 2006-03-24 | 2011-11-24 | 株式会社日立製作所 | Biometric authentication system and method with vulnerability verification |
US9083689B2 (en) * | 2012-12-28 | 2015-07-14 | Nok Nok Labs, Inc. | System and method for implementing privacy classes within an authentication framework |
EP4274165A3 (en) * | 2012-12-28 | 2023-12-20 | Nok Nok Labs, Inc. | System and method for efficiently enrolling, registering, and authenticating with multiple authentication devices |
EP2989770A1 (en) * | 2013-04-26 | 2016-03-02 | Interdigital Patent Holdings, Inc. | Multi-factor authentication to achieve required authentication assurance level |
-
2016
- 2016-06-07 JP JP2016113928A patent/JP6570480B2/en active Active
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107888384B (en) | Identity data management method, system and computer readable storage medium | |
JP6517359B2 (en) | Account restoration protocol | |
US10454913B2 (en) | Device authentication agent | |
WO2017177435A1 (en) | Identity authentication method, terminal and server | |
JP2020528224A5 (en) | ||
TW202011242A (en) | Blockchain cross-chain authentication method and system, and server and readable storage medium | |
JP2017107343A5 (en) | ||
JP2019510444A5 (en) | ||
JP2020502674A5 (en) | ||
RU2018103183A (en) | MUTUAL AUTHENTICATION OF CONFIDENTIAL COMMUNICATION | |
PH12018501983A1 (en) | Method and system for user authentication with improved security | |
JP2016512675A5 (en) | ||
JP2018533141A5 (en) | ||
RU2018137847A (en) | SYSTEM AND METHOD FOR DISTRIBUTION OF KEY MATERIAL AND CERTIFICATE BASED ON IDENTIFICATION INFORMATION | |
JP6967449B2 (en) | Methods for security checks, devices, terminals and servers | |
CN105678182A (en) | Method and apparatus for data operation controlling | |
JP2018205906A5 (en) | ||
CN103152366A (en) | Method, terminal and server for obtaining terminal authorization | |
JP2014508456A5 (en) | ||
JP2014174560A5 (en) | ||
US10785208B2 (en) | Authentication method, authentication system, and communication device | |
CN106796630A (en) | User authentication | |
JP2012519995A5 (en) | ||
MX2018007332A (en) | Method, device, server and system for authenticating a user. | |
JP2017055384A5 (en) |