JP2019153906A - Mobile driver's license system and portable terminal device - Google Patents

Abstract

To guarantee the legitimacy of update information of driver's license information.SOLUTION: An authentication station registers a portable terminal as a mobile driver's license, the portable terminal stores a public key for portable terminal to be paired with a secret key for portable terminal, an electronic signature signing the public key for portable terminal and the data of a part of the driver's license information with the secret key of the authentication station is stored, when the portable terminal authenticates a user by the user authentication means, the public key for the portable terminal and the electronic signature are presented to the external device, thus being authenticated as a mobile driver's license by the external device, and then the portable terminal creates an update information mobile signature where the update information of the driver's license information is signed with the secret key for portable terminal, and the update information mobile signature is transmitted to the external device together with the update information of the driver's license information.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a mobile driver's license system and a portable terminal device using a portable terminal device for a driver's license.

  Conventionally, the driver's license information is written on the IC card and the driver's license is issued as a card. Although this issuance is expected to continue in the future, discussions on mobile driver's licenses are progressing globally, and a driver's license is provided with an application that writes and issues (personalized) information on a driver's license on a smartphone. Equivalent operation is being considered.

  Globally, there are countries that are discussing the issuance of mobile driver licenses that consist only of mobile terminal devices without issuing IC card driver licenses, but in so-called developed countries including Japan, ICs Card driver's licenses are issued as usual, and mobile driver licenses by portable terminal devices are likely to be issued as replicas of IC card driver licenses or as child cards.

  The IC card driver's license reads out the driver's license information using PIN1 and PIN2, which are two pieces of key information (password) for acquiring confidential information from the IC card driver's license.

  Specifically, when the user inputs PIN1 which is the first personal identification number from the authentication medium access device of the terminal device of the external device, the authentication medium access device receives the driver's name and date of birth from the IC card driver's license. Read out license information such as license type and license number.

  Further, when the user inputs PIN2 which is the second personal identification number from the authentication medium access device, the license information such as the driver's license face image is read out.

  If the user forgets these passwords PIN1 and PIN2, there is a problem that the user cannot read out the license information from the IC card.

  With respect to this problem, in Patent Document 1, it is possible to use an IC card or a mobile phone terminal equipped with an IC chip for the user to input these two personal identification numbers PIN1 and PIN2 from the authentication medium access device. It has been proposed to improve convenience by using a portable medium.

  In Patent Document 1, a command for requesting notification of the PIN numbers PIN1 and PIN2 to the IC card is transmitted from the portable medium to the information server. Then, the information server notifies the IC card of the PIN numbers PIN1 and PIN2 for the IC card driver's license. Thereby, the input of the personal identification number by the user is performed on the portable medium, and the troublesomeness of the user's PIN input is improved.

JP 2010-287051 A

However, in the technique of Patent Document 1, the possibility that the IC card and the portable medium are used and used by another person cannot be excluded, and the driver's license of the IC card can be used illegally by other persons than the user. was there.

  In addition, when the information on the IC card driver's license card is initially issued, an electronic signature is generated for the license information, preventing alteration of the license information, but address change, name change (marital, etc.) As for the license update information obtained by updating the ticket information such as the electronic signature, since the electronic signature is not generated, there is a problem that the validity of the license update information is not secured.

In order to solve the above-mentioned problem, the present invention is a mobile driver's license system composed of a mobile terminal device having a user authentication means and a certificate authority,
The certificate authority registers the mobile terminal device as a mobile driver's license;
The mobile terminal device signs the mobile terminal device public key paired with the mobile terminal device private key, and the mobile terminal device public key and partial data of the driver's license information with the private key of the certification authority. Remembered electronic signatures,
When the mobile terminal device authenticates the user by the user authentication means, the mobile terminal device authenticates the external device as a mobile driving license by presenting the mobile terminal device public key and the electronic signature to the external device. And
The mobile terminal device creates an update information mobile signature signed with the mobile terminal device private key in the update information of the driver's license information, and the update information mobile signature together with the update information of the driver's license information It is a mobile driver's license system characterized by transmitting to.

  According to this configuration, the mobile terminal license system guarantees the validity of the update information of the driver's license information by providing the update information mobile signature to the update information of the driver's license information. There is an effect that can be done.

Further, the present invention is a mobile driver's license system comprising a mobile terminal device having user authentication means, a certificate authority, and a second certificate authority that creates updated information of the driver's license information,
The certificate authority registers the mobile terminal device as a mobile driver's license;
The mobile terminal device signs the mobile terminal device public key paired with the mobile terminal device private key, and the mobile terminal device public key and partial data of the driver's license information with the private key of the certification authority. Remembered electronic signatures,
The mobile terminal device stores an update information server signature signed with the secret key of the second certificate authority in the update information of the driver's license information,
When the mobile terminal device authenticates the user by the user authentication means, the mobile terminal device authenticates the external device as a mobile driving license by presenting the mobile terminal device public key and the electronic signature to the external device. And
The mobile terminal license system is characterized in that the mobile terminal device transmits the update information server signature together with the update information of the driver license information to an external device.

  The present invention is the above-described mobile driver's license system, wherein the user authentication means is a biometric authentication means.

The present invention also provides the above mobile driver's license system,
The user's biometric information acquired by the biometric authentication means of the portable terminal device is transmitted to the certificate authority, and the certificate authority collates the biometric information with the user's biometric information stored in the certificate authority. The mobile terminal license system is characterized in that the mobile terminal device is registered in a mobile driver's license by certifying.

Further, the present invention is a portable terminal device registered as a mobile driver's license in a certificate authority,
The portable terminal device is
A mobile terminal device public key that is paired with a mobile terminal device private key, and an electronic signature that is signed with the private key of the certificate authority is stored in a part of the public key for the mobile terminal device and driving license information. ,
Storing the update information mobile signature signed with the secret key of the certificate authority or the secret key for the portable terminal device in the update information of the driver's license information;
When the mobile terminal device authenticates the user, by presenting the mobile terminal device public key and the electronic signature to the external device, the external device is authenticated as a mobile driving license,
The mobile terminal device is characterized in that the update information mobile signature is transmitted to an external device together with the update information of the driver's license information, thereby causing the external device to authenticate the update information of the driver's license information.

  In addition, the present invention is the mobile terminal device described above, wherein the mobile terminal device includes biometric authentication means as means for authenticating a user.

  Further, the present invention is the above-described portable terminal device, wherein the biometric information of the user acquired by the biometric authentication unit is transmitted to the certification authority, and the biometric information and the biometric information of the user are transmitted by the certification authority. The mobile terminal device is characterized in that a mobile driver's license is registered by being verified.

  Further, the present invention is the mobile terminal device described above, wherein the mobile terminal device creates an update information mobile signature in which the update information of the driver's license information is signed with the mobile terminal device private key. It is a portable terminal device.

  Further, the present invention is the above-described mobile terminal device, wherein the mobile terminal device creates a mobile terminal device public key paired with the mobile terminal device private key and the mobile terminal device private key. This is a portable terminal device.

  The present invention has the effect that the mobile terminal license system can ensure the validity of the update information of the driver's license information by providing the update information mobile signature to the update information of the driver's license information. is there.

  In addition, the present invention provides a mobile driving license system with high information security by which only the user can read out the mobile driving license information of the driving license from the mobile terminal device by using the user authentication means of the mobile terminal device. There is an effect that can be done.

  In addition, the present invention uses biometric authentication as the user authentication means of the mobile terminal device, thereby reducing the labor of inputting a personal identification number for the user to read out the mobile driver's license information of the driver's license. It is possible to construct a highly convenient mobile driver's license system.

It is a block diagram which shows the structure of the mobile driver's license system of the 1st Embodiment of this invention. It is a flowchart (the 1) of the mobile driver's license system of the 1st Embodiment of this invention. It is a flowchart (the 2) of the mobile driver's license system of the 1st Embodiment of this invention. It is a flowchart (the 3) of the mobile driver's license system of the 1st Embodiment of this invention. It is a flowchart (the 4) of the mobile driver's license system of the 1st Embodiment of this invention. It is a block diagram which shows the structure of the mobile driver's license system of the 2nd Embodiment of this invention. It is a flowchart (the 1) of the mobile driver's license system of the 2nd Embodiment of this invention. It is a flowchart (the 2) of the mobile driver's license system of the 2nd Embodiment of this invention. It is a flowchart (the 3) of the mobile driver's license system of the 2nd Embodiment of this invention. It is a flowchart (the 4) of the mobile driver's license system of the 2nd Embodiment of this invention. It is a block diagram which shows the structure of the mobile driver's license system of the 3rd Embodiment of this invention. It is a block diagram which shows the structure of the mobile driver's license system of the 4th Embodiment of this invention. It is a flowchart (the 1) of the mobile driver's license system of the 4th Embodiment of this invention. It is a flowchart (the 2) of the mobile driver's license system of the 4th Embodiment of this invention. It is a flowchart (the 3) of the mobile driver's license system of the 4th Embodiment of this invention.

<First Embodiment>
Hereinafter, a mobile driver's license system according to an embodiment of the present invention will be described with reference to FIGS.

(Configuration of mobile driver's license system)
The block diagram of FIG. 1 shows the configuration of the mobile driver's license system of the first embodiment. That is, the mobile driver's license system according to the present embodiment is installed in the IC card driver's license 10, the mobile terminal device 20 connected to the communication network NW, and the license authority CA (Certificate Authority). The issuing server 30 and the terminal authentication server 40 are used.

  The mobile terminal device 20 communicates with various external devices 50 that require mobile driver license information from the user, and transmits the mobile driver license information.

  The terminal authentication server 40 can also be used as the license issuing server 30. The terminal authentication server 40 can be installed in a certificate authority independent of the license certificate authority CA. However, the terminal authentication server 40 operates by sharing a part of the function of the license certificate authority CA.

(IC card driver's license 10)
In the examination for registering the user's mobile terminal device 20 in the mobile driver's license, the mobile terminal device 20 reads the IC card driver's license information of the IC card driver's license 10, that is, the IC card driver's license information is prepared. Is one of the conditions for the examination.

The IC card driver's license 10 is created by the license issuing server 30 and records the driver's license issuing information Card including the issue number, name, and biometric information (face image) of the driver's license. Further, the hash value Ha created from the license issuance information Card is recorded, and the data obtained by encrypting the hash value Ha with the certificate authority private key CaSc of the license issuance server 30 is stored as the license signature DSM.

  In the following, the issuance number, name, and license issuance information Card including the biometric information (face image) of the driver's license, the hash value Ha of the license issuance information Card, and the license signature DSM The set is called IC card driver's license information.

  Further, the IC card driver's license 10 stores the certificate authority public key CaK, and the IC card private key ICsc and IC card publicized by the license issuing server 30 of the license authority CA created for the IC card driver's license 10 are disclosed. The key pair of the key ICK and the IC card public key certification signature ICKD are stored.

  The IC card driving license 10 communicates with the short-range wireless communication means 51 of the authentication medium access device that is the terminal device of the external device 50 and also communicates with the short-range wireless communication means 21 of the portable terminal device 20. Then, depending on the authentication level of which certification authority is registered with the external device public key TK of the external device 10 that communicates with the IC card driving license 10, the IC card driving license that can be notified to those devices Send the certificate information.

  The certificate authority with the highest authentication level in which these devices are registered is the license certificate authority CA. The device registered in the terminal authentication server 40 of the license certificate authority CA can receive the driver's driver's biometric information (face image) from the IC card driver's license 10.

  The IC card driver's license 10 stores the user's PIN numbers PIN1 and PIN2. When the IC card driver's license 10 receives the correct PIN numbers PIN1 and PIN2 from the external device 50 or the portable terminal device 20 registered in the certificate authority of a predetermined authentication level, the IC card driver's license is attached to the device. 10 IC card driver's license information is transmitted.

(License Certification Authority CA)
A license issuance server 30 and a terminal authentication server 40 are installed in a license certification authority CA of a mobile driver's license management organization such as a prefectural public safety committee or related organization. The license issuing server 30 and the terminal authentication server 40 perform encrypted communication with the external device 50 connected to the communication network NW using the certificate authority private key CaSc and the certificate authority public key CaK.

(License issuance server 30)
The license issuance server 30 manages application information and issuance information of the IC card driver's license 10 and creates a license issuance information Card such as an issuance number, name, and face image of the IC card driver's license 10. Then, the license issuance server 30 issues the IC card driving license 10 by writing the license issuance information Card into the IC card using a dedicated IC card issuing device. The license issuance server 30 also has a hash value Ha created from the license issuance information Card and a license signature DSM created by encrypting the hash value Ha with the certificate authority private key CaSc in the IC card driving license 10. Write.

  The license issuance server 30 also creates a hash value of the key pair of the IC card private key ICsc and the IC card public key ICK created for the IC card driver's license 10, and uses the certificate authority private key CaSc as the hash value. The IC card public key certificate signature ICKD is created by encryption. Then, the IC card public key certification signature ICKD is written in the IC card driving license 10. In this way, the license issuing server 30 issues the IC card driving license 10 using a dedicated IC card issuing device.

(Terminal authentication server 40)
The terminal authentication server 40 downloads the mobile application program 110 to the mobile terminal device 20, and registers the mobile terminal device 20 that has been installed and operated in the database as a candidate for a mobile driving license.

  Specifically, the terminal authentication server 40 first registers the user ID data of the mobile terminal device 20 of the user who downloaded the mobile application program 110 from the terminal authentication server 40 in the database. Next, when the mobile terminal device 20 biometrically authenticates the user, the mobile terminal device 20 is registered as a candidate for a mobile driving license. At that time, the terminal authentication server 40 associates the mobile terminal device public key MoK for the mobile terminal device 20 with the user ID data, and registers the mobile terminal license as a candidate for mobile driving license.

  The mobile terminal device public key MoK may be generated by the encryption key generating means 24 included in the mobile application program 110 of the mobile terminal device 20, or the terminal authentication server 40 generates a pair of encryption keys and generates the mobile terminal. You may make it transmit to the apparatus 20. FIG.

  Next, the terminal authentication server 40 receives the IC card driver's license information including the face photograph of the driver's license and the biometric authentication means 23 of the portable terminal device 20 from the portable terminal device 20 registered in the mobile driver's license candidate. When the biometric information of the user registered in is received, the user and the mobile terminal device 20 are examined, and the mobile terminal device 20 is registered in the mobile driver's license.

(Mobile license public key certificate signature MoKD)
Specifically, when the terminal authentication server 40 receives the IC card driver's license information and the user's biometric information from the portable terminal device 20 registered as a candidate for the mobile driver's license, the terminal authentication server 40 is for the portable terminal device 20. Create a mobile license public key certification signature MoKD.

  That is, the terminal authentication server 40 includes the mobile terminal device public key MoK of the mobile terminal device 20, the IC card driving license information (at least part of the IC card driving license information) of the IC card driving license 10, and The hash value is encrypted with the certificate authority private key CaSc, and the mobile license public key certification signature MoKD is created and transmitted to the mobile terminal device 20.

  Then, the terminal authentication server 40 stores the user ID data of the user's mobile terminal device 20, the license number of the IC card driver's license 10 of the user, and the user's mobile terminal device 20 in the database. The mobile terminal device public key MoK given to is stored in association with it, and the mobile terminal device 20 is registered and managed as a mobile driving license.

  That is, the terminal authentication server 40 of the license certificate authority CA registers the biometric information in the mobile terminal device 20 having the biometric authentication means 23 as the user authentication means, and biometrically authenticates the user. After authenticating and examining the device 20 with high security for making a mobile driver's license, the mobile terminal device 20 is registered as a mobile driver's license.

  The means by which the terminal authentication server 40 authenticates the mobile terminal device 20 with high security is not limited to this. For example, the terminal authentication server 40 directly connects the portable terminal device 20 to a dedicated mobile driver's license issuance device connected by a dedicated line to authenticate the portable terminal device 20 and the user, and then the portable terminal. Device 20 can be registered as a mobile driver's license.

Further, a dedicated mobile driver's license issuance device connected to the terminal authentication server 40 via a dedicated line is further connected to the IC card driver's license 10 to read out the information, and the information is stored in the information of the portable terminal device 20. The mobile terminal device 20 can be registered as a mobile driving license after the mobile terminal device 20 is authenticated by checking.

(Portable terminal device 20)
The mobile terminal device 20 registered as a mobile driver's license is a mobile phone such as a smartphone used by a user. As shown in FIG. 1, the mobile terminal device 20 includes a short-range wireless communication unit 21 and a camera 22, and includes a biometric authentication unit 23 as a user authentication unit.

  In the portable terminal device 20, a SIM card (Subscriber_Identity_Module_Card), a UIM card (User_Identity_Module_Card), a UICC card (Universal_Integrated_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circuit_Circure A mobile application program 110 including 25 is installed and used.

(Near field communication means 21)
The portable terminal device 20 communicates with the IC card driving license 10 owned by the user, the external device 50 and other portable terminal devices 20 using the short-range wireless communication means 21.

(Camera 22)
The mobile terminal device 20 has a camera 22. For example, the camera 22 is installed on the front surface of the mobile terminal device 20, takes a picture of the face of the user who operates the mobile terminal device 20, and stores it in the mobile terminal device 20.

(Biometric authentication means 23)
The mobile terminal device 20 includes biometric authentication means 23 that authenticates user biometric information such as face authentication. The biometric authentication unit 23 checks the biometric information of the user read by the mobile terminal device 20 with the camera 22 or the like with the biometric information registered in the mobile terminal device 20 and allows the user to access. It has a function of determining whether or not there is access.

  The authentication method using the biometric information may be any of fingerprint, iris of the pupil, palm vein authentication, etc. In this embodiment, the camera 22 captures the user's face photo, and the biometric authentication means 23 captures the image. The user's face photo is collated with the data of the user's face photo registered in the mobile terminal device 20 to authenticate the user.

(Mobile application program 110)
When the mobile terminal device 20 in which the mobile application program 110 is installed authenticates the user with the biometric authentication means 23, the mobile terminal device 20 is registered in the terminal authentication server 40 as a candidate for a mobile driving license.

(Encryption key creation means 24)
The mobile application program 110 of the mobile terminal device 20 has an encryption key creation unit 24. The encryption key creation means 24 creates a key pair of the mobile terminal device private key MoSc and the mobile terminal device public key MoK, which is encryption key data by the public key cryptosystem.

(Mobile terminal device private key MoSc and mobile terminal device public key MoK)
That is, the encryption key creating means 24 of the mobile application program 110 creates a key pair of the mobile terminal device private key MoSc and the mobile terminal device public key MoK in the mobile terminal device 20. The portable terminal device private key MoSc is stored only by the portable terminal device 20, and the portable terminal device public key MoK is presented to other devices.

(Reception of information from IC card driver's license 10)
The mobile terminal device 20 registered as a mobile driver license candidate in the terminal authentication server 40 of the license certificate authority CA communicates with the IC card driver license 10 according to the installed mobile application program 110, and the IC card driver license. By transmitting the PIN numbers PIN1 and PIN2 to the certificate 10, the IC card driver's license 10 is authenticated and the IC card driver's license information is read out.

(Register mobile terminal device 20 with mobile driver's license)
The mobile terminal device 20 that has read the IC card driving license information from the IC card driving license 10 transmits the IC card driving license information to the terminal authentication server 40 of the license certificate authority CA of the mobile driving license management organization. .

  The terminal authentication server 40 that has received the IC card driving license information from the portable terminal device 20 registers the portable terminal device 20 in the mobile driving license. Then, the terminal authentication server 40 creates a mobile license public key certification signature MoKD, which is an electronic signature for the mobile terminal device 20, and transmits it to the mobile terminal device 20.

  The mobile terminal device 20 registered as a mobile driver's license is a mobile driver's license comprising IC card driver's license information including a license signature DSM, a mobile license public key certificate signature MoKD, and a mobile terminal public key MoK. The certificate information, the private key MoSc for the portable terminal device, the certificate authority public key CaK of the license certificate authority CA, and the public key of each certificate authority necessary for authenticating the external device 50 connected to the communication network NW. Remember.

  Since the mobile terminal device 20 registered as a mobile driver's license authenticates the user with the biometric authentication means 23, it can be confirmed that the user himself / herself is present, so the user's personal identification number PIN1 and PIN2 Can be substituted.

  Thereby, the input process of the personal identification number by the user can be substituted by the user's face authentication by the biometric authentication means 23 of the portable terminal device 20, and the troublesomeness of the user's PIN input can be improved.

  When the biometric authentication unit 23 succeeds in personal authentication of the user, the mobile application program 110 of the mobile terminal device 20 can display the mobile driver's license information on the display unit of the mobile terminal device 20.

(Transmission of information to the external device 50)
The portable terminal device 20 registered as a mobile driver's license authenticates the user with the biometric authentication means 23, and acts as an input for the user's PIN numbers PIN1 and PIN2. However, since the personal identification number is not the information sent from the external device 50, the information on the face image of the mobile driver's license information is displayed on the display means of the portable terminal device 20 unless otherwise instructed. Keep on display.

  When the biometric authentication unit 23 succeeds in personal authentication of the user, the mobile application program 110 of the mobile terminal device 20 authenticates the external device 50 as follows according to the user's instruction.

The mobile terminal device 20 transmits information that can be transmitted according to the authentication level of the certificate authority that has registered the external device public key TK of the external device 50 through the short-range wireless communication unit 21 according to the user's instruction.
The data is transmitted to the authentication medium access device of the terminal device of the external device 50.

  First, the mobile terminal device 20 authenticates the external device 50 via the short-range wireless communication unit 21 as follows. That is, the mobile terminal device 20 receives the external device public key TK and the external device public key certification signature TKD from the authentication medium access device of the external device 50, and uses the received external device public key certification signature TKD as the certification authority public key CaK. The external device 50 is determined to be a legitimate device registered with the license certificate authority CA.

  The mobile terminal device 20 can also authenticate the external device 50 registered in another certificate authority other than the license certificate authority CA. That is, the mobile terminal device 20 receives from the external device 50 the external device public key certification signature TKD that is decrypted using the certificate authority public key of the other certificate authority, and the external device public key TK of the external device 50 is the other It is determined that the device is a legitimate device registered in the certificate authority.

  The mobile terminal device 20 uses the encrypted communication to transmit the mobile driver's license information that can be notified to the external device 50 that has authenticated the validity according to which certificate authority's signature guarantees the validity. Send.

  The portable terminal device 20 transmits the license expiration date and expiration date information, which is the open storage information of the license, to the external device 50 having the lowest authentication level.

  The highest authentication level is when the external device 50 is registered in the terminal authentication server 40 of the license certificate authority CA. In that case, the mobile terminal device 20 provides the external device 50 with the mobile driver's license information including the mobile license public key certificate signature MoKD and the IC card driver's license information including the driver's driver's biometric information (face image). Can be sent.

(License renewal signature creation means 25)
The mobile application program 110 of the portable terminal device 20 has a license update signature creating means 25. The license update signature creating means 25 creates an update information mobile signature DSMCMo, which is an electronic signature using its own mobile terminal device private key MoSc, with respect to the update information of the license information of the IC card driver's license 10. Create a signed mobile driver's license update information digitally signed in

  Specifically, when the license update signature creation means 25 has update information in the license information received from the IC card driver's license 10, it creates a hash value of the update information and uses the hash value as the mobile terminal device 20 It encrypts with its own mobile terminal device private key MoSc and creates an update information mobile signature DSMCMo, thereby digitally signing itself.

  The update information of the IC card driver's license 10, the hash value of the update information, and the update information mobile signature DSMCMo are referred to as signed mobile driver's license update information.

  The mobile terminal device 20 transmits the signed mobile driver's license update information to the external device 50. That is, the mobile terminal device 20 creates an update information mobile signature DSMCMo in which the update information of the license information is signed with the mobile terminal device private key MoSc in the external device 50, and the update information and the update information mobile signature are updated. The mobile driver's license update information with a signature composed of DSMCMo is transmitted to the external device 50.

(Authentication of license update information by external device 50)
The external device 50 decrypts the mobile license public key certification signature MoKD received from the mobile terminal device 20 using the certificate authority public key CaK, so that the mobile terminal device public key MoK is registered in the terminal authentication server 40. Make sure. Then, the update information mobile signature DSMCMo is decrypted with the mobile terminal device public key MoK to confirm that the update information of the license information is not falsified.

  In this way, by using the update information mobile signature DSMCMo, the external device 50 updates the license information in which the license information of the IC card driver's license 10 has been updated such as address change, name change (such as marriage), etc. Check the validity of the information.

(External device 50)
The external device 50 is various devices that receive the user's mobile driving license information from the mobile terminal device 20 registered as a mobile driving license. The external device 50 can be composed of a server connected to the communication network NW, and can be composed of a server and an authentication medium access device that is a terminal device connected to the server via a communication line.

  For example, the external device 50 can be used for a driving permission device installed in a car, a terminal device for a driver's license check, a terminal device for applying for a financial service of a bank, a mobile phone contract, or buying and selling used goods. A terminal device for acquiring data and a server connected to the terminal device via a communication line.

  The external device 50 stores a key pair of its own external device private key TSc and external device public key TK. Only the external device 50 stores the external device secret key TSc. In addition, the external device public key certification signature TKD in which the external device public key TK is electronically signed by the terminal authentication server 40 of the license certificate authority CA is stored.

  When the external device 50 is a device registered in a certificate authority other than the license certificate authority CA, the certificate authority that has registered the external device 50 sends the certificate authority public key of the certificate authority to the external device 50. An external device public key certification signature TKD that can be decrypted by using this is given. The external device public key certification signature TKD ensures that the external device public key TK of the external device 50 is a legitimate external device public key TK registered in the certificate authority.

  Then, the external device 50 notifies the IC card driving license 10 and the mobile terminal device 20 of the external device public key certification signature TKD, thereby authenticating the validity of the external device 50.

  Here, a key pair of the external device private key TSc and the external device public key TK can be stored for each authentication medium access device of the plurality of terminal devices of the external device 50.

  The IC card driver's license 10 and the portable terminal device 20 transmit information that can be notified to these devices in accordance with the authentication level of which certificate authority guarantees the validity of the external device 50.

  The external device 50 authenticates the mobile terminal device 20 registered as a mobile driver's license in the terminal authentication server 40 as follows. First, the external device 50 receives from the mobile terminal device 20 a mobile terminal device public key MoK and a mobile license public key certificate signature MoKD that is an electronic signature thereof.

  Then, the external device 50 decrypts the mobile license public key certification signature MoKD using the certification authority public key CaK of the mobile driving license management organization, so that the mobile terminal device 20 is mobile equivalent to the IC card driving license 10. Authenticate that you have a driver's license.

  That is, the external device 50 first authenticates that the mobile terminal device public key MoK of the mobile terminal device 20 is a regular key of the mobile driver's license managed by the terminal authentication server 40.

  Next, the external device 50 transmits information encrypted with the mobile terminal device public key MoK to the mobile terminal device 20.

  Then, the mobile terminal device 20 decrypts the decrypted information using the mobile terminal device private key MoSc, and encrypts the reply information to the information using the mobile terminal device private key MoSc. It transmits to the external device 50.

  The external device 50 receives the reply information from the mobile terminal device 20, so that the mobile terminal device 20 is the only device driving license that can decrypt the encrypted information transmitted by the external device 50. Authenticate.

  The external device 50 transmits a session key (common key) encrypted by using the mobile terminal device public key MoK of the mobile terminal device 20 to the mobile terminal device 20, and secures it with the mobile terminal device 20. Encrypted communication performed by sharing a session key (common key) such as a socket layer (Secure Socket Layer: abbreviated as SSL) can be established.

  And the mobile driver's license information is received from the portable terminal device 20 by the encrypted communication.

  Here, since the mobile driving license information of the user leaks to the outside, there is a problem that the mobile driving license information can be notified to the external device 50 by a person other than the user.

  Therefore, the external device 50 is valid only for the mobile driver's license information received from the mobile terminal device 20 that has been authenticated as a mobile driver's license in order to exclude information notified by others other than the user. Processes that are regarded as guaranteed mobile driver's license information.

(Processing procedure)
Next, the processing procedure of the mobile driver's license system of the first embodiment will be described with reference to the flowcharts of FIGS.

(Registration of the mobile terminal device 20 in the terminal authentication server 40)
In step S1 to step S6 of the flowchart of FIG. 2, the mobile terminal device 20 of the user downloads the mobile application program 110 from the terminal authentication server 40, installs it in a memory having a tamper resistant structure, and stores it. Further, the terminal authentication server 40 registers the user ID data of the mobile terminal device 20 and the mobile terminal device public key MoK, and registers the mobile terminal device 20 as a candidate for a mobile driving license.

(Step S1) Registering the mobile terminal device 20 in the terminal authentication server 40 The user downloads the mobile application program 110 from the terminal authentication server 40 to the mobile terminal device 20 and installs it in the memory having a tamper-resistant structure. At that time, the terminal authentication server 40 registers the user ID data of the user's mobile terminal device 20.

(Step S2) Initial Issue Processing of Mobile Driver's License Next, the user activates the mobile application program 110 of the mobile terminal device 20.

(Step S3) User Biometric Authentication When the mobile driver's license is in the initial issuance state, the mobile application program 110 first uses the biometric information of the user using the biometric authentication means 23 of the mobile terminal device 20. Read from the user and biometrically authenticates the user.

  The biometric authentication of the user using the biometric authentication means 23 authenticates the user by performing biometric authentication such as fingerprint, pupil iris, palm vein authentication, and face authentication.

(Step S3a)
For example, when authenticating a user by face authentication, the user activates the biometric authentication means 23 of the mobile terminal device 20 and takes a picture of his / her face with the camera 22.

(Step S3b)
The biometric authentication unit 23 collates the image data of the face photograph taken by the user with the image data of the face photograph registered in the mobile terminal device 20, and determines that biometric authentication is successful if they match.

(Step S4) Creation of Key Pair When the biometric authentication unit 23 of the mobile terminal device 20 succeeds in biometric authentication of the user, the encryption key generation unit 24 of the mobile application program 110 performs the mobile terminal device as follows. A key pair of 20 mobile terminal device private keys MoSc and mobile terminal device public keys MoK is created.

  That is, the encryption key creating unit 24 creates a key pair of the mobile terminal device private key MoSc and the mobile terminal device public key MoK, and stores the key pair in the tamper-resistant memory of the mobile terminal device 20. The mobile terminal device public key MoK is notified to the external device 50, but only the mobile terminal device 20 stores the mobile terminal device private key MoSc.

(Step S5)
The encryption key creation means 24 transmits the user ID data of the mobile terminal device 20 and the mobile terminal device public key MoK to the terminal authentication server 40 and requests the creation of the public key certification signature APKD.

(Step S6)
The terminal authentication server 40 first stores the user ID data received from the mobile terminal device 20 and the mobile terminal device public key MoK in a database, and stores the mobile terminal device 20 as a candidate for a mobile driving license. Register as Then, a public key certification signature APKD obtained by encrypting the mobile terminal device public key MoK of the mobile terminal device 20 with the certificate authority private key CaSc is generated and transmitted to the mobile terminal device 20.

(Step S6 ′)
The portable terminal device 20 stores the received public key certificate signature APKD.

(Mobile driver's license issuance process)
Next, in steps S7 to S14 in the flowchart of FIG. 3, the user's portable terminal device 20 is registered in the mobile driver's license.

  Here, when a lot of time has elapsed since the user biometric authentication process in the previous step S3, the user biometric authentication process in step S3 is performed, and then the process proceeds to step S7 and subsequent steps.

(Step S7) Reading of information of IC card driver's license 10 The portable terminal device 20 causes the user's IC card driver's license 10 to be held close to the short-range wireless communication means 21 of the portable terminal device 20. The user's IC card driving license 10 is communicated with the portable terminal device 20.

  The mobile terminal device 20 transmits the mobile terminal device public key MoK and the public key certificate signature APKD to the IC card driver license 10 in order to authenticate itself to the IC card driver license 10.

(Step S8)
The IC card driving license 10 uses the mobile terminal device 20 registered in the license certificate authority CA by decrypting the public key certificate signature APKD received from the mobile terminal device 20 using the certificate authority public key CaK. Authenticate that you are a license candidate.

(Step S9)
Next, the mobile application program 110 of the portable terminal device 20 allows the user to input the PIN numbers PIN1 and PIN2 of the IC card driving license 10 from the input means of the portable terminal device 20. The mobile application program 110 stores the input passwords PIN1 and PIN2.

  Then, the mobile terminal device 20 transmits the personal identification numbers PIN1 and PIN2 to the IC card driving license 10.

(Step S10)
The IC card driver's license 10 authenticates the user with the received PIN numbers PIN1 and PIN2. The mobile application program 110 of the portable terminal device 20 whose user has been authenticated by the IC card driving license 10 transmits a command requesting IC card driving license information to the IC card driving license 10.

  The IC card driving license 10 transmits the IC card driving license information to the portable terminal device 20 in accordance with the command.

  Then, the portable terminal device 20 obtains the license issuance information Card such as the driver's license issuance number, name, and face image, the hash value Ha, and the hash value Ha from the IC card driving license 10 as a license issuing server. IC card driving license information such as a license signature DSM encrypted with 30 certification authority private keys CaSc is read and stored.

  The above-described processing for reading out the IC card driving license information by the processing from step S7 to step S10 replaces the IC card driving license 10 with the mobile terminal device 20 already registered in the mobile driving license. It can also be performed by approaching the short-range wireless communication means 21 of the portable terminal device 20 that is a license candidate.

(Request for issuing a mobile driver's license)
Next, the mobile application program 110 of the mobile terminal device 20 registers the mobile terminal device 20 in the mobile driver's license by the following processing from step S11 to step S15.

(Step S11)
First, the mobile application program 110 of the mobile terminal device 20 transmits an issuance request command for a mobile license public key certification signature MoKD to the terminal authentication server 40.

At that time, the mobile terminal device 20 receives the user ID data of the mobile terminal device 20, the mobile terminal device public key MoK of the mobile terminal device 20, and the IC card driver's license 10 to the terminal authentication server 40. IC card driver's license information including the biometric information (face image) of the licensed driver and the biometric information of the user registered in the biometric authentication means 23 of the portable terminal device 20 are transmitted to the terminal authentication server 40. Requests the creation of a mobile license public key certificate signature MoKD.

(Step S12)
First, the terminal authentication server 40 receives the IC card driving license information corresponding to the IC card driving license information received from the mobile terminal device 20 from the license issuing server 30, and compares both IC card driving license information. By verifying, the IC card driving license 10 received from the portable terminal device 20 is authenticated.

  Next, the terminal authentication server 40 compares the biometric information of the user registered by the biometric authentication means 23 of the mobile terminal device 20 with the biometric information of the user registered in the IC card driving license information. By doing so, the portable terminal device 20 and its user are authenticated with high security.

  Next, the terminal authentication server 40 associates the user ID data received from the mobile terminal device 20 and the mobile terminal device public key MoK with the license number of the IC card driver's license 10 and stores it in the database. The mobile terminal device 20 is registered as a mobile driver's license.

(Step S13)
Next, the terminal authentication server 40 creates a hash value of the mobile terminal device public key MoK of the mobile terminal device 20 and the license information (at least part of the license information) of the IC card driving license 10. Then, the hash value is encrypted with the certificate authority private key CaSc of the same management organization to create a mobile license public key certification signature MoKD. Then, the terminal authentication server 40 transmits the mobile license public key certificate signature MoKD, the hash value, and the mobile terminal device public key MoK to the mobile terminal device 20.

(Step S14)
The mobile terminal device 20 registered as a mobile driver's license includes a mobile license public key certification signature MoKD, mobile driver's license information including IC card driver's license information, a mobile terminal device private key MoSc, and a mobile terminal device. Public key MoK, the certificate authority public key CaK of the license certificate authority CA, and other necessary public keys of the certificate authorities are stored.

  Through the processing from step S1 to step S14, the mobile terminal device 20 biometrically authenticates the user with the biometric authentication means 23, and then authenticates the IC card driving license information and update information from the IC card driving license 10. Is transmitted to the terminal authentication server 40, and the terminal authentication server 40 gives the mobile terminal device 20 the mobile driver's license by validating the driver's license with the mobile license public key certificate signature MoKD. Register on the certificate.

(Modification 1)
As a first modification, the processing from step S1 to step S14 may be repeated for a plurality of portable terminal devices 20 of the same user so that the plurality of portable terminal devices 20 can be registered in the mobile driver's license.

(Modification 2)
As a modified example 2, as a condition for registering the mobile terminal device 20 registered as a candidate for the mobile driver's license in the license authority CA, it is registered in the mobile driver's license of the user other than the user. The mobile driver's license information is read from the received mobile terminal device 20 and the mobile driver's license information is transmitted to the license certificate authority CA so that it can be authenticated by the license authority CA and registered in the mobile driver's license. It can also be configured as follows.

(Create signed mobile driver's license update information)
The license update signature creating means 25 of the mobile terminal device 20 creates signed mobile driver's license update information through the processing from step S15 to step S20 in the flowchart of FIG.

  The portable terminal device 20 reads the IC card driving license information from the IC card driving license 10 as appropriate even after being registered in the mobile driving license. If the IC card driving license 10 has update information, the license update signature creating means 25 of the mobile terminal device 20 creates signed mobile driving license update information as follows.

(Step S15) Biometric authentication When the mobile application program 110 of the mobile terminal device 20 has passed a predetermined time or more since the previous biometric authentication of the user, the biometric authentication means of the mobile terminal device 20 is processed by the same process as in step S3 23, the user is biometrically authenticated.

(Step S16) Reading Update Information of IC Card Driver's License 10 The mobile terminal device 20 notifies the user of the IC card driver's license to the short-range wireless communication means 21 of the mobile terminal device 20 registered in the mobile driver's license. The portable terminal device 20 is caused to approach the IC card driver's license 10 via the short-range wireless communication means 21 of the portable terminal device 20.

  When the user's biometric authentication is performed, the mobile terminal device 20 carries the IC card driver's license 10 with the mobile phone in order to cause the IC card driver's license 10 to authenticate itself as a mobile driver's license. The terminal device public key MoK and the mobile license public key certificate signature MoKD are transmitted.

(Step S17)
The IC card driving license 10 is obtained by decrypting the mobile license public key certification signature MoKD received from the mobile terminal device 20 by using the certificate authority public key CaK so that the mobile terminal device 20 is registered in the license certificate authority CA. Authenticate that you have a mobile driver's license.

(Step S18)
When the user's biometric authentication is performed, the portable terminal device 20 transmits the PIN numbers PIN1 and PIN2 to the IC card driver's license 10. The IC card driver's license 10 authenticates the user with the received PIN numbers PIN1 and PIN2.

(Step S19)
The mobile application program 110 of the portable terminal device 20 whose user has been authenticated by the IC card driving license 10 transmits a command requesting IC card driving license information to the IC card driving license 10.

  The IC card driving license 10 transmits the IC card driving license information to the portable terminal device 20 in accordance with the command.

  When there is update information in the IC card driving license information received from the IC card driving license 10, the portable terminal device 20 performs the following processing.

(Step S20)
That is, the license update signature creating means 25 of the mobile terminal device 20 creates a hash value of the update information received from the IC card driver's license 10 and encrypts the hash value with its own mobile terminal device private key MoSc. As a result, the update information mobile signature DSMCMo signed by itself is created.

  Then, the mobile application program 110 stores the updated mobile driver's license update information including the update information, the hash value, and the update information mobile signature DSMCMo.

  As described above, the mobile terminal device 20 reads the update information of the IC card driver's license information from the IC card driver's license 10, and the mobile terminal device 20 signs the update information and receives the signed mobile driver's license update information. create.

(Transmission of mobile driver's license information to external device 50)
Next, the mobile application program 110 of the mobile terminal device 20 executes the processing from step S21 to step S26 in FIG. 5 as follows, so that the external device 50 can receive the mobile driving license information and the mobile device license information according to the user's instruction. Send signed mobile driver's license update information.

(Step S21)
When the user activates the mobile application program 110 of the mobile terminal device 20, a default driving license certificate is displayed on the display means of the mobile terminal device 20. In this display, the mobile driver's license information stored in the mobile application program 110 is not yet displayed.

(Step S22)
Next, the user is prompted to input a driver's license information read command.

(Step S23)
The user is allowed to input the designation of the communication means of the external device 50 through which the mobile terminal device 20 communicates with the authentication medium access device of the terminal device of the external device 50 via the short-range wireless communication means 21. That is, the user is allowed to input the designation of the communication means for the wireless LAN of various standards, the proximity communication means such as NFC communication, and other communication means with the external device 50. At that time, the type of the external device 50 of the communication partner may be input.

(Step S24) User Biometric Authentication Next, the biometric authentication means 23 of the mobile terminal device 20 performs biometric authentication of the user by the same processing as in step S3. When the biometric authentication means 23 succeeds in the biometric authentication of the user, the display of the IC card driving license 10 stored in the mobile application program 110 is displayed on the display means of the mobile terminal device 20, and the following is displayed. Then, the process proceeds to step S25.

(Step S25) Mutual Authentication Processing The mobile terminal device 20 authenticates the external device 50 in the following manner, and then sends the mobile device public key MoK and mobile license public key of the mobile terminal device 20 to the external device 50. Send a certification signature MoKD.

  That is, the mobile terminal device 20 receives the external device public key TK and the external device public key certification signature TKD from the external device 50, and the external device public key TK is a regular public key registered in the certificate authority. Is determined.

Next, the mobile terminal device 20 transmits the data encrypted using the external device public key TK to the external device 50. Then, by confirming that the data is decrypted by the external device 50, it is authenticated that the external device 50 is the only device having a secret key related to the external device public key TK.

  The mobile terminal device 20 causes the external device 50 to authenticate itself to the external device 50 by transmitting the mobile terminal device public key MoK and the mobile license public key certification signature MoKD of the mobile terminal device 20.

  The external device 50 decrypts the mobile license public key certification signature MoKD using the certificate authority public key CaK, so that the mobile terminal public key MoK is registered in the terminal authentication server 40 as a regular mobile device. Confirm that it is the public key of the driver's license.

  Next, the external device 50 transmits data encrypted using the mobile terminal device public key MoK notified from the mobile terminal device 20 to the mobile terminal device 20. Then, the external device 50 confirms that the data is decrypted by the mobile terminal device 20, so that the mobile terminal device 20 has the only secret key related to the mobile terminal device public key MoK of the mobile driver's license. Authenticate that the device.

  The mobile terminal device 20 and the external device 50 thus mutually authenticated establish encrypted communication by sharing a session key such as SSL.

(Step S26) Mobile Driver's License Information Transmission Processing The mobile terminal device 20 responds to the external device 50 authenticated by the above processing according to which certificate authority's signature guarantees the validity of the external device 50. The mobile driver's license information that can be notified and the signed mobile driver's license update information are transmitted by encrypted communication in accordance with an operation instructed by the user.

  As described above, after the biometric authentication unit 23 of the mobile terminal device 20 authenticates the user through the biometric authentication of the user, the mobile terminal device 20 can be notified to the external device 50 with the mobile driving license information and the signature. Send mobile driver license update information.

  As described above, by authenticating the user by biometric authentication, it is possible to save the IC card driver's license information with the IC card driver's license with high security while saving the trouble of inputting the PIN numbers PIN1 and PIN2 from the portable terminal device 20. There is an effect that the data can be read from 10 and transmitted to the external device 50.

  Here, the update information mobile signature DSMCMo is added to the signed mobile driver's license update information transmitted from the mobile terminal device 20 to the external device 50, and the electronic signature is added.

  The external device 50 decrypts the update information mobile signature DSMCMo using the mobile terminal device public key MoK, so that the update information mobile signature DSMCMo is signed by the mobile terminal device 20 of a regular mobile driver's license. Confirm that the reliability of information is guaranteed.

  In other words, the signed mobile driver license update information transmitted to the external device 50 includes the update information mobile signature DSMCMo which is an electronic signature by the mobile terminal device 20 of the regular mobile driver license managed by the terminal authentication server 40. This has the effect of ensuring the validity of the license renewal information.

<Second Embodiment>
(Configuration of mobile driver's license system)
The mobile driver's license system of the second embodiment is configured as shown in the block diagram of FIG. That is, the IC card driving license 10, the mobile terminal device 20 connected to the communication network NW, the license issuing server 30 and the terminal authentication server 40 installed in the license authority CA (Certificate Authority), The license update information server 31 is installed in the license certificate authority CA2 in the user's final residence.

  The mobile terminal device 20 communicates with various external devices 50 that require mobile driver license information from the user, and transmits the mobile driver license information.

  The second embodiment is different from the first embodiment in that the mobile terminal device 20 does not have the encryption key creation means 24 and the license update signature creation means 25, and the terminal authentication server 40 sets the encryption key pair. It is to create and transmit to the mobile terminal device 20.

  Another difference of the second embodiment from the first embodiment is that the license update information server 31 of the license certificate authority CA2 in the user's final residence is the IC card driver's license 10. Update information and an update information server signature DSMCCo which is an electronic signature of the information are created and transmitted to the mobile terminal device 20.

(License update server 31)
The license update information server 31 is installed in the license certificate authority CA2 in the area where the user finally resides, in a different area from the license certificate authority CA. Further, the license issuing server 30 of the license certificate authority CA can also serve as the license update information server 31.

  The license update information server 31 of the license certificate authority CA2 performs encrypted communication after mutual authentication with the mobile terminal device 20 using the certificate authority private key CaSc2 and the certificate authority public key CaK2.

(Server-signed mobile driver's license update information)
The license update information server 31 transmits the server-signed mobile driver license update information, which is information that can be transmitted only to the mobile driver license, to the mobile terminal device 20 that has been authenticated as a mobile driver license. The mobile terminal device 20 stores the server-signed mobile driver's license update information and transmits it to the external device 50 at a necessary opportunity.

  The license update information server 31 creates server driver-added mobile driver license update information having the following data structure. That is, the license update information server 31 creates a hash value of the license update information obtained by updating the ticket information of the license information of the IC card driver's license 10 such as an address change, a name change (marriage etc.), An update information server signature DSMCCo in which the hash value is encrypted with the certificate authority private key CaSc2 of the license certificate authority CA2 is created and electronically signed.

  The update information of the IC card driver's license 10, the hash value of the update information, the certificate authority public key CaK2, and the update information server signature DSMCCo constitute mobile driver's license update information with a server signature.

(Portable terminal device 20)
The mobile terminal device 20 is configured in the same manner as in the first embodiment, and the mobile terminal device public key MoK of the mobile terminal device 20 and the license information of the IC card driving license 10 are linked from the terminal authentication server 40. A mobile driving license can be obtained by giving the created mobile license public key certificate signature MoKD.

  The mobile application program 110 of the mobile terminal device 20 of the second embodiment does not have the encryption key creation unit 24 and the license update signature creation unit 25 in the first embodiment.

  The mobile application program 110 receives and stores the encryption key pair created by the terminal authentication server 40.

  In addition, the mobile application program 110 is a server including the update information of the IC card driving license 10 and the update information server signature DSMCCo created by the license update information server 31 from the license update information server 31 of the license certificate authority CA2. Receive and store signed mobile driver license update information.

(Authentication of license update information by external device 50)
The mobile terminal device 20 transmits the mobile driver's license update information with the server signature to the external device 50.

  The external device 50 confirms that the update information of the license information has not been altered by decrypting the update information server signature DSMCCo with the certificate authority public key CaK2. In this way, by using the update information server signature DSMCCo, the external device 50 confirms the validity of the update information of the license information of the IC card driver's license 10.

  As a method of granting validity to the certification authority public key CaK2, the external device 50 can give validity to the certification authority public key CaK2 by storing the certification authority public key CaK2. Alternatively, the portable terminal device 20 stores a signature created by encrypting the certificate authority public key CaK2 by the certificate authority private key CaSc of the license issuance server 30 of the license certificate authority CA, and transmits the signature to the external device 50. Thus, the certificate authority public key CaK2 can be validated.

(Processing procedure)
Next, a processing procedure of the mobile driver's license system according to the second embodiment will be described with reference to the flowcharts of FIGS.

(Registration of the mobile terminal device 20 in the terminal authentication server 40)
7, the mobile terminal device 20 of the user downloads the mobile application program 110 from the terminal authentication server 40, installs it in a memory having a tamper resistant structure, and stores it.

  Further, the terminal authentication server 40 registers the user ID data of the mobile terminal device 20 and the mobile terminal device public key MoK, and registers the mobile terminal device 20 as a candidate for a mobile driving license.

  In the present embodiment, the terminal authentication server 40 creates an encryption key pair and transmits it to the mobile terminal device 20 in step S35.

(Mobile driver's license issuance process)
Next, by the processing from step S37 to step S44 in the flowchart of FIG. 8, the terminal authentication server 40 gives the driver's license validity to the user's portable terminal device 20 with the mobile license public key certification signature MoKD. The user's mobile terminal device 20 is registered in the mobile driver's license.

(Steps S37 to S40)
In the processing from step S37 to S40, the mobile terminal device 20 reads the IC card driving license information from the IC card driving license 10.

(Step S41)
In step S <b> 41, the mobile terminal device 20 receives the user ID data of the mobile terminal device 20, the mobile terminal device public key MoK of the mobile terminal device 20, and the IC card driving license 10 from the terminal authentication server 40. IC card driver's license information including the biometric information (face image) of the licensed driver and the biometric information of the user registered in the biometric authentication means 23 of the portable terminal device 20 are transmitted to the terminal authentication server 40. Requests the creation of a mobile license public key certificate signature MoKD.

(Step S42)
In step S42, the terminal authentication server 40 receives the IC card driving license information of the user from the license issuing server 30, and compares the IC card driving license information received from the mobile terminal device 20 with the mobile terminal. The device 20 is authenticated. Then, the mobile terminal device 20 is registered as a mobile driving license.

(Steps S43 and S44)
In step S43, the terminal authentication server 40 creates a mobile license public key certificate signature MoKD and transmits it to the mobile terminal device 20. In step S44, the mobile terminal device 20 uses the mobile license public key certificate signature MoKD, the mobile driver license information including the IC card driver license information, the mobile terminal device private key MoSc, and the mobile terminal device public key MoK. And the certificate authority public key CaK of the license certificate authority CA and other necessary public keys of the certificate authorities are stored.

(Modification 3)
As modification 3, the process of reading the user's card information from the IC card driver's license 10 in steps S37 to S40, from an IC card such as a My Number card that records biometric information such as the user's face photo data, It can be replaced with a process of reading user card information.

  That is, in steps S37 to S40, the mobile terminal device 20 registered as a candidate for a mobile driving license in the license certificate authority CA reads the card information of the user from an IC card such as a my number card.

  Then, in step S41, the card information and the biometric information of the user registered in the biometric authentication means 23 of the portable terminal device 20 are transmitted to the terminal authentication server 40 of the license certificate authority CA to be mobile. Ask for a driver's license.

  In step S42, the terminal authentication server 40 obtains the card information of the user of the IC card such as My Number Card, the biometric information of the user registered in the biometric authentication means 23 of the mobile terminal device 20, and the license issuance. By verifying the user's IC card driving license information received from the server 30, the user's portable terminal device 20 is authenticated and registered in the mobile driving license.

  The terminal authentication server 40 includes the mobile terminal device public key MoK of the mobile terminal device 20 and the user's IC card driving license information (at least part of the IC card driving license information) received from the license issuing server 30. And the hash value is encrypted with the certificate authority private key CaSc to create the mobile license public key certificate signature MoKD.

  Then, the terminal authentication server 40 transmits the mobile license public key certificate signature MoKD and the user's IC card driving license information received from the license issuing server 30 to the mobile terminal device 20 and stores them in the mobile terminal device 20. Let

(Receiving mobile driver license update information with server signature)
Next, the mobile application program 110 of the mobile terminal device 20 receives and stores the server-signed mobile driver's license update information from the license update information server 31 by the processing from step S45 to step S49 in the flowchart of FIG. Process. The mobile terminal device 20 can also receive the mobile driving license information of the IC card driving license 10 from the license issuing server 30 as necessary.

(Step S45) Biometric authentication The mobile application program 110 of the portable terminal device 20 uses the biometric authentication means 23 of the portable terminal device 20 to identify the user when a predetermined time or more has elapsed since the previous biometric authentication of the user. Biometrically authenticate.

(Step S46) Transmission of Update Information Request Command When the mobile application program 110 can biometrically authenticate the user, the mobile application program 110 requests a license update information request command for requesting the latest license update information from the license update information server 31. The mobile terminal device public key MoK and the mobile license public key certificate signature MoKD for certifying its own validity are transmitted.

(Step S47) Authentication of Mobile Terminal Device 20 The license update information server 31 confirms the mobile terminal device public key MoK and the mobile license public key certificate signature MoKD received from the mobile terminal device 20, thereby enabling the mobile terminal device 20 to Authenticate as a mobile driver's license.

(Step S48) Creation of Mobile Driver License Update Information with Server Signature The license update information server 31 generates a hash value of the update information of the IC card driver license 10, and encrypts the hash value with the certificate authority private key CaSc2. An updated information server signature DSMCCo is created and signed.

  The license update information server 31 receives the mobile driver's license update information with the server signature composed of the update information of the IC card driver's license 10, the hash value of the update information, and the update information server signature DSMCCo. Send to.

(Step S49) Storage of server-signed mobile driver license update information The mobile terminal device 20 receives and stores the server-signed mobile driver license update information of the IC card driver license 10 from the license update information server 31. .

  The mobile terminal device 20 stores the latest mobile driver license update information with a server signature by appropriately executing the processing from step S45 to step S49.

(Transmission of mobile driver's license information to external device 50)
Next, the mobile application program 110 of the mobile terminal device 20 sends the mobile driver license information of the IC card driver license 10 and the server-signed mobile driver license to the external device 50 in accordance with the processing from step S51 to step S56 of FIG. Send update information.

  As described above, after the biometric authentication unit 23 of the mobile terminal device 20 authenticates the user by the biometric authentication of the user, the mobile terminal license information and the server signature that the mobile terminal device 20 can notify to the external device 50 are obtained. Send mobile driver license update information.

<Third Embodiment>
(Configuration of mobile driver's license system)
The mobile driving license system of the third embodiment is configured as shown in the block diagram of FIG. That is, it comprises an IC card driving license 10, a mobile terminal device 20 connected to the communication network NW, a license issuing server 30 and a terminal authentication server 40 installed in the license certificate authority CA.

  The mobile terminal device 20 transmits the mobile driver's license information from the user to the various external devices 50a that require the mobile driver's license information from the user via the communication network NW.

  The third embodiment is different from the first embodiment in that the external device 50a communicates with the mobile terminal device 20 using the encrypted communication means 52 via the communication network NW. Receiving mobile driver's license information from the device 20. In the third embodiment, a system having the same configuration as that of the second embodiment can be used except for the portion related to the external device 50a.

(External device 50a)
The external device 50a of the third embodiment is a server device, and the user's mobile driver's license from the mobile terminal device 20 registered as a mobile driver's license via the communication network NW using the encrypted communication means 52. Receive the certificate information. For example, the external device 50a is a server device that buys and sells merchandise using the Internet, and acquires user identification data via the communication network NW.

  The encrypted communication means 52 of the external device 50a shares a session key (common key) such as a secure socket layer (SSL) with the user's mobile terminal device 20. Establish encrypted communication to be performed and receive the user's mobile driving license information.

(Procedure for sending mobile driver's license information to external device 50a)
Next, in the third embodiment, a procedure in which the mobile application program 110 of the mobile terminal device 20 transmits the mobile driver's license information and the signed mobile driver's license update information to the external device 50 according to the user's instruction. This will be described with reference to the flowchart of FIG.

(Steps S21 to S22)
The procedure in which the user activates the mobile application of the mobile terminal device 20 and inputs the driver's license information read command performs the same processing as steps S21 to S25 of the first embodiment.

(Step S23)
The user causes the mobile terminal device 20 to input designation of communication means for communicating with the external device 50a via the communication network NW. That is, the user is allowed to specify processing for communicating with the server of the external device 50a via the communication network NW.

(Step S24) User Biometric Authentication Next, the biometric authentication means 23 of the mobile terminal device 20 performs biometric authentication of the user by the same processing as in step S3. When the biometric authentication means 23 succeeds in the biometric authentication of the user, the display of the IC card driving license 10 stored in the mobile application program 110 is displayed on the display means of the mobile terminal device 20, and the following is displayed. Then, the process proceeds to step S25.

(Step S25) Mutual Authentication Processing The mobile terminal device 20 authenticates the external device 50a as follows, and then the mobile device 20a public key MoK and mobile license public key of the mobile terminal device 20 are sent to the external device 50a. Send a certification signature MoKD.

  That is, the mobile terminal device 20 uses a secure socket layer (SSL) for sharing the session key (common key) with the mobile terminal device 20 via the communication network NW to the encrypted communication means 52 of the external device 50a. Establish encrypted communication.

  Through the encrypted communication, the portable terminal device 20 receives the external device public key TK and the external device public key certification signature TKD from the external device 50a, and the external device public key TK is registered in the certificate authority. Judged to be a public key.

  Next, the mobile terminal device 20 transmits the data encrypted using the external device public key TK to the external device 50a. Then, by confirming that the data is decrypted by the external device 50a, it is authenticated that the external device 50a is the only device having a secret key related to the external device public key TK.

  The mobile terminal device 20 causes the external device 50a to authenticate itself by transmitting the mobile terminal device public key MoK and the mobile license public key certificate signature MoKD of the mobile terminal device 20 to the external device 50a.

  The external device 50a decrypts the mobile license public key certification signature MoKD using the certificate authority public key CaK, so that the mobile terminal public key MoK is registered in the terminal authentication server 40 as a regular mobile device. Confirm that it is the public key of the driver's license.

  Next, the external device 50 a transmits data encrypted using the mobile terminal device public key MoK notified from the mobile terminal device 20 to the mobile terminal device 20. Then, the external device 50a confirms that the data is decrypted by the mobile terminal device 20, so that the mobile terminal device 20 has the only secret key related to the mobile terminal device public key MoK for the mobile driver's license. Authenticate that the device.

(Step S26) Mobile Driver's License Information Transmission Processing The mobile terminal device 20 responds to the external device 50a authenticated by the above processing according to which certificate authority's signature guarantees the validity of the external device 50a. The mobile driver's license information that can be notified and the signed mobile driver's license update information are transmitted by encrypted communication in accordance with an operation instructed by the user.

  As described above, after the biometric authentication unit 23 of the mobile terminal device 20 authenticates the user by the biometric authentication of the user, the mobile terminal device 20 can notify the external device 50a via the communication network NW. Send driver license information and signed mobile driver license update information.

(Modification 4)
As a fourth modification, the license certification authority CA stores the biometric information of the user, and the mobile terminal device 20 stores the biometric information of the user acquired by the biometric authentication means 23 of the mobile terminal device 20 in the terminal authentication server 40. The mobile terminal device 20 registers the mobile terminal device 20 as a mobile driver's license by transmitting and authenticating the user information by comparing the biometric information with the biometric information of the user stored in the license certificate authority CA. A driver's license system can be configured.

<Fourth Embodiment>
(Configuration of mobile driver's license system)
The mobile driving license system of the fourth embodiment is configured as shown in the block diagram of FIG. That is, it comprises an IC card driving license 10, a mobile terminal device 20 connected to the communication network NW, a license issuing server 30 and a terminal authentication server 40 installed in the license certificate authority CA.

  The mobile terminal device 20 communicates with various external devices 50 that require mobile driver license information from the user, and transmits the mobile driver license information.

  The fourth embodiment is different from the first to third embodiments in that the mobile terminal device 20 is a mobile application program 110 instead of the biometric authentication means 23 as a user authentication means for a mobile driver's license. The user authentication means 26 is used.

(License Certification Authority CA)
The terminal authentication server 40 of the license certificate authority CA authenticates the mobile terminal device 20 and its user, and then registers the mobile terminal device 20 as a mobile driving license. In the authentication process, the terminal authentication server 40 directly connects the mobile terminal device 20 to a dedicated mobile driver's license issuing device connected to the terminal authentication server 40 via a dedicated line, and the mobile driver's license issuing device. The user's IC card driver's license 10 is also connected and confirmed to authenticate the mobile terminal device 20 and the user.

  In the authentication of the user, the user can be authenticated by inputting the personal identification numbers PIN1 and PIN2, or the user can be authenticated by another means.

  The terminal authentication server 40 authenticates the user and the mobile terminal device 20, and then installs and operates the mobile application program 110 on the mobile terminal device 20, and uses the mobile terminal device 20 as a mobile driving license. Register in the database.

  That is, the terminal authentication server 40 of the license certificate authority CA authenticates and examines the mobile terminal device 20 with high security for making it a mobile driver's license, and then checks the mobile terminal device 20 with a mobile driver's license. Register as

(Mobile license public key certificate signature MoKD)
At that time, the terminal authentication server 40 creates a key pair of the mobile terminal device private key MoSc and the mobile terminal device public key MoK for the mobile driver's license, and further generates the mobile license public key certificate signature MoKD. They are created and stored in the mobile terminal device 20.

  Further, the terminal authentication server 40 includes, in the user's portable terminal device 20, data of the license signature DSM and the user's personal identification numbers PIN1 and PIN2 read from the user's IC card driving license 10. The IC card driving license information, the certification authority public key CaK of the license certification authority CA, the public key of each certification authority necessary for authenticating the external device 50 connected to the communication network NW, and the like are stored.

(Portable terminal device 20)
The mobile terminal device 20 is a mobile phone such as a smartphone used by a user. The mobile terminal device 20 includes a short-range wireless communication unit 21 as shown in FIG.

  The mobile terminal device 20 registered as a mobile driver's license has an encryption key creation means 24, a license update signature creation means 25, and a user authentication means 26 by installing the mobile application program 110.

The mobile terminal device 20 registered as a mobile driver's license displays the IC card driver's license information and the user's face image on the display means of the mobile terminal device 20 in accordance with instructions from the user.

(Near field communication means 21)
The mobile terminal device 20 can communicate with the IC card driving license 10 owned by the user, the external device 50 and other mobile terminal devices 20 using the short-range wireless communication means 21.

(User authentication means 26)
The user authentication means 26 of the portable terminal device 20 registered as a mobile driver's license is such that the user inputs the user's personal identification number PIN1 or PIN2 from the external device 50 and receives the personal identification number from the external device 50. In this case, the user is authenticated in the same manner as the IC card driver's license 10, and the IC card driver's license information is transmitted to the external device 50.

  Further, the user authentication means 26 authenticates the user when the user inputs the user's personal identification number PIN1 or PIN2 from the portable terminal device 20, and then determines whether the external device is valid. Information that can be notified to the external device 50 is transmitted according to the authentication level assured by the signature of the certificate authority.

  If the user authentication means 26 of the portable terminal device 20 does not receive a personal identification number from the user, the user authentication means 26 determines that user authentication has not been established, and does not transmit data such as IC card driving license information to the external device 50. , Keep your driver's license information secure.

  When the user authentication unit 26 succeeds in personal authentication of the user, the mobile application program 110 of the mobile terminal device 20 uses the external device 50 in the same manner as in the first to third embodiments according to the user's instruction. Certify.

  That is, the mobile terminal device 20 transmits information that can be transmitted according to the authentication level of the certificate authority that has registered the external device public key TK of the external device 50 to the external device 50 in accordance with a user instruction.

(License renewal signature creation means 25)
When the mobile terminal device 20 receives the license information from the IC card driver's license 10 and there is update information in the license information, the mobile terminal device 20 uses the mobile terminal device private key MoSc for the update information. The update information mobile signature DSMCMo as a signature is created, and the signed mobile driver's license update information digitally signed by itself is created.

  Then, the portable terminal device 20 uses the update information mobile signature DSMCMo to provide the external device 50 with the face information such as the address change, name change (marital, etc.) of the license information of the IC card driver's license 10. Make the renewed license update information valid.

(Processing procedure)
Next, the processing procedure of the mobile driver's license system of the fourth embodiment will be described with reference to the flowcharts of FIGS. First, the mobile application program 110 is installed in the mobile terminal device 20 as follows by the processing from step S61 to step S61 in FIG.

(Step S61)
The terminal authentication server 40 of the license certificate authority CA authenticates the mobile terminal device 20 and its user, and then registers the mobile terminal device 20 as a mobile driving license. In the authentication / examination process, the terminal authentication server 40 directly connects the mobile terminal device 20 to a dedicated mobile driver's license issuing device connected to the terminal authentication server 40 via a dedicated line, and the mobile driver's license. By connecting and checking the user's IC card driving license 10 to the issuing device, the mobile terminal device 20 and its user are authenticated and examined with high security.

  The terminal authentication server 40 uses the user ID data received from the mobile terminal device 20 and the mobile terminal device public key MoK for the mobile terminal device 20 that has passed the examination, and the license number of the IC card driving license 10. Is stored in the database, and the mobile terminal device 20 is registered as a mobile driving license.

(Step S62)
The terminal authentication server 40 creates a mobile license public key certificate signature MoKD of the mobile terminal device 20 registered as a mobile driver's license.

(Step S63)
The terminal authentication server 40 installs and operates the mobile application program 110 in the mobile terminal device 20 and stores the mobile license public key certificate signature MoKD in the mobile terminal device 20.

  Further, the terminal authentication server 40 provides the user's portable terminal device 20 with the IC card driving license information including the license signature DSM and the user's personal identification numbers PIN1 and PIN2, and the license certificate authority CA. And the public key of each certificate authority necessary for authenticating the external device 50 connected to the communication network NW.

(Create signed mobile driver's license update information)
The license update signature creating means 25 of the mobile terminal device 20 creates signed mobile driver's license update information by the processing from step S64 to step S69 in the flowchart of FIG.

  The mobile application program 110 of the mobile terminal device 20 reads the IC card driving license information from the IC card driving license 10, and if the IC card driving license 10 has update information, the license update signature of the mobile terminal device 20 is read. The creation means 25 creates signed mobile driver's license update information as follows.

(Step S64) User Authentication The user authentication means 26 of the mobile application program 110 authenticates the user by allowing the user to input the user PIN number PIN1 or PIN2 from the input means of the mobile terminal device 20. .

(Step S65) Reading Update Information of IC Card Driver's License 10 The mobile terminal device 20 sends the IC card driver's license to the short-distance wireless communication means 21 of the mobile terminal device 20 registered in the mobile driver's license. The portable terminal device 20 is caused to approach the IC card driver's license 10 via the short-range wireless communication means 21 of the portable terminal device 20.

  In order for the mobile terminal device 20 to authenticate itself to the IC card driver's license 10 that it is a mobile driver's license, the mobile terminal device's public key MoK and mobile driver's public key certificate are used for the IC card driver's license 10. Send the signature MoKD.

(Step S66)
The IC card driving license 10 is obtained by decrypting the mobile license public key certification signature MoKD received from the mobile terminal device 20 by using the certificate authority public key CaK so that the mobile terminal device 20 is registered in the license certificate authority CA. Authenticate that you have a mobile driver's license.

(Step S67)
The user authentication means 26 of the portable terminal device 20 transmits the PIN numbers PIN1 and PIN2 previously input by the user to the IC card driving license 10. The IC card driver's license 10 authenticates the user with the received PIN numbers PIN1 and PIN2.

(Step S68)
The mobile application program 110 of the portable terminal device 20 whose user has been authenticated by the IC card driving license 10 transmits a command requesting IC card driving license information to the IC card driving license 10.

  The IC card driving license 10 transmits the IC card driving license information to the portable terminal device 20 in accordance with the command.

(Step S69)
When there is update information in the IC card driving license information received from the IC card driving license 10, the portable terminal device 20 proceeds to step S70.

(Step S70)
The license update signature creating means 25 of the mobile terminal device 20 creates a hash value of the update information received from the IC card driving license 10 and encrypts the hash value with its own mobile terminal device private key MoSc. The update information mobile signature DSMCMo signed by itself is created.

  Then, the mobile application program 110 stores the updated mobile driver's license update information including the update information, the hash value, and the update information mobile signature DSMCMo.

  As described above, the mobile terminal device 20 reads the update information of the IC card driver's license information from the IC card driver's license 10, and the mobile terminal device 20 signs the update information and receives the signed mobile driver's license update information. create.

(Transmission of mobile driver's license information to external device 50)
Next, the mobile application program 110 of the mobile terminal device 20 executes the processing from step S71 to step S76 in FIG. 15 as follows, so that the external device 50 can receive the mobile driver's license information and the information according to the user's instruction. Send signed mobile driver's license update information.

(Step S71)
When the user activates the mobile application program 110 of the mobile terminal device 20, the driver's license certificate is displayed on the display means of the mobile terminal device 20.

(Step S72)
Next, the user is caused to input a command for notifying the external device of the driver's license information.

(Step S73)
The user is allowed to input the designation of the communication means of the external device 50 with which the mobile terminal device 20 communicates with the external device 50. That is, the user is allowed to input the designation of the communication means for the wireless LAN of various standards, the proximity communication means such as NFC communication, and other communication means with the external device 50. At that time, the type of the external device 50 of the communication partner may be input.

(Step S74) User Authentication Next, the user authentication unit 26 authenticates the user by causing the user to input the user's personal identification number PIN1 or PIN2 from the input unit of the mobile terminal device 20. When the user authentication means 26 authenticates the user, the process proceeds to step S76.

(Step S75) Mutual Authentication Processing The mobile terminal device 20 authenticates the external device 50 as follows, and then the mobile device 20 public key MoK and mobile license public key of the mobile terminal device 20 are sent to the external device 50. Send a certification signature MoKD.

  The external device 50 decrypts the mobile license public key certification signature MoKD using the certificate authority public key CaK, so that the mobile terminal public key MoK is registered in the terminal authentication server 40 as a regular mobile device. Confirm that it is the public key of the driver's license.

  Next, the external device 50 transmits data encrypted using the mobile terminal device public key MoK notified from the mobile terminal device 20 to the mobile terminal device 20. Then, the external device 50 confirms that the data is decrypted by the mobile terminal device 20, so that the mobile terminal device 20 has the only secret key related to the mobile terminal device public key MoK of the mobile driver's license. Authenticate that the device.

  The mobile terminal device 20 and the external device 50 thus mutually authenticated establish encrypted communication by sharing a session key such as SSL.

(Step S76) Mobile Driver's License Information Transmission Processing The mobile terminal device 20 responds to the external device 50 authenticated by the above processing according to which certificate authority's signature guarantees the validity of the external device 50. The mobile driver's license information that can be notified and the signed mobile driver's license update information are transmitted by encrypted communication in accordance with an operation instructed by the user.

  As described above, the user authentication unit 26 of the mobile application program 110 authenticates the user by allowing the user to input the personal identification number PIN1 or PIN2, and then the mobile terminal device 20 transfers the mobile device to the external device 50. Send driver license information and signed mobile driver license update information.

  Here, the update information mobile signature in which the signed mobile driver's license update information transmitted from the mobile terminal device 20 to the external device 50 is an electronic signature by the authorized mobile terminal device 20 managed by the terminal authentication server 40. By including DSMCMo, there is an effect that the validity of the license update information is secured.

  In addition, this invention is not limited to the above embodiment, As a user authentication means, the positioning device of a location is provided in the user's portable terminal device 10, and the presence of the portable terminal device 10 measured by the positioning device By using user authentication means for authenticating the user based on the position, it is possible to omit the input of the personal identification number PIN1 or PIN2 by the user.

  Alternatively, as the user authentication means, a means for authenticating the user by the user responding to the user confirmation e-mail addressed to the mail address registered for the user in the user's portable terminal device 10 is used. You can also.

DESCRIPTION OF SYMBOLS 10 ... IC card driving license 20 ... Portable terminal device 21 ... Short-range wireless communication means 22 ... Camera 23 ... Biometric authentication means 24 ... Encryption key creation means 25 ... License Certificate update signature creation means 26... User authentication means 30... License issuance server 31... License update information server 40... Terminal authentication servers 50 and 50 a. Distance wireless communication means 52 ... encrypted communication means 110 ... mobile application program APKD ... public key certification signature CA, CA1, CA2 ... license certificate authority CaK, CaK2 ... certificate authority public key Card ... License issuance information CaSc, CaSc2 ... Certificate Authority private key DSM ... License signature DSMCMo ... Update information mobile signature DSMCCo ... Update information server signature H ... Hash value ICK ... IC card public key ICKD ... IC card public key certification signature ICsc ... IC card private key MoK ... Public key MoKD for mobile terminal devices ... Mobile license public key Certification signature MoSc ... Private key NW for mobile terminal device ... Communication network TK ... External device public key TKD ... External device public key certification signature TSc ... External device private key

Claims (9)

A mobile driver's license system comprising a mobile terminal device having a user authentication means and a certificate authority,
The certificate authority registers the mobile terminal device as a mobile driver's license;
The mobile terminal device signs the mobile terminal device public key paired with the mobile terminal device private key, and the mobile terminal device public key and partial data of the driver's license information with the private key of the certification authority. Remembered electronic signatures,
When the mobile terminal device authenticates the user by the user authentication means, the mobile terminal device authenticates the external device as a mobile driving license by presenting the mobile terminal device public key and the electronic signature to the external device. And
The mobile terminal device creates an update information mobile signature signed with the mobile terminal device private key in the update information of the driver's license information, and the update information mobile signature together with the update information of the driver's license information Mobile driver's license system, characterized by sending to A mobile driver's license system comprising a mobile terminal device having user authentication means, a certificate authority, and a second certificate authority that creates updated information of the driver's license information,
The certificate authority registers the mobile terminal device as a mobile driver's license;
The mobile terminal device signs the mobile terminal device public key paired with the mobile terminal device private key, and the mobile terminal device public key and partial data of the driver's license information with the private key of the certification authority. Remembered electronic signatures,
The mobile terminal device stores an update information server signature signed with the secret key of the second certificate authority in the update information of the driver's license information,
When the mobile terminal device authenticates the user by the user authentication means, the mobile terminal device authenticates the external device as a mobile driving license by presenting the mobile terminal device public key and the electronic signature to the external device. And
The mobile driver's license system, wherein the portable terminal device transmits the update information server signature together with the update information of the driver's license information to an external device.   The mobile driving license system according to claim 1 or 2, wherein the user authentication means is biometric authentication means. A mobile driver's license system according to claim 3,
The user's biometric information acquired by the biometric authentication means of the portable terminal device is transmitted to the certificate authority, and the certificate authority collates the biometric information with the user's biometric information stored in the certificate authority. A mobile driver's license system, wherein the mobile terminal device is registered in a mobile driver's license by authorizing A mobile terminal device registered as a mobile driver's license with a certificate authority,
The portable terminal device is
A mobile terminal device public key that is paired with a mobile terminal device private key, and an electronic signature that is signed with the private key of the certificate authority is stored in a part of the public key for the mobile terminal device and driving license information. ,
Storing the update information mobile signature signed with the secret key of the certificate authority or the secret key for the portable terminal device in the update information of the driver's license information;
When the mobile terminal device authenticates the user, by presenting the mobile terminal device public key and the electronic signature to the external device, the external device is authenticated as a mobile driving license,
A mobile terminal device that causes the external device to authenticate the update information of the driver's license information by transmitting the update information mobile signature together with the update information of the driver's license information to the external device.   6. The portable terminal device according to claim 5, wherein the portable terminal device has a biometric authentication unit as a unit for authenticating a user.   7. The portable terminal device according to claim 6, wherein the biometric information of the user acquired by the biometric authentication unit is transmitted to the certification authority, and the biometric information is collated with the biometric information of the user by the certification authority. A mobile terminal device that registers a mobile driver's license when it is certified.   The mobile terminal device according to any one of claims 5 to 7, wherein the mobile terminal device provides an update information mobile signature obtained by signing the update information of the driving license information with the private key for the mobile terminal device. A portable terminal device characterized by being created.   The mobile terminal device according to any one of claims 5 to 8, wherein the mobile terminal device is paired with the mobile terminal device private key and the mobile terminal device private key. A mobile terminal device that creates a public key.

Images