JP2019161405A - Authentication server device, and system and method for authentication - Google Patents

Abstract

To reduce a user procedure load to service resumption without management of secret information on the server side, and to complete personal authentication for a plurality of services even after a terminal is lost.SOLUTION: A preliminary public template generated by using biological information acquired from a user, and a preliminary public key certificate are stored in advance into an authentication server. This enables, if a personal terminal disappears (is lost or stolen), the identification of the preliminary public template and the public key certificate stored in the authentication server without registration of a new public key and a secret key, and the continuation of user authentication as usual by validating using the biological information of the user. The revocation of the original public key certificate and the publication of a new public key certificate may be performed by processing in one step, or may be performed by processing in two steps.SELECTED DRAWING: Figure 10

Description

  The present invention relates to an authentication server device, an authentication system, and an authentication method for generating / verifying an electronic signature.

  As a system that can generate a signature for an arbitrary message (electronic document) using the biometric information itself as a secret key when a service provider providing a service on the Internet authenticates a communication partner user, There is a technique described in Japanese Unexamined Patent Publication No. 2013-123142 (Patent Document 1). In this publication, “a predetermined secret key is embedded in the feature quantity of the user's biometric information at the time of registration, and a biometric certificate is issued in combination with the corresponding public key. At the time of signature, the signature feature quantity of the user's biometric information is issued. In response to this, a new pair of temporary private key and temporary public key is generated, a signature is created for the message using the temporary private key, a commitment is created by embedding the temporary private key in the signature feature, and the temporary The combination of the public key, the signature, and the commitment is a biometric signature. When verifying the biometric signature, the signature is verified with the temporary public key, and a differential private key and a differential public key are generated from the biometric certificate, the commitment, and the temporary public key. Is verified. "

  Further, as an authentication system that manages each service without secret keys used for challenge / response authentication of service users being distributed in the network, without loss due to loss or change of terminals, or addition due to addition of terminals There is a technique described in Japanese Patent Laid-Open No. 2006-139910 (Patent Document 2). In this gazette, “the authentication key management device has pre-authenticated the user corresponding to the pre-authentication ID, and has received a request for registration of the use of the authenticated user from the authentication server, and issued a public key generation request. In this case, a public key and a secret key used for key authentication are generated, the generated public key is transmitted to the authentication server, the generated secret key is stored in association with the pre-authentication ID, and authenticated with the authentication server. When a challenge encrypted with a secret key is received in key authentication with the client, a response to the challenge is generated using the challenge and the secret key.

JP2013-123142A JP-A-2006-139910

  In the service provided on the Internet, when a personal terminal is lost or stolen, in order to prevent leakage of the user's personal information, the operation of revoking the private key generated from the public key and the user's biometric information It is common. Therefore, if the private key and the public key are revoked, the user cannot resume the service that has been authenticated with the information unless a new public key / private key is registered. However, in Japanese Patent Laid-Open No. 2004-260260, the case where the user loses the personal terminal used for authentication due to loss or theft is not studied deeply, and the procedure burden is heavy until the user restarts the service.

  In Patent Document 2, there are two problems from the viewpoint of user convenience and safety of personal information. One is that when the terminal disappears, there is no secret information for accessing the key management server of the service used by the user, so the user re-registers the secret information in a new terminal at the mobile phone store. There is a problem in user convenience. The second problem is that the secret information for all users of the service is managed on the server, so that if the information on the server is leaked, the influence range is wide. For this reason, the operation cost is increased due to strict security measures for managing the secret key.

  Therefore, the present invention aims to reduce the burden on the user's procedure until service restart without managing confidential information on the server side, and to establish personal authentication in multiple services even after the terminal is lost. To do.

  In order to solve the above problems, one of the representative authentication server devices of the present invention is an authentication server connected to a registration terminal, an authentication terminal, and a service providing server via a network. The authentication server includes a storage device and a processing device. The processing device revokes the public key and private key restoration information stored in the registered terminal notified by the user. In addition, the processing device acquires a spare public key and spare private key restoration information from the storage device, and issues a public key certificate to the spare public key. In addition, the processing apparatus receives a secret key restoration information acquisition request including terminal information and reading sensor information of the registration terminal from the authentication terminal. Further, the processing device acquires the spare secret key restoration information of the user from the secret key restoration information stored in the storage device, and transmits the information to the authentication terminal. In addition, the processing device receives from the authentication terminal a signature value using a secret key generated from the spare secret key restoration information and biometric information read by the authentication terminal. In addition, the processing device verifies the signature value with the spare public key certificate stored in the storage device, and transmits the verification result to the service providing server.

Without managing confidential information on the server side, it is possible to reduce the burden on the user's procedure until the service is restarted, and to easily establish personal authentication for a plurality of services even after the terminal is lost.
Problems, configurations, and effects other than those described above will be clarified by the following description of embodiments.

It is a figure which shows the whole system configuration | structure of the hardware which concerns on 1st Embodiment of this invention. It is a sequence diagram which shows the use registration process in the registration terminal and authentication server apparatus which concern on 1st Embodiment of this invention. It is a sequence diagram which shows the reissue process in the authentication server apparatus which concerns on 1st Embodiment of this invention. It is a sequence diagram which shows the authentication process in the authentication terminal which concerns on 1st Embodiment of this invention, an authentication server apparatus, and a service provision server. It is the figure which showed the information of the certificate management table managed by the certificate issue information storage part of the authentication server apparatus which concerns on 1st Embodiment of this invention. It is the figure which showed the information of the preliminary | backup information management table managed by the preliminary | backup information storage part of the authentication server apparatus which concerns on 1st Embodiment of this invention. It is the figure which showed the information of the terminal information management table managed by the certificate issue information storage part of the authentication server apparatus which concerns on 1st Embodiment of this invention. It is a figure which shows the authentication method in a prior art. It is a figure which shows the certificate revocation / reissue sequence which concerns on 2nd Embodiment of this invention. It is a figure which shows the authentication process sequence which concerns on 2nd Embodiment of this invention.

  A conventional example and a first embodiment of the present invention will be described below with reference to the drawings. In addition, this invention is not limited by this embodiment. Moreover, in description of drawing, the same code | symbol is attached | subjected and shown to the same part.

  First, an authentication method in the prior art will be described with reference to FIG.

  FIG. 8 is a diagram showing an authentication method in the prior art. As shown in FIG. 8, first, at the time of registration, feature amounts are extracted from biometric information (such as finger vein patterns) acquired from a client (user) by a generally known method. Next, a secret key and a public key corresponding to the secret key are generated using an existing key generation algorithm (RSA or the like). A public template is generated by unidirectionally converting the feature quantity extracted from the secret key and the biometric information, and the public template is stored in the authentication server. At the same time, based on the generated private key and public key, a public key certificate issuance request for requesting the validation of the public key is generated and stored in the authentication server. At the time of authentication, the user authentication is performed by comparing the signature generated by the private key restored by combining the user's biometric information and the public template stored in the authentication server with the challenge code notified from the authentication server. Done.

  Here, a mechanism that combines a biometric signature technology and a public key authentication infrastructure using a public template is referred to as a public biometric infrastructure (also referred to as Public Biometric Infrastructure or PBI). In PBI, the user's biometric information and secret key are stored in a one-way converted state (a form that cannot be restored) and stored in a registration authority (server, etc.). Biometric authentication in payment services, passwordless cloud authentication, physical security, etc. can be used without registering for individual services. The public template is sometimes called “private key restoration information” or “PBI template”.

[Configuration of authentication system]
FIG. 1 is a diagram showing an overall system configuration of hardware according to the first embodiment of the present invention. As shown in FIG. 1, this system includes an authentication server 110, a registration terminal 120, an authentication terminal 130, a service providing server 140, and a network (Internet, LAN, etc.) 150. Authentication server 110, registration terminal 120, authentication terminal 130, and service providing server 140 may be connected via network 150.

  The service providing server 140 is a server device that provides a user with a web service or the like via the network 150. As an example, the authentication server (or sometimes referred to as an authentication server device) 110 is a Web server device operated by a bank or a financial institution, and provides services such as online banking to users (also referred to as users). It may be provided.

  The authentication server 110 is a device that performs an authentication process performed between a service provided by the service providing server 140 via the network 150 and a registered user (hereinafter referred to as a user) who has registered for use. Specifically, the authentication server 110 may have functions such as registration of a public template used for authentication processing, issuance of a public key certificate, and signature verification.

  The registered terminal 120 is a terminal device used by a user, and is a terminal already registered in the service provided by the service providing server 140. As described above, the present invention improves the convenience of handling when the user terminal is lost or stolen (hereinafter also referred to as “disappearance”). It may also be a terminal that has been (ie, remote from the original owner). As an example, the registration terminal 120 may be a personal terminal such as a mobile phone, a smartphone, or a tablet PC. Alternatively, the registration terminal 120 may be a shared terminal used by an unspecified number of users, such as an ATM or a ticket machine.

  The authentication terminal 130 is a terminal used for performing authentication and resuming normal service when the user loses the registration terminal 120. As an example, the authentication terminal 130 may be a window terminal installed in an ATM or a bank. In addition, the authentication terminal 130 may be a terminal that takes over the service used by the user at the registration terminal 120. For example, when the registration terminal 120 is lost or stolen, the authentication terminal 130 may be a personal terminal (such as a smartphone) newly acquired by the user. Further, the authentication terminal 130 may be the same as the registration terminal 120 (that is, the user once lost the registration terminal 120, but then found the registration terminal 120 lost, Use it again to restart the service).

[Configuration of authentication server]
As described above, the authentication server 110 is an apparatus that performs an authentication process for the communication provided between the service provided by the service providing server 140 and the registered user who has performed use registration via the network 150. It is. As illustrated in FIG. 1, the authentication server 110 includes a processing device 102 that performs each function of authentication processing, and a storage device 104 that stores information used in the authentication processing.

  The processing apparatus 102 includes a function unit for performing each function according to the embodiment of the present invention. Specifically, the processing device 102 includes a certificate management unit 111 that performs each step in public template registration (see FIG. 3) and public key certificate reissue (see FIG. 4), and authentication processing (see FIG. 5). The authentication processing part 116 which implements each process in is included. Further, the certificate management unit 111 receives an application reception unit 112 that receives a public key acquisition request (or may be referred to as a private key recovery information acquisition request), which will be described later, from the authentication terminal 130, and a public key certificate. A certificate issuance unit 113 to be issued, a certificate revocation unit 114 for revoking a public key and a public template stored in a registered terminal (for example, a lost terminal), and revocation information for providing certificate revocation information to the outside The providing unit 115 is configured.

  In addition, the authentication processing unit 116 uses the registration information providing unit 117 that transmits the preliminary public template stored in the preliminary information storage unit 126 to the authentication terminal and the biometric information of the user from the authentication terminal (for example, the window terminal) 130. A signature verification unit 118 that receives the generated signature value, a certificate verification unit 119 that verifies the signature value with a backup public key certificate stored in the backup information storage unit 126, and a verification result to the service providing server 140. And an authentication result creation unit 151 that transmits the data. As will be described later, the authentication processing unit 116 performs authentication using the certificate set as the “production” stored in the certificate issuance information storage unit 127 (the same applies to the authentication after certificate reissue). Is).

  The authentication server 110 functions as each functional unit described above when an arithmetic processing device such as a CPU (Central Processing Unit) inside the device executes a control program stored in the memory.

  The storage device 104 includes a preliminary information storage unit 126 and a certificate issuance information storage unit 127. The spare information storage unit 126 is a storage device that stores a spare certificate issuance request and a spare public template used in a procedure for reissuing a spare public key to the authentication terminal 130 (see FIG. 6). The certificate issuance request includes a public key. For example, as shown in FIG. 6, a preliminary information management table including a public template and a certificate issuance request registered in advance at the time of registration may be stored in the preliminary information storage unit 126 of the storage device 104. The certificate issuance information storage unit 127 is a storage device that stores information for managing the status of the certificate corresponding to the authentication terminal 130 (see FIG. 5). Further, the storage device stores the certificate and the public template illustrated in FIG. For example, as shown in FIG. 5, a certificate management table for managing a plurality of certificate states (valid, invalid, revoked, suspended, etc.) corresponding to a plurality of personal terminals is stored in the certificate issuance information storage unit 127. May be. The preliminary information storage unit 126 and the certificate issuance information storage unit 127 of the storage device 104 are, for example, a semiconductor memory element such as a RAM (Random Access Memory) or a flash memory, or a storage device such as a hard disk or an optical disk. It may be realized.

[Configuration of Service Providing Server 140]
As described above, the service providing server 140 is a server device that provides a user with a Web service or the like via the network 150. The service providing server 140 issues an authentication request for requesting an authentication process to the authentication server 110 in response to a service request from the registration terminal 120 or the authentication terminal 130, and transmits the authentication request unit 141 to be transmitted, and authenticates at the end of the authentication process. The service processing unit 142 is configured to permit or reject access to the service according to the authentication result transmitted from the server 110.

[Configuration of registered terminal]
The registration terminal 120 includes a sensor unit (iris camera, general-purpose camera, fingerprint scanner, etc.) 121 that acquires biometric information for registration such as fingerprints and veins from a user, and biometric information that extracts registration feature amounts from the biometric information for registration. A processing unit 122; a registration information creation unit 123 that generates registration information (public key and public template) from the biometric information; a registration application unit 124 that applies the registration information to the authentication server 110; and authentication information And an authentication information unit 125 that stores (public key and public template).

[Configuration of authentication terminal]
Similar to the registration terminal, the authentication terminal 130 includes a sensor unit 131 that acquires biometric information for registration such as a fingerprint and a vein from a user, a biometric information processing unit 132 that extracts a feature value for registration from the biometric information for registration, And an authentication information unit 125 that stores authentication information (public key and public template). Furthermore, the authentication terminal 130 provides a registration information acquisition unit 133 that acquires registration information from the authentication server 110, a signature generation unit 134 that generates an electronic signature for establishing service authentication, and a service for providing a user with the service. And a business processing unit 135 that controls a GUI (Graphical User Interface) and the like.

[Registration sequence]
Next, the use registration sequence in the present embodiment will be described with reference to FIG. FIG. 2 is a sequence diagram showing use registration processing in the registration terminal 120 and the authentication server 110 according to the first embodiment of the present invention.

  First, in step S201, terminal information is acquired. Here, the terminal information is information that characterizes the registration terminal 120, and includes information indicating the model, serial number, type of sensor mounted, and the like of the registration terminal 120. The terminal information may be acquired by a terminal diagnostic inspection tool implemented by a terminal information acquisition unit (not shown) provided in the registration terminal 120. As an example, as a result of the terminal diagnostic inspection tool, the model of the registered terminal 120 is “Apricot Qfone”, the product number is “XNSS-HSJW-3NGU-8XTJ”, and the installed sensor is “fingerprint scanner” The terminal information indicating this may be acquired by the terminal information acquisition unit (see FIG. 7).

  Next, in step S202, biological information (or sometimes referred to as reading sensor information) is acquired. Here, the biological information is data indicating physical characteristics and behavioral characteristics used for uniquely identifying a human. As an example, the biometric information includes fingerprint information, finger vein information, palm vein information, palm shape information, iris information, voice information, face information, and the like. The biometric information may be acquired by the sensor unit 121 mounted on the registration terminal 120. For example, the sensor unit 121 may acquire a fingerprint image as biometric information by photographing a user's finger.

  Next, in step S203, a feature amount may be extracted from the biological information acquired in step S202. Here, the feature amount may be a data structure (so-called metadata) obtained by formulating features and characteristics of biological information. The feature amount may be extracted by the biological information processing unit 122 of the registration terminal 120. As an example, when the acquired biometric information is a fingerprint image, the biometric information processing unit 122 may extract fingerprint metadata that mathematically represents a captured fingerprint pattern as a feature amount. Here, the feature amount extraction of the biological information may be performed by a commonly used means.

  Next, in step S204, a private key / public key pair is generated. As is well known, a public key is used to create a ciphertext for an arbitrary sentence, and a secret key is used to recover a message from the ciphertext. As described above, in the present invention, the secret key and the public key may be created by the registration information creation unit 123. Here, n private key / public key pairs may be generated for one feature amount extracted from biometric information. As will be described later, a plurality of public templates can be created by generating a plurality of secret keys and public keys.

  In step S205, the secret key generated in step S204 and the feature amount extracted in step S203 are unidirectionally converted. Specifically, the registration information creation unit 123 adds a salt (random number) to the feature amount and the secret key acquired in step S204 using a predetermined electronic signature algorithm (for example, a Schnorr signature), and performs one-way conversion. A public template (sometimes referred to as private key restoration information or PBI template) is generated by performing (a transformation that mathematically proves that the original information cannot be restored). As described above, here, a plurality of public templates may be generated by unidirectionally converting each of the plurality of secret keys generated in step S204 and the feature amount extracted from the biological information. For example, by performing this procedure four times, four secret keys, four public keys, and four public key templates may be generated. As described above, by registering the plurality of public templates generated here and the public key generated in step S204 in the authentication server 110 as spares, user authentication in a plurality of services is established later. It becomes possible.

  Next, in step S206, a certificate issuance request is created. The certificate issuance request is for requesting issuance of a certificate for validating the public key generated in step S205. The certificate issuance may be generated by the registration information creation unit 123 of the registration terminal 120. The certificate issuance request may be associated with a certificate issuance request identification number that uniquely identifies the certificate issuance request. When N public templates and public keys are generated, N certificate issuance requests may be created.

  Next, in step S207, a registration application is transmitted. The registration application is an application for registering registration information (terminal information, public key, public template, certificate issuance request, etc.) prepared in the registration terminal 120 in the authentication server 110. Specifically, the registration application unit 124 of the registration terminal 120 may transmit a registration application including registration information such as terminal information (see FIG. 7), a public key template, and a certificate issuance request to the authentication server 110. .

  Next, in step S208, a registration application is received. For example, as illustrated in FIG. 2, the application receiving unit 112 of the authentication server 110 may receive a registration application sent from the registration terminal 120 via the network 150.

  In step S209, certificate issuance request verification is performed. The certificate issuance request verification is processing for verifying the signature attached to the certificate issuance request created in step S206 with the public key described in the certificate issuance request. The certificate issue request verification here may be performed by the certificate verification unit 119 of the authentication server 110. As an example, the certificate verification unit 119 may verify the registration information received from the registration terminal 120 and verify the signature.

  Next, in step S210, a certificate is issued. A certificate (so-called public key certificate) is a certificate that binds a public key and identification information of the owner (including information such as a validity period, an issuer, and a signature algorithm). Here, the certificate issuing unit 113 of the authentication server 110 may issue the certificate specified in the certificate issue request based on the registration information received from the registration terminal 120. Of the plurality of certificates issued here, one or a plurality of certificate issuing units 113 (for example, when finger vein data is acquired as biometric information, the certificate is issued for each finger vein. Certificate may be issued, so multiple certificates may be selected here) as the “real” certificate used for authentication processing, and the certificate issuance information storage unit of the authentication server It may be set in the certificate management table managed in 127 (see FIG. 5).

In step S211, a certificate issuance request and a public template (PBI template) are stored as spare information. Specifically, the certificate issuance request may be stored in a preliminary information management table managed by the preliminary information storage unit 126 of the authentication server 110 in a state associated with the public template (see FIG. 6). By repeating this procedure N-1 times, certificates other than the actual certificate used for authentication are registered in the preliminary information management table. Therefore, as will be described later, when the registered terminal 120 disappears, the user obtains a spare public template registered in the spare information management table and issues a new certificate, so that the user can perform a normal service. It is possible to resume.
In this specification, the expression “new” is used in the descriptions of “new public key certificate”, “new public key”, and “new secret key restoration information”. This is because a certificate or the like is newly issued using spare information stored in advance in the spare information management table. For this reason, in this specification, when referring to original information such as a certificate to be newly issued, the description “preliminary” may be used.

  In step S212, the registration result is transmitted from the certificate management unit 111 of the authentication server 110 to the registration terminal 120. The registration result notifies which data of the registration application data transmitted from the registration terminal 120 to the authentication server 110 is finally registered. Further, the registration result may include information such as the certificate data issued in S210 and the registered certificate issuance request and the identification number of the public template. For example, a certain registration result may include information indicating that the identification number of a certain certificate issuance request is 20150804_5483C, the identification number of the public template is 20150804_5483, and the registration date is August 4, 2015.

  Next, in step S213, the registration terminal 120 receives the registration result transmitted from the authentication server 110.

  Next, in step S214, the certificate and the public template (PBI template) specified in the registration result received by the registration terminal are stored in the registration terminal 120. As described above, the same public key and public template are stored in both the registration terminal 120 and the authentication server 110.

[Reissue sequence]
Next, with reference to FIG. 3, a sequence showing the reissue process in the authentication server according to the embodiment of the present invention will be described. As described above, this reissue process may be performed, for example, when the user has lost (lost or stolen) the registration terminal 120.

  First, in step 301, the authentication server 110 receives a public key reissue application from the authentication terminal 130. The reissue application is an application for requesting issuance of a preliminary public template and a public key certificate (see FIG. 6) stored in the preliminary information storage unit 126 of the authentication server 110. For example, as described above, when the registration terminal 120 disappears, the user may transmit a reissue application to the authentication server 110 via the authentication terminal 130 in order to restart the service with a new terminal.

  As described above, when the registered terminal is lost, the public key and the secret key are generally revoked in order to prevent leakage of the user's personal information. Therefore, when the authentication server 110 receives a certificate reissue application from the authentication terminal 130, in step S302, it is necessary to specify the public key and the public template used for authentication at the registration terminal 120 as revocation targets. Therefore, the certificate management unit 111 (or certificate revocation unit 114) stores the certificate issuance information storage unit 127 based on the terminal information of the registered terminal 120 (for example, the user ID and the terminal model input by the user). The revoked public key and public template may be specified from the stored public key certificate issuance information. When multiple certificates are registered per terminal of one user (for example, when different public templates are registered for each finger, or public templates are registered for both finger veins and irises) The authentication server 110 may repeat the certificate revocation process a plurality of times (for example, M times) to identify all the public templates corresponding to the user as revocation targets.

  Next, in step S303, the certificate revocation unit 114 of the certificate management unit 111, based on the public key and public template specified in step S302, stores the certificate stored in the registration terminal 120 (that is, the public key and the public key). Publish template) is revoked (that is, invalidated). As described above, when a plurality of public key certificates are registered for one user, they may be revoked at once. As an example, when the authentication server 110 receives a reissue application for the user corresponding to the user ID: 11223 from the authentication terminal 130, the certificate revocation unit 114 is stored in the certificate management table (see FIG. 5). All the public templates corresponding to the user ID: 11223 (for example, the template with the identification number 20150804 — 5482, the template with the identification number 20171225 — 1534, and the template with the identification number 201712125 — 1537) are invalidated at once. Also good. In addition to the reissue process, when the expiration date of the certificate or public template stored in the preliminary information storage unit 126 expires, the certificate revocation unit 114 erases these public key and public template in a batch. May be.

  Next, in step S304 and step S305, the certificate management unit 111 acquires a certificate issuance request and a public template (PBI template). Specifically, the certificate management unit 111 (or certificate issuing unit) selects the spare information registered in the registration sequence from the spare information management table stored in the spare information storage unit 126 of the authentication server 110. Public key certificate issuance request and preliminary public template are acquired.

Next, in step S306, a new certificate may be issued based on the spare public key certificate issuance request and the spare public template acquired in step S304. As described above, the certificate issued here is used to authenticate the service used by the user at the registration terminal 120 and restart the service. Further, the expiration date of the public key certificate issued here may be set so that the certificate revoked in step S303 has the same expiration date. The issued new certificate and the preliminary public template acquired in S304 are stored in the certificate issuance information storage unit as a new public template.
When the certificate is issued, the certificate issuance request is deleted from the preliminary information storage unit 126, and the newly issued certificate is stored in the certificate issuance information management storage unit 127. In addition, the selected backup public template is moved from the backup information storage unit 126 to the certificate issuance information management storage unit 127.

  Next, in step S307 and step S308, the certificate management unit 111 stores the certificate management table (see FIG. 5) stored in the certificate issuance information storage unit 127 and the backup stored in the backup information storage unit 126. Each information management table (see FIG. 6) is updated. Specifically, the certificate management unit 111 updates the status of the certificate revoked in step S303 from “valid” to “revoked” in the certificate management table, and the newly issued certificate is updated in the preliminary information management table. The original certificate issuance request may be deleted from the preliminary information management table, and a record corresponding to the certificate may be added to the certificate management table. In this embodiment, the revocation of the original certificate and the issuance of a new certificate are performed at the same time (one stage). However, the present invention is not limited to this, and the revocation and issuance of certificates are separated. May be performed in two stages (see the second embodiment shown in FIG. 9).

[Authentication sequence]
Next, with reference to FIG. 4, a sequence showing an authentication process in the authentication terminal, the authentication server, and the service providing server according to the embodiment of the present invention will be described. As described above, this authentication process may be performed when the user requests authentication using the spare public template and public key issued in the reissue process.

  First, in step S <b> 401, the authentication terminal 130 transmits a service request to the service providing server 140. The service request is a request for access to a service provided by the service providing server 140 via the network 150 from an authentication terminal (that is, a user). For example, the user may transmit a request for access to online banking as a service request to the Web server (service providing server 140) managed by the bank via the authentication terminal 130.

  In step S <b> 402, when the service providing server 140 receives a service request from the authentication terminal 130, the service providing server 140 transmits an authentication request to the authentication server 110. As described above, this authentication request is a request for authentication processing to the user who has requested access to the service of the service providing server in step S401.

  Next, in step S403, the authentication server 110 transmits a challenge code used for user authentication to the authentication terminal 130. This challenge code may be, for example, a so-called one-time password (S / Key method). The challenge code created here by the authentication server 110 is notified to the authentication terminal 130. Here, the challenge code is not particularly limited, and a known method generally used for challenge / response authentication may be used.

  Next, in step S404 and step S405, when the authentication terminal 130 receives the challenge code from the authentication server 110, the authentication terminal 130 acquires terminal information and ID from the user. Specifically, the user inputs the information (model, etc.) of the registered terminal (that is, the lost terminal) and the personal user ID (name, user number, etc.) via the GUI of the authentication terminal 130, and thereafter The terminal information and ID are transmitted to the authentication server 110. In this step, when the terminal used by the user is changed, information (model, model number, etc.) of the newly obtained terminal may be provided as terminal information.

  Next, in step S406, the authentication server 110 provides the authentication terminal 130 with a new public template and a new certificate. Specifically, the authentication processing unit 116 of the authentication server 110 creates a new certificate corresponding to the user from the certificate issuance information management table based on the registered terminal information and the user ID acquired from the authentication terminal in step S404. A public template and a new certificate are identified and transmitted to the authentication terminal 130.

  Next, in step S407, the authentication terminal 130 acquires a new public template provided to the authentication server.

  Next, in step S408, the user's biometric information is acquired. Here, the biometric information may be acquired by the sensor unit 131 mounted on the authentication terminal 130 as in the biometric information acquisition in the registration sequence illustrated in FIG. For example, the sensor unit 131 may acquire an image of the palm vein as biometric information by photographing the palm vein of the user.

  Next, in step S409, feature amounts may be extracted from the biological information acquired in step S408. Here, similarly to the feature amount acquisition in the registration sequence shown in FIG. 2, the authentication terminal 130 extracts a data structure (so-called metadata) obtained by formulating the features and characteristics of the biometric information from the biometric information of the user. As an example, when the acquired biometric information is an image of a palm vein, the biometric information processing unit 132 may extract vein metadata that mathematically represents a photographed palm vein pattern as a feature amount.

  Next, in step S410, a new secret key is restored based on the feature amount of the biometric information extracted in step S409. Specifically, as described above, a new secret key is restored by combining the new public template received from the authentication server 110 and the feature amount extracted in step S409. Therefore, an authentication process is established by creating a signature with this secret key.

  Next, in step S411, a signature (response) for the challenge code notified in step S403 is generated based on the new secret key generated in step S410 and the new public template received from the authentication server 110 in step S407. The This signature (or sometimes referred to as a signature value) is information that becomes a response in challenge-response authentication. The signature here is not particularly limited, and a known method generally used for challenge / response authentication may be used.

  Next, in step S 412, the new public template and certificate are stored in the authentication terminal 130. Specifically, the new public template and certificate are stored in the authentication information storage unit 136 of the authentication terminal 130. In this way, when performing the second and subsequent authentications, it is not necessary to acquire the public template from the authentication server 110, and authentication is performed by combining the public template stored in the authentication information storage unit 136 with the user's biometric information. Processing can be performed.

  Next, in step S413, the authentication server 110 verifies the signature with a new public key certificate managed by the certificate issuance information storage unit 127. Specifically, the authentication processing unit 116 (or the signature verification unit 118) of the authentication server 110 identifies a new certificate based on the user ID, reads the public key from the certificate, and uses the extracted public key. The signature sent from the authentication terminal 130 is decrypted. Then, the authentication processing unit 116 compares the decrypted signature with the challenge code generated in step S403, and authenticates the user if they match.

  In step S414, the authentication server 110 verifies the certificate. In this certificate verification, the authentication server 110 verifies the validity of the certificate of the public template used for generating the signature. For example, if the current time is within the expiration date associated with the certificate and is not listed in the revocation information, it is determined that the certificate is valid, and as a result, the user corresponding to the certificate Authenticated. The certificate verification here does not need to be particularly limited, and a known method generally used for authentication processing may be used.

  Next, in step S415, an authentication result is created. The authentication result is a notification indicating whether or not user authentication is established in accordance with the verification in step S413 and step S414. For example, if it is determined that the certificate and the signature are valid as a result of the verification, data indicating that authentication is established is generated as the authentication result.

  Next, in step S416, the terminal information is updated. Specifically, the terminal information management table managed by the authentication server 110 may be updated based on the terminal information received in step S404. For example, if the terminal information received in step S404 indicates that the user has obtained “Apricot Qfone 2” as a new terminal, the authentication server 110 indicates that the user terminal model is “Apricot” in the record of the terminal information management table. It may be updated to reflect “Qfone 2”. Also, in the certificate management table of FIG. 5, information regarding the storage destination 508 (also referred to as “storage destination information”) may be updated to reflect the model of the new terminal.

  Next, in step S417, the service providing server 140 acquires the authentication result notified from the authentication server 110. When the authentication result indicates that the authentication is successful, the service providing server 140 may permit the service request of the authentication terminal received in step S401.

[Configuration of certificate management table]
Next, a certificate management table managed by the certificate issuance information storage unit of the authentication server according to the embodiment of the present invention will be described with reference to FIG.

  The certificate management table shown in FIG. 5 is a table for managing information on public key certificates used for user authentication. The certificate management table may be stored in the certificate issuance information storage unit 127 of the authentication server 110.

  As shown in FIG. 5, the certificate management table includes issue destination information 501 for identifying a certificate issue destination (for example, user ID, user name, address, etc.), and a certificate serial number for identifying the certificate. 502, certificate status (for example, valid, invalid, revoked, hold, etc.) 503, public template identification number 504 for identifying a public template, biometric information representing biometric information registered for each issue destination (for example, iris information, finger Vein information, etc.) 505, biometric information type (left hand, right hand, etc.) 506, sensor (iris camera, general-purpose camera, etc.) 507 indicating the type of each sensor mounted on the terminal, and certificate storage location (specific (Save destination information such as personal terminal, server, etc.) 508 or the like. For example, as shown in the column of the storage location 508, the certificate may be stored in a user terminal (eg, the registration terminal 120) such as “terminal A” or “terminal C”, or “server” (eg, It may be stored in the authentication server 110).

[Configuration of spare information management table]
Next, a spare information management table managed by the spare information storage unit of the authentication server according to the embodiment of the present invention will be described with reference to FIG.

  The preliminary information management table shown in FIG. 6 is a table for managing preliminary certificate issuance requests and preliminary public templates registered in advance. When initial registration is performed at a registration terminal (for example, the registration terminal 120), a plurality of certificate issuance request keys and a plurality of public templates are generated from one piece of biometric information read by the user, and these are stored in the preliminary information storage unit of the authentication server 110 If the registration terminal 120 disappears by storing in 126, the service can be resumed by validating and reissuing the spare public key and spare public template from the spare information management table. It becomes.

  As shown in FIG. 6, the preliminary information management table includes issue destination information 601 for identifying a certificate issue destination (for example, a user ID, a user name, an address, etc.), and a certificate for identifying a certificate issue request. Issue request identification number, public template identification number 603 for identifying a public template, biometric information (for example, iris information, finger vein information, etc.) 604 representing biometric information registered for each issue destination, type of biometric information (left hand or right hand) 605, (iris camera, general-purpose camera, etc.) 606, and information such as a registration date for designating a preliminary certificate issuing request and a preliminary public template.

[Configuration of terminal information management table]
Next, a terminal information management table managed by the certificate issuance information storage unit of the authentication server according to an embodiment of the present invention will be described with reference to FIG.

  The terminal information management table shown in FIG. 7 is a table for managing information characterizing a registered terminal (for example, the registered terminal 120). For example, as shown in FIG. 7, the terminal information management table identifies the terminal from the sensor 701 indicating the type of sensor (for example, an iris camera, a general-purpose camera, a fingerprint sensor, etc.) provided in the registration terminal 120. Terminal name (model name, manufacturer, serial number, etc.) 702.

  As described above, in the first embodiment according to the present invention, when initial registration is performed at a registration terminal (for example, the registration terminal 120), a plurality of public keys and a plurality of public templates are generated from one piece of biometric information read by the user. By storing these in the spare information storage unit 126 of the authentication server 110, if the registration terminal 120 disappears, the spare public key and spare public template are validated from the spare information management table and reissued. By doing so, personal authentication can be established without managing confidential information on the server side and without causing the user to re-register. As a result, it is possible to obtain an advantage of reducing the user's procedure burden until the service is restarted.

  Also, based on the terminal information of the registered terminal 120, by specifying the public key and the public template to be revoked and issued from the public key certificate issuance information, the reissue process can be performed efficiently, and the user until the service is resumed The procedure burden can be reduced.

  In addition, the user information, certificate identification information, certificate status, public template identification information, type of biometric information based on the public template, biometric information reading sensor information, and storage destination terminal information are public keys. By storing the certificate issuance information, it becomes easy to manage the revocation and reissue of the public key certificate.

  In addition, by updating the storage destination of the public key certificate issuance information stored in the storage device based on the terminal information of the registration terminal 120 transmitted from the authentication terminal 130, the latest terminal information is continuously managed. It becomes possible to do.

  The processing device 102 of the authentication server 110 receives information including at least one of a public key certificate issuance request including a public key, a public template, terminal information, and biometric information reading sensor information from the registration terminal 120. The public key certificate issuance request and the public template are issued, the public key certificate is issued, the spare public key certificate issuance request received from the registration terminal 120 and the public template are stored in the storage device, and the registration terminal 120 By transmitting the template that issued the public key certificate, the preliminary public template can be validated and reissued without causing the user to re-register.

  Moreover, the secret information of the user is managed on the server side by generating a public template based on biological information such as finger vein information, palm vein information, palm shape information, fingerprint information, iris information, voice information and face information. This eliminates the need to reduce the operational cost of security measures.

  Next, a certificate revocation / reissue sequence and an authentication processing sequence according to the second embodiment of the present invention will be described with reference to FIG.

  As shown in FIG. 3, in the certificate reissue according to the first embodiment of the present invention, the revocation of the public key certificate used for authentication of the registered terminal 120 (lost terminal) and the preliminary information management table Although the new certificate obtained from is issued simultaneously (in one step), in the certificate reissue sequence of the second embodiment, the revocation of the public key certificate of the registration terminal 120 and the new certificate Issuance may be done separately (in two stages).

  For example, as shown in FIG. 9, after revoking the public key certificate used for authentication of the registered terminal 120 (lost terminal), the status of the new certificate in the certificate management table is “valid” immediately. It is not updated and is updated to “temporary hold”. Thereafter, when the user passes the biometric information over a shared authentication terminal (authentication terminal 130) installed in a bank or convenience store, the authentication process is completed, and the status of the new certificate in the certificate management table changes from “temporarily held” to “ It becomes “valid” and the service can be resumed. In this way, identity verification can be performed more strictly than when a public key certificate is revoked and reissued in a series.

  Specifically, as shown in FIG. 9, in step 901, the authentication server requests a revocation application for revoking the public key and the public template stored in the registration terminal from the user (for example, Mr. A shown in the figure). After that, in step 902, in the certificate management table, the state of the corresponding public template is changed from “valid” to “revoked” to be revoked. In step 903, when the authentication server accepts the certificate reissue application from the user, in step 904, a new public key and a public template are obtained from the preliminary information storage unit ("Mr. A's preliminary data" in FIG. 9). .

  Next, in step 905, the authentication server issues a new public key certificate for the newly acquired public key, and the status of the public key certificate is changed from “invalid” to “temporarily suspended” in the certificate management table. Change to As described above, unless the user holds the biometric information, the authentication process is not completed “at the shared authentication terminal at the window” and the service cannot be resumed with the newly issued public key certificate. After issuing the certificate, the authentication server may register the newly issued public key certificate and public template in the certificate management table and set them as information used during the “real” authentication process.

  Next, an authentication processing sequence according to the second embodiment of the present invention will be described with reference to FIG.

  FIG. 10 shows a sequence of authentication processing in the second embodiment. In step 911, the client (the authentication terminal 130 or the like) receives the user ID (name, ID number, etc.) from the user (for example, Mr. A shown in the figure), and corresponds to the user based on the received user ID. A public template acquisition request for a preliminary public template (or a public key restoration information acquisition request) is transmitted to the authentication server, and when the authentication server receives the public template acquisition request, in step 912, “production” is sent. The public template set as information used in the authentication process is specified from the certificate management table and transmitted to the client side, and in step 913, the client acquires this public template.

  Next, in step 914, the client acquires biometric information from the user, and extracts a feature amount from the biometric information. In step 915, as described above, the new secret key is restored by combining the feature amount extracted from the biometric information with the public template acquired in step 913. In step 916, a signature is created for the challenge code transmitted from the authentication server using the new secret key. In step 917, the authentication server authenticates the signature created in step 916 with the public key of the newly issued public key certificate. In step 918, the authentication server checks whether the signature matches the challenge code. If the verification in step 917 and step 918 passes, the authentication server updates the state of the public key certificate from “temporary hold” to “valid” in the certificate management table in step 919. As a result, the public key certificate can be used, user authentication is established, and the service requested by the user can be resumed. The signature verification here may be performed by an authentication terminal. In this case, the authentication terminal may transmit a personal identification completion notification indicating that the personal identification has been completed to the authentication server, and the authentication server that has received the personal identification completion notification may validate the public key certificate.

  As described above, in the second embodiment, unlike in the first embodiment, the original public key certificate is revoked and the new public key certificate is issued separately in two steps, whereby the identity verification can be strictly performed. It has an advantage in terms of information security.

102 Processing Device 104 Storage Device 110 Authentication Server 111 Certificate Management Unit 116 Authentication Processing Unit 120 Registration Terminal 126 Preliminary Information Storage Unit 127 Certificate Issuance Information Storage Unit 130 Authentication Terminal 140 Service Providing Server 150 Network

Claims (10)

An authentication server device connected via a network to a registration terminal, an authentication terminal, and a service providing server,
A storage device and a processing device;
The processor is
Revoke the public key and private key restoration information stored in the registered terminal notified by the user,
Obtain a new public key and new secret key restoration information from the storage device, issue a public key certificate to the new public key,
Receiving a secret key recovery information acquisition request including terminal information and read sensor information of the registration terminal from the authentication terminal;
From the secret key restoration information stored in the storage device, obtain the new secret key restoration information of the user, and transmit to the authentication terminal,
Receiving a signature value by the secret key generated from the new secret key restoration information and the biometric information read by the authentication terminal from the authentication terminal;
Verifying the signature value with the new public key certificate stored in the storage device, and transmitting a verification result to the service providing server;
An authentication server device. The processor is
Based on the terminal information of the registered terminal notified from the user, the public key certificate information to be revoked and issued is specified from the public key certificate issuance information stored in the storage device,
The authentication server device according to claim 1. The storage device
As the public key certificate issuance information,
User information, certificate identification information, certificate status, secret key restoration information identification information, type of biometric information based on secret key restoration information, biometric information reading sensor information, and storage destination Having at least one of terminal information,
The authentication server device according to claim 2, wherein: The processor is
Updating the storage destination information of the public key certificate issuance information stored in the storage device based on the terminal information of the registered terminal transmitted from the authentication terminal;
The authentication server device according to claim 1. The processor is
Receiving from the registered terminal information including at least one of a public key certificate issuance request including a public key, private key restoration information, terminal information, and biometric information reading sensor information;
Issue public key certificate for public key certificate issuance request and private key recovery information,
Storing a new public key certificate issuance request and secret key restoration information received from the registered terminal in the storage device;
Sending the public key certificate to the registered terminal;
The authentication server device according to claim 1. The biological information is
Including finger vein information, palm vein information, palm shape information, fingerprint information, iris information, voice information and face information,
The authentication server device according to any one of claims 1 to 5, wherein An authentication system in which a registration terminal, an authentication terminal, an authentication server device, and a service providing server are connected via a network,
The authentication server device includes a storage device and a processing device,
The processor is
Revoke the public key and private key recovery information stored in the registered terminal notified by the user,
Obtain a new public key and new secret key restoration information from the storage device, issue a public key certificate to the new public key,
Receiving a secret key recovery information acquisition request including terminal information and read sensor information of the registration terminal from the authentication terminal;
From the secret key restoration information stored in the storage device, obtain the new secret key restoration information of the user, and transmit to the authentication terminal,
Receiving a signature value by the secret key generated from the new secret key restoration information and the biometric information read by the authentication terminal from the authentication terminal;
Verifying the signature value with the new public key certificate stored in the storage device, and transmitting a verification result to the service providing server;
An authentication system characterized by that. An authentication system in which the registration terminal, the authentication terminal, the authentication server device, and the service providing server are connected via a network,
The authentication server device includes the storage device and the processing device,
The processor is
Revoke the public key and private key restoration information stored in the registered terminal notified by the user,
From the authentication terminal, the user identification confirmation notification is received,
Upon receiving the identity confirmation completion notification, obtain a new public key and new secret key restoration information from the storage device, issue a public key certificate to the new public key,
Receiving a secret key recovery information acquisition request including terminal information and read sensor information of the registration terminal from the authentication terminal;
From the secret key restoration information stored in the storage device, obtain the new secret key restoration information of the user, and transmit to the authentication terminal,
Receiving the signature value by the secret key generated from the new secret key recovery information and the biometric information read by the authentication terminal from the authentication terminal;
Verifying the signature value with the new public key certificate stored in the storage device, and transmitting a verification result to the service providing server;
The authentication system according to claim 7. An authentication server authentication system connected via a network to the registration terminal, the authentication terminal, and the service providing server,
Comprising the storage device and the processing device, the processing device comprising:
An application receiving unit that receives information including at least one of a public key certificate issuance request including a public key, the secret key restoration information, terminal information, and biometric information reading sensor information from the registered terminal;
In response to the public key certificate issuance request and the private key restoration information, a new public key certificate issuance request and private key restoration information received from the registered terminal by issuing a public key certificate are stored in the storage device. Remember
An issuing unit for transmitting the public key certificate issued to the registered terminal;
Based on the terminal information of the registered terminal notified by the user, from the public key certificate issuance information stored in the storage device, the revoked public key and private key restoration information is identified,
Based on the identified public key and private key restoration information, a revocation unit for revoking the public key and private key restoration information stored in the terminal notified by the user;
The new public key and the new secret key restoration information are acquired from the storage device, and the new public key has the same expiration date as the expired public key and the secret key restoration information. Issue public key certificates,
An issuing unit that updates storage destination information of public key certificate issuance information stored in the storage device based on terminal information of the registered terminal transmitted from the authentication terminal;
An application receiving unit that receives a private key restoration information acquisition request including terminal information and read sensor information from the authentication terminal;
From the secret key restoration information stored in the storage device, an issue unit that obtains the new secret key restoration information of the user and transmits the information to the authentication terminal;
A signature verification unit that receives the signature value by the secret key generated from the new secret key restoration information and the biometric information read by the authentication terminal from the authentication terminal;
A certificate verification unit that verifies the signature value with the new public key certificate stored in the storage device;
An authentication result creation unit for transmitting a verification result to the service providing server;
A revocation unit that erases the new public key certificate issuance request and private key restoration information stored in the storage device when the validity period of the public key certificate has expired;
The authentication system according to claim 7. An authentication method for an authentication server connected via a network to a registration terminal, an authentication terminal, and a service providing server,
The authentication server comprises a storage device and a processing device,
By the processing device,
Revoking the public key and private key restoration information stored in the registered terminal notified by the user;
Obtaining a new public key and new secret key restoration information from the storage device, and issuing a public key certificate for the new public key;
Receiving a secret key restoration information acquisition request including terminal information and read sensor information of the registration terminal from the authentication terminal;
Obtaining the new secret key restoration information of the user from the secret key restoration information stored in the storage device, and transmitting the information to the authentication terminal;
Receiving from the authentication terminal a signature value by a secret key generated from the new secret key recovery information and biometric information read by the authentication terminal;
Verifying the signature value with the new public key certificate stored in the storage device, and transmitting a verification result to the service providing server;
An authentication method that includes:

Images