JP4684100B2 - Authentication system and authentication method - Google Patents

Description

  The present invention relates to an authentication technique using biometric information.

  Patent Document 1 discloses a technique for performing identity verification via a network while ensuring the reliability of biometric authentication. In the technique described in Patent Document 1, a registration authority creates a biometric template and issues an IC card. The authentication device performs biometric authentication of the client using the IC card, and transmits the authentication result to the service provider device via the network. At this time, each of the authentication device and the IC card signs the authentication result and guarantees the validity of the authentication result.

  Patent Document 2 discloses a technique for improving the safety and certainty in electronic certificate transactions, simplifying the registration procedure of authentication information, and improving the efficiency of management. In the technique described in Patent Document 2, an authentication server performs registration and authentication of biometric information as a proxy. Simplify the procedure by enabling registration through the network. Biometric information is stored in the authentication server. The device of the service provider transfers the biometric information acquired for biometric authentication to the authentication server. The authentication server performs authentication by comparing the transferred biological information with the stored biological information.

  Patent Document 3 discloses a technique that enables biometric authentication at a terminal. In the technique described in Patent Document 3, an authentication certificate is used. The authentication certificate includes biometric verification data, user attribute information, and a certificate authority signature. The terminal generates authentication data from the fingerprint and performs biometric authentication by comparing with the verification data extracted from the authentication certificate.

JP 2003-143136 A JP 2001-273421 A JP 2004-272551 A

  However, the technique described in Patent Documents 1-3 has the following problems.

(1) Patent Document 1
The service provider cannot verify the validity of the identity verification process adopted when the registration authority registers the user's biometric information. That is, the service provider cannot verify the possibility that another person who impersonated the user's biometric information registered in the registration authority has registered in the registration authority.

(2) Patent Document 2
The identity verification employed when registering the user's biometric information in the authentication server is performed only by confirming the name via the network. For this reason, it cannot respond to the service for which a high security level is required for identity verification when registering the user's biometric information.

(3) Patent Document 3
When registering the user's biometric information, the user's attribute information is used to verify the identity. However, there is no mechanism for disclosing to the service provider the identity verification method employed when registering the user's biometric information.

  Further, the techniques described in Patent Documents 1 to 3 do not assume that the security level required for the identity verification method may be different for each service provider.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide each service while reducing the work burden on the user who registers biometric information when the identity verification method differs between service providers. It is to provide a technique for realizing user authentication desired by a person.

  In order to solve the above-mentioned problem, in the present invention, a plurality of policies relating to identity verification are prepared. When registering the user's biometric information, the registration station apparatus registers the policy used for identity verification in the user's storage medium (for example, a tamper resistant device) together with the biometric information. Whether the service provider device obtains the identity verification policy from the storage medium of the user requesting the service provision upon user authentication, and whether or not the policy satisfies the security level of the identity verification requested by the service provider. To check. If the user is satisfied, biometric information is collected from the user using a biometric information collecting means (for example, a fingerprint sensor), and the obtained biometric information is compared with the biometric information registered in the storage medium together with the policy. , Perform user authentication.

For example, the present invention is an authentication system for performing user authentication,
A storage medium, a registration device for registering authentication information in the storage medium, and an authentication device for authenticating a user using the authentication information registered in the storage medium,
The storage medium includes
For each biometric information type, biometric information and the policy adopted for identity verification when registering the biometric information are registered,
The registration device
Receiving means for receiving user information including biometric information, biometric information type and identity verification policy;
If the biometric information type included in the user information is not registered in the storage medium, the biometric information and policy included in the user information are registered in the storage medium in association with the biometric information type. , said when the biometric information type included in the user information is registered in the storage medium, the security level is the user information indicated by the policy in which the biometric information species separately association is to be registered in the storage medium is lower than the security level indicated by the policy contained in the biological information and the policy the biometric information type association is separately registered in the storage medium, the biological information contained in the user information and Registration update means for updating to a policy,
The authentication device
Identity verification level verification means for verifying whether the security level associated with the biometric information type used for user authentication and indicated by the policy registered in the storage medium satisfies a predetermined condition;
Biometric information collecting means for collecting biometric information of a biometric information type used for user authentication from a user when verification by the identity verification level verification means is established;
Biometric authentication means for performing biometric authentication using biometric information collected from a user by the biometric information collecting means and biometric information registered in the storage medium in association with a biometric information type used for user authentication; Have

  According to the present invention, a user uses his / her tamper-resistant device, and uses a biometric information for a service that requires identity verification with a security level lower than that of a policy registered in the tamper-resistant device. You can get certified. Therefore, the user does not need to request the registration authority to register biometric information for each service, and the work load can be reduced. In addition, each service provider can perform user authentication using biometric information registered by identity verification of a desired security level or higher.

  Hereinafter, an embodiment of the present invention will be described.

  FIG. 1 is a schematic diagram of an authentication system to which an embodiment of the present invention is applied.

  As shown in the figure, the authentication system of the present embodiment includes a registration server 1, at least one authentication server 2, at least one service providing terminal 3, and at least one tamper resistant device 4. The registration server 1 is an apparatus that registers information necessary for a user to receive a service from a desired service provider in the tamper resistant device 4. The authentication server 2 is a device that performs user authentication for providing a user with a service of a predetermined service provider. The service providing terminal 3 is a device that provides a user with a service of a predetermined service provider. In cooperation with the tamper resistant device 4, the authentication server 2 is provided with information necessary for user authentication. The registration server 1, the authentication server 2, and the service providing terminal 3 are interconnected via a network 5 such as the Internet. Further, the tamper resistant device 4 is an apparatus (for example, an IC card) that is used by the user to enjoy a service of a desired service provider.

  First, the registration server 1 will be described. FIG. 2 is a schematic diagram of the registration server 1.

  As illustrated, the registration server 1 includes a tamper resistant device IF unit 11, a network IF unit 12, an input / output unit 13, a signature generation / verification unit 14, a policy storage unit 15, and a provider information storage unit 16. , A user information storage unit 17 and a registration processing unit 18.

  The tamper resistant device IF unit 11 communicates with the tamper resistant device 4 in contact or non-contact. The network IF unit 12 communicates with the authentication server 2 and the service providing terminal 3 via the network 5. The input / output unit 13 inputs and outputs information. The signature generation / verification unit 14 applies a digital signature to information using a secret key of a registration authority (operator of the registration server 1) registered in advance in accordance with an instruction from the registration processing unit 11. It also verifies digital signatures using public key certificates.

  The policy storage unit 15 stores an identity verification policy (personal information acceptance condition for identity verification) applied when biometric information is registered. FIG. 3 is a diagram schematically showing the policy storage unit 15. As illustrated, a record 150 is registered in the policy storage unit 15 for each policy. The record 150 has a field 151 for registering a policy ID for uniquely identifying a policy, a field 152 for registering the contents of the policy, and a field 153 for registering the security level of the policy. Policy content includes, for example, “accepting personal information through electronic data”, “accepting personal information through signed documents”, “accepting personal information through documents attached to official IDs”, “face-to-face public information” "Accepting personal information by handing over documents with ID cards".

  The provider information storage unit 16 stores information on service providers that provide services to users. FIG. 4 is a diagram schematically showing the provider information storage unit 16. As illustrated, a record 160 is registered in the provider information storage unit 16 for each combination of service provider and service type. The record 160 includes a field 161 for registering a provider ID for uniquely identifying a service provider, a field 162 for registering the name of a service provider, a field 163 for registering a service type of a service provided by the service provider, and a user. It has a field 164 for registering a policy ID of a policy applied to identity verification when registering biometric information used for authentication, and a field 165 for registering the type of biometric information used for user authentication. Examples of types of biometric information include “fingerprint” and “iris”.

  The user information storage unit 17 stores information on a user who enjoys a service provider service. FIG. 5 is a diagram schematically showing the user information storage unit 17. As shown in the figure, a record 170 is registered in the user information storage unit 17 for each combination of a user, a type of biometric information, and a policy for identity verification applied when registering the biometric information of the type. The record 170 registers a field 171 for registering a user ID for uniquely identifying a user, a field 172 for registering a user name, and a provider ID of a service provider to which the user subscribes (referred to as a subscribed service provider). Field 173 for registering the policy ID of the policy for identity verification adopted when the subscription service provider registers the biometric information used for user authentication, and the type of biometric information used by the subscription service provider for user authentication And a field 176 for registering the type of biometric information collected from the user. In the field 174, the policy ID of the policy having the highest security level among the policies of identity verification adopted by the service provider whose provider ID is registered in the field 173 is registered. In the field 176, biometric information that has been verified by the policy having the policy ID registered in the field 174 is registered.

  There may be a plurality of types of biometric information registered by the user. In this case, a personal identification policy is assigned to each biometric information type. That is, a plurality of records 170 are registered for one user.

  In the example shown in FIG. 5, biometric information is registered in the field 176, but this is not essential. In principle, the biometric information may not be registered in the field 176. The biometric information may be registered in the field 176 only when there is a request from the user.

  The registration processing unit 18 performs a provider information registration process, a user information registration process, and a service use count reset propriety determination process.

  The registration server 1 having the above configuration includes a CPU 901, a memory 902, an external storage device 903 such as an HDD, and a reading device that reads data from a storage medium 904 such as a CD-ROM or DVD-ROM as shown in FIG. 905, an input device 906 such as a keyboard and a mouse, an output device 907 such as a monitor and a printer, a NIC 908 for connecting to the network 5, a communication device 909 for connecting to the tamper resistant device 4, and each of these In a general computer system including a bus 910 for connecting devices, the CPU 901 can be realized by executing a program loaded on the memory 902. This program is downloaded from the storage medium 904 via the reading device 905 or from the network 5 via the NIC 908 to the external storage device 903, and then loaded onto the memory 902 and executed by the CPU 901. Also good. Alternatively, it may be loaded directly on the memory 902 and not executed by the CPU 901 without going through the external storage device 903.

  Next, the operation of the registration server 1 will be described.

  FIG. 7 is a flowchart for explaining provider information registration processing of the registration server 1. This flow is started when the registration processing unit 18 receives a provider information registration request from the authentication server 2 via the network IF unit 12.

  First, the registration processing unit 18 transmits input form data for accepting provider information to the authentication server 2 via the network IF unit 12, and displays the input form on the display screen of the authentication server 2 (S101). The input form is used for the provider ID of the service provider, the name of the service provider, the type of service provided by the service provider, the policy ID of the policy applied to identity verification when registering biometric information used for user authentication, and user authentication. An entry for inputting the type of biometric information is included.

  When the registration processing unit 18 receives provider information with a digital signature from the authentication server 2 via the network IF unit 12 together with the public key certificate of the service provider (YES in S102), the registration processing unit 18 sends the signature information to the signature generation / verification unit 14. Request signature verification. In response to this, the signature generation / verification unit 14 verifies the digital signature using the public key certificate. If the signature verification is not established, the registration processing unit 18 performs predetermined error processing such as sending an error message to the authentication server 2 via the network IF unit 12, and then ends this flow. On the other hand, when the signature verification is established, the registration processing unit 18 generates a new record 160 in the provider information storage unit 16, and the fields 161 to 165 of the record 160 are included in the provider information received in S102. Register the provider ID, the name of the service provider, the type of service provided by the service provider, the policy ID of the policy applied to identity verification when registering biometric information used for user authentication, and the type of biometric information used for user authentication (S103). Then, the registration processing unit 18 transmits a message indicating that the provider information has been registered to the authentication server 2 via the network IF unit 12 and ends this flow.

  In the flow shown in FIG. 7, the case where the provider information is acquired from the authentication server 2 via the network IF unit 12 has been described as an example. However, the provider information may be acquired from the input / output unit 13. In this case, the registration processing unit 18 starts this flow by receiving a provider information registration request from the operator (registration station operator) via the input / output unit 13, and S101 is omitted.

  FIG. 8 is a flowchart for explaining user information registration processing of the registration server 1. In this flow, the registration processing unit 18 can communicate with the tamper resistant device 4 via the tamper resistant device IF unit 11, and the user (registration station operator) requests registration of user information via the input / output unit 13. Start by accepting.

  First, the registration processing unit 18 waits for user information with a digital signature to be input to the input / output unit 13 together with the user's public key certificate (S111). Here, the user information includes the user ID of the user, the user name, the provider ID of the subscribing service provider, the policy ID of the identity verification policy employed for registering the biometric information used by the subscribing service provider for user authentication, and the subscribing service provider. Includes the type of biometric information used for user authentication and the type of biometric information collected from the user.

  When the user information with a digital signature is input to the input / output unit 13 together with the user's public key certificate (YES in S111), the registration processing unit 18 instructs the signature generation / verification unit 14 to verify the signature. In response to this, the signature generation / verification unit 14 verifies the digital signature using the public key certificate. If the signature verification is not established, the registration processing unit 18 performs predetermined error processing such as outputting an error message from the input / output unit 13, and then ends this flow. On the other hand, when the signature verification is established, the registration processing unit 18 records 170 (in which the user ID, the user name, and the type of the biometric information included in the user information are registered in the fields 171, 172, and 175). (Referred to as a target record) is retrieved from the user information storage unit 17 (S112).

  In S112, when the target record 170 is not registered in the user information storage unit 17 (NO in S112), the registration processing unit 18 adds a new record 170 to the user information storage unit 17. Then, the user ID, user name, provider ID, policy ID, biometric information type, and biometric information included in the user information are registered in the fields 171 to 176 of the added record 170 (S113). Then, the registration processing unit 18 has information on a new authentication record (see FIG. 21 described later) including the policy ID, biometric information type, and biometric information registered in the fields 174, 175, and 176 of the newly added record 170. Is generated. Then, it requests the signature generation / verification unit 14 for a digital signature for the information of the new authentication record. In response to this, the signature generation / verification unit 14 generates a digital signature for the information of the new authentication record using a pre-registered secret key of the registration authority. The registration processing unit 18 adds this digital signature to the information of the new authentication record, and transmits it to the tamper resistant device 4 together with the public key certificate of the registration authority registered in advance (S114).

  In S112, when the target record 170 is registered in the user information storage unit 17 (YES in S112), the registration processing unit 18 uses the policy storage unit 15 to correspond to the policy ID included in the user information. The security level is compared with the security level corresponding to the policy ID registered in the field 174 of the target record 170 (S116).

  In S116, when the security level corresponding to the policy ID included in the user information is lower than the security level of the policy having the policy ID registered in the field 174 of the target record 170 (YES in S116), the registration processing unit 18 adds the provider ID included in the user information to the field 173 of the target record 170 (S117). Thereafter, this flow is terminated.

  In S116, if the security level corresponding to the policy ID included in the input user information is equal to or higher than the security level corresponding to the policy ID registered in the field 174 of the target record 170 (NO in S116), registration is performed. The processing unit 18 adds the provider ID included in the input user information to the field 173 of the target record 170 (S119), and the policy ID and biometric registered in the fields 174 and 176 of the target record 170. The information is changed to the policy ID and biometric information of the user information (S120). Next, the registration processing unit 18 generates update information of the existing authentication record including the policy ID, the biometric information type, and the biometric information registered in the fields 174 to 176 of the target record 170. Then, it requests the signature generation / verification unit 14 for a digital signature for the update information of the existing authentication record. In response to this, the signature generation / verification unit 14 generates a digital signature for the update information of the existing authentication record by using a pre-registered secret key of the registration authority. The registration processing unit 18 adds this digital signature to the update information of the existing authentication record, and transmits it to the tamper resistant device 4 together with the public key certificate of the registration authority registered in advance (S121). Thereafter, this flow is terminated.

  FIG. 9 is a flowchart for explaining the service use count reset suitability determination process of the registration server 1.

  When the registration processing unit 18 receives a service usage count reset request with a digital signature from the authentication server 2 via the network IF unit 12 together with the user's public key certificate (YES in S131), the registration processing unit 18 sends this request to the signature generation / verification unit 14. Request digital signature verification. In response to this, the signature generation / verification unit 14 verifies the digital signature using the public key certificate received together with the digital signature (S132).

  When the verification result of the digital signature by the signature generation / verification unit 14 is verified (YES in S133), the registration processing unit 18 generates a response indicating reset permission and generates a digital signature for this response. Request the verification unit 14 (S134). Then, the process proceeds to S136. On the other hand, if the verification result is a verification failure (NO in S133), a response indicating that reset is not permitted is generated, and the signature generation / verification unit 14 is requested to generate a digital signature for this response (S135). Then, the process proceeds to S136.

  In S136, the signature generation / verification unit 14 generates a digital signature for this response using the secret key of the registration authority registered in advance. Next, the registration processing unit 18 transmits the response with the digital signature to the authentication server 2 via the network IF unit 12 together with the public key certificate of the registration authority registered in advance.

  Next, the authentication server 2 will be described. FIG. 10 is a schematic diagram of the authentication server 2.

  As illustrated, the authentication server 2 includes a network IF unit 21, an input / output unit 22, a signature generation / verification unit 23, a security level storage unit 24, an authentication provider storage unit 25, and a log information storage unit 26. A provider registration requesting unit 27 and an authentication processing unit 28.

  The network IF unit 21 communicates with the registration server 1 and the service providing terminal 3 via the network 5. The input / output unit 22 inputs and outputs information. The signature generation / verification unit 24 applies a digital signature to information using a pre-registered service provider private key in accordance with instructions from the provider information registration unit 27 and the policy verification unit 28. It also verifies digital signatures using public key certificates.

  The security level storage unit 24 stores the security level of each policy for identity verification. FIG. 11 is a diagram schematically showing the security level storage unit 24. As shown in the figure, a record 240 is registered in the security level storage unit 24 for each policy. The record 240 includes a field 241 for registering a policy ID and a field 242 for registering a policy security level. Note that the correspondence between the policy ID and the security level of the record 240 matches the correspondence between the policy ID and the security level of the record 150 stored in the policy storage unit 15 of the registration server 1.

  In the authentication provider storage unit 25, provider information of a service provider (referred to as an authentication provider) that uses user authentication by the self-authentication server 2 is registered. FIG. 12 is a diagram schematically showing the authentication provider storage unit 25. As illustrated, an authentication provider record 250 is registered in the authentication provider storage unit 25. The record 250 registers a field 251 for registering the provider ID of the authentication provider, a field 252 for registering the name of the authentication provider, a field 253 for registering the type of service provided by the authentication provider, and biometric information used for user authentication. A field 254 for registering a policy ID of a policy to be applied to identity verification, and a field 255 for registering the type of biometric information used for user authentication.

  The log information storage unit 26 stores log information for user authentication. FIG. 13 is a diagram schematically showing the log information storage unit 26. As shown in the figure, a user authentication log record 260 is registered in the log information storage unit 26. The record 260 includes a field 261 for registering the user ID of the user who has performed user authentication, a field 262 for registering the date and time of the user authentication, and a field 263 for registering the authentication result of the user authentication.

  The provider registration request unit 27 performs authentication provider information registration request processing. Further, the authentication processing unit 28 performs user authentication in cooperation with the service providing terminal 3 and performs a service use count reset request transfer process.

  Similarly to the registration server 1, the authentication server 2 having the above configuration also includes a CPU 901 on the memory 902 in a computer system as shown in FIG. 6 (however, the communication device 909 for connecting to the tamper resistant device 4 is unnecessary). This can be achieved by executing the loaded program.

  Next, the operation of the authentication server 2 will be described.

  FIG. 14 is a flowchart for explaining the authentication provider information registration request process of the authentication server 2. This flow is started when the provider registration request unit 27 receives a request for registering authentication provider information from an operator via the input / output unit 22.

  First, the provider registration request unit 27 transmits a provider information registration request to the registration server 1 via the network IF unit 21 (S201). Then, when the provider registration request unit 27 receives input form data from the registration server 1 via the network IF unit 21 (S202), an input form screen according to the input form data is displayed connected to the input / output unit 22. It is displayed on the device (S203). And it waits for provider information to be input from an operator via the input / output part 22 (S204). Here, the provider information includes the provider ID of the service provider, the name of the service provider, the type of service provided by the service provider, the policy ID of a policy applied to identity verification when registering biometric information used for user authentication, and the user The type of biometric information used for authentication shall be included.

  When the provider registration request unit 27 receives provider information from the operator via the input / output unit 22 (YES in S204), the provider registration request unit 27 requests the signature generation / verification unit 23 for a digital signature for the provider information. In response to this, the signature generation / verification unit 23 generates a digital signature for the provider information by using the secret key of the authentication provider registered in advance. Then, the digital signature is delivered to the provider registration request unit 27 together with the public key certificate of the authentication provider registered in advance. The provider registration request unit 27 adds this digital signature to the provider information, and transmits the digital signature together with the public key certificate to the registration server 1 via the network IF unit 21 (S205). If a message indicating that provider information has been registered is received from the registration server 1, the provider information is stored in the authentication provider storage unit 25 (S206), and this flow ends.

  FIG. 15 is a flowchart for explaining user authentication processing of the authentication server 2. This flow is started when the authentication processing unit 28 receives a user authentication request from the service providing terminal 3 via the network IF unit 21.

  First, the authentication processing unit 28 sends the service provider provider ID and service type, and the policy ID and biometric information type registered in the tamper resistant device 4 from the service providing terminal 3 via the network IF unit 21. Wait for it to come (S211). If these pieces of information are received, the digital signature added to the provider ID and the service type and the digital signature added to the policy ID and the biometric information type are sent to the signature generation / verification unit 23. , Each request verification. In response to this, the signature generation / verification unit 23 verifies the digital signature added to the provider ID and the service type by using the public key certificate of the service provider received together with the information from the service providing terminal 3. . Similarly, the digital signature added to the policy ID and the biometric information type is verified using the public key certificate of the user of the tamper resistant device 4 received together with the information from the service providing terminal 3.

  If any of the signature verifications is not established, the authentication processing unit 28 performs predetermined error processing such as sending an error message to the service providing terminal 3 via the network IF unit 21, and then ends this flow. To do. On the other hand, when both signature verifications are established, the authentication processing unit 28 searches the provider information storage unit 16 for the record 160 in which the provider ID and the service type received from the service providing terminal 3 are registered in the fields 162 and 163. The biometric information type registered in the field 165 of the searched record 160 (referred to as the search record 160) is specified. Then, it is determined whether or not the identified biometric information type matches the biometric information type received from the service providing terminal 3 (S212).

  In S212, when the biometric information type registered in the field 165 of the search record 160 does not match the biometric information type received from the service providing terminal 3 (NO in S212), the authentication processing unit 28 passes through the network IF unit 21. Then, predetermined error processing such as sending an error message to the service providing terminal 3 is performed (S218), log information indicating an authentication failure is registered in the log information storage unit 26 (S219), and this flow is ended.

  On the other hand, in S212, when the biometric information type registered in the field 165 of the search record 160 matches the biometric information type received from the service providing terminal 3 (YES in S212), the authentication processing unit 28 uses the security level storage unit. 24, the security level corresponding to the policy ID received from the service providing terminal 3 is compared with the security level corresponding to the policy ID registered in the field 164 of the search record 160 (S213).

  In S213, when the security level corresponding to the policy ID received from the service providing terminal 3 is lower than the security level of the policy having the policy ID registered in the field 164 of the search record 160 (YES in S213), the authentication processing unit 28 performs predetermined error processing such as sending an error message to the service providing terminal 3 via the network IF unit 21 (S218), and registers log information indicating an authentication failure in the log information storage unit 26 (S219). ), This flow is finished.

  On the other hand, in S213, when the security level corresponding to the policy ID received from the service providing terminal 3 is equal to or higher than the security level of the policy having the policy ID registered in the field 164 of the search record 160 (NO in S213), authentication is performed. The processing unit 28 transmits a message indicating the identity confirmation OK to the service providing terminal 3 via the network IF unit 21 (S214). Thereafter, the authentication processing unit 28 waits for a biometric authentication result to be sent from the service providing terminal 3 via the network IF unit 21 (S215). When the authentication result of biometric authentication is received, the signature generation / verification unit 23 is requested to verify the digital signature added to the authentication result. In response to this, the signature generation / verification unit 23 verifies the digital signature using the public key certificate of the service provider received from the service providing terminal 3 together with the authentication result of the biometric authentication.

  If the signature verification is not established, the authentication processing unit 28 performs predetermined error processing such as sending an error message to the service providing terminal 3 via the network IF unit 21, and then ends this flow. On the other hand, when the signature verification is established, the authentication processing unit 28 determines whether or not the authentication result of biometric authentication indicates successful authentication (S216). If the authentication is successful (YES in S216), the log information indicating the authentication success is registered in the log information storage unit 26 (S217), and this flow ends. If authentication failure is indicated (NO in S216), log information indicating authentication failure is registered in the log information storage unit 26 (S219), and this flow is ended.

  FIG. 16 is a flowchart for explaining the service use count reset request transfer process of the authentication server 2.

  When the authentication processing unit 28 receives a service usage count reset request with a digital signature from the service providing terminal 3 through the network IF unit 21 together with the user's public key certificate (YES in S231), it transfers these to the registration server 1. Then, it waits for a response with a digital signature sent from the registration server 1 together with the public key certificate of the registration authority (S233). Then, the received response with digital signature and public key certificate are transferred to the service providing terminal 3 that is the transmission source of the service use count reset request (S234).

  Next, the service providing terminal 3 will be described. FIG. 17 is a schematic diagram of the service providing terminal 3.

  As illustrated, the service providing terminal 3 includes a tamper-resistant device IF unit 31, a network IF unit 32, an input / output unit 33, a signature generation / verification unit 34, an authentication processing unit 35, and a provided provider information storage unit. 36, a biological information collection unit 37, and a service execution unit 38.

  The tamper resistant device IF31 communicates with the tamper resistant device 4 in contact or non-contact. The network IF unit 32 communicates with the registration server 1 and the authentication server 2 via the network 5. The input / output unit 33 inputs and outputs information. The signature generation / verification unit 34 applies a digital signature to information using a secret key of a service provider (a service provider provided to the user by the service providing terminal 3) registered in advance according to an instruction from the service execution unit 38. . Also, the digital signature is verified using the public key certificate.

  The provided provider information storage unit 36 stores information on a service provider (referred to as a provided provider) that is a provider of a service provided by the own service providing terminal 3. FIG. 18 is a diagram schematically showing the provider provider storage unit 36. As shown in the figure, a provider record 360 is registered in the provider provider unit 36. The record 360 includes a field 361 for registering the provider ID of the provider, a field 362 for registering the name of the provider, a field 363 for registering the type of service provided by the provider, and a field for registering the upper limit of the number of authentications. 364. Here, the upper limit value of the number of times of authentication is an upper limit value of the number of times the tamper resistant device 4 is used for the service provided by the provider. When the use frequency of the service provided by the providing provider reaches the upper limit value, if the user further desires to use this service, the authentication frequency in the tamper resistant device 4 must be reset.

  The biometric information collecting unit 38 collects the type of biometric information used by the provider for biometric authentication from the tamper resistant device 4 user. The biological information collecting unit 38 can use an existing fingerprint sensor, iris imaging device, or the like.

  The service execution unit 38 performs a service providing process of the providing provider.

  Similarly to the registration server 1, the service providing terminal 3 having the above configuration can be realized by executing a program loaded on the memory 902 by the CPU 901 in a computer system as shown in FIG.

  Next, the operation of the service providing terminal 3 will be described.

  FIG. 19 is a flowchart for explaining service providing processing of the service providing terminal 3. This flow is started when the service execution unit 38 receives a service request from the user via the input / output unit 33.

  First, the service execution unit 38 waits for communication with the user's tamper resistant device 4 via the tamper resistant device IF unit 31 (S301). Then, the service execution unit 38 requests the signature generation / verification unit 34 to generate a digital signature for the provider ID, the service type, the biometric information type, and the authentication count upper limit value stored in the provided provider storage unit 36. In response to this, the signature generation / verification unit 34 generates a digital signature for the provider ID, the service type, the biometric information type, and the authentication count upper limit value using the user's private key registered in advance. The service execution unit 34 sends the provider ID with the digital signature, the service type, the biometric information type, and the authentication count upper limit value together with the user's public key certificate to the tamper resistant device 4 via the tamper resistant device IF unit 31. Send. Then, it waits for a response from the tamper resistant device 4.

  In S301, when the policy ID with the digital signature and the biometric information type are received together with the user's public key certificate as a response from the tamper resistant device 4 (YES in S302), the service execution unit 38 provides the provider provider storage unit 36. The signature generation / verification unit 34 is requested to generate a digital signature for the provider ID and the service type stored in. In response to this, the signature generation / verification unit 34 generates a digital signature of the provider ID and the service type using the private key of the provider that is registered in advance, and adds this to the provider ID and the service type. Then, the policy ID and biometric information type with digital signature, the public key certificate of the user, the provider ID and service type with digital signature, and the public key certificate of the provider are provided via the network IF unit 32. It transmits to the predetermined | prescribed authentication server 2 (S303). Then, the service execution unit 38 waits for a message from the authentication server 2 (S304). Then, it is determined whether the message received from the authentication server 2 is a message indicating the authentication result “OK” or a message indicating the authentication result “NG” (S305).

  In S305, when the received message is a message indicating the authentication result “NG” (NO in S305), the service execution unit 38 performs predetermined error processing such as outputting an error message from the input / output unit 33 (S317). ), This flow is finished.

  On the other hand, when the received message is a message indicating the authentication result “OK” in S305 (YES in S305), the service execution unit 38 stores the provided provider in the tamper resistant device 4 via the tamper resistant device IF unit 31. The biometric information type stored in the unit 36 is transmitted, and the biometric information of the type is sent from the tamper resistant device 4 (S306). Then, when receiving the biometric information with the digital signature from the tamper resistant device 4 together with the user's public key certificate, the service execution unit 27 requests the signature generation / verification unit 34 to verify the digital signature. In response to this, the signature generation / verification unit 34 verifies the digital signature of the biometric information received from the tamper resistant device 4 using the user's public key certificate. If the verification fails, predetermined error processing such as outputting an error message from the input / output unit 33 is performed, and this flow ends. On the other hand, if the verification is successful, the biological information collection device 37 is used to collect the biological information of the biological information type stored in the provider provider storage unit 36 from the user of the tamper resistant device 4 (S307). Then, the collected biological information and the biological information received from the tamper resistant device 4 are collated, and it is determined whether or not both are matched (S308).

  In S308, if the two do not match (NO in S308), the service execution unit 38 outputs an error message from the input / output unit 33 and sends an authentication result message indicating that authentication has failed via the network IF unit 32. To the predetermined authentication server 2 (S317), and this flow is terminated.

  On the other hand, if they match in S308 (YES in S308), a message indicating that authentication is established is transmitted to the predetermined server 2 via the network IF unit 32 (S309). Then, the service execution unit 38 provides a predetermined service (a service provided by the provider) to the user of the tamper resistant device 4 via the input / output unit 33, such as an Internet connection service, net banking, and Web shopping. Then, the provision of the service of the service type stored in the provided provider storage unit 36 is started (S310). Thereafter, the provider ID and the service type of the provider to be provided are transmitted to the tamper resistant device 4, and the tamper resistant device 4 is requested to increment the number of times the service is used (S311).

  In S301, when a use count reset request with a digital signature is received together with the user's public key certificate as a response from the tamper resistant device 4 (YES in S312), the service execution unit 38 causes the network IF unit 32 to Then, these are transferred to the predetermined authentication server 2 (S313). If the usage count reset permission with a digital signature is received from the authentication server 2 together with the public key certificate of the registration authority (S314), it is transmitted to the tamper resistant device 4 (S315). When receiving a response to reject the use count reset from the authentication server 2, the service execution unit 38 performs predetermined error processing such as outputting an error message from the input / output unit 33 and ends this flow.

  In S301, when an error message is received as a response from the tamper resistant device 4 (YES in S316), the service execution unit 38 performs predetermined error processing such as outputting an error message from the input / output unit 33 ( S317), this flow is finished.

  Next, the tamper resistant device 4 will be described. FIG. 20 is a schematic view of the tamper resistant device 4.

  As illustrated, the tamper resistant device 4 includes a communication IF unit 41, a signature generation / verification unit 42, an authentication information storage unit 43, a usage count storage unit 44, and an access control unit 45.

  The communication IF 41 communicates with the registration server 1 and the service providing terminal 3 in contact or non-contact. The signature generation / verification unit 42 applies a digital signature to the information using the private key of the own user (the user of the tamper resistant device 4) registered in advance according to the instruction of the storage control unit 45. Also, the digital signature is verified using the public key certificate.

  The authentication information storage unit 43 stores authentication information of the own user. FIG. 21 is a diagram schematically showing the authentication information storage unit 43. As illustrated, a record 430 is registered in the authentication information storage unit 43 for each type of biometric information. The record 430 is applied to the field 431 for registering the biometric information type, the field 432 for registering the biometric information of the biometric information type collected from the user, and the identity verification when registering the biometric information of the biometric information type. And a field 433 for registering a policy ID of the policy.

  The usage count storage unit 44 stores information related to the service usage count of the own user. FIG. 22 is a diagram schematically showing the usage count storage unit 44. As illustrated, a record 440 is registered in the usage count storage unit 44 for each combination of provider ID and service type. The record 440 includes a field 441 for registering a provider ID of a service provider that provides a service used by the user, a field 442 for registering the service type of the service, and a field 443 for registering the use count of the service. Have.

  The access control unit 45 performs a registration / update process of the authentication information of the own user and a service request process.

  The tamper resistant device 4 having the above configuration includes, for example, a CPU 951, a memory 952 functioning as a work area of the CPU 951, a flash memory 953 for storing programs and data, a registration server 1 and a service provision as shown in FIG. This can be realized by executing a program stored in the flash memory 953 by the CPU 951 in a storage medium with a calculation function (for example, an IC card) including a communication device 954 for connecting to the terminal 3.

  Next, the operation of the tamper resistant device 4 will be described.

  FIG. 24 is a flowchart for explaining authentication information registration / update processing of the tamper resistant device 4.

  When the storage control unit 45 becomes communicable with the registration server 1 via the communication ID unit 41 (YES in S401), the storage control unit 45 waits for the authentication record information to be sent from the registration server 1. If the information of the authentication record is sent from the registration server 1, the signature generation / verification unit 42 is requested to verify the signature of the digital signature added to the information of the authentication record. In response to this, the signature generation / verification unit 42 verifies the digital signature using the public key certificate of the registration authority received from the registration server 1 together with the information of the authentication record. In the case of verification failure, predetermined error processing such as sending an error message to the registration server 1 is performed, and this flow is finished.

  On the other hand, if the verification is successful, the storage control unit 45 adds a new record 430 to the authentication information storage unit 43 if the information of the authentication record received from the registration server 1 is the information of the new authentication record (YES in S402). In the fields 431 to 433 of the record 430, the biometric information type, biometric information, and policy ID included in the information of the received new authentication record are registered (S403). Further, if the information of the authentication record received from the registration server 1 is the update information of the existing authentication record (YES in S404), the storage control unit 45 sets the biometric information type included in the update information of the existing authentication record as the field. The record 430 registered in 431 is searched from the authentication information storage unit 43. Then, the biometric information and policy ID registered in the fields 432 and 433 of the retrieved record 430 are updated to the biometric information and policy ID included in the update information of the existing authentication record (S405).

  FIG. 25 is a flowchart for explaining service request processing of the tamper resistant device 4.

  First, when the storage control unit 45 becomes communicable with the service providing terminal 3 via the communication ID unit 41 (YES in S411), the provider ID, the service type, the biometric information type, and the authentication count from the service providing terminal 3 Wait for the upper limit to be sent along with the service provider's public key certificate. If the provider ID, the service type, the biometric information type, and the authentication count upper limit value are sent from the service providing terminal 3 (YES in S412), the information is added to the signature generation / verification unit 42. Request signature verification of existing digital signatures. In response to this, the signature generation / verification unit 42 verifies the digital signature using the user's public key certificate received from the service providing terminal 3 together with these pieces of information. In the case of verification failure, predetermined error processing such as sending an error message to the service providing terminal 3 is performed, and this flow is finished.

  On the other hand, if the verification is successful, the storage control unit 45 searches the usage count storage unit 44 for the usage count record 440 having the provider ID and the service type received from the service providing terminal 3 (S413). If there is no corresponding usage number record 440, a new usage number record 440 is added to the usage number storage unit 44, and the provider ID and service type received from the service providing terminal 3 are registered in the fields 441 and 442 of the record 440. To do. Also, an initial value “0” of the number of uses is registered in the field 443.

  Next, the storage control unit 45 determines whether or not the usage count registered in the field 443 of the searched or newly added usage count record 440 is less than the upper limit value of the authentication count received from the service providing terminal 3. Check (S414).

  In S414, when the number of uses registered in the field 443 of the searched or newly added use count record 440 is less than the upper limit of authentication count (YES in S414), the storage control unit 45 receives the service from the service providing terminal 3. An authentication record 430 in which the received biometric information type is registered in the field 431 is searched from the authentication information storage 43 (S415). Then, the biometric information type and policy ID registered in the fields 431 and 433 of the retrieved authentication record 430 are specified, and the signature generation / verification unit 42 is requested to generate a digital signature for these pieces of information. In response to this, the signature generation / verification unit 42 generates a digital signature for the specified biometric information type and policy ID using the user's private key registered in advance. The storage control unit 45 transmits the biometric information type and policy ID with the digital signature to the service providing terminal 3 via the communication IF unit 41 together with the user's public key certificate registered in advance (S416). Then, the storage control unit 45 waits for a notification about service availability from the service providing terminal 3 via the communication IF unit 41 (S417).

  In S417, when the notification received from the service providing terminal 3 is a service permission notification (YES in S417), the storage control unit 45 uses the registered or newly registered usage record 440 in the field 443. The number of times is incremented by 1 (S418), and this flow ends. On the other hand, in S417, when the notification received from the service providing terminal 3 is a service refusal notification (NO in S417), the storage control unit 45 performs predetermined error processing such as sending an error message to the service providing terminal 3. (S422), this flow is finished.

  In S414, if the number of uses registered in the field 443 of the searched or newly added use count record 440 is equal to or greater than the upper limit of authentication count (NO in S414), the storage control unit 45 resets the use count A request is generated, and the signature generation / verification unit 42 is requested to generate a digital signature for the use count reset request. In response to this, the signature generation / verification unit 42 generates a digital signature in response to the usage count reset request, using the user's private key registered in advance. The storage control unit 45 transmits the use count reset request with the digital signature to the service providing terminal 3 through the communication IF unit 41 together with the user's public key certificate registered in advance (S419). Then, the storage control unit 45 waits for a response from the service providing terminal 3 via the communication IF unit 41 regarding whether or not the usage count can be reset (S420).

  In S420, when the response received from the service providing terminal 3 is a reset permission response (YES in S420), the usage count registered in the field 443 of the usage count record 440 searched or newly added in S414 is “0”. (S421), and this flow ends. On the other hand, in S420, when the response received from the service providing terminal 3 is a reset rejection response (NO in S420), predetermined error processing such as sending an error message to the service providing terminal 3 is performed (S422). Exit.

  Next, a schematic operation of the entire authentication system having the above configuration will be described.

  FIG. 26 is a diagram for explaining a schematic operation of the registration server 1 and the authentication server 2 in provider information registration.

  Upon receiving the provider information registration instruction from the operator (service provider), the authentication server 2 generates a provider information registration request and transmits it to the registration server (S501, S201 in FIG. 14). Upon receiving the provider information registration request from the authentication server 2, the registration server 1 transmits a provider information input form to the authentication server 2 (S 511, S 101 in FIG. 7). The authentication server 2 displays the input form received from the registration server 1 (S502) and accepts provider information from the operator. Then, the received provider information is transmitted to the registration server 1 and stored in the authentication provider storage unit 25 (S503, S205 and S206 in FIG. 14). The registration server 1 stores the provider information received from the authentication server 2 in the provider information storage unit 16 (S512, S103 in FIG. 7).

  FIG. 27 is a diagram for explaining a schematic operation of the registration server 1 and the tamper resistant device 4 in user information registration.

  When the registration server 1 receives the user information of the tamper resistant device 4 from the operator (registration authority), is the user information record having the same user ID and biometric information type as the user information registered in the user information storage unit 17? If it is not registered, a user information record is newly registered. If it is registered, the user information record is updated (S521, S113, S117, S119, S120 in FIG. 8). Next, the registration server 1 transmits authentication record information corresponding to the newly registered or updated user information record to the tamper resistant device 4 (S522, S114, S121 in FIG. 8). When the tamper resistant device 4 receives the authentication record information from the registration server 1, if the information is the new authentication record information, the tamper resistant device 4 adds the new authentication record to the authentication information storage unit 43. If the information is update information of the existing authentication record, the existing authentication record stored in the authentication information storage unit 43 is updated with this update information (S531, S403, S405 in FIG. 24).

  FIG. 28 is a diagram for explaining a schematic operation of the authentication server 2, the service providing terminal 3, and the tamper resistant device 4 at the start of service provision.

  The service providing terminal 3 transmits the provider ID, the service type, and the biometric information type stored in the provided provider storage unit 36 to the tamper resistant device 4 (S541, S301 in FIG. 19). In response, the tamper resistant device 4 searches the authentication information storage unit 43 for the policy ID corresponding to the received biometric information type, and transmits this policy ID to the service providing terminal 3 together with the biometric information type (S551, FIG. 25 S416). The service providing terminal 3 transmits the policy ID and the biometric information type received from the tamper resistant device 4 to the authentication server 2 (S542, 303 in FIG. 19).

  Next, the authentication server 2 verifies the identity confirmation using the policy ID and the biometric information type in the tamper resistant device received from the service providing terminal 3 (S561, S213 in FIG. 15). A notification to this effect is transmitted to the service providing terminal 3 (S562, S214 in FIG. 15). When the service providing terminal 3 receives the identification confirmation OK notification from the authentication server 2, the service providing terminal 3 collects biological information from the user of the tamper resistant device 4. Further, biometric information is acquired from the tamper resistant device 4 (S552, S416 in FIG. 25). Then, biometric authentication is performed (S543, S308 in FIG. 19). Next, if the biometric authentication is established, the service providing terminal 3 notifies the authentication server 2 and the tamper resistant device 4 to that effect (S544, S309 in FIG. 19). Then, service provision is started (S545, S310 in FIG. 19).

  When the tamper resistant device 4 receives a notification of the establishment of biometric authentication from the service providing terminal 3, the provider ID stored in the provided provider storage unit 36 of the service providing terminal 3 stored in the usage count storage unit 44. And the usage count of the usage count record having the service type is incremented by one (S553, S418 in FIG. 25). Further, when the authentication server 2 receives a notification of the establishment of biometric authentication from the service providing terminal 3, the authentication server 2 registers a log in the log information storage unit 26 (S563, S217 in FIG. 15).

  FIG. 29 is a diagram for explaining a schematic operation of the registration server 1, the authentication server 2, the service providing terminal 3, and the tamper resistant device 4 in resetting the service usage count.

  The service providing terminal 3 transmits the provider ID, the service type, and the biometric information type stored in the provided provider storage unit 36 to the tamper resistant device 4 (S570, S301 in FIG. 19). In response to this, the tamper resistant device 4 searches the usage count storage unit 44 for the usage count corresponding to the received provider ID and service type, and confirms that the usage count is equal to or greater than a predetermined upper limit value. Then, a service usage count reset request is transmitted (S581, S419 in FIG. 25). This reset request is transferred to the registration server 1 via the service providing terminal 3 and the authentication server 2. The registration server 1 determines whether or not the reset request received from the authentication server 2 is acceptable (S591, S132 in FIG. 9). If the verification is successful, a response indicating that the reset is permitted is transmitted to the authentication server 2 (S592, S136 in FIG. 9). This response is transferred to the tamper resistant device 4 via the authentication server 2 and the service providing terminal 3. The tamper resistant device 4 resets the service usage count according to the response to permit the reset (S582, S421 in FIG. 25).

  The embodiment of the present invention has been described above.

  According to the present invention, a user can use biometric information for a service that requires identity verification with a security level lower than that of a policy registered in the tamper-resistant device 4 using his / her tamper-resistant device 4. User authentication. Therefore, the user does not need to request the registration authority (registration server 1) to register biometric information for each service, and the work load can be reduced. Further, each service provider (authentication server 2 and service providing terminal 3) can perform user authentication using biometric information registered by identity verification of a desired security level or higher.

  In addition, this invention is not limited to said embodiment, Many deformation | transformation are possible within the range of the summary. For example, in the above embodiment, the authentication server 2 and the service providing terminal 3 may be integrated on a single computer system.

  In the above embodiment, a field is added to each record stored in the authentication information storage unit 43 of the tamper resistant device 4, and the service provider that can be used with the authentication information registered in the record in the field. The provider ID and service type may be registered.

FIG. 1 is a schematic diagram of an authentication system to which an embodiment of the present invention is applied. FIG. 2 is a schematic diagram of the registration server 1. FIG. 3 is a diagram schematically showing the policy storage unit 15. FIG. 4 is a diagram schematically showing the provider information storage unit 16. FIG. 5 is a diagram schematically showing the user information storage unit 17. FIG. 6 is a diagram illustrating a hardware configuration example of the registration server 1, the authentication server 2, and the service providing terminal 3. FIG. 7 is a flowchart for explaining provider information registration processing of the registration server 1. FIG. 8 is a flowchart for explaining user information registration processing of the registration server 1. FIG. 9 is a flowchart for explaining the service use count reset suitability determination process of the registration server 1. FIG. 10 is a schematic diagram of the authentication server 2. FIG. 11 is a diagram schematically showing the security level storage unit 24. FIG. 12 is a diagram schematically showing the authentication provider storage unit 25. FIG. 13 is a diagram schematically showing the log information storage unit 26. FIG. 14 is a flowchart for explaining the authentication provider information registration request process of the authentication server 2. FIG. 15 is a flowchart for explaining user authentication processing of the authentication server 2. FIG. 16 is a flowchart for explaining the service use count reset request transfer process of the authentication server 2. FIG. 17 is a schematic diagram of the service providing terminal 3. FIG. 18 is a diagram schematically showing the provider provider storage unit 36. FIG. 19 is a flowchart for explaining service providing processing of the service providing terminal 3. This flow is started when the service execution unit 38 receives a service request from the user via the input / output unit 33. FIG. 20 is a schematic view of the tamper resistant device 4. FIG. 21 is a diagram schematically showing the authentication information storage unit 43. FIG. 22 is a diagram schematically showing the usage count storage unit 44. FIG. 23 is a diagram illustrating a hardware configuration example of the tamper resistant device 4. FIG. 24 is a flowchart for explaining authentication information registration / update processing of the tamper resistant device 4. FIG. 25 is a flowchart for explaining service request processing of the tamper resistant device 4. FIG. 26 is a diagram for explaining a schematic operation of the registration server 1 and the authentication server 2 in provider information registration. FIG. 27 is a diagram for explaining a schematic operation of the registration server 1 and the tamper resistant device 4 in user information registration. FIG. 28 is a diagram for explaining a schematic operation of the authentication server 2, the service providing terminal 3, and the tamper resistant device 4 at the start of service provision. FIG. 29 is a diagram for explaining a schematic operation of the registration server 1, the authentication server 2, the service providing terminal 3, and the tamper resistant device 4 in resetting the service usage count.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Registration server, 2 ... Authentication server, 3 ... Service provision terminal, 4 ... Tamper-resistant device, 5 ... Network

Claims (13)

An authentication system for performing user authentication,
A storage medium, a registration device for registering authentication information in the storage medium, and an authentication device for authenticating a user using the authentication information registered in the storage medium,
The storage medium includes
For each biometric information type, biometric information and the policy adopted for identity verification when registering the biometric information are registered,
The registration device
Receiving means for receiving user information including biometric information, biometric information type and identity verification policy;
If the biometric information type included in the user information is not registered in the storage medium, the biometric information and policy included in the user information are registered in the storage medium in association with the biometric information type. , said when the biometric information type included in the user information is registered in the storage medium, the security level is the user information indicated by the policy in which the biometric information species separately association is to be registered in the storage medium is lower than the security level indicated by the policy contained in the biological information and the policy the biometric information type association is separately registered in the storage medium, the biological information contained in the user information and Registration update means for updating to a policy,
The authentication device
Identity verification level verification means for verifying whether the security level associated with the biometric information type used for user authentication and indicated by the policy registered in the storage medium satisfies a predetermined condition;
Biometric information collecting means for collecting biometric information of a biometric information type used for user authentication from a user when verification by the identity verification level verification means is established;
Biometric authentication means for performing biometric authentication using biometric information collected from a user by the biometric information collecting means and biometric information registered in the storage medium in association with a biometric information type used for user authentication; An authentication system characterized by comprising: A registration device for registering information used for user authentication in a storage medium,
Receiving means for receiving user information including biometric information, a biometric information type, and a policy adopted for identity verification when registering the biometric information ;
If the biometric information type included in the user information is not registered in the storage medium, the biometric information and policy included in the user information are registered in the storage medium in association with the biometric information type. , said when the biometric information type included in the user information is registered in the storage medium, the security level is the user information indicated by the policy in which the biometric information species separately association is to be registered in the storage medium is lower than the security level indicated by the policy contained in, the biological information biological information type association is separately registered in the storage medium and policies, the biological information and the policy contained in the user information And a registration updating means for updating to the registration device. The registration device according to claim 2,
Policy storage means for storing the security level of each of the identity verification policies;
The registration update means includes:
A registration apparatus characterized by using the policy storage means to determine whether or not a security level indicated by a policy registered in the storage medium is lower than a security level indicated by a policy included in the user information. . The registration device according to claim 2 or 3,
Communication means for communicating with other devices via a network;
Request availability judgment means for judging whether or not the request is possible by verifying a digital signature attached to the request received from the other apparatus via the communication means and transmitting the judgment result to the other apparatus; And a registration device. For each biometric information type, an authentication device that performs user authentication using a storage medium in which biometric information and a policy adopted for identity verification when registering the biometric information are registered,
Identity verification level verification means for verifying whether the security level associated with the biometric information type used for user authentication and indicated by the policy registered in the storage medium satisfies a predetermined condition;
Biometric information collecting means for collecting biometric information of a biometric information type used for user authentication from a user when verification by the identity verification level verification means is established;
Biometric authentication means for performing biometric authentication using biometric information collected from a user by the biometric information collecting means and biometric information registered in the storage medium in association with a biometric information type used for user authentication; An authentication apparatus comprising: The authentication device according to claim 5,
Further comprising authentication condition storage means for storing a biometric information type using user authentication and a policy for requesting identification when registering biometric information of the biometric information type,
The identity verification level verification means includes:
The security level indicated by the policy registered in the storage medium in association with the biometric information type stored in the authentication condition storage means is equal to or higher than the security level indicated by the policy stored in the authentication condition storage means. In some cases, it is determined that the predetermined condition is satisfied. The authentication device according to claim 5 or 6,
An authentication apparatus, further comprising a communication unit that, when receiving a request with a digital signature from the storage medium, transfers the request to another apparatus via a network. The authentication device according to any one of claims 5 to 7,
A first apparatus having the identity verification level verification means;
An authentication apparatus comprising: the second apparatus having the biometric information collection unit and the biometric authentication unit connected to the first apparatus via a network. A storage medium used for user authentication,
A communication means for communicating with an external device;
Authentication information storage means for storing biometric information and a policy adopted for identity verification when registering the biometric information for each biometric information type;
Storage control means for performing storage control of the authentication information storage means,
The storage control means
First external device than the biometric information type, biometric information via the communication unit, and when receiving authentication record includes a policy, if the authentication record new information, the authentication information to the authentication information broom憶stored in the device, if the authentication record existing information, the biological information and the policy stored in the authentication information broom憶means associated with the biometric information type included in the authentication record, and the received Change to biometric information and policy,
When receiving the biometric information type from the second external apparatus through the communication unit, the authentication information broom憶the policy stored in the unit the second external device in association with the biometric information type transmitted to, when receiving the identification level of the digital signature is validated from the second device in response to the transmission, the authentication information broom憶biometric information stored in the means in association with the biometric information type Is transmitted to the second external device. The storage medium according to claim 9,
It further includes a usage count storage means for storing the user authentication usage count for each service provider that uses user authentication,
The storage control means
When a biometric information type is received from the second external device via the communication unit, the biometric information type is stored in the usage count storage unit in association with the service provider specified by the identification information attached to the biometric information type. If the number of uses have been less than a predetermined value, and sends the policy in association with the biometric information type stored in the authentication information broom憶means to the second external device, less than the predetermined value If not, send the service provider's usage count reset request to the second external device,
When a reset permission is received from the second external device via the communication unit as a response to the service provider use count reset request, the service provider use count stored in the use count storage unit is displayed. A storage medium characterized by being reset. For each biometric information type, a storage medium in which biometric information and a policy adopted for identity verification when registering the biometric information are registered, a registration device for registering authentication information in the storage medium, and a storage medium An authentication device that authenticates a user using registered authentication information, and a user authentication method by an authentication system,
The registration device
Receiving user information including biometric information, biometric information type and identity verification policy;
If the biometric information type included in the user information is not registered in the storage medium, the biometric information and policy included in the user information are registered in the storage medium in association with the biometric information type. ,
If the the biometric information type included in the user information registered in the storage medium, the security level indicated by the policy registered in the biometric information species separately association is in the storage medium is the user information is lower than the security level indicated is included policy, the biological information and the policy biometric information type association is separately registered in the storage medium, the biological information is included in the user information and policy Updated to
The authentication device is
Verifying whether the security level indicated by the policy registered in the storage medium in association with the biometric information type used for user authentication satisfies a predetermined condition;
When verification is established, biometric information of the biometric information type used for user authentication is collected from the user,
An authentication method, wherein biometric authentication is performed using biometric information collected from a user and biometric information registered in the storage medium in association with a biometric information type used for user authentication. A registration device according to any one of claims 2 to 4,
The registration apparatus further comprising user information storage means for storing the biometric information type and the identity verification policy included in the user information received by the reception means. A registration device according to claim 12,
The user information storage means includes
The biometric information included in the user information received by the receiving means is also stored together with the biometric information type and the identity verification policy included in the user information.

Images