JP5664759B2 - Information processing apparatus, authentication system, authentication method, authentication apparatus, and program - Google Patents

Description

  The present invention relates to an information processing apparatus for performing information processing, an authentication system for authenticating an information processing apparatus connected via a communication network, an authentication method, an authentication apparatus, and a program for causing the information processing apparatus to function as a computer. About.

  In recent years, online transactions through the Internet have increased. It is necessary to ensure sufficient security in such online transactions. Conventionally, in order to ensure security, PKI (Public Key Infrastructure) authentication and the like have been implemented in addition to identity verification by biometric authentication. For example, the applicant of the present application has proposed a safety judgment method that combines biometric authentication, PKI authentication, and authentication based on device environmental information in Patent Document 1.

JP 2004-157790 A

  However, in recent years, in addition to the conventional buying and selling of low-priced products, various transactions such as buying and selling high-priced products, trading of financial products such as stocks, and various application procedures for sending personal information are performed via the Internet. ing. Nevertheless, the authentication process has not been improved so much, and it still cannot cope with spoofing, falsification, and attacks targeting the vulnerability of information processing devices. Patent Document 1 does not describe any means for solving such a problem.

  The present invention has been made in view of such circumstances. By signing device information and environmental information to make an electronic envelope, and biometric authentication information with the electronic envelope and making it a double electronic envelope, respecting the intention of dealing and preventing leakage of information to the outside It is to provide an information processing apparatus and the like capable of performing the above.

In the information processing apparatus that performs information processing, the apparatus disclosed in the present application is a reading unit that reads out device information including device identification information that identifies itself from a storage unit, and a collecting unit that collects environmental information about its own usage environment, Accepting means for receiving transaction information from the input unit, first reading means for reading the first secret key stored in the storage unit in advance, device information read by the reading means, and environmental information collected by the collecting means , A signing means for digitally signing with the first secret key, a generating means for generating a first electronic envelope by electronically encapsulating device information and environment information digitally signed by the signing means, and stored in a storage unit in advance Second reading means for reading the second secret key, biometric authentication information that is information relating to biometric authentication, received by the receiving means And the second signature means for electronically signing the first electronic envelope with the second secret key, the biometric information digitally signed by the second signature means, the transaction information and the first electronic envelope Second generation means for generating an envelope and generating a second electronic envelope, means for transmitting the second electronic envelope generated by the second generation means to the outside, a clock unit for outputting the date and time, and biometric authentication were performed A first acquisition unit that acquires a date and time from the clock unit; a second acquisition unit that acquires a date and time when device information is read by the reading unit; and a date and time when environmental information is collected by the collection unit. A third acquisition unit that acquires the transaction information by the reception unit, a fourth acquisition unit that acquires the date and time when the transaction information is received from the clock unit, and a date acquired by the first to fourth acquisition units. There a time determining means for determining whether or not fall within the predetermined time, when it is determined to be within the predetermined time by said time determination means, before Kisei body authentication information and the transaction information, as well as, the first electronic An acquisition request unit that transmits a request for acquiring a time stamp for an envelope to the outside; and a token reception unit that receives a time stamp token related to the time stamp transmitted from the outside, wherein the second generation unit includes the second signature the first digital envelope, biometrics information and the transaction information is a digital signature by means, well, the electronically envelope the timestamp token received by the token receiving means, and generates a second digital envelope.

  According to the device disclosed in the present application, the first reading unit reads the first secret key stored in the storage unit. The signing means electronically signs the device information and the environment information with the first secret key. The generating means converts the electronically signed apparatus information and environment information into an electronic envelope, and generates a first electronic envelope. Further, the second reading means reads the second secret key stored in the storage unit. Similarly, the second signing means digitally signs the biometric authentication information, which is information related to biometric authentication, and the first electronic envelope using the second secret key. Similarly, the second generation unit converts the biometric authentication information digitally signed by the second signature unit and the first electronic envelope into an electronic envelope to generate a second electronic envelope. The last generated second electronic envelope is transmitted to the outside.

  According to one aspect of the apparatus, the apparatus information dependent on the apparatus and the dynamically changing environment information are digitally signed by the first secret key and sealed in the first electronic envelope. The biometric authentication information reflecting the first electronic envelope and the transaction intention of the person to be authenticated is digitally signed with the second secret key. The electronically signed first electronic envelope and biometric authentication information are converted into a second electronic envelope. As a result, tampering can be prevented in advance, and simultaneous authentication of device authentication, environment authentication and biometric authentication can be ensured, and easy spoofing can be prevented. In addition, the second electronic envelope reflects the intention of transaction of the person to be authenticated, and it becomes possible to establish a sound commercial transaction. Further, in the case of external authentication, where there is a high possibility that environmental information is transmitted to the outside, the biometric authentication information in the second electronic envelope is first authenticated. And since environmental information is transmitted outside only after the said authentication, this invention has the outstanding effect that it becomes possible to prevent that information leaks outside unnecessarily.

It is a schematic diagram which shows the outline | summary of the authentication system which concerns on this Embodiment. It is explanatory drawing which shows the process sequence by the side of a computer. It is explanatory drawing which shows the process sequence in the web server side. It is a block diagram which shows the hardware group of a computer. It is explanatory drawing which shows the data structure of a 1st electronic envelope. It is explanatory drawing which shows the data structure of a 2nd electronic envelope. It is a block diagram which shows the hardware group of a Web server. It is explanatory drawing which shows the record layout of user information DB. It is explanatory drawing which shows the record layout of apparatus DB. It is a block diagram which shows the hardware group of DB server. It is explanatory drawing which shows the record layout of software DB. It is a flowchart which shows the procedure of a 2nd electronic envelope production | generation process. It is a flowchart which shows the procedure of a 2nd electronic envelope production | generation process. It is a flowchart which shows the procedure of a 2nd electronic envelope production | generation process. It is a flowchart which shows the procedure of a 2nd electronic envelope production | generation process. It is explanatory drawing which shows the image of a service screen. It is a flowchart which shows the authentication processing procedure in a Web server. It is a flowchart which shows the authentication processing procedure in a Web server. It is a flowchart which shows the authentication processing procedure in a Web server. It is a flowchart which shows the authentication processing procedure in a Web server. 10 is a flowchart illustrating a procedure of electronic envelope processing in a computer according to Embodiment 2. 10 is a flowchart illustrating a procedure of electronic envelope processing in a computer according to Embodiment 2. 10 is a flowchart illustrating a procedure of electronic envelope processing in a computer according to Embodiment 2. 10 is a flowchart illustrating a procedure of electronic envelope processing in a computer according to Embodiment 2. It is a flowchart which shows the procedure of the authentication process of a time stamp. FIG. 10 is a block diagram illustrating a hardware group of a computer according to a third embodiment. FIG. 10 is a block diagram illustrating a hardware group of a computer according to a fourth embodiment. FIG. 10 is a block diagram illustrating a hardware group of a Web server according to a fourth embodiment. It is explanatory drawing which shows the record layout of a static evaluation table. It is explanatory drawing which shows the record layout of a comprehensive evaluation table. It is a flowchart which shows the procedure of the last authentication process. It is a flowchart which shows the procedure of the last authentication process.

Embodiment 1
Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a schematic diagram showing an outline of an authentication system according to the present embodiment. The authentication system includes an authentication device 1, information processing devices 2, 2, 2,..., A communication network N, a certificate authority server computer 3, a database (hereinafter referred to as DB) server computer 4, and the like. In this embodiment, the authentication device 1 of the financial institution makes a transfer in response to a request from the information processing device 2, 2, 2,..., Various transactions such as overseas remittance, foreign currency deposit, investment trust application, and balance inquiry. Although an example of executing processing will be described, the present invention is not limited to this online bank example. For example, the present invention may be applied to authentication in online shopping or application procedures to a specific organization. Hereinafter, the authentication apparatus 1 of a financial institution will be described as being replaced with the Web server 1. Further, in a form in which the transfer is made to another Web server connected to the Web server 1 and various processes such as overseas remittance, foreign currency deposits, investment trust application, and balance inquiry are executed, and the authentication process described below is executed on the Web server 1. There may be.

  The information processing apparatus 2 is, for example, a device such as a personal computer, a mobile phone, a PDA (Personal Digital Assistance), a portable game machine having a communication function, or a music player having a communication function. Hereinafter, an example in which the information processing apparatus 2 is applied to an apparatus such as a desktop personal computer or a notebook personal computer will be described, and the apparatus will be read as a device, and the information processing apparatus 2 will be read as a computer 2 for explanation. The certificate authority server computer 3 is a certificate authority server computer operated by, for example, VeriSign (registered trademark) or GlobalSign, and is hereinafter referred to as a CA (Certificate Authority) server 3. A DB server computer (hereinafter referred to as a DB server) 4 manages environment information regarding the use environment of the computer 2 itself.

  The environment information is information for specifying software, middleware, or firmware operating in the computer 2 or information for specifying software or firmware operating in the security chip 5. In the following, for ease of explanation, the environment information will be described using an example of software information. Specifically, software information such as the OS name, the patch version for the OS, the browser name, the browser patch version, the word processor name, and the anti-virus software name stored in the storage unit 25 of the computer 2 It is. In addition, the name or version of the control program stored in the control program storage unit 513 in the security chip 5 is applicable. Each software can be upgraded via the communication unit 26 or a recording medium such as a CD-ROM (not shown), and new software can be installed. In the present embodiment, for ease of explanation, an embodiment in which the name and version of the OS of the computer 2 and the name and version of the browser are used as software information will be described.

  The computer 2, the CA server 3, the Web server 1, and the DB server 4 are connected to each other via a communication network N including the Internet and a cellular phone network. For example, HTML (HyperText Markup Language) is used by HTTP (HyperText Transfer Protocol) or the like. ) Send and receive files and other information. When the Web server 1 authenticates the computer 2 during transaction processing, biometric authentication such as a fingerprint, device authentication of the computer 2 itself, and software information authentication are used.

  The outline will be described below. FIG. 2 is an explanatory diagram showing a processing procedure on the computer 2 side, and FIG. 3 is an explanatory diagram showing a processing procedure on the Web server 1 side. The computer 2 encrypts its device information and software information with an encryption key. The CA server 3 issues a first electronic certificate (hereinafter referred to as device electronic certificate) indicating that the device itself is valid. The computer 2 signs the encrypted device information and software information using a first private key (hereinafter referred to as device private key) corresponding to the device public key in the device electronic certificate. The signed encrypted device information and software information are inserted into the first electronic envelope.

  Biometric authentication information and transaction information are also encrypted with the encryption key. The CA server 3 issues a second electronic certificate (hereinafter referred to as a user electronic certificate) indicating that the person to be authenticated (hereinafter referred to as a user) is valid. The computer 2 uses the second private key (hereinafter referred to as the user private key) corresponding to the user public key in the user electronic certificate to electronically store the first electronic envelope and the encrypted biometric information and transaction information. Sign. Finally, the first electronic envelope with the electronic signature, the encrypted biometric information and the transaction information are inserted into the second electronic envelope and transmitted to the Web server 1.

  Next, processing on the Web server 1 side will be described with reference to FIG. The Web server 1 extracts the user public key corresponding to the user private key from the user electronic certificate. The Web server 1 verifies the signature of the first electronic envelope in the second electronic envelope, the encrypted biometric authentication information, and the transaction information using the user public key. If the signature verification is successful, the encrypted biometric information and transaction information are decrypted using the decryption key. The biometric authentication is performed using the extracted biometric authentication information.

  When the biometric authentication is successful, the encrypted device information and software information are extracted from the first electronic envelope. The Web server 1 extracts a device public key corresponding to the device private key from the device electronic certificate. The Web server 1 verifies the signature of the encrypted device information and software information in the first electronic envelope using the device public key. When the signature verification is successful, the encrypted device information and software information are decrypted using the decryption key. The web server 1 authenticates the device based on the decrypted device information.

  If the authentication related to the device is successful, the Web server 1 transmits software information to the DB server 4. The DB server 4 determines the software level based on the software information. For example, when an OS or the like with a high security level is installed, the level is high. This software level is transmitted to the Web server 1 side. The Web server 1 performs authentication related to software based on the software level. Transaction processing based on the transaction information is started on the condition that authentication related to the last software is successful, that is, a series of authentication processing is successful. In this embodiment, as shown in FIG. 2, the device information and the software information are encrypted with the encryption key, but it is not always necessary to encrypt them.

  Further, the biometric authentication information and the transaction information are also encrypted with the encryption key, but it is not always necessary to encrypt them. In the present embodiment, description will be made using an example in which both device information and software information, and biometric authentication information and transaction information are encrypted. Further, the transaction information will be described using an example in which the transaction information is inserted into the second electronic envelope together with the biometric authentication information, but is not limited thereto. For example, three pieces of device information, software information, and transaction information may be inserted into the first electronic envelope as a set.

  FIG. 4 is a block diagram showing a hardware group of the computer 2. The computer 2 includes a security chip 5, a CPU (Central Processing Unit) 21 as a control unit, a RAM (Random Access Memory) 22, an input unit 23, a display unit 24, a storage unit 25, a communication unit 26, and a clock unit 28. including. In order to make the computer 2 more secure, a security chip 5 that executes a predetermined process independent of the process executed by the CPU 21 is mounted inside the computer 2.

  The CPU 21 is connected to each hardware part of the computer 2 via the bus 27 and controls them, and executes various software functions according to a control program stored in the storage part 25. The RAM 22 is a semiconductor element or the like, and writes and reads necessary information according to instructions from the CPU 21. The display unit 24 is, for example, a liquid crystal display or an organic EL (Electro-Luminescence) display. The input unit 23 is a keyboard and a mouse, or a touch panel stacked on the display unit 24. The communication unit 26 is, for example, a wired or wireless LAN card and transmits / receives information to / from the Web server 1. The clock unit 28 outputs the current date / time information to the CPU 21.

  The storage unit 25 is a hard disk or a large-capacity flash memory, and stores a control program, an OS 251, a browser 252, a word processor application, a mailer, anti-virus software, and the like. In the following description, it is assumed that the storage unit 25 is a hard disk. The security chip 5 is an IC (Integrated Circuit) chip called a TPM (Trusted Platform Module) based on TCG (Trusted Computing Group) specifications, and has a basic security function defined by the TCG. By mounting the security chip 5 on the computer 2, data is protected from attacks by software and physical attacks, and stronger security is realized.

  Details of the security chip 5 will be described. The security chip 5 includes a main control circuit (hereinafter abbreviated as a circuit) 51, a fingerprint input unit 52, a fingerprint authentication unit 53, a fingerprint information storage unit 54, a user electronic certificate storage unit 55, and a user secret key storage unit 56. , Device electronic certificate storage unit 57, device private key storage unit 58, device information storage unit 59, encryption processing unit 510, software information acquisition unit 511, software information storage unit 512, ID storage unit 515, control program storage unit 513 And an input / output unit 514 and the like. The main control unit 51 is connected to each unit and executes various processes according to the control program stored in the control program storage unit 513. The security chip 5 is connected to the main CPU 21 of the computer 2 via an input / output unit 514 that is an I / F and a bus 27. The main control unit 51 transmits / receives information to / from the CPU 21 via the input / output unit 514.

  When the computer 2 is activated, biometric authentication is performed by the security chip 5 and the CPU 21 operates on the condition that the biometric authentication is successful. The CPU 21 starts up the OS 251. Examples of biometric authentication include fingerprint authentication, iris authentication, authentication using palm veins, voice authentication, face authentication, or a combination thereof. In this embodiment, an example in which fingerprint authentication is performed will be described for ease of explanation. Fingerprint authentication includes a fingerprint input unit 52 that receives user fingerprint information, a fingerprint authentication program 53 that stores a fingerprint authentication program, and a fingerprint that stores fingerprint information that is the basis of fingerprint authentication. It is executed by the information storage unit 54. The fingerprint authentication may be performed when the computer 2 is started up or when information is transmitted to or received from the Web server 1 (at the time of transaction).

  The fingerprint information storage unit 54 stores user fingerprint information in advance. At the time of initial registration, the main control unit 51 takes in the fingerprint information of the user from the fingerprint input unit 52 and stores it in the fingerprint information storage unit 54. When the fingerprint information is stored in the fingerprint information storage unit 54, the main control unit 51 matches the user ID and password input from the input unit 23 with the unique user ID and password stored in advance in the ID storage unit 515. Judge whether to do. The main controller 51 stores the fingerprint information only when it is determined that they match. The ID storage unit 515 stores a user ID and password input via the input unit 23 when the computer 2 is purchased.

  When a power switch (not shown) is turned on and fingerprint authentication is performed, the main control unit 51 receives fingerprint information from the fingerprint input unit 52. Then, the main control unit 51 activates the fingerprint authentication program in the fingerprint recognition unit 53 and determines whether the fingerprint information stored in advance in the fingerprint information storage unit 54 matches the received fingerprint information. When the main control unit 51 determines that they match, the main control unit 51 outputs a fingerprint authentication result indicating that the fingerprint authentication has been successful to the CPU 21. When the fingerprint authentication result indicating that the fingerprint authentication is successful is output, the CPU 21 activates the OS 251.

  The user electronic certificate storage unit 55 stores a user electronic certificate that guarantees the identity of the user issued by the CA server 3. The user private key storage unit 56 stores a user private key paired with the user public key existing in the user electronic certificate. A procedure for issuing a user electronic certificate will be described. The user inputs authentication identification information for specifying the user, such as a user name, a user ID, or an e-mail address, and owner information including the use of the user electronic certificate from the input unit 23. The CPU 21 activates the browser 252 and accesses the CA server 3. The CPU 21 reads the user public key stored in the user electronic certificate storage unit 55 and transmits the owner information input from the input unit 23 to the CA server 3 together with the read public key.

  The CA server 3 performs authentication, and if there is no problem, adds an electronic signature to the owner information and the public key. The CA server 3 transmits the user's public key, owner information, and electronic signature to X.X. A user electronic certificate is generated according to the specification of 509. The CA server 3 transmits the generated user electronic certificate to the computer 2. The CPU 21 of the computer 2C transmits the user electronic certificate to the input / output unit 514. The main control unit 51 stores the user electronic certificate output from the input / output unit 514 in the user electronic certificate storage unit 55. The ID storage unit 515 stores authentication identification information for specifying a user such as a user name, a user ID, a password, and a nickname.

  As the authentication identification information for specifying the user in the ID storage unit 515, for example, the user name, the user ID, the password, and the like are stored in the ID storage unit 515 via the input unit 23 when the computer 2 is purchased. good. Further, when registration is necessary later, such as an e-mail address and a nickname, new information may be stored in the ID storage unit 515 on condition that the user ID and password stored at the time of purchase match. In addition, you may employ | adopt unique certificate ID provided to the user electronic certificate as authentication identification information for specifying a user. In the present embodiment, an example in which a user ID is used as authentication identification information will be described. The biometric authentication information to be encrypted may include the above-described biometric authentication result in addition to the user ID. In the present embodiment, a user ID and a result of biometric authentication indicating that biometric authentication related to the user is successful will be described as an example of biometric authentication information.

  The device electronic certificate storage unit 57 stores a device electronic certificate issued in advance by the CA server 3. The device electronic certificate includes a public key of the security chip 5 indicated by a white key, device identification information for specifying the device itself, an expiration date of the device electronic certificate, and an electronic signature of the CA server 3. The device ID included in the device electronic certificate may include not only the serial number of the security chip 5 but also the serial number of the computer 2C as a set. The device electronic certificate may be issued by the manufacturer to the CA certificate authority when the security chip 5 or the computer 2 is shipped. The device private key storage unit 58 stores a device private key (indicated by hatched key marks) paired with the public key stored in the device electronic certificate storage unit 57. This device secret key is also stored in the device secret key storage 58 in advance when the security chip 5 or the computer 2 is shipped.

  The device information storage unit 59 stores device information including device identification information (hereinafter referred to as device ID) for specifying the device itself. As the device ID, the serial number of the computer 2, the serial number of the security chip 5, the MAC (Media Access Control) address, or a unique certificate ID assigned to the device electronic certificate may be used. In addition to the device ID, the device information may include the manufacturer name, series name, and model number of the security chip 5 or the computer 2. For device information such as device ID, a message digest calculated by a hash function stored in advance may be used instead of true information.

  The software information acquisition unit 511 acquires software information after the computer 2 is started and before the computer 2 is stopped, under a predetermined condition, or every predetermined time. Specifically, the main control unit 51 acquires the name and version of the OS 251 and the name and version of the browser 252 stored in the storage unit 25 according to the program stored in the software information acquisition unit 511. The main control unit 51 stores the acquired software information in the software information storage unit 512. In the present embodiment, the main control unit 51 will be described with reference to an example in which software information is acquired under a predetermined condition, that is, a condition that a transaction is started in online banking.

  Next, transaction information will be described. The browser 252 of the computer 2 is activated to access the Web server 1. For example, when performing deposit processing in online banking, transaction information relating to transactions such as the deposit amount and deposit account number is input from the input unit 23. Further, when purchasing a financial product, transaction information such as a product name and the number of purchases is input from the input unit 23. The CPU 21 outputs the input transaction information to the main control unit 51 via the input / output unit 514.

  Next, encryption, electronic signature, and electronic envelope processing will be described. The main control unit 51 reads the device information stored in the device information storage unit 59 and reads the software information stored in the software information storage unit 512. The main control unit 51 reads the encryption key from the encryption key storage unit 518. The main control unit 51 encrypts device information and software information according to the encryption program stored in the encryption processing unit 510. The main control unit 51 uses the device secret key stored in the device secret key storage unit 58 to digitally sign the encrypted device information and software information (digital signature).

  Specifically, the main control unit 51 calculates a message digest of the encrypted device information and software information based on the hash function stored in the control program storage unit 513. The main control unit 51 encrypts the calculated message digest with the device secret key. This encrypted message digest becomes an electronic signature. The main control unit 51 converts the encrypted device information and software information and the electronic signature into an electronic envelope and generates a first electronic envelope.

  Here, an electronic envelope refers to a method in which information called an envelope (envelope) is added to a structured document such as XML (extended markup language), and a plurality of pieces of information are packaged into one file. FIG. 5 is an explanatory diagram showing the data structure of the first electronic envelope. The first electronic envelope includes at least a header part 331, a content part 332, and an electronic signature part 333 serving as an envelope. Information indicating the first electronic envelope is described in the header portion 331 surrounded by the <Header> tag. Encrypted device information and software information are described in a content portion 332 surrounded by a <Content> tag that is an XML structured text.

  The electronic signature unit 333 surrounded by the <Signature> tag describes the electronic signature of the device information and software information encrypted by the content unit 332. The main control unit 51 reads the template structure text stored in advance according to the control program stored in the control program storage unit 513, and describes the bibliographic information such as information indicating the first electronic envelope in the header unit 331. In addition, the main control unit 51 describes the encrypted device information and software information in the content unit 332. Further, the main control unit 51 uses the device secret key to describe the content described in the content unit 332, that is, the electronic signature of the encrypted device information and software information, and generates an integrated first electronic envelope.

  Next, generation of the second electronic envelope will be described. The second electronic envelope encloses biometric authentication information and transaction information, the first electronic envelope, and these electronic signatures. The main control unit 51 encrypts the biometric authentication information including the user ID and biometric authentication result stored in the ID storage unit 515 and the transaction information with the encryption key stored in the encryption key storage unit 518. The main control unit 51 uses the user secret key stored in the user secret key storage unit 56 to electronically sign the first electronic envelope and the encrypted biometric information and transaction information. The main control unit 51 generates a second electronic envelope by converting the first electronic envelope, the encrypted biometric authentication information and transaction information, and the electronic signature into an electronic envelope.

  FIG. 6 is an explanatory diagram showing the data structure of the second electronic envelope. Similar to the first electronic envelope, the second electronic envelope includes at least a header portion 331, a content portion 332, and an electronic signature portion 333 serving as an envelope. In the header portion 331 surrounded by the <Header> tag, information indicating the second electronic envelope is described. The content portion 332 surrounded by the <Content> tag that is an XML structured text further includes a <first electronic envelope content> tag and <encrypted content> as lower attributes. In the <first electronic envelope content> tag, the first electronic envelope shown in FIG. 5 is described. In the <encrypted content> tag, encrypted biometric authentication information and transaction information are described.

  The electronic signature part 333 surrounded by the <Signature> tag describes the first electronic envelope of the content part 332 and the electronic signature of the encrypted biometric information and transaction information. In accordance with the control program stored in the control program storage unit 513, the main control unit 51 reads the template structure text relating to the second electronic envelope stored in advance, and the bibliography such as information indicating that the header is the second electronic envelope. Describe information. Further, the main control unit 51 describes the information of the first electronic envelope in the <first electronic envelope content> tag of the content unit 332, and the biometric authentication information and transaction information encrypted in the <encrypted content> tag. Is described.

  Further, the main control unit 51 uses the user secret key to describe the content described in the content unit 332, that is, the first electronic envelope, the encrypted biometric authentication information and the electronic signature of the transaction information, and the integrated second Generate an electronic envelope. The second electronic envelope generated by the above processing is transmitted to the Web server 1 via the input / output unit 514 and the communication unit 26.

  FIG. 7 is a block diagram showing a hardware group of the Web server 1. The Web server 1 includes a CPU 11 as an authentication control unit, a RAM 12, an input unit 13, a display unit 14, a storage unit 15 as an authentication storage unit, a communication unit 16, a clock unit 18, and the like. The CPU 11 is connected to the hardware units of the Web server 1 via the bus 17 and controls them, and executes various software functions according to the control program 15P stored in the storage unit 15.

  The RAM 12 is a semiconductor element or the like, and writes and reads necessary information according to instructions from the CPU 11. The display unit 14 is, for example, a liquid crystal display, and the input unit 13 is a keyboard and a mouse. The communication unit 16 is a gateway or the like that functions as a firewall, and transmits and receives information to and from the computer 2, CA server 3, DB server 4, and account DB 19. The clock unit 18 outputs the current date / time information to the CPU 11. The storage unit 15 is, for example, a hard disk, and stores a control program 15P, an HTML file 151, a decryption program 152, a decryption key storage unit 1520, a user information DB 153, a device DB 154, and the like. Note that the user information DB 153 and the like are not necessarily stored in the storage unit 15 in the Web server 1 but stored in a DB server (not shown) connected via the communication unit 16 like the account DB 19. And read and write as needed.

  The account DB 19 stores information related to financial transactions such as an account number and a balance in association with the user ID. The CPU 11 performs processing such as storage and retrieval of necessary information by interacting using SQL (Structured Query Language) or the like in a schema in which the key of each DB field is associated. An HTML (HyperText Markup Language) file 151 stores a screen for executing various processes such as an online banking top page, a registration screen, an authentication screen, a transfer screen, and a balance confirmation screen in an HTML format. It should be noted that the Web server 1 may be executed mainly for authentication processing, and the transmission of various information before authentication and the financial transaction processing after authentication may be executed jointly by another Web server (not shown). is there.

  In response to a request from the computer 2, the CPU 11 of the Web server 1 appropriately reads out the corresponding HTML file 151 and transmits it to the computer 2 via the communication unit 16. The decryption program 152 is a program for decrypting encrypted information transmitted from the computer 2. The decryption key storage unit 1520 stores a decryption key corresponding to the encryption key stored in the encryption key storage unit 518 of the computer 2. The hash function is stored in the storage unit 15.

  FIG. 8 is an explanatory diagram showing a record layout of the user information DB 153. The user information DB 153 stores information on users who perform transactions, for example, user IDs, user names, and user electronic certificate IDs as authentication identification information. The user information DB 153 includes a user ID field, a password field, a user name field, a user electronic certificate ID field, and a user public key field. In addition, the record example in DB in this embodiment is an example to the last, and is not restricted to this. If the relationship between data is maintained, it is sufficient to give free data according to the design.

  The user ID field stores a user ID of a user who executes a transaction process using the computer 2, and the password field stores a password corresponding to the user ID. In the user name field, a user name is stored in association with the user ID. In the user electronic certificate ID field, a unique user electronic certificate ID for specifying the user electronic certificate of the computer 2 is stored. These pieces of information may be stored in the user information DB 153 at the time of initial registration for online banking. The user public key field stores a user public key corresponding to the user secret key. This user public key may be acquired in advance or acquired in the user electronic certificate transmitted from the computer 2 at every transaction.

  The CPU 11 determines whether or not the user ID as authentication identification information in the biometric authentication information extracted from the second electronic envelope matches the user ID stored in the user information DB 153. If they match, it is assumed that biometric authentication by the registered person has succeeded in the computer 2 and the person has executed a transaction, and the process proceeds to the next authentication process.

  FIG. 9 is an explanatory diagram showing a record layout of the device DB 154. The device DB 154 stores device information of the computer 2 used for transactions. The device DB 154 includes a device ID field, a device electronic certificate ID field, a manufacturer name field, a model number field, a device public key field, and a user ID. In the device ID field, a device ID assigned to each device is stored. In the device electronic certificate ID field, an ID for specifying the device electronic certificate stored in the device electronic certificate storage unit 57 of the computer 2 is stored. In the manufacturer name field, the manufacturer name of the computer 2 is stored in association with the device ID. In the model number field, the model number of the computer 2 is stored in association with the device ID.

  The device ID, device electronic certificate ID, manufacturer name, and model number may be stored as message digests calculated based on the hash function as described above. As with the user information, these values are stored based on information transmitted from the computer 2 before the transaction. In the device public key field, a device public key corresponding to the device private key stored in the device private key storage unit 58 of the computer 2 is stored. The device public key may be acquired in advance or may be acquired in the device electronic certificate transmitted from the computer 2 at every transaction. In the user ID field, a user ID for specifying a user who uses the computer 2 is stored. These pieces of information may be collected at the time of initial registration and stored in the device DB 154.

  The CPU 11 extracts a device ID, a manufacturer name, and a model number as device information in the first electronic envelope. The CPU 11 determines whether or not the extracted device ID matches the device ID stored in the device DB 154. If it is determined that they match, it is determined that the transaction request is from the computer 2 permitted in advance, and the process proceeds to the next authentication process.

  The CPU 11 transmits the software information, manufacturer name, and model number in the first electronic envelope to the DB server 4 via the communication unit 16. In other words, since the software environment of the computer 2 changes dynamically due to updates, new installations, and the like, the external DB server 4 performs an evaluation indicating the safety of the software. The DB server 4 transmits a level indicating safety to the Web server 1 based on the software information. The information to be transmitted to the DB server 4 may be only software information. However, the manufacturer name and model number information may also be transmitted to the DB server 4 in order to improve accuracy.

  Collection of information about software and level assignment are performed by the DB server 4 because it is difficult for a trading company such as a bank to manage and operate alone. Of course, a bank or the like may independently construct the DB server 4. Even if the DB server 4 is operated by a third party other than the transaction party, personal information is not transmitted in the present embodiment because software identifying information, manufacturer name, model number, and the like are not transmitted. Can be sufficiently protected.

  FIG. 10 is a block diagram showing a hardware group of the DB server 4. The DB server 4 includes a CPU 41, a RAM 42, a communication unit 46, and a storage unit 45. The CPU 41 is connected to the hardware units of the DB server 4 via the bus 47, controls them, and executes various software functions according to the control program stored in the storage unit 45. The RAM 42 is a semiconductor element or the like, and writes and reads necessary information according to instructions from the CPU 41. The communication unit 46 is a gateway or the like that functions as a firewall.

  A software DB 451 and an evaluation table 452 are stored in the storage unit 45. The software DB 451 stores points indicating the degree of safety for each software for each manufacturer name and model number of the computer 2. FIG. 11 is an explanatory diagram showing a record layout of the software DB 451. The software DB 451 stores software information and points for each manufacturer name and model number of the computer 2. The example in the figure shows software information and points of the model number “FM001” of manufacturer F.

  The software DB 451 includes a software type field, a name field, a version field, and a point field. The software type field stores the type of software such as OS 251, browser 252, anti-virus software, and mailer. The name field stores the name of the software belonging to the software type. For example, the name of the OS 251 such as Windows Vista (registered trademark) of Microsoft Corporation is stored, and the name of the browser 252 such as Internet Explorer (registered trademark) is stored. The version field stores the version of each software.

  The manager of the DB server 4 adds these pieces of information whenever the software is sold or upgraded. In the point field, points indicating the degree of safety for each version of software are stored. In this embodiment, the higher the point, the safer. The CPU 11 searches the software DB 451 using the software information, manufacturer name, and model number transmitted from the Web server 1 as keys, and extracts points corresponding to the software version. CPU11 calculates the total value of the point which concerns on each extracted software. For example, when the OS 251 is “Win Vis”, the version is “Service2.0”, the browser 252 is “IEX”, and the version is “Ver1.0”, the point 3 is added to the point 6 and the total value becomes 9.

  The evaluation table 452 stores a level indicating safety in association with the total value. This level is shown, for example, in five stages. The lower the value, the more vulnerable and the lower the safety. The CPU 11 reads the level corresponding to the total value from the evaluation table 452 and transmits the read level to the Web server 1. When this level is equal to or higher than a predetermined value, for example, 4 or higher, the Web server 1 starts transaction processing based on transaction information in the second envelope. This predetermined value is stored in the storage unit 15 in advance, and an appropriate value can be input from the input unit 13 according to the security policy of the online banking administrator.

  The procedure of authentication processing in the above hardware will be described using a flowchart. 12 to 15 are flowcharts showing the procedure of the second electronic envelope generation process. A user who uses the online banking service turns on a main power switch (not shown) of the computer 2. Note that the above-described user registration, device electronic certificate, encryption key, user electronic certificate registration, storage, application, and the like have already been completed. The security chip 5 is turned on (step S121). The main control unit 51 receives fingerprint information from the fingerprint input unit 52 (step S122).

  The main control unit 51 determines whether or not the received fingerprint information matches the fingerprint information stored in advance in the fingerprint information storage unit 54 (step S123). If the main control unit 51 determines that they do not match (NO in step S123), the main control unit 51 determines that the access is made by a different user and ends the process. On the other hand, if the main control unit 51 determines that they match (YES in step S123), it outputs a signal indicating activation permission to the CPU 21 via the input / output unit 514. CPU21 starts OS251 (step S124).

  The CPU 21 starts up the browser 252 according to the instruction from the input unit 23 (step S125), and accesses the Web server 1. The top page of online banking is displayed on the browser 252 of the display unit 24. The user enters a user ID and password to log in to the service. The CPU 21 receives the user ID and password input from the input unit 23 (step S126) and transmits them to the Web server 1 (step S127). The CPU 11 of the Web server 1 receives the transmitted user ID and password via the communication unit 16 (step S128).

  The CPU 11 determines whether or not the received user ID and password match the user ID and password stored in the user information DB 153 (step S129). If the CPU 11 determines that they do not match (NO in step S129), the CPU 11 terminates the processing as an unauthorized access. On the other hand, if it is determined that they match (YES in step S129), the service screen stored in the HTML file 151 is transmitted (step S131). The CPU 21 of the computer 2 receives the service screen (step S132), and displays the received service screen on the browser 252 (step S133).

  FIG. 16 is an explanatory diagram showing an image of the service screen. Transaction details include balance inquiry, transfer and consultation on investment trusts. In the example of FIG. 16, an example in which the transfer process is executed is described. The CPU 21 inputs transaction information from the input unit 23. In the example of the figure, information indicating that a transfer process is to be performed, account information of a transfer destination, a transfer amount, and the like are input as transaction information. CPU21 receives the transaction information input from the input part 23 (step S134). The CPU 21 determines whether or not the input of the procedure start button 241 indicating the procedure and the start of authentication has been received from the input unit 23 (step S135).

  If the CPU 21 determines that the input of the procedure start button 241 has not been accepted (NO in step S135), the CPU 21 waits until the input is accepted. On the other hand, if the CPU 21 determines that an input has been received (YES in step S135), the transaction information received in step S134 is output to the main control unit 51 via the input / output unit 514. The main control unit 51 activates the control program stored in the control program storage unit 513 with the reception of transaction information as a trigger, and outputs information requesting fingerprint authentication to the CPU 21 via the input / output unit 514.

  Upon receiving the fingerprint authentication request information, the CPU 21 pops up a screen 242 for prompting fingerprint input as shown in FIG. 16 (step S136). In this way, in addition to accepting fingerprint information in step S122, the input of fingerprint information may be requested again. As a result, spoofing between the first fingerprint authentication and transaction information input can be prevented. In addition, entering the user's own fingerprint immediately after entering the transaction information is equivalent to approving the transaction by his / her own intention, so it is possible to more firmly prove the intention of the transaction. It becomes. The main control unit 51 receives the fingerprint information input from the fingerprint input unit 52 (step S137). The main control unit 51 determines whether the received fingerprint information matches the fingerprint information stored in advance in the fingerprint information storage unit 54 (step S138).

  If the main control unit 51 determines that they do not match (NO in step S138), the main control unit 51 determines that the access is made by a different user and ends the process. On the other hand, if the main control unit 51 determines that they match (YES in step S138), the result of biometric authentication indicating that biometric authentication has been successful is stored in the ID storage unit 515 (step S139). The main control unit 51 activates a software information acquisition program stored in the software information acquisition unit 511 (step S141), and acquires software information (step S142). Specifically, the main control unit 51 acquires the name and version of the OS 251 and the name and version of the browser 252 by reading them from the storage unit 25 or the registry. The CPU 21 stores the acquired software information in the software information storage unit 512 (step S143).

  The main control unit 51 reads out device information including the device ID, manufacturer name, and model number from the device information storage unit 59 (step S144). The main control unit 51 reads the software information stored in the software information storage unit 512 (step S145). The main control unit 51 reads the encryption key from the encryption key storage unit 518 (step S146). The main control unit 51 encrypts device information and software information with the encryption key (step S147). The main control unit 51 reads out the device secret key from the device secret key storage unit 58 (step S148).

  The main control unit 51 electronically signs the encrypted device information and software information with the device secret key (step S149). The main control unit 51 converts the encrypted device information and software information and the electronic signature into an electronic envelope to generate a first electronic envelope (step S151). The main control unit 51 reads out biometric authentication information including the user ID and the result of biometric authentication stored in step S139 from the ID storage unit 515 (step S152). After the reading process, the main control unit 51 deletes information related to the result of biometric authentication stored in the ID storage unit 515.

  The main control unit 51 encrypts the biometric authentication information and the transaction information received in step S134 with the encryption key (step S153). Note that although the encryption key in step S153 and the encryption key in step S147 are described as being the same, different encryption keys may be used. The main control unit 51 reads out the user secret key from the user secret key storage unit 56 (step S154). The main control unit 51 electronically signs the first electronic envelope, the encrypted biometric authentication information, and the transaction information with the user secret key (step S155). Specifically, a message digest of the first electronic envelope, encrypted biometric authentication information, and transaction information is calculated, and an electronic signature is obtained by encrypting it with a user private key.

  The main control unit 51 converts the first electronic envelope, the encrypted biometric authentication information and transaction information, and the electronic signature in step S155 into an electronic envelope to generate a second electronic envelope (step S156). The main control unit 51 transmits the second electronic envelope to the Web server 1 via the input / output unit 514 and the communication unit 26 (step S157). In addition to the transmission of the second electronic envelope, the device electronic certificate and the user electronic certificate may be enclosed and transmitted in the second electronic envelope. The CPU 11 of the Web server 1 receives the second electronic envelope via the communication unit 16 (step S158).

  17 to 20 are flowcharts showing an authentication processing procedure in the Web server 1. The CPU 11 of the Web server 1 reads out the user public key corresponding to the user ID from the user information DB 153 (step S171). Note that the device public key and the user public key may be extracted from the device electronic certificate and the user electronic certificate transmitted together with the second electronic envelope, respectively. The CPU 11 verifies the electronic signature in the received second electronic envelope (step S172). Specifically, the first electronic envelope in the second electronic envelope and the message digest of the encrypted biometric information and transaction information are calculated by the hash function stored in the storage unit 15. The CPU 11 obtains a message digest by decrypting the electronic signature with the user public key. If this message digest matches the calculated message digest, it is determined that the electronic signature has been successfully verified without falsification. If they do not match, there is a possibility of falsification, and it is determined that verification of the electronic signature has failed.

  The CPU 11 determines whether the verification is successful (step S173). If the CPU 11 determines that the verification has failed (NO in step S173), the process ends. On the other hand, when the CPU 11 determines that the verification is successful (YES in step S173), the CPU 11 reads the decryption key from the decryption key storage unit 1520 (step S174). The CPU 11 activates the decryption program 152 and decrypts the encrypted biometric information and transaction information (step S175). The CPU 11 determines whether or not there is a biometric authentication result indicating successful biometric authentication in the decrypted biometric authentication information (step S176). If the CPU 11 determines that it does not exist (NO in step S176), it ends the process assuming that biometric authentication has not been performed or biometric authentication has failed.

  On the other hand, if the CPU 11 determines that the result of biometric authentication exists (YES in step S176), the user ID in the biometric authentication information matches the user ID corresponding to the above-described user public key stored in the user information DB 153. Whether or not (step S177). If the CPU 11 determines that they do not match (NO in step S177), the process ends. If the CPU 11 determines that they match (YES in step S177), the device public key corresponding to the user ID is read from the device DB 154 (step S178).

  The CPU 11 verifies the electronic signature in the first electronic envelope (step S179). Specifically, verification of the electronic signature performed on the encrypted device information and software information in the first electronic envelope is performed in the same manner as in step S173. The CPU 11 determines whether or not the verification is successful (step S181). When the CPU 11 determines that the verification has failed (NO in step S181), the CPU 11 terminates the process on the assumption that the falsification has occurred. On the other hand, if the CPU 11 determines that the verification is successful (YES in step S181), it decrypts the encrypted device information and software information using the decryption key (step S182).

  The CPU 11 determines whether or not the device ID in the device information obtained by decryption matches the device public key and the device ID corresponding to the user ID stored in the device DB 154 (step S183). If the CPU 11 determines that they do not match (NO in step S183), the process ends. On the other hand, if the CPU 11 determines that the device IDs match (YES in step S183), it transmits the manufacturer name and model number in the device information and the software information to the DB server 4 (step S184).

  The CPU 41 of the DB server 4 receives the manufacturer name and model number in the device information transmitted via the communication unit 46, and the software information (step S185). The CPU 41 extracts the manufacturer name, model number, and points corresponding to the software information from the software DB 451 (step S186). CPU41 calculates the total value of the points which each software extracted (step S187). The CPU 41 reads the level corresponding to the total value from the evaluation table 452 (step S188). The level calculation process is merely an example, and the weight may be changed by software. For example, the OS 251 point is multiplied by a weight factor of 1.5, and the browser 252 is multiplied by a weight factor of 1.1. In the following, the level related to software safety is referred to as software level.

  The CPU 41 transmits the read software level to the Web server 1 (step S189). The CPU 11 of the Web server 1 receives the software level (step S191). The CPU 11 reads the software reference level from the storage unit 15 (step S192). The CPU 11 determines whether or not the software level is equal to or higher than the software reference level (step S193). If the CPU 11 determines that the level is not higher than the software reference level (NO in step S193), the CPU 11 determines that it is vulnerable and ends the process.

  On the other hand, if the CPU 11 determines that the level is equal to or higher than the software reference level (YES in step S193), the CPU 11 stores a flag indicating successful authentication in the storage unit 15 (step S194). The CPU 11 starts a transfer process for the account DB 19 based on the transaction information decrypted in step S175 (step S195). The CPU 11 reads the transfer completion screen from the HTML file 151 (step S196) and transmits it to the computer 2 (step S197). As described above, it is possible to protect privacy because authentication processing regarding personal information such as a device ID for specifying the computer 2 is executed on the condition that there is no falsification and authentication of the transaction subject succeeds. Become. Further, the third party other than the transaction party is only notified of the software information not related to the personal information, and there is no problem concerning the leakage of the personal information.

Embodiment 2
The second embodiment relates to a mode in which a time stamp is applied. Although a time stamp server for giving a time stamp may be used separately, in this embodiment, the CA server 3 will be described as having a function as a time stamp server in order to facilitate the description. In the present embodiment, a time stamp token is not simply attached to the second electronic envelope, but the living body, the device, the software, and the transaction These four actions are completed within a predetermined time, for example, within a few seconds. Give a timestamp token. Detailed processing will be described below using a flowchart.

  21 to 24 are flowcharts showing the procedure of the electronic envelope process in the computer 2 according to the second embodiment. The following processing is performed after step S133 described in the first embodiment. The CPU 21 of the computer 2 receives transaction information input from the input unit 23 (step S211). The CPU 21 determines whether or not the input of the procedure start button 241 indicating the procedure and authentication start is received from the input unit 23 (step S212).

  When the CPU 21 determines that the input of the procedure start button 241 is not accepted (NO in step S212), the CPU 21 waits until the input is accepted. On the other hand, if the CPU 21 determines that an input has been received (YES in step S212), the CPU 21 refers to the output of the clock unit 28 and acquires the date and time (step S213). Hereinafter, the date and time acquired in step S213 is referred to as transaction date and time. The CPU 21 outputs the transaction information received in step S211 and the acquired transaction date and time to the main control unit 51 via the input / output unit 514. The main control unit 51 activates the control program stored in the control program storage unit 513 with the reception of transaction information as a trigger. If the main control unit 51 determines that the input of the procedure start button 241 has been received, the main control unit 51 may acquire the date and time output from the clock unit 28 or a clock unit (not shown) in the security chip 5. The main control unit 51 stores the accepted transaction date and time in an internal memory (step S214).

  The main control unit 51 outputs information requesting fingerprint authentication to the CPU 21 via the input / output unit 514. Upon receiving the fingerprint authentication request information, the CPU 21 displays a screen 242 for prompting fingerprint input as shown in FIG. 16 (step S215). The main control unit 51 receives the fingerprint information input from the fingerprint input unit 52 (step S216). The main control unit 51 determines whether or not the received fingerprint information matches the fingerprint information stored in advance in the fingerprint information storage unit 54 (step S217). In this embodiment, after the transaction is started, the process proceeds in the order of biometric authentication, collection of software information, and reading of device information. However, the order is not limited to this.

  If the main control unit 51 determines that they do not match (NO in step S217), the main control unit 51 determines that the access is made by a different user and ends the process. On the other hand, if the main control unit 51 determines that they match (YES in step S217), it refers to the output of the clock unit 28 and acquires the date and time (step S218). Hereinafter, the date and time acquired in step S218 is referred to as biological date and time. The main control unit 51 stores the result of biometric authentication and biometric date and time indicating that biometric authentication has been successful in the ID storage unit 515 (step S219). The main control unit 51 starts a software information acquisition program stored in the software information acquisition unit 511 (step S221), and acquires software information (step S222). The CPU 21 stores the acquired software information in the software information storage unit 512 (step S223).

  The main control unit 51 refers to the output of the clock unit 28 and acquires the date and time (step S224). Hereinafter, the date and time acquired in step S224 is referred to as software date and time. The main control unit 51 stores the acquired software date and time in the software information storage unit 512 (step S225). The main control unit 51 reads out device information including the device ID, manufacturer name, and model number from the device information storage unit 59 (step S226). The main control unit 51 refers to the output of the clock unit 28 and acquires the date and time (step S227). Hereinafter, the date and time acquired in step S227 is referred to as device date and time. The main control unit 51 stores the acquired device date and time in an internal memory.

  The main control unit 51 reads the software information stored in the software information storage unit 512 (step S228). The main control unit 51 reads out the encryption key from the encryption key storage unit 518 (step S229). The main control unit 51 encrypts the device information and the software information with the encryption key (step S231). The main control unit 51 reads out the device secret key from the device secret key storage unit 58 (step S232).

  The main control unit 51 electronically signs the encrypted device information and software information with the device secret key (step S233). The main control unit 51 converts the encrypted device information and software information and the electronic signature into an electronic envelope to generate a first electronic envelope (step S234). The main control unit 51 reads out biometric authentication information including the user ID and the result of biometric authentication stored in step S219 from the ID storage unit 515 (step S235). After the reading process, the main control unit 51 deletes information related to the result of biometric authentication stored in the ID storage unit 515.

  The main control unit 51 encrypts the biometric authentication information and the transaction information received in step S211 with an encryption key (step S236). The main control unit 51 reads out the user secret key from the user secret key storage unit 56 (step S237). The main control unit 51 electronically signs the first electronic envelope, the encrypted biometric authentication information, and the transaction information with the user secret key (step S238). The main control unit 51 reads the predetermined time stored in the internal memory (step S239). The main control unit 51 reads the acquired transaction date, biological date, device date, and software date (step S241).

  The main control unit 51 extracts the earliest date and the latest date from the read date and time, and calculates the authentication time required for authentication based on the difference between them (step S242). The predetermined time may be appropriately increased or decreased according to the security policy, such as 10 seconds. The main control unit determines whether the authentication time belongs within a predetermined time (step S243). When the main control unit 51 determines that it does not belong within the predetermined time (NO in step S243), for example, when one hour has elapsed since the start of the transaction, the security level is lowered, and thus the process ends. This makes it possible to reduce the risk of spoofing associated with the transaction and the three authentications taking a lot of time.

  If the main control unit 51 determines that the authentication time is within the predetermined time (YES in step S243), the main control unit 51 calculates a message digest of the first electronic envelope, the encrypted biometric authentication information, and the transaction information (step S244). The main control unit 51 transmits the calculated message digest and time stamp acquisition request to the CA server 3 (step S245). The CA server 3 acquires an accurate second electronic envelope generation time from a server (not shown) of a time distribution company. The CA server 3 performs an electronic signature on the correct generation time and message digest acquired with its own private key. The CA server 3 transmits a time stamp token including a generation time, a message digest, and an electronic signature to the computer 2.

  The main control unit 51 of the computer 2 receives the time stamp token (step S246). The main control unit 51 converts the first electronic envelope, the encrypted biometric authentication information and transaction information, the time stamp token, and the electronic signature in step S238 into an electronic envelope to generate a second electronic envelope (step S247). The main control unit 51 transmits the second electronic envelope to the Web server 1 via the input / output unit 514 and the communication unit 26 (step S248). The CPU 11 of the Web server 1 receives the second electronic envelope via the communication unit 16 (step S249).

  The Web server 1 that has received the second electronic envelope performs the following processing prior to the authentication processing described in the first embodiment. FIG. 25 is a flowchart showing a procedure of time stamp authentication processing. The CPU 11 reads a time stamp token from the second electronic envelope (step S251). The CPU 11 requests the CA server 3 to obtain a public key corresponding to the secret key owned by the CA server 3 (step S252). The CPU 11 receives the public key (step S253).

  The CPU 11 verifies the electronic signature in the time stamp token based on the public key (step S254). Specifically, the CPU 11 decrypts the electronic signature with the public key and takes out the message digest. The CPU 11 calculates the message digest of the generation time and message digest (the first electronic envelope, the encrypted biometric authentication information, and the hash value of the transaction information) in the time stamp token. The CPU 11 determines whether or not the verification is successful based on whether or not the calculated message digest matches the message digest obtained from the public key (step S255).

  If the CPU 11 determines that the verification has not succeeded (NO in step S255), the CPU 11 ends the process on the assumption that there has been any falsification with respect to the time stamp or that the processing has not been performed within a predetermined time. On the other hand, if the CPU 11 determines that the verification is successful (YES in step S255), the CPU 11 stores the generation time in the time stamp token in the storage unit 15 (step S256). Since the subsequent processing is the same as that after step S171 of the first embodiment, detailed description thereof is omitted. This makes it possible to improve the reliability of the transaction because the date and time are accurately determined even in transactions that require strict time, such as stock transactions, or in expensive commodity transactions. In addition, the user's willingness to trade and the three authentications of biometrics, equipment and software are integrated by electronic envelope management and time management, so they are connected to all networks such as the Internet and mobile phone networks. It is possible to improve the authentication level of the device.

  The second embodiment is as described above, and the other parts are the same as those of the first embodiment. Therefore, the corresponding parts are denoted by the same reference numerals, and detailed description thereof is omitted.

Embodiment 3
FIG. 26 is a block diagram illustrating a hardware group of the computer 2 according to the third embodiment. The program for operating the computer 2 and the security chip 5 according to the third embodiment can be provided by a portable recording medium 1A such as a CD-ROM as in the third embodiment. Furthermore, the program can be downloaded from another server computer (not shown) via the communication network N. The contents will be described below.

  A portable recording medium 1A on which a recording medium reading device (not shown) of the computer 2 shown in FIG. 26 reads a first secret key and records a digital signature or the like is inserted and a control program storage unit 513 is inserted. Install this program in the control program. Alternatively, such a program is downloaded from an external server computer (not shown) via the communication unit 26. Then, it is installed in the control program storage unit 513 under the instruction of the main control unit 51. Thereby, it functions as the computer 2 and the security chip 5 as described above.

  The third embodiment is as described above, and the others are the same as in the first and second embodiments. Therefore, the corresponding parts are denoted by the same reference numerals, and detailed description thereof is omitted.

Embodiment 4
In the first embodiment, the example in which the computer 2 mounts the security chip 5 has been described. However, the present invention is not limited to this. The processing executed by the main control unit 51 of the security chip 5 may be executed in the same manner by the CPU 21 of the computer 2 on which the security chip 5 is not mounted. In addition, some functions may be performed by the main control unit 51 of the security chip 5 and some processes may be performed by the CPU 11.

  FIG. 27 is a block diagram illustrating a hardware group of the computer 2 according to the fourth embodiment. The device electronic certificate storage unit 57, the device secret key storage unit 58, and the device information storage unit 59 stored in the security chip 5 are stored in the storage unit 25 and processed by the CPU 21. And different. In this case, there is a high possibility that the stored contents of the device information storage unit 59 such as a hard disk are easily changed. Accordingly, the security level is lowered as compared with the case where all authentication is executed by the security chip 5. In the fourth embodiment, not the main control unit 51 of the security chip 5 but the CPU 21 performs an electronic signature using the device private key stored in the storage unit 25.

  In the first embodiment, fingerprint authentication is performed as biometric authentication. However, each computer 2 is performed by face authentication, fingerprint authentication, palm vein authentication, or a combination thereof. As described above, the security level also differs depending on the type of biometric authentication. As described above, the computer 2 has a different security level (hereinafter referred to as “biological level”), a security level related to equipment (hereinafter referred to as “device level”), and a security level related to software (hereinafter referred to as “software level”). In the present embodiment, the Web server 1 performs authentication processing in consideration of these three levels.

  In the fourth embodiment, the biometric information read in step S152 further includes a type of biometric authentication process (hereinafter referred to as a biometric type). In the following, the biometric type will be described as an example of face authentication, fingerprint authentication, palm vein authentication, and a combination of fingerprint authentication and palm vein authentication. Also, the device information read in step S142 includes a device security type (hereinafter, device type). As this type, an example will be described below in which “the electronic signature using the device private key is executed by the CPU 21” and “the electronic signature using the device private key is executed by the security chip 5”. That is, the former is the computer 2 of the fourth embodiment, and the latter is the computer 2 of the first embodiment.

  FIG. 28 is a block diagram illustrating a hardware group of the Web server 1 according to the fourth embodiment. The storage unit 15 is further provided with a static evaluation table 155 and a comprehensive evaluation table 156. FIG. 29 is an explanatory diagram showing a record layout of the static evaluation table 155. The static evaluation table 155 stores a static level based on biometric authentication information and device information whose security level does not change in principle after the purchase of the computer 2. In the horizontal direction, a living body level and a living body type are stored. The higher the living body level, the higher the safety. A living body level is assigned to each living body type. The biometric level 1 is assigned to the face authentication, the biometric level 2 is applied to the fingerprint authentication, the biometric level 3 is applied to the palm vein authentication, and the highest biometric level 4 is given to those that have undergone both the fingerprint authentication and the palm vein authentication.

  On the other hand, the device level and device type are stored in the vertical axis direction. The higher the device level, the higher the safety. A device level is assigned to each device type. Device level 1 is assigned to “electronic signature by device private key is executed by CPU 21”, and device level 2 is assigned to “electronic signature by device private key is executed by security chip 5.” The static evaluation table 155 stores static levels based on both the living body level and the device level in a matrix form. The higher the static level, the higher the safety.

  The CPU 11 receives biometric authentication information and device information from the computer 2 and reads the biometric type in the biometric authentication information and the device type in the device information. Then, the CPU 11 reads out the static level corresponding to the biological type and the device type from the static evaluation table 155. FIG. 30 is an explanatory diagram showing a record layout of the comprehensive evaluation table 156. The comprehensive evaluation table 156 stores services that permit authentication based on both the static level and the software level. The horizontal axis direction is a static level, and the vertical axis direction is a software level. In the present embodiment, for ease of explanation, the software level is assumed to be three stages, and the higher the numerical value, the higher the safety.

  If both the static level and the software level are low values, trading is impossible. That is, even when there is no tampering or the like, the security level is generally low, so the CPU 11 of the Web server 1 transmits information that cannot be authenticated to the computer 2. If the static level and the software level are high to some extent, only the balance inquiry is stored. The CPU 11 transmits information indicating authentication permission to the computer 2 only when the transaction information is a balance inquiry. If both the static level and the software level are high enough, three are stored: balance inquiry, transfer and financial instrument transaction. When the transaction information is any of balance inquiry, transfer, or financial product transaction, the CPU 11 transmits information indicating authentication permission to the computer 2.

  31 and 32 are flowcharts showing the procedure of the final authentication process. The CPU 11 extracts the biometric type in the biometric authentication information decrypted in step S175 (step S311). The CPU 11 extracts the device type in the device information decrypted in step S182 (step S312). In the present embodiment, an example will be described in which the computer 2 side includes the biometric type in the biometric authentication information and the device type in the device information. However, the present invention is not limited to this. For example, the biometric type and the device type may be acquired from the manufacturer name and model number of the computer 2 in the device information. In this case, the Web server 1 or the DB server 4 may store the biometric type and device type in association with the manufacturer name and model number, and extract the corresponding biometric type and device type. For example, the model number “FM100” of the manufacturer name “F company” stores information such as the biometric type is “pale vein authentication of hand” and the device type is “electronic signature with device secret key is executed by security chip 5”. In this case, the static level is 4.

  The CPU 11 reads the static level from the static evaluation table 155 based on the extracted biological type and device type (step S313). The CPU 11 receives the software level from the DB server 4 as described in step S191 (step S314). The CPU 11 reads a service permitting authentication from the comprehensive evaluation table 156 based on the static level and the software level (step S315). The CPU 11 determines whether there is a service that permits authentication (step S316).

  If there is no service that permits authentication (NO in step S316), that is, if the transaction is stored in the comprehensive evaluation table 156, the CPU 11 transmits information indicating that authentication is impossible to the computer 2 (step S317). On the other hand, if the CPU 11 determines that a service permitting authentication is stored (YES in step S316), it reads the transaction information decrypted in step S175 (step S318). The CPU 11 determines whether or not the transaction information is included in the service read in step S315 (step S319). If the CPU 11 determines that the transaction information is not included in the read service (NO in step S319), the CPU 11 transmits information indicating that authentication is impossible to the computer 2 (step S321).

  If the CPU 11 determines that the transaction information is included in the read service (YES in step S319), the CPU 11 transmits information indicating authentication permission (step S322). Since the subsequent processing is the same as that after step S194, detailed description thereof will be omitted. As a result, it is possible to comprehensively evaluate the three security types of the living body, the device, and the software, and provide differentiated services to clients that match the security policy. In addition, since the security policy can be appropriately changed according to the service content of the service provider, flexible authentication processing can be performed while preventing falsification.

  The fourth embodiment is as described above, and the others are the same as in the first to third embodiments. Therefore, the corresponding parts are denoted by the same reference numerals, and detailed description thereof is omitted.

  The following additional notes are further disclosed with respect to the embodiments including the first to fourth embodiments.

(Appendix 1)
In an information processing apparatus that performs information processing,
Reading means for reading out device information including device identification information for identifying itself from the storage unit;
A collection means for collecting environmental information about its own usage environment;
First reading means for reading the first secret key stored in the storage unit in advance;
Signing means for electronically signing the device information read by the reading means and the environment information collected by the collecting means with the first secret key;
Generating means for converting the device information and the environment information digitally signed by the signing means into an electronic envelope and generating a first electronic envelope;
Second reading means for reading the second secret key stored in the storage unit in advance;
Biometric authentication information, which is information related to biometric authentication, and second signature means for electronically signing the first electronic envelope with the second secret key;
Second generation means for converting the biometric authentication information digitally signed by the second signing means and the first electronic envelope into an electronic envelope and generating a second electronic envelope;
Means for transmitting the second electronic envelope generated by the second generation means to the outside.

(Appendix 2)
The collecting means includes
The information processing apparatus according to appendix 1, wherein environmental information relating to software stored in a storage unit is collected as a use environment.

(Appendix 3)
Comprising a receiving means for receiving transaction information relating to the transaction from the input unit;
The second signing means includes
Biometric authentication information, transaction information received by the receiving means, and electronically signing the first electronic envelope with the second secret key,
The second generation means includes
The information processing apparatus according to claim 1, wherein the biometric authentication information, the transaction information, and the first electronic envelope digitally signed by the second signature unit are converted into an electronic envelope to generate a second electronic envelope.

(Appendix 4)
An encryption unit that encrypts the device information read by the reading unit and the environment information collected by the collection unit with an encryption key stored in advance;
The signing means is
The information processing apparatus according to appendix 3, wherein the apparatus information and the environment information encrypted by the encryption unit are digitally signed by the first secret key.

(Appendix 5)
A second encryption means for encrypting the biometric authentication information and the transaction information received by the receiving means with an encryption key;
The second signing means includes
The information processing apparatus according to appendix 4, wherein the biometric authentication information and the transaction information encrypted by the second encryption unit, and the first electronic envelope are digitally signed with the second secret key.

(Appendix 6)
The information processing apparatus according to appendix 5, wherein the biometric authentication information includes authentication identification information for specifying a person to be authenticated and information related to a result of biometric authentication.

(Appendix 7)
The information processing apparatus according to appendix 5, wherein the biometric authentication information includes authentication identification information for specifying an authentication target person, a type of biometric authentication processing, and a result of biometric authentication.

(Appendix 8)
Provided with a chip that executes predetermined processing
The chip is
A biometric information storage unit that stores biometric information of the person to be authenticated;
Determination means for determining whether or not the biometric information received from the outside matches the biometric information stored in the biometric information storage unit;
The second signing means includes
The biometric authentication information and the transaction information encrypted by the second encryption means and the first electronic envelope are provided in the chip and match the biometric information by the determination means, and the second secret key. The information processing apparatus according to appendix 5, characterized in that the electronic signature is obtained by:

(Appendix 9)
The chip is
A device information storage unit for storing device information;
A first electronic certificate storage unit for storing a first electronic certificate associated with the device;
A first secret key storage unit that stores a first secret key corresponding to the first electronic certificate,
The reading means includes
Read the device information provided in the chip and stored in the device information storage unit,
The first reading means includes
The supplementary note 8, wherein a first private key provided in the chip and corresponding to the first electronic certificate read from the first electronic certificate storage unit is read from the first private key storage unit. Information processing device.

(Appendix 10)
The chip is
A second electronic certificate storage unit for storing a second electronic certificate associated with the person to be authenticated;
A second secret key storage unit that stores a second secret key corresponding to the second electronic certificate,
The second reading means includes
(Supplementary note 9) The second private key provided in the chip and corresponding to the second electronic certificate stored in the second electronic certificate storage unit is read from the second private key storage unit. The information processing apparatus described.

(Appendix 11)
A clock that outputs the date and time,
First acquisition means for acquiring the date and time when biometric authentication was executed from the clock unit;
Second acquisition means for acquiring the date and time when the device information is read by the reading means from the clock unit;
Third acquisition means for acquiring the date and time when environmental information is collected by the collection means from the clock unit;
Fourth acquisition means for acquiring from the timepiece the date and time when the transaction information was received by the reception means;
Time determination means for determining whether the date and time acquired by the first acquisition means to the fourth acquisition means belong within a predetermined time;
An acquisition request means for transmitting, to the outside, an acquisition request for the encrypted biometric information and the transaction information and the time stamp for the first electronic envelope when the time determination means determines that it belongs within a predetermined time. When,
A token receiving means for receiving a time stamp token related to the time stamp transmitted from the outside,
The second generation means includes
The first electronic envelope digitally signed by the second signing means, the encrypted biometric information and transaction information, and the time stamp token received by the token receiving means are converted into an electronic envelope to generate a second electronic envelope. The information processing apparatus according to appendix 5, characterized in that:

(Appendix 12)
In an authentication system for authenticating an information processing apparatus connected via a communication network by an authentication apparatus,
The information processing apparatus includes:
Reading means for reading out device information including device identification information for identifying itself from the storage unit;
A collection means for collecting environmental information about its own usage environment;
First reading means for reading the first secret key stored in the storage unit in advance;
Signing means for electronically signing the device information read by the reading means and the environment information collected by the collecting means with the first secret key;
Generating means for converting the device information and the environment information digitally signed by the signing means into an electronic envelope and generating a first electronic envelope;
Second reading means for reading the second secret key stored in the storage unit in advance;
Biometric authentication information, which is information related to biometric authentication, and second signature means for electronically signing the first electronic envelope with the second secret key;
Second generation means for converting the biometric authentication information digitally signed by the second signing means and the first electronic envelope into an electronic envelope and generating a second electronic envelope;
Transmission means for transmitting the second electronic envelope generated by the second generation means to the authentication device,
The authentication device
Second verification means for verifying the biometric information in the second electronic envelope transmitted by the transmission means and the electronic signature associated with the first electronic envelope based on a second public key corresponding to the second secret key; ,
A biometric determination unit that determines whether biometric authentication information corresponding to the biometric authentication information transmitted by the transmission unit is stored in the authentication storage unit when the second verification unit successfully verifies the electronic signature; An authentication system characterized by comprising.

(Appendix 13)
When the biometric determination unit determines that the information is stored, the electronic signature related to the device information and the environment information in the first electronic envelope is verified based on the first public key corresponding to the first secret key. A first verification means;
And a device determination unit that determines whether or not device information corresponding to the device information is stored in the authentication storage unit when the verification of the electronic signature is successful by the first verification unit. The authentication system according to attachment 12.

(Appendix 14)
Environmental information transmitting means for transmitting the environmental information to the outside when it is determined that the information is stored by the apparatus determining means;
Receiving means for receiving a level relating to safety corresponding to the environmental information transmitted by the environmental information transmitting means;
The authentication system according to claim 13, further comprising means for transmitting information indicating authentication permission to the information processing apparatus based on the level received by the receiving means.

(Appendix 15)
In an authentication method for authenticating an information processing apparatus connected via a communication network by an authentication apparatus,
The control unit of the information processing device reads out device information including device identification information identifying itself from a storage unit;
A collection step in which the control unit collects environmental information about its own usage environment; and
A first reading step in which the control unit reads the first secret key stored in the storage unit in advance;
A signature step in which the control unit electronically signs the device information read out in the reading step and the environment information collected in the collecting step with the first secret key;
An electronic envelope of the device information and environmental information digitally signed in the signing step, and a generation step in which the control unit generates a first electronic envelope;
A second reading step in which the control unit reads the second secret key stored in the storage unit in advance;
Biometric authentication information, which is information related to biometric authentication, and a second signature step in which the control unit electronically signs the first electronic envelope with the second secret key;
A second generation step in which the biometric authentication information and the first electronic envelope digitally signed in the second signature step are converted into an electronic envelope, and the control unit generates a second electronic envelope;
A transmission step of transmitting the second electronic envelope generated by the second generation step to the authentication device;
The authentication control unit of the authentication device uses the biometric authentication information in the second electronic envelope and the electronic signature associated with the first electronic envelope transmitted in the transmission step as a second public key corresponding to the second secret key. A second verification step for verifying based on;
When the verification of the electronic signature is successful in the second verification step, the authentication control unit determines whether or not biometric authentication information corresponding to the biometric authentication information transmitted in the transmission step is stored in the authentication storage unit. An authentication method comprising: a biological judgment step for judging.

(Appendix 16)
In an authentication device that performs authentication of an information processing device connected via a communication network,
Envelope receiving means for receiving biometric information digitally signed with the second secret key and a second electronic envelope obtained by converting the first electronic envelope into an electronic envelope;
Second verification means for verifying the biometric authentication information in the second electronic envelope received by the envelope receiving means and the electronic signature associated with the first electronic envelope based on a second public key corresponding to the second secret key; ,
A biometric determination unit that determines whether biometric authentication information corresponding to the biometric authentication information received by the envelope receiving unit is stored in the authentication storage unit when the verification of the electronic signature by the second verification unit is successful. When,
When the biometric determination unit determines that the information is stored, the device information and the environment information digitally signed by the first secret key are related to the device information and the environment information in the first electronic envelope in which the device information and the environment information are converted into an electronic envelope. An authentication apparatus comprising: first verification means for verifying an electronic signature based on a first public key corresponding to the first secret key.

(Appendix 17)
And a device determination unit that determines whether or not device information corresponding to the device information is stored in the authentication storage unit when the verification of the electronic signature is successful by the first verification unit. The authentication device according to attachment 16.

(Appendix 18)
Environmental information transmitting means for transmitting the environmental information to the outside when the apparatus determining means determines that the information is stored;
Receiving means for receiving a level relating to safety corresponding to the environmental information transmitted by the environmental information transmitting means;
18. The authentication apparatus according to appendix 17, further comprising means for transmitting information indicating authentication permission to the information processing apparatus based on the level received by the receiving means.

(Appendix 19)
In a program used in a computer that transmits information for authentication,
On the computer,
A first reading step in which the control unit of the computer reads the first secret key stored in the storage unit in advance;
A signature step in which the control unit electronically signs the device information including the device identification information for identifying the device itself and the environment information relating to the usage environment of the device collected in advance with the first secret key;
An electronic envelope of the device information and environmental information digitally signed in the signing step, and a generation step in which the control unit generates a first electronic envelope;
A second reading step in which the control unit reads the second secret key stored in the storage unit in advance;
Biometric authentication information, which is information related to biometric authentication, and a second signature step in which the control unit electronically signs the first electronic envelope with the second secret key;
A second generation step in which the biometric authentication information and the first electronic envelope digitally signed in the second signature step are converted into an electronic envelope, and the control unit generates a second electronic envelope;
And a transmission step of transmitting the second electronic envelope generated by the second generation step to the outside.

DESCRIPTION OF SYMBOLS 1 Web server 1A Portable recording medium 2 Computer 3 CA server 4 DB server 5 Security chip 11 CPU
13 Input unit 14 Display unit 15 Storage unit 15P Control program 16 Communication unit 18 Clock unit 51 Main control unit 52 Fingerprint input unit 53 Fingerprint authentication unit 54 Fingerprint information storage unit 55 User electronic certificate storage unit 56 User private key storage unit 57 Device Electronic certificate storage unit 58 Device private key storage unit 59 Device information storage unit 153 User information DB
154 Device DB
155 Static evaluation table 251 OS
252 Browser 510 Encryption processing unit 451 Software DB
452 Evaluation Table 511 Software Information Acquisition Unit 512 Software Information Storage Unit 515 ID Storage Unit 513 Control Program Storage Unit 514 Input / Output Unit N Communication Network

Claims (9)

In an information processing apparatus that performs information processing,
Reading means for reading out device information including device identification information for identifying itself from the storage unit;
A collection means for collecting environmental information about its own usage environment;
A receiving means for receiving transaction information related to the transaction from the input unit;
First reading means for reading the first secret key stored in the storage unit in advance;
Signing means for electronically signing the device information read by the reading means and the environment information collected by the collecting means with the first secret key;
Generating means for converting the device information and the environment information digitally signed by the signing means into an electronic envelope and generating a first electronic envelope;
Second reading means for reading the second secret key stored in the storage unit in advance;
Biometric authentication information, which is information related to biometric authentication, transaction information received by the receiving means, and second signature means for electronically signing the first electronic envelope with the second secret key;
Second generating means for converting the biometric authentication information electronically signed by the second signing means, the transaction information, and the first electronic envelope into an electronic envelope to generate a second electronic envelope;
Means for transmitting the second electronic envelope generated by the second generation means to the outside;
A clock that outputs the date and time,
First acquisition means for acquiring the date and time when biometric authentication was executed from the clock unit;
Second acquisition means for acquiring the date and time when the device information is read by the reading means from the clock unit;
Third acquisition means for acquiring the date and time when environmental information is collected by the collection means from the clock unit;
Fourth acquisition means for acquiring from the timepiece the date and time when the transaction information was received by the reception means;
Time determination means for determining whether the date and time acquired by the first acquisition means to the fourth acquisition means belong within a predetermined time;
If it is determined to be within the predetermined time by said time determination means, before Kisei body authentication information and the transaction information, as well as, an acquisition requesting means for transmitting a request for a time stamp for said first digital envelope to the outside,
A token receiving means for receiving a time stamp token related to the time stamp transmitted from the outside,
The second generation means includes
The first digital envelope was digitally signed by the second signing unit, biometrics information and the transaction information, as well, the time stamp token received by the token receiving section to the electronic envelope of, characterized by generating the second digital envelope Information processing apparatus. The collecting means includes
The information processing apparatus according to claim 1, wherein environment information about software stored in the storage unit is collected as a use environment. An encryption unit that encrypts the device information read by the reading unit and the environment information collected by the collection unit with an encryption key stored in advance;
The signing means is
The information processing apparatus according to claim 1, the encrypted device information and the environment information, wherein the electronic signature by said first secret key by the encryption means. A second encryption means for encrypting the biometric authentication information and the transaction information received by the receiving means with an encryption key;
The second signing means includes
The information processing apparatus according to claim 3 , wherein the biometric authentication information and the transaction information encrypted by the second encryption unit, and the first electronic envelope are digitally signed with the second secret key. The information processing apparatus according to claim 4 , wherein the biometric authentication information includes authentication identification information for specifying an authentication target person and information related to a result of biometric authentication. In an authentication system for authenticating an information processing apparatus connected via a communication network by an authentication apparatus,
The information processing apparatus includes:
Reading means for reading out device information including device identification information for identifying itself from the storage unit;
A collection means for collecting environmental information about its own usage environment;
A receiving means for receiving transaction information related to the transaction from the input unit;
First reading means for reading the first secret key stored in the storage unit in advance;
Signing means for electronically signing the device information read by the reading means and the environment information collected by the collecting means with the first secret key;
Generating means for converting the device information and the environment information digitally signed by the signing means into an electronic envelope and generating a first electronic envelope;
Second reading means for reading the second secret key stored in the storage unit in advance;
Biometric authentication information, which is information related to biometric authentication, transaction information received by the receiving means, and second signature means for electronically signing the first electronic envelope with the second secret key;
Second generating means for converting the biometric authentication information electronically signed by the second signing means, the transaction information, and the first electronic envelope into an electronic envelope to generate a second electronic envelope;
Transmitting means for transmitting the second electronic envelope generated by the second generating means to the authentication device;
A clock that outputs the date and time,
First acquisition means for acquiring the date and time when biometric authentication was executed from the clock unit;
Second acquisition means for acquiring the date and time when the device information is read by the reading means from the clock unit;
Third acquisition means for acquiring the date and time when environmental information is collected by the collection means from the clock unit;
Fourth acquisition means for acquiring from the timepiece the date and time when the transaction information was received by the reception means;
Time determination means for determining whether the date and time acquired by the first acquisition means to the fourth acquisition means belong within a predetermined time;
If it is determined to be within the predetermined time by said time determination means, before Kisei body authentication information and the transaction information, as well as, an acquisition requesting means for transmitting a request for a time stamp for said first digital envelope to the outside,
A token receiving means for receiving a time stamp token related to the time stamp transmitted from the outside,
The second generation means includes
The first digital envelope, biometrics information and the transaction information is electronically signed by the second signing unit, and the time stamp token received by the token receiving section to the electronic envelope of, generates a second digital envelope,
The authentication device
Second verification means for verifying the biometric information in the second electronic envelope transmitted by the transmission means and the electronic signature associated with the first electronic envelope based on a second public key corresponding to the second secret key; ,
A biometric determination unit that determines whether biometric authentication information corresponding to the biometric authentication information transmitted by the transmission unit is stored in the authentication storage unit when the verification of the electronic signature is successful by the second verification unit; An authentication system comprising: In an authentication method for authenticating an information processing apparatus connected via a communication network by an authentication apparatus,
The control unit of the information processing device reads out device information including device identification information identifying itself from a storage unit;
A collection step in which the control unit collects environmental information about its own usage environment; and
A receiving step for receiving transaction information relating to the transaction;
A first reading step in which the control unit reads the first secret key stored in the storage unit in advance;
A signature step in which the control unit electronically signs the device information read out in the reading step and the environment information collected in the collecting step with the first secret key;
An electronic envelope of the device information and environmental information digitally signed in the signing step, and a generation step in which the control unit generates a first electronic envelope;
A second reading step in which the control unit reads the second secret key stored in the storage unit in advance;
Biometric authentication information which is information relating to biometric authentication, the received transaction information, and a second signature step in which the control unit electronically signs the first electronic envelope with the second secret key;
A second generation step in which the biometric authentication information digitally signed in the second signature step, the transaction information, and the first electronic envelope are converted into an electronic envelope, and the control unit generates a second electronic envelope;
A transmission step of transmitting the second electronic envelope generated by the second generation step to the authentication device;
A first acquisition step of acquiring from a clock unit that outputs the date and time when biometric authentication is executed;
A second acquisition step of acquiring from the clock unit the date and time when the device information is read out in the reading step;
A third acquisition step of acquiring the date and time when environmental information is collected in the collection step from the clock unit;
A fourth acquisition step of acquiring the date and time when the transaction information was received in the reception step from the clock unit;
A time determination step of determining whether the date and time acquired by the first acquisition step to the fourth acquisition step belong within a predetermined time;
If it is determined to be within the predetermined time by said time determination step, before Kisei body authentication information and the transaction information, as well as an acquisition request sending an acquisition request for a time stamp for said first digital envelope to the outside,
A token receiving step of receiving a time stamp token related to the time stamp transmitted from the outside,
The second generation step includes
Said second signature first digital envelope was digitally signed by step, biometrics information and the transaction information, as well, the time stamp token received by the token receiving step by the electronic envelope of, generates a second digital envelope,
The authentication control unit of the authentication device uses the biometric authentication information in the second electronic envelope and the electronic signature associated with the first electronic envelope transmitted in the transmission step as a second public key corresponding to the second secret key. A second verification step for verifying based on;
When the verification of the electronic signature is successful in the second verification step, the authentication control unit determines whether or not biometric authentication information corresponding to the biometric authentication information transmitted in the transmission step is stored in the authentication storage unit. An authentication method comprising: a biological judgment step for judging. In the authentication apparatus which authenticates the information processing apparatus of Claim 1 connected via the communication network,
An envelope receiving means for receiving biometric authentication information electronically signed with a second private key, transaction information, and a second electronic envelope obtained by converting the first electronic envelope into an electronic envelope;
The biometric authentication information, the transaction information, and the electronic signature associated with the first electronic envelope received by the envelope receiving means are verified based on the second public key corresponding to the second private key. 2 verification means;
A biometric determination unit that determines whether biometric authentication information corresponding to the biometric authentication information received by the envelope receiving unit is stored in the authentication storage unit when the verification of the electronic signature by the second verification unit is successful. When,
When the biometric determination unit determines that the information is stored, the device information and the environment information digitally signed by the first secret key are related to the device information and the environment information in the first electronic envelope in which the device information and the environment information are converted into an electronic envelope. An authentication apparatus comprising: first verification means for verifying an electronic signature based on a first public key corresponding to the first secret key. In a program used in a computer that transmits information for authentication,
On the computer,
A first reading step in which the control unit of the computer reads the first secret key stored in the storage unit in advance;
A signature step in which the control unit electronically signs the device information including the device identification information for identifying the device itself and the environment information relating to the usage environment of the device collected in advance with the first secret key;
An electronic envelope of the device information and environmental information digitally signed in the signing step, and a generation step in which the control unit generates a first electronic envelope;
A second reading step in which the control unit reads the second secret key stored in the storage unit in advance;
Biometric authentication information which is information relating to biometric authentication, received transaction information, and a second signature step in which the control unit electronically signs the first electronic envelope with the second secret key;
A second generation step in which the biometric authentication information digitally signed in the second signature step, the transaction information, and the first electronic envelope are converted into an electronic envelope, and the control unit generates a second electronic envelope;
A transmission step of transmitting the second electronic envelope generated by the second generation step to the outside;
A first acquisition step of acquiring from a clock unit that outputs the date and time when biometric authentication is executed;
A second acquisition step of acquiring from the clock unit the date and time when the device information is read out in the reading step;
A third acquisition step of acquiring the date and time when environmental information is collected in the collection step from the clock unit;
A fourth acquisition step of acquiring the date and time when the transaction information was received in the reception step from the clock unit;
A time determination step of determining whether the date and time acquired by the first acquisition step to the fourth acquisition step belong within a predetermined time;
If it is determined to be within the predetermined time by said time determination step, before Kisei body authentication information and the transaction information, as well as an acquisition request sending an acquisition request for a time stamp for said first digital envelope to the outside,
A token receiving step of receiving a time stamp token related to the time stamp transmitted from the outside,
The second generation step includes
It said second signature first digital envelope was digitally signed by step, biometrics information and the transaction information, as well, the time stamp token received by the token receiving step to digital envelope of the program to generate a second digital envelope.

Images