JP6513545B2 - Authentication system and authentication method - Google Patents

Description

  The present invention relates to an authentication system and an authentication method, and more particularly to an authentication system and an authentication method suitable for use in improving the security of a system that performs user authentication based on biometric information.

  Conventionally, in the case of performing user authentication of an information processing system, authentication using a password registered by the user has mainly been performed. However, although password authentication is simple, there is a problem that the risk of leakage or plagiarism is high. Therefore, biometric authentication using biometric information such as finger veins and fingerprints has come to be used as a service for important authentication such as bank account transaction. Biometric authentication requires special devices, and although there is a possibility of misrecognition, the risk of leakage or theft is reduced, and there is an advantage that security can be improved. Regarding biometric authentication, according to Patent Document 1, when the biometric information input matches the biometric information of the administrator of the biometric information database at the time of registration of the user biometric information, and the approval operation is performed, A technique is disclosed that registers input unknown biometric information in a database as biometric information of a user.

JP, 2012-83874, A

  According to Patent Document 1, there is no disclosure of a method for associating the history of approval with the biometric information of the user personally, and when verifying the electronic signature created by the identification, the biometric authentication of the user There is a problem that the legitimacy at the time of information registration can not be confirmed.

  Therefore, the present invention has been made to solve the above-mentioned problems, and its object is to make the system in which the approval of the administrator is essential when registering the biometric information of the user, and the history is digitally signed by the user. It is an object of the present invention to provide an authentication system with improved security by suppressing self-registration of biometric information by a user, verifying impersonation, etc., preventing impersonation registration and registration of forged biometric information.

  The configuration of the authentication system of the present invention is an authentication system including a semiconductor card for user, biometric information acquisition device for user, a certificate server, and an information terminal, and the information terminal and the certificate server are connected by a network. The semiconductor card for user holds the biometric information of the user read by the biometric information acquisition device for user and the administrator approval information indicating that the administrator permits the issuance of the user certificate, and the information terminal , Reads administrator approval information from the semiconductor card for user, transmits administrator approval information to the certificate server, and the certificate server verifies the administrator approval information, and when the approval is obtained, the user Issue a user certificate, register the user certificate, and send it to the information terminal, and the information terminal sends the user certificate to the semiconductor card for user, and the semiconductor for user Over de is obtained so as to store the user certificate.

  In addition, administrator authentication for generating administrator approval information is performed based on the biometric information of the administrator or based on a password input to the information terminal.

  Furthermore, the configuration of the authentication system according to the present invention includes the semiconductor card for administrator, and the semiconductor card for administrator generates an administrator signature at the time of administrator authentication, and writes the administrator signature in the administrator approval information. , The information terminal transmits administrator approval information to the semiconductor card for user, and the semiconductor card for user verifies the administrator signature in the administrator approval information, and the user certificate is correct. Is to be stored.

  In the above authentication system, the certificate server generates a user signature generation key and transmits it to the information terminal together with the user certificate, and the information terminal transmits the user signature generation key to the IC card for user together with the user certificate. The user IC card verifies the administrator approval status in the administrator approval information, and when approved, registers the user signature generation key together with the user certificate, and the user IC card A signature of administrator approval information is generated by the user signature generation key and stored as an administrator signature.

  Further, the configuration of the authentication system according to the present invention further includes a verification server connected to the information terminal and the certificate server by a network, and the information terminal transmits the signature data of the document to be verified to the semiconductor card for user. The semiconductor card for user generates a user signature by the user signature generation key, transmits the user signature and the administrator approval information to the information terminal, and the information terminal manages the document, the user signature, and management User authentication information is sent to the verification server.

  Furthermore, in the above authentication system, the administrator approval information includes a user ID, the verification server transmits the user ID to the certificate server, and the certificate server is a user certificate corresponding to the transmitted user ID. Document to the verification server, and the verification server verifies the user signature and administrator approval information based on the transmitted user certificate, and calculates the reliability of the document based on the result. It is

  According to the present invention, when registering the biometric information of the user, the system requires the approval of the administrator, and the history is checked when the user verifies the electronic signature, etc. It is possible to provide an authentication system with improved security by suppressing various registrations and preventing registration of impersonation registration and forged biometric information.

It is a block diagram which shows the whole structure of the authentication system which concerns on 1st embodiment of this invention. It is a functional block diagram of a biometric information acquisition apparatus for users, and an IC card for users. It is a functional block diagram of an information terminal, a certificate server, and a verification server. It is a functional block diagram of the biometric information acquisition apparatus for administrators, and the IC card for administrators. It is a figure which shows an example of the information which the information terminal which concerns on 1st embodiment of this invention, the IC card for users, and the IC card for administrators hold | maintain. It is a flowchart which shows the process which registers the biometric information and the user certificate of the user which concern on 1st embodiment of this invention in the user IC card 1. FIG. FIG. 6 is a sequence diagram showing a manager approval process when registering user biometric information according to the first embodiment of the present invention. It is a flowchart which shows the process which the user concerning 1st embodiment of this invention implements biometrics, and produces | generates a signature with respect to a document. It is a flowchart which shows the process which acquires the reliability of a document with respect to a user's document by the verification server 5 which concerns on 1st embodiment of this invention. It is a block diagram which shows the whole structure of the authentication system which concerns on 2nd embodiment of this invention. It is a figure which shows an example of the information which the information terminal which concerns on 2nd embodiment of this invention, the IC card for users, and the IC card for administrators hold | maintain. It is a sequence diagram showing manager approval processing at the time of registering user biometric information concerning a second embodiment of the present invention. It is a block diagram which shows the whole structure of the authentication system which concerns on 3rd embodiment of this invention. It is a figure which shows an example of the information which the information terminal which concerns on 3rd embodiment of this invention, and the IC card for users hold | maintain. It is a sequence diagram showing manager approval processing at the time of registering user biometric information concerning a third embodiment of the present invention. It is a figure which shows an example of the user certificate C10 which concerns on 4th embodiment of this invention. It is a flowchart which shows the process which registers the biometric information and user certificate of the user which concern on the 4th embodiment of this invention in the user IC card 1. FIG. It is a flowchart which shows the process which the user concerning 4th embodiment of this invention implements biometrics, and produces | generates a signature with respect to a document. It is a flowchart which shows the process which acquires the reliability of a document with respect to a user's document by the verification server 5 which concerns on 4th embodiment of this invention. FIG. 6 is a diagram showing an example of a document reliability table in which document reliability is evaluated by verifying a user signature and an administrator approval state.

  Hereinafter, each embodiment according to the present invention will be described with reference to FIGS. 1 to 20.

Embodiment 1
Hereinafter, a first embodiment according to the present invention will be described using FIGS. 1 to 9.

  The authentication system of the present invention requires the approval of the administrator when registering the biometric information of the user in the IC card, and confirms the history when the user creates the electronic signature, thereby reducing the convenience without losing security. It performs authentication. As a system model of this embodiment, a user who needs to guarantee the reliability of the document and a manager who approves the authentication information are provided as actors.

  First, the configuration of an authentication system according to the first embodiment of the present invention will be described using FIGS. 1 to 5. FIG. 1 is a configuration diagram showing an entire configuration of an authentication system according to a first embodiment of the present invention. FIG. 2 is a functional block diagram of a user biometric information acquisition apparatus and a user IC card. FIG. 3 is a functional configuration diagram of the information terminal, the certificate server, and the verification server. FIG. 4 is a functional block diagram of the administrator biometric information acquisition apparatus and the administrator IC card. FIG. 5 is a view showing an example of information held by the information terminal, the user IC card, and the administrator IC card according to the first embodiment of the present invention.

  As shown in FIG. 1, the authentication system according to the present embodiment includes an IC card for user 1, a biometric information acquisition device for user 2, an IC card 8 for administrator, an administrator biometric information acquisition device 9, and an information terminal 3. It consists of a certificate server 4 and a verification server 5.

  The information terminal 3, certificate server 4, and verification server 5 are connected by a local or global network such as the Internet. Both the information terminal 3 and the user biometric information acquisition device 2, and the information terminal 3 and the administrator biometric information acquisition device 9 can exchange information via a wired or wireless interface.

  The IC card 1 for user is a semiconductor device that holds biometric information of the user, stores user information input via the biometric information acquisition device 2 for user, and outputs it for authentication. In particular, as described later, the user IC card 1 of the present embodiment holds the approval information of the administrator. The user biometric information acquisition device 2 performs input and output of information with the user IC card 1. A device for

  The administrator IC card 8 is a semiconductor device that holds the biometric information of the administrator, stores user information input via the user biometric information acquisition device 2, and outputs it for authentication. The administrator's biometric information acquisition device 9 is a device for performing input and output of information with the administrator IC card 8.

  The user's biometric information acquisition device 2 and the administrator's biometric information acquisition device 9 may have the same hardware specifications, or one may share them.

  The certificate server 4 is a server that issues a user certificate.

  The verification server 5 is a server that verifies the legitimacy of the document.

  The information terminal 3 is a terminal that inputs an instruction of registration and authentication of biometric information of a user and an administrator, and exchanges information regarding a user certificate with the certificate server 4.

  The IC card 1 for user is considered to be a secure semiconductor device provided with a tamper resistant mechanism etc., and a communication unit capable of communicating with other devices and devices, a control unit capable of computing information, high speed encryption processing The semiconductor device has an encryption operation unit and the like, and exchanges information with the user biometric information acquisition device 2 and the information terminal 3 mainly. It is assumed that the user IC card 1 is used by a user who uses the authentication system. As the IC card 1 for user, a SIM card type IC card, a microSD type IC card, an embedded chip type IC card, a noncontact type and a contact type IC card, etc. can be considered. Absent. Alternatively, the user IC card 1 may be integrated with the user biometric information acquisition device 2 or the information terminal 3 and may share the control unit or the semiconductor element itself with them. A plurality of user IC cards 1 may be included in the authentication system, and one user biometric information acquisition device 2 or information terminal 3 may communicate with a plurality of user IC cards 1.

  The biometric information acquisition device 2 for user is a device having a biometric information acquisition function of acquiring biometric information, a communication function capable of communicating with other devices or devices, and a control function capable of computing information, etc. This device is responsible for acquiring biological information and sending it to the user IC card 1. The authentication system may include a plurality of user biometric information acquisition devices 2. Examples of the biometric information acquisition device 2 for users include a device that acquires one or more pieces of biometric information such as veins, fingerprints, palms, irises, voices, faces, etc. and images or voice signals, PC peripheral devices, etc. It is not limited. Alternatively, the user biometric information acquisition device 2 may be integrated with the information terminal 3 and share a control unit and the like. The authentication system may include a plurality of user biometric information acquisition devices 2, and one information terminal 3 may communicate with the plurality of user biometric information acquisition devices 2.

  The information terminal 3 is a terminal having a display function capable of displaying information, an input function capable of inputting information, a communication function capable of communicating with other devices or devices, and a control function capable of computing information. It is a device that mainly plays the role of mediating the input between the user and the administrator, and the communication between the biometric information acquisition device and the IC card and the server. The authentication system may include a plurality of information terminals 3. As information terminal 3, although a smart phone, a tablet terminal, a wearable terminal, a desktop computer, a laptop computer etc. can be considered, it is not restricted to these.

  The certificate server 4 is a server that communicates with the information terminal 3 and other servers through a network or the like. The certificate server 4 has, for example, X.I. It is assumed that the server is a server that performs processing related to issuing of a public key certificate (PKI) as defined in 509 and processing related to generation of a secret key. The certificate server 4 may operate other applications, or may have a configuration in which functions are divided into a plurality of servers or storage cases and the like, and they are combined. Further, the information device is not limited to the server and may be an information device capable of the same processing.

  The verification server 5 is a server that communicates with the information terminal 3 and other servers through a network or the like. It is conceivable that the verification server 5 is, for example, a server that performs processing of verifying a signature generated by PKI using a public key certificate. Other applications may be operating, or functions may be divided into a plurality of servers, storages, and other cases, and they may be combined. Further, the information device is not limited to the server and may be an information device capable of the same processing.

  The IC card 8 for administrator is considered to be a secure semiconductor device provided with a tamper resistant mechanism and the like, a communication unit capable of communicating with other devices and devices, a control unit capable of computing information, high speed encryption It is a semiconductor element having a cryptographic operation unit or the like capable of processing, and mainly exchanges information with the administrator's biometric information acquisition device 9 and the information terminal 3. It is conceivable that the administrator IC card 8 is used by a user who uses the authentication system. As the administrator IC card 8, although a SIM card type IC card, a microSD type IC card, an embedded chip type IC card, a noncontact type and a contact type IC card, etc. can be considered, but it is not limited thereto. . Alternatively, the administrator IC card 8 may be integrated with the administrator biometric information acquisition device 9 or the information terminal 3 and may share the control unit or the semiconductor element itself with them. The authentication system may include a plurality of administrator IC cards 8, and one administrator biometric information acquisition device 9 or information terminal 3 communicates with a plurality of administrator IC cards 8. It is also good. Further, part of the functions of IC card 8 for administrator may be included in user IC card 1 etc., and part of functions of IC card 1 for user is included in IC card 8 for administrator May be

  The administrator's biometric information acquisition device 9 is a terminal having a biometric information acquisition function of acquiring biometric information, a communication function capable of communicating with other devices and devices, and a control function capable of computing information, etc. , And is responsible for acquiring biological information and sending it to the IC card 8 for administrator. The authentication system may include a plurality of administrator biometric information acquisition devices 9. A device for acquiring biometric information such as finger veins, fingerprints, face images, irises, voices, PC peripheral devices, and the like can be considered as the administrator's biometric information acquisition device 9, but the invention is not limited thereto. Alternatively, the administrator biometric information acquisition device 9 may be integrated with the information terminal 3 and may share a control unit and the like. A plurality of administrator biometric information acquisition devices 9 may be included in the authentication system, and one information terminal 3 may communicate with a plurality of administrator biometric information acquisition devices 9. Further, part of the functions of the administrator's biometric information acquisition apparatus 9 may be included in the user's biometric information acquisition apparatus 2 or the like, and part of the functions of the user's biometric information acquisition apparatus 2 is an administrator's organism. It may be included in the information acquisition device 9.

  Communication interfaces between the information terminal 3 and the user biometric information acquisition device 2 and the administrator biometric information acquisition device 9 or communication interfaces between the information terminal 3 and the user IC card 1 and administrator IC card 8 For example, USB (Universal Serial Bus), ISO 7816, which is the international standard communication system for contact IC cards, ISO 14443, which is the international standard communication system for contactless IC cards, FeliCa (registered trademark), NFC (Near Field Communication), SD card Communication according to the standard, Bluetooth (registered trademark), Bluetooth Low Energy (registered trademark), wired LAN (Local Area Network), wireless LAN, TransferJET (registered trademark), etc. can be considered as wired or wireless communication.

  The communication interface between the biometric information acquisition device 2 for user and the IC card 1 for user and the communication interface between the biometric information acquisition device 9 for administrator and the IC card 8 for administrator are, for example, international standard communication of contact IC card Communication method according to ISO 7816 which is a communication method, ISO 14443 which is an international standard communication method of a contactless IC card, FeliCa, NFC, USB, communication according to the SD card standard, Bluetooth, Bluetooth Low Energy, wired LAN, wireless LAN, TransferJET, etc. It is conceivable that this is wireless communication.

  The communication interface between each of the information terminal 3, the certificate server 4, and the verification server 5 is, for example, LTE (registered trademark) (Long Term Evolution), 3G (3rd Generation), WiMAX (registered trademark) Wireless communication such as (Worldwide Interoperability for Microwave Access), wireless LAN and Wide Area Network (WAN), or wired communication such as wired LAN, the Internet, and communication using a dedicated line can be considered.

  Each of these communications may be a separate communication network or the same network.

  As shown in FIG. 2, the user IC card 1 includes a control unit 10, a storage unit 11, a volatile storage unit 12, a power supply unit 13, a communication unit 14, and an encryption processing unit 19. These are bus lines. It is wired by etc. Although FIG. 2 shows that each module is physically connected to another module in the user IC card 1, it is not necessary to be connected by a bus line, and other methods may be used. May be electrically connected, or only necessary modules may be connected to each other.

  The control unit 10 includes a central processing unit (CPU), a micro processing unit (MPU), a digital signal processor (DSP), and the like, and executes a predetermined operation control program stored in the storage unit 11 or the like. Thus, the overall operation of the user IC card 1 is controlled.

  The storage unit 11 is constituted by a semiconductor memory or the like built in the user IC card 1 and stores various types of information. The storage unit 11 is formed of, for example, an EEPROM (Electrically Erasable / Programmable Read Only Memory), a flash memory, or the like, and the stored content is held even when no power is supplied from the power supply unit 13. Alternatively, it may be configured of a magnetic disk or the like. The storage unit 11 stores, for example, an operation control program executed by the control unit 10, data necessary for processing, and the like. The components included in the storage unit 11 will be described in detail later.

  The volatile storage unit 12 includes a semiconductor memory or the like built in the user IC card 1 and stores various types of information. The volatile storage unit 12 includes, for example, a RAM (Rndom Access Memory), and the stored contents are discarded when the power supply from the power supply unit 13 is lost. The volatile storage unit 12 stores, for example, data temporarily necessary for processing. The components included in the volatile storage unit 12 will be described in detail later.

  The power supply unit 13 includes a power supply terminal or antenna for acquiring power from the outside, a power supply circuit, and the like, and supplies power to each unit of the user IC card 1. The power supply unit 13 may include a battery, an AC adapter, a charging circuit, and the like. Although not described in FIG. 2, the IC card 1 for user may receive power supply from the biometric information acquisition device 2 for user or the information terminal 3 by the power supply unit 13, and in that case also via the communication unit 14. Good.

  The communication unit 14 is a function for the IC card 1 for user to communicate with the biometric information acquisition device 2 for user and the information terminal 3, and is an international standard communication method of contact IC card ISO 7816, international of contactless IC card It can be considered that the module realizes a communication method according to the standard communication method ISO14443, FeliCa, NFC, SD card standard, Bluetooth, Bluetooth Low Energy, USB, wired LAN, wireless LAN, TransferJET, and the like. When the IC card 1 for user is an embedded module of the biometric information acquisition device 2 for user, the communication unit 14 may be connected to the biometric information acquisition device 2 for user on the substrate. When the biometric information acquisition device 2 for user and the IC card 1 for user are integrated, and the function equivalent to the IC card 1 for user is the secret information protection mechanism of the biometric information acquisition device 2 for user, the user biometric There is no problem even if it is considered that the predetermined API to the secret information protection mechanism included in the information acquisition device 2 is the communication unit 14. A plurality of communication units 14 may exist in the user IC card 1 according to the communication method.

  In the case of wireless communication, the communication function of the communication unit 14 may include an antenna, a modulation / demodulation circuit, and the like. In the case of wired communication, a connector, a modulation / demodulation circuit, and the like may be included. The communication unit 14 may be configured to correspond to a plurality of communication methods.

  The encryption processing unit 15 is configured of a remainder multiplication coprocessor, an encryption accelerator, etc., and performs public key encryption processing such as RSA encryption and elliptic curve encryption and common key encryption processing such as AES (Advanced Encryption Standard) and DES (Data Encryption Standard). This is an apparatus for performing at a higher speed than the control unit. A plurality of encryption processing units 15 may exist in the user IC card 1 according to the encryption to be processed.

  As shown in FIG. 2, the user biometric information acquisition device 2 includes a control unit 20, a storage unit 21, a power supply unit 23, an information terminal communication unit 24, an IC card communication unit 27, and a biological information acquisition unit 28. These are connected by bus lines or the like. Although not shown in the drawings, other functions may be provided. For example, a volatile storage unit or a cryptographic operation unit may be provided. Although each module is physically connected to another module in the user biometric information acquisition apparatus 2 in the figure, the modules need not necessarily be connected by a bus line, and other modules are not necessarily connected. It may be electrically connected by a method, or only necessary modules may be connected to each other. Also, those in separate housings may be electrically combined.

  The control unit 20 includes a CPU, an MPU, a DSP, and the like, and executes a predetermined operation control program stored in the storage unit 21 or the like to control the entire operation of the user biometric information acquisition device 2. .

  The storage unit 21 includes a memory built in the user biometric information acquisition apparatus 2 or a removable external memory and the like, and stores various types of information. For example, an operation control program to be executed by the control unit 22 is stored.

  The storage unit 21 includes control software 210 as an example. The control software 210 is a program for controlling the biometric information acquisition apparatus 2 for user, which is an input from the biometric information acquisition unit 28, a communication from the information terminal communication unit 24, a communication from the IC card communication unit 27, or Execute a series of processing to start execution by a predetermined timer or other interrupt processing. Further, the control software 210 may be a complex one in which a plurality of software cooperates. In the following description, when the user biometric information acquisition apparatus 2 or the control software 210 executes a process without any notice, the control unit 20 physically executes the execution program of the control software 210. It shall be shown that.

  The power supply unit 23 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the biological information acquisition apparatus 2 and charges the battery. The power supply unit 23 may supply power to the user IC card 1, and may use the IC card communication unit 27 at that time.

  The information terminal communication unit 24 is a function for the user biometric information acquisition device 2 to communicate with the information terminal 3 and the like, and is an international standard communication method of USB, contact IC card ISO 7816, international standard of contactless IC card It is conceivable that the module realizes a communication method such as communication according to the communication method ISO 14443, FeliCa, NFC, SD card standard, Bluetooth, Bluetooth Low Energy, wired LAN, wireless LAN, TransferJET, and the like. When the user biometric information acquisition device 2 is an embedded module of the information terminal 3, the information terminal communication unit 24 may be connected to the information terminal 3 on a substrate. A plurality of information terminal communication units 24 may exist in the user biometric information acquisition device 2 according to the communication method.

  The IC card communication unit 27 is a function for the user biometric information acquisition device 2 to communicate with the user IC card 1 etc. The ISO 7816, which is the international standard communication method of the contact IC card, the international standard communication of the contactless IC card It is conceivable that the module realizes a communication method according to ISO14443, FeliCa, NFC, SD card standard which is a method, Bluetooth, Bluetooth Low Energy, USB, wired LAN, wireless LAN, TransferJET or the like. When the IC card 1 for user is an embedded module of the biometric information acquisition device 2 for user, the IC card communication unit 27 may be connected to the biometric information acquisition device 2 for user on the substrate. Alternatively, if the biometric information acquisition device 2 for user and the IC card 1 for user are integrated and the function corresponding to the IC card 1 for user is the secret information protection mechanism of the biometric information acquisition device 2 for user, for user Even if it is considered that the predetermined API to the secret information protection mechanism included in the biometric information acquisition device 2 is the IC card communication unit 27, there is no problem at all. A plurality of IC card communication units 27 may exist in the user biometric information acquisition device 2 according to the communication method.

  The biometric information acquisition unit 28 includes a device for acquiring one or more pieces of biometric information such as veins, fingerprints, palms, irises, voices, faces, etc. as images or voice signals or data from which features are extracted from them. Input to the control unit 20. The biological information acquisition unit 28 may start an operation of acquiring data by detecting the presence of a living body, or may start an operation of acquiring data triggered by an input from the information terminal communication unit 24. A plurality of biometric information acquisition units 28 may exist in the user biometric information acquisition device 2.

  The information terminal 3 includes a control unit 30, a storage unit 31, a volatile storage unit 32, a power supply unit 33, a server communication unit 34, a display unit 35, an input unit 36, and a communication unit 37, as shown in FIG. , These are connected by bus lines and the like. Although each module is shown as physically connected to another module in the information terminal 3 in the figure, it is not necessary to be connected by a bus line, and it is not necessary to electrically connect in other methods. May be connected to each other, or only necessary modules may be connected to each other. Also, those in separate housings may be electrically combined.

  The control unit 30 includes a CPU, an MPU, a DSP, and the like, and controls the entire operation of the information terminal 3 by executing a predetermined operation control program.

  The storage unit 31 includes a memory built in the information terminal 3 or a removable external memory and the like, and stores various types of information. The storage unit 31 is composed of, for example, an EEPROM, a flash memory, a magnetic disk, etc., and the stored contents are held even in a state where the power supply unit 33 does not supply power. The storage unit 31 stores, for example, an operation control program executed by the control unit 30, data required for processing, and the like. The components included in the storage unit 31 will be described in detail later.

  The volatile storage unit 32 is constituted by a semiconductor memory or the like built in the information terminal 3 and stores various types of information. The volatile storage unit 32 is configured of, for example, a RAM memory, and the stored content is discarded when the power supply from the power supply unit 33 is lost. The volatile storage unit 32 stores, for example, data temporarily necessary for processing. The components included in the volatile storage unit 32 will be described in detail later.

  The power supply unit 33 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the information terminal 3 and charges the battery. It is also conceivable to perform state confirmation such as whether the information terminal 3 is battery-powered or AC adapter-driven, and battery residual amount confirmation. Although not shown in the figure, the information terminal 3 is powered by the power supply unit 33 to the user biometric information acquisition device 2 or the user IC card 1, or the administrator biometric information acquisition device 9 or the administrator IC card 8. It may be supplied and may be via the communication unit 37 at that time.

  The server communication unit 34 is a function for the information terminal 3 to communicate with the certificate server 4, the verification server 5, etc., and is wireless communication such as LTE, 3G, WiMAX, wireless LAN and WAN, or wired LAN, the Internet, A module for performing communication using a dedicated line can be considered. A plurality of server communication units 34 may exist in the information terminal 3 according to the communication method or the like. It may be shared with other modules that implement communication. The server communication unit 34 may include an antenna, a modulation / demodulation circuit, and the like in the case of wireless communication. In the case of wired communication, a connector, a modulation / demodulation circuit, and the like may be included. The server communication unit 34 may be configured to support a plurality of communication methods.

  The display unit 35 includes a panel such as a liquid crystal display, an organic EL display, and electronic paper, a driver circuit, and the like, and under the control of the control unit 30, any information (for example, characters, still images, moving images, etc.) indicate. The display unit 35 may have a plurality of display devices capable of displaying different pieces of information.

  The input unit 36 includes one or more of a touch panel, a button, a keyboard, a mouse, a cursor key, a ten key, and the like, receives an operation of the user, and inputs an input signal based on the operation to the control unit 30. As in the case of a touch panel, the display unit 35 and the input unit 36 may be integrated. Further, an input signal may be generated by voice recognition, image recognition, gesture recognition or the like and may be input to the control unit 30.

  The communication unit 37 is a function for the information terminal 3 to communicate with the user biometric information acquisition device 2 and the administrator biometric information acquisition device 9 or the user IC card 1 and the administrator IC card 8. Yes, USB, ISO 7816, an international standard communication system for contact IC cards, ISO 14443, an international standard communication system for contactless IC cards, FeliCa, NFC, communication according to the SD card standard, Bluetooth, Bluetooth Low Energy, wired LAN, It is conceivable that the module realizes a communication method such as a wireless LAN or TransferJET. If the target to be communicated is the embedded module of the information terminal 3, the communication unit 37 may be wired on the substrate to the target to be communicated. A plurality of communication units 37 may exist in the information terminal 3 according to the communication method.

  The certificate server 4 includes a control unit 40, a storage unit 41, a power supply unit 43, a communication unit 44, a certificate storage unit 45, and an administrator approval information storage unit 46, as shown in FIG. It is connected by a wire etc. Although not shown in the drawings, other functions may be provided. For example, a volatile storage unit or an encryption operation unit may be provided. Although each module is shown as physically connected to another module in the certificate server 4 in the figure, it is not necessary to be connected by a bus line, and it is not necessary to use electricity in other methods. It may be connected to each other, or only necessary modules may be connected to each other. Also, those in separate housings may be electrically combined.

  The control unit 40 includes a CPU, an MPU, a DSP, and the like, and executes a predetermined operation control program stored in the storage unit 41 or the like to control the overall operation of the certificate server 4.

  The storage unit 41 includes a memory built in the certificate server 4 or a removable external memory and the like, and stores various types of information. For example, an operation control program executed by the control unit 40 is stored. The storage unit 41 has control software 410. The control software 410 is a program that is triggered by the start of communication from the information terminal 3 or the verification server 5 or a series of programs that is started by a predetermined timer or other interrupt processing. The control software 410 may be a complex one in which a plurality of software cooperates. In the following description, when the certificate server 4 or the control software 410 executes a process without any notice, it indicates that the control unit 40 executes the execution program of the control software 410 physically. It shall be.

  The power supply unit 43 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the certificate server 4 and charges the battery. It is also conceivable to perform state confirmation such as whether the certificate server 4 is battery-powered or AC adapter-driven, and battery residual quantity confirmation.

  The communication unit 44 is a function for the certificate server 4 to communicate with the information terminal 3, the verification server 5, etc., and is wireless communication such as LTE, 3G, WiMAX, wireless LAN and WAN, or wired LAN, the Internet, or the like. A module for performing communication using a line can be considered. A plurality of communication units 44 may exist in the certificate server 4 according to the communication method or the like.

  In the case of wireless communication, the communication function of the communication unit 44 may include an antenna, a modulation / demodulation circuit, and the like. In the case of wired communication, a connector, a modulation / demodulation circuit, and the like may be included. The communication unit 44 may be configured to correspond to a plurality of communication methods.

  The certificate storage unit 45 is a functional element for storing user certificates individually associated with a plurality of users. The user certificate is X. Based on the format such as 509, the CA certificate, the user's public key certificate, the user's private key for signature, etc. are stored in association with the user's ID or the like. It is conceivable that the certificate storage unit 45 is a means for holding data such as a table for storing predetermined information, a database, a hash structure, or KVS (Key Value Store). The certificate storage unit 45 may be the same as the storage unit 41 or other components.

  The manager approval information storage unit 46 is a functional element for storing manager approval information individually associated with a plurality of users. The manager approval information is information indicating that the user has received approval of a predetermined manager when registering his / her biometric information in the user IC card 1. The manager approval information is stored in association with the user's ID, the manager's ID, an identifier indicating whether the registration has been approved or not, and a digital signature for assuring the correctness of the user. The administrator approval information is guaranteed by the electronic signature of the administrator or the electronic signature of the user who has registered the biometric information upon approval of the administrator. The administrator approval information storage unit 46 is considered to be a means for storing data such as a table for storing predetermined information, a database, a hash structure, or KVS. The administrator approval information storage unit 46 may be the same as the storage unit 41 or other components.

  As shown in FIG. 3, the verification server 5 includes a control unit 50, a storage unit 51, a power supply unit 53, and a communication unit 54, which are connected by a bus line or the like. Although not shown in the drawings, other functions may be provided. For example, a volatile storage unit or a cryptographic operation unit may be provided. Although each module is shown as physically connected to another module in the verification server 5 in the figure, it is not necessary to be connected by a bus line, and it is not necessary to electrically connect in other methods. May be connected to each other, or only necessary modules may be connected to each other. Also, those in separate housings may be electrically combined.

  The control unit 50 includes a CPU, an MPU, a DSP, and the like, and executes a predetermined operation control program stored in the storage unit 51 or the like to control the entire operation of the verification server 5.

  The storage unit 51 includes a memory built in the verification server 5, or a removable external memory, and stores various types of information. For example, an operation control program executed by the control unit 50 is stored.

  The storage unit 51 includes, for example, control software 510, a user signature storage unit 511, an administrator approval information storage unit 512, a user certificate storage unit 513, a document storage unit 514, and a document reliability degree 515. The storage unit 51 may include other information.

  The control software 510 is a program that is executed triggered by the start of communication from the information terminal 3 or the certificate server 4 or a series of programs started to be executed by a predetermined timer or other interrupt processing. The control software 510 may be a complex one in which a plurality of software cooperates. In the following description, it is indicated that the control unit 50 physically executes the execution program of the control software 510 when the verification server 5 or the control software 510 describes the execution of the process without any notice. It shall be.

  The user signature storage unit 511 stores the user signature verified by the verification server 5. It is conceivable that the user signature is, for example, signed against a hash value or the like of the document with a PKI-based user-specific private key in order to indicate the correctness of the user's document or the like. The signature is considered to be created, for example, based on the PKCS # 1 specification.

  The manager approval information storage unit 512 stores manager approval information indicating that a predetermined manager's approval has been received when the user registers biometric information in the user IC card 1. The manager approval information is associated with a user ID, a manager ID, an identifier indicating whether the registration has been approved or not, and a digital signature for assuring correctness of the user. The manager's approval information is guaranteed its correctness by the manager's electronic signature or the electronic signature of the user who has registered the biometric information after approval by the manager.

  The user certificate storage unit 513 stores a user signature for a document or a user certificate for verifying administrator approval information signed by a user who has registered biometric information after approval by the administrator. The user certificate is, for example, X.I. It may be a PKI client certificate based on 509. Although not shown in the figure, if the administrator approval information is signed by the administrator, the corresponding administrator's certificate is stored in the storage unit 51.

  The document storage unit 514 stores a user's document. The correctness of the user's document is guaranteed by the user signature stored in the user signature storage unit 511. The document may be a document file, a file created by a predetermined application, or other electronic information.

  The document credibility 514 is information indicating how much the correctness of a given document should be trusted as an authentication system, and is generated through verification processing of a user signature and administrator approval information by the verification server 5. An example of the document reliability 514 will be described later with reference to FIG.

  The power supply unit 53 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the verification server 5 and charges the battery. It is also conceivable to confirm the state as to whether the verification server 5 is battery-powered or AC adapter-powered, and to check the remaining amount of the battery.

  The communication unit 54 is a function for the verification server 5 to communicate with the information terminal 3 and the certificate server 4 and the like, and is wireless communication such as LTE, 3G, WiMAX, wireless LAN and WAN, or wired LAN, the Internet, or the like. A module for performing communication using a line can be considered. A plurality of communication units 54 may exist in the verification server 5 according to the communication method and the like.

  In the case of wireless communication, the communication function of the communication unit 54 may include an antenna, a modulation / demodulation circuit, and the like. In the case of wired communication, a connector, a modulation / demodulation circuit, and the like may be included. The communication unit 54 may be configured to correspond to a plurality of communication methods.

  As shown in FIG. 4, the administrator IC card 8 includes a control unit 80, a storage unit 81, a volatile storage unit 82, a power supply unit 83, a communication unit 84, and an encryption processing unit 89, which are bus It is connected by a wire etc. Although FIG. 4 shows that each module is physically connected to another module inside the IC card for administrator 8, it is not necessary to be connected by a bus line, and other modules may not be connected. It may be electrically connected by a method, or only necessary modules may be connected to each other.

  The control unit 80 includes a CPU, an MPU, a DSP, and the like, and executes a predetermined operation control program stored in the storage unit 81 or the like to control the entire operation of the administrator IC card 8.

  The storage unit 81 is constituted by a semiconductor memory or the like built in the administrator IC card 8 and stores various types of information. The storage unit 81 includes, for example, an EEPROM, a flash memory, and the like, and the stored content is held even in a state where the power supply unit 83 does not supply power. Alternatively, it may be configured of a magnetic disk or the like. The storage unit 81 stores, for example, an operation control program executed by the control unit 80, data required for processing, and the like. The components included in the storage unit 81 will be described in detail later.

  The volatile storage unit 82 is constituted by a semiconductor memory or the like built in the administrator IC card 8 and stores various types of information. The volatile storage unit 82 is configured of, for example, a RAM memory or the like, and the stored content is discarded when the power supply from the power supply unit 83 is lost. The volatile storage unit 82 stores, for example, data temporarily necessary for processing. The components included in the volatile storage unit 82 will be described in detail later.

  The power supply unit 83 includes a power supply terminal or antenna for acquiring power from the outside, a power supply circuit, and the like, and supplies power to each unit of the administrator IC card 8. Alternatively, a battery, an AC adapter, a charging circuit or the like may be provided. Although not described in FIG. 4, the IC card 8 for administrator may receive power supply from the biometric information acquisition device 9 for administrator or the information terminal 3 by the power supply unit 83, and in that case, via the communication unit 84. May be

  The communication unit 84 is a function for the administrator IC card 8 to communicate with the administrator biometric information acquisition device 9 and the information terminal 3, and is an international standard communication system for contact IC cards, ISO 7816, and contactless IC card. It can be considered that it is a module that realizes communication methods such as communication according to ISO14443, FeliCa, NFC, and SD card standards, which are international standard communication methods, Bluetooth, Bluetooth Low Energy, USB, wired LAN, wireless LAN, TransferJET, etc. . When the IC card 8 for administrator is an embedded module of the biometric information acquiring device 9 for administrator, the communication unit 84 may be connected to the biometric information acquiring device 9 for administrator on the substrate. Alternatively, when the administrator biometric data acquisition device 9 and the administrator IC card 8 are integrated, and the function corresponding to the administrator IC card 8 is the secret information protection mechanism of the administrator biometric data acquisition device 9 There is no problem even if it is considered that the predetermined API to the secret information protection mechanism provided in the administrator biometric information acquisition device 9 is the communication unit 84. A plurality of communication units 84 may exist in the administrator IC card 8 according to the communication method.

  In the case of wireless communication, the communication function of the communication unit 84 may include an antenna, a modulation / demodulation circuit, and the like. In the case of wired communication, a connector, a modulation / demodulation circuit, and the like may be included. The communication unit 84 may be configured to correspond to a plurality of communication methods.

  The cryptographic processing unit 85 includes a modular multiplication coprocessor, a cryptographic accelerator, and the like, and executes public key cryptographic processing such as RSA encryption and elliptic curve cryptography, and common key cryptographic processing such as AES and DES more quickly than in the control section. A device to A plurality of encryption processing units 85 may exist in the administrator IC card 8 according to the encryption to be processed.

  As shown in FIG. 4, the administrator's biological information acquisition apparatus 9 includes a control unit 90, a storage unit 91, a power supply unit 93, an information terminal communication unit 94, an IC card communication unit 97, and a biological information acquisition unit 98. , These are connected by bus lines and the like. Although not shown in the drawings, other functions may be provided. For example, a volatile storage unit or an encryption operation unit may be provided. In the figure, each module is illustrated as physically connected to another module in the administrator's biometric information acquisition device 9, but it is not necessary to be connected by a bus line, and the other It may be electrically connected by the method of (1), or only the required modules may be mutually connected. Also, those in separate housings may be electrically combined.

  The control unit 90 includes a CPU, an MPU, a DSP, and the like, and executes a predetermined operation control program stored in the storage unit 91 or the like to control the entire operation of the administrator biometric information acquisition apparatus 9 Do.

  The storage unit 91 is configured of a memory incorporated in the administrator's biometric information acquisition device 9 or a removable external memory or the like, and stores various types of information. For example, an operation control program to be executed by the control unit 92 is stored.

  The storage unit 91 includes control software 910 as an example. The control software 910 is a program for controlling the administrator's biometric information acquisition apparatus 9, and includes an input from the biometric information acquisition unit 98, a communication from the information terminal communication unit 94, a communication from the IC card communication unit 97, Alternatively, it is a program that starts execution by a predetermined timer or other interrupt processing. The control software 910 may be a complex one in which a plurality of software cooperates. In the following description, the controller 90 physically executes the execution program of the control software 910 when the administrator's biometric information acquisition device 9 or the control software 910 performs a process without particular notice. It indicates that it is

  The power supply unit 93 includes a battery, an AC adapter, a charging circuit, and the like, and supplies power to each unit of the biological information acquisition apparatus 9 and charges the battery. The power supply unit 93 may supply power to the administrator IC card 8, and may use the IC card communication unit 97 at that time.

  The information terminal communication unit 94 is a function for the administrator's biometric information acquisition device 9 to communicate with the information terminal 3 etc. The USB, ISO 7816, which is an international standard communication system for contact IC cards, and international contactless IC cards It can be considered that the module realizes a communication method such as communication conforming to the standard communication method ISO 14443, FeliCa, NFC, SD card standard, Bluetooth, Bluetooth Low Energy, wired LAN, wireless LAN, TransferJET, and the like. When the administrator's biometric information acquisition device 9 is an embedded module of the information terminal 3, the information terminal communication unit 94 may be connected to the information terminal 3 on a substrate. A plurality of information terminal communication units 94 may exist in the administrator biometric information acquisition apparatus 9 according to the communication method.

  The IC card communication unit 97 is a function for the administrator biometric information acquisition device 9 to communicate with the administrator IC card 8 etc. The ISO 7816, which is the international standard communication method of the contact IC card, the international of the contactless IC card It can be considered that the module realizes a communication method according to the standard communication method ISO14443, FeliCa, NFC, SD card standard, Bluetooth, Bluetooth Low Energy, USB, wired LAN, wireless LAN, TransferJET, and the like. When the IC card 8 for administrator is an embedded module of the biometric information acquisition device 9 for administrator, the IC card communication unit 97 may be connected to the biometric information acquisition device 9 for administrator on the board. . Alternatively, when the administrator biometric data acquisition device 9 and the administrator IC card 8 are integrated, and the function corresponding to the administrator IC card 8 is the secret information protection mechanism of the administrator biometric data acquisition device 9 There is no problem even if it is considered that the predetermined API to the secret information protection mechanism provided in the administrator's biometric information acquisition device 9 is the IC card communication unit 97. A plurality of IC card communication units 97 may exist in the administrator biometric information acquisition apparatus 9 according to the communication method.

  The biometric information acquisition unit 98 includes an apparatus for acquiring one or more pieces of biometric information such as veins, fingerprints, palms, irises, voices, faces, etc. as images or voice signals, or data in which features are extracted from them. Input to the control unit 90. The biological information acquisition unit 98 may start an operation of acquiring data by detecting the presence of a living body, or may start an operation of acquiring data triggered by an input from the information terminal communication unit 94. A plurality of biometric information acquisition units 98 may exist in the administrator biometric information acquisition device 9.

  Next, data held by the information terminal 3, the user IC card 1, and the administrator IC card 8 will be described with reference to FIG.

  FIG. 5 is a view showing data held by the information terminal 3, the user IC card 1, and the administrator IC card 8. As shown in FIG.

  In FIG. 5, data held by the storage unit 31 and the volatile storage unit 32 of the information terminal 3, the storage unit 11 of the IC card 1 for user, the storage unit 81 of the IC card 8 for administrator and the volatile storage unit 82 It is shown.

  The storage unit 31 of the information terminal 3 includes control software 310, as shown in FIG. The control software 310 is a program for controlling the information terminal 3 and may be input by the input unit 36, communication from the communication unit 37, communication from the server communication unit 34, or a predetermined timer or other interrupt processing. It is a program that starts execution. The control software 310 may be a complex one in which a plurality of software cooperates. In the following description, when the information terminal 3 or the control software 310 is described to execute processing without any notice, it is physically shown that the control unit 30 executes the execution program of the control software 310. It shall be.

  The volatile storage unit 32 of the information terminal 3 includes a manager approval information storage unit 323 as shown in FIG. The manager approval information storage unit 323 stores manager approval information. The manager approval information stored in the manager approval information storage unit 323 is managed by the internal processing of the IC card 8 for manager with respect to the information indicating that the manager has approved the user to register the biometric information. Signed by the person's private key. The manager approval information 8130 described later corresponds to this.

  The storage unit 11 of the IC card 1 for user, as shown in FIG. 5, includes control software 110, user ID 111, user biometric template storage unit 112, administrator approval information storage unit 113, user certificate storage unit 114, user signature The generated key 115 is provided.

  The control software 110 is a program for controlling the user IC card 1 and is a program that starts execution by communication from the communication unit 14 or a predetermined timer or other interrupt processing. The control software 110 may be a complex one in which a plurality of software cooperates. In the following description, when the user IC card 1 or the control software 110 describes the execution of the process without any notice, the control unit 10 physically executes the execution program of the control software 110. It shall be shown.

  The user ID 111 is an ID that can uniquely identify a user as an authentication system. The user ID 111 may be stored in advance in the storage unit 11 or may be determined dynamically when the user registers biometric information.

  The user biometric template storage unit 112 stores a biometric template used for biometric authentication of the user. The living body template is based on the living body information acquired by the living body information acquiring device 2 for user, and it is given from the outside of the user IC card 1 or from outside the user IC card 1 in the registration process of living body information. It is conceivable to generate given information by performing predetermined processing inside the user IC card 1.

  The administrator approval information storage unit 113 stores administrator approval information 1130, which is information indicating that the user has received approval of a predetermined administrator, when the user registers his / her biometric information in the user IC card 1. . The manager approval information 1130 includes a user ID storage unit 1131, a manager ID storage unit 1132, a registration approval state identifier 1133, and a manager signature storage unit 1134.

  The user ID 111 is stored in the user ID storage unit 1131. The user ID 111 may be stored in advance, or may be stored when it becomes necessary in the processing described later.

  The administrator ID storage unit 1132 stores an administrator ID that is an ID that can uniquely identify an administrator as an authentication system.

  The registration approval information identifier 1133 is information indicating whether or not approval has been received from the administrator, and as an example, it can be considered to take two values indicating approval or non-approval. Or you may take other values. For example, it may be a value indicating denial or a value indicating unknown.

  The administrator signature storage unit 1134 stores a signature for assuring the correctness of the information included in the administrator approval information 1130. The signature may be the signature of the administrator or the signature of the user who has registered the biometric information upon approval of the administrator. If it is the latter, it is conceivable that the signature is generated by the user signature generation key 115. The signature is considered to be created based on, for example, the PKCS # 1 specification.

  The user certificate storage unit 114 stores a user certificate for verifying a user signature generated for a document of the user. The user certificate is, for example, X.I. It can be considered to be a PKI public key certificate based on 509. The user certificate is issued by the certificate server 4 and stored in the user IC card 1 through the communication unit 14 through the other components of the authentication system. Although described later with reference to a flowchart, it is assumed that the storage of the user certificate can not be performed unless approval by the administrator is performed.

  The user signature generation key storage unit 115 stores a user signature generation key for generating a user signature for the document of the user. The user signature generation key is considered to be, for example, a secret key in PKI, and is paired with a user certificate stored in the user certificate storage unit 114. The user signature generation key is generated by the certificate server 4 and stored in the user IC card 1 through the communication unit 14 through the other components of the authentication system. Although described later with reference to the flowchart, it is assumed that storage of the user signature generation key can not be performed unless approval by the administrator is performed.

  The storage unit 81 of the IC card 8 for administrator is, as shown in FIG. 5, a control software 810, an administrator ID 811, an administrator biometric template storage unit 812, an administrator certificate storage unit 814, and an administrator signature generation key 815. Equipped with

  The control software 810 is a program for controlling the administrator IC card 8 and is a program that starts execution by communication from the communication unit 84 or a predetermined timer or other interrupt processing. The control software 810 may be a complex one in which a plurality of software cooperates. Note that, in the present example, when the administrator IC card 8 or the control software 810 describes the execution of the process without any notice, physically, the control unit 80 executes the execution program of the control software 810. It shall be.

  The administrator ID 811 is an ID that can uniquely identify an administrator as an authentication system. It may be stored in advance in the storage unit 81, or may be determined dynamically when the administrator registers biometric information.

  The administrator biometric template storage unit 812 stores a biometric template for biometric authentication used for identification of the administrator. The biometric template is based on the biometric information acquired by the administrator biometric information acquisition device 9, and is provided from the outside of the administrator IC card 8 or information provided from the outside of the administrator IC card 8. Can be generated by performing predetermined processing inside the administrator IC card 8. The registration of the administrator biometric template needs to be performed prior to the series of processing.

  The administrator certificate storage unit 814 stores an administrator certificate for verifying an administrator signature generated as needed. The administrator certificate is, by way of example, X. It can be considered to be a PKI public key certificate based on 509. The administrator certificate is issued by the certificate server 4 and stored in the administrator IC card 8 through the communication unit 84 through the other components of the authentication system. The administrator certificate storage needs to be implemented prior to the series of processing.

  The administrator signature generation key storage unit 815 stores an administrator signature generation key for generating an administrator signature as necessary. As an example, the administrator signature generation key is considered to be a secret key in PKI, and is paired with the administrator certificate stored in the administrator certificate storage unit 814. The administrator signature generation key is generated by the certificate server 4 and stored in the administrator IC card 8 through the communication unit 84 through the other components of the authentication system. Storage of the administrator signature generation key needs to be performed prior to the series of processes described later.

  As shown in FIG. 5, the volatile storage unit 82 of the IC card 8 for administrator is that the administrator has received approval of the administrator when the user registers biometric information in the IC card 1 for user. The manager approval information 8130, which is information for guaranteeing, is stored. The manager approval information 8130 includes a user ID storage unit 8131, a manager ID storage unit 8132, a registration approval state identifier 8133, and a manager signature storage unit 8134.

  The user ID storage unit 8131 stores a user ID that is an ID that can uniquely identify the user as an authentication system.

  The manager ID storage unit 8132 stores a manager ID 811. The administrator ID 811 may be stored in advance, or may be stored when needed in the process described later.

  The registration approval information identifier 8133 is information indicating whether or not the administrator has approved the user's biometric information registration, and can take two values indicating, for example, approved or not. Or you may take other values. For example, it may be a value indicating denial or a value indicating unknown.

  The administrator signature storage unit 8134 stores a signature for assuring the correctness of the information included in the administrator approval information 8130. The signature is an administrator's signature. It is conceivable that the signature is generated by the administrator signature generation key 815. The signature is considered to be created based on, for example, the PKCS # 1 specification.

  Next, processing of the authentication system according to the first embodiment of the present invention will be described using FIGS. 6 to 9.

  First, the process of registering the biometric information of the user and the user certificate in the user IC card 1 will be described with reference to FIG. FIG. 6 is a flowchart showing a process of registering the biometric information of the user and the user certificate in the user IC card 1 according to the first embodiment of the present invention.

  First, the user's biometric information and user certificate registration process is started with an input from the input unit 36 of the information terminal 3 as a trigger (S401). It is conceivable that the operation on the input unit 36 in S401 is an operation by a user or administrator who intends the registration start process. S401 may be the same process as S101 and S301.

  Subsequently, a manager approval process is performed (S402). Details of the manager approval process will be described later using FIG. When the administrator approval process is completed under the approval of the administrator, the information terminal 3 sends an instruction to acquire the user's biometric information to the user biometric information acquisition device 2 (S403).

  The user's biometric information acquisition device 2 having received this acquires the user's biometric information from the biometric information acquisition unit 28, and sends it to the user IC card 1 (S404).

  When the user IC card 1 receives this, it checks the registration approval status identifier 1133 (S405). At S405, confirmation of the administrator signature of the administrator signature storage unit 1134 may be performed. If the result of the check is not approved (S 405: NG), the information terminal 3 is notified of that and the information terminal 3 having received the error outputs an error from the display unit 35 or the like (S 406). If the collation is successful (S405: OK), the received biometric information is registered in the user biometric template storage unit 112 (S407), and the information terminal 3 is notified that the biometric information has been registered (S408).

  Subsequently, the information terminal 3 sends the manager approval information of the manager approval information storage unit 323 to the certificate server 4, and requests a user certificate (S409).

  The certificate server 4 having received this verifies the administrator signature included in the received administrator approval information using the administrator's public key certificate (S410), and when the verification fails (S410: NG), The information terminal 3 is notified of that fact, and the information terminal 3 having received the information outputs an error from the display unit 35 or the like (S411). If the verification is successful (S410: OK), the received administrator approval information is stored in the manager approval information storage unit 46 (S412), and a secret key as a user signature generation key and a public key as a pair are generated. A certificate is given to the public key by the signature generation key of the certificate authority to issue a user certificate, which is stored in the certificate storage unit 45, and the user certificate and the user signature generation key are sent to the information terminal 3 Send (S413). It should be noted that when sending to the information terminal 3 in S413, it may be sent via a global network such as the Internet, so the user signature generation key is encrypted by a predetermined method in order to enhance security. Is desirable.

  Subsequently, the information terminal 3 sends the received user certificate and user signature generation key to the IC card 1 for user (S414). Similar to S405, the user IC card 1 receives the check of the registration approval status identifier 1133 (S415), and when the result of the check is not approved (S415: NG), notifies the information terminal 3 to that effect. Then, the information terminal 3 having received this outputs an error through the display unit 35 or the like (S416). If the verification is successful (S 415: OK), the received user certificate is registered in the user certificate storage unit 114 and the user signature generation key is registered in the user signature generation key 115 (S 417).

  When the IC card 1 for user can verify the administrator approval information 1130 with the certificate of the user stored in S417, the user signature generation key 115 uses the signature of the information stored in the administrator approval information storage unit 113. It may be generated and stored in the administrator signature storage unit 1134 (S418). At this time, in the operation of the authentication system, it is desirable that the user signature generation key be present at most on the user IC card 1 except for the certificate server 4 in order to improve security. If the signature of the administrator approval information is verified by the administrator's public key, S418 may be skipped.

  Subsequently, the user IC card 1 notifies the information terminal 3 that the registration has been completed (S419). In response to this, the information terminal 3 deletes at least the user signature generation key from its own constituent elements (S420), and completes the registration process (S421). If the user IC card 1 is reset in S421, or if the administrator IC card 8 is present, predetermined post-processing such as resetting the IC card 1 may be performed.

  Further, in the example of the process shown in FIG. 6, there is no problem even if the order of the groups is reversed, the group of processes from S403 to S408 and the group of processes from S409 to S413. Furthermore, there is no problem even if the order of the groups is reversed, that is, the group of processes from S403 to S408 and the group of processes from S409 to S420.

  Next, a manager approval process when registering user biometric information according to the first embodiment of the present invention will be described using FIG. 7. FIG. 7 is a sequence diagram showing a manager approval process when registering user biometric information according to the first embodiment of the present invention. The manager approval process shown in FIG. 7 is the process of S402 in FIG.

  Hereinafter, the round trip of communication between the information terminal 3 and the user IC card 1 may be relayed by the biometric information acquisition device 2 for user, unless otherwise noted, and the information terminal 3 and the IC card for administrator It is assumed that the administrator's biometric information acquisition device 9 may relay the reciprocation of communication between 8.

  First, the manager approval process is started (S101). In the present embodiment, the subroutine of FIG. 6 is executed, but an input from the input unit 36 of the information terminal 3 may be used as a trigger. At that time, it is assumed that the operation on the input unit 36 in S101 is an operation by the administrator who intends to start the approval process.

  Receiving this, the information terminal 3 sends an instruction to start the process of authenticating the administrator to the administrator's biometric information acquisition device 9 (S102).

  The administrator's biometric information acquisition device 9 having received this acquires the administrator's biometric information from the biometric information acquisition unit 98, and sends it to the administrator's IC card 8 (S103).

  The administrator IC card 8 receives this, and executes a process of collating the administrator biometric template stored in the administrator biometric template storage unit 812 with the biometric information acquired in S103 (S104).

  If the verification fails (S104: NG), the information terminal 3 is notified of the failure and the information terminal 3 having received the error outputs an error from the display unit 35 or the like (S105). If the collation is successful (S104: OK), the information terminal 3 is notified that the collation is correctly completed (S106).

  Subsequently, the information terminal 3 requests the user IC card 1 for a user ID (S107). In response to this, the user IC card 1 sends out the user ID 111 (S108). S107 and S108 may not necessarily be performed when the information terminal 3 holds the user ID by the input from the input unit 36 or the like.

  Subsequently, the information terminal 3 determines whether the administrator approves it, and displays a screen for inputting the determination result from the input unit 36 on the display unit 35 (S109). If the input result is rejection (S109: rejection), the processing is ended (S110). At this time, predetermined post-processing such as resetting of the administrator IC card 8 may be performed. If the input result is an approval (S109: approval), subsequently, the user ID is sent to the administrator IC card 8 and the administrator approval information is requested (S111).

  The administrator IC card 8 stores the received user ID in the user ID storage unit 8131 (S112), and subsequently stores the administrator ID 811 in the administrator ID storage unit 8132 (S113). When the administrator ID 811 is stored in advance in the administrator ID storage unit 8132, S113 need not be performed.

  Subsequently, the IC card for administrator 8 sets the registration approval status identifier 8133 to a value indicating that approval has been made (S114).

  Subsequently, the IC card for administrator 8 generates a signature with the administrator signature generation key 815, and stores it in the administrator signature storage unit 8134 (S115). Since the manager approval information 8130 generated up to S115 is in the volatile storage unit 82, when the power supply of the IC card 8 for manager is stopped, the information included in the manager approval information 8130 is It is erased.

  Subsequently, the IC card for administrator 8 sends administrator approval information 8130 to the information terminal 3 (S116).

  The information terminal 3 having received this stores the manager approval information in the manager approval information storage unit 323 (S117). In addition, since the administrator approval information storage unit 323 stored in S117 is in the volatile storage unit 32, when the power supply of the information terminal 3 is stopped, the administrator approval information is erased.

  Subsequently, the information terminal 3 sends the administrator approval information to the user IC card 1 and issues an instruction to store the information (S118). At S118, the administrator certificate necessary for the user IC card 1 to verify the administrator approval information may be sent together. Although not shown in the figure, it is conceivable that the information terminal 3 acquires the administrator certificate from the certificate server 4.

  The IC card for user 1 having received the manager approval information confirms the manager signature included in the manager approval information (S119). The verification of the administrator signature uses, for example, an administrator certificate sent from the information terminal 3 together. Alternatively, the user IC card 1 may be held in advance in the storage unit 11 or the like.

  If the verification of the administrator's signature fails (S119: NG), that effect is notified to the information terminal 3, and the information terminal 3 that has received the notification outputs an error from the display unit 35 or the like (S120). If the verification is successful (S119: OK), the manager approval information is stored in the manager approval information storage unit 113 (S121), and the information terminal is notified of the completion (S122). The information terminal 3 having received this completes the administrator approval process (S123).

  Next, a process of the user according to the first embodiment of the present invention performing biometric authentication and generating a signature on a document will be described using FIG. FIG. 8 is a flowchart showing a process of the user according to the first embodiment of the present invention performing biometric authentication and generating a signature on a document.

  The biometric authentication and signature generation processing shown in FIG. 8 are performed after the user's biometric information and user certificate registration processing of FIG.

  First, biometric authentication and signature generation processing are started with an input from the input unit 36 of the information terminal 3 as a trigger (S501). It is conceivable that the operation on the input unit 36 in S501 is an operation by a user who intends to start signature generation processing.

  In response to this, the information terminal 3 sends an instruction to start the process of authenticating the administrator to the user biometric information acquisition device 2 (S502). The user's biometric information acquisition device 2 having received this acquires the user's biometric information from the biometric information acquisition unit 28, and sends it to the user IC card 1 (S503).

  The IC card 1 for user receives this, and carries out a process of collating the user biometric template stored in the user biometric template storage unit 112 with the biometric information acquired in S503 (S504). If the verification fails (S504: NG), the information terminal 3 is notified of the failure and the information terminal 3 having received the error outputs an error from the display unit 35 or the like (S505). If the collation is successful (S504: OK), the information terminal 3 is notified that the collation is correctly completed (S506).

  Subsequently, the information terminal 3 sends out the signature data of the document to which the user wants to attach a signature to the user IC card 1 (S507). The signature data may be, for example, a hash value of the document.

  The IC card for user 1 receiving the data for signature generates a user signature by the user signature generation key 115, and sends it to the information terminal 3 together with the administrator approval information 1130 (S508).

Subsequently, the information terminal 3 sends the document, the user signature acquired in S508, and the administrator approval information to the verification server 5 (S509). Generally, the delivery destination of the document is an arbitrary target whose predetermined signature can be verified and is not required to be the verification server 5, but it is assumed to be sent to the verification server 5 as an example. Receiving this, the verification server 5 stores the document in the document storage unit 514, the user signature in the user signature storage unit 511, and the manager approval information in the manager approval information storage unit 512. Thereafter, the information terminal 3 completes the process (S511)
Next, processing for obtaining the reliability of a document for the user's document in the verification server 5 according to the first embodiment of the present invention will be described using FIG. FIG. 9 is a flowchart showing processing for obtaining the reliability of a document for the user's document by the verification server 5 according to the first embodiment of the present invention.

  The process of obtaining the document reliability for the user's document in the verification server 5 is performed based on the verification of the user certificate and the administrator approval information. A specific example of the document reliability will be described later in detail with reference to FIG. The obtained document reliability can be used by the verification server 5 for any purpose, but in general, the subject that verifies the target document and its associated user certificate and administrator approval information , It is conceivable to use document credibility to achieve its purpose.

  The process of obtaining the document reliability shown in FIG. 9 is performed after signature generation in FIG. As an example, the process starts with an input from the information terminal 3 to the communication unit 54 of the verification server 5 as a trigger (S601).

  The verification server 5 sends the user ID included in the administrator approval information to the certificate server 4, and requests a user certificate (S602). The certificate server 4 having received this extracts the user certificate associated with the user ID from the certificate storage unit 45, and sends it to the verification server 5 (S603).

  The verification server 5 having received this verifies, for example, the legitimacy of the user certificate by the CA certificate, and stores the user certificate in the user certificate storage unit 513 (S604).

  Subsequently, the verification server 5 updates the document reliability 515 by verifying the user signature and the administrator approval information with the user certificate (S605). Although not shown in the figure, if the administrator approval information is signed by the administrator, for example, the administrator certificate may be acquired from the certificate server 4 and the signature verification may be performed by this. . Also, an example of how to determine the document reliability 515 will be described in detail later with reference to FIG. Thereafter, the verification server 5 completes the verification (S606).

  Thus, when registering biometric information of the user, by setting it as an authentication system that requires the approval of the administrator, it is possible to prevent impersonation registration and registration of forged fingers, and when verifying the electronic signature with respect to its approval history, etc. It is possible to enhance security by evaluating it as document reliability.

Second Embodiment
Hereinafter, a first embodiment according to the present invention will be described with reference to FIGS. 10 to 12.

  FIG. 10 is a configuration diagram showing an entire configuration of an authentication system according to a second embodiment of the present invention. FIG. 11 is a view showing an example of information held by the information terminal, the IC card for user, and the IC card for administrator according to the second embodiment of the present invention. FIG. 12 is a sequence diagram showing a manager approval process when registering user biometric information according to the second embodiment of the present invention.

  In the first embodiment, the approval of the administrator at the time of registration of the user biometric information is performed based on the administrator's biometric information. In this embodiment, the administrator inputs a password and compares it with the information stored in the IC card for administrator, thereby performing approval of the administrator at the time of registration of the user biometric information.

  As compared with the configuration of the first embodiment shown in FIG. 1, the authentication system of this embodiment has no administrator biometric information acquisition device 9 as shown in FIG. The access to the administrator IC card 8 is different.

  Further, as data held in the storage unit 81 of the IC card 8 for administrator, it is shown in FIG. 11 as compared to the data held in the storage unit 81 of the first embodiment shown in FIG. Thus, it differs in that the administrator biometric template storage unit 812 is not provided and the administrator password storage unit 812 b is provided. The administrator password storage unit 812b stores a password used for the identity verification of the administrator. The password may be stored in advance in storage unit 81 or may be given from the outside of administrator IC card 8. The registration of the administrator password needs to be performed prior to the password authentication process.

  Next, a manager approval process when registering user biometric information according to the second embodiment of the present invention will be described using FIG. The manager approval process shown in FIG. 12 is the process of S402 in FIG. 6 of the first embodiment.

  Here, differences from FIG. 12 of the first embodiment will be mainly described.

  Following the start of the flow in S101, the information terminal 3 outputs a screen prompting the administrator to enter a password using the display unit 35, receives a password entry from the input unit 36, and uses the entered password for the administrator It is sent to the IC card 8 (S201).

  The administrator IC card 8 having received this checks the administrator password 812b (S202). If the verification fails (S202: NG), the information terminal 3 is notified of the failure and the information terminal 3 having received the error outputs an error from the display unit 35 or the like (S203). If the collation is successful (S202: OK), the information terminal 3 is notified that the collation is correctly completed (S204).

Third Embodiment
Hereinafter, a third embodiment according to the present invention will be described with reference to FIGS. 13 to 15. FIG. 13 is a configuration diagram showing an entire configuration of an authentication system according to a third embodiment of the present invention. FIG. 14 is a view showing an example of information held by the information terminal and the user IC card according to the third embodiment of the present invention. FIG. 15 is a sequence diagram showing a manager approval process when registering user biometric information according to the third embodiment of the present invention.

  In the second embodiment, the administrator inputs the password and compares it with the information stored in the IC card for administrator, thereby performing approval of the administrator at the time of registration of the user biometric information. In this embodiment, when the administrator approves the registration of the user biometric information, the same password is used, but the information is compared with the information stored in the information processing terminal 3 instead of the information stored in the administrator IC card. It is

  As compared with the configuration of the first embodiment shown in FIG. 1, the authentication system of this embodiment has no administrator biometric information acquisition device 9 as shown in FIG. The access to the administrator IC card 8 is different.

  The authentication system of this embodiment is different from the configuration of the second embodiment shown in FIG. 10 in that there is no IC card 8 for administrator as shown in FIG.

  The information held by the information terminal according to the third embodiment of the present invention and the IC card for user is as shown in FIG. 14, but is different in comparison with the first embodiment and the second embodiment. I will focus on where I am.

  The storage unit 31 of the information terminal 3 includes control software 310 b, a manager password 312, and a signature generation key 315. The control software 310 b is different from the control software 310 of FIG. 5 of the first embodiment in the operation regarding the administrator approval process when registering the user biometric information.

  The administrator password 312 stores an administrator password used for the administrator's identity verification. The password may be stored in advance in the storage unit 31 or may be given from the outside of the information terminal 3. The registration of the administrator password needs to be performed prior to the password authentication process. A plurality of administrator passwords 312 may be held in association with the administrator's ID.

  The administrator signature generation key 315 is a signature generation key for generating an administrator signature for administrator approval information. As an example, the administrator signature generation key 315 can be considered to be a secret key in PKI. Further, although not shown, the storage unit 31 may hold an administrator certificate that is paired with the administrator signature generation key 315. The administrator signature generation key 31 is generated by the certificate server 4 and stored in the information terminal 3. The storage of the administrator signature generation key 31 needs to be performed prior to the administrator signature generation processing described later.

  The volatile storage unit 32 includes a manager approval information storage unit 323 b. The administrator approval information storage unit 323b stores administrator approval information 3230, which is information for the administrator to guarantee the approval of the administrator when the user registers biometric information in the IC card 1 for user. Store. The manager approval information 3230 includes a user ID storage unit 3231, a manager ID storage unit 3232, a registration approval state identifier 3233, and a manager signature storage unit 3234.

  The user ID storage unit 3231 stores a user ID that is an ID that can uniquely identify a user as an authentication system.

  The manager ID storage unit 3232 stores a manager ID. The administrator ID is an ID that can uniquely identify the administrator as an authentication system, and may be stored in advance, or may be input from the input unit 36 or the like.

  The registration approval information identifier 3233 is information indicating whether or not the administrator has approved the user's biometric information registration, and can take two values indicating, for example, approved or not. Or you may take other values. For example, it may be a value indicating denial or a value indicating unknown.

  The manager signature storage unit 3234 stores a signature for assuring the correctness of the information included in the manager approval information 3230. The signature is considered to be the signature of the administrator. It is conceivable that the signature is generated by the administrator signature generation key 315. The signature is considered to be created based on, for example, the PKCS # 1 specification.

  Next, a manager approval process when registering user biometric information of the present embodiment will be described using FIG.

  The manager approval process when registering the user biometric information of the present embodiment is started (S301). As in the second embodiment, the administrator approval process when registering user biometric information of the present embodiment is the user's biometric information and user certificate shown in FIG. 6 of the first embodiment as a user IC card. The process may be started as a trigger by an input from the input unit 36 of the information terminal 3.

  Subsequently, the information terminal 3 outputs a screen prompting the administrator to enter a password using the display unit 35, and receives the password input from the input unit 36 (S302). At S302, an administrator ID may be received. Subsequently, the input password and the administrator password 313 are collated (S303), and if the collation fails (S303: NG), the display unit 35 or the like outputs an error (S304). If the collation is successful (S303: OK), the display unit 35 or the like displays a screen requesting the input of the user ID, and the input unit 36 or the like receives the input of the user ID (S305). Subsequently, the information terminal 3 determines whether the administrator approves the biometric information of the user, and displays a screen for inputting the determination result from the input unit 36 on the display unit 35 (S306). If the input result is rejection (S306: rejection), the processing is ended (S307). At this time, predetermined post-processing such as erasing predetermined information in the volatile storage unit 32 of the information terminal 3 may be performed. If the input result is an approval (S306; approval), the user ID input in S305 is stored in the user ID storage unit 3231 (S308), and the administrator ID is stored in the administrator ID storage unit 3232 (S306) S309). The administrator ID may be input in S302, or may be stored in advance in the administrator ID storage unit 3232 before the process starts.

  Subsequently, the information terminal 3 sets the registration approval state identifier 3233 as a value indicating that approval has been made (S310).

  Subsequently, the information terminal 3 generates a signature with the administrator signature generation key 315 and stores it in the administrator signature storage unit 3234 (S311), and then transfers the process to S118 of FIG. The administrator approval information of the is registered (S312). In addition, since the manager approval information 3230 generated up to S311 is in the volatile storage unit 32, when the power supply of the information terminal 3 is stopped, the information included in the manager approval information 3230 is deleted. .

Embodiment 4
Hereinafter, a fourth embodiment according to the present invention will be described with reference to FIGS. 16 to 19.

  The feature of this embodiment is that it has a unique extension area in addition to the function of the user certificate added to the first embodiment.

  First, the user certificate C10 of this embodiment will be described with reference to FIG. FIG. 16 is a view showing an example of a user certificate C10 according to the fourth embodiment of the present invention. The user certificate C10 has the same property as the user certificate described in the other embodiments, and has a unique expansion area C11. It is assumed that the unique extension area C11 is a part of the data field of the user certificate C10. The unique extension area C11 includes a certificate type identifier C110, a user ID storage unit C111, an administrator ID storage unit C112, and a registration approval state identifier C113.

  The certificate type identifier C110 is information for identifying the type of certificate when there are multiple types of user certificates in the authentication system, and, for example, “to verify the electronic signature generated through biometric authentication It is conceivable to enter information identifying "is a certificate of

  In addition, it is considered that the user ID storage unit C111 is an area in which the ID of the user given the user certificate C10 is stored.

  The administrator ID storage unit C112 is considered to be an area in which the ID of the administrator who has given approval is stored at the time of biometric registration of the user and issuance of a certificate.

  The registration approval state identifier C113 is information indicating whether or not the administrator has approved the user's biometric information registration, and it can be considered to take a value such as approved or not, as an example. Other values may be taken. For example, it may be a value indicating denial or a value indicating unknown.

  The user certificate C10 is considered to be signed by the signature generation key of the certificate authority that issues the user certificate C10, including the unique extension area C11. Therefore, the legitimacy of the unique extension area C11 can be verified by the public key certificate of the certificate authority.

  Next, a process of registering the biometric information of the user and the user certificate in the user IC card 1 will be described with reference to FIG. FIG. 17 is a flowchart showing a process of registering the biometric information of the user and the user certificate in the user IC card 1 according to the fourth embodiment of the present invention.

  In the present embodiment, differences from the case of FIG. 6 of the first embodiment will be mainly described.

  S701 is a manager approval process, and is performed following S401.

  The manager approval process may be any of the processes according to FIG. 7 of the first embodiment, FIG. 12 of the second embodiment, and FIG. 15 of the third embodiment. In the process of the present embodiment, the processes of S118 to S122 included in any flow can be omitted. S118 to S122 are portions where administrator approval information is sent and stored in the IC card 1 for user, but since information corresponding to administrator approval information is included in the issued certificate, administrator approval At the time of processing, it does not have to be stored in the IC card 1 for user.

  Although S405 and S406 are present in FIG. 6 of the first embodiment, since the registration approval status identifier 1133 does not exist in the user IC card 1, the process is skipped and the biometric information is registered (S407). , S408).

  The processing of S409 to S412 is the same as that of FIG. 6, and subsequently, the certificate server 4 generates a user signature generation key, issues a user written certificate, and the administrator approval information sent in S410 is used as a user. The unique expansion area C11 of the certificate C10 and the certificate storage unit 45 are stored, and the user certificate and the user signature generation key are sent to the information terminal 3 (S702). Unlike the step of S413 in FIG. 6, the other process is the same as that of S413, although the manager approval information sent in S410 is stored in the unique extension area C11. The user ID of the administrator approval information is in the user ID storage C111 of the unique extension area C11, the administrator ID of the administrator approval information is in the administrator ID storage C112, and the registration approval status identifier is in the registration approval status identifier C113. Each is stored.

  That the information terminal 3 sends the received user certificate and user signature generation key to the IC card 1 for user is the same as S414 in FIG. 6, and the user IC card 1 has the user certificate C10. The registration authentication status identifier C113 is checked (S703). If the result of the check is not approved (S703: NG), the information terminal 3 is notified of that and the information terminal 3 having received the error outputs an error from the display unit 35 or the like (S416). If the verification is successful (S703: OK), the received user certificate C10 is registered in the user certificate storage unit 114, and the user signature generation key is registered in the user signature generation key 115 (S417). Note that the process of storing the administrator signature in the IC card 1 for user (S418 in FIG. 6) may be omitted.

  Next, a process of the user according to the fourth embodiment of the present invention performing biometric authentication and generating a signature on a document will be described using FIG. FIG. 18 is a flowchart showing processing of the user according to the fourth embodiment of the present invention performing biometric authentication and generating a signature on a document.

  Here, different points will be mainly described in comparison with FIG. 8 of the first embodiment.

  The processing of S501 to S508 is the same as the processing shown in FIG.

  Next, the information terminal 3 sends the document and the generated user signature to the verification server 5 (S801). Although the administrator approval information is also sent at S 509, in this example, since the user certificate C 10 includes information equivalent to the administrator approval information, it is not necessary to send it.

  The verification server 5 having received the document stores the document in the document storage unit 514, and stores the generated user signature in the user signature storage unit 511 (S802). In S510, the administrator approval information is also received, but in S802 of the present embodiment, the user certificate C10 includes information equivalent to the administrator approval information, and thus the user approval information may not be received.

  Next, a process of obtaining the reliability of a document for the user's document in the verification server 5 according to the fourth embodiment of the present invention will be described with reference to FIG.

  FIG. 19 is a flowchart showing processing for obtaining the reliability of a document for the user's document by the verification server 5 according to the fourth embodiment of the present invention.

  Here, different points will be mainly described in comparison with FIG. 9 of the first embodiment.

  The processing of S601 to S504 is the same as the processing shown in FIG.

  Next, the user certificate C10 acquired from the certificate server 4 is verified, and the document reliability 515 is updated based on the result and the registration approval state identifier C113 of the unique extension area C11 (S901). The process of S901 is the same as the process of S605 of FIG. 8 except that the unique extension area C11 is used.

  In this embodiment, by providing the unique area in the user certificate, the approval state of the administrator can be stored, and the approval state of the administrator can be determined only by referring to the user certificate.

[Evaluation of document reliability]
Hereinafter, it will be described that the document reliability can be evaluated by the authentication system of each embodiment described above with reference to FIG. FIG. 20 is a diagram showing an example of a document reliability table in which the document reliability is evaluated by verifying the user signature and the administrator approval state.

  The document reliability table 515 includes a document ID 5151, a user ID 5152, a user signature verification result 5153, an approval state verification result 5154, and a reliability 5155, which are associated as entries.

  A document ID 5151 is ID information for specifying a document. A user ID 5152 is a user ID of a user who signed a document indicated by the document ID 5151. The user signature verification result 5153 shows the result of verifying the user signature of the document indicated by the document ID 5151. In the figure, "correct signature" and "signature verification failure" are shown as an example.

  The approval status verification result 5154 is obtained by determining the signature and the registration approval status identifier of the administrator approval information attached to the document corresponding to the document ID 5151. In addition, information such as what means the administrator used to confirm the identity as shown in FIG. 7 (biometric information) of the first embodiment and FIG. 12 (password, PIN authentication) of the second embodiment May be included. Also, although not shown in the figure, the information may include the ID of the approved administrator. The reliability 5155 is information indicating the degree to which the correctness of a given document should be trusted as an authentication system based on the user signature verification result 5153 and the approval state verification result 5154, and is indicated by a score as an example. There is. The points shown in the figure and their calculation criteria are examples and do not have to be this.

  In the illustrated example, when the user signature 5153 is not a correct signature, the reliability 5155 is 0 regardless of the approval status verification result 5154. In addition, the approval status verification result 5154 indicates that if the signature verification fails, does not exist, if the signature verification succeeds and the administrator authentication method is the PIN authentication (FIG. 12 in the second embodiment, the third FIG. 15 of the embodiment shows a case where the signature verification is successful and the authentication method of the administrator is biometrics (FIG. 7 of the first embodiment) as an example, and a score of reliability 5155 is listed in the order listed. Was low. However, these are an example and it does not restrict to this.

[Other Embodiments]
In the flowcharts of the above-described embodiments, even when the details are not described, when any error occurs in the case where a series of flows are performed, to that effect, the control unit of each component It may be notified.

  Further, although the details are not described in the flowcharts of the above embodiments, the control software 310 may appropriately notify the user of the processing performed at that time by the display unit 35 or the like as needed. In particular, when the series of processes are completed or branched, it is desirable to notify the user of the fact by the respective display units, and the user may be inquired of judgment of the branch in combination with the input unit 36 or the like.

  In addition, although the flow shows the exchange of information between the steps omitted, it is considered that a pair of response to a command is actually formed. In addition, even in the case where the exchange of information between each step is indicated by a pair of double-headed arrows, there may be no problem even if a plurality of command / responses are included therein. In addition, in the communication between the terminal and the server, even when data is transmitted from the server to the terminal that is the client and the content is received by the terminal, actual communication is performed through the command and response between the client and the server. As a result, transmission of data as described above may be realized.

DESCRIPTION OF SYMBOLS 1 ... IC card for user 2 ... biometric information acquisition apparatus 3 for user ... information terminal 4 ... certificate server 5 ... verification server 8 ... IC card 9 for administrator ... biometric information acquisition apparatus for administrator

Claims (7)

An authentication system comprising a semiconductor card for user, a biometric information acquisition device for user, a certificate server, and an information terminal, wherein the information terminal and the certificate server are connected by a network,
The semiconductor card user holds the user biometric information read by the user biometric information acquisition device, and an administrator approval information indicating that the administrator issued the user certificate is authorized,
The information terminal reads the manager approval information from the semiconductor card for user, and transmits the manager approval information to the certificate server.
The certificate server verifies the administrator approval information, and when approval is obtained, issues a user certificate of the user, registers the user certificate, and transmits the user certificate to the information terminal And
The information terminal transmits the user certificate to the semiconductor card for user;
The semiconductor card for user stores the user certificate ,
The certificate server generates a user signature generation key and sends it to the information terminal together with the user certificate.
The information terminal transmits the user signature generation key to the user semiconductor card together with the user certificate.
The semiconductor card for user verifies the manager approval state in the manager approval information, and when it is approved, registers the user signature generation key together with the user certificate.
The user semiconductor card generates a signature of the administrator approval information using the user signature generation key, and stores the generated signature as an administrator signature.
And a verification server connected to the information terminal and the certificate server via a network.
The information terminal transmits signature data of a document to be verified to the semiconductor card for user,
The semiconductor card for user generates a user signature by the user signature generation key, and transmits the user signature and the administrator approval information to the information terminal.
The information terminal transmits the document, the user signature, and the administrator approval information to the verification server.
The manager approval information includes a user ID,
The verification server sends the user ID to the certificate server
The certificate server transmits a user certificate corresponding to the transmitted user ID to the verification server.
The verification server verifies the user signature and the administrator approval information based on the transmitted user certificate, and calculates the reliability of the document based on the result. system.   The authentication system according to claim 1, wherein the manager authentication for generating the manager approval information is performed based on biometric information of the manager or a password input to the information terminal. In addition, it has a semiconductor card for administrators,
The administrator semiconductor card generates an administrator signature at the time of administrator authentication, writes the administrator signature in the administrator approval information, and transmits it to the information terminal.
The information terminal transmits the manager approval information to the semiconductor card for user;
The authentication system according to claim 1, wherein the semiconductor card for user verifies the manager signature in the manager approval information and stores the user certificate when it is correct. The user certificate has its own extension area,
The unique extension area includes a manager approval status identifier representing manager approval information,
The certificate server generates a user signature generation key and sends it to the information terminal together with the user certificate.
The information terminal transmits the user signature generation key to the user semiconductor card together with the user certificate.
The semiconductor card for user verifies the administrator approval status identifier of the unique extension area, and when approved, registers the user signature generation key together with the user certificate. Authentication system described. An authentication method of an authentication system comprising: a semiconductor card for user, a biometric information acquisition device for user, a certificate server, and an information terminal, wherein the information terminal and the certificate server are connected by a network,
Further, the authentication system includes a verification server connected to the information terminal and the certificate server by a network.
Semiconductor card the user holds the user biometric information read by the user biometric information acquisition device, and an administrator approval information indicating that the administrator issued the user certificate is authorized,
The information terminal reads the manager approval information from the semiconductor card for user, and transmits the manager approval information to the certificate server;
The certificate server verifies the administrator approval information, and when approval is obtained, issues a user certificate of the user, registers the user certificate, and transmits it to the information terminal Step to
The information terminal transmitting the user certificate to the semiconductor card for user;
The semiconductor card for user stores the user certificate .
The certificate server generates a user signature generation key and sends the key together with the user certificate to the information terminal;
The information terminal transmitting the user signature generation key to the user semiconductor card together with the user certificate;
The semiconductor card for user verifying the manager approval state in the manager approval information and registering the user signature generation key together with the user certificate when it is approved;
The semiconductor card for user generates a signature of the manager approval information with the user signature generation key and stores the signature as a manager signature;
The information terminal transmitting signature data of a document to be verified to the semiconductor card for user;
The semiconductor card for user generates a user signature by the user signature generation key, and transmits the user signature and the administrator approval information to the information terminal;
The information terminal transmitting the document, the user signature, and the administrator approval information to the verification server;
The manager approval information includes a user ID,
Further, the verification server sends the user ID to the certificate server.
Transmitting the user certificate corresponding to the transmitted user ID to the verification server.
The verification server comprises the steps of: verifying the user signature based on the transmitted user certificate; verifying the administrator approval information; and calculating the credibility of the document based on the result. Characteristic authentication method. 6. The authentication method according to claim 5 , wherein the manager authentication for generating the manager approval information is performed based on biometric information of the manager or a password input to the information terminal. Further, the authentication system comprises a semiconductor card for administrator,
The semiconductor card for administrator generates an administrator signature at the time of administrator authentication, writes the administrator signature in the administrator approval information, and transmits it to the information terminal;
The information terminal transmitting the manager approval information to the semiconductor card for user;
6. The authentication method according to claim 5 , further comprising the step of the semiconductor card for user verifying the manager signature in the manager approval information and storing the user certificate when it is correct.

Images