WO1999060485A1 - Systeme de carte d'authentification - Google Patents

Systeme de carte d'authentification Download PDF

Info

Publication number
WO1999060485A1
WO1999060485A1 PCT/JP1999/002599 JP9902599W WO9960485A1 WO 1999060485 A1 WO1999060485 A1 WO 1999060485A1 JP 9902599 W JP9902599 W JP 9902599W WO 9960485 A1 WO9960485 A1 WO 9960485A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
card
user
information
personal identification
Prior art date
Application number
PCT/JP1999/002599
Other languages
English (en)
Japanese (ja)
Inventor
Yutaka Yasukura
Original Assignee
Yutaka Yasukura
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP10139563A external-priority patent/JP3112076B2/ja
Priority claimed from JP10299181A external-priority patent/JP2000132658A/ja
Priority claimed from JP10323129A external-priority patent/JP2000145219A/ja
Priority claimed from JP36175298A external-priority patent/JP3090265B2/ja
Priority to AU38489/99A priority Critical patent/AU3848999A/en
Priority to DE69938500T priority patent/DE69938500T2/de
Priority to US09/445,060 priority patent/US6990588B1/en
Priority to EP99921166A priority patent/EP1085424B1/fr
Application filed by Yutaka Yasukura filed Critical Yutaka Yasukura
Priority to IL13410299A priority patent/IL134102A0/xx
Priority to EA200000145A priority patent/EA002175B1/ru
Publication of WO1999060485A1 publication Critical patent/WO1999060485A1/fr
Priority to HK01102627A priority patent/HK1031936A1/xx

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00563Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically

Definitions

  • the second invention is a user authentication system for performing personal authentication in electronic information exchange and electronic commerce, a user authentication form and a user authentication device used for the second step, and a specific person who has been authorized in advance by applying the same.
  • Lock control system that allows opening and closing only to the user; Background art
  • the mechanism that correctly authenticates individuals can be used to improve the security of electronic money, such as locking devices that restrict access to non-qualified persons at research laboratories, offices, and houses.
  • passwords have been used most often for user authentication. Although passwords are simple, they do not eliminate anyone impersonating themselves by stealing someone else's passcode. Therefore, use reasonable passwords, such as using a long password, choosing a password that is difficult to guess, and changing the password occasionally, to ensure security. Also, in order to ensure the security of the communication process, it is common practice to keep communication contents secret using encryption technology so that even if data is leaked, the contents will not be easily known to others. Have been done.
  • Locking management systems for locking are often used. Accurately authenticate users only when they should be allowed to do business, such as e-commerce such as product sales and credit settlement, online medical consultations, personal medical records and registrations at government offices, and issuance of certificates. There is a need. In addition, in such a case, the opportunity to access information using a communication network, instead of conducting face-to-face transactions, is increasing and diversifying.
  • the required level of security differs depending on the type of transaction, so the required depth of authentication is different. For example, when selling small-priced products, you can be satisfied if you can guarantee the genuineness of the card, but if you use it for issuing medical charts, you can definitely prove that you are who you are. It is preferable to use the information together.
  • a key card used for lock management and entrance / exit management is usually issued for each lock and is owned or managed by a qualified person. Therefore, if a large number of rooms are subject to entry / exit management, a highly qualified person must have a large number of key cards, and management becomes complicated.
  • one key card is often shared and used by a qualified person, but in this case, unauthorized stealing of unauthorized persons is required unless the security code and key code are strictly managed. Forgiveness would make it more difficult to maintain security.
  • the key is prepared and lent for each key, so opening and closing the mouth locker even if a person different from the original user uses the key The security is not sufficient because the stored items may be stolen by others.
  • safes such as safes
  • Some safes provide higher levels of protection so that the key provided when lending the safe and the key of the administrator can be unlocked for the first time, but the administrator must be present. Using a stolen or duplicated key can be unlocked and not secure enough:
  • lock control systems such as laboratories, data storage rooms, and drug storage rooms that limit the people who can enter and exit to ensure security, and unlock only when they have passed authentication with a card issued to a qualified person.
  • lock control systems such as laboratories, data storage rooms, and drug storage rooms that limit the people who can enter and exit to ensure security, and unlock only when they have passed authentication with a card issued to a qualified person.
  • the management of the card if the management of the card is poor, there is a fear that an unqualified person can use the card to enter and leave freely. Since the required degree of security differs depending on the lock to be accessed, it is inevitable to require users to perform complicated procedures in pursuit of high security. For example, to open shelves to control toxicants: Although a certificate is required, a simple confirmation is sufficient to take out enough ordinary medicine by controlling the amount taken out.
  • the level of security assurance differs between a safe deposit box when storing valuables and expensive goods that cannot be changed, and when storing any amount of items that can be obtained.
  • IC cards are capable of performing complex calculations associated with high-level authentication and are easy to rewrite the recorded contents, and are suitable for use as electronic money, such as cards that can record the history of transactions sequentially. I have.
  • Such an authentication IC card performs personal authentication based on the information recorded on the card, and thus, security of force is a major problem.
  • the present invention provides a user authentication system for performing personal authentication in electronic information exchange and electronic commerce, which is highly secure and can quickly obtain a result, and a user authentication slip and a user authentication device used for the system.
  • the purpose is to provide.
  • Another object of the present invention is to provide an authentication IC card in which an authentication card issued for each object is integrated as a qualified person authentication in order to improve the security of transactions and locking systems.
  • the purpose is to provide an authentication IC that guarantees the security of access to stored information and secures privacy protection.
  • Another object of the present invention is to provide a lock management system with high security by strictly determining qualified persons and to provide a lock management system capable of setting the depth of qualified person authentication as necessary. I do. Disclosure of the invention
  • the user authentication system of the present invention includes at least one certification authority including a registration office, an authentication ticket issuing office, and an authentication utilization office.
  • the registry is equipped with an information capture device that acquires biological characteristic data that distinguishes individual users, and the certificate issuing office records at least a part of the biological characteristic data for the user.
  • the user office issues a user authentication card, and the authentication office is equipped with an authentication card reader that reads the information on the user authentication card and a personal identification card that acquires the biological characteristics data of the user.
  • the certification authority is connected to the certification use center via an information communication channel, and records the parts of the user's biological characteristic data obtained at the registration center that are not recorded in the user certification form.
  • the user authentication is performed by comparing the recorded contents of the user authentication slip read by the authentication slip reader at the authentication use center with the biological characteristic data of the user obtained by the personal ID obtaining device, and further advanced authentication.
  • the certification authority responds to inquiries from the certification authority, compares the missing biological feature data in the user authentication form, sends the result of authentication to the certification authority, and performs authentication. It is characterized by performing.
  • biological characteristic a characteristic unique to an individual that cannot be completely controlled by human will and can be distinguished from others is called a biological characteristic.
  • biological features include not only natural ones such as finger prints, palm prints, iris and retina patterns, and DNA information, but also some that are formed by habits such as handwriting and voice prints. Biological features that are easily recognizable may be found.
  • the second user authentication system of the present invention includes a registration office, an authentication ticket issuing office, and an authentication use office, has an arithmetic function in the user authentication ticket, acquires biological characteristic data at the authentication use office, and performs user authentication.
  • the user's authentication form is used to compare the biological characteristic data recorded on the user authentication form with the biological characteristic data of the user acquired by the personal identification card acquisition apparatus, and further, It is characterized by authenticating that the user is a valid owner of the user authentication slip by integrating the authentication results of the certification authority.
  • the user authentication system further includes at least one certificate authority connected to the authentication use center via an information communication path, and includes, in the user authentication ticket, the biological characteristic data of the user acquired at the registration center. Record all but the part that is not recorded in the user certificate, and record it in each certification authority. It is preferable to compare and authenticate the part of the biological characteristic data that is missing in the voucher.
  • the user authentication system may include a certificate authority provided with a storage device for recording the user's biological characteristic data obtained at the registry.
  • the user authentication system of the present invention uses a user authentication card that records at least a part of biological characteristic data for distinguishing an individual user, and when authentication is necessary, a biological characteristic input by a user. Since the user is authenticated by comparing the data with the biological characteristic data of the user authentication slip, the impersonation can be prevented because the authentication test can be passed only by the user himself.
  • the necessary information is divided, and for example, the biological characteristic data is restored from the data recorded in the certification form. Even if the authentication system cannot be breached, the data used for authentication cannot be duplicated from the user authentication slip, so it is safe. Since the information in the bureau is preserved, impersonation of others can be eliminated.
  • the method of the present invention collects the divided data in one place, reintegrates and determines W
  • the certification authority and the certification authority use the results of certification based on the biological characteristic data at hand, and the entire original data is reproduced
  • the security of the data is extremely high because the data is kept secret.
  • authentication is performed in response to inquiries from the certificate authority or other certificate authorities for each certificate authority.
  • the reliability of user authentication can be further improved by acquiring user authentication of certificate authorities that are hierarchically organized in stages.
  • the user authentication system of the present invention according to the required level of authentication reliability, it is possible to select whether or not to make a pass / fail decision based on the information recorded in the user authentication slip by authenticating only the authentication use place. It is also possible to select more reliable judgment by adding authentication at a certification authority that takes into account information not recorded in the user authentication slip.
  • the authentication level such as (2), may be determined in advance depending on the authentication use place or the transaction object, or may be set at the authentication use place for each transaction. Furthermore, it can be automatically selected and set according to the transaction price.
  • the information in the user authentication slip is used for most of the authentication, and authentication is performed at the authentication use place. If this is done, the amount of information exchanged via the communication circuit will be a small part, the capacity of the communication circuit may be small, and the time required for inquiry will be short.
  • dividing information has the effect of suppressing the demand for processing capacity and storage capacity of the certificate authority, since information must be accumulated for many users and many queries must be processed.
  • the user authentication system is provided with an accredited registration authority provided with a storage device for recording the user's biological characteristic data obtained at the registry, and the user's biological characteristic data acquired at the registry is obtained.
  • an accredited registration authority provided with a storage device for recording the user's biological characteristic data obtained at the registry, and the user's biological characteristic data acquired at the registry is obtained.
  • the storage medium storing the biological characteristic data at the accredited registration authority can be separated from the information communication path of the user authentication system and connected and used only when necessary, hackers can For example, personal information can be prevented from being leaked or falsified. Note that it is extremely effective to ensure security by recording only partial biological feature data in the user certificate and lower-level certificate authorities, and not keeping complete records.
  • Handwriting in consideration of the input process may be used as the biological feature data used in the user authentication system of the invention.
  • Handwriting has the advantage that it is a good representation of the biological characteristics of the individual, makes it difficult for others to impersonate, and that the input and analysis equipment is relatively easy to obtain. Characters and figures written to identify the user may be appropriate, but it is needless to say that a sign representing the user's name has good reproducibility.
  • the written handwriting can be imitated by others, the biological characteristics of the individual appear by taking into account the input process such as the stroke order and brushstroke, making it impossible for others to imitate. Therefore, highly reliable authentication can be performed by using an online input device to make a judgment in consideration of the information being input.
  • available biological feature data include fingerprints, palm prints, voice prints, iris and retina patterns, and DNA information. In the future, more reliable and easily recognizable biological features may be found.
  • the information data is physically divided and the first half is recorded in the user certificate and the second half is recorded in the certificate authority.
  • the information may be divided hierarchically, such as by recording the handwriting shape information on a user certificate and recording the pen pressure information and stroke order information at a certificate authority. May be used.
  • the biological feature data used for such purpose may be of the same type as the formal one, or may be of a different type, such as adding voice data to a signature. Conversely, data obtained by adding specific code data to pseudo data may be used as formal authentication data.
  • the user authentication ticket used in the user authentication system of the present invention is a storage having a readable storage area that records at least a part of a signal for identifying an identification tag and at least part of biological characteristic data for distinguishing an individual user. It is characterized by being composed of a medium.
  • a read-only storage medium such as ROM or CD-ROM may be used as the storage medium, but since the recorded content is information indicating the biological characteristics of the user, there is little risk of tampering, and the transaction details It is also possible to adopt a storage medium that can be written and read and can record additional information.
  • an IC card that has a high anti-counterfeit function and a large data capacity, and has a high security function equipped with an intelligent function and an encryption system.
  • the biological characteristic data obtained from the user must be imported into the card and compared with the internally stored inquiry data to perform user authentication. If this is the case, the burden on the certification use center can be reduced and the equipment cost can be reduced. Also, the security can be improved by preventing the authentication data of the user authentication slip from being read from outside.
  • an IC card enables the installation of multiple functions and advanced identity authentication. It can be a multipurpose card having functions.
  • the IC card used here may be a complex IC card that combines a contact type that reads and writes with an external terminal and a non-contact type that reads and writes without a contact regardless of the external terminal.
  • An authentication IC card that uses an IC card to perform personal authentication is an authentication IC card that includes an authentication file that stores CPU and personal identification information and an application file that is classified according to the authentication depth. Therefore, when there is a request to present the information recorded in the application file from outside, the authentication depth is compared by comparing the personal identification information entered from outside with the personal identification information stored in the authentication file. It is characterized by presenting the information of the application file via the CPU for the first time when it is confirmed and passed.
  • the application files in the card are classified for each file according to the authentication depth corresponding to the confidentiality, and the information recorded in the file from the outside can be obtained.
  • the CPU checks the input personal identification information and checks the information of the target application file via the CPU only when the authentication corresponding to the predetermined depth of the file is obtained. It is to be presented.
  • Verification of personal identification information entered by the card carrier with personal identification information recorded inside the card must be performed by an external device using personal identification information provided from the card or personal identification information stored in advance. Can also. By utilizing the capabilities of external devices, Because it can handle complicated image processing and information processing, it is effective when there is a shortage of CPU and memory capacity of the authentication IC. In addition, highly reliable authentication can be performed by using the divided and stored personal identification information. Note that the personal identification information stored in the authentication file can include biological information for distinguishing the individual of the authentic owner of the IC card.
  • application files classified according to the level of certification may record IDs used for various transactions. Such an ID is effective when there is a need to verify whether the card carrier is qualified to access the transaction information, for example, when external transaction information exists.
  • the personal information of the owner may be recorded in the application file: Authentication of the present invention
  • the authentication ability of the IC card is high and the personal information of the card cannot be accessed without the authorization of the individual, so that privacy is not secured. Protection is thorough.
  • access qualifications may be registered in advance for each application file, and only authorized qualifications may be allowed to access the file. Since files can be arranged two-dimensionally in combination with the authentication level, it is possible to meet more complex requirements.
  • the authentication IC card of the present invention When using the authentication IC card of the present invention, first store the occupant license, the bank ID, etc. in the application file in the authentication IC card, and specify the authentication method required by each. . On the other hand, personal identification information required for authentication is stored in the authentication file.
  • admission to a building does not require special authentication and it is sufficient to have an appropriate authentication IC card.
  • a PIN is required to confirm the authenticity of the holder together with the authentication IC card.
  • stricter authentication is required when entering the data room, and each person's fingerprint is verified.
  • the authentication file records information indicating that the card is a genuine card, a PIN and fingerprint information of the holder, and requests each application file to open the building entrance door.
  • the encrypted signal and the encrypted signal required to open the office and the encrypted signal to open the data room door are stored.
  • the person carrying the force reads the authentication IC force using the card reader attached to the building door.
  • the card reader acquires the force information, confirms that the force is authentic and the code matches, and when the inspection passes, the door opens and you can enter.
  • a card reader attached to the office door is provided with a key board, and those who intend to enter the room need to read the authentication IC card and enter their PIN.
  • the authentication code is authentic and the password matches the password recorded in the authentication file of the authentication IC, the encryption signal required for opening the door is sent to the card reader via the CPU, If this is correct, entry is allowed.
  • a card reader equipped with a fingerprint reader is provided on the door of the reference room, and those who intend to enter the room can read the authentic authentication IC card with the card reader and use the designated finger. It must be pressed against a fingerprint reader.
  • a code for instructing to open the door is supplied to the card reader via the CPU, and the encrypted signal is determined to be authentic by the card reader. The door opens and you can enter the room for the first time.
  • the same mechanism can be used in financial systems.
  • the only information that can be requested by the unlocking system is personal identification information and the signal for unlocking, and access to the file storing the medical chart is excluded by the CPU.
  • the entire information exchange can be shut off to prevent information theft or tampering.
  • an encryption signal for authorizing the transaction is recorded on the authentication IC card possessed by a person who has been licensed for each service or transaction, and the transaction is performed. This is a mechanism for confirming that the carrier of the authentication IC card is a genuine holder when conducting the transaction and accepting the transaction.
  • the information that the service provider should receive from the authentication IC card is recorded as the credential that the carrier of the authentication IC card is the genuine owner of the card and proof of eligibility to use the authentication IC card. That is. Also authentication
  • What the IC card authenticates is that the reader is correct and that the carrier is the genuine owner.
  • the authentication IC card of the present invention With the authentication IC card of the present invention, the eligibility for entering a building or entering a certain data room, bank account, credit ownership, family register, history, credit balance when using as electronic money, etc. By storing the attributes of the holder, including the attributes of the holder in the authentication IC card, the authentication of all transactions that have been licensed can be integrated into one card.
  • the authentication IC force of the present invention does not give the transaction qualification to the card but to the individual owner of the force, the operation is performed in accordance with the original trust purpose compared with the conventional card system. be able to. Therefore, there is no need to carry a large number of cards provided for each service as in the past, and the card itself is strictly managed so that other people do not use the card itself like the unlocking card shared by many people in the past. There is no need.
  • authentication can be performed based only on information recorded in the IC card and information input by the card holder himself. Therefore, the security of the card is more important than ever, so it is important to use the authentic transaction information such as signatures, voice prints, fingerprints, palm prints, irises, etc. Advanced security measures are in place to prevent anyone other than the genuine transaction target from using the authentication card, and authentication ICs acquired by others who are not authorized users through theft, discovery, etc. The card cannot be used directly or tampered with.
  • the authentication IC card of the present invention further comprises a CPU, an authentication file storing personal identification information or personal identification information and authentication information, and an application storing job programs and data classified according to the authentication depth.
  • An authentication IC card that has a file and that, when there is a request for access to the application file from outside, the access is granted based on the result of authenticity determination based on the personal identification information or authentication information of the authentication file.
  • personal identification information of the second person or authentication information of the subject is stored in addition to the personal identification information of the authorized user, and a job or data requiring authentication of the second person or the subject is specified in advance.
  • a job or data requiring authentication of the second person or the subject is specified in advance.
  • a second person or an entity having a specific authority (hereinafter, referred to as a subject)
  • a subject a second person or an entity having a specific authority
  • the witness's approval becomes effective only when the person is authenticated based on personal identification information or authentication information stored in the IC card.
  • the witness is a person designated by the person in charge of the card issuance, even if the user is a trusted third party. There may be. In addition, it may be a subject such as an issuer as a mechanism or an organization.
  • the identity of the witness must be approved and authenticated, or both the witness and the witness must pass the authentication. Not only can it prevent theft of an authentication IC card, but also prevent a person in charge of internal information from rewriting personal ID information by colluding.
  • certification I C force Based on the reliability of ⁇ , it is possible to set high security for authentication, so even if there is no special security system at the issuing office that issues the authentication IC card, the security of the authentication IC can be secured. Sex is not threatened. Also, the personal data stored on the card may be stored in the authentication IC card, and need not be kept at the authentication IC card issuing office.
  • the determination of the pass / fail of the authentication may be performed by the CPU in the authentication IC card or by an external device.
  • the personal identification information or authentication information stored in the authentication file is output to the external device via the CPU, and the external device determines whether or not the authentication is successful. Access to the application file via if.
  • the equipment on the side of the IC card reading device can be simplified and improved, and the equipment cost at the place of use can be reduced.
  • the performance of the IC card can be simplified.
  • compatibility with a system that further improves security by sharing part of personal identification information in storage devices other than the authentication IC card is further improved.
  • the personal identification information includes biological information for distinguishing the individual of the authentic owner of the authentication IC card.
  • biological information includes signatures, voiceprints, fingerprints, palms There are crests and irises.
  • a password with a high degree of freedom can be used in addition to biological information.
  • a log of matters using the witness's authentication be recorded in the authentication IC card.
  • a user authentication device for performing authentication using a user authentication ticket of the present invention includes an authentication tag reading device that reads information recorded in a user authentication ticket, and a personal identification card acquiring device that acquires biological characteristic data of a user.
  • the user authentication slip is applied to the authentication slip reading device, and the user who is required to be authenticated is the same kind of organism as that recorded on the user authentication slip via the personal identification obtaining device.
  • the judgment device displays the result of the pass / fail judgment by comparing the biological characteristic data recorded on the user authentication card with the biological characteristic data acquired by the personal identification card acquisition device. Since it is displayed on the device, it is possible to immediately recognize whether or not the user is the genuine owner of the user authentication card without communicating with the outside.
  • the user authentication device needs to be equipped with a personal identification acquisition device of the same type as the biological characteristic data input device installed at the user registration center.
  • a personal identification card acquisition device that has a function for capturing handwritten figures can be used: If a predetermined handwritten figure such as a signature is input as digital data using the function for capturing handwritten figures, a user authentication slip can be obtained. It can be easily compared with biological characteristic data.
  • the user authentication device of the present invention includes a communication device capable of communicating with an external certificate authority, and transmits at least a part of the user's biological characteristic data input to the personal certificate acquisition device to the external certificate authority to determine whether to pass or fail. It is preferable that the judgment result is received and the judgment result is displayed via a display device. W /
  • the user authentication system of the present invention can be applied to a lock management system.
  • the lock management system of the present invention uses an IC card that records user authentication data as a key, compares input personal identification data with personal authentication data recorded on the IC card, and passes the authentication. It is characterized by unlocking.
  • the user authentication card in which the personal authentication data of the person who has authorized the use of the lock is stored in the IC card is given to the user as a key card:
  • the key card is presented.
  • input personal identification data is compared with the data recorded on the key card, and the lock is opened only when it is within the allowable range.
  • the lock cannot be opened, so the lock can only be unlocked by the authorized person.
  • Such a system empowers an authorized individual to unlock and authenticates the identity of the individual with a keystroke, and a key card is a part of the key function. It only carries:
  • the lock cannot be opened unless the person is the person himself, and the lock is extremely safe. Also, since the personal information is stored on the key card, it is not necessary to provide the lock device with a large database that stores information on all prospective users, and it is not necessary to obtain it from the host device by high-speed communication.
  • a means for inputting personal identification data corresponding to a plurality of types of personal authentication data may be set up at the place where the lock is used, so that the user can select one. If multiple authentication data types are available in this way, the thief needs to know which type of authentication data is being used, and a highly secure lock can be obtained. Of course, a combination of a plurality of information may be used so that the lock cannot be unlocked unless all of them pass. It should be noted that there may be a plurality of locks that can be unlocked with one key card, and the type of the authentication data to be applied to each lock may be selected. This reduces costs compared to issuing a key card for each lock, reduces the number of cards carried by the user, and eliminates the hassle of selecting and presenting a corresponding card for each lock.
  • Such a key card is also useful, for example, when a lock at the entrance and a lock at the journal shelf in the store are shared in the store.
  • a lock at the entrance and a lock at the journal shelf in the store are shared in the store.
  • HR information and accounting information are both stored in the vault, but it can be used in cases where only relevant persons can access each.
  • a warning may be given to the control room, and the storage door may be closed to prevent the access person from escaping.
  • a person who has accessed the lock is recognized as an individual. Since it has the function of storing information, it is possible to automatically create a record of the usage status of the storage by accumulating the information.
  • the lock management system of the present invention can be provided in a safe for storing valuables to ensure safety.
  • a safe box it will be safe enough for safe boxes without the attendance of the administrator.
  • the user of the safe deposit box it is also possible for the user of the safe deposit box to decide the security depth according to the value of the stored items and use it accordingly.
  • FIG. 1 is a block diagram showing a user authentication system according to an embodiment of the present invention
  • FIG. 2 is a perspective view showing an example of a user authentication device used in this embodiment
  • FIG. 3 is a user authentication in this embodiment
  • Fig. 4 is a block diagram showing the first and second configuration examples of the user authentication slip used in this embodiment.
  • Fig. 5 is an example of the procedure for issuing a user authentication slip in this embodiment.
  • FIG. 6 is a flow chart showing an example of an authentication procedure in a use place in this embodiment.
  • FIG. 7 is a block diagram showing a configuration of a third embodiment of the authentication IC card of the present invention. Is a block diagram showing a file configuration of the authentication IC card of the third embodiment, FIG.
  • FIG. 9 is a block diagram showing an example of use of the authentication IC card of the third embodiment
  • FIG. 10 is an authentication IC of the third embodiment.
  • FIG. 11 shows an authentication IC car of the present invention.
  • 12 is a block diagram showing the configuration of the fourth embodiment of the present invention
  • FIG. 12 is a flowchart showing the procedure for issuing an authentication IC card of the fourth embodiment
  • FIG. 13 is recorded on the authentication IC card of the fourth embodiment.
  • 14 is a flowchart showing the procedure for reading the personal identification information
  • FIG. 14 is a flowchart showing the procedure for rewriting the personal identification information of the authentication IC card of the fourth embodiment
  • FIG. 15 is the first embodiment of the lock management system of the present invention.
  • FIG. 16 is a block diagram showing an example of a lock management system according to a second embodiment of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION
  • the user authentication system of the present invention has a hierarchical structure including an accredited registration authority, a certification authority, and an authentication use place.
  • the Certified Registration Authority (PRA) 1 oversees the entire certification network, A certificate is issued that gives some authority to multiple Intermediate Certificate Authorities (PCAs) 2 as a central authority, and the authorized Intermediate Certificate Authorities (CAs) 3 communicate to multiple Terminal Certificate Authorities (CAs) 3 as sublicensees. Issue a certificate that gives some authority.
  • PCAs Intermediate Certificate Authority
  • CAs Terminal Certificate Authority
  • the terminal certificate authority (CA) 3 acts as an intermediary between the authentication use office (TM) 4 that is a client that uses user authentication and the user 8 who wants to use the service of the client.
  • TM authentication use office
  • the use of various services may be referred to as transactions.
  • the accredited registration authority (PRA) 1 has a storage device 1 1 that can be separated from the device, and the intermediate certificate authority (PCA) 2 and the terminal certificate authority (CA) 3 are storage devices 2 1 that are always connected to the device. , With 3 1.
  • the Intermediate Certification Authority can be omitted when building a user authentication system. Conversely, multiple levels of Intermediate Certificate Authorities (PCAs) may be provided and the depth of the hierarchy may be greater than three levels:
  • the functions such as the accredited registration authority (PRA), intermediate certification authority (PCA) and terminal certification authority (CA) may be performed by mutually integrated organizations.
  • the terminal certification authority has authority over a limited area, such as an administrative agency, a medical institution, a specific company, an apartment complex, or a shopping mall (mall). Awarded by the PCA.
  • the terminal certificate authority (CA) 3 is connected to a certification use center (TM) 4 that belongs to the area having this authority and uses user authentication.
  • Recognized User Centers (TM) 4 include offices at government offices, receptions at departments and pharmacies at hospitals, doors to research laboratories and departments, information devices that access databases that require protection, and entrances to apartments. And private room doors, indoor utility remote control devices, There are various types of facilities, such as membership club facilities, payment counters at large retail stores such as mall stores and department stores, counters at financial institutions such as banks, and ATMs.
  • the terminal certification authority (CA) 3 gives the user registration office (RG) 5 the authority to accept registrations for users 8 who intend to use the certification office (TM) 4, 6) Authorize 6 to issue user authentication slip 7.
  • the user registry (RG) 5 is provided with an input device 51 for acquiring biological characteristics.
  • an online handwritten figure input device composed of a tablet and a pen is used.
  • the information of the writing process can be taken together and the figure can be recognized.For example, even when characters are input, information on the direction of each stroke and the order in which the strokes were written can be obtained. Can be easily obtained.
  • a microphone 52 is provided to input voice.
  • a device for capturing a fingerprint or a palm print, or a device for capturing the iris or retinal pattern by observing the pupil may be provided.
  • a certificate issuance device 61 is installed at the certificate issuance office (IS) 6, a certificate issuance device 61 is installed.
  • the authentication ticket issuing device 61 writes the information used for settlement in the user authentication ticket 7 and supplies it to the user 8.
  • the user authentication form is configured with an IC card.
  • any recording medium that can be written and read such as a magnetic recording medium such as a CD-ROM, a floppy disk, or a magnetic force, or Other electronic recording media, such as magneto-optical recording media, can also be used.
  • the authentication use place (TM) 4 is provided with a user authentication device 41 that checks the authenticity of the user authentication slip 7 of the user 8 and authenticates the user 8.
  • FIG. 2 and 3 are views showing one configuration example of the user authentication device 41.
  • Authentication level designation device 402 that specifies the authentication depth to be authenticated, personal identification device 4003 that acquires the biological characteristic data of the user, and authentication display device 40 that displays the authentication result. 4 are located.
  • the personal identification input device 400 is the same as the biological feature input device 51 used in the user registry (RG) 5. Therefore, when a voice print is used for user authentication, it is needless to say that the microphone 42 must also be attached to the user authentication device 41 of the authentication use center (TM) 4.
  • the personal identification input device 403 is provided with an input device adapted to acquire the biological information data of the user to be used in accordance with the type.
  • an electronic circuit 410 for performing user authentication by organically combining these devices is built in the user authentication device 41.
  • the electronic circuit 410 comprises an authentication slip read / write control device 411, a personal identification information conversion device 4 12, a judgment device 4 13, and a communication device 4 14.
  • the authentication card read / write control device 411 has the function of reading the contents of the authentication card via the input / output device 401, decrypting the encrypted digital data, and storing the transaction result in the authentication card. ing.
  • the personal identification information conversion device 4 1 2 converts the biological characteristic data captured by the personal identification input device 4 3 into digital data.
  • Judgment device 4 13 takes in the output information of authentication slip read / write control device 4 11 1, personal identification information conversion device 4 1 2 and authentication level designation device 4 2 2, and communication device according to the required authentication level.
  • the personal authentication of the user is performed by taking into account the information exchanged with the certificate authority via 414, and the result is displayed on the authentication display device 404.
  • the transaction result is input from the transaction content input device 420 and the content is displayed on the transaction display device 420, so that the user 8 can also confirm this. .
  • the details of the transaction are recorded in the storage device 422.
  • the determination device 4 13 may automatically send the user authentication result to the transaction content input device 4 20 so that the transaction can be accepted or rejected.
  • transaction information may be input from the transaction content input device 420 to record transaction content and transaction history in the user authentication slip 7.
  • the user authentication slip 7 is used in the settlement field, if the transaction item, the name of the purchased product and the price are recorded, it is easy to confirm the comparison when making payment.
  • a certificate such as a health insurance card, a driver's license, medical information, or a basic resident register can be received and stored in the user authentication form 7.
  • user authentication as a condition when browsing the contents recorded in the user authentication slip 7, access by anyone other than the user can be excluded, and personal privacy can be protected.
  • Bio characteristic data used for such purposes may be used in combination of different types, such as, for example, coughing twice lightly when signed.
  • FIG. 4 is a block diagram showing the internal configuration of a user authentication slip using an IC card.
  • the user authentication slip 7 used in the present embodiment is a contact type that transmits an electric signal via the connection terminal 71 in consideration of the convenience for a plurality of issuers to jointly set up a shared terminal and mutually release the shared terminal.
  • a non-contact IC that communicates by electrostatic coupling, electromagnetic induction, etc. without contact between the electrode 73 in the force and the electrode in the authentication slip read / write control device.
  • any one of these methods may be installed.
  • connection circuit 72 is connected to the connection terminal 71, and a communication control circuit 74 is connected to the non-contact electrode 73, which is connected to a built-in memory.
  • the user authentication card 7 consists of a random access memory RAM 76 and a read-only memory ROM 77 and an electrically writable programmable read-only memory PR OM 78 and an electrically erasable programmable read-only memory EEPR From OM 7 9 And a CPU 75, which are connected by a bus.
  • the connection circuit 72, the communication control circuit 74, the CPU 75 and the memory can be accommodated in one IC chip.
  • the authentication card reading / writing control device 410 When the user authentication card 7 is inserted, the authentication card reading / writing control device 410 performs user authentication via the connection terminal 71 via the connection circuit 72 or from the non-contact electrode 73 via the communication control circuit 74. Can access the memory of vote 7 c
  • the PROM 7.8 stores card authentication data used to check the authenticity of the authentication card and an ID that identifies the issuer who issued the user authentication card after receiving the certification. Can not do.
  • the EEPROM79 stores biological characteristic data used for user authentication and a record of transactions using the authentication tag.
  • the ROM 77 also stores a program that controls the CPU 75 to perform encryption / decryption, control of data input / output, and authenticity check of the user authentication device 41.
  • the RAM 76 has a function of temporarily storing data to be taken in from the outside and data required in the operation process.
  • the user certification form 7 is distributed to each certification form issuing office 6 with the correct card certification information written in the PROM 78, which can guarantee that the certification registration authority 1 is a proper card used for the certification system. Therefore, the certificate voucher office 6 only needs to write a part of the user's biological characteristic data into the EEPROM 79 based on the instruction from the accredited registration authority 1. for, the authentication ticket issuing apparatus may be configured not provided with a function of rewriting PR OM7 8 c
  • the memory allocation of the authentication ticket in the present embodiment is not limited to the above, and for example, the biological characteristic data for performing the personal authentication may be recorded in the PROM 78 or the RAM 76.
  • the user registration place 5 receives a registration application from the user 8 who wants to receive the service of the authentication use place 4 in the jurisdiction area (S11). At this time, the user registry 5 listens to information used for the qualification examination of the user 8 as necessary, and acquires information representing the biological characteristics of the user 8 (S12).
  • the biological characteristics used here are specific to the individual user, and others impersonate the user by imitation or disguise. Those having properties that can be detected even if they are tried are selected.
  • identification is performed using handwriting.
  • the figure to be entered may be arbitrary, but it is inconvenient for authentication to be different every time the user 8 enters, so it is usually necessary to input a sign representing the user's name in order to guarantee reproducibility. I like it.
  • the use of multiple biological features improves the security of authentication, so a voiceprint can also be obtained using the microphone phone 42 in an auxiliary manner.
  • the applicant's credentials and biological characteristic data collected at the user registry 5 are transmitted to the accredited registry 1 (S13).
  • the Certification Authority 1 conducts qualification screening based on the information received from the user registration office 5, and permits the successful applicants to issue a certificate (S14):
  • the qualification conditions are based on the target for using the certification. Since it will be decided, it may be possible to conduct the screening at the end certificate authority 3 that actually accepts the user.
  • the accredited registration authority 1 divides the biological characteristic data of the registered user 8 hierarchically according to a predetermined ratio, determines the user authentication form 7 and the parts to be distributed to the certification authorities 2 and 3 in each stage, and Distribute (S15).
  • the biological characteristic data distributed to each location by the accredited registration authority 1 is accessed based on the authentication accuracy required by the authentication site 4, and if the lowest reliability is sufficient, the authentication site 4 Authenticator 4 Enables authentication only with the result compared with 1, and when medium reliability is required, user authentication is performed by taking into account the information stored in the terminal certificate authority 3, and the highest level of assurance is required. In such a case, all biological characteristic data stored in a distributed manner should be integrated and determined.
  • the biological characteristic data is first checked at the authentication use place 4 for authenticity, and only when the authentication is successful, the authentication of the higher-level organization can be requested.
  • a higher-level certification organization performs authentication using information of a part not included in the user authentication slip. Therefore, information that can be determined to be a genuine user with a certain degree of accuracy by comparison with biological characteristic data input by the user 8 must be allocated to the user authentication slip 7 at a minimum.
  • the ratio of the biological characteristic data held in the user authentication slip 7 be as large as possible so that the information to be transmitted to a higher-level institution when a higher assurance is requested is not excessive.
  • the method of dividing information may be a method of physically dividing the digitized data at a predetermined ratio, but also information on the shape that has been drawn like a handwriting and information on the penalty in the middle of drawing Alternatively, the information may be divided as step-by-step information such as information on the stroke order. For example, any of the biological characteristics can be appropriately divided and used, such as dividing a voiceprint into frequency bands or dividing a fingerprint for each finger and recording and using each.
  • the Certification Authority 1 records and saves the certificate and information about the user in a large-capacity storage means 11 that can be separated from the device, such as a magnetic tape, CD-ROM, magneto-optical disk, DVD, or removable hard disk. (S16) When a request is received from a subordinate organization, the attendant attaches to the playback device to refer to the registered information.
  • the certification / registration authority 1 uses the removable recording device 11 to keep the information recording medium 11 separated from the external communication network when not needed, so that external invasion and tampering can be prevented.
  • the individual's biological characteristic data distributed to the certificate authorities 2 and 3 are stored in the storage devices 21 and 31 attached to each, and are read out and used as needed.
  • the certificate issuance office 6 records the biological characteristics data of the registration applicant distributed from the accredited registration authority 1 in the user certificate 7 in which the card authentication code determined for each certificate is recorded.
  • one terminal certificate authority (CA) 3 may include a plurality of user registration points (RG) 5 and a certificate ticket issuing point (IS) 6.
  • certificate voucher 6 that receives the issued user certificate 7 is the same as user registry 5. It is preferable to be installed at a location for the convenience of the user 8. It is also possible to set a condition that a trusted person is present for the assignment of the user 8: However, it is necessary to use any mechanism to completely eliminate the case of impersonating another person from the beginning. Is also difficult.
  • the accredited registration authority (PRA) 1 may have a user registration office (R G) 5 and a certification ticket issuing office (IS) 6.
  • an issuer having a portable terminal having the functions of a user registration office (RG) 5 and an authentication ticket issue office (IS) 6 to perform a registration and issuance procedure at an arbitrary location.
  • the use of such portable terminals must be approved only by those who have obtained a formal qualification from the accredited registration authority (PRA). Is configured.
  • the authentication use place 4 inserts the authentication form 7 into the card slot (input / output device) 410 of the authentication device 41. And read the information for authentication.
  • the information for authentication includes information for confirming the authenticity of the card and biological characteristic data for user authentication.
  • the authentication use place 4 first authenticates the card (S21).
  • the authentication of the card is to confirm that the user authentication slip 7 is genuine and applicable to the user authentication system used by the authentication use place 4 and who is a valid holder. Use an unsupported certificate If it is used, it will not accept transactions from the beginning.
  • the program in the user authentication slip 7 verifies whether the authentication device 41 corresponds to its own authentication slip. Then, it may be possible to provide a mechanism for rejecting the disclosure of the stored contents if the authentication device is correct.
  • the biological characteristic data input from the tablet 4003 is compared with, for example, 60% of the biological characteristic data recorded in the user authentication ticket 7, and the oral user 8 It is determined whether or not the person is a genuine holder (S23).
  • the result of the authentication is displayed on the display device 404 (S24).
  • the procedure differs depending on whether the user authentication at the authentication use center 4 is successful or not (S25).
  • the authentication site 4 rejects the transaction (S33).
  • the user authentication is passed, it is checked whether or not a higher-level certification organization should be requested for online authentication (S26). If you do not require online authentication, you may accept the offer to trade immediately (S32) c
  • the presence / absence of online authentication request and the degree of request for depth can be manually set by the operator or user 8 from the authentication level designation device 402 for each transaction, but automatically based on the nature of the transaction and the amount of the transaction amount. May be set to c
  • the information of the user authentication slip 7 and the personal identification information acquired by the personal identification input device 400 together with the request for the authentication level are sent to the terminal certification authority 3 (S27).
  • the personal identification information to be sent may be, for example, 40% of the portion excluding the portion used at the authentication site 4, so the amount of information exchanged between the authentication site 4 and the terminal certificate authority 3 can be reduced. it can.
  • the necessity of online certification depends on the required level of security for certification according to the nature of the transaction. More secure authentication is required for transactions of highly cashable or high-priced products and disclosure of personal confidential information, so user authentication of higher-level institutions is required.
  • the nature of the certification center 4 may determine the depth of online certification: In some cases, such as hospital counters, advanced authentication is required to protect privacy and ensure correct treatment. Many. Note that it is preferable to request user authentication from a higher-level certificate authority in order to ensure that the data is the identity of the individual in home medical care using a communication line.
  • the terminal certification authority 3 checks the personal identification information unique to the user 8 recorded in the storage device 31 (S28), and forwards the authentication result to the authentication use place 4 (S29).
  • the terminal certificate authority 3 Since only 30% of the personal identification information of the user is recorded in the terminal certificate authority 3, if the user authentication alone is not sufficient, the upper intermediate certificate authority 2 is requested for user authentication. Since the intermediate certification authority 2 records 10% of biological characteristic data for each user, the portion of the personal identification information obtained at the certification center 4 used by the intermediate certification authority 2 is 10%. Therefore, the amount of information to be sent from the terminal certification authority 3 to the intermediate certification authority 2 is further reduced.
  • the result of user authentication performed by the intermediate certificate authority 2 is returned to the authentication use center 4 via the terminal certificate authority 3.
  • the results of user authentication at various places are integrated at the authentication use place 4 and displayed on the authentication display device 404 of the user authentication device 41. If the user authentication is successful, the transaction is accepted (S32); if the user authentication is not successful, the transaction is rejected (S33):
  • the accredited registration authority 1 Since the accredited registration authority 1 stores records that are difficult to intrude or falsify from the outside, by comparing it with the input data at the authentication use site 4, whether the abnormality is in the user authentication slip 7 It is clear whether the certificate is located at the end certificate authority 3 or the intermediate certificate authority 2.
  • the user authentication ticket 7 If there is any inconsistency between the contents of the user authentication ticket 7 and the information entered by the user 8, the user authentication ticket is used by an unauthorized user due to theft or discovery. It is possible that it has been rewritten.
  • the IC card used as the user authentication slip 7 can be provided with a certain arithmetic function by mounting a CPU 75 or a RAM 76, for example.
  • the biological information data is The data is converted into a form that can be easily processed by digital processing and sent to the user authentication slip 7.
  • the user authentication form 7 temporarily stores the input information data in the RAM 76, and reads out this information data and the biological information data of the valid user recorded in the EEPROM 79 by the CPU 75, and then reads both information. Compare and compare. As a result, if both persons are similar within the permissible range and the person who intends to use the service can be authenticated as the proper owner of the user authentication ticket 7, the user is notified to the certification use place 4 If you do not pass the certification, you will be notified of the rejection.
  • the authentication user center 4 provides the user 8 with the desired service. If more careful user authentication is required, the terminal certificate authority 3 and the intermediate certificate authority 2 are queried, and the judgment is made according to the result. It goes without saying that the certification use center 4 may also serve as the terminal certification authority 3.
  • the ratio of distributing biological information data to various places is arbitrary, but as shown in the first embodiment, the larger the ratio used for lower-level authentication is, the lighter the burden on communication is, which is advantageous for system operation. It is preferable that the ratio in the user authentication slip 7 be 60% or more.
  • the use of the user authentication form 7 composed of a high-performance IC card can reduce the computational burden of the user authentication device 41 and reduce the cost of the device.
  • the cost required to adjust the functionality of the Barriers to participating in the system are lower and more accessible.
  • the third embodiment of the user authentication form used in the user authentication system of the present invention is an authentication IC card using an IC card as shown in FIG.
  • the information stored in the IC card is provided for use.
  • Authentication IC card This authentication information may be stored at 100% so that a higher-order certificate authority is not used.
  • the authentication IC card of the embodiment has a CPU 101 for executing information processing, a ROM 102 for storing information processing programs, a RAM I 03 for storing arithmetic data, and data for which information can be written and read. It comprises a storage device 104, an interface 105 for an abbreviated program, a connection circuit 106 for external connection, and an external connection terminal 107.
  • the files in the data storage device 104 include an authentication file 110 storing authentication data and an application file 120 storing information to be exchanged with the outside. .
  • the external connection terminal 107 is used for signal transmission and power supply, but may be a non-contact type electrode or antenna. In addition, both contact type and non-contact type connection terminals may be provided to support various card reading devices.
  • the applet interface 105 is used when a small program (abbreviated) is received from the outside and the CPU is operated according to the program, and a function for recognizing that the received applet is harmless to the authentication IC card. It is an interface provided with.
  • the authentication IC card may be configured not to accept the applet, and such an authentication IC card does not require the use of the interface interface 105.
  • the authentication file 110 stores personal identification information for authenticating the authentic owner of the authentication IC card in addition to data for ensuring that the authentication IC card is authentic. Certifications can be simple to those that can provide a high level of assurance A plurality of items are recorded following steps i, ⁇ , m,.
  • the personal identification information is preferably something that only the person knows, such as a password, a fingerprint, a voiceprint, a face photograph, and a signature, and that cannot be reproduced by anyone other than the person.
  • the application files 120 are classified according to a first classification regarding the type of information to be stored and a second classification regarding authentication. That is, the first category a, b, c,... Is a category that is usually used to distinguish service institutions that use authentication, such as information for housing management, medical information, financial information, and communication information.
  • the second category ⁇ , ⁇ .... Is a category according to the required degree of authentication. Access from simple authentication is accepted, but access is only made after passing advanced authentication such as confirmation by fingerprint. Are classified according to the certification depth up to those that recognize
  • the information provided by the building management company is stored in Class 1 b
  • the encryption code for admission to the residential building is in Class 2 I file
  • the closet opening code is Class 2 ⁇ .
  • the file and the code for opening the door of your room are recorded in the file of Class 2 m.
  • a card reader is installed at the entrance of the residential building, and when the resident reads the authentication IC force into the reader, the card and the reader check each other: if they pass the two authenticity, The door opens and you can enter the residential building. Since each room in the residential building has strict doors, entry to the residential building is permitted with simple authentication simply by confirming that the authentication IC card is authentic.
  • FIG. 9 is a block diagram illustrating a typical example of the use of the authentication IC card, which is used for managing a house.
  • the door 30 of each room is provided with a door opening / closing control device 131, so that the door 130 cannot be normally opened by hand.
  • An authentication control device 1 3 2 is connected to the door opening and closing control device 1 3 1 so that the door can be opened and closed according to the control signal generated from this.
  • Will be A personal identification information input device 133 and a card reader 134 are connected to the authentication control device 132.
  • the authentication controller 1332 sends the reader ID to the authentication IC card 135 and Inquire about the ID of the authentication IC (S42).
  • the authentication IC card 135 checks the reader ID against the information in the authentication file, and when it is confirmed that its own card is good (S43), it is recorded in the authentication file.
  • the ID of the card being read is returned to the card reader 134 (S44). All of these exchanges take place via the CPU and the card reader 134 cannot directly access the storage of the authenticated IC card:
  • the authentication control device 132 determines whether the ID of the authentication IC card is genuine or not (S45), and if not, ejects the card and rejects it (S50). If it conforms, it prompts for the input of a personal ID, for example, a fingerprint determined based on the authentication level, and reads the information input by the user from the personal ID input device 133 (S46). Create personal identification information by extracting the input information (S47) Determine whether the personal identification information is authentic or not on the IC side or on the door opening / closing controller (S48) If the authentication is to be performed using the authentication IC card 135, the personal identification information is transmitted to the authentication IC card 135, and a door-opening code for opening the door is requested (S49).
  • a personal ID for example, a fingerprint determined based on the authentication level
  • the authentication IC card 135 compares the received personal identification information with the personal identification information stored in the authentication file (S50), and if both match, it is determined that a predetermined application file (for example, bm file) is sent to the authentication control device 132 via the card reader 134 (S51).
  • a predetermined application file for example, bm file
  • the door opening / closing control device confirms whether or not the personal identification information is authentic, the personal identification information recorded is requested to the authentication IC card 135 (S52), and the authentication IC force 1 35 responded (S 53). The personal identification information was checked against the previously acquired card user's personal identification information (S 54). An open-door encryption is requested (S55). The authentication IC card 135 sends the door-opening code recorded in the predetermined abridgement file to the authentication control device 132 when requested (S51).
  • a door-opening instruction signal is given to the door opening / closing control device 131 (S57) and the door 130 is unlocked (S5). 8), Authentication IC card holders can enter the room (S59),
  • personal identification information can be divided and distributed to the authentication IC card 135 and the authentication control device 132 in order to reduce the use area of the data storage device 104 of the authentication IC card 135. .
  • the door is opened by comparing the personal identification information input from the personal identification input device with the personal identification information divided and stored in the authentication IC card 135 and the authentication control unit 132. Issue a cipher.
  • Dividing personal identification information into the authentication IC card 13 5 and the authentication control device 13 2 in this way not only saves memory space, but also temporarily stolen personal identification information from the authentication IC card authentication file. Even if this is not the case, it is not possible to perform matching, which has an effect on security.
  • three levels are used as personal identification information stored in the authentication file, but the number of levels may be set to any number.
  • Personal identification information can be as simple as proving authenticity based solely on the ID number entered by the card issuer, from a password determined by the card owner, the owner's fingerprint, iris, Biometric information such as a face photograph, dynamic information such as a signature entered by the owner, and more sophisticated combined information combining these can be used.
  • biological information can be obtained by copying force information, which is difficult to imitate with the biological possession of the genuine holder's body.
  • dynamic information that accompanies the user's actions in the field is used, it becomes difficult to disguise the information, and authentication with higher reliability can be performed.
  • the personal identification information input device includes a graphic input device when requesting sign input, a keyboard when using a personal identification number, a fingerprint acquisition device when using a fingerprint, and a camera that images the pupil when using an iris.
  • a device for acquiring such information such as a judgment device, must be prepared according to the personal identification information to be used.
  • the holder when accessing personal information recorded on an IC card, or at a hospital it may be preferable for the holder to specify the depth of authentication, such as when disclosing telemetry. For example, if you want to change the authentication depth between obtaining a certificate of residence and obtaining a tax payment certificate, specify the authentication depth of the abbreviated file that stores the encryption number used when requesting each certificate. Can be changed:
  • one authentication IC card can be used as a membership card or employee ID card, or as a personal identification card at an administrative counter, a commuter pass for transportation, a hybrid card, a credit card, a telephone card, a shopping card, or a credit balance. It can also be used as electronic money that can be rewritten.
  • Temporary use is also possible, such as storing the code that opens and closes the room door at the time of check-in at a hotel or the like in a file of the authentication IC force and deleting it at the time of check-out.
  • a fourth embodiment of the user authentication form used in the user authentication system of the present invention is the first embodiment.
  • the feature is that the certification IC of the guarantor and witness is added to the certification IC card as shown in Fig. 1.
  • the authentication IC card of the present embodiment like the authentication IC card of the third embodiment, stores a CPU 201 for executing arithmetic processing, a ROM 202 containing an arithmetic processing program, and data being processed.
  • RAM 203 a data storage device 204 that can write and read data, an interface 205 for an ablet program, a connection circuit 206 for external connection, and an external connection terminal 207 is provided.
  • the files in the data storage device 204 include an authentication file 210 storing authentication data, and an application file 220 storing job programs for executing a specific job and various data.
  • the authentication file 210 stores data for ensuring that the authentication IC card is genuine and personal identification information of the genuine owner.
  • the authentication information is not limited to one type, and many types can be stored and used alone or in combination.
  • the authentication file 210 contains a first personal identification file 211 storing personal identification information of the genuine owner authenticated by the authentication IC, and a second personal identification file such as a guarantor, a witness, or an issuer.
  • a second personal identification file 221 for storing personal identification information about the person and authentication information about the subject is included.
  • the witnesses such as the second person and the subject may be two or more persons and the subject as required in the system.
  • the application file 222 stores a first work file 221 storing a part for handling information on the authenticity of the authentication IC, and a part for executing based on the authentication result. Includes second working file 222.
  • the second work file 222 stores information required for each service organization that uses authentication, categorized according to the required degree of authentication.
  • an encryption key and an electronic certificate can be stored.
  • programs such as a job for issuing an unlock instruction may be stored.
  • the first work file 221 includes a job for writing personal identification information, a job for reading / writing / rewriting personal identification information, or a job for reading / erasing logs, etc. Stores related jobs and information.
  • Jobs and information stored in the first work file 22 1 need only be authenticated by the owner based on the required level of confidentiality, and only the second person needs to be authenticated. It is possible to separate both people into those that have to be authenticated:
  • FIG. 12 illustrates a procedure for issuing an authentication IC card.
  • the card issuer performs a credit check on the person to be certified on the certification card (S112), passes the examination, and the person to be certified If it can be determined that the person who can use the certification power is valid, the person who can guarantee the person to be certified or the person whom the person to be certified trusts is designated as a witness (S11)
  • the cardholder will be required to deal with the different credits required for the transaction when trading based on the card, and will be required to provide a PIN, unique sign, signature, fingerprint, voiceprint, iris, palm print, etc. Enter your personal identification information. Multiple personal identification information may be entered for the witness, but there are few cases where witness authentication is required, so there is no necessity to use multiple personal identification information.
  • the subject may be an organization or an organization. In this case, authentication may be performed using authentication information such as an electronic signature instead of biological information.
  • the certification IC force may be used to confirm various authorities in the company.
  • the person in charge of issuance such as the human resources department in charge of issuance, or the person in charge of issuance
  • You may be made to be authenticated as a card issuer or a witness.
  • the person in charge of the department holding the card may be authorized:
  • the entered personal identification information of the owner is stored in the first personal identification mail file 211 of the authentication IC card, and personal identification information and authentication information of the witnesses are stored in the second personal identification file 211.
  • an electronic certificate stating the reliability and basis of the authentication may be required, but such an electronic certificate issued by an authentication IC card is subject to various types of transactions.
  • the data is stored in the second work file 222 in the application file 220 together with the application data used for (S118).
  • the program for displaying and rewriting personal identification information recorded on the authentication IC card is stored in the first work file 221. You must satisfy the required certification.
  • the authentication IC card with the necessary information written is an appropriate test to confirm the completeness of the product, such as performing an appropriate operation when the person to be authenticated enters the appropriate personal identification information. (S1 19), and if it passes, it will be issued to the owner (S120). If it does not pass, for example, the authentication information writing step (S118) is re-executed to obtain a proper authentication IC card, and then the card is issued.
  • an encryption signal for authorizing the transaction is recorded on the authentication IC card possessed by the person who has been licensed for use. It can be used in a mechanism to confirm that the carrier of the IC card is a genuine holder when conducting a transaction and to permit the transaction c
  • the information that the trader should receive from the authentication IC card is a cryptographic signal that proves that the carrier of the authentication IC card is the genuine owner of the force and that the authentication IC card is eligible for use. Is recorded.
  • the authentication by the authentication IC card is that the reader is proper and that the carrier is the genuine holder.
  • This authentication IC card includes so-called entry qualifications for entering a building or a certain reference room, bank account, ownership of credit, family register, history, and credit balance when used as electronic money. By storing the attributes of the holder in the authentication IC card, the authentication of all transactions for which use has been granted can be integrated into one card.
  • Such an authentication IC card can be used for entry control of a house, etc., just like in the third embodiment, and a highly reliable authentication that is difficult for others to disguise can be performed.
  • the second authentication IC card uses various types of personal identification information in some cases. Therefore, even the genuine owner often forgets the personal identification information that he should use. In such a case, it would be inconvenient if the card could no longer be used, so it would be usual to be able to display the recorded personal identification information.
  • the owner's personal information can be changed at the necessity of the owner, such as when it is likely to be stolen and leaked by others, or when it is changed regularly to enhance security. . Therefore, a person who can handle the authentication IC card in detail and can freely operate the device can extract the information stored in the authentication IC card with malicious intent to falsify the card or create a fake authentication IC card. It is not easy to prevent this from happening.
  • the authentication IC card of the present embodiment can require the witness authentication for a predetermined job, it is required to request the approval of the witness when accessing the authentication information of the authentication IC card. In other words, even those who are familiar with internal circumstances cannot steal personal information and use it, or rewrite personal information.
  • FIG. 13 is a flowchart showing a procedure required when a genuine person to be authenticated confirms his / her personal identification information
  • the person to be authenticated on the card inputs one piece of personal identification information that he or she remembers, and it is sufficient that this matches one of the pieces of information stored in the authentication IC card.
  • this matches one of the pieces of information stored in the authentication IC card.
  • you forget your PIN you will disclose it by referring to your fingerprint, but if you want to know your signature, you will not be told even if the PIN matches, so you will not be required to display it. It may be displayed only when authentication is possible with advanced personal identification information.
  • FIG. 14 is a flowchart showing a procedure for rewriting personal identification information.
  • the recorded personal identification information is transferred to an external storage device (S146), and a log of the rewriting is recorded in the authentication IC card (S146). ). Furthermore, the personal identification information that is no longer needed is deleted (S148), the owner inputs the personal identification information (S149), and the new personal identification information is stored in the authentication IC card (S1408). 5 0).
  • the function of the authentication IC card is tested (S 15 1), and if it passes, it is issued to the owner (S 15 2). If the certification IC card is defective, rewrite the personal identification information again and pay if the test passes.
  • the authentication IC card according to the present embodiment can require the approval of a witness or the like to read or rewrite the personal identification information, so that the authentication IC card obtained by theft or detection can be stolen. It cannot be used by anyone who can handle the issuing device, reading device, rewriting device, etc. of an authentication IC card without the approval of a witness. Safety is extremely high.
  • the user authentication system and the authentication IC card of the present invention can be applied to a lock control system:
  • the first embodiment of the lock management system of the present invention is used for safe deposit box management, and can provide high security by performing personal authentication using authentication data registered in an IC card. .
  • the key card issuing office 301 issues a predetermined IC card as a key card 302 to a person who wants to use a safe, and the key box 300 3 issues a key card. It reads the authentication data of 302 and the user's own authentication data and unlocks the safe designated by the keypad 302 when the authentication is passed.
  • the key card issuing office 301 has a host computer 311, a data input / output device 312 consisting of a display and keyboard, a personal identification data input device 313, and a key IC card issuing key.
  • a host computer 311 a data input / output device 312 consisting of a display and keyboard, a personal identification data input device 313, and a key IC card issuing key.
  • a data input / output device 312 consisting of a display and keyboard
  • a personal identification data input device 313 a personal identification data input device 313, and a key IC card issuing key.
  • a key IC card issuing key is provided.
  • the host computer 311 is equipped with key card issuing software, key management software, and authentication data registration software as software.
  • Key management software manages the status of safes, decides which safes to use for key cards, manages the security level of locks, specifies the type of authentication information, and manages the issuance and return status of keypads. Confirm the contents of the returned key card;
  • the data input / output device 312 is composed of a display, a keyboard, a printer and the like normally required in a computer system.
  • the personal identification data input device 3 13 is a personal user such as a fingerprint reader that extracts and classifies a fingerprint pattern when a finger is pressed, a voiceprint acquisition device consisting of a microphone and a voiceprint analyzer, and a tablet that writes a sign. Is a device for inputting information that can be identified. In a simple case, a keyboard for inputting character string encryption may be used.
  • the reader / writer 314 for issuing a key card is composed of an IC card reader / writer command and an IC card reader / writer command.
  • the card issuing office 301 specifies the safe to be lent, and the authentication ID that authorizes the use of the safe and the personal authentication data of the user obtained with the personal identification data input device 3 13 It is stored in a memory area managed by the CPU in the PC, issued as a key card 302, and lent to users.
  • Keypad 302 is an IC card with CPU and built-in memory.
  • the safety box 303 is provided with an unlocking device 331 equipped with an IC card reader / writer and a personal identification data input device, and a plurality of locker-type safes 332.
  • the unlocking device 331 has a safe control interface and is equipped with authentication data collation software:
  • the safe 332 has an electric controller and can be locked and unlocked remotely. If a sensor that detects abnormalities and a reporting device that generates an alarm when abnormalities are provided, safety can be ensured even when unmanned.
  • the user of the cashier stores the object in the designated safe 332 of the safe deposit boxes 303 and locks it. Once locked, the personal identification data entered by the user on the spot and the authentication data read from the key card 302 presented by the user match within the range permitted by the verification logic Only when the safe is unlocked via the unlocking device 3 3 1.
  • the same lock management system can be used for storage devices accessed by multiple people, such as centralized safety boxes and lockers, or key boxes in building management.
  • the second embodiment of the pre-failure management system according to the present invention is used for managing a vault.
  • the identity is verified by collation with an IC card and a handwritten signature, and important items, medicines, moldings, Safe storage of poisons, etc., authorized persons take out only authorized substances.Also, sensors are detected and reported when unauthorized persons access the system, and the system is safe from external attacks.
  • FIG. 16 is a block diagram of a lock control system applied to a storage.
  • the storage room 3 05 is divided into a plurality of storage rooms 3 51, 3 5 2. 3 5 3, and a plurality of small rooms or storage shelves 3 5 4, 3 5 5, 3 in the storage room 3 5 1. There are five and six.
  • Each of the multiple storage rooms and the small room has a different security level, and the storage room and the small room can be selected and used according to the confidentiality of the articles to be stored.
  • a company owns a storage room 305
  • the first storage room 351 is a room for storing highly confidential documents that only some people can handle inside the company. And only allow certain people to enter and leave.
  • first small room 354 documents requiring the highest confidentiality are stored in the first small room 354 in the first storage room 351, and among those who are allowed to enter and leave the first storage room 351, Only one authorized to enter one small room 3 5 4 is allowed access.
  • the second small room 355 is a room for storing personnel-related materials, and only the person in charge of HR can access it.
  • the third small room 356 is a room for storing accounting documents, Ensure that only personnel can enter and exit.
  • the second storage room 352 is a room for storing development-related materials, and it is necessary to prevent the stored information from leaking outside, so that only the person in charge of the department can enter and leave.
  • the third storage room 353 is a room for storing documents of low importance. Any employee can enter and leave, but records of entry and exit are recorded.
  • independent storage such as safety box 357 is managed by the same system. Can be managed.
  • qualifications are determined for each storage room and each small room, and a key card created with an IC card for employees who match the qualifications. To be paid. Only employees who are qualified by personal authentication based on the key card 302 can unlock the approved room.
  • information for designating a lock to be permitted to access and personal authentication data obtained by the personal identification data input device and subjected to predetermined information processing are managed by the CPU in the IC card. Stored in the memory area.
  • a storage unit 304 has a control unit 341, which can exchange information with an IC reader / writer 3432 that reads the key card 302 and a tablet 3443 as a personal identification data input device, and A lock management device 304 provided with an interface 344 for controlling locks in each storage section is provided.
  • the doors of storage rooms 351, 3552, 3553, small rooms 3554, 3555, 3556, and safety box 3557 are equipped with electric locks that can be operated remotely.
  • the lock control device 304 controls locking and unlocking.
  • Each door is provided with an abnormality detection sensor 358, which detects that there is access to the room and transmits a signal to the lock control device 304.
  • the user inserts the key card 302 into the card reader / writer 342 and inputs the code determined at the time of registration into the tablet 343.
  • the control unit 341 confirms that the key card 302 is a genuine IC card, and records which lock corresponds to the record provided via the CPU of the key card 302. Check from the contents.
  • personal identification information such as a signature input from the tablet 343 is collated with personal authentication data provided from the key card 302 to determine whether or not they are the same.
  • the authentication data collation software confirms that both match, it determines that the lock specified by the key card 302 is a person who has access right and unlocks the specified lock.
  • the sensor is activated and an alarm is generated. In the event of unauthorized access, the lock is automatically locked so that unauthorized users can be kept indoors.
  • the required authentication depth can be determined in advance according to the security level of the target room. Simply presenting the key card 302 may be a level that permits access, and it may be required that the code, shape, stroke order, and writing pressure entered in advance match., _ Higher standards that require complex assurance, such as signatures, u'll.
  • a plurality of different personal identification data input means can be provided on the storage side 305 side, and can be selectively used depending on a required authentication level.
  • authentication information corresponding to a high security level requires time and effort to input personal identification data, so locks that require only a low level of security can use a simpler authentication method and prioritize user convenience.
  • this management system allows the individual who accesses the lock to be clearly understood, it is possible to automatically record when and who accessed which storage room (or storage shelf).
  • the system When a power outage occurs or the power cable is disconnected, the system is confidentially locked. It is preferable to provide a mechanism to alert the management room when an abnormality occurs in the storage, including vandalism. It is preferable to provide an authentication level for the administrator who can release the lock in an emergency.
  • the personal identification information directly input by the user at the authentication use place is compared with the biological feature data in the authentication slip, and a more advanced When assurance is required, a part of personal identification information is transmitted to a higher-level certificate authority to perform user authentication, so most of the information processing is performed at the authentication use place, and the communication circuit is not heavily loaded; User authentication corresponding to the required security level can be obtained. Also, by dividing personal identification information, it is possible to construct a user authentication system that is extremely resistant to invasion.
  • the authentication IC card of the present invention accesses information through the CPU, the access right of the file is arbitrarily set, and unauthorized access is eliminated by utilizing personal identification information. Privacy can be reliably protected, and highly secure transactions are possible for service providers, etc .: Also, the number of cards to carry can be reduced even when using a large number of services.
  • the authentication IC card of the present invention can require the approval of a second person at the time of issuance or the like, the danger of plagiarism or the like is extremely small and the security is high:
  • the lock management system of the present invention can secure a high degree of security of the stored items because the authorized person is correctly authenticated, and can construct a storage management system or a safe deposit box management system with higher security than before. it can.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Social Psychology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Human Computer Interaction (AREA)
  • Collating Specific Patterns (AREA)

Abstract

Le système de la présente invention nécessite au préalable l'acquisition de données se rapportant à des caractéristiques biologiques permettant d'identifier l'utilisateur (8) telles que son écriture manuscrite ou son spectre vocal. On établit ensuite un coupon d'authentification de l'utilisateur, coupon sur lequel est enregistrée une partie au moins des données se rapportant à ses caractéristiques biologiques. Une comparaison entre d'une part les contenus enregistrés sur le coupon d'authentification de l'utilisateur (7) tels qu'ils sont lus par un lecteur de coupons d'authentification (41), et d'autre part les données de caractéristiques biologiques de l'utilisateur fournies en entrée à un appareil d'acquisition d'authentification, permet à une centrale d'authentification (4) d'authentifier directement l'utilisateur. Des postes d'authentification (2, 3) ont pour fonction d'enregistrer une partie des caractéristiques biologiques de l'utilisateur. En réaction à une demande ce la centrale d'authentification (4), le système effectue une authentification supplémentaire venant augmenter la fiabilité de l'authentification. Ce système utilise une carte d'authentification à circuit intégré, une unité centrale, un fichier d'authentification contenant les informations d'authentification, et des fichiers d'application triés en fonction de la profondeur de l'authentification.
PCT/JP1999/002599 1998-05-21 1999-05-19 Systeme de carte d'authentification WO1999060485A1 (fr)

Priority Applications (7)

Application Number Priority Date Filing Date Title
EA200000145A EA002175B1 (ru) 1998-05-21 1999-05-19 Система опознавательных карточек
IL13410299A IL134102A0 (en) 1998-05-21 1999-05-19 Authentication card system
AU38489/99A AU3848999A (en) 1998-05-21 1999-05-19 Authentication card system
EP99921166A EP1085424B1 (fr) 1998-05-21 1999-05-19 Systeme de carte d'authentification avec une instance de certification distante
DE69938500T DE69938500T2 (de) 1998-05-21 1999-05-19 Authentifizierungskartensystem mit einer entfernten zertifizierungsinstanz
US09/445,060 US6990588B1 (en) 1998-05-21 1999-05-19 Authentication card system
HK01102627A HK1031936A1 (en) 1998-05-21 2001-04-12 System and apparatus for user authentication

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
JP10139563A JP3112076B2 (ja) 1998-05-21 1998-05-21 ユーザ認証システム
JP10/139563 1998-05-21
JP10299181A JP2000132658A (ja) 1998-10-21 1998-10-21 認証icカード
JP10323129A JP2000145219A (ja) 1998-11-13 1998-11-13 錠前管理システム
JP36175298A JP3090265B2 (ja) 1998-12-21 1998-12-21 認証icカード

Publications (1)

Publication Number Publication Date
WO1999060485A1 true WO1999060485A1 (fr) 1999-11-25

Family

ID=27472235

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP1999/002599 WO1999060485A1 (fr) 1998-05-21 1999-05-19 Systeme de carte d'authentification

Country Status (2)

Country Link
AU (1) AU3848999A (fr)
WO (1) WO1999060485A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002197065A (ja) * 2000-12-27 2002-07-12 Asahi Business Assist:Kk 本人認証における盗難・監禁等の非常状態通報システム
EP1223560A3 (fr) * 2001-01-12 2004-12-29 Nippon Telegraph and Telephone Corporation Jeton d'authentification et système d'autentification
WO2006035421A2 (fr) * 2004-09-28 2006-04-06 Fibiotech-Advanced Technologies Ltd. Systeme financier electronique ameliore
JP2007234054A (ja) * 2007-05-14 2007-09-13 Fujitsu Ltd 登録装置
CN100580680C (zh) * 2003-06-09 2010-01-13 汤放鸣 一种用于计算机信息系统身份验证的口令验证系统和方法

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS5755468A (en) * 1980-09-19 1982-04-02 Hitachi Ltd Individual discrimination system
JPS61183586A (ja) * 1985-02-07 1986-08-16 三菱電機株式会社 通行制御装置
JPS62295194A (ja) * 1987-05-29 1987-12-22 Toshiba Corp 情報処理装置
JPS6332075A (ja) * 1986-07-25 1988-02-10 三菱電機株式会社 通行制御システム
JPH01224888A (ja) * 1988-03-04 1989-09-07 Nec Corp サイン確認ターミナル
JPH0728755A (ja) * 1993-07-08 1995-01-31 Toshiba Corp 個人認証装置
JPH0764911A (ja) * 1993-08-31 1995-03-10 Sharp Corp 個人認証システム
JPH0830745A (ja) * 1994-07-20 1996-02-02 Nippon Telegr & Teleph Corp <Ntt> 個人識別機能付きカード、個人識別機能付きカードの処理システムおよび個人識別機能付きカードの処理方法

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS5755468A (en) * 1980-09-19 1982-04-02 Hitachi Ltd Individual discrimination system
JPS61183586A (ja) * 1985-02-07 1986-08-16 三菱電機株式会社 通行制御装置
JPS6332075A (ja) * 1986-07-25 1988-02-10 三菱電機株式会社 通行制御システム
JPS62295194A (ja) * 1987-05-29 1987-12-22 Toshiba Corp 情報処理装置
JPH01224888A (ja) * 1988-03-04 1989-09-07 Nec Corp サイン確認ターミナル
JPH0728755A (ja) * 1993-07-08 1995-01-31 Toshiba Corp 個人認証装置
JPH0764911A (ja) * 1993-08-31 1995-03-10 Sharp Corp 個人認証システム
JPH0830745A (ja) * 1994-07-20 1996-02-02 Nippon Telegr & Teleph Corp <Ntt> 個人識別機能付きカード、個人識別機能付きカードの処理システムおよび個人識別機能付きカードの処理方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1085424A4 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002197065A (ja) * 2000-12-27 2002-07-12 Asahi Business Assist:Kk 本人認証における盗難・監禁等の非常状態通報システム
EP1223560A3 (fr) * 2001-01-12 2004-12-29 Nippon Telegraph and Telephone Corporation Jeton d'authentification et système d'autentification
CN100580680C (zh) * 2003-06-09 2010-01-13 汤放鸣 一种用于计算机信息系统身份验证的口令验证系统和方法
WO2006035421A2 (fr) * 2004-09-28 2006-04-06 Fibiotech-Advanced Technologies Ltd. Systeme financier electronique ameliore
WO2006035421A3 (fr) * 2004-09-28 2006-12-14 Fibiotech Advanced Technologie Systeme financier electronique ameliore
JP2007234054A (ja) * 2007-05-14 2007-09-13 Fujitsu Ltd 登録装置

Also Published As

Publication number Publication date
AU3848999A (en) 1999-12-06

Similar Documents

Publication Publication Date Title
US6990588B1 (en) Authentication card system
US6581042B2 (en) Tokenless biometric electronic check transactions
US4993068A (en) Unforgeable personal identification system
US6985887B1 (en) Apparatus and method for authenticated multi-user personal information database
US7278026B2 (en) Method and system for the generation, management, and use of a unique personal identification token for in person and electronic identification and authentication
US20060212407A1 (en) User authentication and secure transaction system
US20040158723A1 (en) Methods for providing high-integrity enrollments into biometric authentication databases
US20090018934A1 (en) System and Method for defense ID theft attack security service system in marketing environment
MXPA01007717A (es) Transacciones electronicas biometricas de debito y credito, sin articulo fisico.
AU2009200408A1 (en) Password generator
US8571996B2 (en) Apparatus and method for secured commercial transactions
JP2000132658A (ja) 認証icカード
US20140244510A1 (en) Privacy protection system and method
WO1999060485A1 (fr) Systeme de carte d&#39;authentification
KR19990078671A (ko) 지문증명식 금융거래시스탬
JP3090265B2 (ja) 認証icカード
US20180121924A9 (en) Apparatus and method for secured commercial transactions
US20160048839A1 (en) System and method for exclusion-based imposter screening
Oye et al. Fraud Detection and Control System in Bank Using Finger Print Simulation
JP2002041813A (ja) 個人認証システム
Prabhakar et al. Biometrics in the commercial sector
JP2006099313A (ja) 取引システム
Alliance Using smart cards for secure physical access
JP2000298756A (ja) セキュリティ連動認証方法
Way et al. Criteria for Evaluating Authentication Systems

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 134102

Country of ref document: IL

Ref document number: 99800787.0

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 09445060

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 1999921166

Country of ref document: EP

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 200000145

Country of ref document: EA

WWP Wipo information: published in national office

Ref document number: 1999921166

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWG Wipo information: grant in national office

Ref document number: 1999921166

Country of ref document: EP