WO2007122726A1 - 認証サーバ装置及び端末装置及び認証システム及び認証方法 - Google Patents
認証サーバ装置及び端末装置及び認証システム及び認証方法 Download PDFInfo
- Publication number
- WO2007122726A1 WO2007122726A1 PCT/JP2006/308451 JP2006308451W WO2007122726A1 WO 2007122726 A1 WO2007122726 A1 WO 2007122726A1 JP 2006308451 W JP2006308451 W JP 2006308451W WO 2007122726 A1 WO2007122726 A1 WO 2007122726A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- authentication
- unit
- user
- biometric
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
Definitions
- Authentication server device terminal device, authentication system, and authentication method
- the present invention relates to an authentication server device, a terminal device, an authentication system, and an authentication method.
- the present invention particularly relates to an apparatus, a system, and a method for providing a location time certification information providing service.
- the present invention relates to a security (person authentication) apparatus, system, and method using biometric information.
- time information indicating time and proof information of time information that changes with time for example, weather data such as cloud images obtained from meteorological satellites
- time information indicating time and proof information of time information that changes with time for example, weather data such as cloud images obtained from meteorological satellites
- CO CO-DATES registered trademark
- Biometric information is used because it is possible to perform authentication simply by measuring the target site with a client without having to learn a password or wearing an authentication device.
- Authentication devices have come to be used. These devices have a client server type system configuration. The client sends the measured biological information to the server side. The server performs authentication using the received biometric information and the registration data on the server, and returns the authentication result to the client.
- biometric information flows on the network, and measures to prevent leakage are required (for example, see Patent Document 2).
- measures to prevent an error in the authentication result for example, see Patent Document 3).
- Patent Document 1 JP 2001-297062 A
- Patent Document 2 JP-A-2005-130384
- Patent Document 3 Japanese Patent Laid-Open No. 2003-256376
- the location time certification information providing service described above proves the time and location.
- the conventional technology proved that a certain event (for example, an action by operating a mobile phone) force “when” and “where” occurred. “Who” caused that event. I did not.
- Biometric authentication information is unique to the user, and it is difficult to easily change it when leaked like a password. Careful attention must be paid to maintaining confidentiality.
- sending biometric information to the server each time authentication is performed increases the risk of this leakage.
- the biological information itself is prevented from being sent by using data obtained by converting the biological information.
- the converted biometric information is stolen, there is a problem that spoofing using the converted biometric information is possible within the registration data period.
- the criteria for authentication in biometric authentication is not perfect match but incomplete match. If the degree of coincidence is high, the person is authenticated, and if the degree of coincidence is low, the person is authenticated.
- An object of the present invention is, for example, to prove the identity of the subject who generated the event, taking into account the time and Z or position of the event.
- the present invention for example, reduces the possibility of authentication failure in biometric authentication, reduces processing time, reduces the risk of leakage of biometric information when sending biometric information to a server through a network, etc. With the goal.
- An authentication server device provides: A user-specific information input unit for inputting unique user-specific information that cannot be obtained by a user using an input device;
- a user authentication unit for authenticating the user by a processing device based on the user identification information input by the user identification information input unit;
- a time information input unit for inputting time information indicating time by the input device; and a time for inputting unique time specifying information that can be obtained only at the time indicated by the time information input by the time information input unit by the input device A specific information input unit;
- authentication result information indicating that the user has been authenticated
- time information input by the time information input unit time information input by the time specifying information input unit
- time specifying information input unit time information input by the time specifying information input unit
- an authentication information generation unit that generates authentication information by combining the specific information with the processing device.
- the authentication server device further includes:
- An information storage unit that stores the authentication result information, the time information, and the time specifying information synthesized by the authentication information generation unit in a storage device in association with the authentication information generated by the authentication information generation unit;
- An authentication information output unit for outputting the authentication information generated by the authentication information generation unit by an output device
- An authentication information input unit for inputting the authentication information output by the authentication information output unit by the input device
- An information search unit that extracts authentication result information, time information, and time specifying information corresponding to the authentication information input by the authentication information input unit from the storage device as search result information;
- a search result information output unit for outputting the search result information extracted by the information search unit by the output device.
- the authentication server device further includes:
- a user information storage unit for storing user information about the user in the storage device
- the authentication result information identifies user information stored in the user information storage unit. Separate identification information,
- the information retrieval unit extracts the identification information as authentication result information corresponding to the authentication information input by the authentication information input unit, and the user information identified by the extracted identification information and the authentication information input unit Time information corresponding to authentication information and time specifying information are extracted as the storage device power search result information.
- the user specifying information input unit includes a biometric information acquisition unit that acquires the biometric information of the user, a terminal authentication unit that authenticates the user based on the biometric information acquired by the biometric information acquisition unit, and the terminal authentication
- the user identification information is acquired and input from a terminal device having a biological information output unit that outputs the biological information acquired by the biological information acquisition unit as the user identification information. It is characterized by doing.
- the user specifying information input unit acquires the biological information from each terminal device of a plurality of terminal devices,
- the biological information is characterized in that at least one of accuracy and type differs for each terminal device.
- the authentication server device further includes:
- a format selection unit for selecting, by the processing device, a format of biometric information output by the biometric information output unit
- a format information output unit for outputting format information indicating the format selected by the format selection unit by the output device
- the biometric information output unit of the terminal device converts the biometric information acquired by the biometric information acquisition unit into a format indicated by the format information output by the format information output unit, and outputs the format.
- the user authentication unit converts the user identification information input by the user identification information input unit from the format selected by the format selection unit to the original format by the processing device, and based on the converted user identification information. !, Authenticating the user.
- the format selection unit is a biometric output from the biometric information output unit of the same terminal device.
- the format selection unit is characterized by selecting the format corresponding to the matrix rotated 90 degrees in the vector space from the previously selected format.
- the authentication server device further includes:
- a position information input unit for inputting position information indicating a position by the input device; and a position for inputting unique position specifying information obtained only by the position indicated by the position information input by the position information input unit by the input device.
- a specific information input unit wherein the authentication information generation unit is input by the authentication result information indicating that the user has been authenticated, the time information input by the time information input unit, and the time specific information input unit.
- the authentication information is generated by combining the time specifying information, the position information input by the position information input unit, and the position specifying information input by the position specifying information input unit.
- the authentication server device includes:
- a user-specific information input unit for inputting unique user-specific information that cannot be obtained by a user using an input device
- a user authentication unit for authenticating the user by a processing device based on the user identification information input by the user identification information input unit;
- a position information input unit for inputting position information indicating a position by the input device; and a position for inputting unique position specifying information obtained only by the position indicated by the position information input by the position information input unit by the input device.
- authentication result information indicating that the user has been authenticated
- position information input by the position information input unit When the user is authenticated by the user authentication unit, authentication result information indicating that the user has been authenticated, position information input by the position information input unit, and position input by the position specifying information input unit
- an authentication information generation unit that generates authentication information by combining the specific information with the processing device.
- a terminal device includes:
- a biometric information acquisition unit that acquires biometric information of the user with a biometric recognition device; a terminal authentication unit that authenticates the user with a processing device based on the biometric information acquired by the biometric information acquisition unit; Authentication having a user identification information input unit that inputs unique user identification information that cannot be obtained by the user, and a user authentication unit that authenticates the user based on the user identification information input by the user identification information input unit
- a biometric information output unit that outputs the biometric information acquired by the biometric information acquisition unit as the user identification information to the server device by the output device when the user is authenticated by the terminal authentication unit; It is characterized by having.
- the terminal device further includes:
- a biometric information storage unit that stores the normal biometric information of the user in a storage device; the biometric information acquisition unit acquires the biometric information of the user twice or more;
- the terminal authentication unit captures the biometric information acquired by the biometric information acquisition unit and the biometric information stored by the biometric information storage unit every time the biometric information of the user is acquired by the biometric information acquisition unit.
- the degree of matching is numerically entered by the processing device to generate authentication level information
- the biometric information output unit selects and outputs the biometric information acquired by the biometric information acquisition unit by the processing device based on the authentication degree information calculated by the terminal authentication unit.
- the biological information output unit thins out and outputs the biological information acquired by the biological information acquisition unit.
- the authentication server device further includes a format selection unit that selects a format of biometric information output by the biometric information output unit, and format information that outputs format information indicating the format selected by the format selection unit.
- An output unit wherein the biometric information output unit converts the biometric information acquired by the biometric information acquisition unit into a format indicated by the format information output by the format information output unit, and outputs the format. It is characterized by that.
- An authentication system includes:
- the authentication server device and the terminal device are provided.
- An authentication method according to the present invention includes:
- the user identification information input part of the authentication server device can only be obtained from the user! / Obtain and input the specific information from the terminal device,
- a user authentication unit of the authentication server device authenticates the user by a processing device of the authentication server device based on the user identification information input by the user identification information input unit;
- the time information input unit of the authentication server device acquires and inputs time information indicating the time, the terminal device power,
- the time specifying information input unit of the authentication server device inputs unique time specifying information that can be obtained only at the time indicated by the time information input by the time information input unit, and the authentication information generating unit of the authentication server device
- the authentication information is generated by combining the time specifying information with the processing device of the authentication server device.
- the authentication method further includes:
- the information storage unit of the authentication server device associates the authentication result information synthesized by the authentication information generation unit, the time information, and the time specifying information with the authentication information generated by the authentication information generation unit, and Store in the storage device of the device,
- An authentication information output unit of the authentication server device outputs the authentication information generated by the authentication information generation unit to the terminal device;
- the authentication information input unit of the authentication server device acquires and inputs the authentication information output by the authentication information output unit from the terminal device,
- the information search unit of the authentication server device uses the authentication result information, the time information, and the time specification information corresponding to the authentication information input by the authentication information input unit as the search result information from the storage device of the authentication server device. Extract and
- the search result information output unit of the authentication server device outputs the search result information extracted by the information search unit to the terminal device.
- the authentication method further includes:
- the user information storage unit of the authentication server device stores user information related to the user. Storing in a storage device of the authentication server device;
- the authentication result information is identification information for identifying user information stored by the user information storage unit
- the information search unit of the authentication server device extracts the identification information as authentication result information corresponding to the authentication information input by the authentication information input unit, and inputs the user information and the authentication information input by the extracted identification information
- the time information corresponding to the authentication information input by the unit and the time specifying information are extracted from the storage device of the authentication server device as the search result information.
- the authentication server method further includes:
- the biometric information acquisition unit of the terminal device acquires the biometric information of the user, and the terminal authentication unit of the terminal device treats the user based on the biometric information acquired by the biometric information acquisition unit. Authenticate by the device,
- the biometric information output unit of the terminal device uses the biometric information acquired by the biometric information acquisition unit as the user identification information to the authentication server device. Output,
- the user specifying information input unit of the authentication server device obtains and inputs the user specifying information from the terminal device.
- the user specifying information input unit of the authentication server device acquires the biometric information from each terminal device of the plurality of terminal devices,
- the biological information is characterized in that at least one of accuracy and type differs for each terminal device.
- the authentication method further includes:
- a biometric information storage unit of the terminal device stores the normal biometric information of the user in the storage device of the terminal device;
- the biometric information acquisition unit of the terminal device acquires the biometric information of the user twice or more, and the terminal authentication unit of the terminal device obtains the biometric information of the user every time the biometric information acquisition unit acquires the biometric information of the user.
- the degree to which the biological information acquired by the biological information acquisition unit matches the biological information stored by the biological information storage unit is determined by the processing device of the terminal device.
- the authentication level information is generated by entering a numerical value by
- the biometric information output unit of the terminal device selects the biometric information acquired by the biometric information acquisition unit based on the authentication degree information calculated by the terminal authentication unit by the processing device of the terminal device. It outputs to a server apparatus.
- the biometric information output unit of the terminal device outputs the thinned biometric information acquired by the biometric information acquisition unit.
- the authentication server method further includes:
- the format selection unit of the authentication server device selects the format of biometric information output by the biometric information output unit by the processing device of the authentication server device, and the format information output unit of the authentication server device includes the format selection unit.
- the format information indicating the format selected by is output to the terminal device, and the biometric information output unit of the terminal device outputs the biometric information acquired by the biometric information acquisition unit by the format information output unit.
- the format information indicated by the format information is converted by the processing device of the terminal device and output to the authentication server device, and the user authentication unit of the authentication server device receives the user specification information input by the user specification information input unit. From the format selected by the format selector It converted by the processing unit of the authentication server to the format, and wherein the authenticating the user based on the converted user identification information.
- the format selection unit of the authentication server device selects the format of the biometric information output by the biometric information output unit of the same terminal device again, the format selection unit displays a matrix corresponding to the previously selected format in the vector space.
- the feature is that the format corresponding to the matrix rotated 90 degrees is selected.
- the authentication server method further includes:
- the location information input unit of the authentication server device acquires and inputs the location information indicating the location, the terminal device force,
- the location specifying information input unit of the authentication server device inputs unique location specifying information that can be obtained only at the location indicated by the location information input by the location information input unit
- the authentication information generating unit of the authentication server device includes: Indicates that the user is authenticated Authentication result information, time information input by the time information input unit, time specification information input by the time specification information input unit, location information input by the location information input unit, and the location specification information input unit
- the authentication information is generated by synthesizing the information with the position specifying information input in step (2).
- an authentication method includes:
- the user identification information input unit of the authentication server device can only obtain it from the user! /, Obtains and inputs unique user identification information from the terminal device,
- a user authentication unit of the authentication server device authenticates the user by a processing device of the authentication server device based on the user identification information input by the user identification information input unit;
- the location information input unit of the authentication server device acquires and inputs the location information indicating the location, the terminal device force,
- the position specifying information input unit of the authentication server apparatus inputs unique position specifying information that can be obtained only at the position indicated by the position information input by the position information input unit, and the authentication information generating unit of the authentication server apparatus
- the authentication information is generated by combining the position specifying information with the processing device of the authentication server device.
- the authentication information generation unit is input by the authentication result information indicating that the user has been authenticated and the time information input unit.
- the event is generated in addition to the proof of the time for the event. It is possible to verify the identity of the subject.
- FIG. 1 is a diagram showing a configuration of authentication system 100 according to the present embodiment.
- authentication system 100 includes terminal device 200 (also referred to as “client”), authentication server device 300 (also referred to as “server” or “authentication server”), and verification device 400.
- the terminal device 200 is a terminal (GPS terminal) having a GPS (Global Positioning System) function.
- the terminal device 200 is, for example, a mobile phone, a digital camera, or a printer.
- the authentication server device 300 is a computer installed in the authentication center 101.
- the verification device 400 is, for example, a PC (personal computer).
- the terminal device 200, the authentication server device 300, and the verification device 400 communicate with each other via a network such as a mobile communication network, a WAN (wide area network), a LAN (local area network), and the Internet.
- a network such as a mobile communication network, a WAN (wide area network), a LAN (local area network), and the Internet.
- the authentication server device 300 provides a service for proof of time and location and identity verification.
- the user of the terminal device 200 uses the service provided by the authentication server device 300 to obtain the time, position, and third-party certification information for identity verification related to a certain event (action by the operation of the terminal device 200). can do.
- the third party certification information is added to the product label so that the user can prove when and where the product was shipped.
- this third-party certification information is applied to various certification procedures when a user subscribes to a certain service (for example, identity verification when a bank account is opened or a debit card or credit card is issued).
- the user 102 of the verification device 400 refers to the third-party certification information to confirm the time and position of an event and the principal of the subject who generated the event. For example, by referring to third-party certification information attached to the label of a product, the user 102 can confirm when and where the product has been shipped. To do For example, by referring to the third-party certification information attached to a certain photo, it becomes possible to confirm “when, where, and with whom the power was photographed”.
- the terminal device 200 When the user of the terminal device 200 uses the service, the terminal device 200 receives positioning information (longitude and latitude) and time from the GPS satellite 103. In addition, the terminal device 200 User biometric information is acquired. The terminal device 200 transmits the positioning information, time, and biometric information to the authentication server device 300, and requests the issuance of a certification code 104 that is the third-party certification information. When receiving the positioning information, time, and biometric information from the terminal device 200, the authentication server device 300 performs biometrics authentication of the user by comparing the received biometric information with the user's reference data held in advance. .
- the authentication server device 300 also acquires weather satellite images from the web server 105 of the Japan Meteorological Association (the cloud image that the Meteorological Agency 106 receives from the meteorological satellite 107 is publicly available to the Japan Meteorological Association).
- the meteorological satellite image is hashed.
- the authentication server device 300 synchronizes its own system clock in advance with the national standard time transmitted from the time server 108 of NICT (National Institute of Information and Communications Technology), and the time received from the terminal device 200 is incorrect. You may check if it is not.
- the authentication server device 300 uses the reference data used for biometrics authentication (an example of authentication result information described later), the time (an example of time information described later), and a hash value of a weather satellite image.
- the certification code 104 is generated by combining the positioning information (an example of position information described later) and the numerical value using a hash function in combination (an example of time specifying information described later).
- the authentication server device 300 may further combine natural phenomenon information such as temperature, humidity, pressure, altitude, and wind speed (an example of position specifying information described later) with the certification code 104.
- the authentication server device 300 further provides a tamper detection code such as a checksum, code, mining code, CRC (Cyclic 'Redundancy' Check), electronic signature, HMAC (Keyed -Hashing 'for' Message 'Authentication), etc. as a certification code. 104 may be combined.
- the authentication server device 300 issues the certification code 104 generated in this way as third-party certification information requested from the terminal device 200.
- the terminal device 200 receives the certification code 104 from the authentication server device 300, and outputs the received certification code 104 to a label, photo, IC (integrated circuit) tag, or the like for use.
- the terminal device 200 may output the certification code 104 as a QR code (registered trademark) or other two-dimensional barcode! /.
- the user 102 When using the service, the user 102 inputs the certification code 104 added to the label or the like to the verification device 400.
- the verification device 400 queries the authentication server device 300 for the input certification code 104.
- the authentication server device 300 when issuing the certification code 104, refers to the reference data, time, and weather satellite used to generate the certification code 104. Information such as images and positioning information is stored in a database. For this reason, information corresponding to the certification code 104 inquired from the verification device 400 can also be extracted from the database and provided to the verification device 400.
- the verification device 400 displays the information provided from the authentication server device 300 on the screen. Accordingly, the user 102 can confirm, for example, when and where the “whose force S” label is issued.
- the certification code 104 issued by the authentication server device 300 includes the metricometry verification data ( Objective evidence by biometric information acquired by the terminal device 200 is included.
- the authentication system 100 can realize third-party certification of time, location, and identity verification.
- biometrics verification data is difficult to counterfeit, spoofing in identity verification can be prevented.
- FIG. 2 is a block diagram showing a configuration of terminal apparatus 200 according to the present embodiment.
- the terminal device 200 is, for example, a camera-equipped mobile phone having a GPS function.
- terminal apparatus 200 includes biometric information acquisition section 201, biometric information output section 202, time information acquisition section 203, time information output section 204, position information acquisition section 205, and position information output section 206.
- the terminal device 200 includes hardware devices such as a storage device 251, a processing device 252, an input device 253, an output device 254, and a biometric recognition device 255 (or these hardware devices are connected to the terminal device 200). . These hardware devices are used by each unit of the terminal device 200. A tamper resistant device may be used for each part of the terminal device 200 or each hardware device.
- the biometric information acquisition unit 201 acquires biometric information of the user using the biometric recognition device 255.
- the biometric information acquisition unit 201 captures a user's face with a camera (an example of the biometric recognition device 255), and acquires face image data (an example of biometric information).
- the biometric information acquisition unit 201 may acquire image data of a user's fingerprint using a fingerprint sensor (an example of the biometric recognition device 255).
- the biometric information acquisition unit 201 may acquire vein data of the user's palm using a vein sensor (an example of the biometric device 255).
- the biometric information acquisition unit 201 may acquire image data of the user's eyeball (iris) with a camera.
- the biometric information acquisition unit 201 is a user May be acquired by a microphone (an example of the biometric recognition device 255).
- the biological information acquisition unit 201 may acquire image data of the user's ear with a camera.
- the biometric information output unit 202 outputs the biometric information acquired by the biometric information acquisition unit 201 to the authentication server device 300 using the output device 254.
- the biometric information output unit 202 transmits face image data to the authentication server device 300 via the mobile communication network.
- the biological information output unit 202 may output user identification information such as a user ID (identifier), a member number, a password, and a personal identification number of a user input by an input unit 253 via an input unit (not shown).
- an electronic certificate stored in advance in the storage device 251 may be output by a storage unit (not shown).
- Biometric information, user identification information, electronic certificates, and the like are usually unique information that cannot be obtained from the user. Hereinafter, such information is referred to as user-specific information.
- the time information acquisition unit 203 acquires time information indicating the time using the input device 253.
- the position information acquisition unit 205 acquires position information indicating the position with the input device 253.
- the time information acquisition unit 203 and the position information acquisition unit 205 acquire the time information and the position information from the GPS satellite 103 using a GPS module (an example of the input device 253), respectively.
- the time information output unit 204 outputs the time information acquired by the time information acquisition unit 203 to the authentication server device 300 using the output device 254.
- the location information output unit 206 outputs the location information acquired by the location information acquisition unit 205 to the authentication server device 300 by the output device 254.
- the time information output unit 204 and the position information output unit 206 transmit the time information and the position information to the authentication server device 300 via the mobile communication network.
- FIG. 3 is a block diagram showing a configuration of authentication server apparatus 300 according to the present embodiment.
- the authentication server device 300 includes a user identification information storage unit 301, a user information storage unit 302, a user identification information input unit 303, a user authentication unit 304, and a time information input unit 305.
- Time specification information input unit 306, location information input unit 307, location specification information input unit 308, authentication information generation unit 309, information storage unit 310, authentication information output unit 311, authentication information input unit 312, information search unit 313, search A result information output unit 314 is provided.
- the authentication server device 300 includes hardware devices such as a storage device 351, a processing device 352, an input device 353, and an output device 354 (or these hardware devices are included in the authentication server device 300). Connected). These hardware devices are used by each part of the authentication server device 300.
- the user specifying information storage unit 301 stores the legitimate user specifying information in the storage device 351 in advance.
- the user identification information storage unit 301 registers image data of the user's face, user ID, membership number, password, password, and electronic certificate in a database (an example of the storage device 351).
- the authentication server device 300 may use a database of another system (for example, a database installed in a place other than the authentication center 101 shown in FIG. 1) as this database.
- the user information storage unit 302 stores user information about the user in the storage device 351 in advance.
- the user information storage unit 302 may include information indicating that the user ID, the user's personal information, and the user's power are stored in the database (all are examples of user information), or encrypting such information, Please register the data that you did.
- the user specifying information input unit 303 inputs user specifying information with the input device 353.
- the user specifying information input unit 303 receives image data of the user's face from the terminal device 200 via the network.
- the user authentication unit 304 authenticates the user by the processing device 352 based on the user identification information input by the user identification information input unit 303.
- the user authentication unit 304 authenticates the user by comparing the user specifying information input by the user specifying information input unit 303 with the user specifying information stored by the user specifying information storage unit 301.
- the time information input unit 305 inputs time information using the input device 353.
- the time specifying information input unit 306 inputs time specifying information using the input device 353.
- the time specifying information is unique data that can be obtained only at the time indicated by the time information input by the time information input unit 305.
- the position information input unit 307 inputs position information with the input device 353.
- the position specifying information input unit 308 inputs position specifying information with the input device 353.
- the position specifying information is unique data that cannot be obtained at the position indicated by the position information input by the position information input unit 307.
- the time information input unit 305, the position information input unit 307, and the position specifying information input unit 308 receive the time information, the position information, and the above-described natural phenomenon information from the terminal device 200 via the network.
- the location information input unit 307 is a terminal device 200. If the position information that also receives force is acquired from the GPS satellite 103, it is difficult to acquire the position information unless the position information indicates the position indicated by the position information. Therefore, in this case, the position specification information input unit 308 may use the position information received from the terminal device 200 by the position information input unit 307 as the position specification information. For example, when the time information is input by the time information input unit 305, the time specifying information input unit 306 receives a weather satellite image from the web server 105 shown in FIG. 1 via the Internet.
- the authentication information generation unit 309 generates authentication result information by the processing device 352 when the user is authenticated by the user authentication unit 304.
- the authentication result information is information indicating that the user has been authenticated. Identification information for identifying user information stored in the user information storage unit 302 can be used as authentication result information.
- the authentication information generation unit 309 combines the generated authentication result information with the time information input by the time information input unit 305 and the time specification information input by the time specification information input unit 306 by the processing device 352 for authentication. Generate information.
- the authentication information generation unit 309 may generate authentication information by combining the authentication result information, the position information input by the position information input unit 307, and the position specification information input by the position specification information input unit 308.
- the authentication information generation unit 309 may generate authentication information by combining at least one of authentication result information, time information, location information, time specification information, and location specification information. For example, the authentication information generation unit 309 generates the certification code 104 shown in FIG. 1 as the authentication information. As described above, the authentication information generation unit 309 does not have to synthesize the time specifying information with the certification code 104 when it is not necessary to prove the time. Furthermore, the time information does not have to be combined with the certification code 104. Further, the authentication information generation unit 309 does not have to synthesize the position specifying information with the certification code 104 when it is not necessary to prove the position. Further, it is not necessary to combine position information with the certification code 104.
- the information storage unit 310 combines the authentication result information, the time information, the time specification information, the position information, and the location specification information, which is synthesized by the authentication information generation unit 309, into the authentication information generated by the authentication information generation unit 309.
- the information is stored in the storage device 351 in association with the information.
- the information storage unit 310 stores authentication result information, time information, time specifying information, and position information in the database using the certification code 104 as a key. Further, the information storage unit 310 further stores the position specifying information in the database using the certification code 104 as a key.
- Authentication information output The unit 311 outputs the authentication information generated by the authentication information generation unit 309 via the output device 354. For example, the authentication information output unit 311 transmits the certification code 104 to the terminal device 200 via the network.
- the authentication information input unit 312 inputs the authentication information output from the authentication information output unit 311 through the input device 353.
- the authentication information input unit 312 receives the certification code 104 from the verification device 400 illustrated in FIG. 1 via the Internet.
- the information search unit 313 extracts authentication result information, time information, time specifying information, position information, and position specifying information corresponding to the authentication information input by the authentication information input unit 312 from the storage device 351 as search result information.
- the information search unit 313 searches the database using the certification code 104 as a key, and outputs the search result. If the authentication result information is identification information for identifying the user information, the information search unit 313 extracts the identification information as authentication result information corresponding to the certification code 104 from the database.
- the information search unit 313 extracts the user information identified by the extracted identification information from the database, and outputs the extracted user information together with other search results.
- the information search unit 313 may output the extracted identification information without the user information as it is as a part of the search result.
- the search result information output unit 314 outputs the search result information extracted by the information search unit 313 by the output device 354.
- the search result information output unit 314 transmits the search result output by the information search unit 313 to the verification device 400 via the Internet.
- FIG. 4 is a diagram showing an example of the external appearance of the terminal device 200 and the authentication server device 300.
- a terminal device 200 and an authentication server device 300 include a system unit 910, a display device 901 having a display screen of CRT (Cathode Ray Ray Tube) or LCD (liquid crystal display), a keyboard 902 (K / B), hardware resources such as mouse 903, FDD904 (Flexible 'Disk' Drive), C DD905 (Compact'Disc 'Drive), printer device 906, scanner device 907, imaging device 908 such as digital camera and video camera These are connected by cables and signal lines.
- a display device 901 having a display screen of CRT (Cathode Ray Ray Tube) or LCD (liquid crystal display)
- keyboard 902 K / B
- hardware resources such as mouse 903, FDD904 (Flexible 'Disk' Drive), C DD905 (Compact'Disc 'Drive)
- printer device 906 scanner device 907
- imaging device 908 such as digital camera and video camera
- the system unit 910 is a computer, and is connected to a telephone 931 and a facsimile machine 932 (FAX) with a cable, and is connected to the Internet 940 via a LAN 942 (low-power area network) and a gateway 941.
- FIG. 5 is a diagram illustrating an example of hardware resources of the terminal device 200 and the authentication server device 300.
- the terminal device 200 and the authentication server device 300 include a CPU 911 (also referred to as a central processing unit, a central processing unit, an arithmetic unit, a microprocessor, a microcomputer, or a processor) that executes a program.
- the CPU 911 is an example of the processing devices 252 and 352 or the processing unit.
- CPU 911 is ROM913 (Read-Only Memory), RAM914 (Random-Access-Memory), communication board 915, display device 901, keyboard 902, mouse 903, FDD904, CDD905, printer device 90 6, scanner via bus 912 It is connected to an apparatus 907, an imaging apparatus 908, and a magnetic disk apparatus 920, and controls these hard air devices.
- a storage medium such as an optical disk device or a memory card reader / writer may be used.
- the RAM 914 is an example of a volatile memory.
- the storage media of the ROM 913, the FDD 904, the CDD 905, and the magnetic disk device 920 are examples of nonvolatile memories. These are examples of the storage devices 251, 351 or the storage unit.
- the communication board 915, the keyboard 902, the scanner device 907, the imaging device 908, the FDD 904, and the like are examples of the input devices 253 and 353 or the input unit.
- the communication board 915, the display device 901, the printer device 906, and the like are examples of the output devices 254 and 354 or the output unit.
- the imaging device 908 and the like are examples of the biological recognition device 255 or the biological recognition unit.
- Communication board 915 is connected to telephone 931, facsimile machine 932, LAN 942, and the like.
- the communication board 915 is not limited to the LAN 942, but may be connected to the Internet 940, WAN (wide area network) such as ISDN (Integrated Services Digital Network), etc. If the Internet 940 is connected to a WAN or the like, the gateway 941 is not necessary.
- the magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924.
- the programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.
- the program group 923 stores programs that execute functions described as “ ⁇ unit” and “ ⁇ means” in the description of the present embodiment.
- the program is CPU9 11 is read and executed.
- data and information described as “to data”, “to information”, “to ID”, “to flag”, and “to result” are stored. Signal values, variable values, and parameter forces are stored as items of " ⁇ file", " ⁇ database”, and " ⁇ table”.
- the “ ⁇ file”, “ ⁇ database”, and “ ⁇ table” are stored in a storage medium such as a disk or a memory.
- Data, information, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU911 via a read / write circuit, and extracted and searched.
- data, information, signal value, variable value and parameter are temporarily stored in main memory, cache memory and buffer memory Memorized.
- the arrows in the block diagrams and flowcharts described in the description of the present embodiment mainly indicate input / output of data and signals.
- the data and signals are stored in a memory such as a RAM 914, a flexible disk (FD ), CDD905 compact disc (CD), magnetic disc device 920 magnetic disc, other optical discs, mini disc (MD), DVD (Digital 'Versatile'Disc) and other recording media.
- Data and signals are transmitted online via bus 912, signal lines, cables and other transmission media.
- ⁇ unit and ⁇ means in the description of the present embodiment may be “ ⁇ circuit”, “ ⁇ device”, and “ ⁇ device”.
- Firmware and software are stored as programs on recording media such as magnetic disks, flexible disks, optical disks, compact disks, mini-discs, and DVDs.
- This program is read by CPU911 and executed by CPU911.
- the program causes the computer to function as “to part” and “to means” described in the description of the present embodiment.
- description of this embodiment This makes the computer execute the procedures and methods of “ ⁇ unit” and “ ⁇ means” described in (1).
- FIG. 6 is a flowchart showing an example of operations of the terminal device 200 (client) and the authentication server device 300 (server).
- the user specifying information storage unit 301 stores the normal biological information of the user in the storage device 351 (step S101: user specifying information storing step).
- the user information storage unit 302 stores the user's personal information together with identification information for identifying the personal information in the storage device 351 (step S102: user information storage step).
- the biometric information acquisition unit 201 acquires the biometric information of the user using the biometric recognition device 255 (step S103: biometric information acquisition step).
- the time information acquisition unit 203 acquires time information from the GPS satellite 103 using the input device 253 (step S104: time information acquisition step).
- the position information acquisition unit 205 acquires position information from the GPS satellite 103 using the input device 253 (step S105: position information acquisition step).
- the biometric information output unit 202 outputs the biometric information acquired by the biometric information acquisition unit 201 to the authentication server device 300 using the output device 254 (step S106: biometric information output step).
- the time information output unit 204 outputs the time information acquired by the time information acquisition unit 203 to the authentication server device 300 by the output device 254 (step S107: time information output step).
- the location information output unit 206 outputs the location information acquired by the location information acquisition unit 205 to the authentication server device 300 using the output device 254 (step S108: location information output step).
- user specifying information input unit 303 inputs the user's biometric information from terminal device 200 using input device 353 (step S109: user specifying information input step).
- the time information input unit 305 inputs time information from the terminal device 200 using the input device 353 (step S110: time information input step).
- the position information input unit 307 inputs position information from the terminal device 200 using the input device 353 (step S111: position information input step).
- the position specifying information input unit 308 inputs position specifying information from the terminal device 200 using the input device 353 (step S112: position specifying information input step).
- the time specification information input unit 306 inputs time specification information from the web server 105 using the input device 353 (step S 113: time specification information input step).
- FIG. 7 is a flowchart showing an example of the operation of the authentication server device 300 (server).
- the user authentication unit 304 compares the biometric information input by the user specifying information input unit 303 with the user specifying information stored in the user specifying information storage unit 301 by the processing device 352, thereby identifying the user. Authenticate (step S114: user authentication step).
- the authentication information generation unit 309 includes the identification information stored in the user information storage unit 302, the time information input by the time information input unit 305, and the time specification information input unit.
- the time specifying information input by 306, the position information input by the position information input unit 303, and the position specifying information input by the position specifying information input unit 308 are combined by the processing device 352 to generate the certification code 104.
- Step S115 Authentication information generation step).
- the information storage unit 310 uses the authentication code 104 generated by the authentication information generation unit 309 as a key, the identification information, the time information, the time specification information, the position information, and the position specification information combined by the authentication information generation unit 309. Is stored in storage device 351 (step S116: information storage step).
- the information storage unit 310 does not necessarily store all the information in the storage device 351.
- the information storage unit 310 may store only the identification information, time information, time specifying information, and position information in the storage device 351.
- the authentication information output unit 311 outputs the certification code 104 generated by the authentication information generation unit 309 to the terminal device 200 using the output device 354 (step S117: authentication information output step).
- terminal device 200 receives certification code 104 output by authentication information output unit 311 of authentication server device 300. As described above, for example, the terminal device 200 prints the received certification code 104 on a label. The user 102 inputs the certification code 104 printed on the label to the verification device 400. The verification device 400 transmits the input certification code 104 to the authentication server device 300.
- FIG. 8 is a flowchart showing an example of the operation of authentication server apparatus 300 (server).
- authentication information input unit 312 inputs certification code 104 from verification device 400 using input device 353 (step S118: authentication information input step).
- the information search unit 313 searches the storage device 351 using the certification code 104 input by the authentication information input unit 312 as a key, and retrieves identification information, time information, time specifying information, position information, and position specifying information as a search result. Information is extracted from storage device 351 (Step S119: Information Search step).
- the information search unit 313 does not necessarily have to extract all information as search result information.
- the information search unit 313 may extract only the identification information, time information, time specifying information, and position information as search result information.
- the search result information output unit 314 outputs the search result information extracted by the information search unit 313 to the verification device 400 by the output device 354 (step S120: search result information output step).
- the verification device 400 receives the search result information output by the search result information output unit 314 of the authentication server device 300. As described above, the verification apparatus 400 displays the received search result information on the screen.
- the verification device 400 searches the storage device 351 (for example, a database of another system) using the identification information as a key. Then, the user personal information stored in the user information storage unit 302 (or other system) of the authentication server device 300 is extracted. The verification device 400 displays the extracted personal information of the user on the screen. As a result, the IJ user 102 can confirm “when, where and who has issued the above label.
- terminal device 200 is a database (an example of storage device 251) that holds registration information that is the same as or different from authentication server device 300 (server). ).
- the client itself performs user authentication processing using a biometric authentication engine (an example of the processing device 252).
- biometric authentication engine an example of the processing device 252
- the client is connected between the biometric information (biometrics verification data) measured on the client and the biometric information (biometrics registration data) registered on the client.
- biometric information data biometrics verification data
- biometrics registration data biometrics registration data
- the server uses the data sent via the network to perform the authentication process using a biometrics authentication engine (an example of the processing device 352).
- a biometrics authentication engine an example of the processing device 352.
- the client when the server performs authentication processing, the client first issues an authentication request to the server. After receiving the authentication request from the client, the server generates a data transmission format when sending data from the client to the server. Then, the format information is transmitted to the client. Based on the received transmission format, the client encodes the biometric information obtained by the client and sends it to the server.
- the transmission format sent from Sano to the client shall be different each time an authentication process request is made.
- the client does not send biometric information data first at the time of authentication, and first issues a request for authentication processing to the server.
- the server that receives the authentication processing request sends a different biometric information transmission format to the client each time the request is received. Therefore, since the client transmits the measured biometric information in a code based on a different transmission format for each request, it is possible to prevent spoofing when transmitted data is stolen.
- FIG. 10 is a block diagram showing a configuration of terminal apparatus 200 according to the present embodiment.
- terminal device 200 includes biometric information storage section 207 and terminal authentication section 208 in addition to the same configuration as in the first embodiment.
- the biometric information storage unit 207 stores the normal biometric information of the user in the storage device 251.
- the biological information storage unit 207 may store biological information of a plurality of users. For example, the biometric information storage unit 207 registers the same image data as the user's own face image data stored in the user identification information storage unit 301 of the authentication server device 300 in the database (as described later, The facial feature amount may be registered instead of the image data.
- the biometric information storage unit 207 may register image data different from the image data of the user's own face stored in the user specifying information storage unit 301 of the authentication server device 300 in the database. However, the latter image data is also image data of the user's own face.
- the terminal authentication unit 208 authenticates the user by the processing device 252 based on the biometric information acquired by the biometric information acquisition unit 201.
- the terminal authentication unit 208 includes the biometric information acquisition unit 20
- the processing device 252 compares the biometric information acquired in 1 with the biometric information stored in the biometric information storage unit 207 to authenticate the user.
- the biometric information output unit 202 outputs the biometric information acquired by the biometric information acquisition unit 201 to the authentication server device 300.
- the authentication server device 300 outputs format information that specifies the format in which the biometric information output unit 202 outputs biometric information. Therefore, the biometric information output unit 202 converts the biometric information acquired by the biometric information acquisition unit 201 into a format indicated by the format information output by the authentication server device 300 and outputs it.
- FIG. 11 is a block diagram showing a configuration of authentication server apparatus 300 according to the present embodiment.
- authentication server apparatus 300 includes a format selection unit 315 and a format information output unit 316 in addition to the same configuration as in the first embodiment.
- the user specifying information input unit 303 acquires biological information from the terminal device 200 as user specifying information using the input device 353 and inputs it.
- the format selection unit 315 selects the format of the biometric information output from the terminal device 200 using the processing device 352.
- the format information output unit 316 outputs format information indicating the format selected by the format selection unit 315 from the output device 354. For example, the format information output unit 316 transmits the format information to the terminal device 200 via the network.
- the user authentication unit 304 converts the biometric information input by the user specifying information input unit 303 from the format selected by the format selection unit 315 to the original format by the processing device 352, and the user is based on the converted biometric information. Authenticate.
- the user authentication unit 304 authenticates the user by comparing the biometric information converted into the original format with the normal biometric information of the user stored in the user specifying information storage unit 301.
- the user authentication unit 304 may notify the terminal device 200 of the authentication result (the power that has succeeded or failed in user authentication).
- the terminal device 200 has the same configuration as that shown in FIG. It has such a functional part.
- the authentication server apparatus 300 further includes a functional unit as shown in FIG. 13 in the configuration shown in FIG. In FIG. 12 and FIG. 13, some of the components shown in FIG. 10 and FIG. 11 are omitted to simplify the drawing.
- the biological information acquisition unit 201 includes a measurement unit 209, a face detection unit 210, and a feature extraction unit 211.
- the biological information storage unit 207 includes a database unit 212.
- the terminal authentication unit 208 includes an authentication processing unit 213.
- the biometric information output unit 202 includes a communication unit 214, a decryption unit 215, a code unit 216, and an encryption unit 217.
- format selection unit 315 includes communication unit 317 and format generation unit 318.
- the format information output unit 316 includes an encryption unit 319.
- the user specifying information input unit 303 includes a decryption unit 320.
- User specific information storage unit 301 includes a database unit 321.
- the user authentication unit 304 includes a coding unit 322 and an authentication processing unit 323.
- FIG. 14 and FIG. 15 are flowcharts of the authentication process in this example.
- the client and the server perform the operations shown in FIGS. 6 to 8, but FIGS. 14 and 15 show only the operations related to the authentication process.
- the measurement unit 209 captures a user's face image using the camera (step S202).
- the face detection unit 210 first detects a face from the captured face image.
- the feature extraction unit 211 extracts the positions of feature points such as eyes, nose, and mouth (step S 203).
- the feature extraction unit 211 uses these pieces of position information (performs normal image processing and brightness correction) and uses a certain size (for example, a size of 40 ⁇ 40 pixels).
- a face image normalized to (3) is generated.
- face detection see, for example, Viola, P .; Jones, M., "Rapider's face image using the camera (step S202).
- the face detection unit 210 first detects a face from the captured face image.
- the feature extraction unit 211 extracts the positions of feature points such as eyes, nose, and mouth (step S 203).
- the feature extraction unit 211 uses these pieces of position information (performs normal image processing and brightness correction) and uses a certain size (for example, a size of
- the feature extraction unit 211 After obtaining the normalized face image, the feature extraction unit 211 performs feature amount extraction from the photographed face image.
- the feature quantity can be calculated using a differential filter as shown in FIG. In this differential filter, the sum of the pixel values in the white area minus the sum of the pixel values in the black area is calculated as the feature amount.
- Step S202 and step S203 correspond to the biological information acquisition step shown in FIG. 6 in the first embodiment.
- the biological information storage unit 207 stores the normal biological information of the user in the storage device 251 in advance (biological information storage step).
- the database unit 212 stores feature amount data extracted from the user's face image power as user registration data in advance.
- the terminal authentication unit 208 authenticates the user by comparing the biometric information acquired by the biometric information acquisition unit 201 with the biometric information stored by the biometric information storage unit 207 by the processing device 252 (terminal) Authentication step).
- the authentication processing unit 213 performs an authentication process between the registration data stored by the database unit 212 and the feature amount data measured by the feature extraction unit 211 (step S204).
- the difference between each value of the feature vector is threshold-processed to obtain values ⁇ and j8.
- the N S ⁇ ⁇ ⁇ ⁇ obtained by adding these values as a feature amount ⁇ and authentication score.
- the client again presents the measurement acquisition screen and acquires biometric information again (step S205).
- the client communication unit 214 sends an authentication request to the server (step S206).
- the format selection unit 315 selects the format of the biological information output by the client using the processing device 352 (format selection step).
- the format generation unit 318 generates a data format of biometric information that the client sends to the server (step S208).
- the format information output unit 316 sends the format selection unit 315 to the client. Format information indicating the selected format is output by the output device 354 (format information output step). In this example, the encryption key unit 319 encrypts the format information and transmits it (step S209).
- the biometric information output unit 202 converts the biometric information acquired by the biometric information acquisition unit 201 into a format indicated by the format information output by the authentication server device 300 by the processing device 252. Output (biological information output step).
- the decoding unit 215 decodes the data (format information) transmitted from Sano and extracts the data format. Based on this data format, the encoding unit 216 also generates biometric information data with the feature data power. For example, when a total of N feature quantity data of 1 to N is obtained as feature quantity data, a data format indicating the order of arrangement can be used.
- the encryption unit 217 encrypts the client ID as the ID information for identifying the client itself together with the biometric information data, and then transmits the encrypted biometric information data and the client ID to the server (step S210).
- the client ID may be, for example, the serial number of the device on which the client is installed.
- the decryption unit 320 decrypts the data transmitted from the client (step S211), and extracts the biometric information data and the client ID (step S212).
- Step S212 corresponds to the user specifying information input step shown in FIG. 6 in the first embodiment.
- the user authentication unit 304 converts the biometric information input by the user specifying information input unit 303 from the format selected by the format selection unit 315 to the original format by the processing device 352, and converts the biometric information into the converted biometric information.
- the database unit 321 extracts registration data associated with the client ID extracted by the decryption unit 320 (step S212). For the registration data associated with the client ID, use the feature data extracted in advance for the face image power of the user of the corresponding client.
- the encoding unit 322 transmits the biometric data to the client
- the feature amount data is extracted by performing inverse conversion from the data format transmitted to the client (step S213).
- the sequence can be restored to the original.
- Each feature quantity data “feature quantity 1, 2, 3,..., N” can be extracted.
- the authentication processing unit 323 performs authentication processing (collation processing) using the feature amount data from the client extracted by the code portion 322 and the feature amount data of the registered data on the server (step S214). This authentication process is the same as that performed on the client side. For example, as shown in FIG. 18, an authentication result may be obtained by thresholding a total value obtained by adding a difference ⁇ between each feature quantity and ⁇ and ⁇ as an authentication score.
- the authentication processing unit 323 indicates an authentication failure (indicating that the user is not the user himself / herself), and if the authentication score is greater than the threshold, the authentication is successful (indicating that the user is the user). Return the result to the client. If the authentication is successful in step S214, the server performs the operation after the authentication information generation step shown in FIG.
- the identity authentication device (authentication system 100) described in the present embodiment is such that the client (terminal device 200) has the same or different registration information as the server (authentication server device 300).
- a database unit 212 biological information storage unit 207) that holds (biological information)
- the client itself has an authentication processing unit 213 (terminal authentication unit 208).
- the authentication process is performed between the measured biometric information and the biometric information registered on the client, and the biometric information obtained by the client is obtained only when the result of the authentication process is obtained if the user is the user. Data is sent to the server, and the server performs the authentication process.
- the client performs the authentication process.
- the client issues an authentication request to the server only when it is determined that the user is the user.
- the authentication process fails at the server, and the client does not need to send an authentication process request to the server again. Therefore, communication time and processing time between the client and server are reduced.
- the client has the code section 216 (biometric information output section 202), and the server includes the format generation section 318 (format selection section 315) and the encoding section 3 22 (User authentication unit 304)
- the server performs authentication processing
- the client first issues an authentication request to the server, and after the server receives the authentication request from the client, the format generation unit 318 A transmission format for sending data to the server is generated, and the format information is transmitted to the client.
- the biometric information obtained by the client is encoded. This is characterized in that it is coded according to and transmitted to the server. At this time, the transmission format when data is sent from the server to the client is different each time an authentication processing request is made from the client.
- a client that does not send biometric information data first at the time of authentication first issues a request for authentication processing to the server.
- the server receives an authentication processing request, it sends a different biometric information transmission format to the client. Based on this transmission format, the client encodes the measured biological information and sends it. This prevents spoofing when transmitted data is stolen.
- measurement unit 209 captures a plurality of face images with a camera.
- the feature extraction unit 211 performs feature quantity extraction from the plurality of face images.
- the authentication processing unit 213 performs authentication processing between the feature amount extracted by the feature extraction unit 211 and the feature amount of the registered data in the storage device 251 (database), and the authentication score value is the largest.
- the feature amount is sent to the authentication server device 300 (server).
- terminal device 200 has the same configuration as in the second embodiment.
- the biological information acquisition unit 201 acquires the user's biological information twice or more.
- the terminal authentication unit 208 obtains the biometric information acquired by the biometric information acquisition unit 201 and the biometric information stored in the biometric information storage unit 207 every time the biometric information of the user is acquired by the biometric information acquisition unit 201.
- the authentication degree information (for example, the above-mentioned authentication score) is generated by entering the numerical value of the degree of matching by the processing device 252.
- the biometric information output unit 202 uses the biometric information acquired by the biometric information acquisition unit 201 based on the authentication level information calculated by the terminal authentication unit 208.
- the information is selected and output by the processing device 252 (for example, the image data with the maximum authentication score is selected as described above).
- the client measures a plurality of pieces of biometric information, and these biometric information and registrations held by the client. It is characterized in that authentication processing is performed on the image and the feature vector of the image with the highest authentication rate is sent to Sano (authentication server device 300) as biological information data.
- Sano authentication server device 300
- the terminal device 200 receives the data format information from the authentication server device 300 (server) and then thins out the obtained feature value. Send quantity.
- terminal device 200 has the same configuration as in the second embodiment.
- the biological information output unit 202 thins out and outputs the biological information acquired by the biological information acquisition unit 201.
- the identity authentication device (authentication system 100) described in the present embodiment is capable of measuring data with a lower sampling rate than the authentication performed by the client (terminal device 200) itself.
- the obtained biometric information data is sent to a server (authentication server device 300).
- the server authentication server device 300
- the client uses the biometric used for authentication on the client.
- Authentication is performed by sending biometric information data with a lower sampling rate than the information data to the server. As a result, the amount of data transmitted from the client to the server can be reduced.
- authentication server apparatus 300 is the same terminal apparatus 200 (client).
- client the same terminal apparatus 200
- the difference is large. Specify the data format as follows.
- authentication server apparatus 300 has a configuration similar to that of the second embodiment.
- the format selection unit 315 selects again the format of the biometric information output by the biometric information output unit 202 of the same terminal device 200, the format selection unit 315 displays a matrix corresponding to the previously selected format in the vector space. Select the format corresponding to the rotated matrix.
- FIG. 19 is a flowchart of data format generation processing in the present embodiment.
- N feature amount data xl, x2,..., XN are obtained by the measurement unit 209 in the server.
- the identity authentication device (authentication system 100) described in the present embodiment is used when the server (authentication server device 300) specifies a data format for the same client (terminal device 200).
- a data format in which a 90-degree rotation matrix in a vector space generated with the previously specified data format is newly applied is specified.
- spoofing is performed by repeating slightly changing the transmission data.
- data that is orthogonal to the previously specified biometric information vector in response to repeated authentication requests from the same client, data that is orthogonal to the previously specified biometric information vector. Specify biometric information data in the format.
- the difference vector force from the previous time or biometric information data is sent, In this data format, the difference vector becomes a large vector, which prevents attacks by spoofing.
- the authentication processing unit 323 of the authentication server apparatus 300 has a plurality of authentication algorithms (authentication algorithm 1,..., Authentication algorithm N) corresponding to each client. Use different authentication algorithms.
- the authentication processing unit 323 selects the client ID strength authentication algorithm in response to the authentication request from the client after step S213 shown in FIG. (Step S401). Then, authentication processing (collation processing) is performed using the selected authentication algorithm (step S214 shown in FIG. 15).
- authentication server apparatus 300 has a configuration similar to that of the second embodiment.
- the user specifying information input unit 303 acquires biometric information from each terminal device 200 of the plurality of terminal devices 200. This biometric information differs in at least one of accuracy and type for each terminal device 200.
- the server authentication server device 300
- the client terminal device 200
- an optimal authentication algorithm according to the above.
- clients have different measurement devices (for example, cameras with different resolutions and focal lengths)
- the feature amount data obtained as biometric information has different characteristics each time, and its variation tends to depend on the characteristics of the image data. Therefore, when the same authentication algorithm is used for all clients, a high authentication rate can be obtained when using feature data of one client, but when using feature data of another client. May have a low authentication rate.
- a high authentication rate can be obtained for the feature data sent from all clients. Can do.
- FIG. 1 is a diagram showing a configuration of an authentication system according to Embodiments 1 to 6.
- FIG. 2 is a block diagram showing a configuration of a terminal apparatus according to Embodiments 1 to 6.
- FIG. 3 is a block diagram showing a configuration of an authentication apparatus according to Embodiments 1 to 6.
- FIG. 4 is a diagram showing an example of the appearance of a terminal device and an authentication device in Embodiments 1 to 6.
- FIG. 5 is a diagram showing an example of hardware resources of a terminal device and an authentication device in Embodiments 1 to 6.
- FIG. 6 is a flowchart showing operations of the terminal device and the authentication device according to Embodiments 1 to 6.
- FIG. 7 is a flowchart showing an operation of the authentication apparatus according to the first to sixth embodiments.
- FIG. 8 is a flowchart showing an operation of the authentication apparatus according to the first to sixth embodiments.
- FIG. 9 shows a configuration of an authentication system according to Embodiments 2 to 6.
- FIG. 10 is a block diagram showing a configuration of a terminal apparatus according to Embodiments 2 to 6.
- FIG. 11 is a block diagram showing a configuration of an authentication apparatus according to Embodiments 2 to 6.
- FIG. 12 is a block diagram showing a configuration of a terminal apparatus according to Embodiments 2 to 6.
- FIG. 13 is a block diagram showing a configuration of an authentication apparatus according to Embodiments 2 to 6.
- FIG. 14 is a flowchart showing operations of the terminal device and the authentication device according to Embodiments 2 to 6.
- FIG. 15 is a flowchart showing operations of the terminal device and the authentication device according to Embodiments 2 to 6.
- FIG. 16 is a flowchart showing an operation for generating a regular face image in the second to sixth embodiments.
- FIG. 17 is a diagram showing a feature amount calculation method in Embodiments 2 to 6.
- FIG. 18 is a diagram showing an authentication score calculation method in Embodiments 2 to 6.
- FIG. 19 is a flowchart showing an operation of the authentication apparatus according to the fifth embodiment.
- FIG. 20 shows a rotation matrix in the N-dimensional biological information data space in the fifth embodiment. is there.
- FIG. 21 is a block diagram showing a configuration of an authentication apparatus according to Embodiment 6.
- FIG. 22 is a flowchart showing operations of the terminal device and the authentication device according to the sixth embodiment.
- 100 authentication system 101 authentication center, 102 users, 103 GPS satellite, 104 certification code, 105 web server, 106 Japan Meteorological Agency, 107 meteorological satellite, 108 time server, 200 terminal device, 201 biometric information acquisition unit, 202 biometric information Output unit, 203 Time information acquisition unit, 204 Time information output unit, 205 Location information acquisition unit, 206 Location information output unit, 20 7 Biometric information storage unit, 208 Terminal authentication unit, 209 Measurement unit, 210 Face detection unit, 211 Feature extraction unit, 212 database unit, 213 authentication processing unit, 214 communication unit, 215 decryption unit, 216 code unit, 217 encryption unit, 251 storage unit, 252 processing unit, 253 input unit, 254 output unit 255 biometric recognition device, 300 authentication server device, 301 user identification information storage unit, 302 user information storage unit, 303 user identification information input unit, 304 user authentication unit, 305 time information input unit, 306 time identification information input unit, 307 Location information input Section, 308 Location information input section, 309
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/993,119 US20100223663A1 (en) | 2006-04-21 | 2006-04-21 | Authenticating server device, terminal device, authenticating system and authenticating method |
EP06732209A EP2012249A1 (en) | 2006-04-21 | 2006-04-21 | Authenticating server device, terminal device, authenticating system and authenticating method |
JP2007511150A JP4616335B2 (ja) | 2006-04-21 | 2006-04-21 | 認証サーバ装置及び端末装置及び認証システム及び認証方法 |
PCT/JP2006/308451 WO2007122726A1 (ja) | 2006-04-21 | 2006-04-21 | 認証サーバ装置及び端末装置及び認証システム及び認証方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2006/308451 WO2007122726A1 (ja) | 2006-04-21 | 2006-04-21 | 認証サーバ装置及び端末装置及び認証システム及び認証方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007122726A1 true WO2007122726A1 (ja) | 2007-11-01 |
Family
ID=38624654
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2006/308451 WO2007122726A1 (ja) | 2006-04-21 | 2006-04-21 | 認証サーバ装置及び端末装置及び認証システム及び認証方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20100223663A1 (ja) |
EP (1) | EP2012249A1 (ja) |
JP (1) | JP4616335B2 (ja) |
WO (1) | WO2007122726A1 (ja) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011109203A (ja) * | 2009-11-13 | 2011-06-02 | Seiko Instruments Inc | 電子署名用サーバ、及び長期署名用サーバ |
JP2014119830A (ja) * | 2012-12-13 | 2014-06-30 | Fujitsu Ltd | 生体認証システム、生体認証方法、及び生体認証プログラム |
KR101530425B1 (ko) * | 2013-08-20 | 2015-06-22 | 주식회사 아이리시스 | 시간 정보를 이용한 홍채 인증 시스템 및 방법 |
US9166957B2 (en) * | 2012-04-19 | 2015-10-20 | Martin Tomlinson | Digital file authentication using biometrics |
JP2016537721A (ja) * | 2013-11-15 | 2016-12-01 | アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited | 人の生体特徴を利用した本人認証 |
JP2017515174A (ja) * | 2014-02-28 | 2017-06-08 | アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited | 特性情報を抽出するための方法およびシステム |
JP2017220728A (ja) * | 2016-06-03 | 2017-12-14 | 株式会社リコー | 検証システム、情報処理装置、検証方法 |
JP2018521417A (ja) * | 2015-07-02 | 2018-08-02 | アリババ グループ ホウルディング リミテッド | 生体特徴に基づく安全性検証方法、クライアント端末、及びサーバ |
US10122710B2 (en) | 2012-04-19 | 2018-11-06 | Pq Solutions Limited | Binding a data transaction to a person's identity using biometrics |
KR20190024177A (ko) * | 2017-08-31 | 2019-03-08 | 손현수 | 위치 정보를 이용한 보안 서비스를 운영하는 방법 및 시스템 |
JP7199134B1 (ja) | 2022-03-29 | 2023-01-05 | 株式会社オプティム | プログラム、方法、情報処理装置、システム |
Families Citing this family (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070245152A1 (en) * | 2006-04-13 | 2007-10-18 | Erix Pizano | Biometric authentication system for enhancing network security |
JP4281802B2 (ja) * | 2007-01-19 | 2009-06-17 | コニカミノルタビジネステクノロジーズ株式会社 | 画像処理装置、画像処理システム、画像処理装置連携方法、およびコンピュータプログラム |
US7925884B2 (en) * | 2008-06-30 | 2011-04-12 | International Business Machines Corporation | Fraud detection in seals |
US8407287B2 (en) * | 2009-07-14 | 2013-03-26 | Radvision Ltd. | Systems, methods, and media for identifying and associating user devices with media cues |
KR101350335B1 (ko) * | 2009-12-21 | 2014-01-16 | 한국전자통신연구원 | 내용기반 영상검색 장치 및 방법 |
US8270684B2 (en) * | 2010-07-27 | 2012-09-18 | Google Inc. | Automatic media sharing via shutter click |
JP5541039B2 (ja) * | 2010-09-27 | 2014-07-09 | 富士通株式会社 | 生体認証システム、生体認証サーバ、生体認証方法及びそのプログラム。 |
JP5811708B2 (ja) * | 2010-09-30 | 2015-11-11 | ブラザー工業株式会社 | 画像処理システム、画像処理方法、中継装置、及び、中継プログラム。 |
CN103339633A (zh) * | 2011-01-27 | 2013-10-02 | 株式会社Ntt都科摩 | 移动信息终端、抓握特征学习方法以及抓握特征认证方法 |
US20120213404A1 (en) | 2011-02-18 | 2012-08-23 | Google Inc. | Automatic event recognition and cross-user photo clustering |
GB2490099A (en) * | 2011-04-11 | 2012-10-24 | Steven Mark Wright | Multi-factor authentication through mobile device location based service |
JP5605294B2 (ja) * | 2011-04-15 | 2014-10-15 | トヨタ自動車株式会社 | 認証システム及び認証方法 |
JP5799586B2 (ja) * | 2011-05-27 | 2015-10-28 | 富士通株式会社 | 生体認証装置、生体認証方法及び生体認証用コンピュータプログラム |
US20120317639A1 (en) * | 2011-06-08 | 2012-12-13 | Johnson Huang | Biometric data system |
US9111402B1 (en) * | 2011-10-31 | 2015-08-18 | Replicon, Inc. | Systems and methods for capturing employee time for time and attendance management |
US9391792B2 (en) | 2012-06-27 | 2016-07-12 | Google Inc. | System and method for event content stream |
GB201212878D0 (en) | 2012-07-20 | 2012-09-05 | Pike Justin | Authentication method and system |
WO2014116561A1 (en) * | 2013-01-22 | 2014-07-31 | Amerasia International Technology, Inc. | Event registration and management system and method employing geo-tagging and biometrics |
KR20140108749A (ko) * | 2013-02-27 | 2014-09-15 | 한국전자통신연구원 | 프라이버시 보호형 문서 인증 정보 생성 장치 및 이를 이용한 프라이버시 보호형 문서 인증 방법 |
US10270748B2 (en) | 2013-03-22 | 2019-04-23 | Nok Nok Labs, Inc. | Advanced authentication techniques and applications |
US9305298B2 (en) | 2013-03-22 | 2016-04-05 | Nok Nok Labs, Inc. | System and method for location-based authentication |
US9887983B2 (en) | 2013-10-29 | 2018-02-06 | Nok Nok Labs, Inc. | Apparatus and method for implementing composite authenticators |
US9560027B1 (en) * | 2013-03-28 | 2017-01-31 | EMC IP Holding Company LLC | User authentication |
US9961077B2 (en) | 2013-05-30 | 2018-05-01 | Nok Nok Labs, Inc. | System and method for biometric authentication with device attestation |
JP6318588B2 (ja) * | 2013-12-04 | 2018-05-09 | 富士通株式会社 | 生体認証装置、生体認証方法及び生体認証用コンピュータプログラム |
US9413533B1 (en) | 2014-05-02 | 2016-08-09 | Nok Nok Labs, Inc. | System and method for authorizing a new authenticator |
US9577999B1 (en) | 2014-05-02 | 2017-02-21 | Nok Nok Labs, Inc. | Enhanced security for registration of authentication devices |
US9654469B1 (en) | 2014-05-02 | 2017-05-16 | Nok Nok Labs, Inc. | Web-based user authentication techniques and applications |
EP3540622B1 (en) * | 2014-06-09 | 2021-04-28 | Aware, Inc. | System and method for performing biometric operations in parallel |
US10225248B2 (en) | 2014-06-11 | 2019-03-05 | Optimum Id Llc | Methods and systems for providing online verification and security |
US9455979B2 (en) | 2014-07-31 | 2016-09-27 | Nok Nok Labs, Inc. | System and method for establishing trust using secure transmission protocols |
US9875347B2 (en) | 2014-07-31 | 2018-01-23 | Nok Nok Labs, Inc. | System and method for performing authentication using data analytics |
US9749131B2 (en) | 2014-07-31 | 2017-08-29 | Nok Nok Labs, Inc. | System and method for implementing a one-time-password using asymmetric cryptography |
US10148630B2 (en) | 2014-07-31 | 2018-12-04 | Nok Nok Labs, Inc. | System and method for implementing a hosted authentication service |
US10008057B2 (en) | 2014-08-08 | 2018-06-26 | Live Nation Entertainment, Inc. | Short-range device communications for secured resource access |
US9736154B2 (en) | 2014-09-16 | 2017-08-15 | Nok Nok Labs, Inc. | System and method for integrating an authentication service within a network architecture |
CN105577624B (zh) | 2014-10-17 | 2019-09-10 | 阿里巴巴集团控股有限公司 | 客户端交互方法与客户端以及服务器 |
CN105678127A (zh) * | 2014-11-21 | 2016-06-15 | 阿里巴巴集团控股有限公司 | 一种身份信息的验证方法和装置 |
GB201520741D0 (en) | 2015-05-27 | 2016-01-06 | Mypinpad Ltd And Licentia Group Ltd | Authentication methods and systems |
US10008099B2 (en) | 2015-08-17 | 2018-06-26 | Optimum Id, Llc | Methods and systems for providing online monitoring of released criminals by law enforcement |
EP3274878A1 (en) | 2015-09-28 | 2018-01-31 | Google LLC | Sharing images and image albums over a communication network |
US10762515B2 (en) * | 2015-11-05 | 2020-09-01 | International Business Machines Corporation | Product preference and trend analysis for gatherings of individuals at an event |
WO2017091431A1 (en) * | 2015-11-24 | 2017-06-01 | Live Nation Entertainment, Inc. | Short-range device communications for secured resource access |
CN105868273A (zh) * | 2016-03-21 | 2016-08-17 | 曲立东 | 多用户操作递接关联计算机网络及其架构方法 |
US10713697B2 (en) | 2016-03-24 | 2020-07-14 | Avante International Technology, Inc. | Farm product exchange system and method suitable for multiple small producers |
US10637853B2 (en) | 2016-08-05 | 2020-04-28 | Nok Nok Labs, Inc. | Authentication techniques including speech and/or lip movement analysis |
US10769635B2 (en) | 2016-08-05 | 2020-09-08 | Nok Nok Labs, Inc. | Authentication techniques including speech and/or lip movement analysis |
US10091195B2 (en) | 2016-12-31 | 2018-10-02 | Nok Nok Labs, Inc. | System and method for bootstrapping a user binding |
US10237070B2 (en) | 2016-12-31 | 2019-03-19 | Nok Nok Labs, Inc. | System and method for sharing keys across authenticators |
US10623389B2 (en) * | 2017-05-11 | 2020-04-14 | International Business Machines Corporation | Authenticating a device based on communication patterns in a group of devices |
WO2018212815A1 (en) | 2017-05-17 | 2018-11-22 | Google Llc | Automatic image sharing with designated users over a communication network |
US11868995B2 (en) | 2017-11-27 | 2024-01-09 | Nok Nok Labs, Inc. | Extending a secure key storage for transaction confirmation and cryptocurrency |
US11831409B2 (en) | 2018-01-12 | 2023-11-28 | Nok Nok Labs, Inc. | System and method for binding verifiable claims |
US11792024B2 (en) | 2019-03-29 | 2023-10-17 | Nok Nok Labs, Inc. | System and method for efficient challenge-response authentication |
CN115244530A (zh) * | 2020-01-30 | 2022-10-25 | 日本电气株式会社 | 服务器装置、终端、认证系统、认证方法和存储介质 |
JP6839313B1 (ja) * | 2020-02-18 | 2021-03-03 | Dxyz株式会社 | 顔認証方法、プログラム、記録媒体および顔認証システム |
EP3926497A1 (fr) | 2020-06-19 | 2021-12-22 | The Swatch Group Research and Development Ltd | Procédé de traçabilité d'un élément d'information numérique dans un système informatique |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001101055A (ja) * | 1999-09-30 | 2001-04-13 | Casio Comput Co Ltd | データベース管理装置、データベースシステム、暗号化装置及び記録媒体 |
JP2001297062A (ja) | 2000-04-13 | 2001-10-26 | Mitsubishi Electric Corp | 時刻情報提供システム及び時刻情報提供方法及び時刻情報提供方法をコンピュータに実行させるためのプログラムを記録したコンピュータ読みとり可能な記録媒体 |
JP2002044228A (ja) * | 2000-07-26 | 2002-02-08 | Nagano Japan Radio Co | 個人識別方法及び個人識別システム |
JP2003208407A (ja) * | 2002-01-10 | 2003-07-25 | Omron Corp | 生体情報登録装置、生体情報を利用した個人認証システム、および生体情報登録方法 |
JP2003256376A (ja) | 2002-02-27 | 2003-09-12 | Hitachi Ltd | 安全性保証付き生体認証方法及び認証サービスを行う装置 |
JP2003284113A (ja) * | 2002-03-22 | 2003-10-03 | Casio Comput Co Ltd | 位置証明方法、位置証明サービスシステム及びネットワークシステム |
JP2005010826A (ja) * | 2003-06-16 | 2005-01-13 | Fujitsu Ltd | 認証端末装置、生体情報認証システム、及び生体情報取得システム |
JP2005130384A (ja) | 2003-10-27 | 2005-05-19 | Kddi Corp | 生体認証システム及び生体認証方法 |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5010553A (en) * | 1988-12-05 | 1991-04-23 | Compuquest, Inc. | High speed, error-free data transmission system and method |
JP4321944B2 (ja) * | 2000-04-27 | 2009-08-26 | 富士通株式会社 | 生体情報を用いた個人認証システム |
WO2002019124A1 (fr) * | 2000-08-30 | 2002-03-07 | Matsushita Electric Industrial Co.,Ltd. | Systeme d'authentification, dispositif de demande d'authentification, dispositif de validation et support de services |
US7921297B2 (en) * | 2001-01-10 | 2011-04-05 | Luis Melisendro Ortiz | Random biometric authentication utilizing unique biometric signatures |
US20040161728A1 (en) * | 2003-02-14 | 2004-08-19 | Benevento Francis A. | Distance learning system |
KR100816408B1 (ko) * | 2004-06-04 | 2008-03-25 | 미쓰비시덴키 가부시키가이샤 | 동작 환경을 증명하는 증명서 발행 서버 및 증명 시스템 |
AU2005295331A1 (en) * | 2004-10-15 | 2006-04-27 | The Regents Of The University Of Colorado, A Body Corporate | Revocable biometrics with robust distance metrics |
JP2006209697A (ja) * | 2005-01-31 | 2006-08-10 | Toshiba Corp | 個人認証システム、この個人認証システムに使用される認証装置、および個人認証方法 |
US7688379B2 (en) * | 2005-12-09 | 2010-03-30 | Hewlett-Packard Development Company, L.P. | Selecting quality images from multiple captured images |
-
2006
- 2006-04-21 WO PCT/JP2006/308451 patent/WO2007122726A1/ja active Application Filing
- 2006-04-21 JP JP2007511150A patent/JP4616335B2/ja not_active Expired - Fee Related
- 2006-04-21 US US11/993,119 patent/US20100223663A1/en not_active Abandoned
- 2006-04-21 EP EP06732209A patent/EP2012249A1/en not_active Withdrawn
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001101055A (ja) * | 1999-09-30 | 2001-04-13 | Casio Comput Co Ltd | データベース管理装置、データベースシステム、暗号化装置及び記録媒体 |
JP2001297062A (ja) | 2000-04-13 | 2001-10-26 | Mitsubishi Electric Corp | 時刻情報提供システム及び時刻情報提供方法及び時刻情報提供方法をコンピュータに実行させるためのプログラムを記録したコンピュータ読みとり可能な記録媒体 |
JP2002044228A (ja) * | 2000-07-26 | 2002-02-08 | Nagano Japan Radio Co | 個人識別方法及び個人識別システム |
JP2003208407A (ja) * | 2002-01-10 | 2003-07-25 | Omron Corp | 生体情報登録装置、生体情報を利用した個人認証システム、および生体情報登録方法 |
JP2003256376A (ja) | 2002-02-27 | 2003-09-12 | Hitachi Ltd | 安全性保証付き生体認証方法及び認証サービスを行う装置 |
JP2003284113A (ja) * | 2002-03-22 | 2003-10-03 | Casio Comput Co Ltd | 位置証明方法、位置証明サービスシステム及びネットワークシステム |
JP2005010826A (ja) * | 2003-06-16 | 2005-01-13 | Fujitsu Ltd | 認証端末装置、生体情報認証システム、及び生体情報取得システム |
JP2005130384A (ja) | 2003-10-27 | 2005-05-19 | Kddi Corp | 生体認証システム及び生体認証方法 |
Non-Patent Citations (2)
Title |
---|
"Ichi Jikan Shomei Service "COCO-DATES" (Kokodeitsu)", MITSUBISHI DENKI GIHO, NIPPON, MITSUBISHI ELECTRIC ENGINEERING CO., LTD., vol. 79, no. 1, 7 January 2005 (2005-01-07), pages 14, XP003018191 * |
VIOLA, P.; JONES, M.: "Rapid Object Detection Using a Boosted Cascade of Simple Features", IEEE COMPUTER SOCIETY CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR, vol. L, December 2001 (2001-12-01), pages 511 - 518, XP010583787 |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011109203A (ja) * | 2009-11-13 | 2011-06-02 | Seiko Instruments Inc | 電子署名用サーバ、及び長期署名用サーバ |
US9166957B2 (en) * | 2012-04-19 | 2015-10-20 | Martin Tomlinson | Digital file authentication using biometrics |
US10122710B2 (en) | 2012-04-19 | 2018-11-06 | Pq Solutions Limited | Binding a data transaction to a person's identity using biometrics |
JP2014119830A (ja) * | 2012-12-13 | 2014-06-30 | Fujitsu Ltd | 生体認証システム、生体認証方法、及び生体認証プログラム |
KR101530425B1 (ko) * | 2013-08-20 | 2015-06-22 | 주식회사 아이리시스 | 시간 정보를 이용한 홍채 인증 시스템 및 방법 |
JP2016537721A (ja) * | 2013-11-15 | 2016-12-01 | アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited | 人の生体特徴を利用した本人認証 |
JP2017515174A (ja) * | 2014-02-28 | 2017-06-08 | アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited | 特性情報を抽出するための方法およびシステム |
US10892896B2 (en) | 2015-07-02 | 2021-01-12 | Advanced New Technologies Co., Ltd. | Using biometric features for user authentication |
JP2018521417A (ja) * | 2015-07-02 | 2018-08-02 | アリババ グループ ホウルディング リミテッド | 生体特徴に基づく安全性検証方法、クライアント端末、及びサーバ |
JP2017220728A (ja) * | 2016-06-03 | 2017-12-14 | 株式会社リコー | 検証システム、情報処理装置、検証方法 |
KR102001607B1 (ko) * | 2017-08-31 | 2019-07-19 | 손현수 | 위치 정보를 이용한 보안 서비스를 운영하는 방법 및 시스템 |
KR20190024177A (ko) * | 2017-08-31 | 2019-03-08 | 손현수 | 위치 정보를 이용한 보안 서비스를 운영하는 방법 및 시스템 |
JP7199134B1 (ja) | 2022-03-29 | 2023-01-05 | 株式会社オプティム | プログラム、方法、情報処理装置、システム |
JP2023145964A (ja) * | 2022-03-29 | 2023-10-12 | 株式会社オプティム | プログラム、方法、情報処理装置、システム |
Also Published As
Publication number | Publication date |
---|---|
JP4616335B2 (ja) | 2011-01-19 |
EP2012249A1 (en) | 2009-01-07 |
JPWO2007122726A1 (ja) | 2009-08-27 |
US20100223663A1 (en) | 2010-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4616335B2 (ja) | 認証サーバ装置及び端末装置及び認証システム及び認証方法 | |
US11811936B2 (en) | Public/private key biometric authentication system | |
US20210334571A1 (en) | System for multiple algorithm processing of biometric data | |
CN107251477B (zh) | 用于安全地管理生物计量数据的系统和方法 | |
KR100486062B1 (ko) | 생측정 증명 | |
US9262615B2 (en) | Methods and systems for improving the security of secret authentication data during authentication transactions | |
US20220029799A1 (en) | System and method for creating one or more hashes for biometric authentication in real-time | |
US20100174914A1 (en) | System and method for traceless biometric identification with user selection | |
JP2000215171A (ja) | 認証システムおよび認証方法 | |
RU2346395C2 (ru) | Криптографически защищенная идентификация личности | |
WO2018225391A1 (ja) | 画像情報検証装置 | |
EP4262151A2 (en) | Biometric public key system providing revocable credentials | |
KR102404763B1 (ko) | 동형 암호화된 이미지를 이용한 개인 식별 방법 및 시스템 | |
JP2003099404A (ja) | 認証サーバ装置、クライアント装置およびそれらを用いたユーザ認証システム、並びにユーザ認証方法、そのコンピュータ・プログラムおよびそのプログラムを記録した記録媒体 | |
JP7236042B2 (ja) | 準同型暗号を用いた顔認証のアプリケーション | |
KR20050045773A (ko) | 3차원 얼굴 표현 기능을 갖는 모바일 단말기 상에서의얼굴 인증과 검색 방법 및 장치 | |
KR101971628B1 (ko) | 온라인을 통해 이미지화된 신분증의 진위를 확인하는 방법, 장치 및 시스템 | |
US11240029B2 (en) | Method of registration and access control of identity for third-party certification | |
KR102592375B1 (ko) | 아이덴티티 검증을 위한 생체 인식 디지털 서명 생성 | |
JP2008103949A (ja) | 署名認証端末及び署名認証システム及び署名確認システム及び署名認証プログラム及び署名確認プログラム及び署名認証方法及び署名確認方法 | |
CN116094724A (zh) | 一种用于电子身份的注册及认证方法及装置 | |
KR101512948B1 (ko) | 하드웨어 기반의 신분증 보안처리 시스템 및 방법 | |
TWI726326B (zh) | 自身防偽的多維條碼產生及驗證方法、裝置、及系統 | |
CN112800477A (zh) | 一种基于生物特征值的数据加解密系统及方法 | |
KR20070109130A (ko) | Id카드와 그 id카드의 인증 시스템 및 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref document number: 2007511150 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006732209 Country of ref document: EP |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 06732209 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11993119 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |