WO2022091221A1 - 情報処理装置、情報処理方法、およびプログラム - Google Patents
情報処理装置、情報処理方法、およびプログラム Download PDFInfo
- Publication number
- WO2022091221A1 WO2022091221A1 PCT/JP2020/040272 JP2020040272W WO2022091221A1 WO 2022091221 A1 WO2022091221 A1 WO 2022091221A1 JP 2020040272 W JP2020040272 W JP 2020040272W WO 2022091221 A1 WO2022091221 A1 WO 2022091221A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- information
- identification information
- user
- authentication
- Prior art date
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 70
- 238000003672 processing method Methods 0.000 title claims description 16
- 238000000034 method Methods 0.000 claims abstract description 215
- 230000008569 process Effects 0.000 claims abstract description 108
- 238000012795 verification Methods 0.000 description 59
- 230000001815 facial effect Effects 0.000 description 41
- 238000004891 communication Methods 0.000 description 19
- 238000010586 diagram Methods 0.000 description 17
- 230000004044 response Effects 0.000 description 16
- 238000004590 computer program Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 6
- 238000009434 installation Methods 0.000 description 4
- 238000002360 preparation method Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 125000002066 L-histidyl group Chemical group [H]N1C([H])=NC(C([H])([H])[C@](C(=O)[*])([H])N([H])[H])=C1[H] 0.000 description 2
- 230000036541 health Effects 0.000 description 2
- 208000019901 Anxiety disease Diseases 0.000 description 1
- 102000005591 NIMA-Interacting Peptidylprolyl Isomerase Human genes 0.000 description 1
- 108010059419 NIMA-Interacting Peptidylprolyl Isomerase Proteins 0.000 description 1
- 102000007315 Telomeric Repeat Binding Protein 1 Human genes 0.000 description 1
- 108010033711 Telomeric Repeat Binding Protein 1 Proteins 0.000 description 1
- 230000036506 anxiety Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 210000003462 vein Anatomy 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
Definitions
- the present invention relates to an information processing apparatus, an information processing method, and a program, and more particularly to an information processing apparatus, an information processing method, and a program relating to electronic procedures.
- Patent Document 2 the user captures his / her own identity verification document with the camera of the mobile terminal to acquire the identity verification image and stores it in the mobile terminal as a collation image.
- an identity verification system that acquires a face image, sends the result of collation with the collation layer to the identity verification server, and allows the child server to use the service based on the collation result.
- Patent Document 3 in a system that provides a service using a membership card, the card ID information and the terminal ID are related so that the service can be similarly received by using a mobile terminal other than the membership card. It is stated that it will be registered in the database this week.
- the present invention has been made in view of the above circumstances, and an object thereof is to improve the usability and security of authentication processing such as electronic signature.
- the first aspect relates to an information processing device.
- the information processing device related to the first aspect is An acquisition means for acquiring the first personal identification information and the terminal specific information from a portable recording medium in which the first personal identification information and the terminal specific information are recorded, and Authentication that authenticates the second personal identification information acquired by the sensor mounted on the terminal and the terminal identification information of the terminal by using the first personal identification information acquired from the recording medium and the terminal identification information.
- Means and It has an execution means for executing a predetermined process when the authentication is successful.
- the second aspect relates to information processing methods performed by at least one computer.
- the information processing method related to the second aspect is Information processing equipment
- the first personal identification information and the terminal specific information are acquired from a portable recording medium in which the first personal identification information and the terminal specific information are recorded.
- the second personal identification information acquired by the sensor mounted on the terminal and the terminal specific information of the terminal are authenticated by using the first personal identification information and the terminal specific information acquired from the recording medium. It includes executing a predetermined process when the authentication is successful.
- this invention may be a program that causes at least one computer to execute the method of the second aspect, or it is a recording medium that can be read by a computer that records such a program. You may.
- This recording medium includes a non-temporary tangible medium.
- This computer program includes computer program code that causes the computer to perform its information processing method on an information processing device when executed by the computer.
- the various components of the present invention do not necessarily have to be individually independent, and a plurality of components are formed as one member, and one component is formed of a plurality of members. It may be that a certain component is a part of another component, a part of a certain component overlaps with a part of another component, and the like.
- the order of description does not limit the order in which the plurality of procedures are executed. Therefore, when implementing the method and computer program of the present invention, the order of the plurality of procedures can be changed within a range that does not hinder the contents.
- the method of the present invention and the plurality of procedures of the computer program are not limited to being executed at different timings. Therefore, another procedure may occur during the execution of a certain procedure, a part or all of the execution timing of the certain procedure and the execution timing of the other procedure may overlap, and the like.
- FIG. 1 It is a figure which conceptually shows the system structure of the electronic signature system which concerns on embodiment of this invention. It is a block diagram which illustrates the hardware composition of the computer which realizes the information processing apparatus which concerns on embodiment of this invention. It is a functional block diagram which shows the logical structure of the information processing apparatus which concerns on this embodiment. It is a figure for demonstrating an identification card on which an IC chip is mounted. It is a figure which shows the example of the data structure of the memory of the IC chip of the identification card. It is a flowchart which shows the operation example of the information processing apparatus of this embodiment. It is a functional block diagram which shows the logical structure of the information processing apparatus of this embodiment. It is a figure which shows an example of the use flow of the electronic signature system.
- acquisition means that the own device retrieves data or information stored in another device or storage medium (active acquisition), and is output to the own device from the other device. Includes at least one of entering data or information (passive acquisition).
- active acquisition include requesting or inquiring about other devices and receiving the reply, and accessing and reading other devices or storage media.
- passive acquisition may be receiving information to be delivered (or transmitted, push notification, etc.).
- acquisition may be to select and acquire the received data or information, or to select and receive the delivered data or information.
- FIG. 1 is a diagram conceptually showing a system configuration of an electronic procedure system 1 according to an embodiment of the present invention.
- the electronic procedure system 1 has an AP server 10 and an information processing device 100.
- the AP server 10 may include a certificate authority 50 that issues a digital certificate (for example, X.509), or may use a certificate authority 50 outside the AP server 10.
- the information processing device 100 is a mobile terminal owned or used by the user U, and is, for example, a smartphone, a tablet terminal, a personal computer, or the like.
- the information processing apparatus 100 is also referred to as a user terminal 100.
- the information processing device 100 can be realized by installing and starting the application program 40 on the user terminal 100.
- the certificate authority 50 issues the digital signature private key 52 and the digital signature public key 54 of the digital signature public key pair together with the digital certificate according to the application of the user U.
- the public key 54 for electronic signature and its electronic certificate may be in the form of (A) not recorded on the identification card 30 but registered in the storage device 20 of the AP server 10, or (B) the identification card. It may be in the form of being recorded in the memory of 30 IC chips.
- the AP server 10 sends the certificate authority 50 to the digital signature public key 54. Have the digital certificate verified.
- the electronic signature private key 52 is recorded together with the electronic certificate in the memory of the IC chip of the user U's identification card 30, for example.
- the user U can attach the electronic signature 82 to the electronic document 80 by using the electronic signature private key 52 recorded on the identification card 30, and submit the electronic document 80 from the user terminal 100 to a predetermined destination via the communication network 3. can.
- FIG. 2 is a block diagram illustrating a hardware configuration of a computer 1000 that realizes an information processing device (user terminal) 100 described later.
- the AP server 10 and the certificate authority 50 of FIG. 1 are also realized by the computer 1000.
- the computer 1000 has a bus 1010, a processor 1020, a memory 1030, a storage device 1040, an input / output interface 1050, and a network interface 1060.
- the bus 1010 is a data transmission path for the processor 1020, the memory 1030, the storage device 1040, the input / output interface 1050, and the network interface 1060 to transmit and receive data to and from each other.
- the method of connecting the processors 1020 and the like to each other is not limited to the bus connection.
- the processor 1020 is a processor realized by a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), or the like.
- the memory 1030 is a main storage device realized by a RAM (RandomAccessMemory) or the like.
- the storage device 1040 is an auxiliary storage device realized by an HDD (Hard Disk Drive), SSD (Solid State Drive), memory card, ROM (Read Only Memory), or the like.
- the storage device 1040 stores a program module that realizes each function of the information processing device (user terminal) 100 (for example, an acquisition unit 102, an authentication unit 104, an execution unit 106, a registration unit 108, etc., which will be described later).
- the processor 1020 reads each of these program modules into the memory 1030 and executes them, each function corresponding to the program module is realized.
- the storage device 1040 may also store the data of the storage unit 120 of the information processing device (user terminal) 100 or the storage device 20 of the AP server 10.
- the program module may be recorded on a recording medium.
- the recording medium for recording the program module includes a medium that can be used by the non-temporary tangible computer 1000, and the program code readable by the computer 1000 (processor 1020) may be embedded in the medium.
- the input / output interface 1050 is an interface for connecting the computer 1000 and various input / output devices.
- the input / output interface 1050 also functions as a communication interface for performing short-range wireless communication such as Bluetooth (registered trademark) and NFC (Near Field Communication).
- the network interface 1060 is an interface for connecting the computer 1000 to the communication network 3 (FIG. 1).
- the communication network 3 is, for example, a LAN (Local Area Network) or a WAN (Wide Area Network).
- the network interface 1060 is connected to the communication network 3 using a public line via a base station using various communication methods such as 4G (4th Generation), 5G (5th Generation), and WiMAX (Worldwide Interoperability for Microwave Access). It may be an interface for doing so.
- the method of connecting the network interface 1060 to the communication network 3 may be a wireless connection or a wired connection.
- the computer 1000 is an individual such as a necessary device (for example, a display (touch panel) of the user terminal 100, an operation button, a speaker, a microphone, and a camera and / or a fingerprint sensor) via an input / output interface 1050 or a network interface 1060. Connect to a sensor, etc. that acquires specific information).
- a necessary device for example, a display (touch panel) of the user terminal 100, an operation button, a speaker, a microphone, and a camera and / or a fingerprint sensor
- the information processing apparatus 100 acquires personal identification information such as a face photo used for performing authentication processing for user U's identity verification.
- the authentication process is performed using the face image of a person, but the authentication process may be performed using other biometric authentication information.
- the biometric information includes, for example, at least one feature quantity such as an iris, a vein, a pinna, a fingerprint, and a voiceprint.
- the authentication process may be performed by combining a plurality of biometric authentication information.
- the guidance screen for photographing the face of the user U by using the camera of the user terminal 100 is displayed on the display of the user terminal 100.
- a sensor suitable for acquiring the biometric authentication information is used.
- the acquisition unit 102 acquires fingerprint information using the fingerprint sensor of the user terminal 100.
- the acquisition unit 102 collects the voice of the user U using the microphone of the user terminal 100 and acquires the voiceprint information.
- the camera includes an image sensor such as a lens and a CCD (Charge Coupled Device) image sensor.
- the image generated by the camera is preferably a moving image, but may be a frame image at predetermined intervals or a still image.
- FIG. 3 is a functional block diagram showing a logical configuration of the information processing apparatus 100 according to the present embodiment. As described above, the information processing apparatus 100 is realized by installing and executing the application program 40 on the user terminal 100.
- Each component of the information processing apparatus 100 (user terminal) of the present embodiment of FIG. 3 is realized by an arbitrary combination of hardware and software of the computer 1000 of FIG. And, it is understood by those skilled in the art that there are various variations in the method of realizing the device and the device.
- the functional block diagram showing the information processing apparatus of each embodiment described below shows a block of logical functional units, not a configuration of hardware units.
- the information processing device 100 has an acquisition unit 102, an authentication unit 104, and an execution unit 106.
- the acquisition unit 102 acquires the first personal identification information and the terminal specific information from the portable recording medium in which the first personal identification information and the terminal specific information are recorded.
- the authentication unit 104 authenticates the second personal identification information acquired by the sensor mounted on the terminal and the terminal specific information of the terminal by using the first personal identification information and the terminal specific information acquired from the recording medium.
- the execution unit 106 executes a predetermined process when the authentication is successful.
- the first personal identification information stored in the storage unit 120 of the user terminal 100 is, for example, facial photograph data or facial features of the person whose identity has been confirmed in advance by eKYC (electronicKnowYourCustomer) or the like.
- the terminal specific information is identification information that can uniquely identify the user terminal 100.
- the terminal specific information is, for example, identification information assigned by the AP server 10 to each user terminal 100 (or each application software installed in the user terminal 100). For example, when the user terminal 100 installs the application program 40 of the electronic procedure system 1, it may be assigned by the AP server 10.
- the terminal identification information is uniquely assigned to each individual mobile terminal such as the individual identification information (UID: UniqueIdentifier), IMEI (International Mobile Equipment Identifier), MAC (Media Access Control) address of the user terminal 100. It may be an identification number of.
- the portable recording medium is, for example, an identification card such as a driver's license, a health insurance card, an Individual Number Card, a passport, etc., and is shown as an identification card 30 in FIG. 1 and the like.
- the shape of the portable recording medium is not particularly limited, such as a card type, a sheet shape, or a booklet. It is preferable that a photograph of the person's face is posted.
- the identification card 30 is preferably equipped with an IC chip including a memory capable of recording information.
- My Number Card is a plastic card with a predetermined thickness, and a face photo and name are printed on one side, and an individual number (also called My Number) is printed on the other side. It is posted.
- FIG. 4 is a diagram for explaining an identification card 30 (My Number card) on which an IC chip 32 is mounted.
- the IC chip 32 includes a memory 34, a processor 36, and an NFC communication unit 38 that communicates with a user terminal 100 such as a smartphone by NFC.
- the private key 52 for digital signature, the first personal identification information (face feature amount 42), the PIN (Personal Identification Number) code 44, and the terminal identification information (terminal ID 46) are recorded in the memory 34.
- the digital signature private key 52 is used when the electronic signature 82 is applied to the electronic document 80 as a predetermined process, which will be described in detail in the embodiment described later. In the present embodiment, in order to safely read the digital signature private key 52 from the identification card 30 and use it, a process for verifying the identity is performed.
- the first personal identification information (face feature amount 42) recorded in the memory 34 is also the face photo data or face feature amount of the person who has been confirmed in advance by eKYC or the like. In the embodiment described later, it is a facial feature amount authenticated by the procedure of recording the identity verification information on the user terminal 100 (procedure P5 in FIG. 8).
- the terminal identification information (terminal ID 46) recorded in the memory 34 is written in advance from the user terminal 100 to the identification card 30 by the linking process between the user terminal 100 and the identification card 30, which will be described in detail in the embodiment described later. Information.
- the PIN code 44 is a number (or alphabetic character) having a predetermined number of digits (for example, 4 digits, 6 digits, etc.) preset by the user U, which needs to be input when reading the information recorded in the memory 34. It is a password consisting of (may include symbols).
- the PIN code 44 is set by the user U and recorded in the memory 34, for example, when the digital certificate is registered in the My Number card at a government office or the like. For example, when reading the information recorded in the memory 34, first, the user terminal 100 is made to input the PIN code and the IC chip 32 is made to transmit the information. The processor 36 collates the received PIN code with the PIN code 44 recorded in the memory 34. If the authentication is successful, the information recorded in the memory 34 is permitted to be read, and if the authentication is unsuccessful, the reading is not permitted.
- the acquisition unit 102 of the user terminal 100 transmits a PIN code to perform NFC communication with the NFC communication unit 38 of the IC chip 32, and if the authentication is successful, the information recorded in the memory 34 can be read and acquired. In this way, the PIN code can prevent unauthorized reading of the information recorded in the memory 34 in the identification card 30.
- the user terminal 100 may read or write the information of the memory 34 via the reader / writer for reading and writing the information recorded in the memory 34. That is, the acquisition unit 102 may acquire the first personal identification information and the terminal identification information from the IC chip 32 of the identification card 30 via the reader / writer.
- FIG. 5 is a diagram showing a specific example of data stored in the memory 34 of the IC chip 32 of the identification card 30.
- FIG. 5A shows an example of a data structure of the memory 34 in which the public key 54 for digital signature of the above-mentioned (A) is not recorded on the identification card 30.
- FIG. 5B shows an example of a data structure of the memory 34 in which the public key 54 for digital signature is recorded on the identification card 30 of (B) described above.
- the memory 34 has a basic area 35a and an extended area 35b.
- the basic area 35a is an area used by the issuer of the identification card 30 or the management organization, and mainly stores information necessary for the original purpose of use of the identification card 30.
- the extended area 35b is an area that is permitted to be used by various organizations (for example, private businesses) that provide various services including electronic procedures using the identification card 30, and provides various services. The information necessary for this is mainly stored. It is desirable that the basic area 35a has a structure that cannot be used by a private business operator or the like.
- the image data of the face photograph of the user U printed on the face of the identification card 30 and the image data of the face photograph are read from the memory 34.
- a PIN code of 1 for example, a 4-digit number
- a digital signature secret key for example, 6 digits
- a second PIN code for reading the digital signature secret key for example, 6 digits.
- the above alphanumeric characters (indicated as "PIN2" in the figure) and are stored.
- the memory 34 is locked or the data in the memory 34 is erased. Or the IC chip 32 including the memory 34 may be configured to be destroyed.
- the extended area 35b stores the terminal ID, the facial feature amount, and the information obtained by encrypting the first PIN code and the second PIN code described above.
- the terminal ID also functions as a PIN code that permits access to the extended area 35b.
- the encrypted first PIN code stored in the extended area 35b is obtained by collating the facial feature amount stored in the extended area 35b with the facial image of the user U captured by the user terminal 100. If the face recognition is successful, it can be decrypted. That is, when the face authentication is successful, the face photograph can be read out from the basic area 35a using the decrypted first PIN code.
- the encrypted second PIN code stored in the extended area 35b is the same as the above-mentioned encrypted first PIN code, and the second PIN code decrypted when the face authentication is successful is used.
- the private key for digital signature can be read from the basic area 35a. The writing of information from the electronic procedure system 1 to the extended area 35b will be described later.
- FIG. 5B shows an example in which the public key for digital signature and its digital certificate are stored in the basic area 35a in addition to the information stored in the basic area 35a of the memory 34 in FIG. 5A. Is shown.
- the second PIN code is further used as a PIN code for reading not only the digital signature private key but also the digital signature public key and the digital certificate. Similar to the above-mentioned encrypted first PIN code, the private key for digital signature, the public key for digital signature, and the public key for digital signature are used from the basic area 35a using the second PIN code decrypted when the face authentication is successful.
- the digital certificate becomes readable.
- the predetermined process executed by the execution unit 106 is a process that requires identity verification, such as a process of applying an electronic signature 82 to an electronic document 80 to be submitted to a predetermined institution. For example, when the final tax return document is submitted electronically, the electronic document 80 is digitally signed 82 and transmitted to a predetermined destination.
- identity verification such as a process of applying an electronic signature 82 to an electronic document 80 to be submitted to a predetermined institution.
- the electronic document 80 is digitally signed 82 and transmitted to a predetermined destination.
- the ID card 30 for example, in the case of My Number card
- the administration related to My Number it is necessary to receive these various services when performing procedures, using mortgages and real estate transactions for online contracts, using receiving services such as resident's card and family register at convenience stores, etc.
- the authentication process may also be included in the predetermined process.
- the user U activates a predetermined browser using the user terminal 100 and accesses a predetermined web page of the National Tax Agency. After inputting the necessary information, the electronic document 80 of the final tax return document is digitally signed 82, and then the final tax return document is transmitted via a communication network 3 such as the Internet.
- a communication network 3 such as the Internet.
- the information processing device 100 (application program 40) of the present embodiment is activated when the electronic document 80 is digitally signed 82 on the final tax return web page of the National Tax Agency. Then, after confirming the identity by the procedure described later, the electronic signature 82 is digitally signed to the electronic document 80 using the electronic signature private key 52 recorded in the memory 34 of the identification card 30, and the electronic signature 82 is sent to a predetermined destination. Can be sent and submitted.
- FIG. 6 is a flowchart showing an operation example of the information processing apparatus 100 of the present embodiment.
- the acquisition unit 102 acquires the first personal identification information and the terminal identification information from the IC chip 32 of the identification card 30 (step S1).
- the first personal identification information is a face image of the user U or a feature amount of the face.
- the terminal specific information is a terminal ID assigned when the application program 40 is installed on the user terminal 100.
- the acquisition unit 102 causes the user U to display a guidance screen for reading information from the identification card 30 on the display.
- the user U follows the instruction on the guidance screen and brings the identification card 30 close to a predetermined position of the user terminal 100.
- the acquisition unit 102 communicates with the NFC communication unit 38 of the identification card 30 to read and acquire the facial feature amount 42 and the terminal ID 46 recorded in the memory 34 of the IC chip 32.
- this facial feature amount 42 is a facial feature amount whose identity has been confirmed in advance.
- the authentication unit 104 acquires the second personal identification information using the sensor (step S3). Specifically, the camera of the user terminal 100 is activated, and a guidance screen for taking a face image of the user U is displayed on the display. User U can take a face image by operating according to the instruction on the guidance screen. As described above, in order to prevent fraudulent acts such as spoofing using a life-sized portrait of another person, liveness verification may be used together.
- the authentication unit 104 has the first personal identification information (face feature amount 42 read from the IC chip 32) acquired in step S1 and the second personal identification information (face image taken by the user terminal 100) acquired in step S3. (Face feature amount)), and the terminal identification information (terminal ID 46 read from the IC chip 32) acquired in step S1 is collated with the terminal identification information stored in the storage unit 120 (step S5). ).
- the execution unit 106 executes a predetermined process (step S9). If authentication fails for at least one of the personal specific information and the terminal specific information (NO in step S7), this process is terminated by bypassing step S9. That is, the predetermined process by the execution unit 106 is not executed.
- the predetermined process is, for example, a process of applying an electronic signature 82 to the electronic document 80. Details will be described in the second embodiment described later.
- the acquisition unit 102 reads the first personal identification information (face feature amount) and the terminal identification information (terminal ID) from the identification card 30 or the like, and the authentication unit 104 reads the user terminal.
- the second personal identification information (face image and facial feature amount) acquired by a sensor such as a camera of 100 is collated with the first personal identification information acquired by the acquisition unit 102, and the terminal specific information of the user terminal 100 and the acquisition unit 102 are collated. Collate the terminal specific information acquired by.
- the execution unit 106 can perform a predetermined process, for example, an electronic signature 82 to the electronic document 80.
- the configuration of the present embodiment by performing the authentication process of the identity verification using the identification card 30 and the user terminal 100, fraudulent acts such as spoofing are prevented and the identity verification is required legitimately.
- Predetermined processing can be executed. Then, it becomes possible to perform a predetermined process such as applying an electronic signature 82 to the electronic document 80 without performing a complicated operation only by confirming the identity of the user terminal 100. Therefore, the usability and security of the digital signature are improved.
- FIG. 7 is a functional block diagram showing a logical configuration of the information processing apparatus 100 of the present embodiment.
- the information processing apparatus 100 of the present embodiment is described above except that it has a configuration for associating the user terminal 100 with the identification card 30 in which the electronic signature private key 52 required for a predetermined process is recorded. It is the same as the embodiment.
- the information processing apparatus 100 of the present embodiment further has a registration unit 108 in addition to the configuration of FIG.
- the configurations of the present embodiment may be combined within a range that does not cause a contradiction with at least one of the configurations of the other embodiments.
- the registration unit 108 uses the first personal identification information (face image) stored in the storage unit 120 of the user terminal 100 and the second personal identification information (face feature amount) stored in the storage unit 120 of the user terminal 100 by the authentication unit 104. As a result of the authentication, when the authentication is successful, the terminal identification information (terminal ID 46) is stored in the recording medium (IC chip 32 of the identification card 30).
- FIG. 8 is a diagram showing an example of the usage flow of the electronic procedure system 1.
- the identification card 30 is also referred to as the My Number card 30a.
- An example of using the identification card 30 not equipped with the IC chip 32 will be described in the fourth embodiment described later.
- the user U goes to the predetermined application place with the My Number card 30a and performs the procedure for applying for the issuance of the electronic certificate (procedure P1).
- the usage registration (user registration) of the electronic procedure system 1 is also performed, and the account information of the user U required when logging in to the electronic procedure system 1 is also set.
- the application program 40 of the electronic procedure system 1 is installed in the user terminal 100 (procedure P3).
- the face image (face feature amount) confirmed by eKYC or the like is stored in the storage unit 120 of the user terminal 100 (procedure P5). Then, the initial registration procedure for using the electronic procedure system 1 is performed via the application 40 (procedure P7).
- the identification card 30, the user terminal 100, and the application program 40 can be associated with each other by the terminal ID 46.
- FIG. 9 is a diagram for explaining an application flow for issuing an electronic certificate.
- the issuance of an electronic certificate for electronic signature will be described, but an electronic certificate for user certification can also be applied for issuance by the same processing.
- the user brings the identification card 30 (for example, the My Number card 30a on which the IC chip 32 is mounted) to the predetermined application place. Therefore, an application for issuance of a digital certificate is made (step S101).
- the person in charge at the counter operates the operation terminal (not shown) for the AP server 10 to accept the application.
- the AP server 10 issues a user ID to the user U and performs user registration (step S103).
- the user ID is account information required to log in to the electronic procedure system 1 when using the electronic procedure system 1.
- the user U is required to enter an arbitrary password and user ID set by the user U as the account information of the user U.
- the password may be appropriately changed by the user U to improve security.
- the account information (user ID and password) of the user U is stored in the storage device 20.
- Issuance of a user ID is not always necessary, and a configuration may be configured in which the AP server 10 logs in using the terminal specific information (terminal ID 46) assigned to each user terminal 100. That is, the face of the user U may be photographed using the user terminal 100, and if the face authentication is successful, the terminal ID 46 may be acquired and used as login information for the AP server 10. Since the terminal ID 46 has been acquired due to the success of face authentication, it is not necessary to enter the password to log in to the AP server 10.
- the AP server 10 causes the certificate authority 50 to issue a pair of a public key 54 for digital signature and a private key 52 for digital signature and an electronic certificate (step S105).
- step S105 may be performed after the user ID is issued in step S3 and the user registration is completed.
- the user U is made to set a personal identification number (also referred to as a PIN code) to be input at the time of issuing the electronic certificate, and the user U is made to input the personal identification number (also referred to as a PIN code) by using the operation terminal (step S107).
- a personal identification number also referred to as a PIN code
- the AP server 10 records the digital signature private key 52 issued by the certificate authority 50 and the PIN code 44 input by the user U in the memory 34 of the IC chip 32 of the user U's My Number card 30a (step S109).
- FIG. 11A shows the data recorded in the memory 34 of the IC chip 32 of the My Number card 30a.
- the data of this information is recorded in a predetermined area of the memory 34 of the IC chip 32 in particular.
- the data recorded in the memory 34 can be read when the input of the PIN code 44 is received. That is, even if the identification card 30 is lost or stolen, there is a high possibility that the information recorded on the identification card 30 will not be read unless the PIN code 44 is known.
- the AP server 10 stores the digital signature public key 54 paired with the digital signature private key 52 of the user U in the storage device 20 (FIG. 10B) in association with the user ID of the user U (step). S111).
- the application program 40 for using the electronic procedure system 1 is downloaded to the user terminal 100 of the user U.
- the application program 40 downloaded to the user terminal 100 of each user U is associated with a pair of a common challenge public key 58 and a challenge private key 56, and the storage device 20 is associated with the identification information of the application program 40.
- the challenge public key 58 is associated and stored (FIG. 10 (d)).
- the identification information of the application program 40 may be, for example, information indicating a version of the application program 40. Further, even if the application program 40 has the same version, the challenge public key 58 may be used after a predetermined period of time or in order to avoid risks such as hacking due to continuous use of the same application program 40.
- the downloaded application is installed on the user terminal 100.
- the information processing apparatus 100 displays a login screen requesting input of account information (user ID and password) on the display of the user terminal 100.
- the AP server 10 performs the authentication process of the user U and associates the terminal identification information (indicated as the terminal ID in the figure) of the user terminal 100 of the user U with the user ID of the user U. It is stored in the storage device 20 (FIG. 10 (c)).
- the terminal ID assigned by the AP server 10 is stored in the security area 122 of the storage unit 120 (FIG. 12 (a)).
- FIG. 13 is a diagram for explaining the identity verification procedure. As shown in FIG. 13A, the user U uses the camera of the user terminal 100 to take a face photograph of his / her own face and the face photograph of the Individual Number Card 30a. FIG. 13A
- This identity verification process may be performed by installing an application for identity verification on the user terminal 100, or may be performed on a predetermined website via a browser.
- the face image of the user U himself and the face feature amount extracted from each of the face photograph of the My Number card 30a are collated.
- the authenticated facial feature amount is stored in the security area 122 (FIG. 12 (c)) of the storage unit 120 of the user terminal 100. Further, the authenticated facial feature amount is written in the memory 34 of the IC chip 32 of the identification card 30.
- FIG. 14 is a diagram showing a flow for initial setting of the procedure P7 of FIG. 8 which is executed when the program is started for the first time after downloading the application to the user terminal 100 of the user U in the procedure P3 of FIG.
- this process may be executed even when the program is deleted after downloading and using the program, or when the application is downloaded and started again. Further, even when the user U changes the user terminal 100 to another model, this process is executed when the application is downloaded and started again to the new model.
- the identity verification of the user U and the registration procedure of the user terminal 100 for operating the application are performed.
- the initial registration screen is displayed, and the user U inputs the account information and starts the initial registration process (step S201).
- the AP server 10 executes challenge / response authentication for the user terminal 100 (step S203). Specifically, the AP server 10 generates a random number (challenge) 60 and transmits it to the user terminal 100.
- the user terminal 100 Before responding to the challenge from the AP server 10, the user terminal 100 performs a process of associating the identification card 30 with the user terminal 100 (steps S205 to S225) after confirming the identity.
- the acquisition unit 102 displays on the display of the user terminal 100 a screen for inputting the PIN code 44 for accessing the identification card 30.
- the acquisition unit 102 Upon receiving the input of the PIN code 44 (step S205), the acquisition unit 102 performs NFC communication with the identification card 30, transmits the PIN code 44, and the facial feature amount 42 and the electronic data recorded on the identification card 30.
- the signature private key 52 is read and acquired (step S207).
- the first PIN code is used.
- the input of the second PIN code may be accepted.
- the facial feature amount may be read from the identification card 30 using the first PIN code
- the digital signature secret key may be read from the identification card 30 using the second PIN code.
- the identification card 30 collates the PIN code 44 received from the user terminal 100 with the PIN code 44 recorded on the identification card 30, and if they match, the information recorded on the identification card 30 is displayed. Allow reading. If the results of the collation do not match, the information recorded on the identification card 30 is not permitted to be read.
- the user terminal 100 executes the personal verification process (step S210).
- FIG. 15 is a flowchart showing an example of the procedure of the person verification process.
- the acquisition unit 102 activates the camera of the user terminal 100, and causes the user U to display a guidance screen for taking a picture of the person's face on the display of the user terminal 100. Then, the face is photographed and the face image is acquired (step S211).
- the authentication unit 104 collates the facial feature amount extracted from the facial image captured by the camera with the facial feature amount 42 read from the identification card 30 in step S207 (step S213). Further, it is preferable that the acquisition unit 102 captures a moving image in order to prevent spoofing when acquiring the face image of the person by camera shooting, and the authentication unit 104 performs liveness verification.
- the personal verification process may be performed with at least one of the following patterns, a plurality of patterns may be combined, or the patterns may be changed at a predetermined timing.
- the facial feature amount extracted from the facial image taken by the camera is collated with the facial feature amount 42 obtained from the identification card 30.
- Pattern 2 The feature amount of the face extracted from the face image taken by the camera and the face recorded in the security area 122 of the storage unit 120 of the user terminal 100 when the identity is confirmed by eKYC (procedure P5 in FIG. 8). Check with the feature amount.
- the acquisition unit 102 obtains the acquired facial feature amount 42 and the digital signature private key 52. , Stored in the security area 122 (FIG. 12 (d)) of the storage unit 120. If the personal authentication fails (NO in step S221), the user U is notified that the process is interrupted because the authentication has failed, and the process ends.
- the registration unit 108 obtains the terminal identification information of the user terminal 100, here, the terminal ID assigned when the application program 40 is installed on the user terminal 100 by the AP server 10.
- a guidance screen for writing to the memory 34 of the IC chip 32 of the identification card 30 is displayed on the display.
- the user U follows the instruction on the guidance screen and brings the identification card 30 close to a predetermined position of the user terminal 100.
- the registration unit 108 communicates with the NFC communication unit 38 of the identification card 30 and writes the terminal ID 46 in the memory 34 (FIG. 11 (c)) of the IC chip 32 (step S225).
- the acquisition unit 102 reads the digital signature secret key 52 from the identification card 30 in step S207, but reads only the facial feature amount 42 in step S207, and acquires after successful authentication in step S221.
- the unit 102 may read the electronic signature secret key 52 from the identification card 30 and store it in the storage unit 120 in step S223.
- the execution unit 106 performs a process of applying an electronic signature 62 to the random number (challenge) 60 transmitted from the AP server 10 in step S203 using the challenge public key 58 and transmitting the random number (challenge) to the AP server 10 (step S227). ).
- the AP server 10 When the AP server 10 receives the random number (challenge) 60 to which the electronic signature 62 is given from the user terminal 100, the AP server 10 verifies the challenge response (step S229). For the challenge response verification, the challenge public key 58 stored in the storage device 20 is used. The AP server 10 may notify the user terminal 100 of the result of the challenge verification. For example, it may be notified that the challenge has been successful, that the identity verification card 30 can be used to verify the identity, and that a predetermined process can be executed in the future. Alternatively, it may be notified that the challenge has failed and therefore the predetermined process cannot be executed.
- FIG. 16 is a flowchart showing another example of the application initial registration procedure of FIG. In this example, instead of the PIN input in step S205 of FIG. 14, face authentication enables access to the memory 34 of the IC chip 32 of the identification card 30.
- the user terminal 100 executes the personal verification process (step S210) (FIG. 15).
- the acquisition unit 102 includes a face image of the user U taken by the camera of the user terminal 100 in step S211 of FIG. 15, and a face feature amount 42 of the user U stored in the basic area 35a of the memory 34 of the identification card 30. Is read and acquired.
- the photographed face image is collated with the facial feature amount 42 read from the identification card 30 (step S213 in FIG. 15) and the result of the collation process indicates that the identity authentication is successful (YES in step S221)
- the acquisition is performed.
- the unit 102 decodes the encrypted second PIN code from the extended area 35b of the memory 34 of the identification card 30, and uses the second PIN code to enter the basic area 35a of the memory 34 of the identification card 30. Access to read and acquire the electronic signature private key 52 (step S222).
- the acquisition unit 102 stores the facial feature amount 42 and the electronic signature private key 52 acquired from the identification card 30 in the security area 122 (FIG. 12 (d)) of the storage unit 120 (step S223). If the personal authentication fails (NO in step S221), the user U is notified that the process is interrupted because the authentication has failed, and the process ends. Since steps S223 and subsequent steps are the same as those in FIG. 14, the description thereof will be omitted.
- FIG. 17 is a flowchart showing still another example of the application initial registration process of FIG. This example shows the operation when the electronic certificate 55 of the public key 54 for electronic signature is stored in the memory 34 of the IC chip 32 of the identification card 30 (FIG. 5 (b)).
- step S221 The procedure up to step S221 is the same as in FIG.
- the acquisition unit 102 uses the second PIN code encrypted from the expansion area 35b of the memory 34 of the identification card 30.
- the second PIN code is used to access the basic area 35a of the memory 34 of the identification card 30 to read the digital signature private key 52, the digital signature public key 54, and the digital certificate 55. (Step S231).
- the acquisition unit 102 stores the facial feature amount 42 acquired from the identification card 30, the private key 52 for electronic signature, the public key 54 for electronic signature, and the electronic certificate 55 in the security area of the storage unit 120. It is stored in 122 (FIG. 12 (d)) (step S233). If the personal authentication fails (NO in step S221), the user U is notified that the process is interrupted because the authentication has failed, and the process ends.
- the registration unit 108 communicates with the NFC communication unit 38 of the identification card 30 and writes the terminal ID 46 in the memory 34 (extended area 35b of FIG. 5B) of the IC chip 32 (step S225). Then, the execution unit 106 performs a process of applying an electronic signature 62 to the random number (challenge) 60 transmitted from the AP server 10 in step S203 using the challenge public key 58 and transmitting it to the AP server 10. At this time, the public key 54 for digital signature and the digital certificate 55 obtained from the identification card 30 in step S231 are also transmitted to the AP server 10 (step S235).
- the AP server 10 When the AP server 10 receives the random number (challenge) 60 to which the electronic signature 62 is given from the user terminal 100, the AP server 10 verifies the challenge response. At this time, the AP server 10 inquires of the certificate authority 50 to verify the digital certificate 55 of the public key 54 for digital signature received from the user terminal 100 (step S237).
- the registration unit 108 uses the authentication unit 104 to store the face image (second personal identification information) captured by the camera mounted on the user terminal 100 and the person stored in the storage unit 120 of the user terminal 100.
- the terminal ID 46 terminal identification information
- the terminal ID 46 is written on the IC chip 32 of the identification card 30 and the identification card is used.
- the user terminal 100 is registered in 30.
- the terminal ID 46 of the user terminal 100 is recorded on the identification card 30, even if the identification card 30 is lost or stolen and an attempt is made to use the electronic procedure system 1 from another terminal.
- the AP server 10 can detect a mismatch between the terminal ID of the terminal and the terminal ID registered in the identification card 30, so that unauthorized use can be prevented.
- the information processing apparatus 100 of this embodiment is the same as that of the above embodiment except that it has a configuration in which identity verification is performed using the identification card 30 prepared in advance in the second embodiment and a predetermined process is performed. Since the user terminal 100 of this embodiment has the same configuration as the information processing apparatus 100 of FIG. 7, it will be described with reference to FIG. 7. However, the configurations of the present embodiment may be combined within a range that does not cause a contradiction with at least one of the configurations of the other embodiments.
- FIG. 18 is a diagram showing a detailed flow of the electronic signature procedure of the procedure P11 of FIG.
- a process of applying an electronic signature 82 to the electronic document 80 using the initially registered identification card 30 and the user terminal 100 (the linked user terminal 100 and the identification card 30) according to the procedure P7 shown in FIG. Will be explained.
- the procedure P11 in FIG. 18 includes the same steps S203, S227, and S229 as the procedure P7 in FIG. 14, and further includes steps S301 to S305. Further, before performing the electronic signature, the process of confirming the identity and confirming the association between the user terminal 100 and the identification card 30 is performed according to the procedure of FIG.
- the login screen is displayed.
- the account information input by the user U on the login screen is transmitted to the AP server 10 as an authentication request (step S301).
- the account information is automatically transmitted to the AP server 10 as an authentication request using the account information stored in advance in the storage unit 120 of the user terminal 100. May be good.
- the application program 40 may be started by the operation of the user U, or when the electronic signature 82 is given to the electronic document 80 submitted on the predetermined website as described above, after obtaining the consent of the user U. , May be launched from a given website.
- the AP server 10 executes challenge / response authentication for the user terminal 100 (step S203). Specifically, the AP server 10 generates a random number (challenge) 60 and transmits it to the user terminal 100.
- the user terminal 100 proceeds to step S1 in FIG. 6 before responding to the challenge from the AP server 10.
- the acquisition unit 102 acquires the facial feature amount 42 and the terminal ID 46 from the IC chip 32 of the identification card 30 (step S1).
- the authentication unit 104 activates the camera of the user terminal 100 and displays a guidance screen for taking a face image of the user U on the display.
- User U operates according to the instruction on the guidance screen to take a face image.
- the authentication unit 104 acquires the face image of the user U captured by the camera (step S3).
- liveness verification may be used together to prevent fraudulent acts such as spoofing.
- the authentication unit 104 collates the face image (face feature amount) taken by the user terminal 100 in step S1 with the face feature amount 42 read from the IC chip 32 in step S3, and the IC chip 32 in step S1.
- the terminal ID 46 read from the above is collated with the terminal ID stored in the storage unit 120 (step S5).
- the personal verification process using the face image in step S5 can be performed with at least one of the above-mentioned patterns 1 to 4.
- the process returns to FIG. 18, and the execution unit 106 challenges the random number (challenge) 60 transmitted from the AP server 10 in step S203.
- a process of applying an electronic signature 62 using the public key 58 and transmitting the digital signature to the AP server 10 is performed (step S227).
- the AP server 10 When the AP server 10 receives the random number (challenge) 60 to which the electronic signature 62 is given from the user terminal 100, the AP server 10 verifies the challenge response (step S229). For the challenge response verification, the challenge public key 58 stored in the storage device 20 is used.
- the AP server 10 transmits a message to that effect to the user terminal 100, and the execution unit 106 reads the digital signature private key 52 from the security area 122 of the storage unit 120 and adds the digital signature 82 to the electronic document 80. It is transmitted to the AP server 10 (step S303).
- the AP server 10 receives the electronic document 80 from the user terminal 100, the AP server 10 reads out the electronic signature public key 54 (FIG. 10 (c)) associated with the terminal ID of the user U stored in the storage device 20. , Verify the digital signature 82 (step S305).
- the verification result may be transmitted to the user terminal 100, or the electronic document 80 may be transmitted to a predetermined destination when the validity of the electronic certificate is confirmed as a result of the verification of the electronic signature 82. If it is confirmed that the electronic certificate is not valid as a result of the verification, the user terminal 100 may be notified that the electronic signature 82 of the electronic document 80 cannot be submitted (sent) because the electronic signature 82 is not valid. .. Further, when it is confirmed that the electronic certificate is not valid, the AP server 10 can also apply to the certificate authority 50 for the revocation of the pair of the public key 54 for digital signature and the private key 52 for digital signature. ..
- the user U when the user U notices that the identification card 30 is lost or stolen, the user U notifies the AP server 10 (enters necessary information on the predetermined screen) in the predetermined menu of the application program 40. Then, the AP server 10 can be made to apply to the certificate authority 50 for the expiration of the pair of the digital signature public key 54 and the digital signature private key 52.
- the same effect as that of the above embodiment is obtained. That is, according to the configuration of the present embodiment, since the identity verification authentication process is performed using the identification card 30 and the user terminal 100 associated in advance, the identity verification can be performed properly by preventing fraudulent acts such as spoofing.
- the electronic signature 82 can be applied to the electronic document 80 by using the electronic signature secret key 52 read from the identification card 30 using the user terminal 100.
- the identification card 30 and the user terminal 100 can be associated with each other. Therefore, even when the user terminal 100 reads out the information of the identification card 30, the PIN code is used. No need to enter. As described above, the usability and security of the electronic signature are improved in this embodiment as well.
- the identification card 30 on which the IC chip 32 is mounted is used.
- a configuration in which an electronic signature 82 can be applied to an electronic document 80 by using an identification card 30 on which an IC chip 32 is not mounted will be described.
- the procedure for recording the electronic certificate in the application is performed on the IC chip 32 of the identification card 30, but in this embodiment, the IC chip 32 is not mounted on the identification card 30, so that the electronic certification is performed.
- the book cannot be recorded in advance. Therefore, in the present embodiment, the user terminal 100 dynamically generates a pair of the digital signature public key 54 and the digital signature private key 52 at the time of user registration.
- FIG. 19 is a diagram showing an example of a usage flow of the electronic procedure system 1 using the identification card 30 on which the IC chip 32 is not mounted.
- the application program 40 of the electronic procedure system 1 is installed in the user terminal 100 (procedure P23).
- the face image (face feature amount) confirmed by eKYC or the like is stored in the storage unit 120 of the user terminal 100 (procedure P5).
- Procedure P5 is the same as in FIG.
- ⁇ P23 Application installation>
- the application program 40 for using the electronic procedure system 1 is downloaded to the user terminal 100 of the user U.
- the application program 40 downloaded to the user terminal 100 of each user U is associated with a pair of a common challenge public key 58 and a challenge private key 56, and the storage device 20 is associated with the identification information of the application program 40.
- the challenge public key 58 is associated and stored (FIG. 10 (d)).
- the downloaded application is installed on the user terminal 100.
- the information processing apparatus 100 displays the user registration screen for using the electronic procedure system 1 on the display of the user terminal 100.
- the AP server 10 issues a user ID to the user U and performs user registration.
- the user ID is account information required to log in to the electronic procedure system 1 when using the electronic procedure system 1.
- the user U is required to enter an arbitrary password and user ID set by the user U as the account information of the user U.
- the password may be appropriately changed by the user U to improve security.
- the account information (user ID and password) of the user U is stored in the storage device 20.
- the challenge private key 56 is also downloaded and stored in the storage unit 120 of the user terminal 100.
- the challenge secret key 56 may be encoded and stored in the white box encryption, or may be stored in the security area 122 (FIG. 12A) of the storage unit 120.
- ⁇ P5 Identity verification procedure> Similar to the above embodiment, the authenticated facial feature amount is stored in the security area 122 (FIG. 12 (c)) of the storage unit 120 of the user terminal 100 by this procedure P5.
- FIG. 20 is a diagram showing a flow for initial setting of the procedure P27 of FIG. 19 which is executed when the program is started for the first time after downloading the application to the user terminal 100 of the user U in the procedure P23 of FIG.
- this process may be executed even when the program is deleted after downloading and using the program, or when the application is downloaded and started again. Further, even when the user U changes the user terminal 100 to another model, this process is executed when the application is downloaded and started again to the new model.
- the flow of FIG. 20 includes the same steps S201, step S203, step S210, step S221, step S227, and step S229 as the flow of FIG. 14, and further includes steps S401 to S407.
- the identity verification of the user U and the acquisition of the electronic certificate used for the electronic signature thereafter are performed.
- the application is started on the user terminal 100
- the initial registration screen is displayed, and the user U inputs the account information and starts the initial registration process (step S201).
- the AP server 10 executes challenge / response authentication for the user terminal 100 (step S203). Specifically, the AP server 10 generates a random number (challenge) 60 and transmits it to the user terminal 100.
- the user terminal 100 confirms the identity and performs the registration process of the electronic certificate before responding to the challenge from the AP server 10.
- the user terminal 100 executes the personal verification process (step S210).
- the personal verification process in step S210 is the same as the flow of FIG. 15 described above. However, since the identification card 30 is not equipped with the IC chip 32, the collation processing is performed with at least one of the patterns 2 to 4 other than the pattern 1 that uses the facial feature amount 42 from the identification card 30.
- step S210 When the result of the personal verification process in step S210 indicates that the personal authentication is successful (YES in step S221), the authentication unit 104 generates a pair of the digital signature public key 54 and the digital signature private key 52 (step S221). S401). Specifically, the registration unit 108 applies to an arbitrary certificate authority (not shown) or a certificate authority 50 to issue an electronic certificate, and acquires a pair of a public key 54 for digital signature and a private key 52 for digital signature. .. On the other hand, when the personal authentication fails (NO in step S221), the user U is notified that the process is interrupted because the authentication has failed, and the process is terminated.
- the registration unit 108 transmits the acquired public key 54 for digital signature and its digital certificate 55 to the AP server 10 (step S403). Further, the registration unit 108 stores the acquired private key for digital signature 52 in the security area 122 (FIG. 12 (d)) of the storage unit 120 (step S405).
- the execution unit 106 performs a process of applying an electronic signature 62 to the random number (challenge) 60 transmitted from the AP server 10 in step S203 using the challenge secret key 56 and transmitting it to the AP server 10 (step S227). ).
- the AP server 10 When the AP server 10 receives the random number (challenge) 60 to which the electronic signature 62 is given from the user terminal 100, the AP server 10 verifies the challenge response (step S229). For the challenge response verification, the challenge public key 58 stored in the storage device 20 is used. The AP server 10 may notify the user terminal 100 of the result of the challenge verification. For example, it may be notified that the challenge has been successful, and that the predetermined process can be executed if the identity is confirmed in the future. Alternatively, it may be notified that the challenge has failed and therefore the predetermined process cannot be executed.
- the AP server 10 associates the electronic signature public key 54 received from the user terminal 100 with the user ID and stores it in the storage device 20 (FIG. 10 (e)) (step S407).
- the public key 54 for digital signature does not have to be stored in the storage device 20.
- the AP server 10 may inquire of the certificate authority 50 to verify the digital certificate 55 of the public key 54 for digital signature transmitted from the user terminal 100, as in the example described with reference to FIG.
- the electronic signature procedure can be performed in procedure P31.
- the procedure P31 can be performed in the same flow as in FIG. 18 of the above embodiment. Hereinafter, it will be described with reference to FIG.
- the login screen is displayed.
- the account information input by the user U on the login screen is transmitted to the AP server 10 as an authentication request (step S301).
- the account information is automatically transmitted to the AP server 10 as an authentication request using the account information stored in advance in the storage unit 120 of the user terminal 100. May be good.
- the AP server 10 executes challenge / response authentication for the user terminal 100 (step S203). Specifically, the AP server 10 generates a random number (challenge) 60 and transmits it to the user terminal 100.
- FIG. 21 is a flowchart showing an operation example of the information processing apparatus 100 of the present embodiment.
- the flow of FIG. 21 includes steps S7 and S9 similar to those of FIG. 6, and also includes steps S43 and S45.
- the authentication unit 104 activates the camera of the user terminal 100 and displays a guidance screen for taking a face image of the user U on the display.
- the user U operates according to the instruction on the guidance screen to take a face image and a face photograph of the face of the identification card 30.
- the authentication unit 104 acquires the face image of the user U captured by the camera and the face photograph of the face of the identification card 30 (step S43).
- liveness verification may be used together to prevent fraudulent acts such as spoofing.
- the authentication unit 104 collates the facial feature amount extracted from the face image of the user U captured in step S43 with the facial feature amount extracted from the face photograph of the face of the identification card 30 (step S45). This is the pattern 3 of the personal collation process described above, but the collation process may be performed with at least one pattern of patterns 2 to 4 other than the pattern 1.
- step S7 When the authentication of the personal identification information is successful (YES in step S7), the process returns to FIG. 18, and the execution unit 106 uses the challenge public key 58 for the random number (challenge) 60 transmitted from the AP server 10 in step S203.
- the electronic signature 62 is applied and the process of transmitting to the AP server 10 is performed (step S227).
- the AP server 10 When the AP server 10 receives the random number (challenge) 60 to which the electronic signature 62 is given from the user terminal 100, the AP server 10 verifies the challenge response (step S229). For the challenge response verification, the challenge public key 58 stored in the storage device 20 is used.
- the AP server 10 transmits a message to that effect to the user terminal 100, and the execution unit 106 reads the digital signature private key 52 from the security area 122 of the storage unit 120 and adds the digital signature 82 to the electronic document 80. It is transmitted to the AP server 10 (step S303).
- the AP server 10 receives the electronic document 80 from the user terminal 100, the AP server 10 reads out the electronic signature public key 54 (FIG. 10 (c)) associated with the terminal ID of the user U stored in the storage device 20. , Verify the digital signature 82 (step S305).
- the verification result may be transmitted to the user terminal 100, or the electronic document 80 may be transmitted to a predetermined destination when the validity of the electronic certificate is confirmed as a result of the verification of the electronic signature 82. If it is confirmed that the electronic certificate is not valid as a result of the verification, the user terminal 100 may be notified that the electronic signature 82 of the electronic document 80 cannot be submitted (sent) because the electronic signature 82 is not valid. .. Further, if it is confirmed that the digital certificate is not valid, the certificate authority 50 can be requested to revoke the pair of the public key 54 for digital signature and the private key 52 for digital signature.
- the identification card 30 on which the IC chip 32 is not mounted to perform the authentication process for identity verification, fraudulent acts such as spoofing can be prevented and identity verification is required legitimately.
- a predetermined process can be executed. Then, it becomes possible to perform a predetermined process such as applying an electronic signature 82 to the electronic document 80 without performing a complicated operation only by confirming the identity of the user terminal 100. Therefore, the usability and security of the digital signature are improved.
- the embodiments of the present invention have been described above with reference to the drawings, these are examples of the present invention, and various configurations other than the above can be adopted.
- the application program 40 may be executed on a server on the cloud or SaaS (Software as a Service), and the user terminal 100 may function as an operation terminal of the server.
- the above embodiment in which the identity verification is performed on the user terminal 100 has an advantage that the risk of personal information leakage can be further reduced. Therefore, it may be configured to execute some functions (excluding identity verification) of the information processing apparatus 100 on the server.
- the user U receives various services using the identity verification information recorded on the identification card 30, for example, various services related to my number without an electronic document.
- the user authentication process at the time of login to the portal site for the purpose can be performed as a predetermined process.
- the same private key public key pair as the digital signature private key public key pair may be used, but the digital signature process and other processes are subject to different laws and regulations, so the digital signature private key is disclosed. It is preferable to use a private key public key pair different from the key pair. Hereinafter, they are referred to as a user authentication private key 92, a user authentication public key 94, and an electronic certificate 95 thereof.
- FIG. 22 is a flowchart showing an operation example when a login process to the portal site is performed instead of the electronic signature procedure of the procedure P11 of FIG.
- a menu screen is displayed.
- a login request is sent to the AP server 10 (step S331).
- the application program 40 may be started by the operation of the user U, or even if the application program 40 is started by accepting the pressing of the login request button to the portal site after accessing the predetermined portal site with a browser. good.
- the AP server 10 Upon receiving the login request, the AP server 10 executes challenge / response authentication for the user terminal 100 (step S203). Specifically, the AP server 10 generates a random number (challenge) 60 and transmits it to the user terminal 100.
- step S1 in FIG. 6 before responding to the challenge from the AP server 10. Since the identity verification process in step S1 is the same as the content described above, the description thereof will be omitted here.
- the execution unit 106 publishes the challenge to the random number (challenge) 60 transmitted from the AP server 10 in step S203.
- a process of applying an electronic signature 62 using the key 58 and transmitting the digital signature to the AP server 10 is performed (step S333).
- the user authentication public key 94 and its digital certificate 95 stored in the storage unit 120 in step P1 are also transmitted to the AP server 10.
- the AP server 10 When the AP server 10 receives the random number (challenge) 60 to which the electronic signature 62 is given from the user terminal 100, the AP server 10 verifies the challenge response (step S229). For the challenge response verification, the challenge public key 58 stored in the storage device 20 is used.
- the certificate authority 50 is further inquired to verify the digital certificate 95 of the received public key 94 for user authentication (step S337). If the verification is successful, the login process to the portal site is performed (step S339).
- the user ID used for logging in may be, for example, the issue number of the digital certificate 95. In this way, the user U can log in without inputting the login ID and password at the time of the login process.
- Some or all of the above embodiments may also be described, but not limited to: 1. 1.
- the predetermined process is a program including a process of transmitting data with a digital signature.
- An information processing device including an execution means for executing a predetermined process when the authentication is successful. 5.
- An information processing apparatus described in The predetermined process is an information processing apparatus including a process of transmitting data with an electronic signature. 6. 4. Or 5.
- An information processing device further comprising a registration means for storing the terminal specific information in the recording medium when the authentication of the second personal identification information is successful using the first personal identification information by the authentication means.
- the first personal identification information and the terminal specific information are acquired from a portable recording medium in which the first personal identification information and the terminal specific information are recorded.
- the second personal identification information acquired by the sensor mounted on the terminal and the terminal specific information of the terminal are authenticated by using the first personal identification information and the terminal specific information acquired from the recording medium.
- 8. 7. In the information processing method described in The predetermined process is an information processing method including a process of transmitting data with an electronic signature. 9. 7. Or 8.
- Digital signature system 3 Communication network 10 AP server 20 Storage device 30 Identification card 30a My number card 32 IC chip 34 Memory 36 Processor 38 NFC communication unit 40 Application program 42 Face feature amount 44 PIN code 46 Terminal ID 50 Certificate Authority 52 Digital Signature Private Key 54 Digital Signature Public Key 56 Challenge Private Key 58 Challenge Public Key 62 Digital Signature 80 Electronic Document 82 Digital Signature 100 Information Processing Device, User Terminal 102 Acquisition Unit 104 Authentication Unit 106 Execution Unit 108 Registration unit 120 Storage unit 122 Security area 1000 Computer 1010 Bus 1020 Processor 1030 Memory 1040 Storage device 1050 Input / output interface 1060 Network interface
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
Description
関する情報処理装置、情報処理方法、およびプログラムに関する。
第一の側面に係る情報処理装置は、
第1個人特定情報および端末特定情報が記録されている携帯型の記録媒体から前記第1個人特定情報および前記端末特定情報を取得する取得手段と、
前記端末に搭載されたセンサが取得した第2個人特定情報と、当該端末の前記端末特定情報とを、前記記録媒体から取得した前記第1個人特定情報および前記端末特定情報を用いて認証する認証手段と、
前記認証が成功したときに、所定の処理を実行する実行手段と、を有する。
第二の側面に係る情報処理方法は、
情報処理装置が、
第1個人特定情報および端末特定情報が記録されている携帯型の記録媒体から前記第1個人特定情報および前記端末特定情報を取得し、
端末に搭載されたセンサが取得した第2個人特定情報と、当該端末の前記端末特定情報とを、前記記録媒体から取得した前記第1個人特定情報および前記端末特定情報を用いて認証し、
前記認証が成功したときに、所定の処理を実行する、ことを含む。
このコンピュータプログラムは、コンピュータにより実行されたとき、コンピュータに、情報処理装置上で、その情報処理方法を実施させるコンピュータプログラムコードを含む。
<システム概要>
図1は、本発明の実施の形態に係る電子手続きシステム1のシステム構成を概念的に示す図である。電子手続きシステム1は、APサーバ10と、情報処理装置100と、を有している。APサーバ10は、電子証明書(例えば、X.509)を発行する認証局50を含んでもよいし、APサーバ10の外部の認証局50を利用してもよい。情報処理装置100は、ユーザUの所有または利用している携帯端末であり、例えば、スマートフォン、タブレット端末、パーソナルコンピュータなどである。以後、情報処理装置100は、ユーザ端末100とも呼ぶ。
図2は、後述する情報処理装置(ユーザ端末)100を実現するコンピュータ1000のハードウェア構成を例示するブロック図である。図1のAPサーバ10および認証局50も、コンピュータ1000によって実現される。
図6は、本実施形態の情報処理装置100の動作例を示すフローチャートである。
まず、取得部102は、身分証明カード30のICチップ32から第1個人特定情報と端末特定情報を取得する(ステップS1)。この例では、第1個人特定情報は、ユーザUの顔画像またはた顔の特徴量である。端末特定情報は、ユーザ端末100にアプリケーションプログラム40をインストールしたときに割り当てられた端末IDである。
図7は、本実施形態の情報処理装置100の論理的な構成を示す機能ブロック図である。本実施形態の情報処理装置100は、所定の処理に必要な電子署名用秘密鍵52が記録されている身分証明カード30と、ユーザ端末100とを紐付ける処理を行う構成を有する点以外は上記実施形態と同様である。本実施形態の情報処理装置100は、図3の構成に加え、さらに、登録部108を有している。ただし、本実施形態の構成は、他の実施形態の構成の少なくともいずれか一つと矛盾を生じない範囲で組み合わせてもよい。
電子手続きシステム1をユーザUが利用するためには、事前に所定の手続きを行う必要がある。以下、情報処理装置100とマイナンバーカードなどのICチップ32を搭載した身分証明カード30を利用して電子文書80に電子署名82を施す手続きを行うための事前準備について説明する。
図9は、電子証明書の発行申請フローを説明するための図である。
電子証明書は、電子署名用のものと、各種サービスを利用する際の本人確認を行うための利用者証明用のものとがある。ここでは、電子署名用の電子証明書の発行について説明するが、利用者証明用の電子証明書も同様の処理により発行申請できる。
図8の手順P3では、電子手続きシステム1を利用するためのアプリケーションプログラム40をユーザUのユーザ端末100にダウンロードする。各ユーザUのユーザ端末100にダウンロードされるアプリケーションプログラム40には、共通のチャレンジ用公開鍵58とチャレンジ用秘密鍵56のペアが関連付けられていて、記憶装置20にはアプリケーションプログラム40の識別情報とチャレンジ用公開鍵58が関連付けて記憶されている(図10(d))。アプリケーションプログラム40の識別情報は、例えば、アプリケーションプログラム40のバージョンを示す情報であってもよい。また、チャレンジ用公開鍵58は、アプリケーションプログラム40が同じバージョンのものであっても、同じものを継続して使用することによるハッキングなどのリスクを回避するため、所定期間を経過した後、あるいは、任意のタイミングで別のチャレンジ用公開鍵58に変更されてもよい。そのため、例えば、チャレンジ用公開鍵58の取得日時(認証局50からの取得日時)などの情報を関連付けて記憶装置20に記憶してもよい(図10(d))。
<P5:本人確認手続き>
図13は、本人確認手続きを説明するための図である。図13(a)に示すように、ユーザUは、ユーザ端末100のカメラを用いて自身の顔と一緒にマイナンバーカード30aの券面に掲載されている顔写真を撮影する。図13(b)は、本人の顔を撮影した画像と、マイナンバーカード30aの券面の顔写真を含むマイナンバーカード30aを撮影した画像がユーザ端末100に取り込まれた様子を示している。この本人確認の処理は、ユーザ端末100に本人確認のためのアプリケーションをインストールして行われてもよいし、ブラウザ経由で所定のウェブサイト上で行われてもよい。
図14は、図8の手順P3でアプリケーションをユーザUのユーザ端末100にダウンロードした後、初めてプログラムを起動した時に実施される図8の手順P7の初期設定用のフローを示す図である。ただし、ダウンロードしてプログラムを利用した後、プログラムを削除した場合も、再度アプリケーションをダウンロードして起動した場合にも本処理が実行されてよい。また、ユーザUがユーザ端末100を別の機種に変更したような場合にも、新しい機種に再度アプリケーションをダウンロードして起動した場合に本処理は実行される。
(パターン1)カメラで撮影した顔画像から抽出された顔の特徴量と、身分証明カード30から取得した顔特徴量42とを照合する。
(パターン2)カメラで撮影した顔画像から抽出された顔の特徴量と、eKYC(図8の手順P5)で本人確認した際にユーザ端末100の記憶部120のセキュリティエリア122に記録された顔特徴量とを照合する。
(パターン3)カメラで撮影した顔画像から抽出された顔の特徴量と、カメラで撮影した身分証明カード30の券面の顔写真の画像から抽出された顔の特徴量とを照合する。
(パターン4)カメラで撮影した身分証明カード30の券面の顔写真の画像から抽出された顔の特徴量と、eKYC(図8の手順P5)で本人確認した際にユーザ端末100の記憶部120のセキュリティエリア122に記録された顔特徴量とを照合する。
本実施形態の情報処理装置100は、上記した第2実施形態で事前準備した身分証明カード30を用いて本人確認を行い所定の処理を行う構成を有する点以外は上記実施形態と同様である。本実施形態のユーザ端末100は、図7の情報処理装置100と同じ構成を有するので、図7を用いて説明する。ただし、本実施形態の構成は、他の実施形態の構成の少なくともいずれか一つと矛盾を生じない範囲で組み合わせてもよい。
図18は、図8の手順P11の電子署名手続きの詳細フローを示す図である。ここでは、図14に示す手順P7によって初期登録済みの身分証明カード30とユーザ端末100(紐付け済みのユーザ端末100と身分証明カード30)を用いて、電子文書80に電子署名82を施す処理について説明する。
上記実施形態では、ICチップ32が搭載されている身分証明カード30を用いていた。本実施形態では、ICチップ32が搭載されていない身分証明カード30を用いて電子文書80に電子署名82を施すことができる構成について説明する。
まず、ユーザ端末100に電子手続きシステム1のアプリケーションプログラム40をインストールする(手順P23)。次に、eKYCなどにより本人確認された顔画像(顔特徴量)をユーザ端末100の記憶部120に格納する(手順P5)。手順P5は図8と同様である。
図19の手順P23では、電子手続きシステム1を利用するためのアプリケーションプログラム40をユーザUのユーザ端末100にダウンロードする。各ユーザUのユーザ端末100にダウンロードされるアプリケーションプログラム40には、共通のチャレンジ用公開鍵58とチャレンジ用秘密鍵56のペアが関連付けられていて、記憶装置20にはアプリケーションプログラム40の識別情報とチャレンジ用公開鍵58が関連付けて記憶されている(図10(d))。
上記実施形態と同様であり、この手順P5により、認証された顔特徴量はユーザ端末100の記憶部120のセキュリティエリア122(図12(c))に記憶される。
図20は、図19の手順P23でアプリケーションをユーザUのユーザ端末100にダウンロードした後、初めてプログラムを起動した時に実施される図19の手順P27の初期設定用のフローを示す図である。ただし、ダウンロードしてプログラムを利用した後、プログラムを削除した場合も、再度アプリケーションをダウンロードして起動した場合にも本処理が実行されてよい。また、ユーザUがユーザ端末100を別の機種に変更したような場合にも、新しい機種に再度アプリケーションをダウンロードして起動した場合に本処理は実行される。
例えば、上記実施形態では、ユーザ端末100にアプリケーションプログラム40をインストールして情報処理装置100を実現する構成について説明した。しかし他の形態では、アプリケーションプログラム40をクラウド上のサーバや、SaaS(Software as a Service)上で実行させ、ユーザ端末100はサーバの操作端末として機能する構成であってもよい。ただし、ユーザ端末100上で本人確認を行う上記実施形態の方が、個人情報漏洩の危険性をより低減できるという利点がある。よって、情報処理装置100の一部の機能(本人確認などを除く)をサーバで実行させる構成でもよい。
まず、ユーザ端末100でアプリケーションプログラム40を起動すると、メニュー画面が表示される。メニュー画面でユーザUによりポータルサイトへのログインが選択されると、APサーバ10にログイン要求が送信される(ステップS331)。
なお、本発明において利用者(ユーザU)に関する情報を取得、利用する場合は、これを適法に行うものとする。
1. 端末を実現するコンピュータに、
第1個人特定情報および端末特定情報が記録されている携帯型の記録媒体から前記第1個人特定情報および前記端末特定情報を取得する取得手段と、
前記端末に搭載されたセンサが取得した第2個人特定情報と、当該端末の前記端末特定情報とを、前記第1個人特定情報および前記記録媒体から取得した前記端末特定情報を用いて認証する認証手段と、
前記認証が成功したときに、所定の処理を実行する実行手段と、を実現させるためのプログラム。
2. 1.に記載のプログラムにおいて、
前記所定の処理は、電子署名を付与したデータの送信処理を含む、プログラム。
3. 1.または2.に記載のプログラムにおいて、
前記認証手段により、前記第1個人特定情報を用いて前記第2個人特定情報の認証に成功したときに、前記記録媒体に前記端末特定情報を記憶させる登録手段をコンピュータに実現させるためのプログラム。
端末に搭載されたセンサが取得した第2個人特定情報と、当該端末の前記端末特定情報とを、前記記録媒体から取得した前記第1個人特定情報および前記端末特定情報を用いて認証する認証手段と、
前記認証が成功したときに、所定の処理を実行する実行手段と、を備える情報処理装置。
5. 4.に記載の情報処理装置において、
前記所定の処理は、電子署名を付与したデータの送信処理を含む、情報処理装置。
6. 4.または5.に記載の情報処理装置において、
前記認証手段により、前記第1個人特定情報を用いて前記第2個人特定情報の認証に成功したときに、前記記録媒体に前記端末特定情報を記憶させる登録手段をさらに備える、情報処理装置。
第1個人特定情報および端末特定情報が記録されている携帯型の記録媒体から前記第1個人特定情報および前記端末特定情報を取得し、
端末に搭載されたセンサが取得した第2個人特定情報と、当該端末の前記端末特定情報とを、前記記録媒体から取得した前記第1個人特定情報および前記端末特定情報を用いて認証し、
前記認証が成功したときに、所定の処理を実行する、情報処理方法。
8. 7.に記載の情報処理方法において、
前記所定の処理は、電子署名を付与したデータの送信処理を含む、情報処理方法。
9. 7.または8.に記載の情報処理方法において、
前記情報処理装置が、
前記認証手段により、前記第1個人特定情報を用いて前記第2個人特定情報の認証に成功したときに、前記記録媒体に前記端末特定情報を記憶させる、情報処理方法。
3 通信ネットワーク
10 APサーバ
20 記憶装置
30 身分証明カード
30a マイナンバーカード
32 ICチップ
34 メモリ
36 プロセッサ
38 NFC通信部
40 アプリケーションプログラム
42 顔特徴量
44 PINコード
46 端末ID
50 認証局
52 電子署名用秘密鍵
54 電子署名用公開鍵
56 チャレンジ用秘密鍵
58 チャレンジ用公開鍵
62 電子署名
80 電子文書
82 電子署名
100 情報処理装置、ユーザ端末
102 取得部
104 認証部
106 実行部
108 登録部
120 記憶部
122 セキュリティエリア
1000 コンピュータ
1010 バス
1020 プロセッサ
1030 メモリ
1040 ストレージデバイス
1050 入出力インタフェース
1060 ネットワークインタフェース
Claims (9)
- 端末を実現するコンピュータに、
第1個人特定情報および端末特定情報が記録されている携帯型の記録媒体から前記第1個人特定情報および前記端末特定情報を取得する取得手段と、
前記端末に搭載されたセンサが取得した第2個人特定情報と、当該端末の前記端末特定情報とを、前記第1個人特定情報および前記記録媒体から取得した前記端末特定情報を用いて認証する認証手段と、
前記認証が成功したときに、所定の処理を実行する実行手段と、を実現させるためのプログラム。 - 請求項1に記載のプログラムにおいて、
前記所定の処理は、電子署名を付与したデータの送信処理を含む、プログラム。 - 請求項1または2に記載のプログラムにおいて、
前記認証手段により、前記第1個人特定情報を用いて前記第2個人特定情報の認証に成功したときに、前記記録媒体に前記端末特定情報を記憶させる登録手段をコンピュータに実現させるためのプログラム。 - 第1個人特定情報および端末特定情報が記録されている携帯型の記録媒体から前記第1個人特定情報および前記端末特定情報を取得する取得手段と、
端末に搭載されたセンサが取得した第2個人特定情報と、当該端末の前記端末特定情報とを、前記記録媒体から取得した前記第1個人特定情報および前記端末特定情報を用いて認証する認証手段と、
前記認証が成功したときに、所定の処理を実行する実行手段と、を備える情報処理装置。 - 請求項4に記載の情報処理装置において、
前記所定の処理は、電子署名を付与したデータの送信処理を含む、情報処理装置。 - 請求項4または5に記載の情報処理装置において、
前記認証手段により、前記第1個人特定情報を用いて前記第2個人特定情報の認証に成功したときに、前記記録媒体に前記端末特定情報を記憶させる登録手段をさらに備える、情報処理装置。 - 情報処理装置が、
第1個人特定情報および端末特定情報が記録されている携帯型の記録媒体から前記第1個人特定情報および前記端末特定情報を取得し、
端末に搭載されたセンサが取得した第2個人特定情報と、当該端末の前記端末特定情報とを、前記記録媒体から取得した前記第1個人特定情報および前記端末特定情報を用いて認証し、
前記認証が成功したときに、所定の処理を実行する、情報処理方法。 - 請求項7に記載の情報処理方法において、
前記所定の処理は、電子署名を付与したデータの送信処理を含む、情報処理方法。 - 請求項7または8に記載の情報処理方法において、
前記情報処理装置が、
前記認証手段により、前記第1個人特定情報を用いて前記第2個人特定情報の認証に成功したときに、前記記録媒体に前記端末特定情報を記憶させる、情報処理方法。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2022558646A JPWO2022091221A1 (ja) | 2020-10-27 | 2020-10-27 | |
PCT/JP2020/040272 WO2022091221A1 (ja) | 2020-10-27 | 2020-10-27 | 情報処理装置、情報処理方法、およびプログラム |
US18/032,257 US20230394179A1 (en) | 2020-10-27 | 2020-10-27 | Information processing apparatus, information processing method, and non-transitory computer-readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2020/040272 WO2022091221A1 (ja) | 2020-10-27 | 2020-10-27 | 情報処理装置、情報処理方法、およびプログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022091221A1 true WO2022091221A1 (ja) | 2022-05-05 |
Family
ID=81382149
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2020/040272 WO2022091221A1 (ja) | 2020-10-27 | 2020-10-27 | 情報処理装置、情報処理方法、およびプログラム |
Country Status (3)
Country | Link |
---|---|
US (1) | US20230394179A1 (ja) |
JP (1) | JPWO2022091221A1 (ja) |
WO (1) | WO2022091221A1 (ja) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7399929B2 (ja) * | 2021-11-26 | 2023-12-18 | 株式会社日立製作所 | 情報処理システム、情報処理方法、及びプログラム |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001202336A (ja) * | 2000-01-20 | 2001-07-27 | Nippon Telegr & Teleph Corp <Ntt> | 本人認証方法およびこの方法を実施する装置 |
JP2009071629A (ja) * | 2007-09-13 | 2009-04-02 | Casio Comput Co Ltd | 暗号化処理システム |
JP2015045983A (ja) * | 2013-08-28 | 2015-03-12 | Necプラットフォームズ株式会社 | 耐タンパ装置、及び方法 |
JP2019096938A (ja) * | 2017-11-17 | 2019-06-20 | キヤノン株式会社 | システム、システムにおける方法、情報処理装置、情報処理装置における方法、およびプログラム |
-
2020
- 2020-10-27 WO PCT/JP2020/040272 patent/WO2022091221A1/ja active Application Filing
- 2020-10-27 US US18/032,257 patent/US20230394179A1/en active Pending
- 2020-10-27 JP JP2022558646A patent/JPWO2022091221A1/ja active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001202336A (ja) * | 2000-01-20 | 2001-07-27 | Nippon Telegr & Teleph Corp <Ntt> | 本人認証方法およびこの方法を実施する装置 |
JP2009071629A (ja) * | 2007-09-13 | 2009-04-02 | Casio Comput Co Ltd | 暗号化処理システム |
JP2015045983A (ja) * | 2013-08-28 | 2015-03-12 | Necプラットフォームズ株式会社 | 耐タンパ装置、及び方法 |
JP2019096938A (ja) * | 2017-11-17 | 2019-06-20 | キヤノン株式会社 | システム、システムにおける方法、情報処理装置、情報処理装置における方法、およびプログラム |
Also Published As
Publication number | Publication date |
---|---|
US20230394179A1 (en) | 2023-12-07 |
JPWO2022091221A1 (ja) | 2022-05-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220222329A1 (en) | Systems and methods for securely processing a payment | |
TWI749577B (zh) | 二維條碼的處理方法、裝置及系統 | |
EP3647977B1 (en) | Secure data communication | |
US10771256B2 (en) | Method for generating an electronic signature | |
EP3382587B1 (en) | Identity authentication using a barcode | |
US11228587B2 (en) | Method, system, device and software programme product for the remote authorization of a user of digital services | |
KR20180048600A (ko) | 법률 서면을 전자적으로 제공하는 시스템 및 방법 | |
WO2021212009A1 (en) | Systems, methods, and non-transitory computer-readable media for secure biometrically-enhanced data exchanges and data storage | |
US20050229005A1 (en) | Security badge arrangement | |
US20190268158A1 (en) | Systems and methods for providing mobile identification of individuals | |
US8601270B2 (en) | Method for the preparation of a chip card for electronic signature services | |
JP5145179B2 (ja) | 光学式読取りコードを用いた本人確認システム | |
WO2022091221A1 (ja) | 情報処理装置、情報処理方法、およびプログラム | |
WO2017111506A1 (ko) | 본인 대면 확인 검증 시스템 장치 | |
JP7203435B2 (ja) | 本人確認サーバ、本人確認方法、本人確認プログラム | |
JP2009086890A (ja) | 申請受理システムおよび申請受理方法 | |
JP7050466B2 (ja) | 認証システムおよび認証方法 | |
ES2681873T3 (es) | Procedimiento y dispositivo para la signatura electrónica personalizada de un documento y producto de programa informático | |
WO2024095755A1 (ja) | 管理サーバ、情報処理システム、及び、情報処理装置 | |
US20230259602A1 (en) | Method for electronic identity verification and management | |
US20220321347A1 (en) | System, method and apparatus for transaction access and security | |
JP2019153906A (ja) | モバイル運転免許証システム及び携帯端末装置 | |
KR102430793B1 (ko) | 본인인증 방법 및 그 시스템 | |
WO2024024043A1 (ja) | システム及び方法 | |
KR20170118382A (ko) | 실명확인증표를 전자적으로 관리하는 장치 및 방법 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20959739 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18032257 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2022558646 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20959739 Country of ref document: EP Kind code of ref document: A1 |