[go: up one dir, main page]

WO2007013181A1 - Procédé et moyens d'authentification biométrique - Google Patents

Procédé et moyens d'authentification biométrique Download PDF

Info

Publication number
WO2007013181A1
WO2007013181A1 PCT/JP2005/014205 JP2005014205W WO2007013181A1 WO 2007013181 A1 WO2007013181 A1 WO 2007013181A1 JP 2005014205 W JP2005014205 W JP 2005014205W WO 2007013181 A1 WO2007013181 A1 WO 2007013181A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
predetermined key
biometrics
biometric information
request data
Prior art date
Application number
PCT/JP2005/014205
Other languages
English (en)
Japanese (ja)
Inventor
Yasuhisa Tsuchiya
Yasuo Kojima
Original Assignee
Open Firm, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Open Firm, Inc. filed Critical Open Firm, Inc.
Publication of WO2007013181A1 publication Critical patent/WO2007013181A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present invention relates to a biometrics authentication server, a business provider terminal, a program, and a biometric authentication service providing method.
  • a portable storage device that stores registered biometric information of a user, means for reading registered biometric information from the portable storage device, a portable terminal that transmits the registered biometric information and a service request by data communication,
  • a monitoring device that determines whether the registered biometric information transmitted from the mobile terminal is valid, an acquisition unit that acquires biometric information input by a user, the determination result and the registration from the monitoring device Means for receiving biometric information and the service request, means for collating input biometric information by the user with the received preregistered biometric information when the determination result indicates that the determination result is valid, and the input
  • An authentication apparatus comprising means for providing the requested service to the user when the biometric information is valid, and a user authentication system comprising: (See Patent Document 1), etc. is proposed! Ru ⁇ .
  • Patent Document 1 Japanese Patent Application Laid-Open No. 2004-13753
  • the present invention has been made in view of the above problems, and it is possible to ensure user convenience and good protection of personal information, a biometrics authentication server, a business provider terminal, a program,
  • the main purpose is to provide a method for providing a biometric authentication service.
  • the nanometrics authentication server of the present invention that solves the above problems is a server that provides a biometrics authentication service through a network, and stores biometric information of each service user in association with a predetermined key.
  • An authentication request data for requesting biometrics authentication including a predetermined key and authentication target biometric information originating from the client terminal, from an authentication database and a business provider terminal that performs transaction processing of a product 'service with the client terminal.
  • An authentication request receiving unit that receives the authentication data, and a search of the authentication database based on a predetermined key included in the received authentication request data, and an authentication included in the biometric information corresponding to the predetermined key and the authentication request data
  • An authentication execution unit that executes biometrics authentication processing related to target biometric information, and the biometrics authentication The results, and returns to the business provider terminal, and an output processing unit.
  • the authentication database is associated with a predetermined key included in the authentication request data and a service user or biometric information corresponding to the authentication request data.
  • the predetermined key that is included in the authentication request data is handled by the biometrics authentication server from the predetermined key format that is handled by the business provider terminal.
  • the output processing unit Performing the process of converting to the key format, executing the search of the authentication database with the server-side predetermined key that has undergone the conversion process, and biometric information corresponding to the server-side predetermined key and the authentication target biometric information included in the authentication request data
  • the output processing unit returns a biometrics authentication result to the business provider terminal.
  • the authentication request data comprise! /, Was also I! /,.
  • the authentication request receiving unit includes an authentication including authentication target biometric information originating from the client terminal from the business provider terminal.
  • Request data is received, and the authentication execution unit executes a search of the authentication database based on the authentication target biometric information included in the received authentication request data, and stores the authentication target biometric information in the authentication target biometric information.
  • the corresponding predetermined key is specified, and the nanometrics authentication process related to the biometric information to be authenticated included in the authentication request data is executed, and the output processing unit includes the biometrics authentication result and the specified predetermined key. May be returned to the business provider terminal.
  • the business provider terminal of the present invention is a business provider terminal that performs transaction processing of a product 'service with a client terminal, and stores attribute information of each service user in association with a predetermined key.
  • An authentication request transfer unit that receives authentication request data for requesting biometrics authentication, including a predetermined key and authentication target biometric information, from a client terminal, and transmits the authentication request data to a biometrics authentication server; Receiving a result of the biometrics authentication process based on the authentication request data from the biometrics authentication server; and receiving an authentication result receiving unit and the customer database based on the result of the biometrics authentication process.
  • a transaction execution unit that extracts the attribute information of the client and executes the provision of the product 'service to the client terminal using the attribute information. Prepare.
  • the authentication request transfer unit receives authentication request data including authentication target biometric information from a client terminal, and transmits the authentication request data to a biometrics authentication server.
  • the authentication result receiving unit may receive a result of a biometrics authentication process based on the authentication request data and a predetermined key from the biometric authentication server.
  • the program of the present invention is a program for causing a biometrics authentication server to execute a method for providing a nanometrics authentication service through a network, and performs transaction processing of a product 'service with a client terminal.
  • a step of receiving authentication request data for requesting biometrics authentication including a predetermined key and authentication target biometric information originating from the client terminal from a business provider terminal, and a predetermined key included in the received authentication request data Based on the authentication database in which the biometric information of each service user is stored in association with a predetermined key, and the biometric target biometric information corresponding to the predetermined key and the authentication request data included in the authentication request data are executed. Executes biometrics authentication processing related to information And a step of returning the biometrics authentication result to the business provider terminal.
  • the program of the present invention is a product that has undergone biometrics authentication with a client terminal.
  • the client terminal receives authentication request data for requesting nanometric authentication, including a predetermined key and authentication target biometric information, Transmitting this to the biometrics authentication server, receiving a result of the biometrics authentication process based on the authentication request data from the biometrics authentication server, and based on the result of the nanometrics authentication process Then, the attribute information of each service user is extracted from the customer database in which the attribute information is stored in association with a predetermined key, and the product 'service is provided to the client terminal using the attribute information. Steps.
  • the biometrics authentication service providing method of the present invention is a method for providing a biometrics authentication service through a network, and is a business for processing a product 'service with a client terminal.
  • the provider terminal has a customer database in which the attribute information of each service user is stored in a predetermined key, and requests biometrics authentication from the client terminal, including the predetermined key and biometric information to be authenticated.
  • the authentication request data is received and transmitted to the biometrics authentication server.
  • the biometrics authentication server has an authentication database in which the biometric information of each service user is stored in association with a predetermined key.
  • the authentication request data is received from a business provider terminal, and the authentication data is based on a predetermined key included in the received authentication request data.
  • the database is searched, a nanometric authentication process is performed on the biometric information corresponding to the predetermined key and the biometric information to be authenticated included in the authentication request data, and the biometrics authentication result is obtained from the business provider.
  • the business provider terminal receives a result of the biometrics authentication process based on the authentication request data from the biometrics authentication server, and the customer based on the result of the biometrics authentication process It is characterized by extracting attribute information from a database and using the attribute information to provide a product / service to the client terminal.
  • the biometric information managed by the biometrics authentication server is transferred to the business provider terminal.
  • FIG. 1 is a network configuration diagram including a biometrics authentication server and a business provider terminal in the present embodiment.
  • FIG. 2 is a diagram showing data structure examples of (a) an authentication database and (b) a customer database in the present embodiment.
  • FIG. 3 is a flowchart showing an actual procedure example 1 of a method for providing a biometrics authentication service in the present embodiment.
  • FIG. 4 is a flowchart showing an actual procedure example 2 of the method for providing a biometrics authentication service in the present embodiment.
  • FIG. 5 is a flowchart showing an actual procedure example 3 of the biometrics authentication service providing method in the present embodiment.
  • FIG. 6 is a diagram showing an example of a correspondence table for format conversion of a predetermined key in the present embodiment. Explanation of symbols
  • FIG. 1 is a network configuration diagram including a biometrics authentication server and a business provider terminal in the present embodiment.
  • a business provider terminal operating an electronic store or various financial institution sites “on the network” on which the client's personal authentication based on nanometric authentication is assumed to be used, and the client uses A situation is assumed in which the biometrics authentication server of the present invention provides the necessary biometrics authentication processing with the client terminal as a biometrics authentication service.
  • the biometric information managed by the biometrics authentication server which does not provide the iometritas authentication service to the business provider terminal, is separated from the personal information of the user managed by the business provider terminal (for the user corresponding to the biometric information).
  • Management 'ensures that personal information is properly managed and safeguards against unauthorized access from outside.
  • the technical contents based on this point of view form the gist of the present invention.
  • the scope of application of the present invention is not limited to this assumption example, and it can be applied even in a situation where noometrics authentication is performed via a network!
  • the biometrics authentication is to authenticate the person by using different parts of the body and the characteristics of the action in a human individual, and this system is embodied and systematized. Is called a nanometrics authentication (human tally authentication) system.
  • biometric information such as fingerprints, signs, veins, palm prints, retinas, irises, facial appearances, and voices.
  • the biometrics authentication server 100 (hereinafter referred to as server 100) of the present invention is stored in a program database 101 such as a rewritable memory in order to realize the function of executing the method of providing the nanometrics authentication service of the present invention.
  • the read program 102 is read into the memory 103 and executed by the CPU 104 which is an arithmetic unit.
  • the server 100 is responsible for exchanging data with the input / output interface 105 such as buttons, a display, and an LED (Light Emitting Diode) generally provided in the computer device, and the business provider terminal 300. Communication means 106 and the like are included. In this embodiment, the server 100 does not perform data communication with the client terminal 200.
  • the server 100 is connected to the provider terminal 300 via the network 140 such as an Internet LAN or a serial 'interface communication line by the communication means 106, and authentication request data derived from a client, a predetermined key Executes data transfer such as biometrics authentication results.
  • the IZO unit 107 performs data buffering and various mediation processes.
  • the client terminal 200 includes a biometric authentication device 210 that reads biometric information as well as the subject power of biometrics authentication.
  • This biometric authentication device 210 is, for example, a finger or Various sensors 211 such as a palm vein sensor, a fingerprint reader, and an iris photographing device are provided, and the sensor control unit 212 controls the sensors 211.
  • the biometric authentication device 210 may include an IC card reader / writer 223.
  • the biometric authentication device 210 can be processed by reading biometric information from the IC card 224 held by the client and storing biometric information in advance.
  • the client biometric information acquired by the sensors 211 may be stored in the IC card 224.
  • the client terminal 200 executes a process of collating the biometric information of the client read by the IC card 224 with the biometric information acquired by the client sensing by the sensors 211, and the collation result is satisfactory. If only the biometric information is encrypted and sent to the business provider terminal 300 as the authentication request data, it is possible to perform the same processing.
  • the client terminal 200 reads a program in the program database into a memory and executes it by an arithmetic unit.
  • the client terminal 200 includes input / output interfaces such as various keyboards, buttons, and displays, and is connected to the business provider terminal 300 via the network 140 such as a LAN or the Internet to exchange data.
  • the communication means to perform is provided.
  • the client terminal 200 is connected to the business provider terminal 300 via the network 140 such as the Internet, a LAN, or a serial interface communication line by the communication means, and the authentication request data and biometrics Data exchange such as authentication results is executed.
  • the IZO unit performs data buffering and various mediation processes!
  • the client terminal 200 is capable of assuming a personal computer owned by an end user such as an individual.
  • the client terminal 200 has various public properties such as a store such as a convenience store and a station.
  • a store such as a convenience store and a station.
  • information communication terminals installed in buildings, ATMs (Automatic Teller Machines) installed in various financial institutions, entrance / exit management devices installed in companies, and the like can be assumed as examples.
  • the business provider terminal 300 reads out the program 302 in the program database 301 to the memory 303 and executes it by the arithmetic unit 304 in the same manner as the server 100 and the like. To do.
  • the business provider terminal 300 includes an input / output interface 305 such as various keyboards, buttons, and a display, and is connected to the server 100 and the client terminal 200 via a network 140 such as a LAN or the Internet.
  • a communication means 306 is provided for performing exchange.
  • the business provider terminal 300 is connected to the server 100 and the client terminal 200 via the network 140 such as the Internet, LAN, or serial interface communication line by the communication means, so that a sales site for products and services can be obtained.
  • Content data transmission processing, mediation of authentication request data from the client terminal 200, and data exchange such as data presented to the client terminal 200 of the biometrics authentication result from the server 100 are executed.
  • the IZO unit 307 performs data buffering and various mediation processes.
  • the server 100 is provided with an authentication database 125 that stores biometric information of each service user in association with a predetermined key.
  • the server 100 includes a predetermined key and authentication target biometric information originating from the client terminal from the business provider terminal 300 that performs transaction processing of a product 'service with the client terminal 200, and requests authentication for biometrics authentication.
  • An authentication request receiving unit 110 that receives request data is provided.
  • the server 100 executes a search of the authentication database 125 based on a predetermined key included in the received authentication request data, and authentication includes biometric information corresponding to the predetermined key and the authentication request data.
  • An authentication execution unit 111 is provided for executing biometrics authentication processing related to the target biometric information.
  • the server 100 includes an output processing unit 112 that returns the biometrics authentication result to the business provider terminal 300.
  • the business provider terminal 300 includes a customer database 126 that stores attribute information of each service user in association with a predetermined key. Such a business provider terminal 300 receives a predetermined key and an authentication object from the client terminal 200.
  • An authentication request transfer unit 310 that receives authentication request data for requesting biometrics authentication and transmits it to the biometrics authentication server 100.
  • the business provider terminal 300 includes an authentication result receiving unit 311 that receives the result of the biometrics authentication process based on the authentication request data from the biometrics authentication server 100.
  • the business provider terminal 300 extracts attribute information in the customer database 126 based on the result of the biometrics authentication process, and uses the attribute information to extract the client information.
  • the terminal 200 is provided with a transaction execution unit 312 that executes the provision of a product 'service.
  • the authentication database 125 manages the predetermined key included in the authentication request data and the predetermined key associated with the service user or biometric information corresponding to the authentication request data in a non-identical manner
  • the authentication execution unit 111 performs processing for converting the predetermined key included in the authentication request data from the predetermined key format handled by the business provider terminal 300 to the predetermined key format handled by the biometrics authentication server 100! ⁇ ⁇ ⁇
  • the authentication database 125 is searched with the server-side predetermined key that has undergone the conversion process, and biometrics authentication relating to the biometric information corresponding to the server-side predetermined key and the authentication target biometric information included in the authentication request data The process will be executed.
  • the output processing unit 112 returns a biometrics authentication result to the business provider terminal 300
  • the output processing unit 112 includes the authentication request data as information of a predetermined key accompanying the biometrics authentication result.
  • the predetermined key is included.
  • a predetermined key exchanged between the client terminal 200 and the business provider terminal 300 and a place exchanged between the business provider terminal 300 and the server 100 are performed. At a glance, it can be treated as a different key from the fixed key, and even if information leakage occurs, extracting the biometric information and customer information using the predetermined key avoids the situation.
  • the business provider terminal 300 includes a functional unit similar to the authentication execution unit 111.
  • the biometrics authentication server 100 receives a predetermined key included in the authentication request data. It is also possible to assume a situation where processing is performed for conversion to the specified key format (server-side specified key format). In this case, a predetermined key on the server side that has undergone the conversion process.
  • the server 100 is sent from the business provider terminal 300 to the server 100, and the server 100 that has received the search performs a search of the authentication database 125 using the server-side predetermined key.
  • the format conversion process of the predetermined key may be interposed both between the client terminal 200 and the business provider terminal 300 and between the business provider terminal 300 and the server 100.
  • the authentication request receiving unit 110 receives authentication request data including authentication target biometric information originating from the client terminal from the business provider terminal 300, and the authentication The execution unit 111 executes a search of the authentication database 125 based on the authentication target biometric information included in the received authentication request data, specifies a predetermined key corresponding to the authentication target biometric information, and the authentication request Biometrics authentication processing relating to biometric information to be authenticated included in the data, and the output processing unit 112 outputs the biometrics authentication result and the specified predetermined key to the business provider terminal. You can also imagine a situation where you want to reply to 300.
  • the authentication request transfer unit 310 receives authentication request data including authentication target biometric information from the client terminal 200, and transmits the authentication request data to the nanometric authentication server 100.
  • the authentication result receiving unit 311 receives the result of the biometrics authentication process based on the authentication request data and a predetermined key from the biometrics authentication server 100.
  • biometric information to be authenticated is transmitted from the client terminal 200 to the business provider terminal 300. Therefore, in the business provider terminal 300 that does not have the authentication database 125, there is no specific means for identifying who the biometric information is. In other words, even if a situation occurs where information is leaked, there is no information that connects this biometric information with an individual.
  • the server 100 by performing total matching of the authentication target biometric information in the authentication database 125, a predetermined key associated with the biometric information registered in advance as an authentication standard can be specified. Only the predetermined key and the result of biometric authentication are returned from the server 100 to the business provider terminal 300.
  • the business provider terminal 300 can identify this predetermined key strength client and provide a service corresponding to the biometric authentication result.
  • Each of the function units 110 to 112 in the server 100 shown above or each of the function units 310 to 312 in the business provider terminal 300 may be realized as hardware, memory, HDD (Hard It may be realized as a program stored in an appropriate storage device such as Disk Drive).
  • the CPUs 104 and 304 read the corresponding program from the storage device to the memories 103 and 303 in accordance with the execution of the program, and execute it.
  • ATM lines are dedicated lines, WAN (Wide Area Network), power line networks, wireless networks, public line networks, mobile phone networks, serial 'interfaces
  • Various networks such as communication lines can also be adopted.
  • virtual private network technology such as VPN (Virtual Private Network) is used, communication with improved security is established when the Internet is adopted.
  • the serial interface refers to an interface for connecting to external devices by serial transmission that sends data one bit at a time using a single signal line.
  • RS-232C, RS-422, IrDA, USB, IEEE1394, fiber channel, etc. can be assumed.
  • FIG. 2 is a diagram showing examples of data structures of (a) the authentication database 125 and (b) the customer database 126 in the present embodiment.
  • the authentication database 125 is a database that stores biometric information of each service user in association with a predetermined key. This biometric information is obtained, for example, by receiving the biometric information included in the registration request data received from the business provider terminal 300 or the client terminal 200 from the business provider terminal 300, and the biometric information has a unique predetermined key. This is the data to be registered by associating.
  • Such an authentication database 125 is, for example, a set of records in which data such as biometric information data, business provider or product information that requires authentication, and information such as registration date and time are associated with a predetermined key.
  • the customer database 126 is a database that stores attribute information of each service user in association with the predetermined key.
  • the predetermined key in the authentication database 125 The predetermined key in the customer database 126 is the same as that set for the same service user (user).
  • Such a customer database 126 is, for example, a collection of records in which the customer name, address, and the predetermined key are associated with the customer ID.
  • FIG. 3 is a flowchart showing an actual procedure example 1 of the method for providing a biometrics authentication service in the present embodiment.
  • the business provider in this embodiment has a contract for providing a biometrics authentication service with the server 100 in advance, and the authentication request data originating from the client terminal 200 is sent to the biometrics authentication engine 130 included in the server 100.
  • the business provider terminal 300 has an execution program and various interfaces for transferring.
  • the execution program and interface data are, for example, appropriately disclosed on the network 140 by the server 100 and provided in response to downloading from the business provider terminal 300.
  • the biometric authentication device 210 executes biometric information reading of fingerprint information of the client itself as biometric information.
  • the biometric authentication device 210 executes the fingerprint reading process of the client with the sensors 211 to acquire fingerprint information and to print the fingerprint information.
  • Information is sent to the client terminal 200.
  • the client terminal 200 encrypts this fingerprint information and transmits it to the server 100.
  • the server 100 acquires the biometric information of the client from the client terminal 200 and decrypts it, and stores it in the authentication database 125 in association with a predetermined key.
  • the procedure for acquiring the biometric information is only an example, and the server 100 reads the appropriate recording medium storing the biometric information of the client and acquires the biometric information of each client. There may be.
  • the means for generating the authentication database 125 does not matter.
  • the predetermined key is a means for preliminarily suppressing concerns such as information leakage caused by managing personal information on the network, which may be an ID that links a client and its biometric information. It must not be the client's personal information (or information pronounced of personal information).
  • the predetermined key is transmitted from the server 100 to the client terminal 200 of the client.
  • the business provider terminal 300 transmits an authentication request that is transmitted from the client terminal 200 (S0001) and includes the predetermined key and biometric information to be authenticated, and requests noometric authentication.
  • Receive data (S 1000).
  • the biometric information to be authenticated is data acquired by the client terminal 200 when, for example, the client terminal 200 reads the fingerprint information of the client at the client terminal 200 as described above.
  • the business provider terminal 300 transmits the authentication request data to the server 100 (S100
  • the server 100 receives the authentication request data transmitted from the business provider terminal 300 (S1002).
  • the server 100 executes a search of the authentication database 125 based on the predetermined key included in the authentication request data received here (S1003). Further, the server 100 performs biometrics authentication processing by determining whether the biometric information corresponding to the predetermined key matches the biometric information to be authenticated included in the authentication request data, such as Z mismatch (S 1004 ). As for the technology of the nanometrics authentication processing, the existing biometrics authentication technology may be adopted.
  • the server 100 returns the biometric authentication result to the business provider terminal 300 (S1005). Thus, the business provider terminal 300 receives the result of the biometrics authentication process based on the authentication request data from the server 100 (S 1006).
  • the business provider terminal 300 extracts attribute information (for example, personal information that needs to be used for providing products and services) in the customer database 126 based on the result of the biometrics authentication process. (S1007).
  • the business provider terminal 300 uses the attribute information to provide the product 'service to the client terminal 200 (S1008), and ends the process.
  • the client terminal 200 will enjoy the provision of this product 'service (S 1009
  • the biometric information managed by the nanometric authentication server 100 is managed and used separately from the user's personal information managed by the business provider terminal 300 (the user corresponding to the biometric information). Therefore, we will ensure proper management of personal information and defensive measures against unauthorized access by external force.
  • the technical contents based on this point of view form the gist of the present invention.
  • FIG. 4 shows the flow diagram.
  • the business provider terminal 300 that does not have the authentication database 125, there is no means for accurately identifying who the biometric information sent from the client terminal 200 is. Therefore, only the biometric information is received from the client terminal 200 (s2000, s2001) and transferred to the server 100 (s2002). In other words, it can be said that even if a situation occurs where information is leaked, there is not even information that reliably connects the biometric information and the individual customer.
  • the server 100 by performing total matching on the authentication target biometric information in the authentication database 125, it is possible to specify a predetermined key that is registered in advance as an authentication standard and associated with the biometric information. Only the predetermined key and the result of biometric authentication are returned from the server 100 to the business provider terminal 300.
  • the business provider terminal 300 can identify a client based on the predetermined key strength and provide a service according to the biometric authentication result.
  • the authentication request receiving unit 1 10 receives authentication request data including authentication target biometric information originating from the client terminal from the business provider terminal 300 (s2003). Further, the authentication execution unit 111 executes a search of the authentication database 125 based on the authentication target biometric information included in the received authentication request data (s2004), and a predetermined key corresponding to the authentication target biometric information And the biometrics authentication process related to the biometric information to be authenticated included in the authentication request data (s2005). Also, the output processing unit 112 returns the biometrics authentication result and the specified predetermined key to the business provider terminal 300 (s2006).
  • the authentication request transfer unit 310 receives authentication request data including authentication target biometric information from the client terminal 200 and transmits it to the biometrics authentication server 100. It becomes a thing (s2000). Further, the authentication result receiving unit 311 receives the result of the biometrics authentication process based on the authentication request data and a predetermined key from the biometrics authentication server 100 (s2007).
  • the business provider terminal 300 searches the customer database 126 to extract information about the customer (s2008), and provides the product 'service to the client terminal 200 according to this information. Is executed (s2009). The client terminal 200 enjoys the provision of this product service (s2010), and the process ends.
  • the predetermined key exchanged between the client terminal 200 and the business provider terminal 300 and the predetermined key exchanged between the business provider terminal 300 and the server 100 are treated as different on the surface.
  • Figure 5 shows an example of the flow in this case.
  • the authentication database 125 manages the predetermined key included in the authentication request data and the predetermined key associated with the service user or biometric information corresponding to the authentication request data in a non-identical manner. Is assumed.
  • the client terminal 200 transmits authentication request data including the customer ID handled by the client terminal as a key to the business provider terminal 300 (s3000).
  • Business provider terminal 300 receives this (s3001), converts this customer ID to the correspondence table 600, for example, converts it to the key format handled by the business provider terminal 300 (s3002), and transfers this to the server 100 together with the biometric information. (S3003).
  • the authentication execution unit 111 of the server 100 applies a predetermined key (eg, a key handled by the business provider terminal 300 or a customer ID handled by the client terminal) included in the authentication request data to the correspondence table 650. Then, the data is converted into a predetermined key format handled by the biometrics authentication server 100 (s3004, s3005).
  • a predetermined key eg, a key handled by the business provider terminal 300 or a customer ID handled by the client terminal
  • the server 100 searches the authentication database 125 with the server-side predetermined key that has undergone the conversion process (s3006), and the biometric information corresponding to the server-side predetermined key and the authentication request data are The biometrics authentication process related to the authentication target biometric information is executed (s3007).
  • the output processing unit 112 includes a predetermined key information included in the authentication request data as information on a predetermined key associated with the biometrics authentication result when returning a nanometric authentication result to the business provider terminal 300. It will include the key. That is, the server-side predetermined key is returned to the key of the format handled by the business provider terminal 300 and is included in the authentication result (s3008).
  • the business provider terminal 300 receives the key in the format of the business provider terminal 300 and the authentication result (s3010), and searches the customer database 126 based on this key (s3011) Then, the product 'service provision process based on the customer information obtained by this search process is executed (s3012). The client terminal 200 enjoys the product 'service provision process (s3013), and the process ends.
  • the business provider terminal 300 includes a functional unit similar to the authentication execution unit 111.
  • a predetermined key included in the authentication request data is assigned to the biometrics authentication server 100. It is also possible to envisage a situation where processing is performed for conversion to the specified key format (server-side specified key format) handled by the server. In this case, the server-side predetermined key that has undergone the conversion process is sent from the business provider terminal 300 to the server 100, and the server 100 that has received it searches the authentication database 125 using the server-side predetermined key. Execute.
  • a correspondence table 600 in FIG. 6A is a table used for format conversion of a predetermined key between the client terminal 200 and the business provider terminal 300.
  • the customer ID sent from the client terminal 200 that is, a predetermined key on the customer side
  • the corresponding table 600 in the business provider terminal 300 that is, the corresponding predetermined key, that is, the business provider terminal. It can be converted into a predetermined key on the side and used.
  • the correspondence table 650 in FIG. 6B is a table used for format conversion of a predetermined key between the business provider terminal 300 and the server 100.
  • the predetermined key on the business provider terminal side transmitted from the business provider terminal 300 is used by converting it into the corresponding predetermined key on the correspondence table 650, that is, the predetermined key on the server side. be able to.
  • the conversion processing in the conversion tables 600 and 650 may be converted into an algorithm (for the algorithm, a reversible output character string can be generated from an input value). Can be assumed).
  • the conversion table 600 can be incorporated in the customer database 126 and the conversion table 650 can be incorporated in the authentication database 125 in advance.
  • the embodiment of the present invention can be variously modified without departing from the gist of the present invention, which is not limited to the force specifically described based on the embodiment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Le problème à résoudre dans le cadre de la présente invention consiste à trouver un moyen convivial de protéger efficacement les données personnelles. La solution proposée consiste en un serveur d'identification biométrique (100) comportant les éléments suivants : un récepteur de requêtes d'identification biométrique (110) qui reçoit des requêtes comportant une clé prédéterminée et des données d'identification biométrique provenant d'un terminal client, d'un terminal d'entreprise (300) qui échange des services ou des marchandises avec le terminal client (200), un outil d'identification (111) qui fait une recherche dans la base de données d'authentification (125) conformément à une clé prédéterminée contenue dans la requête d'authentification et exécute l'authentification biométrique conformément aux informations biométriques correspondant à la clé prédéterminée et aux informations biométriques contenues dans la requête d'authentification et une unité de sortie (112) qui délivre le résultat de l'authentification biométrique au terminal de l'entreprise (300).
PCT/JP2005/014205 2005-07-27 2005-08-03 Procédé et moyens d'authentification biométrique WO2007013181A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2005217812A JP2007034735A (ja) 2005-07-27 2005-07-27 バイオメトリクス認証サーバ、事業提供者端末、プログラム、バイオメトリクス認証サービス提供方法
JP2005-217812 2005-07-27

Publications (1)

Publication Number Publication Date
WO2007013181A1 true WO2007013181A1 (fr) 2007-02-01

Family

ID=37683089

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/014205 WO2007013181A1 (fr) 2005-07-27 2005-08-03 Procédé et moyens d'authentification biométrique

Country Status (2)

Country Link
JP (1) JP2007034735A (fr)
WO (1) WO2007013181A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7648782B2 (en) 2006-03-20 2010-01-19 Tokyo Electron Limited Ceramic coating member for semiconductor processing apparatus

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010030431A2 (fr) * 2008-06-27 2010-03-18 Global Rainmakers, Inc. Procédé permettant de confirmer l'identité d'une personne tout en masquant les données personnelles de cette personne
JP5511277B2 (ja) * 2009-09-16 2014-06-04 株式会社日立ソリューションズ 認証システム
JP5633269B2 (ja) * 2010-09-16 2014-12-03 富士ゼロックス株式会社 情報処理装置及びプログラム
JP4970585B2 (ja) 2010-11-10 2012-07-11 株式会社東芝 サービス提供システム及びユニット装置
US10043229B2 (en) 2011-01-26 2018-08-07 Eyelock Llc Method for confirming the identity of an individual while shielding that individual's personal data
WO2024042682A1 (fr) * 2022-08-25 2024-02-29 日本電気株式会社 Dispositif de gestion d'informations biométriques, système de fourniture de services mettant en œuvre une authentification biométrique, procédé de gestion d'informations biométriques et support lisible par ordinateur

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10232811A (ja) * 1997-02-20 1998-09-02 Hitachi Ltd データベースのセキュリティ管理方法
JPH11250165A (ja) * 1997-11-12 1999-09-17 Citicorp Dev Center Inc 分散ネットワークベースの電子ウォレット
JP2001359169A (ja) * 2000-06-16 2001-12-26 Fuji Xerox Co Ltd 情報提供システム
JP2004348303A (ja) * 2003-05-21 2004-12-09 Fujitsu Ltd 物体検出装置及びプログラム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10232811A (ja) * 1997-02-20 1998-09-02 Hitachi Ltd データベースのセキュリティ管理方法
JPH11250165A (ja) * 1997-11-12 1999-09-17 Citicorp Dev Center Inc 分散ネットワークベースの電子ウォレット
JP2001359169A (ja) * 2000-06-16 2001-12-26 Fuji Xerox Co Ltd 情報提供システム
JP2004348303A (ja) * 2003-05-21 2004-12-09 Fujitsu Ltd 物体検出装置及びプログラム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Networks no Ni Gijutsu o Kaku ni shita Ko Fukukachi Service, PKI to Biometrics Ninsho o Renkei Saseta Seitai Joho Kagi Kiban 'BKI'", BUSINESS COMMUNICATION, KABUSHIKI KAISHA BUSINESS COMMUNICATION, vol. 37, no. 2, 1 December 2000 (2000-12-01), pages 64 - 65, XP003007393 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7648782B2 (en) 2006-03-20 2010-01-19 Tokyo Electron Limited Ceramic coating member for semiconductor processing apparatus

Also Published As

Publication number Publication date
JP2007034735A (ja) 2007-02-08

Similar Documents

Publication Publication Date Title
JP4531140B2 (ja) 生物測定学的証明書
JP4511684B2 (ja) バイオメトリクス本人確認サービス提供システム
US6122737A (en) Method for using fingerprints to distribute information over a network
TW511362B (en) Protection of biometric data via key-dependent sampling
JP2950307B2 (ja) 個人認証装置と個人認証方法
US8775814B2 (en) Personalized biometric identification and non-repudiation system
JP5309088B2 (ja) 生体認証システムにおける、生体情報の登録方法、テンプレートの利用申請の方法、および、認証方法
US20120032782A1 (en) System for restricted biometric access for a secure global online and electronic environment
US20070180263A1 (en) Identification and remote network access using biometric recognition
US20010051924A1 (en) On-line based financial services method and system utilizing biometrically secured transactions for issuing credit
US7979357B2 (en) Electronic commerce method, electronic commerce system, certificate terminal, and principal certification method by agent
JP4033865B2 (ja) 個人情報管理システムおよび仲介システム
JP3798655B2 (ja) 匿名個人情報の提供方法、匿名個人情報の提供システムおよびプログラム
Prasanalakshmi et al. Two-way handshake user authentication scheme for e-banking system
WO2007013181A1 (fr) Procédé et moyens d'authentification biométrique
KR20010016395A (ko) 인터넷을 기반으로 하는 지문을 이용한 회원관리 시스템및 방법
JP2000188594A (ja) 認証システム及び指紋照合装置並びに認証方法
JP2008103949A (ja) 署名認証端末及び署名認証システム及び署名確認システム及び署名認証プログラム及び署名確認プログラム及び署名認証方法及び署名確認方法
KR101024370B1 (ko) 개인자산관리 시스템을 이용한 통합 메신저 뱅킹 방법
JP2002229956A (ja) バイオメトリクス認証システム,バイオメトリクス認証局,サービス提供サーバ,バイオメトリクス認証方法及びプログラム並びにサービス提供方法及びプログラム
JP4300778B2 (ja) 個人認証システム,サーバ装置,個人認証方法,プログラム及び記録媒体。
JP2004295507A (ja) 携帯機器を用いた身分証明方法,システム及びプログラム
US20020062441A1 (en) Authentication apparatus for authentication to permit electronic document or payment by card using personal information of individual, verification apparatus for verifying individual at payment site, and electronic authentication system interconnecting the same
Kwakye et al. Adoption of biometric fingerprint identification as an accessible, secured form of ATM transaction authentication
JP7434655B1 (ja) 認証システム、端末装置、本人確認方法、及び、プログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC

122 Ep: pct application non-entry in european phase

Ref document number: 05768502

Country of ref document: EP

Kind code of ref document: A1