JP2007258789A - Agent authentication system, agent authentication method, and agent authentication program - Google Patents

Abstract

The authenticity of an agent can be guaranteed, the authentic user of the agent can be confirmed reliably, and the safety of biometric information used for the confirmation of the authentic user of the agent can be improved. The purpose is to.
In an agent authentication process, a tamper resistant device 20 encrypts BioData A (i) with a secret random number key Ksec (i), encrypted biometric information E _{Ksec (i)} (BioData A (i)), a hash value H (I), public random number (PR (i)), signature Sig _{K (i)} (agent), etc. are stored in the agent 40. The BA server 60 calculates a hash value BH (i) or the like using the secret random number key, and uses the stored information of the agent 40 that has moved, whether the signature is appropriate, and whether the agent 40 is authentic. Or whether the person A to be authenticated is the principal.
[Selection] Figure 10

Description

  According to the present invention, a biometric information receiving terminal that receives biometric information of a person to be authenticated and information stored in an agent that has moved from the biometric information receiving terminal can be used to authenticate the authenticated person. The present invention relates to an agent authentication system including a biometric authentication server that performs a determination, an agent authentication method, and an agent authentication program for executing an agent authentication process.

  2. Description of the Related Art Conventionally, processing methods for performing various types of information processing by an agent without using the client terminal itself have been used. Conventionally, as an authentication method for performing personal authentication, an authentication method using biometric information such as a fingerprint, a face image, and an iris of a person to be authenticated read by a biometric information reader is used. This authentication method includes a server authentication method in which an authentication server performs authentication processing, and a client authentication method in which a client terminal performs authentication processing.

  In the server authentication method, for example, a template created based on biometric information is transmitted to a BA (biometric authentication) server, and authentication processing based on the template is performed by the BA server on behalf of the authenticator (for example, Patent Document 1). reference).

  In the client authentication method, for example, an authentication process based on a template created based on the above-described biometric information is performed by a tamper-resistant device or a client terminal.

Japanese Patent Laid-Open No. 6-262882

  In the conventional technology described above, an agent is an execution entity that performs various processes as a user's agent in a computer network. Therefore, the association between the agent and the user is very important in order to guarantee that the agent is a genuine agent acting on behalf of the user and that the processing is executed according to the intention of the user.

  However, in the conventional technology, the user who uses the agent is often not authenticated, and the case where the user is authenticated is only based on a password. Passwords have a high risk of being leaked by being stolen or easily guessed by others, and there is a problem that the connection with the person is not necessarily strong.

  On the other hand, personal authentication (biometrics authentication) based on biometric information such as fingerprints and faces is a strong personal authentication means that uses the human factors (or behavioral factors) of the person and is strongly associated with the person. It can be said. However, in the actual environment, there are problems such as false authentication such as refusal of the person or acceptance of others, and the risk of impersonation due to fake fingerprints.

  Biometrics authentication can reduce the risk of false authentication and spoofing by combining multiple authentication factors (multimodalization). However, client terminals such as network terminals and tamper resistant devices have poor resources such as CPU and memory, so it is difficult to implement a plurality of authentication engines. .

  In addition, since biometric information is the ultimate personal information and cannot be substituted, it must be managed and operated safely by individual users and systems. Even if the biometric information stored in the tamper resistant device is kept highly secure, there is a problem that there is a risk that the biometric information transmitted on the communication network is intercepted and decoded.

  The present invention solves the above-mentioned problems, can guarantee the authenticity of the agent, can surely confirm the authentic user of the agent, and can further verify the biometric information used for confirming the authentic user of the agent. The purpose is to increase safety.

  The agent authentication system according to the present invention includes a biometric information receiving terminal that receives biometric information of a person to be authenticated and information stored in an agent that has moved from the biometric information receiving terminal. An agent authentication system including a biometric authentication server that determines whether or not authentication is possible, wherein the biometric information receiving terminal is generated by calculating an arbitrarily selected first numerical value using a one-way function. First numerical key storage means for storing the first numerical key in advance, and encrypted biometric information obtained by encrypting the received biological information using the first numerical key stored in the first numerical key storage means. One of the encrypted biometric information storage means stored in the agent, the first numerical key stored in the first numerical key storage means and the arbitrarily selected second numerical value. Second numerical key generating means for generating a second numerical key by calculating using a sex function, second numerical value storing means for storing the second numerical value in the agent, and storing in the first numerical key storage means Agent identification information storage for storing agent identification information generated by computing the first numerical key that is used and agent invariant information that the agent has invariably using a one-way function in the agent And the biometric authentication server includes a biometric information storage unit that stores biometric information of the person to be authenticated in advance, a server-side first numerical key storage unit that stores the first numerical key in advance, The first numerical key stored in the server-side first numerical key storage means and the agent that the agent moving through the communication network has invariably Agent identification information collating means for collating agent identification information generated by calculating agent invariant information using a one-way function and agent identification information stored in the agent, and the agent identification information collating means And agent determination means for determining that the moved agent is authentic when it is determined that the generated agent identification information matches the agent identification information stored in the agent. Decrypted biometric information obtained by decrypting the encrypted biometric information stored in the agent with the first numeric key stored in the server-side first numeric key storage means, and the biometric information stored in the biometric information storage means Biometric information collating means for collating information, and the biometric information collating means Authentication means for deciding to authenticate the person to be authenticated when it is determined that the decrypted decrypted biometric information matches the biometric information stored in the biometric information storage means. It is characterized by that.

  The biometric information reception terminal has signature information storage means for storing in the agent the signature information of the agent generated using the second numerical key generated by the second numerical key generation means. A second numerical value is obtained by calculating a first numerical key stored in the first numerical key storage means and a second numerical value stored in the agent moving through the communication network using a one-way function. Stored in the server-side second numerical key generation means for generating the key, the signature information of the agent generated using the second numerical key generated by the server-side second numerical key generation means, and the agent that has moved Signature information collating means for collating with the signature information that has been sent, and the signature information of the agent generated by the signature information collating means is sent to the agent that has moved If it is determined that they match the signature information that is paid, the information of the mobile to have the agent has not been tampered with determining the signature information judging authentication means may be configured to have.

  The first numerical value is, for example, a secret random number that is used only within the biometric information receiving terminal, and the second numerical value is a public random number that is also used outside the biometric information receiving terminal, for example. The one-way function is, for example, a hash function. Furthermore, the biological information receiving terminal is a tamper resistant device having tamper resistance, for example.

  The agent is moved from the biometric information receiving terminal into the biometric authentication server via the communication network when the predetermined authentication use information including the encrypted biometric information is stored by the biometric information receiving terminal, and the biometric authentication server that has moved May be configured to make an authentication request.

  The agent is software including agent invariant information, which is an invariant program and data, and may be configured to operate on stored hardware.

  In addition, the agent authentication method of the present invention uses the biometric information receiving terminal that receives the biometric information of the person to be authenticated and information stored in the agent that has moved from the biometric information receiving terminal. An agent authentication method that is performed by a biometric authentication server that determines whether or not an authenticator can be authenticated, wherein the biometric information receiving terminal is generated by calculating an arbitrarily selected first numerical value using a one-way function. Storing the encrypted biometric information obtained by encrypting the received biometric information in the agent using the first numeric key stored in the first numeric key storage means for storing one numeric key in advance; By calculating the first numerical key stored in the single numerical key storage means and the arbitrarily selected second numerical value using a one-way function, a second numerical value is obtained. Generating the first numerical key stored in the first numerical key storage means and the agent invariant information that the agent has invariably Storing the agent identification information generated by calculating the first identification key using a one-way function in the agent, wherein the biometric authentication server stores the first numerical key in advance on the server side first Generated by computing the first numerical key stored in the numerical key storage means and the agent invariant information that the agent moving through the communication network has invariably using a one-way function Collating agent identification information with agent identification information stored in the agent; and When it is determined that the agent identification information matches the agent identification information stored in the agent, the step of determining that the agent that has moved is authentic, and the encryption stored in the agent that has moved Stored in the biometric information storage means for storing in advance the decrypted biometric information obtained by decrypting the biometric information with the first numeric key stored in the server-side first numeric key storage means and the biometric information of the person to be authenticated. The biometric information is compared, and when it is determined that the decrypted decrypted biometric information matches the biometric information stored in the biometric information storage means, And deciding to authenticate.

  Further, the agent authentication program of the present invention uses the biometric information receiving terminal that receives the biometric information of the person to be authenticated and information stored in the agent that has moved from the biometric information receiving terminal. An agent authentication program for causing a biometric authentication server to determine whether or not to authenticate an authenticator to execute an agent authentication process, wherein the biometric information receiving terminal calculates a first value arbitrarily selected by a one-way function Using the first numerical key stored in the first numerical key storage means for storing the first numerical key generated in advance, the encrypted biological information obtained by encrypting the received biological information is stored in the agent. A unidirectional relationship between the step and the first numerical key stored in the first numerical key storage means and the arbitrarily selected second numerical value. Generating a second numerical key by computing using the step, storing the second numerical value in the agent, and the first numerical key and the agent stored in the first numerical key storage means Storing the agent identification information generated by calculating the agent invariant information that the agent has invariably using a one-way function in the agent, and causing the biometric authentication server to execute the first authentication Unidirectionality between the first numerical key stored in the server-side first numerical key storage means for storing the numerical key in advance and the agent invariant information that the agent moving through the communication network has invariably Agent identification information generated by calculation using a function, and agent identification stored in the agent And a step of determining that the agent that has moved is authentic when it is determined that the generated agent identification information matches the agent identification information stored in the agent; Decrypted biometric information obtained by decrypting the encrypted biometric information stored in the agent that has moved with the first numeric key stored in the server-side first numeric key storage means, and the biometric information of the person to be authenticated The biometric information stored in the biometric information storage means, and the decrypted decrypted biometric information matches the biometric information stored in the biometric information storage means. And the step of deciding to authenticate the person to be authenticated.

  According to the present invention, the authenticity of an agent can be guaranteed, the authentic user of the agent can be surely confirmed, and the safety of biometric information used for confirming the authentic user of the agent can be improved. Can do.

Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is a block diagram illustrating a configuration example of an agent authentication system 100 according to an embodiment of the present invention.

  As shown in FIG. 1, the agent authentication system 100 includes an information processing apparatus 10 including a tamper resistant apparatus 20, an application server 50, and a BA server (biometric authentication server) 60. The information processing apparatus 10, the application server server 50, and the BA server 60 are connected to a communication network 70 such as the Internet or a dedicated line.

  The tamper resistant device 20 is an information processing device such as a personal computer, and is configured to have improved tamper resistance by software or hardware. “Tamper resistance” means the ability to prevent reading of confidential data from outside by unauthorized (unauthorized) means. In addition, as a method of improving tamper resistance, a method of increasing confidentiality so that it is difficult to read data etc. from outside by unauthorized means, and data etc. are likely to be read from outside by unauthorized means. A method is sometimes known that includes a mechanism for destroying the data.

  The information processing apparatus 10 is a client terminal that can receive a service provided by the application server 50. Specific examples of the information processing device 10 include, for example, a terminal device provided with a billing function using electronic money installed in a convenience store, an ATM device (automatic teller machine) such as a bank, and managed by each individual. There are personal computers and portable communication terminals.

  The tamper resistant device 20 is installed in the information processing device 10. The information processing apparatus 10 may be connected and installed.

  The application server 50 is configured by an information processing apparatus such as a WWW server or a workstation server, and has a function for executing various services provided after personal authentication such as provision of content.

  The BA server 60 is configured by an information processing apparatus such as a WWW server or a workstation server, and is managed by, for example, a national organization or a trusted third party organization. The BA server 60 authenticates the person A to be authenticated and the agent 40 on the information processing apparatus 10 side in response to an authentication request from the agent 40 (see FIG. 4) based on an application provision request from the information processing apparatus 10, for example. Process.

  FIG. 2 is a block diagram illustrating an example of the configuration of the information processing apparatus 10 including the tamper resistant apparatus 20. As illustrated in FIG. 2, the information processing apparatus 10 includes an agent generation unit 11, an agent operation unit 12, and a data communication unit 13. The tamper resistant apparatus 20 includes a biometric information reading unit 21, a secret random number generation unit 22, a random number storage unit 23, a secret random number key storage unit 24, an encryption signature processing unit 25, and a secret random number key generation unit 27. , A public random number generation unit 28, a hash value calculation unit 29, a data communication unit 30, and a one-time key generation unit 31.

  The agent generation unit 11 performs various processes for storing various information necessary for the authentication process by the BA server 60 in the agent 40. By storing various information by the agent generation unit 11, the agent 40 is generated in a valid state.

  The agent operating unit 12 performs processing for operating the agent generated by the agent generating unit 11 and moving it to the BA server 60 or the like via the data communication unit 13.

  The data communication unit 13 has a function for performing data communication with the tamper resistant device 20, the BA server 60, the application server 50, and the like via the data communication unit 30 and the communication network 70.

  The biometric information reading unit 21 has a function of executing various processes such as a process of receiving biometric information read by the biometric information reading device 80. The biometric information reading device 80 is a device that reads biometric information such as a fingerprint, a face, an iris, and a vein from an authenticated person.

  The secret random number generation unit 22 has a function of executing various processes such as a process for generating a secret random number described later. The random number storage unit 23 is configured by an information storage medium such as a database device, for example, and stores various types of information such as a secret random number generated by the secret random number generation unit 22.

  The secret random number key storage unit 24 is configured by an information storage medium such as a database device, for example, and stores various types of information such as a secret random number key described later generated by the secret random number key generation unit 27. The cryptographic signature processing unit 25 has a function of executing encryption and decryption of data, generation of signature information, and the like.

  The secret random number key generation unit 27 has a function of executing various processes such as a process of generating a secret random number key based on the secret random number. The public random number generator 28 has a function of executing various processes such as a process for generating a public random number, which will be described later.

  The hash value calculation unit 29 has a function of executing various processes such as a process of calculating a hash value from given data using a hash function prepared in advance.

  The data communication unit 30 has a function for performing data communication with the information processing apparatus 10 or the like via the data communication unit 13.

  The one-time key generation unit 31 has a function of executing various processes such as a process for generating a one-time key using a secret random number key and a public random number.

FIG. 3 is a block diagram illustrating an example of the configuration of the BA server 60.
As shown in FIG. 3, the BA server 60 includes a secret random number key registration unit 51, a secret random number key storage unit 52, a hash value calculation unit 53, a signature hash value verification unit 54, a data communication unit 55, A time key generation unit 56, a one-time key storage unit 57, a biometric information registration unit 58, a biometric information storage unit 59, a biometric information collation determination unit 60, an encryption signature processing unit 61, and an agent operating unit 62 Including.

  The secret random number key registration unit 51 has a function of executing various processes such as a process of registering the secret random number key received from the information processing apparatus 10 via the communication network 70 in the secret random number key storage unit 52. The secret random number key storage unit 52 is configured by an information storage medium such as a database device, for example, and stores various kinds of information such as a secret random number key by registration processing by the secret random number key registration unit 51.

  The hash value calculation unit 53 has a function of executing various processes such as a process of calculating a hash value from given data using a hash function prepared in advance.

  The signature hash value verification unit 54 collates two compared later-described signature information and hash values, and verifies information such as information stored in the agent 40 and the data unit 41 of the agent 40 based on the collation result. Has a function of executing various processes such as a process for determining whether or not the file has been tampered with.

  The data communication unit 55 has a function for performing data communication with the information processing apparatus 10 and the application server 50 via the communication network 70.

  The one-time key generation unit 56 executes various processes such as a process for generating a one-time key based on the secret random number key. The one-time key storage unit 57 is configured by an information storage medium such as a database device, for example, and stores various information such as the one-time key generated by the one-time key generation unit 56. Since the one-time key is used only once in the authentication process, it is deleted from the one-time key storage unit 57 when the authentication process is completed.

  The biometric information registration unit 58 has a function of executing various processes such as a process of registering biometric information in the biometric information storage unit 59 when biometric information is sent from the tamper resistant device 20. The biometric information storage unit 59 is configured by an information storage medium such as a database device, for example, and various types of information such as biometric information is stored by a registration process performed by the biometric information registration unit 58.

  The biometric information collation determination unit 60 has a function of collating two pieces of biometric information to be compared and executing various processes such as a process of determining whether to authenticate the person to be authenticated based on the collation result.

  The cryptographic signature processing unit 61 has a function of performing encryption and decryption of data, generation of signature information, and the like. The agent operating unit 62 operates the agent that has moved through the communication network 70 and operates it effectively in the BA server 60.

FIG. 4 is a block diagram illustrating an example of the configuration of the agent 40.
As shown in FIG. 4, the agent 40 includes a data unit 41 that stores various data necessary for information processing by the agent 40 and a program unit 45 that executes various processes according to various programs set in the agent 40. It is comprised by. The data unit 41 stores a biometric information storage unit 42 that stores biometric information of the person to be authenticated, an agent information storage unit 43 that stores agent information used by the agent 40, and various types of application information. Application information storage unit 44. In addition, the program unit 45 includes a biological information processing unit 46 that executes processing related to biological information, an application processing unit 47 that executes processing related to an application, and a movement processing unit 48 that executes processing for moving the agent 40. Including.

  The agent 40 is software including agent invariant information which is an invariant program and data that does not change with time, and operates on stored hardware.

Next, the operation of the agent authentication system 100 of this example will be described.
FIG. 5 is a flowchart showing an example of secret random number key generation registration processing executed by the agent authentication system 100 of this example. FIG. 6 is a conceptual diagram showing an overview of secret random key generation / registration processing. Here, a case where M secret random number keys (Ksec (i): i = 1, 2,..., M) are generated and registered based on the biometric information of the person A to be authenticated will be described as an example.

  In the secret random number key generation registration process, the secret random number generation unit 22 of the tamper resistant apparatus 20 generates a secret random number (SR: Secret Random number) (step S1). In step S1, the secret random number generator 22 selects M numbers of random numbers (SR (i): i = 1, 2,..., For example) by randomly selecting M numbers within a predetermined numerical range. M). The secret random number generation unit 22 stores the generated secret random number in the random number storage unit 23 in association with the user ID (UserID (A)) of the person A to be authenticated, for example.

  The “secret random number” is confidential data that is used only in the tamper resistant apparatus 20 and is prohibited from being output to the outside of the tamper resistant apparatus 20.

  When the secret random number is generated, the secret random number key generation unit 27 of the tamper resistant apparatus 20 generates M secret random number keys (Ksec (i)) based on the M secret random numbers (SR (1) to SR (M)). = H (SR (i)): A process for generating i = 1, 2,..., M) is performed (step S2).

  In step S <b> 2, the secret random number key generation unit 27 issues a calculation instruction to the hash value calculation unit 29. In response to the calculation instruction from the secret random number key generation unit 27, the hash value calculation unit 29 uses the hash function (h (SR (i)): i =) as the M secret random number keys using a hash function. 1, 2, ..., M). The function used for calculating the secret random number key may be a function other than the hash function as long as it is a one-way function having irreversibility.

  When the secret random number key for the person A to be authenticated is generated, the secret random number key generation unit 27 uses the generated M secret random number keys (Ksec (i): i = 1, 2,..., M) as secret random numbers. Store in the key storage unit 24 (step S3).

  Further, the data communication unit 30 of the tamper resistant apparatus 20 receives the M secret random number keys (Ksec (i): i = 1, 2,..., M) generated by the secret random number key generation unit 27. Along with the user ID of the certifier A (UserID (A)), the secure server (for example, authentication / encryption using a public key infrastructure, etc.) Transmit (step S4).

  When the BA server 60 receives the secret random number key from the tamper resistant apparatus 20, the secret random number key registration unit 51 of the BA server 60 receives the M secret random number keys (Ksec (i): i = 1, 2, .., M) are stored in the secret random number key storage unit 52 in association with the user ID (UserID (A)) of the person A to be authenticated.

  As described above, the secret random number key generated based on the secret random number for the person A to be authenticated is registered in the tamper resistant apparatus 20 and the BA server 60. That is, as shown in FIG. 6, the tamper resistant device 20 outputs M pieces of computation output by a hash function with M secret random numbers (SR (1) to SR (M)) as inputs for the person A to be authenticated. Secret random number keys (Ksec (1) to Ksec (M)). Then, the generated secret random number key is transmitted to the BA server 60 together with the user ID, and the secret random number key for the person to be authenticated A is stored in both the tamper resistant apparatus 20 and the BA server 60. Note that “Ksec (i) = h (SR (i))” illustrated in FIG. 6 is a hash value obtained by calculating the secret random number key “Ksec (i)” using “SR (i)”. Means that. Also, the information indicated by the characters with “reg” is information registered in the BA server 60.

  The M secret random number keys are separately used in, for example, authentication processing in M different services (for example, ATM devices, entering / exiting rooms, convenience stores, etc.).

  A plurality of secret random number keys may be used for one service authentication. For example, when accessing an ATM device at home or from a mobile phone terminal, if only three secret random number keys can be verified, authentication is made so that one secret random number key can be obtained. Compared with the case where it uses, it becomes possible to improve safety | security significantly.

  Next, an example of agent authentication processing in the agent authentication system 100 of this example will be described. FIG. 7 is a flowchart illustrating an example of a part executed by the information processing apparatus 10 in the agent authentication processing in the agent authentication system 100 of the present example. 8 and 9 are flowcharts showing an example of a part executed by the BA server 60 in the agent authentication processing in the agent authentication system 100 of the present example. FIG. 10 is a conceptual diagram showing an outline of the agent authentication process.

  Here, by generating a one-time key or the like using M private random number keys for the person A to be authenticated, whether or not the agent 40 is authentic using the one-time key or the like, A case where it is determined whether or not A is authenticated will be described as an example.

  Therefore, here, it is assumed that M secret random number keys for the person A to be authenticated are stored in the tamper resistant apparatus 20 and the BA server 60 by the above-described secret random number key generation registration process.

  Here, when the authenticated person A operates the tamper resistant apparatus 20 and makes a service provision request to the application server 50, the BA server 60 that receives the request from the agent 40 authenticates the authenticity of the agent 40. If the authentic agent 40 is recognized, a process for authenticating the person A to be authenticated is performed. In addition, here, the biometric information is inputted by the person A to be authenticated in response to the request for inputting the biometric information based on the request from the agent generation unit 11 being displayed on the display device (not shown) of the information processing apparatus 10 or the tamper resistant apparatus 20. It is assumed that biological information is input to the reading device 80.

  In the agent authentication process, the information processing apparatus 10 reads a plurality of pieces of biological information (BioData A (i): i = 2, 3,..., M) read from the person A to be authenticated from the biological information reading device 80. When acquired by the unit 21 (step S21), the plurality of acquired biometric information BioDataA (i) is encrypted with the secret random number key Ksec (i) of the person A to be authenticated stored in the secret random number key storage unit 24, The agent generation unit 11 stores the information in the biometric information storage unit 42 of the agent 40 (step S22).

  Subsequently, the public random number generation unit 28 of the tamper resistant apparatus 20 generates M public random numbers (PR) for BioData A, and generates the generated public random numbers (PR (i): i = 2, 3,. ., M) and M secret random number keys Ksec (i) of the person A to be authenticated stored in the secret random number key storage unit 24, a one-time key (K (i) = h (Ksec (i)) || PR (i))) is generated (step S23). In step S23, the public random number generation unit 28 generates M public random numbers (PR (i)) by, for example, randomly selecting M numbers within a predetermined numerical range. The public random number generation unit 28 stores the generated public random number in the random number storage unit 23 in association with the user ID (UserID (A)) of the person A to be authenticated, for example.

  The “public random number” is non-confidential data that is permitted to be used outside the tamper resistant device 20 and is permitted to be output outside the tamper resistant device 20.

  Note that “K (i) = h (Ksec (i) || PR (i))” indicates that the one-time key “K (i)” is the secret random number key “Ksec (i)” and the public random number “PR ( i) "means that the hash value is calculated.

  In step S <b> 23, the one-time key generation unit 31 issues a calculation instruction to the hash value calculation unit 29. In response to a calculation instruction from the one-time key generation unit 31, the hash value calculation unit 29 uses M hash values (h (Ksec (i) || PR () using a hash function as M one-time keys. i))) is calculated. The function used for calculating the one-time key may be a function other than the hash function as long as it is a one-way function having irreversibility.

  Next, the cryptographic signature processing unit 25 of the tamper resistant apparatus 20 includes the M secret random number keys Ksec (i) of the person A to be authenticated stored in the secret random number key storage unit 24, the invariant program in the agent 40, and the like. A hash value (H (i) = h (Ksec (i) || agent invariant part) is generated using an agent invariant part indicating a part or all of the invariant part of the Along with the M public random numbers (PR (i)) of the person A to be authenticated, the agent generation unit 11 stores them in the biometric information storage unit 42 of the agent 40 (step S24).

  In step S <b> 24, the cryptographic signature processing unit 25 issues a calculation instruction to the hash value calculation unit 29. In response to a calculation instruction from the cryptographic signature processing unit 25, the hash value calculation unit 29 calculates M hash values H (i).

Next, the cryptographic signature processing unit 25 of the tamper resistant apparatus 20 generates the signature “Sig _{K (i)} (agent)” of the agent 40 using the one-time key K (i). Is stored in the biological information storage unit 42 (step S25).

  When various types of information are stored in the agent 40 as described above, the agent operating unit 12 of the information processing apparatus 10 performs a process for moving the agent 40 to the BA server 60 (step S26).

When the movement processing unit 48 is activated by the agent operating unit 12, the agent 40 moves from the information processing apparatus 10 to the BA server 60 via the communication network 70. That is, the information processing apparatus 10 encrypts BioData A (i) with the secret random number key Ksec (i), encrypted information E _{Ksec (i)} (BioData A (i)), hash value H (i), public random number (PR) (i)), the agent 40 storing the signature Sig _{K (i)} (agent) is transmitted to the BA server 60 via the communication network 70. The BA server 60 stores encryption information E _{Ksec (i)} (BioData A (i)), hash value H (i), public random number (PR (i)), signature Sig _{K (i)} (agent), and the like. Obtained agent 40 is acquired (step S31). When the agent 40 moves to the BA server 60, it makes an authentication request to the BA server 60.

Upon acquiring the agent 40, the one-time key generation unit 56 of the BA server 60 associates the secret random number key Ksec stored in the secret random number key storage unit 52 with the user ID of the person A to be authenticated received in step S31. _{Using reg} (i) and the public random number (PR (i)) received from the agent 40, a one-time key (BK (i) = h (Ksec _reg (i) || PR (i)) is generated. (Step S32).

In step S <b> 32, the one-time key generation unit 56 issues a calculation instruction to the hash value calculation unit 53. In response to a calculation instruction from the one-time key generation unit 56, the hash value calculation unit 53 uses M hash values h (Ksec _reg (i) || PR () using a hash function as M one-time keys. i)) is calculated. The function used for calculating the one-time key may be a function other than the hash function as long as it is a one-way function having irreversibility.

  In the calculation process in step S32, the same hash function as that used in the calculation process in step S23 described above is used. Therefore, if the secret random number keys used for the arithmetic processing are the same, the processing results of the arithmetic processing in step S32 and the arithmetic processing in step S23 are the same.

When the one-time key is generated, the BA server 60 uses the cryptographic signature processing unit 61 to calculate the signature Sig _{BK (i)} (agent) of the agent 40 using the generated one-time key BK (i), and the signature hash value The verification unit 54 verifies whether the received agent 40 has been tampered with by comparing it with the signature Sig _{K (i)} (agent) stored in the agent 40 (step S33).

If the signature Sig _{BK (i)} (agent) does not match the signature Sig _{K (i)} (agent), the signature hash value verification unit 54 of the BA server 60 determines that the agent 40 has been tampered with ( N) in step S34, the information processing apparatus 10 is notified that authentication is not possible (step S35).

If the signature Sig _{BK (i)} (agent) and the signature Sig _{K (i)} (agent) match, the signature hash value verification unit 54 of the BA server 60 determines that the agent 40 has not been tampered with ( Y in step S34).

If it is determined that the agent 40 has not been tampered with, the signature hash value verification unit 54 of the BA server 60 determines the M secret random number keys Ksec _reg (i) of the person A to be authenticated stored in the secret random number key storage unit 52. And a hash value (BH (i) = h (Ksec _reg (i) || agent invariant part) is generated using an agent invariant part indicating a part or all of an invariant part such as an invariant program in the agent 40. The generated hash value BH (i) is compared with the hash value H (i) stored in the agent 40 (step S36).

  If the generated hash value BH (i) and the hash value H (i) stored in the agent 40 do not match, the signature hash value verification unit 54 of the BA server 60 determines that the agent is not authentic ( In step S37, N) notifies the information processing apparatus 10 that authentication is impossible (step S38).

  On the other hand, if the generated hash value BH (i) matches the hash value H (i) stored in the agent 40, the BA server 60 determines that the agent is authentic (Y in step S37). ).

If it is determined that the agent is authentic, the cryptographic signature processing unit 61 of the BA server 60 receives the encrypted information E _{Ksec (i)} (BioDataA (i)) encrypted from the agent 40, and receives the secret random number key Ksec _reg (i ) To calculate the decrypted biometric information D _{Ksecreg (i)} (E _{Ksec (i)} (BioDataA (i))) (step S39).

The collation determination unit 60 of the BA server 60 collates the biometric information BioDataA (i) indicated by the decrypted biometric information with the biometric information BioDataA _reg (i) registered in the biometric information registration unit 58 (step S40).

  If the collation result in step S40 is not within the permissible range in which the person is identified, the collation determination unit 60 of the BA server 60 determines that the person A to be authenticated is not the person (N in step S41) and determines that the authentication is impossible. 10 is notified (step S42).

  If the collation result in step S40 is within the permissible range in which the person is identified, the collation determination unit 60 of the BA server 60 determines that the person A to be authenticated is the person and authenticates the person A to be authenticated (in step S41 Y). Here, “determined to match the biometric information” described in the claims means being within the allowable range described above.

  If it is determined that the user is the person, the BA server 60 permits the application operation of the agent 40 (step S43), and notifies the information processing apparatus 10 that the person A has been authenticated (step S44). Thereafter, the application operation instruction is executed by the agent 40, the application operation is executed by the application server 50, the execution result is stored in the data part 41 of the agent 40, and the agent 40 is transmitted to the information processing apparatus 10.

As described above, in this example, the encrypted biometric information E _{Ksec (i)} (BioData A (i)) obtained by encrypting BioData A (i) with the secret random number key Ksec (i), the hash value H (i), the public random number (PR (i)), signature Sig _{K (i) The} agent 40 storing the agent is moved to the BA server 60, and the BA server 60 uses the stored information of the agent 40 to check whether the signature is proper. No, whether or not the agent 40 is authentic, and whether or not the person A to be authenticated is the principal is determined.

As described above, the secret random number key of the person to be authenticated is generated and stored in advance in the tamper resistant apparatus 20 and the BA server 60, respectively, and the signature Sig _{BK (i of the} agent 40 is based on the secret random number key. ₎ (agent), the encryption of the biometric information BioDataA (i) using the hash value BH (i) for the authenticity determination of the agent 40 to determine whether to authenticate the person to be authenticated a or generated in BA server 60 Or the like, and the corresponding data stored in the agent 40 is collated. If they match, the signature is judged to be proper, the agent 40 is judged to be authentic, and the person to be authenticated A is configured to recognize and authenticate A, and all authentication information transmitted and received via the communication network 70 is stored in the agent 40 (caps Since they are of), even if they are likened communication intercepted by a third party, the security of the authentication information is increased.

Even if the biometric information is simply encrypted and transmitted, the biometric information may be known by decryption. However, the secret random number key, the hash value H (i) for determining the authenticity of the agent 40, etc. are one. The hash value processed by the direction function and the encrypted information E _{Ksec (i)} (BioDataA (i)) used for determining whether or not to authenticate the person A to be authenticated is a secret random key that is a hash value. Since it is encrypted information and all of the authentication information is encapsulated by the agent 40, even if it is leaked, the risk of biometric information being known is reduced. Therefore, safety can be improved even when compared with a case where biometric information is simply encrypted and transmitted.

  In the above-described embodiment, since the secret random number key is generated by the secret random number, any number of secret random number keys can be generated by making the secret random number different. Therefore, it is possible to use a different secret random number key depending on the application. Further, when there is a possibility that the secret random number key has been leaked, the original state can be easily recovered by discarding it and newly generating and updating the secret random number key. Regardless of whether it is leaked or not, if the secret random number key is periodically updated, the security can be more reliably maintained.

In the above-described embodiment, authentication processing is performed by collating biometric information obtained by decrypting a plurality of _pieces of encrypted information E _{Ksec (i)} (BioDataA (i)) based on a plurality of secret random number keys. Therefore, the safety and accuracy of the authentication process can be dramatically improved. That is, by performing authentication for one service using a plurality of pieces of biometric information, the security and accuracy of the authentication process can be greatly improved.

  Further, in the above-described embodiment, the tamper resistant device 20 has only the configuration related to the management of confidential data, but the entire information processing device 10 may be configured by the tamper resistant device.

  Although not specifically mentioned in the above-described embodiment, a secret random number key may be used as the content encryption key and decryption key. In this case, when the application server 50 distributes the content, the content is encrypted with the secret random number key held in the destination user terminal (for example, the tamper resistant device 20) among the secret random number keys held by itself. The user terminal that has received the content may decrypt the content using the secret random number key held by the user terminal. The application server 50 may acquire a secret random number key from the tamper resistant terminal 20 in advance.

  In addition, when the application server 50 multicasts the content to a plurality of user terminals (for example, the tamper resistant device 20), the secret random number key held by the server 50 is held at each destination user terminal. It is only necessary to individually encrypt each transmission destination using each secret random number key and transmit the contents collectively to each user terminal. In this case, each user terminal may decrypt the content using the secret random number key held by itself.

  Further, although not particularly mentioned in the above-described embodiment, each unit (for example, the information processing apparatus 10, the tamper resistant apparatus 20, the application server 50, and the BA server 60) constituting the system 100 is mounted on the system 100. Various processes described above are executed by the control program (for example, an agent authentication program).

  The present invention is useful for application to an authentication system or the like that performs an authentication process by a server authentication method using an agent.

It is a block diagram which shows the structural example of the agent authentication system in one embodiment of this invention. It is a block diagram which shows the structural example of the information processing apparatus containing a tamper resistant apparatus. It is a block diagram which shows the structural example of BA server. It is a block diagram which shows the structural example of an agent. It is a flowchart which shows the example of the secret random number key production | generation registration processing in an agent authentication system. It is a conceptual diagram which shows the outline | summary of a secret random number key production | generation registration process. It is a flowchart which shows the example of the part which information processing apparatus performs among the agent authentication processes in an agent authentication system. It is a flowchart which shows the example of the part which BA server performs among the agent authentication processes in an agent authentication system. It is a flowchart which shows the example of the part which BA server performs among the agent authentication processes in an agent authentication system. It is a conceptual diagram which shows the outline | summary of an agent authentication process.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Information processing apparatus 20 Tamper resistant apparatus 21 Biometric information reading part 22 Secret random number generation part 23 Random number storage part 24,52 Secret random number key storage part 25,61 Cryptographic signature processing part 27 Secret random number key generation part 28 Public random number generation part 29, 53 Hash value calculation unit 30, 55 Data communication unit 31, 56 One-time key generation unit 40 Agent 50 Application server 60 BA server 70 Communication network

Claims (8)

The biometric information receiving terminal that receives the biometric information of the person to be authenticated who is going to be authenticated and the information stored in the agent that has moved from the biometric information receiving terminal are used to determine whether or not the person to be authenticated can be authenticated. An agent authentication system comprising a biometric authentication server,
The biological information receiving terminal is
First numerical key storage means for storing in advance a first numerical key generated by calculating a first numerical value arbitrarily selected by a one-way function;
Encrypted biometric information storage means for storing, in the agent, encrypted biometric information obtained by encrypting the received biometric information using the first numeric key stored in the first numeric key storage means;
A second numerical key for generating a second numerical key by calculating the first numerical key stored in the first numerical key storage means and an arbitrarily selected second numerical value using a one-way function Generating means;
Second numerical value storage means for storing the second numerical value in the agent;
Agent identification information generated by computing the first numerical key stored in the first numerical key storage means and the agent invariant information that the agent has invariably using a one-way function. Agent identification information storage means for storing in the agent,
The biometric authentication server is
Biometric information storage means for storing biometric information of the person to be authenticated in advance;
Server-side first numerical key storage means for storing the first numerical key in advance;
The first numerical key stored in the server-side first numerical key storage means and the agent invariant information that the agent moving through the communication network has invariably are calculated using a one-way function. Agent identification information collating means for collating the agent identification information generated by doing this with the agent identification information stored in the agent;
Agent determination that determines that the agent that has moved is authentic when it is determined that the agent identification information generated by the agent identification information matching means matches the agent identification information stored in the agent Means,
Decrypted biometric information obtained by decrypting the encrypted biometric information stored in the moving agent with the first numeric key stored in the server-side first numeric key storage means, and stored in the biometric information storage means. Biometric information collating means for collating biometric information with
When it is determined that the decrypted biometric information decrypted by the biometric information matching unit matches the biometric information stored in the biometric information storage unit, it is decided to authenticate the person to be authenticated. An agent authentication system. The biometric information receiving terminal has signature information storage means for storing in the agent signature information of the agent generated using the second numerical key generated by the second numerical key generation means,
The biometric authentication server
The first numerical key stored in the server-side first numerical key storage means and the second numerical value stored in the agent moving through the communication network are calculated by using a one-way function. A server-side second numeric key generation means for generating a two-value key;
Signature information verification means for verifying the signature information of the agent generated using the second numerical key generated by the server-side second numerical key generation means and the signature information stored in the agent that has moved,
When the signature information collating means determines that the generated signature information of the agent matches the signature information stored in the moved agent, the information of the moved agent is not falsified. The agent authentication system according to claim 1, further comprising: a signature information determination / authentication unit that determines The first numerical value is a secret random number used only within the biometric information receiving terminal,
The agent authentication system according to claim 1, wherein the second numerical value is a public random number used even outside the biometric information receiving terminal. The agent authentication system according to any one of claims 1 to 3, wherein the biometric information receiving terminal is a tamper resistant device having tamper resistance. The agent is moved from the biometric information receiving terminal into the biometric authentication server via the communication network when the predetermined authentication use information including the encrypted biometric information is stored by the biometric information receiving terminal, and the biometric authentication server that has moved The agent authentication system according to any one of claims 1 to 4, wherein an authentication request is issued to the agent. The agent authentication system according to any one of claims 1 to 5, wherein the agent is software including agent invariant information, which is an invariant program and data, and operates on stored hardware. . The biometric information receiving terminal that receives the biometric information of the person to be authenticated who is going to be authenticated and the information stored in the agent that has moved from the biometric information receiving terminal are used to determine whether or not the person to be authenticated can be authenticated. An agent authentication method performed by a biometric authentication server,
The biological information receiving terminal is
The living body received using the first numerical key stored in the first numerical key storage means that stores in advance a first numerical key generated by calculating a first numerical value arbitrarily selected by a one-way function. Storing encrypted biometric information obtained by encrypting information in the agent;
Generating a second numerical key by calculating the first numerical key stored in the first numerical key storage means and an arbitrarily selected second numerical value using a one-way function;
Storing the second numerical value in the agent;
Agent identification information generated by computing the first numerical key stored in the first numerical key storage means and the agent invariant information that the agent has invariably using a one-way function. Storing in the agent,
The biometric authentication server is
The first numerical key stored in the server-side first numerical key storage means for storing the first numerical key in advance and the agent invariant information that the agent moving through the communication network has invariably. Collating agent identification information generated by calculation using a one-way function with agent identification information stored in the agent;
Determining that the agent that has moved is authentic when it is determined that the generated agent identification information matches the agent identification information stored in the agent; and
The decrypted biometric information obtained by decrypting the encrypted biometric information stored in the agent that has moved with the first numeric key stored in the server-side first numeric key storage means, and the biometric information of the person to be authenticated Collating the biometric information stored in the biometric information storage means stored in advance;
Deciding to authenticate the person to be authenticated when it is determined that the decrypted decrypted biometric information matches the biometric information stored in the biometric information storage means. Agent authentication method characterized by The biometric information receiving terminal that receives the biometric information of the person to be authenticated who is going to be authenticated and the information stored in the agent that has moved from the biometric information receiving terminal are used to determine whether or not the person to be authenticated can be authenticated. An agent authentication program for causing a biometric authentication server to execute an agent authentication process,
In the biometric information receiving terminal,
The living body received using the first numerical key stored in the first numerical key storage means that stores in advance a first numerical key generated by calculating a first numerical value arbitrarily selected by a one-way function. Storing encrypted biometric information obtained by encrypting information in the agent;
Generating a second numerical key by calculating the first numerical key stored in the first numerical key storage means and an arbitrarily selected second numerical value using a one-way function;
Storing the second numerical value in the agent;
Agent identification information generated by computing the first numerical key stored in the first numerical key storage means and the agent invariant information that the agent has invariably using a one-way function. Storing in the agent;
In the biometric authentication server,
The first numerical key stored in the server-side first numerical key storage means for storing the first numerical key in advance and the agent invariant information that the agent moving through the communication network has invariably. Collating agent identification information generated by calculation using a one-way function with agent identification information stored in the agent;
Determining that the agent that has moved is authentic when it is determined that the generated agent identification information matches the agent identification information stored in the agent; and
The decrypted biometric information obtained by decrypting the encrypted biometric information stored in the agent that has moved with the first numeric key stored in the server-side first numeric key storage means, and the biometric information of the person to be authenticated Collating the biometric information stored in the biometric information storage means stored in advance;
Determining to authenticate the person to be authenticated when it is determined that the decrypted decrypted biometric information matches the biometric information stored in the biometric information storage means. Agent authentication program.

Images