公开(公告)号：US20080172729A1

公开(公告)日：2008-07-17

申请号：US11840724

申请日：2007-08-17

申请人： Hidehisa TAKAMIZAWA ,  Asahiko YAMADA ,  Tomoaki MORIJIRI ,  Koji OKADA ,  Tatsuro IKEDA ,  Minoru NISHIZAWA ,  Yoshihiro FUJII

发明人： Hidehisa TAKAMIZAWA ,  Asahiko YAMADA ,  Tomoaki MORIJIRI ,  Koji OKADA ,  Tatsuro IKEDA ,  Minoru NISHIZAWA ,  Yoshihiro FUJII

IPC分类号： H04L9/32

CPC分类号： H04L63/0861

摘要： An authentication device receives each authentication context including an output information block, an input information block, and an authenticator block. The output information block includes a process result and process result identification information. The input information block includes a process result and process result identification information. The authentication device verifies each authenticator block. The authentication device searches for the output information block having the same value of process result identification information as the value of process result identification information in the input information block from other authentication contexts based on process result identification information in the input information block included in each authentication context. The authentication device verifies whether or not the process result in the input information block is equal to the process result in the searched output information block, and authenticates that all the authentication contexts have validity when all the verification results are valid.

摘要翻译： 认证装置接收包括输出信息块，输入信息块和认证器块的每个认证上下文。 输出信息块包括处理结果和处理结果识别信息。 输入信息块包括处理结果和处理结果标识信息。 认证设备验证每个认证器块。 认证装置根据包含在每个认证中的输入信息块中的处理结果识别信息，从其他认证上下文中搜索具有与处理结果识别信息相同的处理结果识别信息值的输出信息块 上下文 验证装置验证输入信息块中的处理结果是否等于搜索到的输出信息块中的处理结果，并且当所有验证结果有效时，认证所有认证上下文都具有有效性。

公开(公告)号：US07100045B2

公开(公告)日：2006-08-29

申请号：US09989072

申请日：2001-11-21

申请人： Asahiko Yamada ,  Shuji Harashima

发明人： Asahiko Yamada ,  Shuji Harashima

IPC分类号： H04K1/00 ,  H04L9/32 ,  G06Q20/00 ,  H04L9/00

CPC分类号： H04L9/321 ,  H04L9/3247

摘要： Each of the embodiments of the present invention supplies date information issued from a third party to a digital signature of a first user apparatus for an electronic document. Originality of the electronic document is ensured by applying the digital signature of the third party to a set of the digital signature and date information. No electronic document is transmitted to the third party apparatus during originality assurance of the electronic document. Accordingly, it is possible to decrease loads to the third party and associated networks even if the third party apparatus is congested with accesses. Since there is registered an undeniable signature for a second user apparatus, it is possible to prevent the second user apparatus from denying the reception.

公开(公告)号：US09386016B2

公开(公告)日：2016-07-05

申请号：US11840724

申请日：2007-08-17

申请人： Hidehisa Takamizawa ,  Asahiko Yamada ,  Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii

发明人： Hidehisa Takamizawa ,  Asahiko Yamada ,  Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii

IPC分类号： H04L29/06

CPC分类号： H04L63/0861

摘要： An authentication device receives each authentication context including an output information block, an input information block, and an authenticator block. The output information block includes a process result and process result identification information. The input information block includes a process result and process result identification information. The authentication device verifies each authenticator block. The authentication device searches for the output information block having the same value of process result identification information as the value of process result identification information in the input information block from other authentication contexts based on process result identification information in the input information block included in each authentication context. The authentication device verifies whether or not the process result in the input information block is equal to the process result in the searched output information block, and authenticates that all the authentication contexts have validity when all the verification results are valid.

摘要翻译： 认证装置接收包括输出信息块，输入信息块和认证器块的每个认证上下文。 输出信息块包括处理结果和处理结果识别信息。 输入信息块包括处理结果和处理结果标识信息。 认证设备验证每个认证器块。 认证装置根据包含在每个认证中的输入信息块中的处理结果识别信息，从其他认证上下文中搜索具有与处理结果识别信息相同的处理结果识别信息值的输出信息块 上下文 验证装置验证输入信息块中的处理结果是否等于搜索到的输出信息块中的处理结果，并且当所有验证结果有效时，认证所有认证上下文都具有有效性。

公开(公告)号：US20100180124A1

公开(公告)日：2010-07-15

申请号：US12695781

申请日：2010-01-28

申请人： Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

发明人： Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

IPC分类号： H04L9/32 ,  G06F21/20

CPC分类号： G06F21/57 ,  G06F21/32 ,  H04L9/3231 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/805

摘要： According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information whilst the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.

摘要翻译： 根据本发明的一个实施例，第一认证上下文包括指示模板的有效性的模板证书和指示第一设备评估信息的有效性的第一设备评估证书，而第二认证上下文包括第二设备评估 指示第二装置评估信息的有效性的证书。 并且在验证第一和第二认证上下文时验证模板证书和第一和第二评估证书。 因此，可以验证用于认证的模板的有效性或包括在认证上下文中的设备评估信息。

公开(公告)号：US20090327706A1

公开(公告)日：2009-12-31

申请号：US12501169

申请日：2009-07-10

申请人： Tatsuro IKEDA ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

发明人： Tatsuro IKEDA ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

IPC分类号： H04L9/00

CPC分类号： G06F21/33 ,  G06F21/32 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/56 ,  H04L2209/60

摘要： A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid.

摘要翻译： 根帐户管理装置在客户端装置的用户的认证结果正确的情况下，基于生存条件和秘密密钥生成电子签名，并且发送包括生存条件，电子签名的导出账户信任元素信息， 派生帐户管理装置的公钥证书。 导出账户管理装置创建导致账户信息，当满足生存条件时，导出账户信息变为有效，从而导出账户信息包括当公共密钥证书的有效期到期时成为无效的导出账户信用单元信息; 无论该有效期如何，用户的生物特征信息模板是有效的。 因此，即使作为根（公钥证书）的认证元素变得无效，也可以防止导出的认证要素（生物体信息模板）变得无效。

公开(公告)号：US20080172725A1

公开(公告)日：2008-07-17

申请号：US11968710

申请日：2008-01-03

申请人： Yoshihiro FUJII ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： Yoshihiro FUJII ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： H04L9/32

CPC分类号： G06F21/32 ,  G07C9/00158

摘要： A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

摘要翻译： 客户端装置将从环境信息获取装置获取的环境信息以及生物体认证信息匹配结果发送到服务器装置。 服务器装置验证诸如亮度的环境信息的有效性以及生物认证信息匹配结果的有效性。 如果环境存在问题，则服务器装置向客户端装置通知环境信息是有问题的。 客户机装置克服了基于来自服务器装置的通知的亮度等环境问题，然后重试生物体认证。 在生物认证的重试期间可以减少由于环境问题引起的重新故障的可能性。

公开(公告)号：US20080162363A1

公开(公告)日：2008-07-03

申请号：US12071522

申请日：2008-02-21

申请人： Shinichi Kurihara ,  Asahiko Yamada

发明人： Shinichi Kurihara ,  Asahiko Yamada

IPC分类号： H04K1/00

CPC分类号： G06Q20/385 ,  G06Q20/02 ,  G06Q20/12 ,  G06Q20/341 ,  G06Q20/383 ,  G06Q20/4014 ,  G06Q30/0601 ,  G07F7/1008

摘要： In an information communication system, user personal information is batch-managed in a user management center apparatus. The center apparatus issues temporary information, which includes temporary user information and temporary authentication information, in response to a log-in request from a user terminal apparatus that designates a net-shop apparatus, and sends the information to the user terminal apparatus and the designated net-shop apparatus. Thereby, if the user terminal apparatus sends an authentication request to the net-shop apparatus on the basis of the information, the net-shop apparatus can authenticate the user terminal apparatus on the basis of the information from the user management center apparatus. At this time, the user personal information does not go to the net-shop apparatus, and there is no need for the net-shop apparatus to manage the user personal information.

摘要翻译： 在信息通信系统中，在用户管理中心设备中批量管理用户个人信息。 响应于来自指定网店设备的用户终端设备的登录请求，中心设备发布包括临时用户信息和临时认证信息的临时信息，并将该信息发送到用户终端设备和指定的 网店设备。 因此，如果用户终端装置基于该信息向网店装置发送认证请求，则网店装置可以基于来自用户管理中心装置的信息来认证用户终端装置。 此时，用户个人信息不会进入网店设备，网络店不需要管理用户的个人信息。

公开(公告)号：US20080098469A1

公开(公告)日：2008-04-24

申请号：US11946841

申请日：2007-11-29

申请人： Tomoaki Morijiri ,  Koji Okada ,  Hidehisa Takamizawa ,  Asahiko Yamada ,  Tatsuro Ikeda

发明人： Tomoaki Morijiri ,  Koji Okada ,  Hidehisa Takamizawa ,  Asahiko Yamada ,  Tatsuro Ikeda

IPC分类号： H04L9/32

CPC分类号： H04L63/0884 ,  H04L9/3271 ,  H04L2209/60

摘要： A verification device transmits challenge information to a first entity device, and for each authentication context received in return, verifies that challenge information identical to the challenge information transmitted in advance is described, to thereby confirm that the authentication context is the current one. As a result, a repetitive attack in which the past authentication context is repeatedly used is prevented and the security against repetitive attacks is improved.

摘要翻译： 验证装置向第一实体设备发送询问信息，并且对于接收到的每个认证上下文，验证与先前发送的询问信息相同的质询信息，从而确认认证上下文为当前认证上下文。 结果，防止重复使用过去的认证上下文的重复攻击，提高了针对重复攻击的安全性。

公开(公告)号：US08744970B2

公开(公告)日：2014-06-03

申请号：US12071522

申请日：2008-02-21

申请人： Shinichi Kurihara ,  Asahiko Yamada

发明人： Shinichi Kurihara ,  Asahiko Yamada

IPC分类号： G06Q99/00

CPC分类号： G06Q20/385 ,  G06Q20/02 ,  G06Q20/12 ,  G06Q20/341 ,  G06Q20/383 ,  G06Q20/4014 ,  G06Q30/0601 ,  G07F7/1008

摘要： In an information communication system, user personal information is batch-managed in a user management center apparatus. The center apparatus issues temporary information, which includes temporary user information and temporary authentication information, in response to a log-in request from a user terminal apparatus that designates a net-shop apparatus, and sends the information to the user terminal apparatus and the designated net-shop apparatus. Thereby, if the user terminal apparatus sends an authentication request to the net-shop apparatus on the basis of the information, the net-shop apparatus can authenticate the user terminal apparatus on the basis of the information from the user management center apparatus. At this time, the user personal information does not go to the net-shop apparatus, and there is no need for the net-shop apparatus to manage the user personal information.

摘要翻译： 在信息通信系统中，在用户管理中心设备中批量管理用户个人信息。 响应于来自指定网店设备的用户终端设备的登录请求，中心设备发布包括临时用户信息和临时认证信息的临时信息，并将该信息发送到用户终端设备和指定的 网店设备。 因此，如果用户终端装置基于该信息向网店装置发送认证请求，则网店装置可以基于来自用户管理中心装置的信息来认证用户终端装置。 此时，用户个人信息不会进入网店设备，网络店不需要管理用户的个人信息。

公开(公告)号：US08732461B2

公开(公告)日：2014-05-20

申请号：US12705323

申请日：2010-02-12

申请人： Yoshihiro Fujii ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： Yoshihiro Fujii ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： H04L9/32 ,  H04L29/06 ,  G06F21/00 ,  G06F7/04 ,  H04L9/00 ,  H04L9/08

CPC分类号： H04L9/3273 ,  G06F21/32 ,  G06F2221/2151 ,  H04L9/3231 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/0861 ,  H04L63/166

摘要： A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.

摘要翻译： 在协商处理的握手期间，客户机装置从服务器装置接收包含随机数的消息，生成包含生物体认证方法信息的生物体协商消息，并向服务器装置发送生物统计学协商消息。 然后，客户端装置根据从服务器装置通知的生物体认证方法信息，执行生物体认证，并根据私钥加密随机数。 另外，客户端装置从生物体认证，生物体认证方法信息，加密随机数和客户端证书的结果生成认证器，并向服务器装置发送包括这些的认证上下文。 服务器设备验证认证上下文并在一次握手中建立安全会话。