摘要:
A person authentication system includes a person identification authority. In the system, a service provider, a user device, or the like performs person authentication by acquiring a template from a person identification certificate created by the person identification authority, which is a third-party agency. The person identification authority identifies a person who requests issue of the person identification certificate, creates and registers the person identification certificate. Furthermore, the person identification authority deletes and changes the person identification certificate and performs registration, addition, deletion, invalidation process, and re-validation process of the template stored in the person identification certificate.
摘要:
A user device receives the content, and pays a content fee, based on the usage control policy of the content, by electronic money up to the allowable amount of money set in an issue log. The user device then creates a usage log including a content identifier and sends it to a service provider. The service provider creates a receive log based on the usage log, and sends it to a clearing center. The clearing center performs settlement processing for the electronic money based on the receive log, and sends a transfer request to an account management institution. By performing the above-described series of processing by using encrypted data, the settlement of the content usage fee is safely performed.
摘要:
Provided is a structure enabling dispersion of a load that is incurred by a public key certificate issuer authority or a registration authority. The structure has an issuer authority that issues a public key certificate and registration authorities each of which receives and examines a request for issuance of a public key certificate made by an end entity, wherein the registration authorities are hierarchically structured. Each of registration authorities of a hierarchical level manages registration authorities that rank immediately below or end entities. The registration authority receives a request for issuance of a public key certificate and examines it. This means that a load each registration authority must incur for processing is dispersed. One hierarchical structure of registration authorities is formed under any of various standards which stipulates a security policy, scalability, geographical classification, functional classification, or an organization.
摘要:
A person authentication system capable of performing personal authentication by comparing templates that is personal identification data with sampling information input by a user is disclosed. For example, a service provider (SP) or a user device (UD) acquires the templates from a person identification certificate (IDC) generated by a personal identification certificate authority that is a third party to thereby perform personal authentication. The IDC stores data, such as a certificate identifier and a user identifier, in accordance with a format, and also stores encrypted templates in a manner that the data can be decrypted by an entity that performs authentication. This arrangement achieves efficient template retrieval and a personal authentication process, as well as effective prevention of the templates from being leaking out.
摘要:
Disclosed are a person authentication system, a person authentication method, and an information processing apparatus which allow person authentication to be performed in an easy fashion in various devices by comparing a template serving as person identification data with sampling information input by a user. A service provider (SP) or user device (UD) executes person authentication by acquiring a template from a person identification certificate (IDC) generated by a third-party agency serving as a person identification certificate authority (IDA). The IDA acquires a template serving as identification data after verifying a person requesting an IDC to be issued, and generates the IDC storing template information. The IDA distributes the IDC having a digital signature of the IDA added thereto to the SP and the UD.
摘要:
The present invention provides a novel configuration which allows devices capable of processing different signature algorithms to mutually verify public key certificates. In this configuration, public key certificates storing plural signatures based on different signature algorithms such as RSA and ECC are issued and each device selects a signature which can be processed (namely, verified) by itself and verifies the selected signature. Consequently, the novel configuration allows the devices each being capable of verifying only a different signature algorithm to verify the public key certificates of the other devices, so that each device can perform public key certificate verification in the cross-certification and encrypted data communication not only with the other devices having public key certificates attached with signatures based on the same signature algorithm as that of each device, but also with the other devices or providers having public key certificates attached with signatures based on different signature algorithms from that of each device, thereby significantly enhancing the reliability in communication.
摘要:
A person identification certificate link system forms a link between a person identification certificate which stores a template serving as person identification data and which is generated by a person identification certificate authority and a public key certificate which stores a public key, thereby specifying one certificate based on the other certificate. With this arrangement, a cryptographic key to the template stored in the person identification certificate can be specified. It is also possible to quickly obtain a combination of the person identification certificate and the public key certificate which are both utilized in transaction with a service provider, thereby improving the processing efficiency.
摘要:
A content distribution is performed by a secure container including a content encrypted by a content key and container information set for a content transaction. The container information includes a person identification certificate identifiers list. Usage control status information including the list is generated and stored in a device during a secondary distribution among user devices after a primary distribution of the content. In the distribution among the user devices, identifying an identification certificate in reference to the list and performing a person authentication based on the identification certificate allows each of the user devices to use the transmitted content, when the authentication is affirmative.
摘要:
An entity which executes person authentication such as a service provider (SP) and a user device (UC) receives a request for person authentication from an entity which requests person authentication. The entity which requests person authentication can vary in form. The entity which executes person authentication decrypts the template by using a person identification certificate that can be owned by the entity which executes person authentication or provided from the outside, compares the template with sampling information input by a user and notifies the entity which requests person authentication of the result of comparison. The data for person identification is provided as encrypted information that can be decrypted only by the entity which executes person authentication, thereby performing safe authentication in various locations or devices, while preventing the template information from leaking out.
摘要:
A public key certificate issuing system is disclosed which comprises a certificate authority for issuing a public key certificate for an entity, the certificate authority including a plurality of signature modules each executing a different encryption algorithm and a registration authority that receives a public key certificate issuance request from the entity.