公开(公告)号：US08332648B2

公开(公告)日：2012-12-11

申请号：US12695781

申请日：2010-01-28

申请人： Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

发明人： Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/32 ,  H04L9/3231 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/805

摘要： According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information while the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.

摘要翻译： 根据本发明的一个实施例，第一认证上下文包括指示模板的有效性的模板证书和指示第一设备评估信息的有效性的第一设备评估证书，而第二认证上下文包括第二设备评估 指示第二装置评估信息的有效性的证书。 并且在验证第一和第二认证上下文时验证模板证书和第一和第二评估证书。 因此，可以验证用于认证的模板的有效性或包括在认证上下文中的设备评估信息。

公开(公告)号：US20070094501A1

公开(公告)日：2007-04-26

申请号：US11552299

申请日：2006-10-24

申请人： Hidehisa Takamizawa ,  Koji Okada ,  Tatsuro Ikeda ,  Tomoaki Morijiri ,  Asahiko Yamada

发明人： Hidehisa Takamizawa ,  Koji Okada ,  Tatsuro Ikeda ,  Tomoaki Morijiri ,  Asahiko Yamada

IPC分类号： H04L9/00

CPC分类号： H04L63/0861 ,  G06F21/32 ,  G06F21/34

摘要： A client device transmits service identification information to an authentication device at the time of a service request, prompts selection of one or more authentication entity devices which execute one or more authentication subprocesses from among all the authentication entity devices adaptive to profile information received from the authentication device, based on “function list information defining an execution environment of each of the authentication entity devices”, transmits a request for executing an authentication subprocess to such selected each authentication entity device, and transmits to the authentication device “authentication context information including an execution environment and an execution result of an authentication subprocess” received from such each authentication entity device.

摘要翻译： 客户端设备在服务请求时向认证设备发送业务识别信息，提示从所有认证实体设备中选择执行一个或多个认证子过程的一个或多个认证实体设备，所述验证实体设备适应于从认证接收到的简档信息 设备基于“定义每个认证实体设备的执行环境的功能列表信息”，向该选择的每个认证实体设备发送执行认证子过程的请求，并向认证设备发送“包括执行中的认证上下文信息 环境和认证子过程的执行结果“。

公开(公告)号：US08499147B2

公开(公告)日：2013-07-30

申请号：US12501169

申请日：2009-07-10

申请人： Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

发明人： Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

IPC分类号： H04L9/00

CPC分类号： G06F21/33 ,  G06F21/32 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/56 ,  H04L2209/60

摘要： A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid.

摘要翻译： 根帐户管理装置在客户端装置的用户的认证结果正确的情况下，基于生存条件和秘密密钥生成电子签名，并且发送包括生存条件，电子签名的导出账户信任元素信息， 派生帐户管理装置的公钥证书。 导出账户管理装置创建导致账户信息，当满足生存条件时，导出账户信息变为有效，从而导出账户信息包括当公共密钥证书的有效期到期时成为无效的导出账户信用单元信息; 无论该有效期如何，用户的生物特征信息模板是有效的。 因此，即使作为根（公钥证书）的认证元素变得无效，也可以防止导出的认证要素（生物体信息模板）变得无效。

公开(公告)号：US20110185413A1

公开(公告)日：2011-07-28

申请号：US13081317

申请日：2011-04-06

申请人： YOSHIHIRO FUJII ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： YOSHIHIRO FUJII ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： G06F21/32 ,  G07C9/00158

摘要： A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

摘要翻译： 客户端装置将从环境信息获取装置获取的环境信息以及生物体认证信息匹配结果发送到服务器装置。 服务器装置验证诸如亮度的环境信息的有效性以及生物认证信息匹配结果的有效性。 如果环境存在问题，则服务器装置向客户端装置通知环境信息是有问题的。 客户机装置克服了基于来自服务器装置的通知的亮度等环境问题，然后重试生物体认证。 在生物认证的重试期间可以减少由于环境问题引起的重新故障的可能性。

公开(公告)号：US20100191967A1

公开(公告)日：2010-07-29

申请号：US12705323

申请日：2010-02-12

申请人： Yoshihiro FUJII ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： Yoshihiro FUJII ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： H04L9/32 ,  G06F21/20

CPC分类号： H04L9/3273 ,  G06F21/32 ,  G06F2221/2151 ,  H04L9/3231 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/0861 ,  H04L63/166

摘要： A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.

摘要翻译： 在协商处理的握手期间，客户机装置从服务器装置接收包含随机数的消息，生成包含生物体认证方法信息的生物体协商消息，并向服务器装置发送生物统计学协商消息。 然后，客户端装置根据从服务器装置通知的生物体认证方法信息，执行生物体认证，并根据私钥加密随机数。 另外，客户端装置从生物体认证，生物体认证方法信息，加密随机数和客户端证书的结果生成认证器，并向服务器装置发送包括这些的认证上下文。 服务器设备验证认证上下文并在一次握手中建立安全会话。

公开(公告)号：US20080168534A1

公开(公告)日：2008-07-10

申请号：US11969046

申请日：2008-01-03

申请人： Hidehisa TAKAMIZAWA ,  Koji Okada ,  Tomoaki Morijiri ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

发明人： Hidehisa TAKAMIZAWA ,  Koji Okada ,  Tomoaki Morijiri ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

IPC分类号： H04L9/32

CPC分类号： G06F21/32

摘要： A configuration including, in authentication contexts, function unit identification information unique to the function unit that has executed an authentication subprocess in entity devices permits an authentication apparatus to specify the function unit that has executed the authentication subprocess in the entity devices. The verifier, therefore, can verify the legitimacy of the authentication subprocess from the authentication context even in the presence of a plurality of function units capable of executing the same authentication subprocess in the entity devices.

摘要翻译： 在认证上下文中包括在实体设备中执行了认证子过程的功能单元特有的功能单元识别信息，允许认证装置指定在实体设备中执行了认证子过程的功能单元。 因此，即使在存在能够在实体设备中执行相同认证子过程的多个功能单元的情况下，验证者也可以从认证上下文中验证认证子过程的合法性。

公开(公告)号：US20050198331A1

公开(公告)日：2005-09-08

申请号：US11024617

申请日：2004-12-30

申请人： Masaaki Okajima ,  Shigeru Matsumoto ,  Kimio Saba ,  Asahiko Yamada

发明人： Masaaki Okajima ,  Shigeru Matsumoto ,  Kimio Saba ,  Asahiko Yamada

IPC分类号： G06F15/16 ,  H04L29/06

CPC分类号： H04L63/102 ,  H04L63/08

摘要： A seamless system according to the present invention manages data obtained by associating user identification data accepted from a device with processing identification data indicating a process requested to be executed from the device, registers in the data restart achievement data to be used to achieve restarting of the process indicating processing identification data, acquires the processing identification data and restart achievement data corresponding to the user identification data based on the data when a restart request and the user identification have been accepted, and provides to an originating device making a restart request an execution result of the process indicated by the processing identification data obtained based on the restart achievement data.

摘要翻译： 根据本发明的无缝系统管理通过将从设备接受的用户识别数据与表示要从设备执行的处理的处理标识数据相关联而获得的数据，在用于实现重新启动的数据重新启动实现数据中的注册 处理指示处理识别数据，当接收到重新启动请求和用户标识时，基于数据获取处理标识数据并重新开始对应于用户识别数据的成就数据，并且向发起装置提供执行结果 由基于重新启动成果数据获得的处理识别数据指示的处理。

公开(公告)号：US08281373B2

公开(公告)日：2012-10-02

申请号：US13081317

申请日：2011-04-06

申请人： Yoshihiro Fujii ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： Yoshihiro Fujii ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： G06F7/04

CPC分类号： G06F21/32 ,  G07C9/00158

摘要： A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

摘要翻译： 客户端装置将从环境信息获取装置获取的环境信息以及生物体认证信息匹配结果发送到服务器装置。 服务器装置验证诸如亮度的环境信息的有效性以及生物认证信息匹配结果的有效性。 如果环境存在问题，则服务器装置向客户端装置通知环境信息是有问题的。 客户机装置克服了基于来自服务器装置的通知的亮度等环境问题，然后重试生物体认证。 在生物认证的重试期间可以减少由于环境问题引起的重新故障的可能性。

公开(公告)号：US08028330B2

公开(公告)日：2011-09-27

申请号：US11968710

申请日：2008-01-03

申请人： Yoshihiro Fujii ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： Yoshihiro Fujii ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06F17/30

CPC分类号： G06F21/32 ,  G07C9/00158

摘要： A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

摘要翻译： 客户端装置将从环境信息获取装置获取的环境信息以及生物体认证信息匹配结果发送到服务器装置。 服务器装置验证诸如亮度的环境信息的有效性以及生物认证信息匹配结果的有效性。 如果环境存在问题，则服务器装置向客户端装置通知环境信息是有问题的。 客户机装置克服了基于来自服务器装置的通知的亮度等环境问题，然后重试生物体认证。 在生物认证的重试期间可以减少由于环境问题引起的重新故障的可能性。

公开(公告)号：US07840808B2

公开(公告)日：2010-11-23

申请号：US11552299

申请日：2006-10-24

申请人： Hidehisa Takamizawa ,  Koji Okada ,  Tatsuro Ikeda ,  Tomoaki Morijiri ,  Asahiko Yamada

发明人： Hidehisa Takamizawa ,  Koji Okada ,  Tatsuro Ikeda ,  Tomoaki Morijiri ,  Asahiko Yamada

IPC分类号： H04L9/32

CPC分类号： H04L63/0861 ,  G06F21/32 ,  G06F21/34

摘要： A client device transmits service identification information to an authentication device at the time of a service request, prompts selection of one or more authentication entity devices which execute one or more authentication subprocesses from among all the authentication entity devices adaptive to profile information received from the authentication device, based on “function list information defining an execution environment of each of the authentication entity devices”, transmits a request for executing an authentication subprocess to such selected each authentication entity device, and transmits to the authentication device “authentication context information including an execution environment and an execution result of an authentication subprocess” received from such each authentication entity device.

摘要翻译： 客户端设备在服务请求时向认证设备发送业务识别信息，提示从所有认证实体设备中选择执行一个或多个认证子过程的一个或多个认证实体设备，所述验证实体设备适应于从认证接收到的简档信息 设备基于“定义每个认证实体设备的执行环境的功能列表信息”，向该选择的每个认证实体设备发送执行认证子过程的请求，并向认证设备发送“包括执行中的认证上下文信息 环境和认证子过程的执行结果“。