System and device for authentication
    1.
    发明授权
    System and device for authentication 有权
    用于认证的系统和设备

    公开(公告)号:US09386016B2

    公开(公告)日:2016-07-05

    申请号:US11840724

    申请日:2007-08-17

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0861

    摘要: An authentication device receives each authentication context including an output information block, an input information block, and an authenticator block. The output information block includes a process result and process result identification information. The input information block includes a process result and process result identification information. The authentication device verifies each authenticator block. The authentication device searches for the output information block having the same value of process result identification information as the value of process result identification information in the input information block from other authentication contexts based on process result identification information in the input information block included in each authentication context. The authentication device verifies whether or not the process result in the input information block is equal to the process result in the searched output information block, and authenticates that all the authentication contexts have validity when all the verification results are valid.

    摘要翻译: 认证装置接收包括输出信息块,输入信息块和认证器块的每个认证上下文。 输出信息块包括处理结果和处理结果识别信息。 输入信息块包括处理结果和处理结果标识信息。 认证设备验证每个认证器块。 认证装置根据包含在每个认证中的输入信息块中的处理结果识别信息,从其他认证上下文中搜索具有与处理结果识别信息相同的处理结果识别信息值的输出信息块 上下文 验证装置验证输入信息块中的处理结果是否等于搜索到的输出信息块中的处理结果,并且当所有验证结果有效时,认证所有认证上下文都具有有效性。

    VERIFICATION APPARATUS AND PROGRAM
    2.
    发明申请
    VERIFICATION APPARATUS AND PROGRAM 有权
    验证装置和程序

    公开(公告)号:US20100180124A1

    公开(公告)日:2010-07-15

    申请号:US12695781

    申请日:2010-01-28

    IPC分类号: H04L9/32 G06F21/20

    摘要: According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information whilst the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.

    摘要翻译: 根据本发明的一个实施例,第一认证上下文包括指示模板的有效性的模板证书和指示第一设备评估信息的有效性的第一设备评估证书,而第二认证上下文包括第二设备评估 指示第二装置评估信息的有效性的证书。 并且在验证第一和第二认证上下文时验证模板证书和第一和第二评估证书。 因此,可以验证用于认证的模板的有效性或包括在认证上下文中的设备评估信息。

    ACCOUNT MANAGEMENT SYSTEM, ROOT-ACCOUNT MANAGEMENT APPARATUS, DERIVED-ACCOUNT MANAGEMENT APPARATUS, AND PROGRAM
    3.
    发明申请
    ACCOUNT MANAGEMENT SYSTEM, ROOT-ACCOUNT MANAGEMENT APPARATUS, DERIVED-ACCOUNT MANAGEMENT APPARATUS, AND PROGRAM 有权
    帐户管理系统,根帐管理装置,衍生账户管理装置和程序

    公开(公告)号:US20090327706A1

    公开(公告)日:2009-12-31

    申请号:US12501169

    申请日:2009-07-10

    IPC分类号: H04L9/00

    摘要: A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid.

    摘要翻译: 根帐户管理装置在客户端装置的用户的认证结果正确的情况下,基于生存条件和秘密密钥生成电子签名,并且发送包括生存条件,电子签名的导出账户信任元素信息, 派生帐户管理装置的公钥证书。 导出账户管理装置创建导致账户信息,当满足生存条件时,导出账户信息变为有效,从而导出账户信息包括当公共密钥证书的有效期到期时成为无效的导出账户信用单元信息; 无论该有效期如何,用户的生物特征信息模板是有效的。 因此,即使作为根(公钥证书)的认证元素变得无效,也可以防止导出的认证要素(生物体信息模板)变得无效。

    System, apparatus, and program for biometric authentication
    4.
    发明授权
    System, apparatus, and program for biometric authentication 有权
    用于生物认证的系统,设备和程序

    公开(公告)号:US08281373B2

    公开(公告)日:2012-10-02

    申请号:US13081317

    申请日:2011-04-06

    IPC分类号: G06F7/04

    CPC分类号: G06F21/32 G07C9/00158

    摘要: A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

    摘要翻译: 客户端装置将从环境信息获取装置获取的环境信息以及生物体认证信息匹配结果发送到服务器装置。 服务器装置验证诸如亮度的环境信息的有效性以及生物认证信息匹配结果的有效性。 如果环境存在问题,则服务器装置向客户端装置通知环境信息是有问题的。 客户机装置克服了基于来自服务器装置的通知的亮度等环境问题,然后重试生物体认证。 在生物认证的重试期间可以减少由于环境问题引起的重新故障的可能性。

    System, apparatus, and program for biometric authentication
    5.
    发明授权
    System, apparatus, and program for biometric authentication 有权
    用于生物认证的系统,设备和程序

    公开(公告)号:US08028330B2

    公开(公告)日:2011-09-27

    申请号:US11968710

    申请日:2008-01-03

    IPC分类号: H04L9/32 H04L9/00 G06F17/30

    CPC分类号: G06F21/32 G07C9/00158

    摘要: A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

    摘要翻译: 客户端装置将从环境信息获取装置获取的环境信息以及生物体认证信息匹配结果发送到服务器装置。 服务器装置验证诸如亮度的环境信息的有效性以及生物认证信息匹配结果的有效性。 如果环境存在问题,则服务器装置向客户端装置通知环境信息是有问题的。 客户机装置克服了基于来自服务器装置的通知的亮度等环境问题,然后重试生物体认证。 在生物认证的重试期间可以减少由于环境问题引起的重新故障的可能性。

    Verification apparatus and program
    6.
    发明授权
    Verification apparatus and program 有权
    验证装置和程序

    公开(公告)号:US08332648B2

    公开(公告)日:2012-12-11

    申请号:US12695781

    申请日:2010-01-28

    IPC分类号: G06F21/00

    摘要: According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information while the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.

    摘要翻译: 根据本发明的一个实施例,第一认证上下文包括指示模板的有效性的模板证书和指示第一设备评估信息的有效性的第一设备评估证书,而第二认证上下文包括第二设备评估 指示第二装置评估信息的有效性的证书。 并且在验证第一和第二认证上下文时验证模板证书和第一和第二评估证书。 因此,可以验证用于认证的模板的有效性或包括在认证上下文中的设备评估信息。

    Authentication apparatus and entity device
    8.
    发明授权
    Authentication apparatus and entity device 有权
    认证设备和实体设备

    公开(公告)号:US08578446B2

    公开(公告)日:2013-11-05

    申请号:US11969046

    申请日:2008-01-03

    IPC分类号: H04L29/06

    CPC分类号: G06F21/32

    摘要: A configuration including, in authentication contexts, function unit identification information unique to the function unit that has executed an authentication subprocess in entity devices permits an authentication apparatus to specify the function unit that has executed the authentication subprocess in the entity devices. The verifier, therefore, can verify the legitimacy of the authentication subprocess from the authentication context even in the presence of a plurality of function units capable of executing the same authentication subprocess in the entity devices.

    摘要翻译: 在认证上下文中包括在实体设备中执行了认证子过程的功能单元特有的功能单元识别信息,允许认证装置指定在实体设备中执行了认证子过程的功能单元。 因此,即使在存在能够在实体设备中执行相同认证子过程的多个功能单元的情况下,验证者也可以从认证上下文中验证认证子过程的合法性。

    Account management system, root-account management apparatus, derived-account management apparatus, and program
    9.
    发明授权
    Account management system, root-account management apparatus, derived-account management apparatus, and program 有权
    账户管理系统,根账户管理装置,衍生账户管理装置和程序

    公开(公告)号:US08499147B2

    公开(公告)日:2013-07-30

    申请号:US12501169

    申请日:2009-07-10

    IPC分类号: H04L9/00

    摘要: A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid.

    摘要翻译: 根帐户管理装置在客户端装置的用户的认证结果正确的情况下,基于生存条件和秘密密钥生成电子签名,并且发送包括生存条件,电子签名的导出账户信任元素信息, 派生帐户管理装置的公钥证书。 导出账户管理装置创建导致账户信息,当满足生存条件时,导出账户信息变为有效,从而导出账户信息包括当公共密钥证书的有效期到期时成为无效的导出账户信用单元信息; 无论该有效期如何,用户的生物特征信息模板是有效的。 因此,即使作为根(公钥证书)的认证元素变得无效,也可以防止导出的认证要素(生物体信息模板)变得无效。

    Authentication Apparatus and Entity Device
    10.
    发明申请
    Authentication Apparatus and Entity Device 有权
    认证设备和实体设备

    公开(公告)号:US20080168534A1

    公开(公告)日:2008-07-10

    申请号:US11969046

    申请日:2008-01-03

    IPC分类号: H04L9/32

    CPC分类号: G06F21/32

    摘要: A configuration including, in authentication contexts, function unit identification information unique to the function unit that has executed an authentication subprocess in entity devices permits an authentication apparatus to specify the function unit that has executed the authentication subprocess in the entity devices. The verifier, therefore, can verify the legitimacy of the authentication subprocess from the authentication context even in the presence of a plurality of function units capable of executing the same authentication subprocess in the entity devices.

    摘要翻译: 在认证上下文中包括在实体设备中执行了认证子过程的功能单元特有的功能单元识别信息,允许认证装置指定在实体设备中执行了认证子过程的功能单元。 因此,即使在存在能够在实体设备中执行相同认证子过程的多个功能单元的情况下,验证者也可以从认证上下文中验证认证子过程的合法性。