公开(公告)号：US08332648B2

公开(公告)日：2012-12-11

申请号：US12695781

申请日：2010-01-28

申请人： Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

发明人： Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

IPC分类号： G06F21/00

CPC分类号： G06F21/57 ,  G06F21/32 ,  H04L9/3231 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/805

摘要： According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information while the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.

摘要翻译： 根据本发明的一个实施例，第一认证上下文包括指示模板的有效性的模板证书和指示第一设备评估信息的有效性的第一设备评估证书，而第二认证上下文包括第二设备评估 指示第二装置评估信息的有效性的证书。 并且在验证第一和第二认证上下文时验证模板证书和第一和第二评估证书。 因此，可以验证用于认证的模板的有效性或包括在认证上下文中的设备评估信息。

公开(公告)号：US08281373B2

公开(公告)日：2012-10-02

申请号：US13081317

申请日：2011-04-06

申请人： Yoshihiro Fujii ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： Yoshihiro Fujii ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： G06F7/04

CPC分类号： G06F21/32 ,  G07C9/00158

摘要： A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

摘要翻译： 客户端装置将从环境信息获取装置获取的环境信息以及生物体认证信息匹配结果发送到服务器装置。 服务器装置验证诸如亮度的环境信息的有效性以及生物认证信息匹配结果的有效性。 如果环境存在问题，则服务器装置向客户端装置通知环境信息是有问题的。 客户机装置克服了基于来自服务器装置的通知的亮度等环境问题，然后重试生物体认证。 在生物认证的重试期间可以减少由于环境问题引起的重新故障的可能性。

公开(公告)号：US08028330B2

公开(公告)日：2011-09-27

申请号：US11968710

申请日：2008-01-03

申请人： Yoshihiro Fujii ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： Yoshihiro Fujii ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06F17/30

CPC分类号： G06F21/32 ,  G07C9/00158

摘要： A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

摘要翻译： 客户端装置将从环境信息获取装置获取的环境信息以及生物体认证信息匹配结果发送到服务器装置。 服务器装置验证诸如亮度的环境信息的有效性以及生物认证信息匹配结果的有效性。 如果环境存在问题，则服务器装置向客户端装置通知环境信息是有问题的。 客户机装置克服了基于来自服务器装置的通知的亮度等环境问题，然后重试生物体认证。 在生物认证的重试期间可以减少由于环境问题引起的重新故障的可能性。

公开(公告)号：US08732461B2

公开(公告)日：2014-05-20

申请号：US12705323

申请日：2010-02-12

申请人： Yoshihiro Fujii ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： Yoshihiro Fujii ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： H04L9/32 ,  H04L29/06 ,  G06F21/00 ,  G06F7/04 ,  H04L9/00 ,  H04L9/08

CPC分类号： H04L9/3273 ,  G06F21/32 ,  G06F2221/2151 ,  H04L9/3231 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/0861 ,  H04L63/166

摘要： A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.

摘要翻译： 在协商处理的握手期间，客户机装置从服务器装置接收包含随机数的消息，生成包含生物体认证方法信息的生物体协商消息，并向服务器装置发送生物统计学协商消息。 然后，客户端装置根据从服务器装置通知的生物体认证方法信息，执行生物体认证，并根据私钥加密随机数。 另外，客户端装置从生物体认证，生物体认证方法信息，加密随机数和客户端证书的结果生成认证器，并向服务器装置发送包括这些的认证上下文。 服务器设备验证认证上下文并在一次握手中建立安全会话。

公开(公告)号：US08578446B2

公开(公告)日：2013-11-05

申请号：US11969046

申请日：2008-01-03

申请人： Hidehisa Takamizawa ,  Koji Okada ,  Tomoaki Morijiri ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

发明人： Hidehisa Takamizawa ,  Koji Okada ,  Tomoaki Morijiri ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

IPC分类号： H04L29/06

CPC分类号： G06F21/32

摘要： A configuration including, in authentication contexts, function unit identification information unique to the function unit that has executed an authentication subprocess in entity devices permits an authentication apparatus to specify the function unit that has executed the authentication subprocess in the entity devices. The verifier, therefore, can verify the legitimacy of the authentication subprocess from the authentication context even in the presence of a plurality of function units capable of executing the same authentication subprocess in the entity devices.

摘要翻译： 在认证上下文中包括在实体设备中执行了认证子过程的功能单元特有的功能单元识别信息，允许认证装置指定在实体设备中执行了认证子过程的功能单元。 因此，即使在存在能够在实体设备中执行相同认证子过程的多个功能单元的情况下，验证者也可以从认证上下文中验证认证子过程的合法性。

公开(公告)号：US08499147B2

公开(公告)日：2013-07-30

申请号：US12501169

申请日：2009-07-10

申请人： Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

发明人： Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

IPC分类号： H04L9/00

CPC分类号： G06F21/33 ,  G06F21/32 ,  H04L9/3247 ,  H04L9/3263 ,  H04L2209/56 ,  H04L2209/60

摘要： A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid.

摘要翻译： 根帐户管理装置在客户端装置的用户的认证结果正确的情况下，基于生存条件和秘密密钥生成电子签名，并且发送包括生存条件，电子签名的导出账户信任元素信息， 派生帐户管理装置的公钥证书。 导出账户管理装置创建导致账户信息，当满足生存条件时，导出账户信息变为有效，从而导出账户信息包括当公共密钥证书的有效期到期时成为无效的导出账户信用单元信息; 无论该有效期如何，用户的生物特征信息模板是有效的。 因此，即使作为根（公钥证书）的认证元素变得无效，也可以防止导出的认证要素（生物体信息模板）变得无效。

公开(公告)号：US20110185413A1

公开(公告)日：2011-07-28

申请号：US13081317

申请日：2011-04-06

申请人： YOSHIHIRO FUJII ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： YOSHIHIRO FUJII ,  Minoru Nishizawa ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： G06F21/32 ,  G07C9/00158

摘要： A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.

摘要翻译： 客户端装置将从环境信息获取装置获取的环境信息以及生物体认证信息匹配结果发送到服务器装置。 服务器装置验证诸如亮度的环境信息的有效性以及生物认证信息匹配结果的有效性。 如果环境存在问题，则服务器装置向客户端装置通知环境信息是有问题的。 客户机装置克服了基于来自服务器装置的通知的亮度等环境问题，然后重试生物体认证。 在生物认证的重试期间可以减少由于环境问题引起的重新故障的可能性。

公开(公告)号：US20100191967A1

公开(公告)日：2010-07-29

申请号：US12705323

申请日：2010-02-12

申请人： Yoshihiro FUJII ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Asahiko Yamada

发明人： Yoshihiro FUJII ,  Tatsuro Ikeda ,  Koji Okada ,  Tomoaki Morijiri ,  Minoru Nishizawa ,  Hidehisa Takamizawa ,  Asahiko Yamada

IPC分类号： H04L9/32 ,  G06F21/20

CPC分类号： H04L9/3273 ,  G06F21/32 ,  G06F2221/2151 ,  H04L9/3231 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/0861 ,  H04L63/166

摘要： A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.

摘要翻译： 在协商处理的握手期间，客户机装置从服务器装置接收包含随机数的消息，生成包含生物体认证方法信息的生物体协商消息，并向服务器装置发送生物统计学协商消息。 然后，客户端装置根据从服务器装置通知的生物体认证方法信息，执行生物体认证，并根据私钥加密随机数。 另外，客户端装置从生物体认证，生物体认证方法信息，加密随机数和客户端证书的结果生成认证器，并向服务器装置发送包括这些的认证上下文。 服务器设备验证认证上下文并在一次握手中建立安全会话。

公开(公告)号：US20080168534A1

公开(公告)日：2008-07-10

申请号：US11969046

申请日：2008-01-03

申请人： Hidehisa TAKAMIZAWA ,  Koji Okada ,  Tomoaki Morijiri ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

发明人： Hidehisa TAKAMIZAWA ,  Koji Okada ,  Tomoaki Morijiri ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii ,  Asahiko Yamada

IPC分类号： H04L9/32

CPC分类号： G06F21/32

摘要： A configuration including, in authentication contexts, function unit identification information unique to the function unit that has executed an authentication subprocess in entity devices permits an authentication apparatus to specify the function unit that has executed the authentication subprocess in the entity devices. The verifier, therefore, can verify the legitimacy of the authentication subprocess from the authentication context even in the presence of a plurality of function units capable of executing the same authentication subprocess in the entity devices.

摘要翻译： 在认证上下文中包括在实体设备中执行了认证子过程的功能单元特有的功能单元识别信息，允许认证装置指定在实体设备中执行了认证子过程的功能单元。 因此，即使在存在能够在实体设备中执行相同认证子过程的多个功能单元的情况下，验证者也可以从认证上下文中验证认证子过程的合法性。

公开(公告)号：US09386016B2

公开(公告)日：2016-07-05

申请号：US11840724

申请日：2007-08-17

申请人： Hidehisa Takamizawa ,  Asahiko Yamada ,  Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii

发明人： Hidehisa Takamizawa ,  Asahiko Yamada ,  Tomoaki Morijiri ,  Koji Okada ,  Tatsuro Ikeda ,  Minoru Nishizawa ,  Yoshihiro Fujii

IPC分类号： H04L29/06

CPC分类号： H04L63/0861

摘要： An authentication device receives each authentication context including an output information block, an input information block, and an authenticator block. The output information block includes a process result and process result identification information. The input information block includes a process result and process result identification information. The authentication device verifies each authenticator block. The authentication device searches for the output information block having the same value of process result identification information as the value of process result identification information in the input information block from other authentication contexts based on process result identification information in the input information block included in each authentication context. The authentication device verifies whether or not the process result in the input information block is equal to the process result in the searched output information block, and authenticates that all the authentication contexts have validity when all the verification results are valid.

摘要翻译： 认证装置接收包括输出信息块，输入信息块和认证器块的每个认证上下文。 输出信息块包括处理结果和处理结果识别信息。 输入信息块包括处理结果和处理结果标识信息。 认证设备验证每个认证器块。 认证装置根据包含在每个认证中的输入信息块中的处理结果识别信息，从其他认证上下文中搜索具有与处理结果识别信息相同的处理结果识别信息值的输出信息块 上下文 验证装置验证输入信息块中的处理结果是否等于搜索到的输出信息块中的处理结果，并且当所有验证结果有效时，认证所有认证上下文都具有有效性。