1. Field of the Invention
The present invention relates to an authentication system, apparatus, program, and method for assuring a process constituting authentication to notify a verification side, and particularly to the authentication system, apparatus, program, and method in which a statement concerning the process constituting authentication can be assured by a management to which each process belongs.
2. Description of the Related Art
In communication and service via a network, authentication of a communication party is a required technical element. Recently, authentication subjects are rapidly growing from users to instrument terminals with a widespread open network environment and development of federation technologies of distributed service resources.
At the same time, an authentication means has been developed in various layers. For example, SSL (Secure Sockets Layer)/TLS (Transport Layer Security) can be cited in a session layer of an OSI seven-layer model (see [SSL3.0] A. Frier, P. Karlton, and P. Kocher, “The SSL 3.0 Protocol”, Netscape Communications Corp., Nov. 18, 1996. and [TLS1.0] T. Dierks, C. Allen, “The TLS Protocol Version 1.0”, RFC2246, Jan. 1999, http://www.ietf.org/rfc/rfc2246.txt). The SSL/TLS becomes widespread as a standard secure communication protocol, because the SSL/TLS can provide the transparent secure communication to a higher layer. For an authentication mechanism, the SSL/TLS supports server authentication and client authentication based on a public key certificate.
IPsec can be cited as an example of secure communication for IP (Internet Protocol) which is a communication protocol in the network layer of the OSI seven-layer model (see [IPsec] S. Kent, R. Atkinson, “Security Architecture for the Internet Protocol”, Nov. 1998, <http://www.ietf.org/rfc/rfc2401.txt>). In the IPsec, authentication and encryption are performed at an IP packet level to realize the secure communication in unit of host. The IPsec is used for VPN (Virtual Private Network) and the like. The IPsec supports the authentication of the communication party by a known common key. For dynamic authentication, IPsec can utilize a mechanism, such as IKE and IKEv2, which is a higher security association mechanism.
On the other hand, SAML (Security Assertion Markup Language) has been developed as industrial standard specifications for assertion of the security statement concerning user authentication (for example, see [SAML] OASIS Security Services TC, “Security Assertion Markup Language (SAML) v1.1”, Sep. 2003, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security>). The SMAL is a framework in which the statements concerning client security and policy decision are expressed in an XML format to electronically make assurance.
Thus, the applications of the authentication means via network are currently in progress in the different layers, and, as described above, the authentication means has become the essential technical element for communication and services.
In the case where an authentication object is a person, principal confirmation technology whether the identity of a person is confirmed or not has also received attention. Usually, in the authentication, it is necessary that the authentication object is strictly identified or verified. Therefore, in the case where the authentication object is a person, the strict principal confirmation technology is required.
Currently biometrics can be cited as the potential principal confirmation technology. The biometrics is the technology in which the identity of a person is confirmed by matching biometric information read from an individual person and previously registered biometric information (hereinafter referred to as reference biometric information). The biometric information is one which indicates intrinsic physical features or characteristics in an individual. For example, a fingerprint, an iris, a retina, a face, a voice, a key stroke, a sign, and the like are utilized for the biometrics.
Unlike the existing authentication methods such as a password, the biometrics utilizes the biometric information which is in no danger of being missed or forgotten, so that the user's burden is reduced. Further, because the biometrics is based on the subject which is difficult to be duplicated, the biometrics is effective for prevention of impersonation of a user and the like.
With the widespread of the open network such as the Internet, the utilization of the biometrics is rapidly increasing as the method of performing the authentication of the communication party via network in an electronic commerce. In the identification field, it is studied that the biometrics is used for the principal confirmation of an owner of an identification card.
In the utilization of the biometrics via network, security of matching result and matching information becomes troublesome on a network path. However, on the network path or in the instrument, the risk of theft or tampering of important information such as the biometric information is being reduced by combination of the biometrics and Public Key Infrastructure or a secure medium such as an IC card. Namely, the security on the network path is being improved.
Further, a multimodal biometric system which confirms the principal in an integrated manner by combining the plural biometrics methods is studied. According to the multimodal biometric system, the principal confirmation can be realized with higher accuracy.
However, according to the study of the inventor, in almost all the current authentication technologies, there is the problem that the assurance of each process is not considered because it is assumed that the same management manages the processes constituting the authentication. Namely, unlike the assumption, different managements manage each authentication subprocess in fact.
For example, in the case of the biometrics, there are authentication subprocesses such as a biometric information capturing function and a biometric information matching function. In such authentication subprocesses, mounted devices and deployment on the instrument are often uniquely fixed depending on the system. Specifically, in the case of an MOC (Matching On Card) model which is one of the biometric models, the biometric information capturing function is deployed on a scanner, and the biometric information matching function and a biometric template management function are deployed on the card (smart card and the like). Namely, in the MOC model system, the capturing function as the authentication subprocess is uniquely managed by the scanner, and the matching function and the management function as the authentication subprocess are uniquely managed by the card.
Thus, in the authentication subprocess, the management is often different in each process. Therefore, on the verification side which verifies the authentication result, it is difficult to clearly grasp whether the authentication subprocess of each management is valid or not.
Accordingly, since the validity of the authentication subprocess cannot be grasped, as a whole of the authentication process in which the authentication subprocesses are integrated, there is a fear that trustworthiness is decreased. Particularly, since the authentication process in the open network environment is not always operated by the same management, it is thought that the fear becomes remarkable.