1. Field of the Invention
The present invention relates to a remote authentication system identifying a person with biometrics.
2. Description of the Related Art
Heretofore, so as to perform security protection in an information processing system connected to a network, it is necessary to identify a person and to judge approval or disapproval of access of the person, that is, to perform authentication. In addition, in cash dispensers of banks and the like, authentication for identifying a person and accessing the person""s transaction information, and authentication for entrance into and exit from confidential research sites, membership clubs, and the like, which have high confidentiality, are performed.
Identification of a person and authorization of the person""s qualification, that is, authentication is performed with a magnetic card, an IC card, which are positioned similarly to an identification card and the like, and the person""s memory such as a password, and combination of them. There are problems that the authentication cannot be performed because the password is forgotten, and the magnetic card and IC card are lost or broken, and another person, who is not the principal, is authenticated with masquerading by burglary and leakage of password information.
In addition, as one of means for authenticating a user over a network, there is a digital signature for indirectly authenticating the user by authenticating a message created by the user. In the digital signature, first, a message sender attaches a cryptogram that is encrypted from a message digest, into which an original message is compressed, with the sender""s cryptographic key to the message. A message receiver confirms that the message is one, which the sender himself/herself sent, and that the message is not tampered, by creating a message digest from the message received, decoding the message digest from the cryptogram, which is attached, with the sender""s decoding key, and confirming coincidence of these two message digests.
In addition, in the above-described encryption method, there are a common key encryption method, using the same key for a cryptographic key and a decoding key, and a public key encryption method using different keys for the cryptographic key and decoding key. In the public key encryption method, when one key is set as a secret key and is kept safely and another key is officially announced as a public key, the cryptogram encrypted with the public key cannot be decoded into the original message if a receiver has not the secret key, and hence the sender can transfer the message in such a form that only the receiver, who is desired by the sender, can decode, and the cryptogram encrypted with the secret key can be decoded with the public key into the original message, and hence the receiver can authenticates that the message is one from the sender herself/himself having the secret key.
Heretofore, although, in RFC1421 and RFC1422 (PEM: Privacy Enhancement for Internet Electronic Mail) that are registered in RFC (Request For Comment) of IETF (Internet Engineering Task Force), the digital signature and message encryption are performed with the public key encryption method and common key encryption method, there is a problem that it is necessary to administrate the secret key on the sender""s hands since the sender uses the own secret key, for example, to safely keep the secret key with saving the secret key in a floppy disk, a magnetic card, and an IC card.
On the other hand, in the authentication with biometrics information, which is a person""s biological characteristic such as finger print information, palm print information, handwriting information, and retina information, it is difficult to perform masquerade and is unnecessary to administrate the information of the secret key so long as the user himself/herself presents, and it is possible to resolve the complexness of keeping a baggage and the threat of loss at the time of the authentication of a person and the complexness of memory at the time of the authentication of a password with the magnetic card and IC card. Nevertheless, there are problems that, if the authentication with the biometrics information is necessary in a wide range, the equipment for performing the centralized administration and authentication of the biometrics information is necessary, and that it is necessary to keep security with concealing the user""s biometrics information at the time of transferring the biometrics information to the equipment, performing the authentication, from the viewpoint of protection of privacy.
Furthermore, in general, random numbers are for creating a cryptographic key in a system creating the cryptographic key used for concealing the biometrics information. Nevertheless, there is also a problem that it is important to eliminate the tendency of the random numbers so as to make it difficult to break the cryptographic key.
In addition, an apparatus acquiring biometrics should be properly administrated from the viewpoint of protection of users"" privacy, and it is necessary to authenticate an administrator. Nevertheless, there is a problem that, since another person cannot act for the administrator if the authentication of this administrator was performed with biometrics, another person can never perform the access to the biometrics acquisition apparatus including initialization. Furthermore, there is a problem that even a valid administrator can never perform the access to the biometrics acquisition apparatus including initialization if the biometrics used for the authentication is largely changed or lost by suffering damage in an accident in case of the valid administrator.
Moreover, in general, a system performing user authentication is required to find an invalid authentication, for example, as for a cash card in a bank, there is means for making a cash card unusable if authentication with a preset number of times of password inputs is unsuccessful. Also, a user authentication system with the biometrics is required to find an invalid authentication. Nevertheless, a condition of biometrics is different for every person, for example, in a system authenticating a person with finger print matching, a minimum matching rate identifying a person as the principal is determined, but a person whose finger is rough or worn gets a low matching rate even if the person can obtain the best biometrics information at the time, and a failure probability of the authentication itself increases if the matching rate decreases due to minor failure such as insufficient contact at the time of acquiring the finger print. Therefore, there is a problem that it cannot be equally performed for all the persons that it is judged to be an unsuccessful authentication within only the preset number of times.
The present invention is provided to solve the above problems. An object of the present invention is to provide a remote authentication system which securely authenticates by utilizing biometrics information, which is the user""s personal information, and is firm on security when performing authentication of a person with the biometrics information, and a remote authentication method.
In a remote authentication system, in which an authentication server, an application server, and a user terminal are connected to a network respectively, and which authenticates a user using the user terminal, a remote authentication system according to a first invention is a system, wherein the authentication server has a pair of a public key and a secret key in a public key encryption method, announces the public key, and conceals the secret key; wherein at least one kind or a plural kind of biometrics acquisition apparatus is connected to the user terminal; wherein the biometrics acquisition apparatus: encrypts user""s biometrics information, acquired at the time of authentication, with a common key in a common key encryption method; acquires date and time information, creates a message digest with connecting the date and time information with the common key, and further encrypts the message digest with the common key; acquires the public key of the authentication server, which the user assigns, and encrypts the common key with the public key of the authentication server; and transfers the biometrics information encrypted, the common key and date and time information, which is encrypted, and the message digest encrypted with connecting the date and time information with the common key, as authentication information to the user terminal; and wherein the user terminal and application server transfer the authentication information to the authentication server, and the authentication server: decodes user""s biometrics information with the common key acquired by decoding the authentication information, which is transferred, with the secret key; authenticates the user with the biometrics information; and encrypts result of authentication and a message digest of the result of the authentication with the secret key and transfers both to the application server.
In addition, in a remote authentication system, in which an authentication server and a user terminal are connected to a network respectively, and which authenticates a user using the user terminal, a remote authentication system according to a second invention is a system, wherein the authentication server has a pair of a public key and a secret key in a public key encryption method, announces the public key, and conceals the secret key; wherein at least one kind or a plural kind of biometrics acquisition apparatus is connected to the user terminal; wherein the biometrics acquisition apparatus: encrypts user""s biometrics information, acquired at the time of authentication, with a common key in a common key encryption method; acquires date and time information, creates a message digest with connecting the date and time information with the common key, further encrypts the message digest with the common key; acquires the public key of the authentication server, which the user assigns, and encrypts the common key with the public key of the authentication server; and transfers the biometrics information encrypted, the common key and date and time information, which is encrypted, and the message digest encrypted with connecting the date and time information with the common key, as authentication information to the user terminal; wherein the user terminal transfers the authentication information to the authentication server; and wherein the authentication server: decodes user""s biometrics information with the common key acquired by decoding the authentication information, which is transferred, with the secret key; authenticates the user with the biometrics information; and encrypts result of authentication and a message digest of the result of the authentication and transfers both to the user terminal.
In addition, a remote authentication system is a system, wherein a biometrics acquisition apparatus: transfers biometrics information to a user terminal without encrypting the biometrics information at the time of authentication; encrypts the user""s biometrics information, which the user terminal obtains, with a common key in a common key encryption method; acquires date and time information, creates a message digest with connecting the date and time information with the common key, encrypts the message digest with the common key; acquires a public key of an authentication server, which the user assigns; encrypts the common key with the public key of the authentication server; and transfers the biometrics information encrypted, the common key and date and time information, which is encrypted, and the message digest encrypted with connecting the date and time information with the common key, as authentication information.
Furthermore, a remote authentication system according to a fourth invention uses biometrics information as a part or all of random numbers for creating a common key in a common key encryption method for encrypting the user""s biometrics information acquired, at the time of authentication.
A remote authentication system according to a fifth invention is a system, wherein a biometrics acquisition apparatus includes: an authentication unit of an administrator administrating the biometrics acquisition apparatus; and an authentication unit of an initializer initializing the biometrics acquisition apparatus, wherein the two authentication units perform authentication separately, and can perform only the initialization with authentication of the initializer.
A remote authentication system according to a sixth invention is a system, wherein an authentication server: saves historic records of matching rates that are results of matching biometrics at the time of user authentication; compares a matching rate with an average matching rate at the time of identifying a user as a principal until the previous occasion if the authentication server does not identify the user as the principal at the time of user authentication; confirms whether the matching rate at this time changes more largely than a preset value determined by an administrator; and informs a contact, who is registered beforehand, if a number of failed times due to changes more largely than the fixed value reaches a fixed value determined by the administrator.
A remote authentication system according to a seventh invention is a system, wherein an authentication server: saves historic records of matching rates that are results of matching biometrics at the time of user authentication; compares a matching rate with a matching rate at the time of identifying a user as a principal until the previous occasion at the time of user authentication if the authentication server identifies the user as the principal; makes the user authentication unsuccessful if the two matching rates are the same rates and a message digest of biometrics information is not saved, performs message digest calculation of biometrics information at this time, saves the message digest of biometrics information with the matching rate; saves a message digest of biometrics information at this time with a matching rate as a pair with calculating the message digest of biometrics information at this time if the two matching rates are the same and a message digest is saved, compares the message digest of biometrics information at this time with the message digest of biometrics information at the same matching rate in the past, identifies the user as a principal if both message digests are different from each other; does not identify the user as a principal if a pair of a matching rate and a message digest at this time completely coincides with a pair of a matching rate and a message digest in the past; and informs a contact, who is registered beforehand, if a number of cases that the pair of the matching rate and message digest at this time completely coincides with the pair of the matching rate and message digest in the past reaches a value equal to or larger than a fixed value which is determined by an administrator.