| 摘要 |
According to an embodiment, a biometric reference information storage apparatus transmits, to the biometric reference information certificate generation apparatus, a biometric authentication context including the challenge information, the hash value of the biometric reference information, and a first digital signature. The biometric reference information certificate generation apparatus verifies the challenge information and the first digital signature. The biometric reference information certificate generation apparatus transmits a biometric reference information certificate to the biometric reference information storage apparatus. The biometric reference information storage apparatus writes the biometric reference information and the biometric reference information certificate in a storage module. |
| 主权项 |
1. A biometric reference information registration system comprising a biometric reference information storage apparatus and biometric reference information certificate generation apparatus configured to communicate with each other through a network, the biometric reference information registration system registering biometric reference information of an authentication target person in the biometric reference information storage apparatus,
the biometric reference information storage apparatus including: a first private key storage module configured to store a first private key of the apparatus; a challenge information reception module configured to receive challenge information from the biometric reference information certificate generation apparatus; a biometric reference information generation module configured to generate biometric reference information based on biometric information sampled from the authentication target person; a hash value generation module configured to generate a hash value of the biometric reference information; a first signature generation module configured to generate a first digital signature based on the first private key for the challenge information and the hash value of the biometric reference information; a biometric authentication context generation module configured to generate a biometric authentication context including the challenge information, the hash value of the biometric reference information, and the first digital signature; a biometric authentication context transmission module configured to transmit the hash value of the biometric reference information and the biometric authentication context to the biometric reference information certificate generation apparatus; a certificate reception module configured to receive, from the biometric reference information certificate generation apparatus, a biometric reference information certificate including the hash value of the biometric reference information, the biometric authentication context, and a second digital signature for the hash value of the biometric reference information and the biometric authentication context; a first extraction module configured to extract the hash value of the biometric reference information and the biometric authentication context from the biometric reference information certificate; a hash value verification module configured to verify the extracted hash value based on the generated hash value; a biometric authentication context verification module configured to verify the extracted biometric authentication context based on the generated biometric authentication context; a storage module configured to store the biometric reference information and the biometric reference information certificate; and a write module configured to, when respective results of the verifications by the hash value verification module and the biometric authentication context verification module represent validity, write the biometric reference information and the biometric reference information certificate in the storage module, and the biometric reference information certificate generation apparatus including: an account storage module configured to store a user ID of the authentication target person and the biometric reference information certificate in association with each other; a second private key storage module configured to store a second private key of the apparatus; a challenge information transmission module configured to generate the challenge information and transmitting the challenge information to the biometric reference information storage apparatus; a biometric authentication context reception module configured to receive the hash value of the biometric reference information and the biometric authentication context from the biometric reference information storage apparatus; a second extraction module configured to extract challenge information from the received biometric authentication context; a challenge information verification module configured to verify the extracted challenge information based on the transmitted challenge information; a signature verification module configured to verify a first digital signature in the received biometric authentication context based on a first public key corresponding to the first private key; a second signature generation module configured to, when respective results of the verifications by the challenge information verification module and the signature verification module represent validity, generate the second digital signature based on the second private key for the hash value of the biometric reference information and the biometric authentication context that have been received; a certificate generation module configured to generate the biometric reference information certificate including the hash value of the biometric reference information, the biometric authentication context, and the second digital signature; a certificate write module configured to write the generated biometric reference information certificate in the account storage module in association with the user ID of the authentication target person; and a certificate transmission module configured to transmit the generated biometric reference information certificate to the biometric reference information storage apparatus. |
