Authentication system, authentication device, terminal, and verifying device

摘要

An authentication system, including a service use device 1 which presents blurred information obtained by blurring certification information desired to be certified, service providing devices 3a to 3c which verify the validity of blurred information presented by the service use device 1, and an authentication device 2 which supports the service use device 1 to issue valid blurred information. The authentication device 2 adds a digital signature to information including certification information and blurred information, and generates authentication information including the obtained digital signature, certification information, and blurred information (S2). The service use device 1 generates, based on the authentication information generated in the authentication device 2, blurred authentication information including blurred information selected according to an instruction from a user, instruction information representing the instruction, and a digital signature (S4). The service providing devices 3a to 3c verify the validity of blurred information indicated by instruction information included in the blurred authentication information generated by the service use device 1, based on the digital signature included in the blurred authentication information (S6).

主权项

1. An authentication system comprising:
a terminal which presents blurred identity information obtained by blurring certification information desired to be certified; a verifying device which verifies validity of the blurred identity information presented by said terminal; and an authentication device which supports said terminal to issue valid blurred identity information, wherein said authentication device includes: an information holding unit which holds at least one piece of certification information and at least one set of pieces of blurred identity information, each of the at least one set of pieces of blurred identity information corresponding to one of the at least one piece of certification information; an authentication information generating unit which generates a digital signature by performing a digital signature generation process on information including the certification information and the blurred identity information which are held in said information holding unit, and generates, as authentication information, information which includes: the generated digital signature, the certification information, and the blurred identity information; and a first transmission unit which transmits the generated authentication information to said terminal, said terminal includes: a first receiving unit which receives the authentication information transmitted from said authentication device; a blurring instruction accepting unit which accepts an instruction of which piece of the blurred identity information is to be selected from the set of pieces of blurred identity information corresponding to the one of the at least one piece of certification information and included in the authentication information received by said first receiving unit according to the instruction from a user; a blurred authentication information generating unit which generates, as blurred authentication information, information which includes: the digital signature, and the blurred identity information selected according to the instruction accepted by said blurring instruction accepting unit; and a second transmission unit which transmits the generated blurred authentication information to said verifying device, and said verifying device includes: a second receiving unit which receives the blurred authentication information transmitted from said terminal; and a signature verifying unit which verifies the validity of the blurred identity information included in the blurred authentication information according to the digital signature included in the blurred authentication information received by said receiving unit, wherein the blurred identity information includes information that shows one or more characteristics of a user or a device, said authentication information generating unit includes: a first intermediate value generating unit which generates a first intermediate value by performing a process on the certification information using a first one-way function; and a signature generating unit which generates the digital signature using the generated first intermediate value and the blurred identity information corresponding to the certification information, said blurred authentication information generating unit includes: a second intermediate value generating unit which generates a second intermediate value by performing a process on the certification information using the first one-way function, the certification information corresponding to the blurred identity information selected according to the instruction accepted by said blurring instruction accepting unit; and a data linking unit which links the generated second intermediate value, the blurred identity information, and the digital signature, so as to generate the blurred authentication information, said signature verifying unit verifies the validity of the blurred identity information included in the blurred authentication information according to the second intermediate value and the digital signature which are included in the blurred authentication information, said signature generating unit generates the digital signature from a value generated by performing a process on information using a second one-way function, the information including the first intermediate value and the blurred identity information, and said signature verifying unit performs a process on information using the second one-way function, the information including the second intermediate value included in the blurred authentication information and the blurred identity information included in the blurred authentication information, and checks a consistency between the value obtained by performing the process on the information using the second one-way function and the digital signature included in the blurred authentication information, so as to verify the validity of the blurred identity information included in the blurred authentication information.