Terminal, system, method for controlling the terminal, and program
The terminal and system securely acquire, verify, and store biometric certificates to prevent unauthorized acquisition, addressing the vulnerability of biometric information in digital wallets and ensuring only authorized users' information is stored.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- NEC CORP
- Filing Date
- 2024-10-23
- Publication Date
- 2026-06-30
AI Technical Summary
Biometric information certificates stored in digital wallets are vulnerable to unauthorized acquisition and fraud, posing a risk in self-sovereign systems where users manage their own information.
A terminal and system that includes an acquisition unit to obtain biometric information certificates, a verification unit for identity confirmation, and a storage unit to securely store the certificates only upon successful verification, preventing unauthorized acquisition.
Prevents fraudulent storage of biometric certificates by ensuring that only the authorized user's biometric information is stored in the digital wallet, thereby enhancing security and integrity of personal information.
Smart Images

Figure 0007882437000001 
Figure 0007882437000002 
Figure 0007882437000003
Abstract
Description
Technical Field
[0001] The present invention is based on the claim of priority of Japanese Patent Application: Japanese Patent Application No. 2023-202542 (filed on November 30, 2023), and the entire description of the application is incorporated herein by reference. The present invention relates to a terminal, a system, a method for controlling a terminal, and a program.
Background Art
[0002] There are technologies related to user authentication.
[0003] For example, the personal authentication system of Patent Document 1 includes a user terminal and a service provider device that are communicably connected to each other. On the user terminal side, the collation unit collates the biometric information input from the sensor with the registered biometric information registered in advance in the registered biometric information storage unit, and sends the result to the service provider device as the personal authentication processing result. At this time, the processing certificate generation unit generates certificate information that guarantees the content of the authentication process or its authentication accuracy, and sends it to the service provider device. On the service provider device side, the processing certificate confirmation unit uses the personal authentication processing result and the certificate information to connect various user terminals that perform personal confirmation processing, and realizes a system that can provide services according to different accuracy levels of the personal confirmation processing.
Prior Art Documents
Patent Documents
[0004]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0005] As disclosed in Patent Document 1, biometric information is used to verify the identity of users. In recent years, with the growing awareness of personal information protection, systems in which users manage their own information (self-sovereign systems) have begun to spread. For example, digital content such as identification documents are stored in digital wallets on smartphones, etc. It is envisioned that biometric information certificates will be stored in such digital wallets, but there are concerns about fraud, such as storing another person's biometric information certificate in a digital wallet.
[0006] The primary objective of this invention is to provide a terminal, a system, a method for controlling the terminal, and a program that contribute to preventing the unauthorized acquisition of biometric information certificates stored in smartphones and the like. [Means for solving the problem]
[0007] According to a first aspect of the present invention, a terminal is provided that includes: an acquisition means for acquiring a biometric information certificate, which is a certificate that certifies the biometric information of a person to be issued and includes the biometric information of the person to be issued, from a certificate issuer that holds the biometric information of the user; a verification means for performing identity verification using the biometric information obtained from the acquired biometric information certificate and the biometric information of the user; and a storage means for storing the acquired biometric information certificate when the identity verification is determined to be successful.
[0008] According to a second aspect of the present invention, a system is provided which includes a server device and a terminal, managed by a certificate issuer that holds the user's biometric information, wherein the terminal comprises: an acquisition means for acquiring a biometric information certificate from the server device, which is a certificate that certifies the biometric information of the person to be issued and includes the biometric information of the person to be issued; a verification means for performing identity verification using the biometric information obtained from the acquired biometric information certificate and the user's biometric information; and a storage means for storing the acquired biometric information certificate when the identity verification is determined to be successful.
[0009] A third aspect of the present invention provides a terminal control method that includes obtaining a biometric information certificate from a certificate issuer that holds the user's biometric information, which is a certificate that certifies the biometric information of the person to whom the certificate is issued and includes the biometric information of the person to whom the certificate is issued, performing identity verification using the biometric information obtained from the obtained biometric information certificate and the user's biometric information, and if the identity verification is determined to be successful, storing the obtained biometric information certificate.
[0010] According to a fourth aspect of the present invention, a program is provided for a computer installed in a terminal to perform the following processes: obtaining a biometric information certificate from a certificate issuer that holds the user's biometric information, which is a certificate that certifies the biometric information of the person to be issued and includes the biometric information of the person to be issued; performing identity verification using the biometric information obtained from the obtained biometric information certificate and the user's biometric information; and, if the identity verification is determined to be successful, storing the obtained biometric information certificate. [Effects of the Invention]
[0011] According to each aspect of the present invention, a terminal, a system, a terminal control method, and a program are provided that contribute to preventing the unauthorized acquisition of biometric information certificates stored in smartphones and the like. However, the effects of the present invention are not limited to those described above. The present invention may also produce other effects in lieu of or in conjunction with the effects described above. [Brief explanation of the drawing]
[0012] [Figure 1] Figure 1 is a diagram illustrating the outline of one embodiment. [Figure 2] Figure 2 is a flowchart showing the operation of one embodiment. [Figure 3] Figure 3 shows an example of a schematic configuration of an information processing system according to the embodiment of this disclosure. [Figure 4] Figure 4 shows an example of the display of a terminal according to the embodiment of this disclosure. [Figure 5]FIG. 5 is a diagram for explaining the operation of the information processing system according to an embodiment of the present disclosure. [Figure 6] FIG. 6 is a diagram for explaining the operation of the information processing system according to an embodiment of the present disclosure. [Figure 7] FIG. 7 is a diagram for explaining the operation of the information processing system according to an embodiment of the present disclosure. [Figure 8] FIG. 8 is a diagram for explaining the operation of the information processing system according to an embodiment of the present disclosure. [Figure 9] FIG. 9 is a diagram showing an example of the processing configuration of the terminal according to an embodiment of the present disclosure. [Figure 10] FIG. 10 is a flowchart showing an example of the operation of the acquisition control unit according to an embodiment of the present disclosure. [Figure 11] FIG. 11 is a diagram showing an example of the processing configuration of the server device according to an embodiment of the present disclosure. [Figure 12] FIG. 12 is a diagram showing an example of the processing configuration of the business operator terminal according to an embodiment of the present disclosure. [Figure 13] FIG. 13 is a flowchart showing an example of the operation of the service provision control unit according to an embodiment of the present disclosure. [Figure 14] FIG. 14 is a sequence diagram showing an example of the operation of the information processing system according to an embodiment of the present disclosure. [Figure 15] FIG. 15 is a sequence diagram showing an example of the operation of the information processing system according to an embodiment of the present disclosure. [Figure 16] FIG. 16 is a diagram showing an example of the processing configuration of the terminal according to a modification of an embodiment of the present disclosure. [Figure 17] FIG. 17 is a diagram showing an example of the display of the terminal according to a modification of an embodiment of the present disclosure. [Figure 18] FIG. 18 is a diagram for explaining the operation of the information processing system according to a modification of an embodiment of the present disclosure. [Figure 19] FIG. 19 is a diagram showing an example of the display of the terminal according to a modification of an embodiment of the present disclosure. [Figure 20]FIG. 20 is a diagram showing an example of the display of a terminal according to a modification of an embodiment of the present disclosure. [Figure 21] FIG. 21 is a diagram for explaining the operation of an information processing system according to an embodiment of the present disclosure. [Figure 22] FIG. 22 is a diagram showing an example of the hardware configuration of a terminal according to the present disclosure.
MODE FOR CARRYING OUT THE INVENTION
[0013] First, an overview of an embodiment will be described. The reference numerals in the drawings appended to this overview are for convenience of each element as an example to assist understanding, and the description of this overview is not intended to be limiting in any way. Further, unless otherwise specified, the blocks described in each drawing do not represent a configuration in hardware units but a configuration in functional units. The connection lines between the blocks in each figure include both bidirectional and unidirectional ones. The one-way arrow schematically shows the flow of the main signal (data) and does not exclude bidirectionality. In this specification and the drawings, elements that can be similarly described may be denoted by the same reference numerals, and redundant description may be omitted.
[0014] A terminal 100 according to an embodiment includes an acquisition unit 101, a confirmation unit 102, and a storage unit 103 (see FIG. 1). The acquisition unit 101 acquires a biometric information proof certificate that proves the biometric information of the issuer, which includes the biometric information of the issuer, from a proof certificate issuer holding the biometric information of the user (step S1 in FIG. 2). The confirmation unit 102 performs an identity verification using the biometric information obtained from the acquired biometric information proof certificate and the biometric information of the user (step S2). The storage unit 103 stores the acquired biometric information proof certificate when the identity verification is determined to be successful (step S3).
[0015] When terminal 100 obtains a biometric certificate, it performs identity verification using the biometric information certified by the certificate (identity verification of the user operating terminal 100). If identity verification is successful, terminal 100 accepts the biometric certificate obtained from the certificate issuer. For example, terminal 100 stores the obtained biometric certificate in its digital wallet. As a result, it is prevented that the biometric certificate will not be stored on the smartphone or other device of a user who has biometric information different from the biometric information certified by the certificate. In other words, it prevents the fraudulent acquisition of biometric certificates stored on smartphones or other devices.
[0016] Specific embodiments will be described in more detail below with reference to the drawings.
[0017] [First Embodiment] The first embodiment will be described in more detail with reference to the drawings.
[0018] [System Configuration] As shown in Figure 3, the information processing system according to the first embodiment includes at least one certificate issuer and at least one service provider.
[0019] A certificate issuer is the entity that issues certificates to users. For example, a certificate issuer issues certificates that prove the user's "identity" or "attributes." For example, a certificate issuer issues an identification card that proves the user's name, gender, date of birth, address, etc.
[0020] Alternatively, the certificate issuer may issue a "biometric information certificate" that certifies the "biometric information" of the user's physical characteristics. The biometric information certificate certifies that the biometric information contained in the certificate is the biometric information of the person to whom it was issued. In other words, the certificate issuer certifies that the biometric information contained in the biometric information certificate is the biometric information of the person to whom it was issued.
[0021] Examples of biometric information include data (feature quantities) calculated from individual physical characteristics such as face, fingerprints, voiceprints, veins, retina, and iris patterns. Alternatively, biometric information may be image data such as face images or fingerprint images. Biometric information only needs to include information about the user's physical characteristics. This disclosure describes the case where biometric information related to a person's "face" (face image or feature quantities generated from a face image) is used.
[0022] Alternatively, a certificate issuer may issue a certificate that proves the user's "rights" or "qualifications." For example, a certificate issuer may issue a "service eligibility certificate" that proves the user is qualified (right) to receive a specified service.
[0023] For example, public institutions that issue identification documents such as driver's licenses, passports, and My Number cards are considered certificate issuers. Alternatively, companies and universities that possess facial images of users (employees, students) are also considered certificate issuers.
[0024] Alternatively, a business that provides services to users (customers) may be considered a certificate issuer. For example, a ticket vendor that sells airline or train tickets, or concert tickets, would be a certificate issuer.
[0025] The tickets sold by ticket vendors qualify as the service eligibility certificates mentioned above. In the following explanation, the certificate related to the ticket necessary for a user to receive the service may also be referred to as a "ticket certificate." A ticket certificate is one type of service eligibility certificate.
[0026] Each certificate issuer has a server device 10. The server device 10 is a server that performs the processing and operations necessary to carry out the certificate issuer's business. The server device 10 may be managed and operated by the certificate issuer, or its management and operation may be entrusted to another business operator, etc. The server device 10 may be installed in the certificate issuer's building, or it may be installed on a network (on the cloud).
[0027] A service provider is a business that provides services to users. As mentioned above, a ticket vendor that sells tickets to users is a service provider. Alternatively, a business that operates a theme park or holds concerts is a service provider. Alternatively, a business that operates transportation such as railways, buses, and airplanes is a service provider. Alternatively, businesses such as retail stores and restaurants are service providers. Service providers are not limited to private companies; public institutions such as city halls are also included as service providers in the disclosure of this application.
[0028] Depending on the industry and business type of the service provider, the same business may act as both the certificate issuer and the service provider.
[0029] Each service provider is equipped with a service server 20 and a service terminal 21 for providing services to users. For example, the service server 20 provides services to users via a website. For example, the service server 20 provides online services to users without requiring instructions or operations from the service provider's employees, etc. (the service server 20 provides services automatically and autonomously).
[0030] Alternatively, employees of the service provider may operate the service provider terminal 21 to provide services to users. The service provider terminal 21 may be a personal computer, a tablet, a POS (Point of Sale) terminal, or a digital signage terminal.
[0031] Alternatively, the service server 20 and the service provider terminal 21 may be connected, and the service provider's employees may provide services to users while referring to information stored on the service server 20 via the service provider terminal 21.
[0032] The user possesses terminal 30. For example, the user operates terminal 30 to request (demand) the issuance of a certificate from a certificate issuer. The user also uses terminal 30 to provide the service provider with the certificate requested by the service provider (e.g., a service eligibility certificate; a ticket certificate).
[0033] Each device shown in Figure 3 is connected to a network. Specifically, the server device 10, service server 20, carrier terminal 21, and terminal 30 are connected to the network by wired or wireless communication means.
[0034] The configuration of the information processing system shown in Figure 3 is illustrative and not intended to limit its configuration. For example, the server devices 10 of each certificate issuer and the devices of the service providers (service servers 20, service provider terminals 21) may belong to different networks. Alternatively, each certificate issuer may include multiple server devices 10. Load balancing and redundancy may be achieved by using multiple server devices 10. Similarly, each service provider may include multiple service servers 20 and multiple service provider terminals 21.
[0035] [General operation] Next, we will describe the general operation of the information processing system according to the first embodiment.
[0036] <Preparing your digital wallet> The user's terminal 30 is equipped with a digital wallet function. A digital wallet is an electronic information storage service that guarantees information security, including data integrity, reliability, and availability.
[0037] The user installs an application on their device 30 to implement a digital wallet. By opening a digital wallet on device 30, the user can store various digital content on device 30, such as employee IDs, student IDs and other identification documents, ticket certificates such as airline tickets and concert tickets, biometric information certificates, electronic money, and credit card information.
[0038] <Acquisition of digital content> Users who open a digital wallet will acquire the digital content to be stored in that digital wallet.
[0039] The user operates terminal 30 to request the issuance of a certificate from the certificate issuer. Specifically, the digital wallet application requests the issuance of a certificate from the certificate issuer. All or part of the certificate issuer issues VCs (Verifiable Credentials) as certificates, whose contents can be verified online. In the following explanation, VCs will be referred to as "credential certificates".
[0040] By obtaining certificates from various certificate issuers, the user's terminal 30 stores digital content such as that shown in Figure 4. The digital content stored in terminal 30 includes biometric certificates, passports, driver's licenses, service eligibility certificates (ticket certificates), electronic money, etc.
[0041] When opening a digital wallet, the user first obtains a biometric certificate containing their biometric information. The user obtains a biometric certificate (VCs) issued as a credential. Subsequently, the user obtains identification documents such as employee IDs and service eligibility certificates. For example, the user obtains a service eligibility certificate (VCs) issued as a credential.
[0042] In the following explanations, unless otherwise specified, biometric information certificates and service eligibility certificates are considered credential documents.
[0043] <Procedure for obtaining a certificate of credentials> First, we will explain how to obtain a credential certificate. The procedures common to obtaining a biometric certificate and a service eligibility certificate will be explained as the procedures for obtaining a credential certificate. After that, we will explain the procedures that differ for obtaining a biometric certificate and a service eligibility certificate.
[0044] Prior to requesting the issuance of a credential certificate, the user's terminal 30 generates a public key and a private key pair. The terminal 30 also generates a decentralized identifier (DID). The terminal 30 registers the generated DID (user ID; holder ID) and public key on the blockchain (step S01 in Figure 5).
[0045] Furthermore, the user's terminal 30 presents its user ID and requests the certificate issuer (server device 10) to issue a credential certificate. Specifically, the terminal 30 sends a "certificate issuance request" to the server device 10, which includes information about the certificate to be issued (e.g., the type of credential certificate), information identifying the subject to be certified by the credential certificate, and the user ID (step S02).
[0046] The server device 10 generates and stores the issuer's DID (Issuer ID), private key, and public key in advance.
[0047] Upon receiving a request for a certificate, the certificate issuer determines whether or not they can issue the credential certificate requested by the user.
[0048] If it is possible to issue the credential certificate requested by the user, the server device 10 generates a credential certificate that includes the issuer ID and user ID.
[0049] Specifically, the server device 10 generates metadata including the type of credential certificate, the name of the issuing organization, the date and time of issuance, and the validity period, as well as the credential information itself and the credential certificate including the issuer's public key information and digital signature. The credential information itself contains specific information that the issuer certifies.
[0050] The server device 10 transmits the generated credential certificate to the user's terminal 30 (the user who will be the holder of the certificate; the person who requested the issuance of the certificate) (certificate issuance; step S03).
[0051] Furthermore, the server device 10 registers the issuer ID and the public key generated above on the blockchain (step S04).
[0052] Terminal 30 stores the received credential certificate in its digital wallet. When storing the credential certificate in the digital wallet, terminal 30 verifies the user's identity.
[0053] <Obtaining a Biometric Information Certificate> The user operates terminal 30 to request the issuance of a biometric information certificate from the company or university to which they belong. In other words, the company or university becomes the issuer of the biometric information certificate. Here, we will explain the case in which the user requests the issuance of a biometric information certificate related to a "facial image" from the company to which they work. Terminal 30 obtains a biometric information certificate related to the person's face.
[0054] The user's terminal 30 sets the type of certificate to be issued as "Biometric Information Certificate," and the information identifying the person to be certified as "Employee Number" and "Facial Image," respectively, and sends a "Certificate Issuance Request" for the Biometric Information Certificate to the server device 10 (see Figure 6). Note that the information identifying the person to be certified may include the user's name or a combination of name and date of birth.
[0055] When requesting the issuance of a biometric certificate, the information used to identify the person to be certified by the biometric certificate includes information identifying the recipient of the biometric certificate (e.g., employee number) and the type of biometric information to be certified by the biometric certificate (e.g., facial image).
[0056] If a user who wishes to obtain a biometric certificate is an employee of the company (i.e., an employee corresponding to the employee number exists), the server device 10 generates a biometric certificate (facial certificate; facial VCs) using the employee's facial image. The biometric certificate's credentials contain a facial image acquired when the employee joined the company (a facial image registered with the server device 10 after identity verification at the time of hiring).
[0057] The server device 10 transmits the generated biometric information certificate (face information certificate; face VCs) to the terminal 30.
[0058] Upon receiving the biometric information certificate, terminal 30 performs identity verification of the user. In doing so, terminal 30 obtains the user's biometric information. Specifically, terminal 30 instructs the user to take a selfie and obtains an image of the user's face.
[0059] Terminal 30 performs identity verification using facial images obtained from biometric identification documents and facial images obtained from selfies. If identity verification is successful, terminal 30 stores the biometric identification documents (facial VCs) in a digital wallet.
[0060] If terminal 30 fails to verify the user's identity, it will discard the acquired biometric certificate.
[0061] In this way, when terminal 30 obtains a biometric certificate, it verifies whether the biometric information certified by the certificate matches the biometric information of the terminal 30's user (operator). If the two biometric records match (i.e., identity verification is successful), terminal 30 accepts the biometric certificate obtained from an organization or group such as a company or university. As a result, fraud is prevented in which a user obtains another person's biometric certificate and stores that biometric certificate in their own digital wallet. In other words, impersonation is prevented by a simple method of performing identity verification when storing biometric information in the digital wallet. In this way, terminal 30 stores the biometric information of the digital wallet holder as a biometric certificate (a biometric certificate issued as a credential certificate) in the digital wallet.
[0062] <Obtaining a Service Receiver Certificate> When a biometric certificate is stored in a digital wallet, the user obtains other credential documents besides the biometric certificate. Here, we will explain using the example of a user obtaining a service eligibility certificate for concert tickets from a ticket vendor.
[0063] It is assumed that the user has an account with the ticket vendor and has already purchased tickets through that account. When the user purchases a ticket, a ticket ID that identifies the purchased ticket will be issued to the ticket purchaser.
[0064] The user's terminal 30 sets the type of certificate to be issued as "Service Qualification Certificate" and the information that identifies the subject of the service qualification certificate as "Ticket ID," and sends a "Certificate Issuance Request" regarding the service qualification certificate to the server device 10 (see Figure 7).
[0065] If a user who wishes to receive a service access certificate has purchased a ticket (i.e., the ticket ID is valid), the server device 10 generates a service access certificate (ticket certificate) using the ticket purchaser's ticket information. The service access certificate itself stores information about the ticket purchased by the user (for example, concert name, concert date and time, concert venue, seat type, etc.).
[0066] The server device 10 transmits the generated service access certificate (ticket certificate) to the terminal 30.
[0067] Upon receiving the service eligibility certificate (ticket certificate), terminal 30 performs identity verification of the user. At that time, terminal 30 acquires the user's biometric information. Specifically, terminal 30 instructs the user to take a selfie and acquires an image of the user's face.
[0068] Terminal 30 performs identity verification using facial images obtained from biometric certificates (facial VCs) stored in the digital wallet and facial images obtained from selfies. If identity verification is successful, terminal 30 stores the service eligibility certificate in the digital wallet.
[0069] If identity verification fails, terminal 30 discards the service eligibility certificate.
[0070] In this way, terminal 30 performs identity verification when a service eligibility certificate is obtained. This identity verification confirms the identity of the user who received the biometric information certificate and the operator of terminal 30 (the recipient of the service eligibility certificate). As a result, fraud is prevented in which a user borrows another person's terminal 30 and stores the certificate of purchase (service eligibility certificate) in the digital wallet of the borrowed terminal 30. In this way, terminal 30 stores the service eligibility certificate (service eligibility certificate issued as a credential certificate) of the digital wallet holder in the digital wallet.
[0071] <Enjoying the service> When biometric information certificates and service eligibility certificates are stored in a digital wallet, users can receive services from service providers. In this process, users present the service provider with any certificates requested by the service provider or any certificates necessary for providing the service. For example, when entering a concert venue, a user presents their service eligibility certificate (ticket certificate) to the concert organizer.
[0072] The operation of the information processing system will be explained below using the example of a user entering a concert venue. A business terminal 21 is installed at the entrance of the concert venue. Employees of the concert organizer operate the business terminal 21 to determine whether or not an attendee is allowed to enter. The business terminal 21 and terminal 30 communicate using a short-range wireless communication method such as Bluetooth (registered trademark).
[0073] When a user wishes to enter the concert venue, the service provider terminal 21 requests terminal 30 to perform identity verification. For example, the service provider terminal 21 sends an "identity verification request" to terminal 30 (step S11 in Figure 8).
[0074] Upon receiving a request for identity verification, terminal 30 takes a photograph of the operator operating the device and acquires biometric information (facial image). Terminal 30 then performs identity verification using the acquired biometric information and the biometric information obtained from the biometric certificate stored in the digital wallet.
[0075] Terminal 30 transmits the identity verification result (identity verification successful, identity verification failed) to the business terminal 21 (step S12).
[0076] Upon receiving confirmation that identity verification was successful, the service provider terminal 21 requests terminal 30 to provide the information necessary to provide services to the user (service eligibility certificate).
[0077] Specifically, the service provider terminal 21 sends a "certificate provision request" to terminal 30 (step S13). This certificate provision request contains information about at least one service eligibility certificate necessary for the service provider to provide the service. For example, the certificate provision request contains information that identifies the service eligibility certificate that the service provider is requesting. For example, if the service provider terminal 21 requests a ticket certificate, the certificate provision request will include information such as the concert name, concert date and time, and concert venue.
[0078] Upon receiving a request for a certificate, terminal 30 transmits the certificate (service eligibility certificate) stored in the digital wallet to the service provider terminal 21. Specifically, terminal 30 selects the designated certificate (service eligibility certificate) from among multiple certificates stored in the digital wallet.
[0079] Subsequently, terminal 30 signs the selected service access certificate using the private key corresponding to the user's DID (User ID). Terminal 30 then transmits the signed service access certificate to the service provider terminal 21 (step S14).
[0080] The service provider terminal 21 verifies the validity of the received service access certificate. In doing so, the service provider terminal 21 obtains a public key from the blockchain (step S15). Further details regarding the verification of the validity of the service access certificate will be described later.
[0081] The service provider terminal 21 provides services to the user if terminal 30 has successfully verified the user's identity and the acquired service eligibility certificate is valid. For example, the service provider terminal 21 notifies the service provider's employees, etc., that the user is eligible to enter the concert venue.
[0082] The operation of the information processing system when a user receives a service from a service provider was explained using the example of a case where the service provider uses a service terminal 21. However, even when the service provider uses a service server 20, the basic operation of the information processing system when a user receives a service from the service provider is the same. The service server 20 requests the terminal 30 to perform identity verification. After receiving notification of successful identity verification, the service server 20 obtains the service eligibility certificate necessary for providing the service from the terminal 30.
[0083] Thus, before providing the service eligibility certificate to the service provider, terminal 30 performs identity verification using the biometric information certificate stored in the digital wallet. As a result, fraud is prevented in which an unqualified user receives services from a service provider by falsely claiming to be eligible. In other words, identity theft is prevented by simple identity verification at the time of service provision.
[0084] Next, we will describe the details of each device included in the information processing system according to the first embodiment.
[0085] [Terminal] Figure 9 shows an example of the processing configuration (processing module) of terminal 30 according to the embodiment disclosed herein. Referring to Figure 9, terminal 30 comprises a communication control unit 201, an acquisition control unit 202, a utilization control unit 203, and a storage unit 204.
[0086] The communication control unit 201 is a means for controlling communication with other devices. For example, the communication control unit 201 receives data (packets) from the server device 10. The communication control unit 201 also transmits data to the server device 10. The communication control unit 201 passes the data received from other devices to other processing modules. The communication control unit 201 transmits the data obtained from other processing modules to other devices. In this way, other processing modules send and receive data with other devices via the communication control unit 201. The communication control unit 201 has the function of a receiving unit that receives data from other devices and the function of a transmitting unit that transmits data to other devices.
[0087] Furthermore, the communication control unit 201 also supports short-range wireless communication such as Bluetooth® and NFC (Near Field Communication). The communication control unit 201 communicates with the carrier terminal 21 using short-range wireless communication.
[0088] The digital wallet application is implemented by the acquisition control module 202 and the utilization control module 203. A detailed explanation of the installation of the digital wallet application is omitted, as its installation is obvious to those skilled in the art.
[0089] The acquisition control unit 202 is a means for controlling the acquisition of credential certificates, including biometric certificates and service eligibility certificates. The acquisition control unit 202 requests the certificate issuer to issue the certificate selected by the user and stores the certificate obtained from the certificate issuer in the digital wallet.
[0090] The acquisition control unit 202 includes functions as an acquisition means and functions as a verification means.
[0091] When obtaining a biometric certificate, the acquisition method involves obtaining a biometric certificate from the certificate issuer that holds the user's biometric information. This certificate verifies the biometric information of the person who issued the certificate and includes the person's biometric information. The verification method involves performing identity verification using the biometric information obtained from the acquired biometric certificate and the user's biometric information.
[0092] When obtaining a service eligibility certificate, the means of acquisition is to obtain a service eligibility certificate from the certificate issuer, which proves that the user is eligible to receive the service. The means of verification is to perform identity verification using the biometric information obtained from the stored biometric information certificate and the user's biometric information, in accordance with the acquisition of the service eligibility certificate.
[0093] Figure 10 is a flowchart showing an example of the operation of the acquisition control unit 202. The operation of the acquisition control unit 202 according to the embodiment disclosed herein will be explained with reference to Figure 10.
[0094] When a user who has opened a digital wallet launches the digital wallet application and performs a predetermined action (for example, pressing the certificate issuance button), the acquisition control unit 202 performs control related to the acquisition of the credential certificate desired by the user.
[0095] First, the acquisition control unit 202 generates a public key and a private key pair, and a distributed identifier, which is a user ID (user's DID). The acquisition control unit 202 registers the generated user ID and public key on the blockchain (registering the public key, etc.; step S101).
[0096] Next, the acquisition control unit 202 uses a GUI or the like to acquire the information necessary for requesting the issuance of a credential certificate (acquisition of necessary information; step S102).
[0097] Specifically, the acquisition control unit 202 acquires information about the certificate issuer who has the authority to issue the credential certificate that the user wishes to have issued (e.g., company name, university name, ticket vendor name), the type of certificate desired (e.g., biometric certificate, service eligibility certificate), etc. Furthermore, the acquisition control unit 202 acquires information that the certificate issuer uses to identify the person to be certified (e.g., employee number and facial image, ticket ID, etc.).
[0098] The acquisition control unit 202 notifies the certificate issuer of the necessary information and user ID that it has acquired. Specifically, the acquisition control unit 202 notifies the certificate issuer of the type of credential certificate, information to identify the subject of certification, and the user ID.
[0099] The acquisition control unit 202 sends a "certificate issuance request" including the type of credential certificate, information identifying the subject of certification, and user ID to the server device 10 of the certificate issuer selected by the user (step S103).
[0100] The acquisition control unit 202 receives a response (affirmative response, negative response) to the certificate issuance request from the server device 10 (step S104).
[0101] If a negative response is received indicating that the issuance of the certificate failed (step S105, No branch), the acquisition control unit 202 notifies the user that the credential certificate was not issued (notification of non-issuance; step S106).
[0102] If an affirmative response indicating that the certificate has been successfully issued is received (step S105, Yes branch), the acquisition control unit 202 performs user identity verification (step S107).
[0103] If a user requests the issuance of a biometric information certificate, the acquisition control unit 202 acquires biometric information from the biometric information certificate included in the acknowledgment received from the server device 10. In other words, the acquisition control unit 202 acquires biometric information (facial image) from the credentials portion of the biometric information certificate.
[0104] If a user requests the issuance of a certificate other than a biometric certificate (such as a service eligibility certificate), the acquisition control unit 202 acquires biometric information (facial image) from the biometric certificate stored in the digital wallet.
[0105] When biometric information is obtained from a received or stored biometric information certificate, the acquisition control unit 202 acquires the biometric information of the user (operator of terminal 30). For example, the acquisition control unit 202 prompts the user to take a picture of their face using a GUI (Graphical User Interface), etc. (acquiring a facial image through a so-called selfie).
[0106] The acquisition control unit 202 performs a matching process (authentication process; one-to-one authentication) using the biometric information obtained from the biometric information certificate and the user's biometric information. The acquisition control unit 202 determines whether the two sets of biometric information are substantially identical.
[0107] Specifically, the acquisition control unit 202 generates feature quantities from each of the two face images.
[0108] Regarding the feature generation process, existing technologies can be used, so a detailed explanation will be omitted. For example, the acquisition control unit 202 extracts the eyes, nose, mouth, etc., from the face image as feature points. Then, the acquisition control unit 202 calculates the position of each feature point and the distance between each feature point as feature quantities (generating a feature vector consisting of multiple feature quantities).
[0109] Next, the acquisition control unit 202 performs a matching process (authentication process) using the two generated feature quantities. Specifically, the acquisition control unit 202 calculates the similarity between corresponding face images using the two feature quantities. Based on the result of thresholding the calculated similarity, the acquisition control unit 202 determines whether the two images are face images of the same person. The similarity can be calculated using methods such as chi-squared distance or Euclidean distance. The greater the distance, the lower the similarity, and the closer the distance, the higher the similarity.
[0110] If the similarity is greater than a predetermined value (if the distance is shorter than a predetermined value), the acquisition control unit 202 determines that identity verification has been successful. If the similarity is less than or equal to the predetermined value, the acquisition control unit 202 determines that identity verification has failed.
[0111] If identity verification fails (step S108, No branch), the acquisition control unit 202 notifies the user that the credential certificate cannot be stored in the digital wallet (notification of non-storage; step S109). The acquisition control unit 202 also discards the acquired credential certificate (biometric certificate, service eligibility certificate). If the credential certificate is discarded, the acquisition control unit 202 may also notify the server device 10, which is the source of the credential certificate, of this fact.
[0112] If identity verification is successful (step S108, Yes branch), the acquisition control unit 202 stores the credential certificate (biometric certificate, service eligibility certificate) received from the certificate issuer in the digital wallet (step S110).
[0113] The usage control unit 203 is a means for controlling the use of digital content (credential certificates) stored in the digital wallet.
[0114] The user control unit 203 performs identity verification using biometric information obtained from a biometric certificate stored in the digital wallet, and if identity verification is successful, it provides the stored service eligibility certificate to the service provider, thus functioning as a means of providing services.
[0115] The user control unit 203 performs identity verification in response to a request from the service provider and provides a certificate stored in the digital wallet that is specified by the service provider.
[0116] Specifically, the user control unit 203 processes identity verification requests and certificate provision requests received from the service provider's equipment (service server 20, business terminal 21).
[0117] Upon receiving a request for identity verification, the user control unit 203 acquires biometric information (e.g., a facial image) of the device operator using a GUI or the like. The user control unit 203 then takes a picture of the operator's face, essentially a selfie.
[0118] The usage control unit 203 performs identity verification using the acquired biometric information and the biometric information obtained from the biometric certificate stored in the digital wallet. The usage control unit 203 performs identity verification in the same manner as the acquisition control unit 202.
[0119] The user control unit 203 notifies the business terminal 21, etc., of the identity verification result (identity verification successful, identity verification failed). If identity verification is successful, the user control unit 203 sends an affirmative response to the business terminal 21, etc. If identity verification fails, the user control unit 203 sends a negative response to the business terminal 21, etc.
[0120] In this way, the user control unit 203 performs identity verification using biometric information obtained from a biometric information certificate acquired in advance and biometric information of the operator operating the device, in response to a request from the service provider.
[0121] Upon receiving a request for a certificate, the user control unit 203 selects the credential certificate (service access certificate) specified by the service provider from among the multiple credential certificates stored in the digital wallet. Subsequently, the user control unit 203 signs the selected service access certificate using the private key corresponding to the user's DID (User ID).
[0122] Furthermore, the user control unit 203 signs the service eligibility certificate using a private key (a private key corresponding to the user ID) that was generated when issuing the service eligibility certificate requested by the service provider. For example, when a user enters a concert venue, the user control unit 203 signs the ticket certificate (service eligibility certificate) using the private key corresponding to the user ID that was sent to the ticket vendor's server device 10.
[0123] If the service eligibility certificate specified by the service provider can be provided, the user control unit 203 sends an affirmative response including the signed service eligibility certificate to the service provider terminal 21, etc. If the service eligibility certificate specified by the service provider cannot be provided, the user control unit 203 sends a negative response indicating that the service eligibility certificate cannot be provided to the service provider terminal 21, etc.
[0124] The memory unit 204 is a means for storing information necessary for the operation of the terminal 30. The memory unit 204 stores certificates issued by each certificate issuer using a digital wallet.
[0125] When the acquisition control unit 202 determines that identity verification is successful, the storage unit 204 stores the biometric information certificate acquired by the acquisition control unit 202. When the acquisition control unit 202 determines that identity verification is successful, the storage unit 204 stores the service eligibility certificate acquired by the acquisition control unit 202.
[0126] Thus, the memory unit 204 stores a biometric information certificate that proves it is the biometric information of the person to whom it was issued, and a service access eligibility certificate that proves the user is qualified to receive the service.
[0127] Furthermore, the memory unit 204 stores information about each certificate issuer (such as the name of the certificate issuer and the address of the server device 10).
[0128] [Server equipment] Figure 11 is a diagram showing an example of the processing configuration (processing module) of the server device 10 according to the embodiment disclosed herein. Referring to Figure 11, the server device 10 comprises a communication control unit 301, a certificate issuing unit 302, and a storage unit 303.
[0129] The communication control unit 301 is a means for controlling communication with other devices. For example, the communication control unit 301 receives data (packets) from terminal 30. The communication control unit 301 also transmits data to terminal 30. The communication control unit 301 passes data received from other devices to other processing modules. The communication control unit 301 transmits data acquired from other processing modules to other devices. In this way, other processing modules send and receive data with other devices via the communication control unit 301. The communication control unit 301 has the function of a receiving unit that receives data from other devices and the function of a transmitting unit that transmits data to other devices.
[0130] The certificate issuing unit 302 is a means of issuing credential certificates to users. The certificate issuing unit 302 processes the "certificate issuance request" received from terminal 30.
[0131] Upon receiving a certificate issuance request, the certificate issuance unit 302 searches a database (not shown in Figure 11, etc.) that stores user information, using information to identify the subject of the certificate issuance request (for example, employee number and facial image, ticket ID) as a key.
[0132] If the above search fails (for example, if the corresponding user's facial image is not registered in the database, or if the corresponding ticket ID does not exist), the certificate issuing unit 302 sends a negative response to the terminal 30 indicating that the certificate has not been issued.
[0133] If the above search is successful, the certificate issuing unit 302 will, if necessary, determine whether or not it is possible to issue the credential certificate that the user wishes to have issued.
[0134] For example, if a request is made for the issuance of a biometric information certificate, the certificate issuing unit 302 will determine that it is not possible to issue a biometric information certificate for a facial image that has not been updated for a long period of time. However, the certificate issuing unit 302 may also determine that it is possible to issue a biometric information certificate if the facial image is registered in the database, regardless of the registration period of the facial image.
[0135] Alternatively, if the ticket purchased by the ticket purchaser is valid (for example, before the concert), the certificate issuing unit 302 will determine that it can issue a ticket certificate (service eligibility certificate). Conversely, if the concert has already taken place, the certificate issuing unit 302 will determine that it cannot issue a ticket certificate.
[0136] Detailed explanations regarding employee management and ticket management are omitted because they are outside the scope of this disclosure.
[0137] If it is not possible to issue a credential certificate to the user, the certificate issuing unit 302 sends a negative response to the terminal 30 indicating that the certificate issuance failed (certificate issuance not possible).
[0138] If it is possible to issue a credential certificate to the user, the certificate issuing unit 302 generates a certificate to be issued to the user (a credential certificate; for example, a biometric certificate, a service eligibility certificate). The certificate issuing unit 302 generates a credential certificate that includes the issuer ID and the user ID (the DID of the recipient of the certificate; the user ID included in the certificate issuance request).
[0139] Specifically, the certificate issuing unit 302 generates metadata including the type of credential certificate, the name of the issuing organization, the date and time of issuance, and the validity period, as well as the credential information itself and the credential certificate (VCs) which include the issuer's public key information and digital signature. The digital signature attached to the credential certificate is performed using a private key corresponding to the issuer ID that was generated in advance.
[0140] The certificate issuing unit 302 transmits the generated credential certificate to the terminal 30. Furthermore, the certificate issuing unit 302 registers the previously generated issuer ID and public key, etc., on the blockchain.
[0141] The storage unit 303 is a means for storing information necessary for the operation of the server device 10. A database for storing information necessary for issuing credential certificates (for example, employee numbers, facial images, etc.) is built in the storage unit 303.
[0142] [Carrier terminal] Figure 12 is a diagram showing an example of the processing configuration (processing module) of a carrier terminal 21 according to the embodiment disclosed herein. Referring to Figure 12, the carrier terminal 21 comprises a communication control unit 401, a service provision control unit 402, and a storage unit 403.
[0143] The communication control unit 401 is a means for controlling communication with other devices. For example, the communication control unit 401 receives data (packets) from terminal 30. The communication control unit 401 also transmits data to terminal 30. The communication control unit 401 passes data received from other devices to other processing modules. The communication control unit 401 transmits data acquired from other processing modules to other devices. In this way, other processing modules transmit and receive data with other devices via the communication control unit 401. The communication control unit 401 has the function of a receiving unit that receives data from other devices and the function of a transmitting unit that transmits data to other devices.
[0144] The service provision control unit 402 is a means for performing control related to the services provided to the user.
[0145] When a user requests the provision of a service, the service provision control unit 402 requests the terminal 30 to verify the user's identity. If the service provision control unit 402 successfully verifies the user's identity, it obtains the necessary identification documents (e.g., ticket certificate) for providing the service.
[0146] The operation of the service provision control unit 402 will be explained with reference to Figure 13.
[0147] The service provision control unit 402 sends an identity verification request to the user's terminal 30 (step S201). The service provision control unit 402 requests the terminal 30 to perform identity verification in response to an operation by an employee of the service provider.
[0148] When the terminal 30 receives a negative response (failure to verify identity) (step S202, No branch), the service provision control unit 402 notifies the user or the service provider's employees, etc., that the service cannot be provided because identity verification failed (step S203).
[0149] When the terminal 30 receives an affirmative response (successful identity verification) (step S202, Yes branch), the service provision control unit 402 obtains the information necessary to provide services to the user (service eligibility certificate).
[0150] Specifically, the service provision control unit 402 sends a "certificate provision request" to the terminal 30 (step S204). The service provision control unit 402 sends a certificate provision request to the terminal 30 that includes information identifying the required service qualification certificate (for example, if a ticket certificate is required for the provision of the service, information such as the concert name and the date and time of the concert).
[0151] If a negative response (inability to provide the certificate) is received from terminal 30 (step S205, No branch), the service provision control unit 402 notifies the user, etc., that it is unable to provide the service because it is unable to obtain the necessary information (step S203).
[0152] If the terminal 30 receives an acknowledgment (a response including a service eligibility certificate) (step S205, Yes branch), the service provision control unit 402 verifies the validity of the service eligibility certificate included in the acknowledgment (verify validity; step S206).
[0153] The service provision control unit 402 verifies at least one of the four items related to the validity of the service eligibility certificate.
[0154] The first item is the verification of the electronic signature attached to the service eligibility certificate.
[0155] In this case, the service provision control unit 402 obtains the issuer ID and user ID listed on the service eligibility certificate. The service provision control unit 402 obtains the public key corresponding to the obtained issuer ID from the blockchain. Similarly, the service provision control unit 402 obtains the public key corresponding to the obtained user ID from the blockchain.
[0156] The service provision control unit 402 verifies the signature of the holder (the user who wishes to receive the service) and the signature of the issuer of the service eligibility certificate. By verifying these signatures, the service provision control unit 402 confirms that the service eligibility certificate obtained from the user (the holder of the service eligibility certificate) has not been tampered with and that it is a certificate issued by a trustworthy issuer.
[0157] The service provision control unit 402 determines that the service eligibility certificate is valid if it successfully verifies the signatures of both the holder and the issuer of the service eligibility certificate.
[0158] The second item is to verify that the service eligibility certificate has not been invalidated.
[0159] In this case, the service provision control unit 402 accesses the blockchain and verifies that the received service eligibility certificate is not listed in the certificate issuer's revocation list. The service provision control unit 402 also verifies that the service eligibility certificate obtained from the user has not been invalidated by the issuer before its expiration date.
[0160] The service provision control unit 402 determines that the acquired service eligibility certificate is valid if it is not listed in the expiration list.
[0161] The third item is verification that the validity period (expiration date) of the service eligibility certificate has not expired.
[0162] The service provision control unit 402 checks the validity period set on the service eligibility certificate. If the validity period set on the service eligibility certificate has not expired, the service provision control unit 402 determines that the acquired service eligibility certificate is valid.
[0163] The fourth item is the verification of the eligibility information certified by the service eligibility certificate.
[0164] In this case, the service provision control unit 402 reads the credentials (e.g., ticket information) from the credentials contained in the service eligibility certificate and determines whether the user has the authority (qualification) to receive the service based on the credentials.
[0165] For example, the service provision control unit 402 determines that if the concert date and venue obtained from the ticket information are correct, the user has the right to receive the service (the right to enter the concert venue). Conversely, if the concert date and venue obtained from the ticket information are incorrect, the service provision control unit 402 determines that the user does not have the right to receive the service (the right to enter the concert venue).
[0166] The service provision control unit 402 determines that the acquired service eligibility certificate is valid if the user has the authority to receive the service.
[0167] The service provision control unit 402 determines that the service eligibility certificate obtained from the user is valid if it determines that the service eligibility certificate is valid in one of the predetermined items from items 1 to 4, depending on the business and type of business of the company (service provider).
[0168] For example, the service provision control unit 402 determines that the acquired service eligibility certificate is valid (accepts the service eligibility certificate) if it determines that the service eligibility certificate is valid for each of the four items. Alternatively, the service provision control unit 402 may determine that the acquired service eligibility certificate is valid if it determines that the service eligibility certificate is valid for two items, the first and the fourth items.
[0169] If the service eligibility certificate is not valid (step S207, No branch), the service provision control unit 402 notifies the user that the service cannot be provided because the service eligibility certificate is invalid (step S203).
[0170] If the service eligibility certificate is valid (step S207, Yes branch), the service provision control unit 402 provides the service to the user (step S208).
[0171] For example, the service provision control unit 402 notifies the user or the service provider's employee that they are allowed to enter the concert venue.
[0172] Further detailed explanations regarding individual service provision are omitted. This is because detailed explanations of services specific to each service provider would be inconsistent with the purpose of this disclosure.
[0173] The memory unit 403 is a means for storing information necessary for the operation of the business terminal 21.
[0174] [Service Server] A detailed explanation of the configuration and operation of the service server 20 is omitted. The basic configuration and operation of the service server 20 can be the same as that of the service provider terminal 21. The service provider terminal 21 communicates with terminal 30 via short-range wireless communication such as Bluetooth (registered trademark) to obtain credential certificates. In contrast, the service server 20 communicates with terminal 30 via a communication network such as the Internet to obtain credential certificates. The service server 20 provides services to the user once it has successfully verified the identity of terminal 30 and the validity of the credential certificate (service eligibility certificate) necessary for providing the service has been verified.
[0175] [System operation] Next, the operation of the information processing system according to the first embodiment will be described.
[0176] Figure 14 is a sequence diagram showing an example of the operation of the information processing system according to the embodiment disclosed herein. Referring to Figure 14, the operation of the information processing system according to the first embodiment concerning the issuance of certificates will be described.
[0177] Terminal 30 generates a public key, a private key, and a user ID, and registers the user ID and public key on the blockchain (step S21).
[0178] Terminal 30 sends a certificate issuance request including the above-mentioned user ID to the certificate issuer's server device 10 (step S22).
[0179] The server device 10 generates the user's (the recipient of the credential certificate) credentials and generates a credential certificate containing the generated credentials (step S23). The server device 10 generates a credential certificate that includes the user ID and issuer ID and is digitally signed.
[0180] The server device 10 sends the generated credential certificate to the terminal 30 (step S24).
[0181] Terminal 30 performs identity verification (step S25).
[0182] When a biometric information certificate is received, terminal 30 performs identity verification using the biometric information written on the received biometric information certificate and the biometric information certificate obtained by taking a selfie. When a service eligibility certificate is received, terminal 30 performs identity verification using the biometric information written on the biometric information certificate stored internally and the biometric information certificate obtained by taking a selfie.
[0183] If identity verification is successful, terminal 30 stores the credential certificate in the digital wallet (step S26).
[0184] Figure 15 is a sequence diagram showing an example of the operation of the information processing system according to the embodiment disclosed herein. Referring to Figure 15, the operation of the information processing system according to the first embodiment concerning the use of certificates will be described.
[0185] The service provider's device (operator terminal 21 in Figure 15) sends an identity verification request to terminal 30 (step S31).
[0186] Terminal 30 performs identity verification using biometric information obtained from a biometric information certificate stored in its device and biometric information obtained by photographing the operator of its device, and transmits the identity verification result to the server device 10 (step S32).
[0187] Upon receiving confirmation of successful identity verification, the service provider terminal 21 sends a certificate request to terminal 30 specifying the required service eligibility certificate (step S33).
[0188] Terminal 30 reads the service eligibility certificate specified by the service provider from its digital wallet and transmits the signed service eligibility certificate to the service provider terminal 21 (step S34).
[0189] The service provider terminal 21 determines the validity of the acquired service eligibility certificate (step S35).
[0190] If the service eligibility certificate is valid, the service provider terminal 21 provides the service to the user (step S36).
[0191] Next, a modified example of the first embodiment will be described.
[0192] <Example 1> Terminal 30 may perform identity verification of the user when the digital wallet is used for the first time, etc. In this case, terminal 30 is equipped with an identity verification unit 205 (see Figure 16).
[0193] The identity verification unit 205 is a means of verifying the identity of the digital wallet creator. The identity verification unit 205 verifies the identity of the creator of the digital wallet using biometric information obtained from the identification document and the biometric information of the creator of the digital wallet. More specifically, the identity verification unit 205 confirms that the creator of the digital wallet and the name on the identification document issued by a public institution are the same person.
[0194] The identity verification unit 205 acquires biometric information from the user's identification document when the digital wallet is opened (initial startup) or at any time of the user's choosing. For example, the identity verification unit 205 acquires biometric information from the IC (Integrated Circuit) chip embedded in a My Number Card or passport. Alternatively, the identity verification unit 205 may instruct the user to take a picture of their identification document and acquire biometric information from the image data of the identification document.
[0195] Furthermore, the identity verification unit 205 acquires the user's biometric information. For example, the identity verification unit 205 acquires a facial image through a selfie.
[0196] The identity verification unit 205 obtains biometric information from the identification document and the biometric information of the user operating the device, and then performs identity verification using the two sets of biometric information. If identity verification is successful, the identity verification unit 205 treats the name on the identification document and the user of terminal 30 as the same person and permits the user to use the digital wallet.
[0197] Terminal 30 may generate a biometric certificate using biometric information obtained when opening a digital wallet, etc. In this case, the identity verification unit 205 passes the biometric information obtained from the identification document or the biometric information obtained from a selfie to the acquisition control unit 202. The acquisition control unit 202 generates a biometric certificate using the biometric information and stores it in the digital wallet. Thus, if terminal 30 successfully verifies the user's identity using an identification document, it may generate a biometric certificate using the biometric information obtained from the identification document or the biometric information obtained from a selfie.
[0198] Alternatively, terminal 30 may transmit biometric information obtained from an identification document when opening a digital wallet, etc., to server device 10 and request server device 10 to issue a biometric certificate using the biometric information obtained from said identification document. Specifically, terminal 30 transmits a certificate issuance request to server device 10 that includes biometric information obtained from an identification document. In response to receiving the certificate issuance request, server device 10 generates a biometric certificate using the biometric information obtained from the identification document. Server device 10 transmits the generated biometric certificate to terminal 30. In this way, a biometric certificate may be issued using biometric information read by terminal 30 from an official identification document, etc., in response to user operations, instead of biometric information held by an organization such as a company or university.
[0199] <Modification 2> In the above embodiment, the case was described in which terminal 30 stores biometric information written on a biometric information certificate obtained from a company or the like in its digital wallet. However, terminal 30 may also store biometric information obtained from an identification document such as a My Number Card or passport in its digital wallet.
[0200] When the acquisition control unit 202 receives a biometric information certificate from a server device 10 of a company or other organization, it acquires the biometric information (facial image) contained in the biometric information certificate. The acquisition control unit 202 performs a one-to-one match using the biometric information stored when the digital wallet was opened (biometric information obtained from an identification card issued by a public institution) and the biometric information obtained from the biometric information certificate.
[0201] If a one-to-one match is successful (i.e., the two biometric data are substantially the same), the acquisition control unit 202 stores the biometric data certificate in the digital wallet.
[0202] Alternatively, when the service provider requests identity verification from the terminal 30, the user control unit 203 may perform identity verification using biometric information obtained from an identification document (biometric information stored when the digital wallet was opened).
[0203] <Variation 3> The server device 10, upon receiving a request for the issuance of a biometric certificate, may perform identity verification of the user. When requesting the issuance of a biometric certificate, the terminal 30 sends a certificate issuance request to the server device 10, for example, which includes image data of an identification document held by the user.
[0204] The certificate issuing unit 302 of the server device 10 extracts biometric information from image data of an identification card. The certificate issuing unit 302 then performs a one-to-one match between the extracted biometric information and biometric information managed in the company's database (biometric information of employees identified by employee numbers, etc.).
[0205] If a one-to-one match is successful (i.e., the two biometric information sets are substantially the same), the certificate issuing unit 302 issues a biometric information certificate using one of the two biometric information sets.
[0206] <Modification 4> A service provider may obtain a biometric certificate from terminal 30 when providing services to a user. For example, a ticket vendor may obtain a biometric certificate when selling tickets.
[0207] In this case, the ticket vendor's service server 20 specifies a biometric certificate as the certificate required to provide the service and sends a certificate request to the terminal 30.
[0208] The service server 20 obtains a biometric certificate from the terminal 30 upon transmission of a certificate request. The service server 20 verifies the validity of the obtained biometric certificate. After verifying the validity of the biometric certificate, the service server 20 obtains biometric information (e.g., a facial image) from the certificate. The service server 20 stores the obtained facial image. For example, a ticket vendor's service server 20 stores the ticket information and facial image in association with the user's account.
[0209] The service server 20 can use the acquired biometric information to provide services to users. For example, the service server 20 may issue tickets with facial images attached.
[0210] Furthermore, if the ticket vendor acts as the issuer of the ticket certificate, the service server 20 operates as the server device 10. In this case, the service server 20 (server device 10) may issue a ticket certificate (service access certificate) to the user that includes the ticket purchaser's facial image as credentials.
[0211] If a ticket certificate with a facial image (facial information) is obtained (a service eligibility certificate including facial information), the acquisition control unit 202 of terminal 30 may perform identity verification using the biometric information obtained from the ticket certificate with facial information and the biometric information obtained from a selfie. If identity verification is successful, the acquisition control unit 202 may store the ticket certificate with facial information in a digital wallet.
[0212] Alternatively, the user may obtain a ticket certificate from the ticket vendor (the vendor's server device 10) and then provide the biometric certificate to the ticket vendor. After successfully verifying the validity of the obtained biometric certificate, the service server 20 may store the biometric information contained in the biometric certificate in the account.
[0213] <Modification 5> In the above embodiment, it was explained that the identity verification results are provided from the user to the service provider by communication means such as the internet or Bluetooth®. However, the identity verification results may also be provided from the user to the service provider (business terminal 21) by displaying them on the screen of terminal 30.
[0214] For example, when providing a service to a user, the service provider's employees inform the user (verbally) that identity verification is required to receive the service. The user operates terminal 30 and performs a predetermined action (for example, pressing the identity verification button). Terminal 30 performs the identity verification described above in response to the user's operation.
[0215] Terminal 30 displays the identity verification result (identity verification successful, identity verification failed). Employees of the service provider check the displayed identity verification result and decide whether or not to continue providing the service to the user.
[0216] Alternatively, if the terminal 30 successfully verifies the user's identity, it may display the biometric information (facial image) used for verification along with the verification result (see Figure 17). In this case, the terminal 30 may employ a screenshot prevention and detection mechanism such as a countdown timer. This operation by the terminal 30 prevents fraudulent use by a user who has successfully verified their identity and then hands the terminal 30 over to another person.
[0217] <Variation 6> Not only the identity verification results, but also the service eligibility certificate (credential certificate) may be provided from the user to the service provider by means other than communication methods such as the internet or Bluetooth®. For example, the service eligibility certificate may be provided from the user (terminal 30) to the service provider (business terminal 21) using means such as a two-dimensional barcode (see Figure 18).
[0218] For example, once the user's identity has been successfully verified, an employee of the service provider will provide the user with the necessary identification document to receive the service. The user operates terminal 30 to select the provided service eligibility certificate (ticket certificate). Terminal 30 signs the selected service eligibility certificate and converts the signed service eligibility certificate into a 2D barcode. Terminal 30 then displays the 2D barcode.
[0219] Employees of the service provider operate the service provider terminal 21 to read a 2D barcode and decode the 2D barcode to obtain a service eligibility certificate.
[0220] <Example 7> When the user's terminal 30 receives an identity verification request from the service provider's equipment (service server 20, service provider terminal 21), it may determine the validity of the biometric certificate (biometric certificate stored in a digital wallet) from which the biometric information is read.
[0221] The user's terminal 30 may determine whether the biometric certificate used for identity verification has not expired, and whether the biometric certificate is not registered on the revocation list. If the biometric certificate is valid, the terminal 30 may read the biometric information from the certificate and perform identity verification.
[0222] Thus, the user control unit 203 of the terminal 30 may verify the validity of the biometric certificate stored in the digital wallet, and if the stored biometric certificate is valid, it may perform identity verification.
[0223] <Differentiation Example 8> The above embodiment describes a case in which a service provider verifies the validity of a service eligibility certificate obtained from a user. Here, all or part of the verification of the validity of the service eligibility certificate may be performed at terminal 30.
[0224] For example, among the four verification items, terminal 30 may verify that the service eligibility certificate specified by the service provider is not registered in the revocation list and that the validity period of the said service eligibility certificate has not expired. If terminal 30 fails these verifications, it may notify the service provider (operator terminal 21, service server 20) that it cannot provide the service eligibility certificate specified by the service provider. Specifically, if terminal 30 fails the above verifications, it may send a negative response to the certificate provision request.
[0225] Thus, the usage control unit 203 may verify the validity of the service eligibility certificate stored in the digital wallet, and if the stored service eligibility certificate is valid, it may provide the service eligibility certificate to the service provider.
[0226] Alternatively, the user control unit 203 may notify the service provider of the result of its determination of the validity of the service eligibility certificate (ticket certificate) (whether the service eligibility certificate is valid or invalid). The user control unit 203 may notify the service provider of the determination result using a short-range wireless communication means such as Bluetooth®. Alternatively, the user control unit 203 may notify the service provider of the determination result of the validity of the service eligibility certificate by displaying it on a screen or the like. For example, the user control unit 203 may display as shown in Figure 19. The user presents the terminal 30 with the display shown in Figure 19 to an employee of the service provider. In this way, the terminal 30 may determine the validity of the service eligibility certificate and notify the service provider of the result. Furthermore, as shown in Figure 19, the terminal 30 may notify the service provider of both the result of identity verification and the result of the determination of the validity of the service eligibility certificate simultaneously.
[0227] <Modification 9> In the above embodiment, the case was described in which the service provider (service server 20, business terminal 21) requests the terminal 30 to perform identity verification and then requests the terminal 30 to provide a service eligibility certificate. However, the service provider's equipment (service server 20, business terminal 21) may also request the terminal 30 to submit the identity verification result and the service eligibility certificate simultaneously.
[0228] Specifically, the service provider terminal 21 does not send an identity verification request, but instead sends a certificate provision request to terminal 30. Upon receiving the certificate provision request, terminal 30 performs identity verification of the user. If identity verification is successful, terminal 30 sends the service eligibility certificate specified by the service provider to the service provider terminal 21.
[0229] Thus, terminal 30 may perform identity verification using biometric information obtained from a biometric certificate, even if the service provider (service server 20, business terminal 21) does not explicitly request identity verification. If terminal 30 successfully verifies the user's identity, it provides the service provider with a service eligibility certificate designated by the service provider.
[0230] <Variation 10> In the above embodiment, it was explained that user identity verification is performed on terminal 30. However, this identity verification may also be performed on the service provider's equipment (service server 20, service provider terminal 21).
[0231] In this case, the operator terminal 21, etc., sends a "biometric information request" to terminal 30 instead of an identity verification request.
[0232] Upon receiving a request for biometric information, terminal 30 transmits the biometric information obtained from the biometric information certificate and the biometric information obtained from the user's selfie to the business operator terminal 21, etc.
[0233] Alternatively, terminal 30 may transmit the biometric information certificate stored in the digital wallet and the biometric information obtained by taking a selfie to the business terminal 21 or the like.
[0234] The service provider terminal 21, etc., uses the two biometric pieces of information it has acquired to perform identity verification. If the identity verification is successful, it requests the terminal 30 to provide the service eligibility certificate.
[0235] Alternatively, if the service is provided by the service provider terminal 21, the service provider terminal 21 may take a photograph of the user (the owner of terminal 30) to obtain biometric information. In this case, terminal 30 should, in response to the biometric information request received from the service provider terminal 21, transmit the biometric information certificate (or the biometric information obtained from the certificate) stored in the digital wallet to the service provider terminal 21.
[0236] The service provider terminal 21 can perform identity verification using the facial image obtained by photographing the user in front of it and the facial image of the biometric information certificate obtained from terminal 30. After successful identity verification, the service provider terminal 21 sends a request for certificate provision to terminal 30.
[0237] Alternatively, terminal 30 may display the biometric information (facial image) contained in the biometric information certificate in response to a request for biometric information. Employees of the service provider may verify the identity of the user by comparing the facial image displayed on terminal 30's screen with the face of the user in front of them.
[0238] <Variation 11> The acquisition control unit 202 of terminal 30 may determine the validity of the acquired biometric certificate when it has been acquired from the certificate issuer. If the acquired biometric certificate is valid, the acquisition control unit 202 may store the acquired biometric certificate in the digital wallet. For example, if the validity period of the acquired biometric certificate has not expired and the biometric certificate is not registered in the revocation list, the acquisition control unit 202 may accept the biometric certificate received from the server device 10.
[0239] As described above, when the terminal 30 according to the first embodiment obtains a biometric certificate, it performs identity verification using the biometric information certified by the certificate and the biometric information of the terminal 30 user (operator). If identity verification is successful, the terminal 30 accepts the biometric certificate obtained from the certificate issuer. As a result, even if a user operates their own terminal 30 to request the issuance of another person's biometric certificate and obtains that other person's biometric certificate, that other person's biometric certificate will not be stored in the terminal 30. In other words, since the biometric information of the terminal 30 user and the biometric certificate of another person are different, fraudulent activity such as a user storing another person's biometric certificate in their digital wallet is prevented.
[0240] Furthermore, when terminal 30 obtains a service eligibility certificate from the certificate issuer, it performs identity verification using a previously obtained biometric information certificate. This identity verification confirms the identity of the user who received the biometric information certificate and the user of terminal 30. As a result, fraud is prevented, such as a user borrowing another person's terminal 30 and storing the certificate of purchase (service eligibility certificate) of the borrowed terminal 30 in its digital wallet.
[0241] Furthermore, when a user receives a service, terminal 30 performs identity verification using a biometric certificate stored in the digital wallet. If the identity verification is successful, terminal 30 provides the service provider with a service eligibility certificate. As a result, it is prevented for a user who is not eligible to receive the service to borrow terminal 30 from another person, which has that person's service eligibility certificate stored on it, and receive the service from the service provider. In this way, terminal 30 prevents the fraudulent use (impersonation) of the service eligibility certificate stored in the digital wallet by performing identity verification.
[0242] [Second Embodiment] Next, a second embodiment will be described in detail with reference to the drawings.
[0243] In the second embodiment, the omission of identity verification using biometric information obtained from a biometric information certificate will be described. The terminal 30 according to the second embodiment provides a simple means of identity verification (alternative means of identity verification) that replaces identity verification using a biometric information certificate when presenting a service eligibility certificate.
[0244] Note that the configuration of the authentication system according to the second embodiment can be the same as that of the first embodiment, so the explanation corresponding to Figure 3 is omitted. Also, the processing configuration of the server device 10, business terminal 21, terminal 30, etc. according to the second embodiment can be the same as that of the first embodiment, so the explanation is omitted.
[0245] The following will focus on explaining the differences between the first and second embodiments.
[0246] If the terminal 30 is frequently requested to verify the identity of the service provider, it may perform other simplified identity verification methods instead of performing identity verification using a biometric certificate (formal identity verification) in response to such requests. The terminal 30 may omit formal identity verification using biometric information by performing simplified identity verification.
[0247] As a simple method of identity verification, password-based verification is given as an example. For instance, consider a case where terminal 30 has a password set to unlock it.
[0248] When the service provider requests identity verification, the user control unit 203 of terminal 30 determines whether or not predetermined conditions for omitting regular identity verification (identity verification omission conditions) are met.
[0249] For example, one of the conditions for waiving identity verification is "receiving an identity verification request from the same service provider within a specified period after successfully completing legitimate identity verification." For instance, for one hour after successful identity verification, legitimate identity verification can be waived for identity verification requests from the same service provider.
[0250] In addition, the service provider's equipment (service server 20, business terminal 21) according to the second embodiment notifies the terminal 30 of a business ID for identifying the service provider when a request for identity verification or provision of certificates is made. The terminal 30 uses the business ID to determine whether or not the request for identity verification was made by the same service provider.
[0251] When a service provider requests identity verification, the user control unit 203 of terminal 30 performs legitimate identity verification, and if successful, notifies the service provider accordingly. Subsequently, if the same service provider requests identity verification again before a predetermined time has elapsed since the successful legitimate identity verification, the user control unit 203 omits the legitimate identity verification.
[0252] The user control unit 203 performs a simpler form of identity verification in place of formal identity verification. For example, the user control unit 203 verifies identity by requiring password input (see Figure 20). If password authentication using a password is successful, the user control unit 203 notifies the service provider of the successful identity verification.
[0253] Thus, the user control unit 203 functions as a verification means that, in response to a request for identity verification from the service provider, performs a first identity verification using biometric information obtained from a biometric information certificate and notifies the service provider of the result of the first identity verification. When the service provider requests identity verification again, the user control unit 203 (verification means) performs a second identity verification different from the first identity verification and notifies the service provider of the result of the second identity verification.
[0254] The user control unit 203 may perform a second identity verification in place of the first identity verification if predetermined conditions are met. For example, if the user control unit 203 receives a request from the service provider to perform identity verification again before a predetermined time has elapsed since the success of the first identity verification, it may perform a second identity verification in place of the first identity verification.
[0255] Alternatively, as a simplified form of identity verification, an example is identity verification using a biometric authentication device provided by terminal 30. For example, a fingerprint reader can be used for other simplified forms of identity verification. For instance, fingerprint authentication may be applied to unlock terminal 30. In this case, the user control unit 203 will perform identity verification using fingerprint authentication if the same service provider requests identity verification before a predetermined time has elapsed since the successful use of a regular identity verification certificate, similar to the case where a password is set on terminal 30.
[0256] Furthermore, various conditions can be set for the user control unit 203 to perform other simplified identity verification (identity verification omission conditions). For example, as described above, if identity verification is requested before a predetermined time has elapsed since successful identity verification using a biometric information certificate (for example, before 1 hour has elapsed), other simplified identity verification may be performed.
[0257] Alternatively, a period during which the original identity verification can be omitted may be set depending on the number of times identity verification using a biometric certificate is successful within a predetermined period. For example, if identity verification using a biometric certificate is successful three or more times within three hours, the user control unit 203 may perform a simplified identity verification for one hour from the third successful verification (the original identity verification is omitted for one hour).
[0258] Alternatively, the user control unit 203 may change the number of times that identity verification using a biometric certificate is successful during the predetermined period for which formal identity verification is omitted, depending on the service provider. For example, the number of times that formal identity verification is omitted for service A may be set to "3", and the number of times that formal identity verification is omitted for service B may be set to "5".
[0259] Thus, the user control unit 203 may perform a second identity verification in place of the first identity verification during a second period, which is determined according to the number of successful first identity verifications performed during the first period. In this case, each of the multiple service providers may be given a predetermined number of successful first identity verifications during the first period for setting the second period.
[0260] Alternatively, the service provider may notify terminal 30 of the conditions under which formal identity verification can be omitted (identity verification omission conditions). For example, when the service provider terminal 21 sends an identity verification request to terminal 30, it may notify terminal 30 of the identity verification omission conditions.
[0261] <Specific example> The operation of the information processing system according to the second embodiment will be described in detail.
[0262] For example, as shown in Figure 21, a vendor terminal 21-1 is installed at the entrance of the concert venue. Additionally, a vendor terminal 21-2 is installed at the concession stand inside the concert venue.
[0263] When entering the concert venue, users present their ticket certificate (service eligibility certificate) to the service provider terminal 21-1. Users also purchase goods at the concession stand and provide electronic money (electronic money account ID) stored in their digital wallet and credit card information to the service provider terminal 21-2.
[0264] Users will perform identity verification upon request from vendor terminals 21-1 and 21-2 when entering the concert venue and when purchasing goods at the concession stand. Note that vendor terminals 21-1 and 21-2 are assigned the same vendor ID.
[0265] When a user first enters the concert venue, terminal 30 performs formal identity verification (identity verification using a biometric certificate). When a user purchases goods at a shop, if the conditions for waiving identity verification are met, terminal 30 waives formal identity verification and performs a simplified identity verification (for example, password authentication).
[0266] Alternatively, when the user exits the concert venue and re-enters the concert venue, the user re-submits the ticket proof certificate to the operator terminal 21-1. At this time, if the conditions for omitting the identity verification are satisfied, the terminal 30 omits the regular identity verification and performs other simple identity verifications.
[0267] Next, a modification example according to the second embodiment will be described.
[0268] <Modification Example 1> When the conditions for omitting the identity verification are satisfied, the terminal 30 may also omit the execution of the simple identity verification. Alternatively, conditions for omitting the simple identity verification (conditions for completely omitting the identity verification) may be set in the terminal 30.
[0269] For example, the simple identity verification may also be omitted for a very short period (for example, 3 minutes) after a successful regular identity verification. Alternatively, the simple identity verification may be omitted for a predetermined period after the simple identity verification is executed.
[0270] <Modification Example 2> The conditions for omitting the identity verification (or the conditions for completely omitting the identity verification) may include conditions using the location information of the terminal 30. For example, when the identity verification is requested from the same service provider within a predetermined range centered on the location where the regular identity verification was successful, the terminal 30 may substitute the second and subsequent identity verifications with simple identity verifications.
[0271] Alternatively, the identity verification omission conditions may be configured by combining the location information of the terminal 30 and the temporal elements of the regular identity verification. For example, the terminal 30 may omit the regular identity verification and perform a simplified identity verification within a predetermined range and within a predetermined time after a successful regular identity verification.
[0272] The identity verification omission conditions are determined according to the service content of the service provider, the business form, the content of the service enjoyment qualification certificate handled, and the like.
[0273] <Modification Example 3> The initial legitimate identity verification (first identity verification) described above may be performed using a combination of multiple authentication methods. For example, legitimate identity verification may be performed using a combination of biometric authentication using a biometric certificate and password authentication using a password. In other words, the initial legitimate identity verification may be performed using multimodal authentication, which combines two or more authentication methods. In this case, the simplified identity verification (second identity verification) performed from the second time onward may be performed using a single authentication method (single-modal authentication), such as biometric authentication using a biometric certificate or password authentication. Furthermore, if the legitimate identity verification is performed using multimodal authentication, the simplified identity verification may be omitted. Also, if the legitimate identity verification is performed using single-modal authentication, the simplified identity verification may be omitted.
[0274] <Modification 4> In the second embodiment, a case was described in which formal identity verification is performed first, and then, if certain conditions are met, a simplified identity verification is performed. However, formal and simplified identity verification may be performed in the reverse order. That is, depending on the service and business type provided by the service provider, it may be preferable to perform simplified identity verification first, followed by formal identity verification. In such cases, terminal 30 may perform simplified identity verification first, and then formal identity verification.
[0275] Alternatively, the service provider's equipment (service server 20, service provider terminal 21) may notify terminal 30 of the order in which formal identity verification and simplified identity verification will be performed. In this case, the service provider's equipment may also notify terminal 30 of the conditions for switching the identity verification method.
[0276] As described above, when the terminal 30 of the second embodiment is requested to verify the identity of a service provider, it performs a formal identity verification using biometric information acquired in advance. The terminal 30 notifies the service provider of the result of the formal identity verification. If the service provider requests identity verification again and certain conditions are met, the terminal 30 performs a simplified identity verification different from the formal identity verification. The terminal 30 notifies the service provider of the result of the simplified identity verification. As a result, even if the same service provider repeatedly requests identity verification, the user only needs to perform a simplified identity verification. In other words, the burden on users who enjoy services that require identity verification is reduced.
[0277] Next, we will describe the hardware of each device that makes up the information processing system. Figure 22 shows an example of the hardware configuration of terminal 30.
[0278] Terminal 30 can be configured using an information processing device (a so-called computer), and has the configuration illustrated in Figure 22. For example, terminal 30 includes a processor 311, memory 312, input / output interface 313, and communication interface 314, etc. The components of the processor 311, etc. are connected by an internal bus or the like and are configured to communicate with each other.
[0279] However, the configuration shown in Figure 22 is not intended to limit the hardware configuration of terminal 30. Terminal 30 may include hardware not shown, and may not have an input / output interface 313 if necessary. Also, the number of processors 311 etc. included in terminal 30 is not intended to be limited to the example in Figure 22; for example, terminal 30 may include multiple processors 311.
[0280] The processor 311 is a programmable device such as a CPU (Central Processing Unit), MPU (Micro Processing Unit), or DSP (Digital Signal Processor). Alternatively, the processor 311 may be a device such as an FPGA (Field Programmable Gate Array) or ASIC (Application Specific Integrated Circuit). The processor 311 executes various programs, including an operating system (OS).
[0281] Memory 312 includes RAM (Random Access Memory), ROM (Read Only Memory), HDD (Hard Disk Drive), SSD (Solid State Drive), etc. Memory 312 stores the OS program, application programs, and various data.
[0282] The input / output interface 313 is an interface for a display device or input device (not shown). The display device is, for example, a liquid crystal display. The input device is, for example, a device that accepts user input such as a keyboard or mouse.
[0283] The communication interface 314 is a circuit, module, etc., that communicates with other devices. For example, the communication interface 314 includes a NIC (Network Interface Card), etc.
[0284] The functions of terminal 30 are realized by various processing modules. These processing modules are realized, for example, by the processor 311 executing a program stored in memory 312. The program can also be recorded on a computer-readable storage medium. The storage medium can be a non-transitory medium such as semiconductor memory, hard disk, magnetic recording medium, or optical recording medium. In other words, the present invention can also be embodied as a computer program product. Furthermore, the program can be downloaded via a network or updated using the storage medium on which the program is stored. Moreover, the processing module may be realized by a semiconductor chip.
[0285] Furthermore, the server device 10, service server 20, and carrier terminal 21 can also be configured using information processing devices, similar to terminal 30. Since their basic hardware configurations are identical to those of terminal 30, a detailed explanation is omitted.
[0286] The terminal 30, which is an information processing device, is equipped with a computer, and its functions can be realized by having the computer execute a program. Furthermore, the terminal 30 executes a control method for the terminal 30 using this program. Similarly, the server device 10 is equipped with a computer, and its functions can be realized by having the computer execute a program. Furthermore, the server device 10 executes a control method for the server device 10 using this program.
[0287] [Differentiation] The configuration and operation of the information processing system described in the above embodiment are illustrative examples and are not intended to limit the system configuration.
[0288] In the above embodiment, the case was described in which the certificate issuer's server device 10 issues a credential certificate that does not require a Certificate Authority for verification. However, the server device 10 may also issue a certificate that requires a Certificate Authority (a public key infrastructure-based certificate).
[0289] In the above embodiment, mainly taking the biometric information certificate related to the "face" as an example, the operation of the information processing system and the like were explained. Naturally, the information processing system can handle biometric information certificates related to biometric information other than the face. For example, the terminal 30 may acquire biometric information certificates (fingerprint VCs, voiceprint VCs) related to biometric information such as fingerprints and voiceprints, and store them in the digital wallet. Alternatively, when the user enjoys the service, the terminal 30 may perform identity verification using biometric information certificates such as fingerprints and voiceprints.
[0290] The terminal 30 may acquire biometric information certificates related to the same biometric information from different certificate issuers, and store a plurality of biometric information certificates that prove the same biometric information in the digital wallet. For example, the terminal 30 may acquire biometric information certificates related to the face from each of the certificate issuers A and B.
[0291] Alternatively, the terminal 30 may acquire biometric information certificates related to different types of biometric information from the same certificate issuer, and store the biometric information certificates related to different biometric information acquired from the same certificate issuer in the digital wallet. For example, the terminal 30 may acquire a biometric information certificate related to the face and a biometric information certificate related to the fingerprint from the certificate issuer A.
[0292] The device of the service provider (service server 20, business operator terminal 21) may specify the biometric information certificate used by the terminal 30 for identity verification. For example, the business operator terminal 21 or the like may instruct to perform identity verification using a biometric information certificate related to the face (face VCs). In this case, the business operator terminal 21 or the like may send an identity verification request including the type of biometric information to the terminal 30.
[0293] Terminal 30 may notify the service provider's devices (service server 20, business terminal 21) of information (detailed information) regarding the biometric certificate used for identity verification. For example, terminal 30 may transmit information such as the type of biometric information certified by the biometric certificate and the issuer of the biometric certificate, along with the results of identity verification, to the business terminal 21. Even if the identity verification result is successful, the business terminal 21 may refuse to provide services to the user depending on the type of information used for identity verification and the issuer of the biometric certificate. The business terminal 21 may also refuse identity verification results that do not meet its own security policies. For example, when service providers such as financial institutions and insurance companies provide services related to account opening or insurance applications, they may require identity verification using biometric certificates issued by public institutions, such as passports or My Number cards, rather than biometric certificates issued by private companies. Thus, depending on the content of the services that the service provider provides to the user, conditions regarding the issuer of the biometric certificate may be set.
[0294] Terminal 30 may implement controls depending on the issuer of the biometric certificate when it obtains a service eligibility certificate from the certificate issuer or provides it to a service provider. For example, terminal 30 may not be able to provide a service eligibility certificate (ticket certificate) to a service provider unless it succeeds in verifying the user's identity using a biometric certificate issued by a trusted issuer.
[0295] The above embodiments mainly described the utilization of biometric information certificates and service eligibility certificates. In the information processing system disclosed in this application, identity certificates can also be utilized in the same way as service eligibility certificates. For example, when terminal 30 receives an identity certificate from the certificate issuer, it may perform identity verification using a biometric information certificate. Similar to service eligibility certificates, terminal 30 may store the acquired identity certificate in a digital wallet if it succeeds in identity verification using a biometric information certificate.
[0296] Alternatively, terminal 30 may perform identity verification using a biometric certificate when providing an identity document to the service provider. In this case as well, terminal 30 may provide the service provider with the identity document stored in the digital wallet if it succeeds in identity verification using the biometric certificate, similar to the service eligibility certificate.
[0297] Terminal 30 may obtain the user's consent regarding the provision of the service eligibility certificate before providing the service eligibility certificate to the service provider. In this case, terminal 30 may obtain consent regarding the submission of the service eligibility certificate while clearly indicating the service eligibility certificate that has been requested.
[0298] In the above embodiment, the case in which the usage control unit 203 of the terminal 30 selects a service eligibility certificate designated by the service provider was described. However, the user themselves may operate the terminal 30 to select a service eligibility certificate designated by the service provider. For example, if the user is verbally informed by an employee of the service provider of the service eligibility certificate necessary to receive the required service, the usage control unit 203 may display a list of service eligibility certificates stored in the digital wallet in response to the user's operation. The usage control unit 203 may enable the user to select a service eligibility certificate by displaying a list of service eligibility certificates.
[0299] A biometric information certificate may include not only the biometric information certified by the certificate issuer, but also the personal information of the recipient (for example, basic information such as name, gender, date of birth, and address).
[0300] In the above embodiment, the case in which a user (terminal 30) requests the issuance of a biometric information certificate from an organization or group such as a company or university was described. However, terminal 30 may also request the issuance of a biometric information certificate from a server device 10 of a public institution that stores the user's biometric information. Alternatively, terminal 30 may request the issuance of a biometric information certificate from a public institution if it is unable to obtain one from a company or other organization.
[0301] The service provider may request only the terminal 30 to perform identity verification. For example, when providing a service to a user, if it is sufficient to confirm that the user belongs to a company or university, the service provider may only request the terminal 30 to perform identity verification. The service provider may then determine that the user who has successfully verified their identity belongs to some organization and may provide the service.
[0302] When terminal 30 sends a certificate issuance request to the certificate issuer's server device 10, it may sign the information included in the certificate issuance request using the private key corresponding to the public key registered on the blockchain. The certificate issuance unit 302 of server device 10 may use successful signature verification as a condition for issuing a certificate (credential certificate).
[0303] The acquisition control unit 202 of terminal 30 may notify the user of the fact that a credential certificate has been issued when it has acquired one from the server device 10. The acquisition control unit 202 may also verify the signature attached to the credential certificate acquired from the certificate issuer. In this case, the acquisition control unit 202 acquires the public key corresponding to the issuer ID written on the credential certificate from the blockchain. The acquisition control unit 202 uses the acquired public key to verify the signature attached to the credential certificate. The acquisition control unit 202 may set successful signature verification as a condition for storing the credential certificate in the digital wallet.
[0304] Some functions of terminal 30 may be implemented in other devices or equipment. More specifically, it is sufficient if the "acquisition control unit (acquisition control means)", "utilization control unit (utilization control means)", etc. described above are implemented in any of the devices included in the system.
[0305] The form of data transmission and reception between each device (for example, server device 10, terminal 30) is not particularly limited, but the data transmitted and received between these devices may be encrypted. Personal information of users is transmitted and received between these devices, and it is desirable that encrypted data be transmitted and received in order to properly protect this information.
[0306] In the flowcharts (sequence diagrams) used in the above description, multiple processes (processes) are shown in order, but the execution order of the processes performed in the embodiment is not limited to the order in which they are shown. In the embodiment, the order of the illustrated processes can be changed to the extent that it does not impair the content, for example, by executing each process in parallel.
[0307] The embodiments described above are explained in detail to facilitate understanding of the disclosure, and it is not intended that all the configurations described above are necessary. Furthermore, when multiple embodiments are described, each embodiment may be used individually or in combination. For example, it is possible to replace parts of the configuration of one embodiment with those of another embodiment, or to add configurations from other embodiments to the configuration of one embodiment. In addition, it is possible to add, delete, or replace parts of the configuration of one embodiment with those of another.
[0308] As described above, the industrial applicability of the present invention is clear, and it is particularly applicable to information processing systems, etc., that include service providers who provide services to users using certificates stored in a digital wallet.
[0309] Some or all of the above embodiments may also be described as follows, but are not limited to the following:
[0310] [Note 1] An acquisition means for obtaining a biometric information certificate, which certifies the biometric information of the recipient and includes the biometric information of the recipient, from a certificate issuer that holds the user's biometric information. A verification means that performs identity verification using the biometric information obtained from the acquired biometric information certificate and the biometric information of the user, If the aforementioned identity verification is determined to be successful, a storage means for storing the acquired biometric information certificate is provided. A terminal equipped with the following features. [Note 2] The verification means is the terminal described in Appendix 1, which performs the identity verification using the biometric information obtained from the acquired biometric information certificate and the biometric information obtained by photographing the user. [Note 3] The acquisition means is a terminal as described in Appendix 2, which acquires the biometric certificate by transmitting a certificate issuance request containing information identifying the recipient of the biometric certificate to the certificate issuer. [Note 4] The acquisition means is a terminal as described in Appendix 3, which transmits the certificate issuance request, including the type of biometric information to be certified by the biometric information certificate, to the certificate issuer. [Note 5] The acquisition means is the terminal described in Appendix 4, which acquires the biometric information certificate as a credential certificate from the certificate issuer. [Note 6] The acquisition means is a terminal described in any one of the appendices 1 to 5 for acquiring the biometric information certificate relating to a person's face. [Note 7] The storage means is a terminal according to any one of the appendices 1 to 5, which stores the acquired biometric information certificate in a digital wallet. [Note 8] The acquisition means is the terminal described in Appendix 7, which stores the acquired biometric certificate in the digital wallet when the acquired biometric certificate is valid. [Note 9] The aforementioned biometric certificate is generated using biometric information obtained from the official identification document of the person to whom the certificate was issued, using the terminal described in Appendix 8. [Note 10] A server device managed by the certificate issuer that holds the user's biometric information, The device and Includes, The aforementioned terminal is An acquisition means for acquiring a biometric certificate from the server device, which is a certificate that proves the biometric information of the person to be issued, and which includes the biometric information of the person to be issued. A verification means that performs identity verification using the biometric information obtained from the acquired biometric information certificate and the biometric information of the user, If the aforementioned identity verification is determined to be successful, a storage means for storing the acquired biometric information certificate is provided. A system equipped with these features. [Note 11] On the device, Obtaining a biometric information certificate from a certificate issuer that holds the user's biometric information, which certifies the biometric information of the person to whom the certificate was issued, and which includes the biometric information of the person to whom the certificate was issued, The biometric information obtained from the acquired biometric certificate and the user's biometric information are used to verify the user's identity. A terminal control method that, upon determining that the aforementioned identity verification is successful, stores the acquired biometric information certificate. [Note 12] On the computer installed in the terminal, A process of obtaining a biometric information certificate from a certificate issuer that holds the user's biometric information, which is a certificate that certifies the biometric information of the person to whom the certificate is issued and includes the biometric information of the person to whom the certificate is issued, A process to perform identity verification using the biometric information obtained from the acquired biometric certificate and the user's biometric information, If the aforementioned identity verification is determined to be successful, the process of storing the acquired biometric information certificate is performed, A program to execute.
[0311] Furthermore, some or all of the configurations described in Appendices 2 to 9, which are dependent on Appendice 1 above, may also be dependent on Appendices 10, 11, and 12 in the same way as those described in Appendices 2 to 9. Moreover, not limited to Appendices 1, 10, 11, and 12, some or all of the configurations described as appendices may also be dependent on various hardware, software, various recording means for recording software, or systems, without departing from the embodiments described above.
[0312] Furthermore, each disclosure of the above-mentioned prior art documents cited herein is incorporated herein by reference. Although embodiments of the present invention have been described above, the present invention is not limited to these embodiments. It will be understood by those skilled in the art that these embodiments are merely illustrative and that various modifications are possible without departing from the scope and spirit of the present invention. That is, the present invention naturally includes the entire disclosure, including the claims, and various modifications and alterations that can be made by those skilled in the art in accordance with the technical idea. [Explanation of Symbols]
[0313] 10 Server devices 20 Service Servers 21. Carrier terminals 21-1 Carrier terminal 21-2 Carrier terminals 30 devices 100 devices 101 Acquisition method 102 Verification methods 103 Memory means 201 Communication Control Unit 202 Acquisition Control Unit 203 User Control Unit 204 Storage section 205 Identity Verification Department 301 Communication Control Unit 302 Certificate Issuance Department 303 Storage section 311 Processors 312 memory 313 Input / Output Interfaces 314 Communication Interface 401 Communication Control Unit 402 Service Provisioning Control Unit 403 Storage section
Claims
1. An acquisition means for obtaining a biometric information certificate, which certifies the biometric information of the recipient and includes the biometric information of the recipient, from a certificate issuer that holds the user's biometric information. A verification means that performs identity verification using the biometric information obtained from the acquired biometric information certificate and the biometric information of the user, If the aforementioned identity verification is determined to be successful, a storage means for storing the acquired biometric information certificate is provided. Equipped with, The verification means is a terminal that performs the identity verification using biometric information obtained from the acquired biometric information certificate and biometric information obtained by photographing the user in response to the acquisition of the biometric information certificate.
2. The terminal according to claim 1, wherein the acquisition means acquires the biometric certificate by transmitting a certificate issuance request to the certificate issuer, which includes information identifying the recipient of the biometric certificate.
3. The terminal according to claim 2, wherein the acquisition means transmits to the certificate issuer a certificate issuance request including the type of biometric information to be certified by the biometric information certificate.
4. The acquisition means is a terminal according to claim 3, which acquires the biometric information certificate as a credential certificate from the certificate issuer.
5. The acquisition means is a terminal according to any one of claims 1 to 4, which acquires the biometric information certificate relating to a person's face.
6. The terminal according to any one of claims 1 to 4, wherein the storage means stores the acquired biometric information certificate in a digital wallet.
7. The acquisition means stores the acquired biometric certificate in the digital wallet when the acquired biometric certificate is valid, as described in claim 6.
8. A server device managed by the certificate issuer that holds the user's biometric information, The device and Includes, The aforementioned terminal is An acquisition means for acquiring a biometric certificate from the server device, which is a certificate that proves the biometric information of the person to be issued, and which includes the biometric information of the person to be issued. A verification means that performs identity verification using the biometric information obtained from the acquired biometric information certificate and the biometric information of the user, If the aforementioned identity verification is determined to be successful, a storage means for storing the acquired biometric information certificate is provided. Equipped with, The verification means is a system that performs identity verification using biometric information obtained from the acquired biometric information certificate and biometric information obtained by photographing the user in response to the acquisition of the biometric information certificate.
9. On the device, Obtaining a biometric information certificate from a certificate issuer that holds the user's biometric information, which certifies the biometric information of the person to whom the certificate was issued, and which includes the biometric information of the person to whom the certificate was issued, The biometric information obtained from the acquired biometric certificate and the user's biometric information are used to verify the user's identity. A terminal control method that, upon determining that the aforementioned identity verification is successful, stores the acquired biometric information certificate, A terminal control method for performing identity verification using biometric information obtained from the acquired biometric information certificate and biometric information obtained by photographing the user in response to the acquisition of the biometric information certificate.
10. On the computer installed in the terminal, A process of obtaining a biometric information certificate from a certificate issuer that holds the user's biometric information, which is a certificate that certifies the biometric information of the person to whom the certificate is issued and includes the biometric information of the person to whom the certificate is issued, A process to perform identity verification using the biometric information obtained from the acquired biometric certificate and the user's biometric information, If the aforementioned identity verification is determined to be successful, the process of storing the acquired biometric information certificate is performed, A program to execute, To the aforementioned computer, A program that performs the process of verifying the identity of the user using the biometric information obtained from the acquired biometric information certificate and the biometric information obtained by photographing the user in response to the acquisition of the biometric information certificate.