The concept of biometric digital signatures based on Hitachi activities in Japan

Transcription

1 The concept of biometric digital signatures based on Hitachi activities in Japan Koncepcja biometrycznego podpisu kwalifikowanego na podstawie działań Hitachi w Japonii Hitachi, Hitachi, Ltd. Ltd All All rights reserved.

2 Contents 1. Problems of Signature Infrastructure 2. The Signature System of the Server Method using Finger Vein 3. The Use Scenario of the FV Method 4. The Problem of the FV Method 5. Examples Introduction, and Future Examination Matters

3 1 Problems of Signature Infrastructure

4 1 1. A problem of signature infrastructure A problem of signature infrastructure Is this safe? Because there are many cases dealing with important personal information, safety becomes important. In addition, it must seem that It is a safe" for a user. Is this easy? If it is not easy to use, then the user is unlikely to use the system. If the system is difficult to use, costs of use and the education of users will increase. How to get an IC card? There are many cases using an IC card for security, but in this case, the distribution method and the associated costs can become a problem. False sending of cards and fraud or loss can cause serious problems. How to keep safety of the algorithm? It is necessary to shift to an extreme high thing in algorithm so that the strength of the code deteriorates with time. Depending on implementation of a system and the IC card a great deal of costs may be necessary in replacing it. What s a digital signature? Minimum knowledge is necessary to use it safely. In addition, it is importantto publicize you have what when use signature infrastructure, and where becomes convenient. It is not used by the system known nobody. 3

5 1 2. The case of Japan The problem of a signature infrastructure realized in Japan PKIin Japan There is an infrastructure called JPKI in Japan that allows the use e signature for validating transactions. A problem of the introduction In JPKI, an IC card equipped with a key and a certificate is used to sign a transaction. You must go off to the government office to get the IC card. In addition, You need to buy an IC card reader/writer to use it. For this reason, it is not always easy to introduce it. A problem of the use Because eachgovernment copes about the CA rekey/ the IC card update / the migration about cryptography algorithm individually, administrative affairs are inconvenient and are non effective. Users have to manage their Password and PINsafety. JPKI CERT. 4

6 1 3. The case of certain company The problem of the company that introduced a signature infrastructure SAFE BioPharma It is the trade group which was established to carry out the PKIinfrastructure in the pharmaceutical industry. It is going to be used by a protection of patent evidence, electronic application procedure to Government, the approval of the inside office work and cryptographic communication. Now, all top 10 company introduce SAFE digital signature, and many major companies will. 2005: Introduction In firstcompany,the IC card that stores a key and a certificate was distributed to employees. 2010: The update of the cryptographic algorithm In relation to a problem of the code strength, the update of thekey and the algorithm are necessary. Therefore companies must distribute all IC cards again and this is problematic. SAFE CERT. COMPANY CA 5

7 2 The Signature System of the Server Method using Finger Vein

8 2 1. The signature system of the server method used FV The summary of signature system of the server method used FV traditional model It is mainstream that it storesa key and a certificate in an IC card, and to sign in an IC card. FVmodel In server method, it stores a key in a server and it signs on a server. In addition, we use finger vein information for the user authentication. Prototype is working at a research institute. traditional FV SIGN SIGN user authentication by IC card and PIN. user authentication by FV. 7

9 2 2. The featuresof the FV method The merit of the FV signature You do not need to use an IC card Even if the user does not use an IC card, e signature comes to be possible. The provider does not need to think about the management of IC cards such as distribution or the updates. You donot need to manage PINs User authentication is enabled only with a finger. Therefore problems of PIN memory or the change of PIN are avoided. You do not need to waste timefor update User does not have to do something for a key and algorithm update. Update is completed only by work on the server side. It is much easier for the user User only needs to put their finger without inputting PIN and setting IC card. In addition, impersonation is very difficult since biological information is used. PIN UPDATE 8

10 3 The Use Scenario of the FV Method

11 3 1. The use scenario of the FV method Registration Office Authentication Server User User Data User visits the registrationoffice. A manual step is required to confirm identity using controlled document, for example, Citizen ID Card. After the person s identity is confirmed by staff, staff register the user s finger vein information. System generates a key pair, and connects key information, personal data ( e.g. a reference number) and the finger vein information. 10

12 3 2. The use scenario of the FV method Portal Site Application Server User manages or enters required information for an official documents using portal site via work, home, at a kiosk etc. 11

13 3 3. The use scenario of the FV method Portal Attach Signature Application Server Authentication Server If the document setup is completed successfully, User is requested to scan finger and finger vein information is transmitted to the authentication server. 12

14 3 4. The use scenario of the FV method Portal Authentication Server Signature is done Application Server OK? SIGN Systemperformsthe finger vein certification in the server side and signsit automatically. 13

15 4 The discussion point of the FV Method

16 4 1. The Discussion pontof the FV method (1) legal aspect The design concept of many e signature laws is based on the key being stored in a secure container such as an IC cards. Interpretation every country is necessary whether a method to manage the key with a server satisfies electronic signature law. In Europethe statement is secure container so it is possible if the system is secured. It is a condition of the electronic signature in Japan that an individual can sign only by himself, and the legal interpretation of the servermethod is unknown. Because there is not a rule like Japan in U.S.A., it is thought that the server method satisfies a condition. But the company that introduces this must understand that strict use, control and inspection are necessary. OK? 15

17 4 2. The discussion pointof the FV method (2) technical aspect large scale When a nation uses it, finger vein information to be managedincreases in volume. Systems must search for input finger vein information from the finger vein information of all users in a 1 to Manytransaction. This can become difficult with large user populations if a reference number is not used. Therefore the algorithm reinforcement of the finger vein authentication is required. The provision by the user of simple information (e.g. National ID Number) to make a 1 to 1 or 1 to a few transaction solves the problem but adds some additional work forthe user. security As a matter of course, finger vein authentication is powerless for the man in the middle attack. When a userhasauthenticationinformation stolen, the userwill perform password changes if usual. However, because wecannot change the biologicalinformation,some kind of technological countermeasures are necessary. In a matching Just a minute, please. 16

18 5 Examples Introduction, and Future Examination Matters

19 5 1. Example of epass in Canada Example of epass in Canada The Canadian Government offers registrationand authenticationservices to providesafe access to online government services to be called epassfrom September, Utilizing PKI technology, it is used as an infrastructure for electronic signature for using online government services. epass APP APP User ID Key abc123 registration download signature document Client PKC SIGN 18

20 5 2. Example of company introducing SAFE BioPharma Example of company introduced SAFE BioPharma Utilizing the IC card which is already distributed. System performsthe user authentication by IC card, but performsthe signature in a server. PKI APP APP PKC SIGN authentication Client signature document access 19

21 5 3. Future Examination Matters Method of Combination with Applications What is the target applications Combine with Workflow system Method of user management Combine with SSO system, LDAP server or MS Active Directory User I/F Usability, security and safety 20

22

23