Patents by Inventor Asahiko Yamada
Asahiko Yamada has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9736151Abstract: According to an embodiment, a biometric reference information storage apparatus transmits, to the biometric reference information certificate generation apparatus, a biometric authentication context including the challenge information, the hash value of the biometric reference information, and a first digital signature. The biometric reference information certificate generation apparatus verifies the challenge information and the first digital signature. The biometric reference information certificate generation apparatus transmits a biometric reference information certificate to the biometric reference information storage apparatus. The biometric reference information storage apparatus writes the biometric reference information and the biometric reference information certificate in a storage module.Type: GrantFiled: March 26, 2015Date of Patent: August 15, 2017Assignees: KABUSHIKI KAISHA TOSHIBA, TOSHIBA SOLUTIONS CORPORATIONInventors: Tatsuro Ikeda, Asahiko Yamada, Koji Okada
-
Patent number: 9386016Abstract: An authentication device receives each authentication context including an output information block, an input information block, and an authenticator block. The output information block includes a process result and process result identification information. The input information block includes a process result and process result identification information. The authentication device verifies each authenticator block. The authentication device searches for the output information block having the same value of process result identification information as the value of process result identification information in the input information block from other authentication contexts based on process result identification information in the input information block included in each authentication context.Type: GrantFiled: August 17, 2007Date of Patent: July 5, 2016Assignees: KABUSHIKI KAISHA TOSHIBA, TOSHIBA SOLUTIONS CORPORATIONInventors: Hidehisa Takamizawa, Asahiko Yamada, Tomoaki Morijiri, Koji Okada, Tatsuro Ikeda, Minoru Nishizawa, Yoshihiro Fujii
-
Publication number: 20150200935Abstract: According to an embodiment, a biometric reference information storage apparatus transmits, to the biometric reference information certificate generation apparatus, a biometric authentication context including the challenge information, the hash value of the biometric reference information, and a first digital signature. The biometric reference information certificate generation apparatus verifies the challenge information and the first digital signature. The biometric reference information certificate generation apparatus transmits a biometric reference information certificate to the biometric reference information storage apparatus. The biometric reference information storage apparatus writes the biometric reference information and the biometric reference information certificate in a storage module.Type: ApplicationFiled: March 26, 2015Publication date: July 16, 2015Applicants: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventors: Tatsuro IKEDA, Asahiko YAMADA, Koji OKADA
-
Publication number: 20150188916Abstract: According to one embodiment, there is provided a VPN connection authentication system including a user terminal that is used by a user, an authentication server that is connected to the user terminal and configured to communicate with the user terminal, a biometric authentication result evidence information verification server that is incorporated in the authentication server or is connected to the authentication server and configured to communicate with the authentication server, an authentication information management DB configured to be writable from the authentication server, and a VPN connection server that is connected to the user terminal by VPN and configured to communicate with the user terminal.Type: ApplicationFiled: March 13, 2015Publication date: July 2, 2015Applicants: KABUSHIKI KAISHA TOSHIBA, TOSHIBA SOLUTIONS CORPORATIONInventors: Asahiko YAMADA, Tatsuro IKEDA
-
Publication number: 20140259120Abstract: A verification device transmits challenge information to a first entity device, and for each authentication context received in return, verifies that challenge information identical to the challenge information transmitted in advance is described, to thereby confirm that the authentication context is the current one. As a result, a repetitive attack in which the past authentication context is repeatedly used is prevented and the security against repetitive attacks is improved.Type: ApplicationFiled: May 19, 2014Publication date: September 11, 2014Applicants: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventors: Tomoaki Morijiri, Koji Okada, Hidehisa Takamizawa, Asahiko Yamada, Tatsuro Ikeda
-
Patent number: 8744970Abstract: In an information communication system, user personal information is batch-managed in a user management center apparatus. The center apparatus issues temporary information, which includes temporary user information and temporary authentication information, in response to a log-in request from a user terminal apparatus that designates a net-shop apparatus, and sends the information to the user terminal apparatus and the designated net-shop apparatus. Thereby, if the user terminal apparatus sends an authentication request to the net-shop apparatus on the basis of the information, the net-shop apparatus can authenticate the user terminal apparatus on the basis of the information from the user management center apparatus. At this time, the user personal information does not go to the net-shop apparatus, and there is no need for the net-shop apparatus to manage the user personal information.Type: GrantFiled: February 21, 2008Date of Patent: June 3, 2014Assignee: Kabushiki Kaisha ToshibaInventors: Shinichi Kurihara, Asahiko Yamada
-
Patent number: 8732461Abstract: A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.Type: GrantFiled: February 12, 2010Date of Patent: May 20, 2014Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventors: Yoshihiro Fujii, Tatsuro Ikeda, Koji Okada, Tomoaki Morijiri, Minoru Nishizawa, Hidehisa Takamizawa, Asahiko Yamada
-
Patent number: 8666899Abstract: In an information communication system, user personal information is batch-managed in a user management center apparatus. The center apparatus issues temporary information, which includes temporary user information and temporary authentication information, in response to a log-in request from a user terminal apparatus that designates a net-shop apparatus, and sends the information to the user terminal apparatus and the designated net-shop apparatus. Thereby, if the user terminal apparatus sends an authentication request to the net-shop apparatus on the basis of the information, the net-shop apparatus can authenticate the user terminal apparatus on the basis of the information from the user management center apparatus. At this time, the user personal information does not go to the net-shop apparatus, and there is no need for the net-shop apparatus to manage the user personal information.Type: GrantFiled: September 7, 2005Date of Patent: March 4, 2014Assignee: Kabushiki Kaisha ToshibaInventors: Shinichi Kurihara, Asahiko Yamada
-
Patent number: 8578446Abstract: A configuration including, in authentication contexts, function unit identification information unique to the function unit that has executed an authentication subprocess in entity devices permits an authentication apparatus to specify the function unit that has executed the authentication subprocess in the entity devices. The verifier, therefore, can verify the legitimacy of the authentication subprocess from the authentication context even in the presence of a plurality of function units capable of executing the same authentication subprocess in the entity devices.Type: GrantFiled: January 3, 2008Date of Patent: November 5, 2013Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventors: Hidehisa Takamizawa, Koji Okada, Tomoaki Morijiri, Tatsuro Ikeda, Minoru Nishizawa, Yoshihiro Fujii, Asahiko Yamada
-
Publication number: 20130246281Abstract: According to one embodiment, the verifying device sends, to the service providing device, the user identification information in the user identification information certificate and the execution result that indicates properness when all the verification results are proper. the service providing device reads service user identification information associated with the user identification information in response to user identification information and a verification result. The service providing device sends the service information to the user terminal in accordance with the read service user identification information.Type: ApplicationFiled: May 10, 2013Publication date: September 19, 2013Applicants: TOSHIBA SOLUTIONS CORPORATION, KABUSHIKI KAISHA TOSHIBAInventors: Asahiko YAMADA, Koji Okada, Tatsuro Ikeda
-
Patent number: 8499147Abstract: A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid.Type: GrantFiled: July 10, 2009Date of Patent: July 30, 2013Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventors: Tatsuro Ikeda, Koji Okada, Tomoaki Morijiri, Minoru Nishizawa, Hidehisa Takamizawa, Yoshihiro Fujii, Asahiko Yamada
-
Patent number: 8332648Abstract: According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information while the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.Type: GrantFiled: January 28, 2010Date of Patent: December 11, 2012Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventors: Tomoaki Morijiri, Koji Okada, Tatsuro Ikeda, Minoru Nishizawa, Hidehisa Takamizawa, Yoshihiro Fujii, Asahiko Yamada
-
Patent number: 8281373Abstract: A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.Type: GrantFiled: April 6, 2011Date of Patent: October 2, 2012Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventors: Yoshihiro Fujii, Minoru Nishizawa, Tatsuro Ikeda, Koji Okada, Tomoaki Morijiri, Hidehisa Takamizawa, Asahiko Yamada
-
Patent number: 8028330Abstract: A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.Type: GrantFiled: January 3, 2008Date of Patent: September 27, 2011Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventors: Yoshihiro Fujii, Minoru Nishizawa, Tatsuro Ikeda, Koji Okada, Tomoaki Morijiri, Hidehisa Takamizawa, Asahiko Yamada
-
Publication number: 20110185413Abstract: A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.Type: ApplicationFiled: April 6, 2011Publication date: July 28, 2011Inventors: YOSHIHIRO FUJII, Minoru Nishizawa, Tatsuro Ikeda, Koji Okada, Tomoaki Morijiri, Hidehisa Takamizawa, Asahiko Yamada
-
Patent number: 7840808Abstract: A client device transmits service identification information to an authentication device at the time of a service request, prompts selection of one or more authentication entity devices which execute one or more authentication subprocesses from among all the authentication entity devices adaptive to profile information received from the authentication device, based on “function list information defining an execution environment of each of the authentication entity devices”, transmits a request for executing an authentication subprocess to such selected each authentication entity device, and transmits to the authentication device “authentication context information including an execution environment and an execution result of an authentication subprocess” received from such each authentication entity device.Type: GrantFiled: October 24, 2006Date of Patent: November 23, 2010Assignees: Kabushiki Kaisha Toshiba, Toshiba Solutions CorporationInventors: Hidehisa Takamizawa, Koji Okada, Tatsuro Ikeda, Tomoaki Morijiri, Asahiko Yamada
-
Publication number: 20100191967Abstract: A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.Type: ApplicationFiled: February 12, 2010Publication date: July 29, 2010Inventors: Yoshihiro FUJII, Tatsuro Ikeda, Koji Okada, Tomoaki Morijiri, Minoru Nishizawa, Hidehisa Takamizawa, Asahiko Yamada
-
Publication number: 20100180124Abstract: According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information whilst the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified.Type: ApplicationFiled: January 28, 2010Publication date: July 15, 2010Inventors: Tomoaki Morijiri, Koji Okada, Tatsuro Ikeda, Minoru Nishizawa, Hidehisa Takamizawa, Yoshihiro Fujii, Asahiko Yamada
-
Publication number: 20090327706Abstract: A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid.Type: ApplicationFiled: July 10, 2009Publication date: December 31, 2009Inventors: Tatsuro IKEDA, Koji Okada, Tomoaki Morijiri, Minoru Nishizawa, Hidehisa Takamizawa, Yoshihiro Fujii, Asahiko Yamada
-
Publication number: 20080172729Abstract: An authentication device receives each authentication context including an output information block, an input information block, and an authenticator block. The output information block includes a process result and process result identification information. The input information block includes a process result and process result identification information. The authentication device verifies each authenticator block. The authentication device searches for the output information block having the same value of process result identification information as the value of process result identification information in the input information block from other authentication contexts based on process result identification information in the input information block included in each authentication context.Type: ApplicationFiled: August 17, 2007Publication date: July 17, 2008Inventors: Hidehisa TAKAMIZAWA, Asahiko YAMADA, Tomoaki MORIJIRI, Koji OKADA, Tatsuro IKEDA, Minoru NISHIZAWA, Yoshihiro FUJII