Abstract: In a public key certificate using system, a template which serves as person identification data of a person requesting a public key certificate is obtained from a person identification certificate of the person, a person authentication is executed by comparing sampling information of the person against the template, and a public key certificate for the person is issued by a certificate authority on condition that the person authentication is established, thus reducing the load on the certificate authority for person authentication. The public key certificate issued to the user is deleted upon completion of a processing session involving use of the public key certificate, restricting the use of the public key certificate to the particular processing session.

Abstract: A person authentication system, a person authentication method, an information processing apparatus, and a program providing medium according to the present invention are provided to authenticate a person who uses an information apparatus in data communication.

Abstract: Disclosed are an information processing apparatus and an information processing method which execute person authentication and allows various services such as receiving of contents to be received, provided that the authentication is successfully passed. In the information processing apparatus for executing, by a connection to an external server providing various services such as contents transmission, a process such as receiving of contents, person authentication is executed by comparing a template acquired from a person identification certificate storing a template which is person identification data of a user using the information processing apparatus with sampling information input by the user, and a connection to the external server is executed provided that the authentication is successfully passed.

Abstract: A person identification certificate link system forms a link between a person identification certificate which stores a template serving as person identification data and which is generated by a person identification certificate authority and a public key certificate which stores a public key, thereby specifying one certificate based on the other certificate. With this arrangement, a cryptographic key to the template stored in the person identification certificate can be specified. It is also possible to quickly obtain a combination of the person identification certificate and the public key certificate which are both utilized in transaction with a service provider, thereby improving the processing efficiency.

Abstract: A content distribution is performed by a secure container including a content encrypted by a content key and container information set for a content transaction. The container information includes a person identification certificate identifiers list. Usage control status information including the list is generated and stored in a device during a secondary distribution among user devices after a primary distribution of the content. In the distribution among the user devices, identifying an identification certificate in reference to the list and performing a person authentication based on the identification certificate allows each of the user devices to use the transmitted content, when the authentication is affirmative.

Abstract: A person authentication system includes a person identification authority. In the system, a service provider, a user device, or the like performs person authentication by acquiring a template from a person identification certificate created by the person identification authority, which is a third-party agency. The person identification authority identifies a person who requests issue of the person identification certificate, creates and registers the person identification certificate. Furthermore, the person identification authority deletes and changes the person identification certificate and performs registration, addition, deletion, invalidation process, and re-validation process of the template stored in the person identification certificate.

Abstract: An entity which executes person authentication such as a service provider (SP) and a user device (UC) receives a request for person authentication from an entity which requests person authentication. The entity which requests person authentication can vary in form. The entity which executes person authentication decrypts the template by using a person identification certificate that can be owned by the entity which executes person authentication or provided from the outside, compares the template with sampling information input by a user and notifies the entity which requests person authentication of the result of comparison. The data for person identification is provided as encrypted information that can be decrypted only by the entity which executes person authentication, thereby performing safe authentication in various locations or devices, while preventing the template information from leaking out.

Abstract: Disclosed are a person authentication system, a person authentication method, and an information processing apparatus which allow person authentication to be performed in an easy fashion in various devices by comparing a template serving as person identification data with sampling information input by a user. A service provider (SP) or user device (UD) executes person authentication by acquiring a template from a person identification certificate (IDC) generated by a third-party agency serving as a person identification certificate authority (IDA). The IDA acquires a template serving as identification data after verifying a person requesting an IDC to be issued, and generates the IDC storing template information. The IDA distributes the IDC having a digital signature of the IDA added thereto to the SP and the UD.

Abstract: A system is provided which allows a person authentication process to be performed in a device in which a person identification certificate used for person authentication is not stored. A device for performing a process for requesting person authentication performs a process for retrieving a person identification certificate used for a person authentication process on the basis of user input information with device-stored data being used as the retrieval target, outputs a request for issuing a person identification certificate after mutual authentication with the person identification certificate authority which is a person identification certificate issuing entity, obtains the certificate from the person identification certificate authority, and stores the certificate. The certificate is stored in a template encrypted using a public key of the device or a user, and can be used in the device which receives the certificate.

Abstract: A person authentication system capable of performing personal authentication by comparing templates that is personal identification data with sampling information input by a user is disclosed. For example, a service provider (SP) or a user device (UD) acquires the templates from a person identification certificate (IDC) generated by a personal identification certificate authority that is a third party to thereby perform personal authentication. The IDC stores data, such as a certificate identifier and a user identifier, in accordance with a format, and also stores encrypted templates in a manner that the data can be decrypted by an entity that performs authentication. This arrangement achieves efficient template retrieval and a personal authentication process, as well as effective prevention of the templates from being leaking out.

Abstract: A content distribution system allowing user authentication to be performed to identify a user in content transaction, thereby permitting the content to be used.

Abstract: An access control system, which eliminates the necessity for access controls to be performed by individual service providers, has an access control server which is used commonly by a plurality of service providers and devices. The access control server issues access permissions in accordance with predetermined format and procedure. Access control is executed in accordance with the access permission, so that each service provider and each device can easily execute the access control without building up their own access control procedures. A user device which receives the services from various service providers is not required to execute different access control sequences for different service providers, and can execute the access control in accordance with a predetermined sequence. Thus, the user device need not store and administrate different format data and access programs for different service providers.

Abstract: A user device receives the content, and pays a content fee, based on the usage control policy of the content, by electronic money up to the allowable amount of money set in an issue log. The user device then creates a usage log including a content identifier and sends it to a service provider. The service provider creates a receive log based on the usage log, and sends it to a clearing center. The clearing center performs settlement processing for the electronic money based on the receive log, and sends a transfer request to an account management institution. By performing the above-described series of processing by using encrypted data, the settlement of the content usage fee is safely performed.

Abstract: A public-key-encryption data-communication system includes a public-key-certificate issuer authority. The public-key-certificate issuer authority performs the issuance of a public key certificate and management operations, certification of a subject to be certificated, which is a certificate issuing request, and management such as registration processing are executed by a root registration authority or each registration authority. The public-key-certificate issuer authority performs processing for validating, invalidating, and deleting the certificate in accordance with a request from the root registration authority. The root registration authority accepts a request for issuing a public key certificate corresponding to the subject to be certificated which is under the control of a certificated registration authority, and transfers it to the public-key-certificate issuer authority in a form in which a signature is added to it.