Electrical computers and digital processing systems: support – System access control based on user identification by... – Using record or token
Reexamination Certificate
2000-03-21
2004-06-15
Peeso, Thomas R. (Department: 2767)
Electrical computers and digital processing systems: support
System access control based on user identification by...
Using record or token
C713S182000, C713S168000, C713S152000, C713S152000
Reexamination Certificate
active
06751734
ABSTRACT:
BACKGROUNDS OF THE INVENTION
1. Field of the Invention
The present invention relates to an authentication executing device, a portable device for authentication, and an authentication method for certifying a user's identity through the check of biometrics, that is, his or her physical features such as fingerprints that can be measured, thereby to allow the operation executable only by the user himself or herself.
2. Description of the Related Art
The operations executable only by a user himself or herself in an information processing system, for example, in a personal computer (hereinafter, referred to as a PC) include a log-in operation of the identified user, electronic commerce of dealing with a person in confirmation of the person's identity, and further file encryption and decryption.
In the conventional technique, a user's input of a password certifies that a person trying to do the above operation is the authorized user. In this case, a person asking for a permission has a trouble to register his or her predetermined password in advance, and if the password should be stolen, another user will make fraudulent use of the PC, acting like the authorized user.
In order to solve the problem, a method of using biometrics such as fingerprints, instead of a password, has been proposed. Below the description will be made with reference to
FIG. 7
, by way of example, in the case of using fingerprints as the biometrics.
In the conventional technique, a fingerprint sensor
10
is connected to a PC; feature information for matching extracted from the user's fingerprint data is stored in a user inherent information storing unit
13
within the PC; when some fingerprint is provided by a user's input, a fingerprint feature extracting unit
11
extracts the feature information from the fingerprint; a fingerprint checking unit
12
judges whether the feature of the fingerprint is in accord with the stored data; only when they are of one accord, the user is certified as the authorized user and a user inherent operation executing unit
17
performs the user identification operation.
In this form, since the input image and feature information of the fingerprint is processed within a system performing authentication, there is a risk that the feature information may be stolen by tampering the program when the system is not under the control of a user. In order to solve the problem, there has been a method of holding the fingerprint feature information stored in the user inherent information storing unit
13
in
FIG. 7
, on a portable terminal carried by a user, under the control of the user, more specifically, on an information terminal such as an electronic notepad, or on the medium, for example, an IC card, and transferring the content thereof to a PC to check the data. Even in this way, however, when a fingerprint sensor is connected to a PC in poor management, there is a possibility of tampering a program for controlling fingerprint input, so as to act like an authorized user, as if the authorized user had entered the fingerprint through the finger sensor, by using the fingerprint image of the other person being copied and stored, or the fraudulent fingerprint image.
On the other hand, the above portable terminal that can be carried by a user has the advantage that the user's identity can be checked at any place. However, it is troublesome to insert the terminal into a PC, or connect the terminal to a PC by a cable in order to do authentication operation. There is a method of using infrared rays, radio waves, sound waves, or the like in a non-contact way, so to exchange data therebetween. These signals, however, are easily intercepted, and there is the possibility that the other person, receiving the data signal, makes use of it again so as to act like the authorized user.
SUMMARY OF THE INVENTION
An object of the present invention is to provide an authentication method and system with high security, free from a trouble of remembering a password and a risk of the other person using a PC by acting like the authorized user, capable of connecting a terminal with the PC by infrared rays, radio waves, or sound waves, taking the portability into consideration, with no possibility of stealing the fingerprint data and making fraudulent use of a message.
According to the first aspect of the invention, an authentication method using biometrics identification, comprising the following steps of
identifying a user by biometrics entered from a portable authentication terminal,
when the user has been registered previously, establishing communication between the authentication terminal and an authentication executing device independent of the authentication terminal, and calculating a common secret key for use in transmission of an authentication message,
encrypting the authentication message including the user's inherent information based on the secret key in the authentication terminal,
sending the encrypted authentication message from the authentication terminal to the authentication executing device, and
decrypting the authentication message based on the calculated secret key in the authentication executing device, thereby executing an operation depending on the user inherent information included in the message.
In the preferred construction, the communication message is transmitted in one of non-contact typed communications, for example, via infrared rays, radio waves, and sound waves.
In another preferred construction, the user inherent information included in the authentication message includes such secret information as cannot be read out without identification of an authorized user from the biometrics in the authentication terminal.
In another preferred construction, an operation to be executed by the authentication executing device depending on the user inherent information is non-executable operation without identification of an authorized user from the biometrics in the authentication terminal, and therefore a function of authenticating that a person having registered the biometrics previously carries and uses the authentication terminal, is provided.
In another preferred construction, the user inherent information included in the authentication message includes individual information that cannot be read out without identification of an authorized user from the biometrics in the authentication terminal, and using the individual information, the authentication executing device executes the operation depending on the information of a user employing the authentication function.
In another preferred construction, the operation performed by the authentication executing device depending on the user inherent information includes file encryption and decryption, and a secret key for use in this encryption and decryption is to be stored in such a way that the secret key cannot be read out without identification of an authorized user from the biometrics in the authentication terminal.
According to the second aspect of the invention, a portable terminal for authentication using biometrics identification, comprises
biometrics image input means for receiving a user's biometrics image,
biometrics feature extracting means for extracting biometrics feature for matching from the input biometrics image,
user inherent information storing means for storing the biometrics feature and inherent information of the user in pairs,
secret key agreeing means for deciding a key for use in encryption of an authentication message between the authentication executing device and the portable terminal,
biometrics image checking means for comparing the biometrics image extracted from the user's input biometrics image with the biometrics feature stored in the user inherent information storing means, judging whether the user having entered the biometrics image this time is a registered user or not, and when this user is a registered user, supplying the inherent information stored in pairs with the biometrics image in the user inherent information storing means,
authentication message
Dickstein Shapiro Morin & Oshinsky LLP.
NEC Corporation
Peeso Thomas R.
LandOfFree
Authentication executing device, portable authentication... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authentication executing device, portable authentication..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authentication executing device, portable authentication... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3294745