DE69832145T2 - Remote authentication system - Google Patents

Description

BACKGROUND THE INVENTION

1st area the invention

The The present invention relates to a remote authentication system. in which the identification of an individual by biometric Characteristics and the decision about the presence or absence of an individual's right of access to the information and the application intensively through a single authentication terminal respectively.

2. Description of the state of the technique

Traditional is in a network connected information processing system security a process of identifying an individual to be about Permission or denial of access by the individual to decide, i. an attestation required. Furthermore introduces automatic bank machine of a bank or the like in general a certification for the identification of an individual and access to transaction information of the individual as a bank statement through. The attestation of a Individual is also performed for the Arrival at or leaving a research location with high Security and a member club.

The Authentication, i. the identification of an individual and detection Qualification is carried out using a Magnetic card or IC card, the same function as an ID card, a memory of the individual such as a password or a combination thereof. However, the password can be forgotten. It can the case occur that the magnetic card or IC card is not certified can be because it has been lost or broken. Another An individual as a questionable person may be considered the person in question be authenticated due to a theft of the card or transfer of information about the password. In order to maintain a high level of security, the questionable one must Person sure as he or she is attested to. In this Case is when the means to mitigate the password or a one-time password (OTP), the storage accordingly difficult, or the process of attestation itself becomes complicated. Furthermore, if the authentication by storage in a wide range (several branches of the bank) is performed, the authentication information be managed intensively.

on the other hand eliminates the authentication by biometric information that Properties of the living body of an individual, such as those on a fingerprint, one Handprint, handwriting, retina, etc. related information, the complication and also makes it difficult to "spend for another". If the authentication by biometric information in a wide The area required is intensive administration and accreditation for the same reason and the protection of privacy required. If the certification is carried out intensively by biometric information, It is important to have a suitable procedure of attestation in accordance with a Select security levels, like a thing, place or system that has a credential as well as everyone Require users to obtain the credential information become.

Now leads the Radius server described by RFC 2138 (Remote Authentication Dial in User Service, hereinafter referred to as RADIUD, renewal of the preceding RFC 2058) described in RFC (Request For Comment) by IETF (Internet Engineering Task Force) is registered in response to a request from a Radius client for the attestation process intensively through to return the result of the attestation. In this case, the credentials and credential information for each User defined. Because of this, if the biometric information according to her Acquisition environment, the credentials and the Authentication information can not be changed dynamically.

One example for Such a prior art is a "authentication method to a network" described in JP-A-9-815: 18 is disclosed. This procedure prompts if a user host accessing an application server, the application server is a credential server to perform a user's authentication using hard Credentials and authentication information and receive that Result of the certification.

The Biometric information is effective in distinguishing one Individual of other persons. However, they lead to problem of protection of privacy and the hygienic purchase, if a device for the purchase biometric features itself is dirty and inconvenience prepares.

US-A-4 993 068 discloses a forgery-proof personal identification system for identifying users at remote access control locations. The forgery-proof personal identification system generates encrypted one-way versions of physically fixed identification features (face photograph, scan of the Retina, speech and fingerprints). These features are stored in a portable storage device. At a remote access control location, the user presents his portable storage device and the encrypted identification features are read. The user then physically submits his physical identification properties to the remote access control location. A comparison is made between the features obtained from the storage device and the physical identity of the user to determine whether access to the remote location is allowed or denied. The features may be used individually or in combination for comparison with the physical identity of the user. Furthermore, attribute or franchise information may be added to the features and coupled to the immutable physical features.

Such Data can medical information about the user, special privileges held by the user such as organizational affiliation, security clearance level, passport and include visa information or financial information.

SUMMARY THE INVENTION

The The present invention has been made to solve the problem described above to solve, and it intends to have a remote authentication system and a remote authentication procedure that identify and identify an individual safely Presence or absence of an access right to decide this can, if the individual by using biometric information certified, and which can also facilitate the use.

These The object is achieved by a remote authentication system having the features of claim 1.

The The present invention provides a remote authentication system having a Network connected to an authentication server, an authentication client and a user terminal for access data from the attestation clients at which a certification of the user accessing the authentication client by the user user terminal takes place, comprising several types of recovery devices biometric features associated with the user terminal and several credentials information retrieval software items are stored in the authentication server, according to the user terminal and / or a user, according to the operation a mandatory credential acquisition software according to the User terminal, downloaded by the authentication server at attestation will be biometric information by one or more species obtained from devices for obtaining biometric features were and / or input user discrimination information used, depending on be selected from the secrecy level of the data to be accessed.

SUMMARY THE DRAWINGS

1 Fig. 12 is a block diagram of the first embodiment of a network system to which the remote attestation system according to the present invention is applied.

2 FIG. 13 is a timing chart for explaining the processing in the authentication in the network system in FIG 1 ,

3 FIG. 15 is a diagram for explaining a first example of a credential information database in the authentication server terminal in FIG 1 ,

4 FIG. 14 is a diagram for explaining a first example of an authentication information database in the authentication server terminal in FIG 1 ,

5 FIG. 14 is a diagram for explaining a second example of an authentication information database in the authentication server terminal in FIG 1 ,

6 FIG. 14 is a diagram for explaining a third example of an authentication information database in the authentication server terminal in FIG 1 ,

7 FIG. 14 is a diagram for explaining a third example of an authentication information database in the authentication server terminal in FIG 1 ,

8th FIG. 14 is a timing chart for explaining the authentication processing in the third example in FIG 1 shown network system.

9 Fig. 12 is a block diagram of the second embodiment of the network system to which a remote authentication system according to the present invention is applied.

10 FIG. 14 is a timing chart for explaining the attestation processing in FIG 9 shown network system.

11 is a timing chart for explaining of the case in which rejection is made as the third embodiment of the network system in FIG 1 ,

12 is a schematic view of the fourth embodiment of the network system in 1 ,

DETAILED DESCRIPTION THE PREFERRED EMBODIMENTS

It An explanation will now be made with reference to the drawings of exemplary embodiments of the present invention.

Embodiment 1

1 shows an embodiment of the first embodiment, in which the present invention is applied to a network system. A network 2 is with an authentication server terminal 3 , an authentication client terminal 4 (Network server terminal in this embodiment) and a user terminal 5 etc. connected. In such a network system 1 the network server receives 4 when from a user via the user terminal 5 an individual authentication of the user from the user server terminal 3 and provides a service to the user based on the result.

The authentication server terminal 3 is a computing device such as a personal computer, a workstation, etc. (which may include a CPU, a memory, a disk, a communication control unit, etc., as described below) including an authentication control unit 3A , an authentication information database 3B and a credential information retrieval software pool 3C stores (hereafter software is referred to as S / W). The network server terminal 4 is a computing device such as a personal computer, a workstation, etc., in which a network server database 4A , an authentication request unit 4B and a network server b / w 4C that requires a user's authentication to be operated.

The user terminal device 5 is composed of a browser for displaying information of the network server terminal 4 and a computing device, such as a personal computer or workstation, in which an authentication information retrieval S / W 5B is pressed. The user terminal device 5 is with a device 6 connected to the acquisition of biometric features. The device 6 to obtain biometric features contains a device 7 for obtaining fingerprints and a device 8th for obtaining handprints acquiring a fingerprint and a handprint of a living body as biometric information through image processing, a letter recognition board 9 for obtaining handwriting information written by a user as biometric information, a retina information obtaining device 10 for acquiring retinal information of a living body as biometric information by palpating an ocular fundus.

A processing procedure for the authentication in such a network system is in 2 shown. First, an explanation will be given of the case where a user accesses the information of the network server database 4A with a high degree of security in the network server terminal 4 Being a credential client accesses using the browser 5A one in the user terminal device 5 working application is (SP1). The network server b / w 4C , which is an application that performs access control for the high-security information, must perform user authentication to determine whether the user has an access right (SP10).

That is, the network server b / w 4C in the network server terminal 4 informs the authentication request unit 4B on the necessity of user authentication as well as a client ID (authentication request unit identifier), an application ID (identifier of the network server S / W 4C , which is an authentication-requiring application) and an access data class (secrecy level of the data accessed by the user) (SP11). The authentication request unit 4B transmits the authentication request of the user including the aforementioned information to the authentication server terminal 3 ,

The authentication control unit 3A in the authentication server terminal 3 who has received the authentication request from the user selects an authentication information acquisition S / W 11 from the authentication client ID, the application ID and the access data type (SP20). The authentication information acquisition S / W 11 acquires a predetermined information word. It can acquire several words of credential information. The authentication control unit 3A transmits the selected authentication information acquisition S / W 11 to the network server terminal 4 Being a client of accreditation (SP21).

The authentication request unit 4B in the network server terminal 4 provides the transmitted authentication information acquisition S / W 11 to the network server b / w 4C , instructs them to acquire the credential information from the user. Based on this statement, the Authentication information acquisition S / W 11 from the network server b / w 4C to the user terminal 5 transferred (SP12).

The browser 5A in the user terminal 5 receives the transmitted authentication information acquisition S / W 11 and performs it as an authentication information S / W 5B off (SP2). The authentication information S / W spontaneously acquires a user ID (name, company, membership number, address, affiliation, telephone number, or ID assigned by the system to an individual), biometric information such as fingerprint information, handprint, handwriting Retina, and authentication information that is normally used in a conventional computer system, such as a password, one-time password, etc. In this case, it can work in conjunction with the other S / W like a driver acquiring the credential information. The authentication information acquisition S / W 5B transmits the acquired user ID and authentication information via the browser 5A to the network server terminal 4 ,

The authentication request unit 4B in the network server terminal 4 transmits the user ID and authentication information acquired by the user through the network server S / W 4C to the authentication server terminal 3 (SP13). The authentication control unit 3A in the authentication server terminal 3 performs user authentication using the transmitted user ID and authentication information (SP22). The credential information, such as the transmitted biometric information, becomes against the individual information initially in the credential information database 3B in the authentication server terminal 3 stored, checked. When a decision that a questionable person exists is made as a result of checking all the words of the transmitted authentication information, the result is informed by the network server terminal that a client is the identifier. If at least one of the results of the test is incorrect, a decision that a person in question does not exist is made. This is informed by the network server terminal (SP23).

The authentication request unit 4B in the network server terminal 4 who has received the result of authentication, which is a client of authentication informs the network server b / w 4C about the result of the certification. Based on the result of the authentication, the network server S / W determines 4C the admission or refusal of access to the information with a high degree of security in the network server database 4A for the user (SP14). For example, the process of user access occurs as a representation of the secret information.

In addition, encryption allows between the user terminal 5 (Authentication information acquisition S / W 5B ) and the network server terminal 4 and between the network server terminal 4 and the authentication server terminal 3 (Authentication control unit 3A ) that the credential information is hidden and reduces the risk of one person posing for another. Similarly, encryption between the user terminal also allows 5 (Authentication information acquisition S / W 5B ) and the authentication server terminal 3 (Authentication control unit 3A ), but not between the individual terminals, also, that a risk that a person is out for another, is reduced.

example 1

Referring to the 3 and 4 will be an explanation of a simple example of the database structure and the authentication information acquisition S / W selection processing 5B given. The authentication information database 3B in 3 contains words for the user ID, user level and authentication as information associated with an individual user. The user ID includes a name, company, membership number, address, accessory, telephone number, or any feature assigned by the system to an individual. The user level represents an access level to secret information. The credential information is biometric information such as fingerprint, handprint, handwriting, retina, and credential information such as a password, one-time password, etc.

How out 4 is apparent, the authentication information acquisition S / W pool stores authentication information acquisition S / W 11 for obtaining information about both the fingerprint and the retina; Obtaining fingerprint information from two fingers and obtaining information of both the fingerprint and the retina, etc. The authentication information obtaining S / W pool 3C describes the selectable authentication information retrieval S / W 11 according to secrecy levels and the data class.

By example. is taken in the case in which a user to the information of the network server database 4 the data class 17 An explanation will be given of a mechanism of selecting the authentication information acquisition S / W 11 in the authentication server endge advises 3 given. In this case, the authentication client ID becomes an identifier of the authentication request unit 4B on 15 and the application ID corresponding to the network server S / W identifier 4C will be on 25 set. If the access to the data class 17 is done, informs the network server b / w 4C the authentication request unit 4B about the need for user authentication. The user request unit 4B transmits the authentication request of the user including the above information words about the data class 17 , the authentication client ID of 15 and the application ID of 25 to the authentication server terminal 3 , In response, the authentication server terminal receives 3 the authentication request including these information words.

The authentication control unit 3A in the authentication server terminal 3 notices a selectable candidate for the credentials information retrieval S / W 11 not lower than level 2 based on the database in the authentication information retrieval S / W pool 3C in 4 , and that the data class due to the authentication requirement the level 2 Has.

Example 2

With reference to the 5 and 6 will be an explanation of another embodiment of a part of the authentication information database according to the in 3 shown given. These figures describe the selectable authentication information acquisition S / W 11 for each authentication client ID or application ID. The authentication control unit 3A in the authentication server terminal 3 notices attestation information retrieval S / W candidates 11 which are selectable from the authentication client ID and the application ID. Therefore, on the basis of the data class A, B, C, D, E, F are selected as candidates; on the basis of the authentication client ID, C, D and E are selected as candidates; and on the basis of the application ID, A, D, E, and E are selected as candidates. Finally, either D or E are selected.

The arbitrary or fixed defined by candidates of the selectable authentication information retrieval S / W by the authentication server terminal 3 Selected B / W is selected by normal selection or sequential selection. In this embodiment, the credentials and the authentication information can be flexibly selected according to the environment such as the data class representing access information, the authentication request unit 4B works in a device that is a client of authentication and network server b / w 4C which is a use application. Thus, the identification of an individual and a decision on the presence or absence of the individual's right of access can be made securely according to the environment.

Example 3

An explanation will be given of the case in which a user ID is included in an authentication request, and in FIG 3 in detail as shown in the credentials database 7 shown is set. The processing flow in this embodiment is shown in FIG 8th shown in the same reference numbers refer to equal parts in 2 Respectively. First, the network server terminal acquires 4 a user ID (name, company, membership number, address, accessory, telephone number, or ID assigned by the system to an individual) and requests the authentication request unit 4B to perform authentication of the user with the acquired user ID, client ID (authentication request unit identifier 4B ), Application ID (identifier of network server b / w 4C which is an authentication-requiring application) and the access data class (secrecy level of the data accessed by the user).

In the 7 shown credential information database contains in addition to the in 3 displayed information given to an individual such as a type of user (data manager or general user), a usable authentication client ID, a usable application ID, application control information delivered to an application when a person in question is authenticated, and checking Logs (past credential information retrieval S / W selection state to the prescribed number of credentials and check rates), total number of times of authentication, selection condition, etc.

If the authentication request includes the user ID, the authentication information acquisition S / W is selected according to the selection condition for the user in question. For example, if the user ID is the same 1 and the other conditions are the same as. the previous example (ie, data class = 17 , Authentication client ID = 15 and application ID = 25 ) transmits the authentication request unit 4B the authentication requirement of the user as the above information including the user ID = 1 , Data class = 17 , Authentication client ID = 15 and application ID = 25 to the authentication server terminal 3 ,

The authentication server terminal 3 receives the authentication request including the aforementioned information. As in the above embodiment, on the basis of the data class A, B, C, D. E, F are selected as candidates; based on the authentication client ID, C, D and E are selected as candidates; and on the basis of the application ID, A, D, E and E are selected as candidates. Finally, either D or E are selected. Furthermore, the user ID = 1 , the authentication control unit 3A Carries out the selection in the total number of times of authentication. The selection is made in such a way that the first selection is equal to D, the second is equal to E, the third equals E, the fourth equals E, ... Now, in the total number of times the attestation is the same 20 with the user ID = 1 , this time it is 21 , Therefore, D becomes the authentication information acquisition S / W 11 selected.

Other examples

Furthermore, as in 7 shown in the authentication information database 3B when the authentication client ID and the application ID usable for each user are designated, the access control such as the transmission of the authentication information acquisition S / W 11 to the user only when the designated authentication client ID and the application ID are designated. Now that's because the useable client ID 15 contains and the useable application ID 25 contains, sending the authentication information retrieval S / W 11 authorized.

Authorization or Blocking of Certification Information Acquisition S / W 11 can be based on the in 7 user type shown. How to the user, when a secrecy level for the authentication client and the application is assigned, the authentication server terminal 3 the authentication information acquisition S / W 11 based on the levels of the authentication client, the application, and the access data class. For example, control of the selection of the credential information S / W having the highest level may be performed in three levels or higher.

The processing after sending the authentication information acquisition S / W 11 is different from the above-described example in that only the authentication information is sent because the user ID has been acquired. Furthermore, the network server terminal 4 by using key = 1 , which is the control information supplied to the application when the authentication of the person in question 7 takes place, realize different access control.

In the above example, the total number of times of attestation was given as an example of the check rate in 7 used as the selection condition.

Instead, if the check evaluation is used as the selection condition, then the credential information obtaining S / Wen 11 with the level of 2 or higher, the one with the highest audit score in the past, looked up and selected from the user's audit logs. Now E, which last had the highest test evaluation, is selected.

There is also an example of omitting the authentication credential S / W transmission from the authentication server 3 to the authentication client. That is, when the authentication information acquisition S / W is fixed by the network server terminal that has an authentication client in the case of the above-described network system 1 is, the previously through the network server terminal 4 Acquired attestation acquisition S / W 11 from the authentication server terminal 3 to the network server terminal 4 be transmitted without the transmission of authentication information retrieval S / W.

As described above, when the authentication is performed using the biometric information in the network system 1 the authentication information acquisition S / W that dynamically acquires the information required for the authentication is selected according to the environment (user who has made the access, data class representing access information, authentication request unit 4B stored in the network server terminal 4 which is a client of authentication works, web server b / w 4C which is a utility application, etc.) and authentication history (ie, state at the time of attestation). In this way, the identification of an individual and the decision on the presence or absence of the right of access for the individual can be safely carried out according to the environment.

Embodiment 2

The second embodiment of the present invention is a simplification of the first embodiment. In 9 , in the same reference numbers refer to equal parts in 1 The user terminal acquiring biometric information is the same as the authentication client's terminal. An example of an application requiring authentication is a database call application 5E to perform the database retrieval. The user terminal 5 contains a local database 5C that comes from the database retrieval application 5E is used, an authentication request unit 5D and a computer (personal computer or workstation) in which the database retrieval application 5E and the authentication information acquisition S / W 11 operate. The device 6 for acquiring biometric features is with the user terminal 6 connected and has the same overall configuration as that in the first embodiment. The authentication server terminal 3 has the same overall configuration as that in the first embodiment.

An explanation will be given of the operation of the remote attesting system according to the second embodiment of the present invention. In 10 , in the same reference numbers refer to the same parts in the 2 and 8th Obtain the database retrieval application 5E if they are to the secret information in the local database 5C first accesses (SP5), a user ID (name, company, membership number, address, accessories, telephone number or an ID assigned by the system for an individual) (SP6) and requests the authentication request unit 5D an authentication of the user with the acquired user ID, client ID (identifier of the authentication request unit 5D ), Application ID (identifier of the database retrieval application 5E which is an authentication-requiring application) and the access data class (secrecy level of the data accessed by the user) (SP7).

The authentication server terminal 3 performs the same operation of authentication as in the first embodiment. The authentication request unit 5D of the user terminal 5 , which has received the result of the authentication, informs the database retrieval application 5E about the result of the certification. The database retrieval application 5E decides on the basis of the result of the authentication on the permission or denial of access to the most secret information in the local database 5C by the user (SP8). In this case, for example, the operation for user access such as the display of the secret information is performed. In such a configuration where the user terminal 5 Issues a request for authentication, the same effect as in the first embodiment can be obtained.

Embodiment 3

In 11 , in the same reference numbers refer to the same parts in the 2 and 8th For example, a process (SP2B, SP12A) is proposed in which a user rejects the credential information retrieval S / W when the individual credential information obtained by the credential server 3 transmitted authentication information acquisition S / W 11 are not consistent with a user's intent (SP2B, SP12). The authentication server terminal 3 Having suffered the rejection of the purchase again selects another credential information retrieval S / W (SP20A). However, this is limited to the case where there is another authentication information acquisition S / W that can be selected again, as in connection with 4 is described.

When the biometric features are used as authentication information of an individual, it is necessary for a user to have a particular device 6 rejects biometric features that are contaminated and cause discomfort. In particular, although the biometric features are effective for distinguishing an individual from other individuals, there are problems of privacy and sanitation as described above. For this reason, it is necessary for the user to reject or change the extraction of biometric features. If the safety of the device 6 is not guaranteed to obtain biometric features, the user may intend to specify information other than the biometric features, that is, alternative means such as a one-time password (OTP), even if this is complicated. In such a case, according to the user's intention to refuse or change, the authentication information acquisition S / W which dynamically acquires the information for authentication may be selected to identify an individual and the presence or absence of the individual's access right according to Environment to decide for sure.

Embodiment 4

This embodiment contains as means for obtaining the same effect as in the third embodiment the mechanism of selection of acquired authentication information in the authentication information acquisition S / W even after the first one and second embodiment. at the first embodiment For example, the authentication information S / W itself may have the authentication D both by the fingerprint and the handwriting and the attestation E only by the fingerprint select. In this case, the authentication server transmits the credentials information retrieval b / w required to acquire both from D as well as E is able.

The configuration and the operation procedure in the network system 1 themselves are the same as in the first and second embodiments. The displayed image of the credential information retrieval S / W on the user's side is in 12 shown. The user selects either D or E to acquire credentials and credential information for himself. If he press the selection key 12A or 12B presses, the authentication information acquisition S / W is operated to acquire the actually selected authentication information. The authentication server terminal 3 may determine the type of credential information received and whether authentication may be performed using a set of the received information. Thus, the same effect as in the third embodiment can be obtained.

In the first to fourth embodiments, the authentication information to be acquired has been determined by the authentication S / W. However, instead, the credential information to be acquired can only be displayed on a screen. For example, in the number of times of authentication in the detailed database of the first embodiment, the transmission of the fingerprint information and the handwriting information is displayed on the screen. Thus, the user spontaneously operates the software for acquiring the authentication information in accordance with the displayed content, and transmits the thus acquired authentication information to the authentication server terminal 3 ,

The transfer does not need to be presented concretely, but a previous transmission the credential information can be displayed. In this Case pressed the user spontaneously obtains the software for acquiring the credential information, around all previously noted information words to acquire from a manager according to the memory of the user, and transfers the acquired Authentication information to the authentication server. In this way the same effect as in the first embodiment can be realized. In the above case, the previous transmission of the authentication information, which are not presented concretely become the means of acquisition used the credential information in the manner of a password. Therefore, security can be gained when acquiring the credential information remarkably improved.

In the first to fourth embodiments, authentication of a user's individual has been performed by the network server terminal 4 carried out. However, the present invention is not limited thereto, but can be widely applied to a general control device which requires an individual of a user such as an arrival / departure terminal device connected to a network.

As described above chooses according to the present Invention, when certified using biometric Information performed The authentication server should be able to acquire the device biometric features and credential information according to the acquisition environment for the biometric information freely by the user and acquires it. Thus, a remote attestation system can be used for identification of a user and to decide on the presence or absence of the user The user's access rights are able to be safely realized become.

If the designated authentication information is not satisfactory for the user he can change the authentication information to be acquired and reject their acquisition. Even if the device itself dirty to acquire biometric features is and causes discomfort or the device for acquiring the Biometric information is not reliable, the identification of the User and the decision over the presence or absence of the user's access right by alternative means.

Claims (1)

Remote authentication system with a network ( 2 ) using an authentication server ( 3 ), an authentication client ( 4 ) and a user terminal ( 5 ) for accessing data from the authentication client ( 4 ), in which an authentication of the user to the authentication client ( 4 ), by the user terminal ( 5 ), which system comprises: several types of devices ( 7 - 10 ) for obtaining biomedical features associated with the user terminal ( 5 ) are connected; and a plurality of authentication information retrieval pieces of software stored in the authentication server ( 3 ) are stored according to the user terminal ( 5 ) and / or a user; wherein, according to the operation, a prescribed credential acquisition software corresponding to the user terminal ( 5 ) used by the authentication server ( 3 ) is downloaded at the authentication, biometric information obtained from one or more types of biometric acquisition devices, and / or input user discrimination information is used, characterized in that the biometric information and / or user distinction information in Depending on the secrecy level of the data to be accessed.