JP2003248662A - Personal authentication method and system, and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a personal authentication method that can improve safety in identifying a person by human biometric information such as fingerprint information and authenticating a user. <P>SOLUTION: The personal authentication method, which identifies a person by fingerprint information and authenticates a user, includes a step of registering fingerprint information on a plurality of fingers about one user, a step of specifying an authentication finger, whose fingerprint is to be sampled for authentication, from among the registered fingers, and a step of, when receiving fingerprint information from a user terminal, collating it with the registered fingerprint information and determining whether the user is a valid user or not from the collation result, in an authentication server. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a personal authentication method and system for identifying an individual by utilizing biometric information of a person such as a fingerprint, and a computer program for realizing the personal authentication system by using a computer. Regarding

[0002]

2. Description of the Related Art Conventionally, a personal authentication system for identifying an individual by using a fingerprint has been realized. In this system,
Usually, the fingerprint information of the user's right index finger is registered in advance, the fingerprint of the user is read at the time of authentication and the registered information is collated, and if they match, it is determined that the user is a valid user. According to this fingerprint personal identification system,
As in the case of authenticating with an ID and password, it is difficult to obtain the ID and password of another person and impersonate the person to be authenticated, so it is possible to more reliably determine whether or not the user is a valid user. It is possible.

[0003]

However, in the above-described conventional personal authentication system, since the individual is identified only by the fingerprint information of one specific finger, assuming a situation in which the fingerprint is forged to impersonate the person. However, there is a problem that it is easy to be illegally authenticated. For example, if fingerprint information is acquired by oil attached to a fingerprint reading device and one fingerprint for authentication is forged with resin or the like, authentication for illegal purposes can be easily performed.

The same problem may occur also in the case of a personal authentication system using biometric information (iris, voiceprint, etc.) of a person other than the fingerprint.

Another problem is that if the registered finger is injured, the authentication cannot be received.

The present invention has been made in view of the above circumstances, and its purpose is to identify an individual by using biometric information of a person such as fingerprint information and authenticate the legitimacy of the user. An object of the present invention is to provide a personal authentication method and system that can improve the security of the system.

It is another object of the present invention to provide a personal authentication method and a system thereof, which allows a user to appropriately specify a finger to be used for authentication when the finger is injured.

Another object of the present invention is to provide a computer program for realizing the personal identification system by using a computer.

[0009]

In order to solve the above problems, the personal authentication method of the present invention is a personal authentication method for identifying an individual by using fingerprint information and authenticating the user's legitimacy. , The registration process of registering fingerprint information of multiple fingers for one user, the process of designating the authentication finger for fingerprint acquisition from the registered fingers, and the process of designating from the user's terminal. When the fingerprint information is received, it is collated with the registered fingerprint information, and based on the collation result, a determination process for determining whether or not the user is an authorized user is included.

In the personal authentication method of the present invention,
In the specifying step, a plurality of the authentication fingers are specified. Further, in the personal authentication method of the present invention, it is preferable that the order of fingerprint acquisition of the plurality of authentication fingers is specified in the specifying step.

In the personal authentication method of the present invention,
In the designation step, the designation of the authentication finger or the fingerprint acquisition order is performed based on the user's authentication level. Also, in the personal authentication method of the present invention, when the designation of the authentication finger or the designation of the fingerprint collection order is received from the terminal of the user, the determination step is performed based on the designation received from the terminal. It is characterized in that the legitimacy of the user is judged by comparing with the registered fingerprint information.

Further, in the personal authentication method of the present invention,
In the specifying process, it is preferable that a finger other than the authentication finger specified by the user is further specified as the authentication finger.

The personal authentication method of the present invention is a personal authentication method for identifying an individual by utilizing the ecological information of the person and authenticating the legitimacy of the user. The process of registering, the process of specifying a plurality of types for authentication from the registered types of ecological information, and the process of receiving a plurality of biometric information from the user's terminal and collating with the registered ecological information However, it is characterized by including a process of determining that the user is a legitimate user when all the collation results match.

The personal authentication system of the present invention is a personal authentication system that identifies an individual by using fingerprint information and authenticates the legitimacy of the user. Fingerprint information of a plurality of fingers is registered for one user. Registration information storing means, an authentication finger designating means for designating an authentication finger for fingerprint acquisition for authentication from among the registered fingers, and receiving the fingerprint information from the user terminal, the registered information is stored. It is characterized by comprising an authentication means for collating with fingerprint information and judging whether or not the user is a legitimate user based on the collation result.

The computer program of the present invention is a computer program for performing an authentication process for identifying an individual by using fingerprint information and authenticating the legitimacy of the user. The process of registering fingerprint information, the process of designating an authentication finger from the registered fingers for collecting fingerprints for authentication, and the fingerprint information received from the user's terminal, the registered fingerprint information and It is characterized by causing a computer to execute a process of collating and determining whether or not the user is a legitimate user based on the collation result. As a result, the personal authentication system described above can be realized using a computer.

[0016]

DETAILED DESCRIPTION OF THE INVENTION An embodiment of the present invention will be described below with reference to the drawings. In the present embodiment, as a specific example of the personal authentication system, a user (patient, patient's family, etc.) accesses medical information (such as patient diagnosis information and medication information) managed by a medical institution such as a hospital. , A system for performing authentication when receiving relevant medical information will be described.

FIG. 1 is a block diagram showing the configuration of a personal authentication system according to an embodiment of the present invention. In the medical institution of FIG. 1, reference numeral 1 is an authentication server (authentication device) for identifying an individual by using fingerprint information and authenticating the legitimacy of the user. Reference numeral 2 is a fingerprint collection device that reads a fingerprint and outputs fingerprint data. The fingerprint collection device 2 is connected to the authentication server 1. Reference numeral 3 is a database (registered information storage means) for registering the fingerprint information of the user.
This database 3 is connected to the authentication server 1,
It is accessible from the authentication server 1.

Reference numeral 4 is a medical information management server for managing medical information. Reference numeral 5 is a database for registering medical information. This database 5 is the medical information management server 4
And is accessible from the medical information management server 4.

The authentication server 1 and the medical information management server 4
Are connected by a LAN (local area network) 6 capable of data communication, and are mutually accessible. In addition, the servers 1 and 4 accept connections from terminals permitted to access (for example, the server 1 is an administrator terminal and the server 4 is a doctor terminal) among the terminals connected to the LAN 6.

The authentication server 1 is the communication network 1
It is connected to 0. The communication network 10 is a network capable of data communication, and a telephone line network, a dedicated line network, a computer network called the Internet, or the like can be used.

It should be noted that an input device, a display device, etc. (neither shown) are connected to the servers 1 and 4 as peripheral devices. Here, the input device refers to an input device such as a keyboard and a mouse. What is a display device? CR
Refers to T (Cathode Ray Tube) and liquid crystal display devices. Further, the peripheral devices may be directly connected to the servers 1 and 4, or may be connected via the LAN 6.

The databases 3 and 5 are provided in another device (database server) not shown, and the servers 1 and
4 may access the databases 3 and 5 by communication. Especially for database 3,
Since fingerprint information irrelevant to medical practice is stored, the user may be provided with a reliable third-party institution to access it by communication.

In FIG. 1, user A has a mobile terminal 7. The mobile terminal 7 is equipped with a fingerprint collection device 8. The fingerprint collection device 8 reads a fingerprint and outputs fingerprint data. The mobile terminal 7 can be wirelessly connected to the communication network 10. Then, the mobile terminal 7 can access the authentication server 1 via the communication network 10 to perform data communication. Further, after passing the authentication by the authentication server 1, the medical information management server 4 can be accessed.

User B has a terminal 9 (PC; personal computer). The fingerprint collection device 2 is connected to the terminal 9. The terminal 9 is a wired communication network 1
Can be connected to 0. Then, like the mobile terminal 7, the data communication can be performed by accessing the authentication server 1 via the communication network 10. Further, after passing the authentication by the authentication server 1, the medical information management server 4 can be accessed.

The fingerprint collecting device 2 and the fingerprint collecting device 8 may be of a contact type in which a fingerprint is read from a finger in contact with the fingerprint reading section, or a non-contact type in which a fingerprint is read from a finger without contact. May be.

FIG. 2 is a block diagram showing the configuration of the authentication server 1 shown in FIG. In FIG. 2, the authentication server 1 includes a processing unit 21, a storage unit 22, a communication unit 23, a fingerprint reading interface 24, and a database interface 25.

The processing unit 21 collates the fingerprint data collected from the user for authentication with the registered fingerprint data, and performs an authentication process for authenticating the user's legitimacy based on the collation result. In addition, in this authentication process, a finger for authentication and a fingerprint acquisition order for a plurality of fingers for authentication are also specified. Also,
A process of registering the fingerprint information of the user in the database 3 is performed. The storage unit 22 is accessed by the processing unit 21 and stores various data.

The communication unit 23 is connected to the LAN 6 and is connected to the LA
Data communication is performed with the terminal connected to the medical information server 4 and the LAN 6 via N6. Also, the communication network 1
0, and performs data communication with the terminals 7 and 9 of the user via the communication network 10.

The fingerprint reading interface 24 is connected to the fingerprint collecting device 2 and receives the fingerprint data read by the fingerprint collecting device 2. Database interface 25
Is connected to the database 3 and writes or reads data with the database 3.

FIG. 3 is a diagram showing an example of the structure of data stored in the database 3. As shown in FIG. 3, the database 3 stores the authentication level and a plurality of pieces of fingerprint information for each user ID for identifying the user. The authentication level indicates the authentication importance of the user, and in the example of FIG.
Up to 5, with 5 being the most important and 1 being the least important. The authentication level is predetermined for each user based on the degree of importance of the medical information to be provided. The fingerprint information is composed of the type of finger that took the fingerprint and fingerprint data.

Note that the names of the finger types in FIG. 3 are commonly used as names (thumb, index finger, middle finger, ring finger, little finger), but the names are not limited thereto. However,
It is often easier to understand this common name when designating the finger for fingerprint acquisition to the user.
It is preferable to use a common name as the name of the finger type.

FIGS. 4 to 7 are first to fourth sequence diagrams showing the flow of processing performed by the personal authentication system shown in FIG. 4 to 7 correspond to the first to fourth embodiments, respectively. The operation of the present embodiment shown in FIGS. 1 and 2 in each example will be sequentially described below with reference to the sequence diagrams shown in FIGS. 4 to 7. In addition, in the following description, the authentication when the user A uses the mobile terminal 7 to obtain the medical information will be described, but the same applies when the user B uses the terminal 9 to obtain the medical information. Is.

First, in the first to fourth embodiments, the user A registers a plurality of his / her fingerprints in advance in the medical institution. At the time of this registration, a plurality of fingerprints of the user are read by the fingerprint collecting device 2 of the medical institution, and the fingerprint data read by the authentication server 1 is registered in the database 3.

First, the first embodiment will be described. In FIG. 4, the user A uses the mobile terminal 7 to access the medical information management server 4 when he or she wants to obtain diagnostic information, medication information, etc. of himself or his family. When the authentication server 1 receives this access request (step S1), it sends an authentication acceptance request to the mobile terminal 7 in order to confirm with the user whether or not fingerprint authentication may be performed (step S2). In addition,
The medical information management server 4 may receive the access request from the mobile terminal 7 and request the authentication server 1 to authenticate the user A.

Next, the user A approves the authentication by the fingerprint and returns a reply of the approval. When this approval response is received (step S3), the authentication server 1 accesses the database 3 and refers to the authentication level of the user A. In accordance with this authentication level, the authentication server 1 randomly selects one or more fingers (authentication fingers) for collecting fingerprints for authentication from the registered fingerprint information of the user A. The higher the authentication level, the more fingers are selected. Also, the order of fingerprint acquisition of the plurality of authentication fingers is determined according to the authentication level. For example, when the authentication level is low (for example, levels 1 to 3), the registration order is followed (for example, the finger of the first fingerprint information in FIG. 3 is the first finger, the finger of the second fingerprint information is the second, and so on). To decide. On the other hand, when the authentication level is high (for example, levels 4 and 5), the order is randomly determined.

Next, the authentication server 1 transmits the designation of the first authentication finger to the portable terminal 7 according to the determined order (step S4). User A causes the fingerprint collection device 8 to read the designated finger and transmits the first fingerprint data to the authentication server 1 using the mobile terminal 7 (step S).
5). When the first fingerprint data is received, the authentication server 1 collates the corresponding fingerprint data in the database 3 and holds the collation result.

Thereafter, steps S4 and S5 are similarly repeated, and each time the authentication server 1 acquires the fingerprint data of the authentication finger, it verifies the fingerprint data in the database 3 and holds the verification result. Next, when the verification of all the authentication fingers is completed, the authentication server 1 determines that the user is a valid user when the verification results of all the authentication fingers are the same, and passes the authentication. Is transmitted to the mobile terminal 7 (step S6). In addition, the medical information management server 4 is notified of the authentication success of the user A. Accordingly, the user A can access the medical information management server 4 using the mobile terminal 7 and acquire the relevant medical information.

The authentication server 1 deletes all the fingerprint data received from the portable terminal 7 after the completion of the user A authentication process. As a result, the fingerprint data is transferred to the authentication server 1
It is possible to prevent them from remaining inside and being abused.

Further, the authentication server 1 may notify the portable terminal 7 and the medical information management server 4 of the authentication failure when any of the authentication fingers fails in the collation. As a result, the communication time per user and the amount of authentication processing can be reduced, and the authentication processing can be performed efficiently.

The portable terminal 7 may be instructed to collect the fingerprint of the authentication finger for which the collation does not match and transmit the fingerprint data again. As a result, it is possible to deal with collation mismatch due to a failure such as a failure in reading a fingerprint or a failure in communication.

Next, a second embodiment will be described. In the second embodiment, as shown in FIG. 5, when the authentication server 1 specifies a plurality of authentication fingers, a plurality of authentication fingers and their fingerprint collection order are collectively specified for the mobile terminal 7. Yes (step S11). Next, the user A sequentially collects fingerprints according to the fingerprint acquisition order and transmits the fingerprint data to the authentication server 1 by the mobile terminal 7. The authentication server 1 collates the fingerprint data of the authentication finger with the corresponding fingerprint data of the database 3 each time the fingerprint data is acquired.

Next, a third embodiment will be described. In the third embodiment, as shown in FIG. 6, the user A designates the authentication finger, and the portable terminal 7 notifies the authentication server 1 (step S21). The designated authentication finger may be one or more. In addition, when a plurality of fingerprints are designated, the order of fingerprint collection may be designated. Next, the user A collects the fingerprint of the designated authentication finger and transmits the fingerprint data to the authentication server 1 using the mobile terminal 7. The authentication server 1
When the fingerprint data of the authentication finger is acquired, it is collated with the corresponding fingerprint data in the database 3 according to the contents specified by the user A.

Next, a fourth embodiment will be described. In the fourth embodiment, the user specifies the authentication finger as in the third embodiment. However, in addition to the authentication finger already specified on the user side, fingers other than the authentication finger are further specified by the authentication server 1 as authentication fingers. In step S22 of FIG. 7, the authentication server 1 selects, as the authentication finger, a finger different from the authentication finger having the designated content received in step S21 among the fingerprint information of the user A of the database 3 and selects the portable terminal 7 Notify to. The user A collects the fingerprint of this authentication finger and transmits the fingerprint data to the authentication server 1 using the mobile terminal 7. Upon receiving the fingerprint data, the authentication server 1 collates the fingerprint data with the corresponding fingerprint data in the database 3, and determines the validity of the user based on the collation result and the collation result of the authentication finger designated by the user.

It should be noted that which authentication method of the first to fourth embodiments is to be used can be set for each user or for all users.

The portable terminal of the above-described embodiment may be a portable telephone or a PDA (Personal Digital Assista).
nts: Personal information devices) such as portable terminals can be used. Further, in the case of the PDA, the communication means may be built in or the communication means may be connected from the outside.

Further, in the above-described embodiment, the user's terminal and the authentication server (authentication device) are connected by a communication line to perform data communication, but the authentication device and the user's terminal are wirelessly or wirelessly connected. Data may be transmitted by directly connecting by wire.

Further, although the above-described embodiment is applied to the system for providing the medical information to the user, it may be applied to a system for authenticating at the time of settlement such as an online banking system and an electronic commerce system, and other authentication systems. It is applicable as well.

The authentication server (authentication device) shown in FIG.
The authentication process may be performed by recording a program for realizing each process performed by the computer in a computer-readable recording medium, reading the program recorded in the recording medium into a computer system, and executing the program. The "computer system" may include an OS and hardware such as peripheral devices.
In addition, the “computer system” includes a homepage providing environment (or display environment) if a WWW system is used. Further, the “computer-readable recording medium” refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, a CD-ROM, or a storage device such as a hard disk built in a computer system.

Further, the "computer-readable recording medium" means a volatile memory (RAM) inside a computer system which serves as a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. ), Which holds the program for a certain period of time. The program may be transmitted from a computer system that stores the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the "transmission medium" for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. Further, the program may be a program for realizing some of the functions described above. Further, it may be a so-called difference file (difference program) that can realize the above-mentioned functions in combination with a program already recorded in the computer system.

Next, an individual authentication method for identifying an individual by using a plurality of types of ecological information and authenticating the legitimacy of the user will be described. In the above-described embodiment, fingerprint information is used among human ecological information, but iris, voiceprint, DNA, and the like can be used as ecological information. For example, a fingerprint and a voice print are respectively registered, and the fingerprint information and the voice print information collected from the user at the time of authentication are compared with the respective registered information, and when both match, it is determined that the user is a valid user. By doing so, it is difficult to forge all of the plurality of types of ecological information, and therefore, it is possible to obtain a significantly excellent effect in preventing authentication for fraudulent purposes.

Although the embodiment of the present invention has been described in detail above with reference to the drawings, the specific configuration is not limited to this embodiment, and design changes and the like within the scope not departing from the gist of the present invention. included.

[0052]

As described above, according to the present invention,
The fingerprint information of multiple fingers is registered for one user, and the authentication finger for fingerprint acquisition is specified from among the registered fingers, so the finger used for authentication can be changed appropriately. be able to. As a result, there is an effect that it is possible to improve the safety in identifying an individual by using the fingerprint information and authenticating the legitimacy of the user.

Furthermore, if a plurality of fingers are used for authentication, it is difficult to perform authentication for fraudulent purposes by forging fingerprints.
Further, the safety is improved. Further, by designating the fingerprint acquisition order of the plurality of authentication fingers, it is possible to obtain the effect of further preventing unauthorized authentication.

If the authentication device specifies the authentication finger or the fingerprint acquisition order based on the authentication level of the user, it is possible to effectively prevent unauthorized authentication.

Further, when the designation of the finger for authentication or the designation of the order of fingerprint collection is received from the user's terminal, it is compared with the registered fingerprint information based on the designation received from the terminal, and the use If the user's legitimacy is determined, the user can specify the authentication finger or the fingerprint collection order. This allows the user to appropriately select the finger to be used for authentication and the fingerprint collection order, and thus has the effect of allowing the user to appropriately specify the finger to be used for authentication when the finger is injured. can get. Further, when the user specifies the authentication finger, if the finger other than the specified authentication finger is further specified as the authentication finger, the effect of preventing the user from being fraudulent can be obtained.

According to the present invention, a plurality of types of ecological information are registered for one user, a plurality of types for authentication are designated from among the registered types of ecological information, and the user's terminal is designated. Since the user is judged to be a legitimate user when all the collation results of the plurality of biological information received from the registered biological information match, the fingerprint, iris,
It is possible to improve the safety in identifying the individual by using the ecological information of the person such as a voiceprint and authenticating the legitimacy of the user. In particular, because it is difficult to forge all of a plurality of types of ecological information, it is possible to obtain a remarkably excellent effect in preventing authentication for fraudulent purposes.

[Brief description of drawings]

FIG. 1 is a block diagram showing the configuration of a personal authentication system according to an embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration of an authentication server 1 shown in FIG.

FIG. 3 is a diagram showing a configuration example of data stored in a database 3 shown in FIG.

FIG. 4 is a first sequence diagram showing a flow of processing performed by the personal identification system shown in FIG.

5 is a second sequence diagram showing a flow of processing performed by the personal identification system shown in FIG. 1. FIG.

FIG. 6 is a third sequence diagram showing a flow of processing performed by the personal identification system shown in FIG.

FIG. 7 is a fourth sequence diagram showing a flow of processing performed by the personal identification system shown in FIG.

[Explanation of symbols]

1 ... Authentication server, 2 ... Fingerprint collection device, 3, 5 ... Database, 4 ... Medical information management server, 6 ... LAN, 7 ... Mobile terminal, 8 ... Fingerprint collection device, 9 ... Terminal, 10 ... Communication network, 21 ... Processing unit, 22 ... Storage unit, 23 ... Communication unit, 24 ... Fingerprint reading interface, 25 ... Database interface

Claims (9)

[Claims] 1. A personal authentication method for identifying an individual by using fingerprint information and authenticating a user's legitimacy, wherein a registration process of registering fingerprint information of a plurality of fingers for one user, From the registered finger, the process of specifying the authentication finger for fingerprint acquisition for authentication, and when the fingerprint information is received from the user's terminal, it is collated with the registered fingerprint information and based on this collation result. And a determination process for determining whether or not the user is a legitimate user. 2. The personal authentication method according to claim 1, wherein a plurality of the authentication fingers are specified in the specifying step. 3. The personal authentication method according to claim 2, wherein in the specifying step, a fingerprint collection order of the plurality of authentication fingers is specified. 4. The method according to claim 1, wherein in the designation step, the designation of the authentication finger or the fingerprint acquisition order is performed based on a user authentication level. Personal authentication method described in section. 5. When the designation of the authentication finger or the designation of the fingerprint collection order is received from the user's terminal, the registered fingerprint information based on the designation received from the terminal in the determination step. The personal authentication method according to any one of claims 1 to 3, characterized in that the validity of the user is determined. 6. The personal authentication method according to claim 5, wherein in the specifying step, a finger other than the authentication finger already specified by the user is further specified as an authentication finger. 7. An individual is identified by using the ecological information of the person,
A personal authentication method that authenticates the legitimacy of a user, and a process of registering multiple types of biometric information for one user, and selecting multiple types for authentication from the registered types of biometric information. When multiple biometric information is received from the process of specifying and from the user's terminal, it is collated with the registered biometric information, and if all the collation results match, it is determined that the user is a valid user. A personal authentication method comprising: 8. A personal authentication system for identifying an individual by using fingerprint information and authenticating the legitimacy of the user, and a registration information storage means for registering fingerprint information of a plurality of fingers for one user. From the registered fingers, an authentication finger designating unit for designating an authentication finger for collecting a fingerprint for authentication, and when fingerprint information is received from the user's terminal, collates with the registered fingerprint information, An individual authentication system comprising: an authentication unit that determines whether or not the user is a legitimate user based on the collation result. 9. A computer program for performing an authentication process for identifying an individual by using fingerprint information and authenticating a user's legitimacy, wherein fingerprint information of a plurality of fingers is registered for one user. Processing, processing of designating an authentication finger for fingerprint acquisition for authentication from among the registered fingers, and when fingerprint information is received from the user's terminal, the fingerprint information is collated with the registered fingerprint information and the collation is performed. A computer program characterized by causing a computer to execute a process of determining whether or not the user is a legitimate user based on the result, and.