JP2005227934A - Security level setting method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable authentication having excellent convenience and excellent safety. <P>SOLUTION: The level of an authentication means for permitting access to security objects T1, T2, T3 is determined. This security level setting method is characterized by selecting the authentication means used in authentication relative to each object T1, T2, T3 according to the level. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a security level setting method capable of performing reliable identity verification corresponding to a security target.

Security targets include physical objects such as homes and other buildings, rooms, safes, and electronic objects such as files and other information. Hereinafter, this is called a security target.
On the other hand, as security means, there are various means for identity verification such as a password, a card, or biometrics. Hereinafter, this is called identity verification means.

  Conventionally, as a security method, the entire security target is handled as one body, and any one of the personal identification means (including a combined means such as a combination of a card and a password) is used.

  Here, although the figure is an explanatory view according to the present invention, it is used for explaining the prior art. Then, for example, in the case of a personal computer or the like, access to personal information in FIG. 2 is generally permitted by a password. Once access was permitted, the individual name and address, personal hobby and income information contained in the personal information could be freely referred to.

  In addition, the building in FIG. 6 was permitted to enter and exit at the door 65 of the lobby 61 by, for example, biometrics using an iris or a fingerprint. The entrance / exit of each room was permitted by performing the same biometric authentication at the doors 66, 67, 68 of each room.

"Oki Technical Review 195 Advanced Business Feature" Oki Electric Industry Co., Ltd. 2003

However, the above-described conventional security method has the following problems.
That is, looking at the example of the personal information file in FIG. 2, information such as personal income and bank balance among each information must not be leaked to anyone other than the person. In other words, there is a request to increase the certainty of identity verification when referring to information. On the other hand, with respect to personal hobbies, etc., there is no request to confirm the identity of the person. Thus, the certainty of identity verification (hereinafter referred to as security level) varies depending on each information.

Further, even in the physical security object of FIG. 6, a high security level is required for the safe room 64, but a much higher security level is not required for the meeting room 62.
Despite the situation as described above, the security level of the security target was constant. This has caused the following problems.

  When the security level was set low, the request was not satisfied for the security target that requires a high security level. For example, the file shown in FIG. 2 gives the system user anxiety that personal income and the amount of assets are known to a third party. Also in the building of FIG. 6, the suspicious person entered the safe room 64. In other words, there is a variation in safety, that is, safety is sufficient for a certain part, but safety is insufficient for another part.

  On the other hand, if the security level is set high in order to solve such a safety problem, there arises a problem for the convenience of the user. For example, even if it is desired to examine personal hobbies using the personal information file shown in FIG. 2, an advanced and complicated authentication procedure has to be taken. In addition, even when entering the meeting room of the building 62 in FIG. 6, high-level authentication such as biometrics has to be obtained at the door 65 of the lobby 61 and the door 66 of the meeting room 62. Therefore, inconvenience for the user occurred.

  The main feature of the present invention is that management information for setting and managing a security level for each security target is provided.

  Since the security level setting method of the present invention sets an appropriate security level for each individual security object, there is an advantage that safety is not impaired and convenience can be improved.

  The purpose of setting the security level was realized by the security system of file management and room entry / exit management.

FIG. 1 is a block conceptual diagram showing the main part of a personal authentication device according to the present invention.
In carrying out the method of the present invention, as shown in the figure, a personal authentication provided with a password input unit 1, a card input unit 2, a face image input unit 3, a voice input unit 4, a fingerprint image input unit 5, and an iris image input unit 6 Device 7 is used.

The password input unit 1 includes a keyboard or the like, and inputs a number string or character string stored by the user.
The card input unit 2 is composed of a card reader or the like, and inputs data recorded on a magnetic card or IC card possessed by the user.

The face image input unit 3 includes a camera such as a digital camera and inputs a user's face image.
The voice input unit 4 includes a microphone or the like and inputs a user's voice.
The fingerprint image input unit 5 includes a camera, an image reader, and the like, and inputs a fingerprint image of the user's hand.

  The iris image input unit 6 includes a camera such as a digital camera, and inputs an image of the user's face.

FIG. 2 is an explanatory diagram showing a configuration example of information security targets.
The illustrated information includes an explanatory note 21, a hobby / education 22, an individual name 23, and an annual income 24. The explanatory text 21 is an explanatory text of the file and is not a security target. Hobbies / education 22, personal name 23, and annual income 24 are information about an individual and are subject to security. These are managed by the management information shown in FIG.

FIG. 3 is an explanatory diagram illustrating management information according to the first embodiment.
The hobbies / education 22, personal name 23, and annual income 24 in FIG. 2 are managed as security objects L1, L2, and L3 in FIG.

  The security target L1 is managed by the management information 31 for the security target L1. The security target L1 management information 31 includes classification information, a name, and a security level. The classification information is a security target classification name, and is information in the example of FIG. The name is a name given to the information. In the example of FIG. 3, the name is a hobby or educational background. The security level is set every time information is read, updated, or deleted. In the example of FIG. 3, “1” for reading, “5” for updating, and “8” for deleting.

  The security target L2 is managed by the management information 32 for the security target L2. This is the same configuration as the management information 31 for the security target L1. In this case, in the example of FIG. 3, the classification information is information, and the name is a hobby / educational history. The security level is “3” for reading, “9” for updating, and “8” for deleting.

  The security target L3 is managed by the security target L3 management information 33. This is the same configuration as the security target L1 management information 31, 32. In this case, in the example of FIG. 3, the classification information is information, and the name is annual income. The security level is “10” for reading, “10” for updating, and “10” for deleting.

FIG. 4 is an explanatory diagram showing a correspondence table between authentication methods and security levels.
In FIG. 4, the security level for the authentication method is evaluated by the accuracy of the authentication method. Specifically, it is as follows.

  The password is “1”. In other words, the security level “1” can be authenticated by password authentication. The card is “2”. That is, the authentication of security level “2” can be performed by card authentication. There are two types of cards: contact type and non-contact type. Face recognition is “3” or “4”. That is, authentication with security level “3” or “4” can be performed by authentication of face recognition. Voiceprint recognition is “5”. That is, security level “5” authentication can be performed by voiceprint recognition authentication. Fingerprint recognition is “6” or “7”. That is, security level “6” or “7” authentication can be performed by fingerprint recognition authentication. The iris recognition is “10”. That is, the security level “10” can be authenticated by the iris recognition authentication.

FIG. 5 is an explanatory diagram illustrating a system configuration example according to the first embodiment.
In FIG. 5, the authentication server 8 and the terminals 71 and 72 are connected via a network. The authentication server 8 has a database 9 used for authentication. The contents 10 of the database 9 store authentication data corresponding to user names, passwords, and other authentication methods (iris authentication, fingerprint authentication, voiceprint authentication, face authentication, etc.).

  The server 8 stores management information shown in FIG. In this way, a function for confirming that a required security level is satisfied is realized when a file to be secured is opened and each information is accessed.

Next, the operation of the system described above will be described.
As a premise, authentication data of each user is registered in the authentication database 9 of the authentication server 8 in advance. In addition, management information similar to that shown in FIG. Specifically, a method of generating from a catalog value set in the personal authentication device, a method of actually measuring the accuracy of each authentication unit, and the like can be considered.

  Next, it is assumed that the user opens the corresponding file and tries to access each piece of information subject to security. Then, the application corresponding to the file accesses the management information. Then, the presence of security target information is detected.

  Next, the application reads a security level necessary for accessing information on each security target for the user. At the same time, the user authentication result is received. Then, appropriate processing is performed. For example, the following procedure is performed.

(1) The application displays the minimum authentication method necessary for reading, updating, and deletion to the user through the displays of the terminals 71 and 72.

(2) The user selects a predetermined method from a plurality of authentication methods with reference to the display content of (1).
(3) The application receives the authentication result. As a result, when authentication that permits reading is not obtained, a message to that effect is displayed. When a part of the plurality of information can be read and the other part cannot be permitted, only the information that can be permitted is displayed on the display, and the information that cannot be permitted is not displayed. At this time, since the authentication cannot be obtained, a message indicating that the permission has not been given is displayed.

(4) After displaying the information, if the user tries to update the information, the application checks whether the user satisfies the security level for the update. If the required security level is satisfied, it is updated as it is.

(5) If the authentication performed by the user does not reach the security level for updating the corresponding information, the user is encouraged to perform sufficient authentication again. For example, as shown in FIG. 3, the security level required for updating the information about hobbies and educational backgrounds is “9”. Therefore, as is apparent from FIG. 4, when an authentication method other than iris recognition is used, this security level cannot be reached. In such a case, for example, “Iris authentication is required to update this data” is displayed.

(6) On the other hand, if the authentication is successful with the authentication method used by the user, the update request is accepted and the writing process is executed.

  In addition, when the file is closed and then reopened for reading or updating, either of the two methods of requesting the same user to authenticate again or not. It may be used.

  As described above, according to the first embodiment, the security level required for actions such as browsing, updating, and deleting each information in the file is set in advance, and each time these actions occur. , Verify your identity. As a result, application operations such as browsing, updating, and deletion are performed. As a result, individual information can be protected by an appropriate authentication method.

FIG. 6 is an explanatory diagram showing a configuration example of a physical security target. (Example 2)
The object shown is a building consisting of three rooms. This building has a lobby 61 and includes a meeting room 62, an electronic computer room 63, and a safe room 64. The lobby 61 has a door 65, and a person who wants to enter a building must be authenticated by an authentication device provided in the vicinity of the door 65. Further, there are authentication devices in the vicinity of doors 66, 67, 68 of the entrance / exit of the meeting room 62, the computer room 63, and the safe room 64, respectively, so as to be authenticated.

FIG. 7 is an explanatory diagram showing management information in the second embodiment.
In the example of FIG. 7, the length of time that the user can enter the room is defined according to the security level of each room. In the case of the responsible person class, unlimited stay time is allowed, but for example, when entering the room for the purpose of cleaning, it is assumed that only about 10 minutes are allowed.
In such a setting, when the time limit is exceeded, for example, a report is sent to a security department in the building of FIG. 6 or a security company. By constructing such a system, fine security settings can be made for each room.

FIG. 8 is an explanatory diagram illustrating a system configuration example according to the second embodiment.
In FIG. 8, personal authentication devices 11, 12, 13, and 14 are connected to an authentication server 15 via a network. The authentication server 15 has a database 16 used for authentication. The contents 17 of the database 16 store authentication data corresponding to user names, passwords, and other authentication methods (iris authentication, fingerprint authentication, voiceprint authentication, face authentication, etc.).

  The authentication server 15 stores management information shown in FIG. In this way, a function for confirming that the required security level is satisfied when the doors 65, 66, 67, 68 of the buildings or rooms to be opened are opened to enter the rooms is realized. .

Next, the operation of the system described above will be described.
As a premise, authentication data of each user is registered in the authentication database 16 of the authentication server 15 in advance. Also, management information similar to that shown in FIG. 7 is generated for a building having each room to be secured. For example, the procedure is as follows.

(1) The user goes in front of the door of the security target room and performs authentication for entering the room.
(2) The system accesses the management information in FIG. 7 and determines the user's leaving time. Next, the application notifies the user of the leaving time by voice or a screen. At the same time, unlock the door.

(3) The user confirms the leaving time and enters the room as it is if there is no problem. If there is a problem, authentication is performed again using an authentication method having a higher security level provided near the door.

(4) The system sets the leaving time again, and notifies the user of the leaving time using voice or a screen. The door key is left as it is if it was opened by the previous authentication. If it is closed, unlock it again.
(5) If there is no problem with the exit time, the user enters the room.

(6) When the time set at the time of entering the room approaches, the system may prompt the user to leave the room by voice or voice.
(7) Prior to leaving the room, the user performs authentication for leaving the room. There are two types of authentication for leaving the room: a method using the same authentication means as the authentication for entering the room, and a method using a different authentication method.

(8) If you do not leave the room even if you leave the room, you will be immediately notified that a security violation has occurred by sending a report to the building security officer or security company.

  As described above, according to the second embodiment, by setting the length of time that the user can stay in the room according to the certainty of the identity verification means, the value of goods and the like existing in the physical room to be secured is set. It can be expected that the security against this will be improved.

  Next, the third embodiment targets information security and is similar to the first embodiment. However, in the first embodiment, the administrator generates a correspondence table between the identity verification means and the security level. In contrast, the third embodiment is characterized in that the accuracy is automatically evaluated by measuring the accuracy of biometrics in the system.

In the third embodiment, the system configuration is the same as the configuration shown in FIG. Therefore, the overlapping description is omitted.
Therefore, in the following, a processing procedure that is a feature of the third embodiment will be described with reference to FIG.

FIG. 9 is a process flowchart according to the third embodiment.
When biometric technology is used, accuracy tends to improve as technology advances. When the authentication system is one-to-one verification, the user inputs a user ID (step S1). One-to-one matching is performed using this user ID information and user biometric information (step S2). The collation result is determined (step S3), and if it is coincidence (OK), a one-to-N collation is performed with all or a part of the extracted database registered in the system, and there is a collation OK. The number of cases that have become M is assumed to be M (step S5). In this way, the accuracy P = N / M of the corresponding biometric technology can be calculated from the number N to be collated at the time of 1-to-N collation and the number M from which the collation result is OK (step S6). ).

On the other hand, when the one-to-one matching fails, such accuracy information is not aggregated (step S7).
With the above procedure, accuracy information P is calculated for each biometric technology every time one-to-one verification occurs, and the average value is obtained while holding this P value for a certain period of time. Can be calculated.

  Such calculation tends to improve accuracy as the parameter increases. Also, if the parameter is considered to be too large to affect the performance of the system, it is conceivable to perform a 1-to-N collation using a subset of the registered information rather than all of the registered information.

  As described above, according to the third embodiment, the accuracy of the corresponding biometric technology is evaluated with respect to the one-to-one verification of the user with respect to the biometric technology, thereby associating the certainty of the identity verification with the security level. It becomes possible to automate the process.

  As another embodiment, the security target of in-file information applied in the first embodiment can be changed to a login destination. For example, a security level is set in accordance with the level of information value in a plurality of websites of an intranet, and a personal identification means corresponding to this is used.

FIG. 1 is a block conceptual diagram showing the main part of a personal authentication device according to the present invention. It is explanatory drawing which showed the example of a structure of the security object of information. (Example 1) It is explanatory drawing which showed the management information in Example 1. FIG. It is explanatory drawing which showed the correspondence table of an authentication method and a security level. 1 is an explanatory diagram illustrating an example of a system configuration in Embodiment 1. FIG. It is explanatory drawing which showed the structural example of the physical security object. (Example 2) It is explanatory drawing which showed the management information in Example 2. FIG. FIG. 6 is an explanatory diagram illustrating a system configuration example according to a second embodiment. 10 is a processing flowchart according to the third embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Password input part 2 Card input part 3 Face image input part 4 Voice input part 5 Fingerprint image input part 6 Iris image input part 7 Personal authentication apparatus

Claims (6)

  A security level setting method comprising: determining a level of an authentication unit for permitting access to a security target, and selecting an authentication unit to be used for authentication for each target according to the level.   The security target is each information in the file, the level of the authentication means is determined for each access type including browsing, updating, and deletion of each information, and the authentication means used for authentication is determined for each target according to the level. 2. The security level setting method according to claim 1, wherein the security level setting method is selected.   The security target is a physical target, the level of the authentication unit is determined for each usage mode including the usage time of each target, and the authentication unit used for authentication is determined for each usage mode of the target according to the level. 2. The security level setting method according to claim 1, wherein the security level is selected.   2. The security level setting method according to claim 1, wherein a level of the authentication unit is automatically determined, and an authentication unit to be used for authentication is selected for each target according to the level.   5. The security level setting method according to claim 1, wherein the level of the authentication means is determined for each authentication means.   5. The security level setting method according to claim 1, wherein the level of the authentication means is determined for each combination of authentication means.

Images