JP2006155513A - Access management system using individual authentication function, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system allowing a user to easily access a file, a program, a web browser or the like by use of an individual authentication function. <P>SOLUTION: When the user instructs the access to the file or the like stored in a storage part 12 and when it is a file that is a target of access management, a control part 11 acquires information about a physical characteristic of the user through a portion authenticating the physical characteristic equipped in an input part 13. The control part 11 collates the acquired information and information about the physical characteristic previously stored in the storage part 12, acquires identification information of the user, collates the file or the like that is the target of the access management and the information about the user permitted to access it, and displays the information on a display part 14 when the user is permitted to access it. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a system for managing access to files, programs, web browsers and the like.

Conventionally, a technique for personal authentication using a fingerprint, a vein pattern, etc. is known, and a sensor for reading a fingerprint is provided in a mouse device, and when the holding state of the mouse changes, the fingerprint is read to authenticate the individual ( For example, Patent Document 1) is also known.
JP 2002-258974 A

  With the technique disclosed in Patent Literature 1, it is possible to automatically determine whether or not the operator holding the mouse is a regular operator (an operator in which a fingerprint or the like is registered). However, it cannot be determined whether or not the data, program, web page, and the like designated as an access target by the mouse are permitted to be accessed by the operator. Therefore, for example, when information for identifying an operator such as an ID and a password is requested from a started program or the like, the operator needs to input these, and the operation is complicated.

  The present invention has been made in view of the above circumstances, and provides a system in which a legitimate user can easily access an access target that requires user authentication and can eliminate the access of a non-regular user. For the purpose.

In order to achieve the above object, an access management system according to the first aspect of the present invention provides:
An access management system that allows only specific users access to predetermined information,
Authentication information storage means for storing information associating access target information to be accessed with user authentication information for authenticating a person who is permitted to access the access target information;
Physical information storage means for storing physical information representing the physical characteristics of the user and the user authentication information of the user in association with each other;
An input means comprising an access instruction means operated by a user and instructing access to the access target information; and a physical information reading means for reading the physical characteristics of the user and outputting the physical information;
In response to the access instruction from the access instruction means, the user specifies information that the user wants to access, and converts the physical information from the physical information reading means into authentication information based on the information stored in the physical information storage means. , Based on the converted authentication information and the information stored in the information storage means, determine whether or not the user has the authority to access the requested information, and if determined to have And an access control means for enabling the user to access the information,
It is characterized by providing.

For example, in response to an access instruction from the access instruction means, the access control means specifies information that the user wants to access, and when user authentication information is set for the specified information, the physical information reading means The user is instructed to read the physical information, the physical information from the physical information reading means is converted into authentication information with reference to the information stored in the physical information storage means, and the converted authentication information and the information storage On the basis of the information stored in the means, it is determined whether or not the user has the authority to access the requested information. Allow access,
It is characterized by that.

  For example, the input means can be grasped with a user's one hand, and comprises a mouse-type input device that notifies the access control means of position information and button operation information, and the physical information reading means is input by the user. The body information is fingerprint information. The fingerprint information is configured by a reading surface disposed at a position where a finger touches the apparatus while holding the device.

  For example, the authentication information storage means includes physical information, authentication information provided to the access target in an authentication process executed to permit access by the access target information, and a user who is permitted to access the access target. The access control means identifies the information that the user wants to access in response to an instruction from the access instruction means, and responds to an authentication request issued by the identified information. And means for providing authentication information obtained by converting the physical information.

In order to achieve the above object, a computer program according to the second aspect of the present invention provides:
On the computer,
An authentication information storage function for storing information associating access target information to be accessed with user authentication information for authenticating a person who is permitted to access the access target information;
A physical information storage function for storing physical information representing the physical characteristics of the user and the user authentication information of the user in association with each other;
An input function that is operated by a user and includes access instruction means for instructing access to the access target information; and physical information reading means for reading the physical characteristics of the user and outputting physical information;
In response to the access instruction from the access instruction means, the user specifies information that the user wants to access, and converts the physical information from the physical information reading means into authentication information based on the information stored in the physical information storage means. , Based on the converted authentication information and the information stored in the information storage means, determine whether or not the user has the authority to access the requested information, and if determined to have And an access control function that enables the user to access the information,
It is characterized by realizing.

  According to the present invention, it is possible to provide a system that allows a user to easily access a file, a program, a web browser, and the like by using a personal authentication function.

An access management system according to an embodiment of the present invention will be described with reference to the drawings.
The access management system is realized as a partial function of a computer or a data processing device, for example.

(Embodiment 1)
The configuration of the access management system 1 is shown in FIG. The access management system 1 includes a control unit 11, a storage unit 12, an input unit 13, and a display unit 14.

  The control unit 11 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like, and controls the entire access management system 1. The control unit 11 reads and executes an operation program, a file, or the like stored in advance in the storage unit 12.

The storage unit 12 is composed of, for example, a hard disk device.
The storage unit 12 stores an operation program executed by the control unit 11 and various data necessary for processing. Further, in the storage unit 12, in addition to programs, etc., programs, files, applications, etc. that require user authentication work are stored in association with IDs of users who are permitted to access them. A target management table 21 (see FIG. 2), a fingerprint information management table 22 (see FIG. 3) and the like for associating information about fingerprints with user IDs and passwords are stored.

The input unit 13 includes, for example, an input device such as a mouse 40, a keyboard, and a pointing device including the fingerprint reading unit 41 illustrated in FIG. 4 and transmits input data to the control unit 11.
The display unit 14 is composed of a display device such as a display device, for example, and displays various data according to instructions from the control unit 11. The display unit 14 displays, for example, a menu screen 14a that displays a list of access targets, as shown in FIG.

FIG. 4 shows the appearance of a mouse 40 having a fingerprint authentication function, and FIG. 5 shows the configuration of the mouse 40.
The mouse 40 includes a fingerprint reading unit 41, a position detection unit 42, a right button unit 43, a left button unit 44, and a controller 45.
For example, as shown in FIG. 4, the fingerprint reading unit 41 is provided in a portion where the thumb hits when the mouse is used with the right hand. The user's fingerprint information read by the fingerprint reading unit 41 is transmitted to the control unit 11 of the access management system 1 through the controller 45.
The movement amount detection unit 42 detects the movement amount and direction, and transmits the detected information to the control unit 11 through the controller 45. When the right button unit 43 and the left button unit 44 are pressed by the operator, the information is transmitted to the control unit 11 through the controller 45.
Note that the mouse 40 shown in FIG. 4 is an example in which the mouse 40 is used with the right hand. When the mouse 40 is used with the left hand, the fingerprint reading unit 41 may be provided in a portion where the thumb of the left hand hits.

  Next, access management processing executed by the access management system 1 will be described with reference to the flowchart shown in FIG.

When a predetermined event such as a double click of the left button unit 44 of the mouse 40 occurs, the control unit 11 starts the access management process shown in FIG. 7 in response to this event.
When the control unit 11 starts the access management process, the control unit 11 reads the access target management table 21 from the storage unit 12 (step S01).

  Next, the control unit 11 refers to the read access target management table 21 to determine whether the current event is an access management target (step S02). In other words, it is determined whether or not the process instructed by the user is a process for which user authentication is requested (step S02). For example, assume that the user clicks or double-clicks the icon 14b on the screen shown in FIG. In response to this event, the control unit 11 starts the process of FIG. 7, reads the access target management table 21 (step S01), and subsequently starts the process corresponding to the current event, that is, the program A. It is determined with reference to the access target management table 21 whether or not the process requires authentication. In the example of FIG. 2, the program A is stored in the access target management table 21, and the process for starting the program A is a process that requires authentication. Therefore, in this case, the control unit 11 determines that the program A is an access management target.

  When the process specified by the event is not the target of access management (step S02: No), the control unit 11 executes the instructed process (step S03), for example, displays the requested information on the display unit 14, the designated file is opened, or the designated program is started.

On the other hand, when the instructed information is information that is the object of access management (step S02: Yes), the control unit 11 sends the user's information to the fingerprint reading unit 41 of the mouse 40 via the input unit 13. A command for reading the fingerprint is transmitted (step S40). Further, a message for reading the fingerprint is displayed on the display unit 14 (step S05).
The fingerprint reading unit 41 of the mouse 40 receives a command from the authentication unit control unit 11 via the controller 45, reads the fingerprint of the user's thumb in response to this command, and manages access management via the controller 45. Send to system 1.
The control unit 11 waits for the reception of fingerprint information while counting the elapsed time since the reading command was transmitted (step S06), and receives the fingerprint information within a predetermined time limit (step S07; Yes), the fingerprint. It is determined whether or not the user ID corresponding to the fingerprint information is registered with reference to the information management table 22, and if it is registered, it is acquired (step S08).

  Subsequently, the control unit 11 determines whether or not the user ID corresponding to the fingerprint information has been acquired (step S09), and if it has been acquired (step S09: Yes), the access target stored in the storage unit 12 The management table 21 is read, and the user ID acquired in step S08 is registered corresponding to the instructed process. In other words, the process instructed (requested) by the user is permitted to the user. (Step S10).

For example, when the process instructed (requested) by the user is the activation of the program A and the user ID corresponding to the received fingerprint information indicates the user A, the access target management table 21 shown in FIG. Since the user A's ID is included in the permitted user ID, access (activation) is permitted.
Further, for example, when the process instructed (requested) by the user is to open the file B, and the user ID corresponding to the received fingerprint information indicates the user D, the access target management shown in FIG. Since the ID of the user D is included in the permitted user ID of the table 21, the display and access of the data are permitted.

  When access is permitted by the user (step S10: Yes), the process instructed by the user is executed, for example, a program is started, a file is opened, and data is displayed (step S11).

  When access is not permitted by the user (step S10: No), information indicating access refusal is displayed on the display unit (step S12), and the process ends.

  On the other hand, the control unit 11 inputs the user ID and the password when the fingerprint information cannot be acquired (step S7: No) and when the user ID corresponding to the fingerprint information cannot be acquired (step S9: No). A screen to be displayed is displayed on the display unit 14, and an input by the user is received (step S13).

  When the user inputs the ID and password, the control unit 11 reads the fingerprint information management table 22 stored in the storage unit 12 and determines whether the ID and password match those stored in the table. (Step S14).

If they match (step S14: Yes), the control unit 11 moves to step S10, reads the access target management table 21, and determines whether the user is permitted access.
If they do not match (step S14: No), the control unit 11 displays information indicating access refusal on the display unit 14 (step S12), and ends the process.

  By adopting the above configuration, the user touches the fingerprint reading unit 41 provided on the mouse 40 after specifying the processing to be executed by, for example, clicking an icon using an input device such as a mouse. It is possible to access files, programs, web browsers, etc. that are permitted by the user.

(Embodiment 2)
In the first embodiment, the event-driven access management process for determining the access right in response to the user's instruction operation (event) has been described. For example, the operation status of programs, applications, and the like is monitored at regular intervals. Then, authentication processing may be automatically performed as necessary. Hereinafter, Embodiment 2 having such characteristics will be described.

  In the present embodiment, the configuration of the access management system 1 is the same as that of the first embodiment, and the access management operation will be mainly described.

Hereinafter, the automatic input process will be described with reference to FIG.
First, the control unit 11 acquires an operation status such as a program (application) every 10 mSec, for example (step S21).

  If the acquired operation status is to display an authentication screen for inputting authentication information such as a user ID and password (step S22: Yes), the control unit 11 temporarily stops displaying the authentication screen. Then, a command to read the user's fingerprint is transmitted to the fingerprint reading unit 41 of the mouse 40 and waits for a predetermined time until it is received. (Step S23).

  If the acquired operation status is not an input screen for identification information (step S22: No), the process ends.

  Next, when the fingerprint information is not received (step S24: No), the control unit 11 displays information prompting the user to input the ID and password on the display unit 14 in step S28.

When the fingerprint information is received (step S24: Yes), the controller 11 reads the fingerprint information management table 22 from the storage unit 12 (step S25).
If the ID and password corresponding to the fingerprint information cannot be obtained (step S26: No), the control unit 11 displays information prompting the user to input the ID and password in step S28. To display.

  When the ID and password corresponding to the fingerprint information can be acquired (step S26: Yes), the control unit 11 inputs the acquired ID and password on the authentication screen (step S27).

  By adopting the above configuration, even when the authentication information is requested from a program, application, or the like, the user need not touch the fingerprint reading unit 41 of the mouse and need not input the ID and password.

  In addition, this invention is not limited to the said embodiment, A various deformation | transformation and application are possible. For example, the type of processing that requires authentication is not limited to program activation and file opening. For example, a condition may be set by changing whether to allow reference to an arbitrary file or data, referencing whether or not to allow updating, and changing the condition.

  In the above embodiment, a fingerprint is used as the authentication information. However, if the user can obtain the authentication information in a general operation (no complicated processing / operation is required from the user), any biometric information can be used as the authentication information. Can be used as In this case, the function of authenticating the biological information is not limited to being provided in the mouse. For example, a palm, a finger blood vessel (vein) pattern, a retina iris pattern, or the like can be used as authentication information. When the blood vessel pattern of the palm is used for authentication, for example, a blood vessel pattern reading device is arranged on a part of the mouse, and this information is supplied to the input unit 13. When the finger vein pattern is used for authentication, for example, a blood vessel pattern reading device is arranged on a part of a mouse or a keyboard, and this information is supplied to the input unit 13. When the iris pattern of the retina is used as authentication information, an imaging device that captures the user's eyes is arranged in a part of the authentication device 1, and the imaging information is supplied to the input unit 13.

  Further, although the access management system 1 has been described by taking a stand-alone type as an example, it can also be applied to a client server type or the like. For example, when a request for accessing a program or file stored in the server from the client occurs, the server instructs the mouse to read the biological information via the client, and based on the biological information provided from the client, For example, authentication processing may be performed by a server.

  The system of the present invention can be realized using a normal computer system, not a dedicated system. For example, a program for executing the above operation is stored in a computer-readable recording medium (FD, CD-ROM, DVD, etc.) and distributed, and the program is installed in the computer to execute the above processing. An access management system may be configured. Further, for example, it may be stored in a disk device of a server device on a network such as the Internet and downloaded to a computer.

  In addition, when the OS realizes the above functions by sharing the OS or jointly of the OS and the application, only the part other than the OS may be stored and distributed in the medium, or may be downloaded to the computer. Good.

It is a block diagram which shows the structure of the access management system which concerns on Embodiment 1 of this invention. It is a figure which shows the structural example of an access object management table. It is a figure which shows the structural example of a fingerprint information management table. It is a figure which shows the external appearance of a mouse | mouth. It is a figure which shows the structural example of the mouse | mouth shown in FIG. It is a figure which shows the example of the input screen for instruct | indicating a process. 4 is a flowchart of access management processing according to the first embodiment. 10 is a flowchart of automatic input processing according to the second embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Access management system, 11 ... Control part, 12 ... Memory | storage part, 13 ... Input part, 14 ... Display part, 14a ... Instruction screen, 14b ... Icon, 21 ... Access target management table, 22 ... Fingerprint information management table, 40 ... Mouse, 41 ... Fingerprint reading unit, 42 ... Movement amount detection unit, 43 ... Right button unit, 44 ..Left button part, 45 ... Controller

Claims (5)

An access management system that allows only specific users access to predetermined information,
Authentication information storage means for storing information associating access target information to be accessed with user authentication information for authenticating a person who is permitted to access the access target information;
Physical information storage means for storing physical information representing the physical characteristics of the user and the user authentication information of the user in association with each other;
An input means comprising an access instruction means operated by a user and instructing access to the access target information; and a physical information reading means for reading the physical characteristics of the user and outputting the physical information;
In response to the access instruction from the access instruction means, the user specifies information that the user wants to access, and converts the physical information from the physical information reading means into authentication information based on the information stored in the physical information storage means. , Based on the converted authentication information and the information stored in the information storage means, determine whether or not the user has the authority to access the requested information, and if determined to have And an access control means for enabling the user to access the information,
An access management system comprising: In response to an access instruction from the access instruction means, the access control means identifies information that the user wants to access, and when user authentication information is set for the identified information, the physical information reading means is set to the user The physical information from the physical information reading means is converted into authentication information with reference to the information stored in the physical information storage means, and the converted authentication information and the information storage means are Based on the stored information, it is determined whether or not the user has the authority to access the requested information. If it is determined that the user has the information, the user's access to the information is determined. Possible,
The access management system according to claim 1. The input means is comprised of a mouse-type input device that can be held with one hand of a user and notifies the access control means of position information and button operation information.
The body information reading means is composed of a fingerprint reading device in which a reading surface is arranged at a position where a user touches a finger while holding the input device,
The access management system according to claim 1, wherein the physical information is fingerprint information. The authentication information storage means includes physical information, authentication information provided to the access target in an authentication process executed for permitting access by the access target information, and physical information of a user who is permitted to access the access target. Are stored in association with each other.
In response to an instruction from the access instruction unit, the access control unit identifies information that the user wants to access, and an authentication obtained by converting the physical information in response to an authentication request issued by the identified information Comprising means for providing information,
The access management system according to claim 1, 2, or 3. On the computer,
An authentication information storage function for storing information associating access target information to be accessed with user authentication information for authenticating a person who is permitted to access the access target information;
A physical information storage function for storing physical information representing the physical characteristics of the user and the user authentication information of the user in association with each other;
An input function that is operated by a user and includes access instruction means for instructing access to the access target information; and physical information reading means for reading the physical characteristics of the user and outputting physical information;
In response to the access instruction from the access instruction means, the user specifies information that the user wants to access, and converts the physical information from the physical information reading means into authentication information based on the information stored in the physical information storage means. , Based on the converted authentication information and the information stored in the information storage means, determine whether or not the user has the authority to access the requested information, and if determined to have And an access control function that enables the user to access the information,
Computer program for realizing.

Images