JP2006260461A - Access control system and information processing system using the same - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an access control system having high safety and user-friendliness. <P>SOLUTION: The access control system 1 determines whether a predetermined access right out of a plurality of access rights having different conditions that a user accesses a device 2 to be accessed is given or not to the user. It comprises a feature data acquiring means 11 for acquiring feature data to be used for authentication from the user, a user authentication data storage means 15 for previously storing user authentication data as criteria for authenticating the user from the feature data, user authentication means 12, 13 for comparing the stored user authentication data with the acquired feature data and calculating user authentication probability, an access reference data storage means 16 for storing access reference data in which the access right to be given depending on the authentication probability is preset, and an access right determining means 14 for determining the access right corresponding to the user authentication probability calculated in accordance with the stored access reference data. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an access control system, and more particularly to an access control system that performs multi-stage access permission control according to a user authentication probability. The present invention also relates to an information processing system using this access control system.

  Conventionally, various methods for automatically authenticating a user with a computer have been considered in order to allow the user access to a predetermined apparatus. The basic technique is whether or not information such as a personal identification number corresponding to this user information has been input in addition to whether or not possession possessing predetermined user information such as a magnetic card is possessed. It is done by judging. However, with such a user authentication method, if someone else picks up the card, etc., and if the PIN number can be guessed, unauthorized authentication is performed by another person, and data theft, alteration, destruction, etc. by impersonation There was a problem that security problems were reduced.

  For this reason, in order to improve the inconvenience, in recent years, a method of performing authentication using biometric data which is a unique physical feature such as a user's fingerprint has been put into practical use. Such a technique is disclosed in Patent Document 1, for example. However, in the authentication method using biometrics, since the data used for authentication is a physical feature of the user, measurement and authentication errors occur, and as a result of authentication, it is difficult to guarantee that the user is a valid user. . In other words, it is merely determined that the person is likely to be the person himself / herself. For example, another user having a similar face may be mistakenly recognized as the person himself / herself.

  And in the conventional authentication system which has such a problem, the access right which permits further all operations within the range which can be operated in one authentication is given. That is, as shown in FIG. 15 (a), when the possibility of the identity is higher than “ω”, the user is judged to be a valid user and access is permitted thereafter. . In order to enhance security in such a system, it is conceivable to increase the value of the threshold value ω. However, if this value is too high, the rejection rate of the person increases and convenience may be impaired. On the other hand, if the threshold value ω is too low, the rejection rate decreases, but at the same time, the probability of misrecognizing others increases, which may cause a safety problem.

  And as an authentication system for performing access control to solve the above-mentioned problems, the probability of identity (identity) is continuously calculated, and if it is above a predetermined threshold, an access right is given, Japanese Patent Application Laid-Open No. 2004-228620 discloses a system that does not permit access or deprives an access right that has been permitted once if the access is low. An example of the access permission is shown in FIG. In the technique disclosed in this document, the access right is given only when the identity probability is higher than the threshold value ω as a result of continuous authentication.

Japanese Patent Laid-Open No. 2001-167053 Hideki Takai, Tsutomu Sato, Masatoshi Miyazaki: “Continuous Authentication System Using User Model”, IEICE Technical Report, Vol97, No.626p.37-42 (1998)

  However, even in the above-described conventional example, even if the access right is mistakenly given once, and it is later determined that it is a misrecognition and the access right is deprived, theft of data occurs during the short-time access permission. There is a possibility, and it is still impossible to ensure safety.

  Therefore, an object of the present invention is to improve the disadvantages of the above-described conventional example, and to provide an access control system that is particularly safe and highly convenient.

Therefore, an access control system according to one aspect of the present invention is
An access control system for determining whether or not to allow a user a predetermined access right among a plurality of access rights with different access states of the user to the access target device,
Feature data acquisition means for acquiring feature data used for authentication from a user;
User authentication data storage means in which user authentication data serving as a reference for authenticating a user from feature data is stored in advance;
User authentication means for calculating the authentication probability of being a user by comparing the stored user authentication data and the acquired feature data;
Access reference data storage means for storing access reference data in which an access right permitted in accordance with the authentication probability is preset;
Access right determination means for determining an access right corresponding to the authentication probability of the user calculated based on the stored access reference data;
It is characterized by having.

In the present invention, there is further provided an information processing system including the access control system and an access target device connected to the access control system.
The access target device includes feature data transfer means for acquiring feature data from the user and transferring it to the access control device, and access request receiving means for receiving access request information from the user and transferring it to the access control system,
The access right determination means included in the access control system determines whether or not the access right corresponding to the access request information from the user transmitted from the access target device can be permitted, and returns the determination result to the access target device.
It is characterized by that.

  According to the above invention, first, feature data of a user who desires access to the access target device is acquired by the access control system, and the acquired feature data is compared with user authentication data stored in advance. User authentication is performed. Then, the authentication probability of the user is calculated by this authentication process, and a preset access right permitted in accordance with the authentication probability is determined. At this time, when there is an access request from the user to the access target device, the access control device determines whether or not the access right can be permitted and notifies the access target device. Thereafter, access to the access target device by the user according to the determination result of the access right is executed. Therefore, since the access right according to the authentication probability of the user is given, it is possible to prevent the access right from being erroneously given to others due to a single misrecognition, and to improve safety. it can. Further, since the corresponding access right is given even when the authentication accuracy for the user is low, the convenience of the user can be improved. In addition, the access right in the present invention includes the operation content by the user permitted for the access target device.

  The access reference data is data in which the access right permitted to the user is set stepwise according to the authentication probability, and in particular, the data that is set such that the higher the authentication probability is, the more access right is permitted. It is characterized by that. Furthermore, the access reference data is data set such that an access right that is more important to the user is permitted as the authentication probability is higher. As a result, by misrecognizing another person, it is possible to prevent the other person from being erroneously granted many access rights or access rights with high importance, thereby improving safety.

  Further, the user authentication means includes: an authentication means for authenticating a user by comparing the user authentication data stored in the user authentication data storage means with the feature data acquired by the feature data acquisition means; and based on the authentication result. Probability calculating means for calculating an authentication probability of being a user is provided. At this time, the probability calculation means stores the calculated authentication probability and calculates a new authentication probability based on the stored authentication probability and the authentication result by the authentication means. Specifically, the probability calculation unit calculates a new authentication probability by adding or subtracting the stored authentication probability according to the authentication result by the authentication unit. More specifically, the authentication unit determines whether or not the user is a user, and the probability calculation unit determines whether the authentication result stored by the authentication unit is a determination that the user is a user. A new authentication probability is calculated by adding a value and subtracting a predetermined value from the authentication probability described above when it is determined that the user is not a user.

  Thereby, since the authentication probability of the user always changes, the access right can change step by step. Accordingly, it is possible to prevent the authentication probability from being suddenly increased due to misrecognition during access by another person, to prevent a considerable access right from being granted, and to ensure safety. Also, even if the person himself / herself is misidentified, the access right is not suddenly cut off, so convenience is maintained.

An access control program according to another aspect of the present invention is a computer for determining whether or not to allow a user a predetermined access right among a plurality of access rights with different access states from the user to the access target device. In addition,
Feature data acquisition means for acquiring feature data used for authentication from a user;
A user authentication unit for calculating an authentication probability of being a user by comparing the acquired feature data with user authentication data serving as a reference for authenticating the user from the feature data stored in advance in the user authentication data storage unit;
Access right determination means for determining an access right corresponding to a user authentication probability calculated based on access reference data in which an access right permitted according to the authentication probability stored in the access reference data storage means; ,
It is characterized by realizing.

Furthermore, an access control method according to another aspect of the present invention includes:
An access control method for determining whether or not to allow a user a predetermined access right among a plurality of access rights with different access states from a user to an access target device using a computer,
Computer
Get feature data for authentication from users,
The acquired feature data is compared with the user authentication data serving as a reference for authenticating the user from the feature data stored in advance in the user authentication data storage means to calculate the authentication probability of being a user,
An access right corresponding to the authentication probability of the user calculated based on the access reference data set in advance is determined according to the authentication probability stored in the access reference data storage means;
It is characterized by that.

  Even with the program and method having the above configuration, the above-described access control system operates in the same manner, so that the object of the above basic invention can be achieved.

  Since the present invention is configured and functions as described above, according to this, since the access right according to the authentication probability of the user is given, the predetermined access right is mistakenly given to another person by one misrecognition. The user's convenience is improved because the corresponding access right is granted even when the authentication accuracy for the user is low. It has an unprecedented excellent effect that improvement can be achieved.

  The present invention is characterized by an access control system that determines whether or not a user is permitted a predetermined access right among a plurality of access rights with different access states of the user to the access target device. Examples of the access target device include a workstation where a user logs in, a bank ATM, and the like.

  Hereinafter, a specific configuration and operation of an authentication server, which is an access control system that performs access right determination, will be described in the first embodiment. In the second to fourth embodiments, specific examples of access target devices will be given. The access control for the access target device will be described in detail.

  A first embodiment of the present invention will be described with reference to FIGS. 1 to 6 are diagrams illustrating the configuration of the present invention, and FIGS. 7 to 8 are diagrams illustrating the operation of the present invention. Hereinafter, an information processing system in which the above-described access control system is the authentication server 1 and the access target apparatus is the operation terminal 2 and these are connected will be described.

[Constitution]
As shown in FIG. 1, a plurality of operation terminals 2 are connected to the authentication server 1 via a network N. Then, the authentication server 1 determines permission / non-permission of access to the user U who desires to access each operation terminal 2. Hereinafter, the authentication server 1 and the operation terminal 2 will be described in detail.

<Operation terminal>
The operation terminal 2 is a system to be accessed and operated by a user, and is, for example, a bank ATM as described in another embodiment. In this embodiment, description will be made assuming that the device is a general device including the ATM. The configuration is shown in FIG.

  As shown in this figure, the operation terminal 2 includes an arithmetic device 2A such as a CPU, and a predetermined program is incorporated into the arithmetic device 2A, so that the user data input acceptance processing unit 21 and the processing request acceptance processing are performed. The unit 22 and the execution processing unit 23 are constructed. The operation terminal 2 includes a feature value acquisition device (not shown) for acquiring feature data that is a feature for recognizing the user. In addition, an input device that is operated by a user to input predetermined information is also provided. Hereinafter, each configuration will be described in detail.

  First, the feature value acquisition device acquires, for example, so-called biometric data such as a fingerprint reading device, a face image photographing device (camera), or a voice capturing device, which expresses the physical characteristics of the user. It is. Then, the feature data acquired by this feature value acquisition device is received by the user data input acceptance processing unit 21 and transferred to the authentication server 1. The feature value acquisition device is a keyboard, and may acquire a rhythm (リ ズ ム) when a user inputs a key. The input device is for inputting characters, numbers and the like such as a keyboard.

  The user data input reception processing unit 21 (feature data transfer means) receives the ID and password for identifying the user input by the user via the input device, and notifies the authentication server 1A. Also, the user's face image information and the like are constantly acquired via the feature value acquisition device, and transferred to the input reception processing unit 11 (described later) of the authentication server 1.

  The processing request reception processing unit 22 (access request reception means) receives an input of access request information indicating a predetermined access request by the user U from the input device, and receives this from the access right determination processing unit 14 ( (To be described later). At this time, the access request is, for example, information indicating the operation content desired by the user U.

  Further, the execution processing unit 23 receives information representing the determination result of the access right permitted by the user from the access right determination processing unit 14 of the authentication server 1. Then, predetermined processing is executed within the range of the access right permitted to the user based on the determination result, and the service is provided to the user.

<Authentication server>
Next, the authentication server 1 will be described. As shown in FIG. 2, the authentication server 1 is a general server computer including an arithmetic device 1A such as a CPU and a storage device 1B such as a hard disk drive device. As shown in FIG. Via the operation terminal 2. Note that the network N may be a public Internet network or a LAN network, or may be directly connected to the operation terminal 2 by a cable. Furthermore, the authentication server 1 and the operation terminal 2 may be integrally configured.

  Then, by incorporating an access control program into the arithmetic device 1A of the authentication server 1, an input reception processing unit 11, an authentication processing unit 12, a probability calculation processing unit 13, an access right determination processing unit 14, Has been built. In addition, a user authentication data storage unit 15 and an access reference data storage unit 16 are formed in the storage device 1B. Hereinafter, the processing units 11 to 14 and the storage units 15 and 16 will be described in detail.

  First, in the user authentication data storage unit 15 (user authentication data storage means), a user-specific ID and password registered in advance are stored. Further, in association with these, user characteristic data acquired from the user in advance, and user authentication data serving as a reference for authenticating the user from the user characteristic data acquired later is stored. That is, as described above, the user authentication data serving as a reference for determining whether or not the user is the user is compared with feature data such as face image data acquired from a user who desires access to the operation terminal 2. Is acquired from the user himself / herself and stored. Therefore, it is not always necessary to store raw data such as user face image data, and only parameters necessary for determination may be stored. As the user authentication data, feature data imported from the user U for authentication may be accumulated.

  Further, the access reference data storage unit 16 (access reference data storage means) has an access right table set in advance by the user indicating the correspondence between the certainty factor corresponding to the authentication probability of the user U and each access right. Is remembered. An example of this access right table is shown in FIG. In the access right table shown in this figure, the level of certainty (Level (m)) indicating the probability of authenticating a user is shown on the horizontal axis, and a plurality of access rights with different access statuses are ranked and expressed. The risk rank (Rank (m)) is on the vertical axis.

  As described later, the “confidence level” is a level obtained by dividing a value indicating the probability of the user himself / herself calculated based on the result of authentication based on the acquired user feature data into predetermined intervals. The displayed value. An example of calculating the certainty factor is shown in FIG. In this figure, the vertical axis indicates the authentication probability (0 ≦ r ≦ 1.0) of the user himself / herself that changes according to the authentication performed continuously as described later, and this is arbitrarily classified (r1, .., Rm) are represented by reference symbols S0, S1,. Then, the value of Sm corresponds to the value of confidence (Level (m)) on the horizontal axis shown in FIG. That is, when the authentication probability r is calculated, the certainty factor Sm corresponding to the authentication probability r is determined, and Level (m) shown in FIG. 3 is determined. A certainty factor table serving as a reference for determining the certainty factor is set for each user and stored in the access criterion data storage unit 16. In FIG. 4, the higher the authentication probability, the higher the certainty factor.

  The “risk rank” is a value expressed by dividing all access rights by users who can access the operation terminal 2 for each access right and ranking them according to their importance. is there. An example is shown in FIG. In this figure, the system resource of the entire operation terminal to be accessed is represented by X, and among them, the system resource accessible by the user U, that is, all access rights by the user U are represented by V. Then, among all the access rights V of this user, each access right is divided and set as W1, W2,. Each of these access rights has an order relationship, which is expressed as a risk rank (Rank (m)). The order of the risk rank is set in accordance with the order of importance to the user, that is, the degree of damage caused by unauthorized access by others. For example, the risk rank of the access right with the least damage The risk rank is set to m for the most damaging one. Then, a risk rank right table (for example, see FIG. 10 described in the second embodiment) serving as a reference for determining the risk rank of the access request is set for each user in response to the access request by the user U. And stored in the access reference data storage unit 16.

  In the access right table shown in FIG. 3 in which the certainty factor and the risk rank are set in this way, the access right that can be permitted is set in a stepwise manner corresponding to each level of the certainty factor. At this time, in the example of FIG. 3, the risk rank of the access right permitted as the level of certainty increases, and the access right of the risk rank lower than that is set to be permitted. In other words, the higher the user authentication probability, the more important access is permitted. Here, in the access right table shown in FIG. 3, the level of certainty is displayed on the horizontal axis, but the value of the authentication probability may be used on the horizontal axis as it is. Accordingly, the access right itself that can be permitted according to the value of the authentication probability may be displayed on the vertical axis.

  Since the access right table is set in this way, as will be described later, the user's authentication probability changes, and accordingly, the access right permitted to the user also changes. An example is shown in FIG. This figure is a diagram showing how the access right (φ) (risk rank) changes according to the certainty factor (s) for each time (t). The shaded portion in this figure shows a state where a predetermined access right is permitted, and the contents of the access right (W1 etc.), that is, the risk rank changes according to the time.

  As shown in this figure, the access right also changes step by step according to the certainty factor, so when accessed by another person, the authentication probability does not suddenly increase due to misrecognition, and a considerable access right Is suppressed, and safety can be ensured. Moreover, even if the person himself / herself is mistakenly recognized, the access right is not suddenly cut off, and convenience can be ensured.

  Here, the “certainty factor” described above can be arbitrarily set by the user according to the authentication probability (r). For example, as shown in FIG. 4 (b), the level of certainty may be assigned at equal intervals to the value of the authentication probability (r), and as shown in FIG. Also good. As shown in FIG. 4C, the possibility of unauthorized access due to erroneous recognition can be reduced by narrowing the width of the authentication probability value at the higher level of confidence. For example, FIG. 6C and FIG. 6D show how access rights change when the certainty factor is set as shown in FIG.

  In addition, the “risk rank” of the access right can be arbitrarily set by the user, and the set of the access right can be arbitrarily classified. For example, as shown in FIG. 5 (b), the set of access rights of each risk rank may be divided equally, and as shown in FIG. 5 (c), many access rights are assigned to higher access ranks. Including the lower access rank subset, the damage caused by unauthorized access can be reduced. FIGS. 6B and 6D show how access rights change at that time.

  Next, the processing units 11 to 14 described above will be described. First, the input reception processing unit 11 (feature data acquisition means) receives the user U ID and password transferred by the user data input reception processing unit 21 of the operation terminal 2 and stores them in the user authentication data storage unit 15. The user U to be authenticated is specified by checking with the previously registered ID and password. Further, the feature data of the user U that is always transferred is received and passed to the authentication processing unit 12. At this time, the received feature data may be stored as user authentication data in the user authentication data storage unit 15.

  The authentication processing unit 12 (authentication unit, user authentication unit) includes user authentication data that is stored in the user authentication data storage unit 15 and serves as a reference for authentication of the user U to be authenticated, and received feature data And authenticate whether or not they are the same person. The authentication algorithm at this time is performed using an existing method. Then, the determination result is notified to the probability calculation processing unit 13.

  The probability calculation processing unit 13 (probability calculation means, user authentication means) calculates the authentication probability based on the determination result by the authentication process. The calculation is expressed by authentication probability Rt = Rt−1 + α (t). That is, the value α (t) corresponding to the current authentication determination result is added to or subtracted from the immediately previous authentication probability Rt−1 to calculate a new authentication probability Rt. Specifically, when the authentication processing unit 12 determines that the user is himself, α (t) is added to the authentication probability Rt−1 so far, and the authentication probability is increased. On the other hand, if the authentication processing unit 12 determines that the user is not the user himself / herself, α (t) is subtracted from the authentication probability Rt−1 so far, and the authentication probability decreases.

  When the access right determination processing unit 14 (access right determination means) first receives an access request from the processing request reception processing unit 22 of the operation terminal 2, the access right determination processing unit 14 reads the risk rank table from the access reference data storage unit 16 and receives the received access. Determine the risk rank of access rights for the request. Further, a certainty factor table of the user U to be authenticated is read from the access reference data storage unit 16 to determine the certainty factor corresponding to the calculated value of the authentication probability and accessed from the access reference data storage unit 16. The right table is read and referenced to determine the access right corresponding to the certainty factor. That is, it is determined whether or not the risk rank of the access right requested to be accessed is permitted for the calculated certainty factor. Then, the determination result is notified to the execution processing unit 23 of the operation terminal 2.

[Operation]
Next, the operation of the present invention will be described with reference to the flowcharts of FIGS. In this figure, the operation of the authentication server 1 will be mainly described.

  First, when the user U inputs his or her ID (identification information) and password to the operation terminal 2, the user U is notified from the operation terminal 2 to the authentication server 1. Then, the input reception processing unit 11 of the authentication server 1 receives the ID and password (step S1), and collates with a pre-registered ID and password stored in the user authentication data storage unit 15 (step S2, S2). S3). At this time, if the ID and the password do not match (No determination in step S3), the authentication server 1 notifies the operation terminal 2 that the user does not have any access right to the operation terminal 2 and cannot log in (step S4). ). Then, the login failure notification is output from the operation terminal 2 to the user, and the process ends.

  On the other hand, when the ID and the password match (affirmative determination in step S3), the authentication server 1 waits for acceptance of an access request input by the user U from the operation terminal 2 (step S5), and the operation terminal 2 Is instructed to acquire the feature data of the user U (step S6). That is, these processes are executed in parallel. First, in step 6, the operation terminal 2 starts acquiring feature data such as a face image by the feature value acquisition device, and transfers the acquired feature data to the authentication server 1. Then, the authentication server 1 takes in the transferred feature data (step S6), reads out the user authentication data of the user U specified by the ID and password from the user authentication data storage unit 15, and compares them (step S7). . Then, it is authenticated whether or not the user U having the captured feature data is the same person as the user whose user authentication data is registered (step S8). For example, it is determined that the person is the person by satisfying a condition that the feature values match or fall within a predetermined threshold.

  If the determination result of the authentication is that the person is the person (affirmative determination in step S8), α (t) is set to a positive value (for example, 5%) so that the person probability increases. Set (step S9). On the other hand, if it is determined that the person is not the person (No in Step S8), α (t) is set to a negative value (for example, −5%) so that the person probability is lowered (Step S10). Then, based on the set α (t) and the value of the authentication probability Rt−1 calculated immediately before, the current authentication probability Rt (Rt = Rt−1 + α (t)) is calculated (step S11). ). At this time, since the initial value of Rt−1 is “0” at the time of the first calculation, the authentication probability Rt = 5 (%) or the like is calculated even for the person himself. Then, the authentication process is repeatedly executed based on the feature data continuously captured and transferred by the operation terminal 2 (steps S6 to S11). Accordingly, the authentication probability Rt is constantly changing. For example, if the user is authenticated, the determination that the user U is the user U is repeated in step S8, and the value of the authentication probability gradually increases.

  On the other hand, when an access request is input from the user U to the operation terminal 2 while the authentication process is repeatedly performed as described above, the access right determination processing unit 14 of the authentication server 1 receives the access request ( After an affirmative determination in step S5, the process proceeds to symbol A in FIG. At this time, the user U's ID and the like are received together with the access request. Then, the access right determination processing unit 14 reads access reference data such as a risk rank table, a certainty factor table, and an access right table of the user U who has requested access from the access reference data storage unit 16 (step S21). Then, it is determined with reference to the risk rank table which risk rank the access right that is the content of the received access request is (step S22).

  Subsequently, the current authentication probability Rt of the user U that is constantly calculated and updated is extracted (see step S23, symbol B in FIG. 7). Then, a certainty factor corresponding to the extracted authentication probability value is determined with reference to the certainty factor table (step S24). Thereafter, the access right corresponding to the determined certainty is determined with reference to the access right table, and compared with the risk rank of the access right related to the access request (step S25).

  When it is determined that there is an access right for the access request (step S26), the execution processing unit 23 of the operation terminal 2 is notified to execute the process (step S27), and the operation terminal 2 responds to the access request. The access right is granted to the user U, and processing by the user U is executed. Then, the authentication server 1 continues (determination is negative in step S29, negative determination in step S30), the calculation of the authentication probability of the user U (steps S6 to S11), and the calculated authentication probability (see reference numeral B). ) Is used to determine whether or not the user has an access right (steps S23 to S30). In the meantime, if fraud occurs, such as the user U operating the operation terminal 2 is replaced, the authentication probability decreases, so the level of certainty is lowered, and the risk rank of the permitted access right is also lowered accordingly. . Therefore, it is determined that the access right requested by the user U cannot be obtained (No determination in step S26). Then, the operation terminal 2 is notified that there is no access right so that the process for the operation terminal 2 is stopped by the current user (step S28). In response to this, the operation terminal 2 denies access from the user.

  When another processing request is made from the user U during the above processing (after affirmative determination is made in step S30, the process proceeds to reference C in FIG. 7), the presence / absence of the access right for the newly accepted access request is described above. (After affirmative determination in step S5, the process proceeds to symbol A in FIG. 8).

  By doing so, the authentication probability of the user is always calculated and changed, so that the access right can be changed step by step. Therefore, even if another person accesses and misrecognizes, the authentication probability is not suddenly increased, and an access right with a high risk level is suppressed, and safety can be ensured. On the other hand, even if the person himself / herself is misidentified, the access right is not suddenly cut off, so the convenience is maintained.

  Next, a second embodiment of the present invention will be described with reference to FIGS. FIG. 9 is a diagram illustrating a system configuration in the present embodiment, and FIG. 10 is a diagram illustrating an example of a risk rank table.

  The present embodiment is a specific example of the information processing system described in the first embodiment, and the access target device that the user U desires to access is a predetermined computer such as a workstation. In particular, the present embodiment shows a case where the user U is used in a TELNET system that accesses the TELNET server 201 using the operation terminal 200 that is a TELNET client. For this reason, the operation terminal 200 itself operated by the user and the TELNET server 201 correspond to the operation terminal 2 described in the first embodiment.

  As shown in FIG. 9, the authentication server 1 in this embodiment is arranged between the operation terminal 200 and the TELNET server 201 via the network N. When the user U makes an access request to the TELNET server 201 via the operation terminal 200, the user U's feature data is acquired and an authentication probability is calculated, and an access right is granted accordingly. A TELNET connection corresponding to the permitted access right is opened with the TELNET server 201. Thus, the basic operation is as described above.

  Here, the feature data for authenticating the user U in the present embodiment may be a face image of the user U who is the operator acquired from the operation terminal 200 as described above. The key input rhythm may be used. In this case, the operation terminal 200 always acquires a key input rhythm and transmits it as feature data to the authentication server 1. Accordingly, in the authentication server 1, the key input rhythm of the user U is registered in the user authentication data storage unit 15 as user authentication data in advance. Based on this, user authentication is performed and an authentication probability is calculated.

  And the risk rank table in a present Example is comprised as shown, for example in FIG. The access right to the TELNET server 201 is an operation content by the user U permitted to the TELNET server 201. For example, a “command (operation instruction)” for operating the server 201 and a “system resource ( Folder, file, etc.) ”. In the user U in this embodiment, the risk rank of the command (instruction) is set in advance to the user U as shown in the table of FIG. 10A, and the risk rank of the system is set in advance as shown in the table of FIG. 10B. And is registered in the access reference data storage unit 16 as a risk rank table. Further, a risk rank table for the access right composed of a command obtained by combining these and system resources is set as shown in FIG. 10C, and this table is also stored in the access reference data storage unit 16. Therefore, when there is an access request from the user U, the authentication server 1 specifies a command and system resources related to the request, specifies each risk rank from each risk rank table, and combines the risk rank table from these risk ranks. To determine the final risk rank. For example, when the command “rm” and the system resource “˜ / file.c” are requested, the risk rank of the command is “IV” and the risk rank of the system resource is “II”. “III”. Similarly, when the command “more” and the system resource “/ etc / passwd” are requested, the risk rank of the command is “II” and the risk rank of the system resource is “IV”. “IV”.

  Although not shown, an access right table representing the relationship between the risk rank and the authentication probability (certainty factor) is also stored in the access reference data storage unit 16 separately. By doing in this way, it is judged whether the access right corresponding to the said risk rank is permitted according to the calculated authentication probability (confidence) of the current user U. Then, the user U performs an operation on the TELNET server 201 based on the permitted access right.

  Next, a third embodiment of the present invention will be described with reference to FIGS. FIG. 11 is a diagram illustrating an example of a risk rank table in the present embodiment, and FIG. 12 is a diagram illustrating an example of an access right table.

  The present embodiment is a specific example of the information processing system described in the first embodiment, and the operation terminal 2 is an ATM installed in a bank, to which the authentication server 1 is connected. When the user U makes an access request to the ATM, the authentication server 1 determines whether or not to permit such access, and the user U can operate the ATM according to the permitted access right. That's it. Thus, the basic operation is as described above. Note that the feature data for authenticating the user U may use a face image of the user U acquired from a camera installed in the ATM.

  And since an access object apparatus is ATM, the risk rank table in a present Example is comprised as shown, for example in FIG. That is, the access right in the present embodiment is an operation content by the user U permitted for the ATM, and includes, for example, “operation content for the account” and “upper limit amount”. And the risk rank of the access request | requirement by these combinations is preset by the user U like the table | surface of FIG. 11, and is registered into the access reference data storage part 16 as a risk rank table | surface. Specifically, since the contents of operations on accounts are considered to be dangerous in the order of “transfer” <“balance inquiry” <“withdrawal”, the risk rank depends on the order and the maximum amount for each operation. Is set. Therefore, for example, an access request “withdraw 10,000 yen or 100,000 yen” has the highest risk rank (Rank 4).

  Also, examples of the access right table in the present embodiment are shown in FIGS. 12 (a) and 12 (b), respectively. In this figure, the certainty factor is used on the horizontal axis without conversion as the authentication probability. In the example of FIG. 12A, the user U sets an access right table with emphasis on safety. In such a case, for example, even a 1000 yen withdrawal operation such as Rank 3 is not permitted until the authentication probability has increased to 0.8 or higher. On the other hand, the example of FIG. 12B is an example in which the user U sets the access right table with an emphasis on convenience. In such a case, if the authentication probability is 0.3 or more, it is 1000 yen. A drawer operation may be permitted. For example, when a small amount is withdrawn every day, if this setting is made, it is possible to prevent the authentication from being caught.

  Next, a fourth embodiment of the present invention will be described with reference to FIGS. FIG. 13 is a diagram illustrating a system configuration in the present embodiment, and FIG. 14 is a diagram illustrating an example of a risk rank table.

  The present embodiment is a specific example of the information processing system described in the first embodiment, and an access target device that the user U desires to access allows the user U to hold a conference remotely via the network. The remote conference management server 100 and a user terminal 400 that is actually operated by a user connected to the server 100. In this embodiment, it is assumed that the function of the authentication server 1 is incorporated in the remote conference management server 100 itself.

  The user terminal 400 includes a shared material storage device 401 that accumulates shared materials provided as conference materials, a speaker 402 that outputs audio information that is the content of the conference, and a face image of the user U who participates in the conference. A camera 403 to be captured, a microphone 404 to capture speech such as a speech from the user U, and a keyboard and a mouse (not shown) are provided. On the display, the provided material 411, moving picture information 412, 413 such as a face image of a person who participates in the conference or the chairperson of the conference, etc. are displayed.

  From the user terminal 400, when the user U logs in to the remote conference, the ID and password are input and transmitted to the function of the authentication server 1 installed in the remote conference management server 100. Further, face image data, which is feature data for authenticating the user U, is always transmitted. In addition, messages, materials, written contents, etc. associated with participation in the conference are input from various input means and transmitted to the remote conference management server 100.

  Further, the remote conference management server 100 performs user U authentication and calculates an authentication probability by the function of the installed authentication server 1 and recognizes an access request due to the user U joining the conference, and according to the authentication probability. It is determined whether or not the user has a predetermined access right. Then, a predetermined operation (access right) by the user is permitted according to the determination result. Thus, the basic operation is as described above.

  And the risk rank table in a present Example is comprised as shown, for example in FIG. At this time, the access right to the remote conference management server 100 is an operation content by the user U permitted to the server 100 when the conference is attended. For example, there are input operations such as remarks, presentation of materials, writing on shared materials, etc. accompanying participation in a conference, and the risk rank corresponding to each input operation is set by the user U as shown in the upper part of FIG. ing. In addition, there are output operations for moving images, audio, and shared materials for which information is provided at the conference, and the risk rank corresponding to each output operation is set by the user U as shown in the lower part of FIG. . Such a risk rank table is registered in the access reference data storage unit 16. An access right corresponding to the risk rank is permitted in accordance with the risk rank table and the calculated authentication probability (confidence) of the current user U.

  As a result, even if someone else impersonates a user U and participates in a remote conference and is mistakenly authenticated, the authentication probability does not increase. Since even high operations are suppressed, important data leaks can be effectively suppressed.

  In addition, although the case where it utilized for a remote conference was demonstrated above, you may utilize for the lesson and seminar in the university etc. which used the remote system.

  The access control system according to the present invention can be used for a system that requires user authentication, and has industrial applicability.

1 is a block diagram illustrating an overall configuration in Embodiment 1. FIG. 2 is a functional block diagram illustrating a detailed configuration in Embodiment 1. FIG. It is explanatory drawing which shows an example of an access right table. FIG. 4 is an explanatory diagram of the certainty factor, and FIG. 4A is a diagram illustrating a correspondence relationship between the authentication probability and the certainty factor. 4B and 4C are diagrams illustrating an example of setting the certainty factor. FIG. 5 is an explanatory diagram of the access right, and FIG. 5A is a diagram illustrating an example of setting the risk rank of the access right. FIGS. 5B and 5C are diagrams showing other setting examples of the access right risk rank. FIGS. 6A to 6D are diagrams illustrating changes in access rights that are permitted. 3 is a flowchart illustrating an operation in the first embodiment. 3 is a flowchart illustrating an operation in the first embodiment. 10 is a block diagram illustrating a configuration in Embodiment 2. FIG. FIG. 10 is an explanatory diagram of data used in the second embodiment. FIG. 10A shows a risk rank table for commands, FIG. 10B shows a risk rank table for system resources, and FIG. The synthesized risk rank table is shown. It is explanatory drawing of the risk rank table | surface used in Example 3. FIG. 12A and 12B are explanatory diagrams of access right tables used in the third embodiment. FIG. 10 is a block diagram illustrating a configuration in a fourth embodiment. It is explanatory drawing of the risk rank table | surface used in Example 4. FIG. FIGS. 15A and 15B are diagrams showing how the authentication probability and the access right change in the conventional example.

Explanation of symbols

1 Authentication server (access control system)
2 Operation terminal (access target device)
11 Input reception processing unit (feature data acquisition means)
12 Authentication processing unit (authentication means, user authentication means)
13 Probability calculation processing unit (probability calculation means, user authentication means)
14 Access right calculation processing unit (access right judging means)
15 User authentication data storage unit (user authentication data storage means)
16 Access standard data storage unit (access standard data storage means)
21 User data reception processing unit (feature data transfer means)
22 processing request reception processing unit (access request reception means)
23 execution processing part N network U user

Claims (12)

An access control system for determining whether or not to allow a predetermined access right among a plurality of access rights with different access states of a user to an access target device,
Feature data acquisition means for acquiring feature data used for authentication from the user;
User authentication data storage means in which user authentication data serving as a reference for authenticating the user from the feature data is stored in advance;
User authentication means for calculating the authentication probability of being a user by comparing the stored user authentication data and the acquired feature data;
Access reference data storage means for storing access reference data in which the access right permitted in accordance with the authentication probability is preset;
Access right determination means for determining the access right corresponding to the calculated user authentication probability based on the stored access reference data;
An access control system comprising:   The access control system according to claim 1, wherein the access reference data is data in which the access right permitted to the user is set in a stepwise manner according to the authentication probability.   3. The access control system according to claim 2, wherein the access reference data is data set such that a larger number of the access rights are permitted as the authentication probability is higher.   4. The access control system according to claim 2, wherein the access reference data is data set such that an access right having higher importance for the user is permitted as the authentication probability is higher. 5.   The access control system according to claim 1, 2, 3, or 4, wherein the access right is an operation content by the user permitted for the access target device.   The user authentication unit compares the user authentication data stored in the user authentication data storage unit with the feature data acquired by the feature data acquisition unit, and authenticates the user. 6. The access control system according to claim 1, further comprising: probability calculation means for calculating an authentication probability of being a user based on the probability. The probability calculation means stores the calculated authentication probability and calculates a new authentication probability based on the stored authentication probability and the authentication result by the authentication means.
The access control system according to claim 6.   The access control system according to claim 7, wherein the probability calculation unit calculates the new authentication probability by adding or subtracting the stored authentication probability according to an authentication result by the authentication unit. The authentication means determines whether the user is a user and
The probability calculation means adds a predetermined value to the stored authentication probability when the authentication result by the authentication means is a determination that the user is a user, and has been described when the determination is that the user is not a user. Subtracting a predetermined value from the authentication probability to calculate the new authentication probability,
9. The access control system according to claim 8, wherein: An information processing system comprising: the access control system according to any one of claims 1 to 9; and the access target device connected to the access control system,
The access target device acquires the feature data from the user and transfers it to the access control device, and the access request reception unit receives access request information from the user and transfers it to the access control system. With
The access right determination means of the access control system determines whether or not the access right corresponding to the access request information from the user transmitted from the access target device can be permitted, and the determination result is the access target Return to the device,
An information processing system characterized by this. A computer for determining whether or not to allow a predetermined access right among a plurality of access rights with different access states from the user to the access target device,
Feature data acquisition means for acquiring feature data used for authentication from the user;
User authentication for calculating an authentication probability of being a user by comparing the acquired feature data with user authentication data serving as a reference for authenticating the user from the feature data stored in advance in user authentication data storage means Means,
Access for determining the access right corresponding to the calculated user authentication probability based on access reference data in which the access right permitted according to the authentication probability stored in the access reference data storage means A right judging means;
Access control program for realizing An access control method for determining whether or not to allow a predetermined access right to a user among a plurality of access rights with different access states from a user to an access target device using a computer,
The computer is
Obtaining feature data for authentication from the user;
The acquired feature data is compared with the user authentication data serving as a reference for authenticating the user from the feature data stored in advance in the user authentication data storage means to calculate an authentication probability of being a user,
The access right that is permitted according to the authentication probability stored in the access reference data storage means determines the access right corresponding to the calculated user authentication probability based on preset access reference data;
An access control method characterized by the above.

Images