JP2009099095A - Electronic apparatus and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enhance security and to reduce the time and effort of inputting biological information. <P>SOLUTION: This electronic apparatus includes: a reading part 18 for inputting fingerprint information; a flash memory 15 for recording information for identifying fingerprint information input by the reading part 18 as audit trail; a CPU 31 or a CPU 11 for analyzing the audit trail recorded by the flash memory 15 to discriminate whether there is a risk; and the CPU 11 for performing processing for avoiding the risk when the CPU 31 or the CPU 11 discriminates that there is the risk. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

The present invention relates to an electronic device and a program.

  2. Description of the Related Art Conventionally, electronic devices having an operator (user) authentication function are known. In the electronic device, at the start of use, an ID (Identification) for specifying a user (or a user group) and a password and a personal identification number (hereinafter, personal identification information) associated with the ID are set by the user. Is done. Then, user authentication is performed using the set ID and password information.

  The above-described user authentication is based on the premise that only the user himself / herself knows the password information. In this case, there is a problem that security cannot be guaranteed if the password information is known to a third party.

  In order to solve the above problem, a technique for performing user authentication using biometric information such as a fingerprint is known (see, for example, Patent Document 1). In this technique, it is not necessary to use the password information. For this reason, the password information is not known to a third party, and security can be ensured. Further, the user does not need to memorize the password information. Furthermore, since the user does not need to input the password information, the operability is improved.

However, with the technology that performs user authentication using biometric information such as fingerprints, user authentication cannot be performed using biometric information when the user is injured. Moreover, since the identification rate of biometric information is not 100%, user authentication may fail. In order to cope with such a case, an electronic device having both an authentication function based on personal identification information and an authentication function based on biometric information is known.
JP 2006-155261 A

However, an electronic device having an authentication function based on personal identification information and biometric information has a problem that security cannot be guaranteed. That is, when authentication cannot be performed using biometric information (for example, when a finger is injured), user authentication is performed using the password information. For this reason, there is a problem that the password information is known to a third party and security cannot be guaranteed. In addition, when user authentication is performed using biometric information, biometric information may be misidentified because the biometric information identification rate is not 100%. At this time, when the user desires to authenticate using the biometric information, the user needs to read (input) the biometric information again. For this reason, the effort which inputs biometric information was required.

  An object of the present invention is to increase security and reduce the labor of inputting biological information.

In order to solve the above problems, an electronic device according to the first aspect of the present invention provides:
Input means for inputting biological information;
Recording means for recording information for identifying biometric information input by the input means as an audit trail;
A discriminating means for analyzing the audit trail recorded by the recording means to discriminate whether there is a risk;
Control means for performing processing for avoiding the risk when the determination means determines that there is a risk;
Is provided.

The invention according to claim 2 is the electronic apparatus according to claim 1,
Comprising setting means for setting a risk level for determining whether or not there is a risk in the audit trail;
The discrimination means includes
It is determined whether there is a risk in the audit trail with reference to the risk level set by the setting means.

The invention according to claim 3 is the electronic device according to claim 2,
Equipped with an alarm means for generating an alarm,
The setting means includes
Set an alarm generation level at which the alarm means generates an alarm as the risk level,
The discrimination means includes
With reference to the alarm occurrence level set by the setting means, it is determined whether there is a risk in the audit trail,
The control means includes
When the determination means determines that there is a risk, the alarm means generates an alarm.

The invention according to claim 4 is the electronic device according to claim 2,
The setting means includes
Set the operation stop level to stop the device operation as the risk level,
The discrimination means includes
With reference to the operation stop level set by the setting means, it is determined whether there is a risk in the audit trail,
The control means includes
When it is determined by the determining means that there is a risk, the device operation is stopped.

The invention according to claim 5 is the electronic apparatus according to any one of claims 1 to 4,
A communication means for communicating information;
A notification means for notifying the predetermined notification destination via the communication means of information indicating that there is a risk in the audit trail when the determination means determines that there is a risk;
Is provided.

The program of the invention described in claim 6 is:
Computer
Input means for inputting biological information;
Recording means for recording information for identifying biometric information input by the input means as an audit trail;
Discriminating means for determining whether there is a risk by analyzing the audit trail recorded by the recording means,
Control means for performing processing for avoiding the risk when the determination means determines that there is a risk;
To function as.

  ADVANTAGE OF THE INVENTION According to this invention, while improving security, the effort of inputting biometric information can be reduced.

  Hereinafter, an example of an embodiment according to the present invention will be described in detail with reference to the accompanying drawings. However, the scope of the invention is not limited to the illustrated examples.

  An example of an embodiment according to the present invention will be described with reference to FIGS. First, the device configuration of the present embodiment will be described with reference to FIGS. FIG. 1 shows the configuration of the payment system 1.

As shown in FIG. 1, the payment system 1 includes an electronic device 10 and a center server 30. The electronic device 10 is communicatively connected to the center server 30 via the communication network N.
1 shows an example in which one electronic device 10 is communicatively connected to the center server 30 via the communication network N, but the number of electronic devices 10 is not limited to this. The number of electronic devices 10 is arbitrary, and a plurality of electronic devices 10 may be configured to be connected to the center server 30 for communication.

  Next, the internal configuration of the electronic device 10 will be described. As shown in FIG. 2, the electronic device 10 includes a CPU (Central Processing Unit) 11 as a control unit and a notification unit, an input unit 12 as a setting unit, a RAM (Random Access Memory) 13, a display unit 14, A flash memory 15 as a recording unit, a communication unit 16 as a communication unit, a card reader 17, a reading unit 18 as an input unit, an alarm unit 19 as an alarm unit, and a timer unit 19a. Each part is connected via the bus 19b.

The CPU 11 develops a program designated from the system program and various application programs stored in the flash memory 15 in the RAM 13 and executes various processes in cooperation with the program expanded in the RAM 13.

When the CPU 11 determines that there is a risk in the audit trail in cooperation with the electronic device program, the CPU 11 performs processing for avoiding the risk.
The audit trail is information for identifying the biometric information input by the reading unit 18 and is a record for auditing whether the input of the biometric information is valid. Specifically, the audit trail refers to an ID, a registration time, and an authentication time. The ID is information for identifying biological information. The registration time refers to the time when biometric information is registered. The authentication time refers to the time when user authentication is performed. The risk means, for example, unauthorized use or diversion of the electronic device 10 by a third party, reuse of the discarded electronic device 10 by a third party, or an analysis attempt. The process for avoiding the risk means performing an operation such as the generation of an alarm (alarm) by the alarm unit 19 and the operation stop of the electronic device 10. In addition, the process for avoiding a risk is not limited to such operation | movement, You may comprise arbitrarily what kind of process is performed.

  The input unit 12 includes a keypad having numeric input keys and various function keys, and outputs an operation signal indicating that each key is pressed by the operator to the CPU 11. Further, the input unit 12 receives a risk level setting input for determining whether or not there is a risk in the audit trail.

The RAM 13 is a volatile memory, has a work area for storing various programs to be executed and data related to these various programs, and temporarily stores the information.

  The display unit 14 is configured by an LCD (Liquid Crystal Display) or the like, and performs screen display according to a display signal from the CPU 11. Further, the input unit 12 may be configured as a touch panel integrally with the display unit 14.

  The flash memory 15 stores various programs and various data in a readable and writable manner. The flash memory 15 stores an electronic device program and an audit trail.

  The communication unit 16 includes a communication control unit, and transmits / receives information to / from the center server 30 via the communication network N.

  The card reader 17 includes a CPU, RAM, ROM, flash memory, connection unit, and the like (not shown). In the card reader 17, various processes are executed in cooperation with the CPU and the program developed in the RAM read from the ROM. The connecting unit reads information on the connected IC card 17A. The flash memory stores an encryption key (not shown). The encryption key is, for example, a key for the card reader 17 to authenticate the electronic device 10. Authenticating the electronic device 10 means permitting the operation of the electronic device 10 (for example, an operation such as payment processing).

  The IC card 17A is a card as a recording medium for settlement possessed by each customer. The IC card 17A is a contact type or non-contact type card, and includes an IC chip that stores unique card information (for example, a personal identification number) in each IC card.

The reading unit 18 optically reads biometric information (fingerprint information) of the person to be authenticated (user) and outputs the read biometric information to the CPU 11. Here, the biometric information refers to information such as fingerprint information, voiceprint information, eyeball iris information, palm and wrist vein information. In the present embodiment, the biological information is described as fingerprint information.
When voiceprint information is input as biometric information, a voice input unit that inputs voiceprint information by voice may be provided.

  The alarm unit 19 generates a sound indicating an alarm (alarm sound) based on an instruction from the CPU 11. Note that the alarm is not limited to the generation of sound, but may be an optical alarm that generates a voice message indicating an alarm, or displays an alarm message on the display unit 14 or blinks an LED light. Good.

  Next, the configuration of the center server 30 will be described. FIG. 3 shows the internal configuration of the center server 30.

  As shown in FIG. 3, the center server 30 includes a CPU 31 as a determination unit, an input unit 32, a RAM 33, a display unit 34, a storage unit 35, a communication unit 36, and a time measuring unit 37. Each unit is connected via the bus 38. About CPU31, the input part 32, RAM33, and the time measuring part 37, it is the same as that of the structure of CPU11 of the electronic device 10, the input part 12, RAM13, and the time measuring part 19a, A different part is mainly demonstrated.

  The CPU 31 determines whether there is a risk by analyzing the audit trail recorded in the flash memory 15 in cooperation with the risk level notification program. Analyzing the audit trail to determine whether there is a risk refers to determining whether there is a risk in the audit trail with reference to the risk level set via the input unit 12. Specifically, it is determined whether there is a risk in the audit trail with reference to the alarm generation level as the alarm generation level set via the input unit 12 or the equipment operation stop level as the operation stop level. That means.

  In the present embodiment, the risk level notification process is described as being executed in cooperation with the CPU 31 and the risk level notification program. However, the risk level notification process is performed in cooperation with the CPU 11 of the electronic device 10 and the risk level notification program. It may be executed. In this case, the CPU 11 corresponds to a determination unit.

  The input unit 32 includes a keyboard having cursor keys, characters, numeric input keys, various function keys, and the like, and outputs an operation signal to the CPU 31 when each key is pressed by the operator. The input unit 32 may include a pointing device such as a mouse, and may receive a position input signal and transmit it to the CPU 31.

  The display unit 34 includes an LCD, a CRT (Cathode Ray Tube), and the like, and performs screen display according to a display signal from the CPU 31.

  The storage unit 35 is configured by an HDD (Hard Disk Drive) or the like, and stores various programs and various data.

  The communication unit 36 includes a modem, a TA (Terminal Adapter), a router, a network card, and the like, and transmits / receives information to / from the electronic device 10 on the connected network N.

  Next, the security policy table 40 will be described with reference to FIG. The security policy table 40 is a table that defines a policy level for handling an audit trail. The policy level that handles the audit trail is the judgment standard for each audit item for judging that the risk level is the alarm generation level, the judgment standard for each audit item for judging that the risk level is the equipment operation stop level, A criterion for maintaining fingerprint information. The security policy table 40 is stored in the flash memory 15 of the electronic device 10 or the storage unit 35 of the center server 30.

  The audit item is an item for determining whether or not there is a risk in the audit trail. The audit items include “device usage frequency”, “authentication frequency”, and “operator identity”. The usage frequency of the device is an item for determining the usage frequency of the electronic device 10. The authentication frequency is an item for auditing the frequency at which the user is authenticated. The identity of the operator is an item for auditing whether or not the user is the same person.

  The alarm generation event (alarm generation level) indicates a risk level at which the alarm unit 19 generates an alarm (alarm). The alarm generation level is set by the user via the input unit 12. For example, the use frequency of the device is set to “no use of device for 3 days or more” via the input unit 12. Further, the frequency of authentication is set to “authentication at least 10 times a day by the same person” via the input unit 12. Further, the identity of the operator is set via the input unit 12 as “all users in the last two days are registered within two days”.

  The device operation stop event (device operation stop level) indicates a risk level for stopping the operation of the electronic device 10. The device operation stop level is set by the user via the input unit 12. For example, the use frequency of the device is set to “no use of device for one month or more” via the input unit 12. Further, the frequency of authentication is set to “authentication 5 times or more within 5 minutes” via the input unit 12. Further, the identity of the operator is set via the input unit 12 as “all users on the last 7 days are registered within 7 days (excluding new use)”.

  When it is determined that there is a risk in the audit trail, the condition for determining the preservation of evidence is the condition for storing the fingerprint information corresponding to the audit trail determined to be in the risk in the flash memory 15. Show. A condition for determining that evidence maintenance is necessary is set by the user via the input unit 12. For example, the frequency of use of the device is set to “first authenticator after device use has been opened for 3 days or more” via the input unit 12. Further, the authentication frequency is set to “authentication three times within 5 minutes by the same person” via the input unit 12. Further, the identity of the operator is set to “authentication of only the user registered within two days” via the input unit 12.

  The assumed risk is an assumed risk when it is determined that there is a risk in the audit trail. For example, if it is determined at the alarm generation level that “the device is not used for 3 days or more” or the device operation stop level is “the device is not used for one month or more”, “Diversion, reuse of discarded equipment, trial of analysis” is assumed as a risk. In addition, if it is determined that “authentication at least 10 times a day by the same person” at the alarm generation level or “authentication at least 5 times within 5 minutes” at the device operation stop level, "Analysis attempt" is assumed as a risk. Also, at the alarm generation level, it is determined that “all users on the last two days are registered within two days”, and at the device operation stop level, “all users on the last seven days are registered within seven days”. In such a case, “appropriate device diversion, diversion, theft” is assumed as a risk.

  Next, the operation of the payment system 1 will be described with reference to FIGS. FIG. 5 shows the flow of electronic device processing and risk level notification processing. FIG. 6 shows the subsequent flow of the electronic device process and the risk level notification process. FIG. 7 shows the flow of the audit trail extraction process. FIG. 8 shows the flow of the audit process.

An electronic device process executed by the electronic device 10 will be described. In the electronic device 10, for example,
Triggered by an instruction to execute electronic device processing via the input unit 12, electronic device processing is performed in cooperation with the CPU 11 and the electronic device program that is read from the flash memory 15 and appropriately expanded in the RAM 13. Executed.

  First, input of fingerprint information is waited (step S11). Then, it is determined whether or not the fingerprint information is input (read) through the reading unit 18 (step S12). When it is determined that the fingerprint information has not been read (step S12; NO), the process proceeds to step S11.

  If it is determined in step S12 that fingerprint information has been input (step S12; YES), the input fingerprint information is compared with the registered fingerprint information stored in the flash memory 15 (step S13). ). At this time, the comparison of fingerprint information may be performed by comparing raw data of the read fingerprint information or by comparing data obtained by extracting feature points of the fingerprint information. Then, it is determined whether or not the input fingerprint information matches the registered fingerprint information stored in the flash memory 15 (step S14). Specifically, it is determined whether or not the input fingerprint information matches the plurality of fingerprint information stored in the flash memory 15.

  If it is determined in step S14 that the input fingerprint information does not match the fingerprint information stored in the flash memory 15 (step S14; NO), the next fingerprint information is read from the flash memory 15 ( Step S15). After execution of step S15, the process proceeds to step S13.

  If it is determined in step S14 that the input fingerprint information does not match the fingerprint information (all fingerprint information) stored in the flash memory 15 (step S14; all cases do not match), the input fingerprint information An ID is assigned to the information (step S16). For example, when fingerprint information for five people is already registered in the flash memory 15, the ID “6” is assigned to the fingerprint information. Then, the fingerprint information assigned with the ID is registered in the flash memory 15 (step S17). After execution of step S17, the registration time and the authentication time are registered in the flash memory 15 (step S18). The registration time refers to the time when fingerprint information is registered in the flash memory 15 in step S17. The authentication time corresponds to the same time as the registration time. After execution of step S18, the process proceeds to step S21 described later.

If it is determined in step S14 that the input fingerprint information matches the fingerprint information stored in the flash memory 15 (step S14; YES), the ID of the matched fingerprint information is read from the flash memory 15. (Step S19). Then, the authentication time is updated (step S20). The authentication time in this step refers to the time determined as YES in step S14.

  After execution of step S20, the ID and time information are sent (transmitted) to the center server 30 as an audit trail via the communication unit 16 (step S21). Time information refers to registration time and authentication time. Then, an audit trail extraction process is executed (step S22). The audit trail extraction process is a process for extracting an audit trail at risk. The audit trail extraction process will be described with reference to FIG.

  First, the latest audit trail is stored internally (step S221). That is, the received ID, registration time, and authentication time are associated and stored in the flash memory 15. Then, the audit trail stored in the flash memory 15 before the latest audit trail is checked (step S222). After execution of step S222, it is determined whether or not the checked audit trail is an audit trail recorded three days ago (step S223). Specifically, the authentication time included in the checked audit trail is compared with the current time measured by the timekeeping unit 37, and whether or not the current time has passed three days or more from the authentication time included in the audit trail. Is determined. If it is determined that the checked audit trail has been recorded more than three days ago (step S223; or more), the processing result is returned as “corresponding” (step S224). After execution of step S224, the audit trail extraction process is terminated, and the process proceeds to step S23.

  In step S223, when it is determined that the checked audit trail is stored less than three days ago (step S223; less than), the audit trail is checked retroactively three times (step S225). That is, the check is performed retroactively up to the audit trail three previous to the audit trail recorded in step 221.

  Then, it is determined whether or not the same person has been authenticated three times within 5 minutes (step S226). Whether or not they are the same person is determined based on the ID included in the audit trail. The determination as to whether or not the authentication has been performed three times within 5 minutes is performed based on the authentication time included in the audit trail. That is, in this step, it is determined whether or not the same person has been authenticated three times within 5 minutes based on the IDs and authentication times included in the audit trails up to three previous cases.

  If it is determined in step S226 that the same person has authenticated three times within 5 minutes (step S226; present), the process proceeds to step S224. When it is determined that the same person does not authenticate three times within 5 minutes (step S226; none), the audit trail is checked retroactively two days ago (step S227). And it is discriminate | determined whether all are within two days of registration (step S228). That is, it is determined whether or not all registered users on the last two days are registered within two days. Specifically, based on the ID and registration time included in the audit trail for the last two days, it is determined whether or not all users registered within two days are the same person.

  If it is determined in step S228 that all the members are within 2 days of registration (step S228; YES), the process proceeds to step S224. When it is determined that all the members are not within two days of registration (step S228; NO), the processing result is returned as “not applicable” (step S229). After execution of step S229, the audit trail extraction process is terminated, and the process proceeds to step S23.

  Then, it is determined whether the processing result is applicable or not (step S23). If the processing result is determined to be applicable (step S23; applicable), the fingerprint information and ID read at the time of authentication are encrypted with the encryption key (step S24). By encrypting the fingerprint information and the ID, it is possible to prevent falsification of the fingerprint information by a third party. At this time, a signature in which fingerprint information and ID are collected may be given.

  After execution of step S24, the encrypted fingerprint information and ID are transmitted (transmitted) to the center server 30 via the communication unit 16, or the encrypted fingerprint information and ID are stored in the flash memory 15 ( Step S25). Here, when the signature is given, the encrypted fingerprint information and ID are transmitted to the center server 30 together with the signature. After execution of step S25, the process proceeds to step S26 described later.

  If it is determined in step S23 that the processing result is not applicable (step S23; not applicable), the function originally intended by the electronic device 10 is performed (step S26). The function originally intended by the electronic device 10 is, for example, payment processing. Then, re-authentication conditions are checked (step S27). For example, in order to improve security, it is assumed that the user has set in advance to perform re-authentication once every three hours. In this case, the re-authentication condition is checked by referring to the elapsed time from the authentication time (for example, step S14; authentication time in the case of YES or authentication time in step S17).

  After execution of step S27, it is determined whether or not to perform re-authentication based on re-authentication conditions (step S28). If it is determined that re-authentication is to be performed (step S28; applicable), the process proceeds to step S11. When it is determined that re-authentication is not performed (step S28; not applicable), notification information is received from the center server 30 via the communication unit 16 (step S29). Step S28: If not applicable, if it is necessary to perform the process of step S26 (for example, the next settlement process), the process proceeds to step S26.

  After execution of step S29, the check result is determined (step S30). Specifically, the check result is determined based on the information received from the center server 30. If the check result is an alarm (step S30; alarm), a warning is executed (step S31). The warning means that an alarm of the alarm unit 19 is generated, for example. The warning may be notified (transmitted) to the sensor server 30 via the communication unit 16. In step S30, when the check result is an operation stop (step S30; operation stop), a safety measure is executed (step S32). For example, a safety measure such as deletion of the encryption key is executed. If the check result indicates that the operation has ended, the electronic device processing is ended.

  Next, the risk level notification process executed by the center server 30 will be described. For example, in cooperation with the CPU 31 and the risk level notification program read from the storage unit 35 and appropriately expanded in the RAM 33, triggered by the start of reception of the audit trail from the electronic device 10 via the communication unit 36, Risk level notification processing is executed.

  First, the audit trail is completely received from the electronic device 10 via the communication unit 36 (step S51). Then, the audit trail is stored in the storage unit 35 (step S52). After execution of step S52, it is determined whether or not a fixed amount of audit trail is stored in the storage unit 35 (step S53). When it is determined that a fixed amount of audit trail is not stored in the storage unit 35 (step S53; NO), the process proceeds to step S51.

  If it is determined in step S53 that a fixed amount of audit trail is stored in the storage unit 35 (step S53; YES), an audit process is executed (step S54). The audit process is a process for determining an alarm level or an operation stop level with reference to an audit trail. The audit process will be described with reference to FIG.

  First, the audit trail recorded most recently is checked (step S541). The most recently recorded audit trail refers to the audit trail immediately preceding the received audit trail. Then, it is determined whether or not there is no authentication operation for 3 days (step S542). Specifically, it is determined whether or not there is an authentication operation for 3 days by referring to the authentication time included in the audit trail recorded most recently. If it is determined that there is no authentication operation for 3 days (step S542; YES), an “alarm” is returned (step S543). That is, it is determined that the risk level is the alarm generation level.

  In step S542, when it is determined that there is an authentication operation during three days (step S542; NO), it is determined whether there is no authentication operation for one month (step S544). Specifically, it is determined whether there is no authentication operation for one month by referring to the authentication time included in the most recently recorded audit trail. If it is determined that there is no authentication operation for one month (step S544; YES), it is determined whether one month has passed since the electronic device 10 was installed (step S545). When it is determined that one month has passed since the electronic device 10 was installed (step S545; above), the process proceeds to step S548 described later. When it is determined that one month has not elapsed since the electronic device 10 was installed (step S545; less than), the audit process is terminated, and the process proceeds to step S55.

  If it is determined in step S544 that there is an authentication operation for one month (step S544; NO), it is determined whether or not the same person has been authenticated three times within 5 minutes (step S546).

  If it is determined in step S546 that the same person has authenticated three times or more within 5 minutes (step S546; present), the process proceeds to step S543. If it is determined in step S546 that the same person has not been authenticated three times or more within 5 minutes (step S546; none), it is determined whether or not the same person has been authenticated five times or more within 5 minutes. (Step S547).

  If it is determined in step S547 that the same person has authenticated five times or more within 5 minutes (step S547; present), “operation stop” is returned (step S548). That is, the risk level is determined as the device operation stop level. After execution of step S548, the audit process is terminated.

  In step S547, when it is determined that there is no authentication more than 5 times within 5 minutes by the same person (step S547; none), the audit trail for 2 days is checked (step S548). Then, the ID and registration time included in the audit trail for two days are referred to, and it is determined whether or not all the members are within two days of registration (step S550).

  If it is determined in step S550 that all the members are within two days of registration (step S550; YES), the process proceeds to step S543. If it is determined that all members are not within 2 days of registration (step S550; NO), an audit trail for 7 days is checked (step S551). Then, the ID and the registration time included in the audit trail for 7 days are referred to, and it is determined whether or not all are within 7 days of registration (step S552).

  If it is determined in step S552 that all the members are within 7 days of registration (step S552; YES), the process proceeds to step S545. If it is determined that all members are not within 7 days of registration (step S552; NO), “no event” is returned (step S553). That is, it is determined that there is no risk in the audit trail. After execution of step S553, the audit process is terminated and the process proceeds to step 55.

  After execution of step S54, it is determined whether or not an event has occurred (step S55). That is, it is determined whether the audit trail has a risk. When it is determined that no event occurs (step S55; none), the risk level notification process is terminated. When it is determined that an event has occurred (step S55; occurrence), what is the event is determined (step S56). That is, it is determined whether the risk level is an alarm generation level or a device operation stop level.

  If it is determined in step S56 that the event is an alarm (risk level is an alarm generation level) (step S56; alarm), an alarm message is notified (step S57). The alarm message refers to a message indicating that the risk level is an alarm level. Specifically, in this step, an alarm message is transmitted to the electronic device 10 via the communication unit 36. After execution of step S57, the risk level notification process is terminated.

  Here, in step S31 of the electronic device processing, when a warning is notified from the electronic device 10 to the center server 30, for example, an alarm message is displayed on the display unit 34 after the execution of step S57, and management on the center server 30 side is performed. Will be notified.

  In step S56, when it is determined that the event is stop (risk level is the device operation stop level) (step S56; stop), an emergency message is notified (step S58). An urgent message is a message indicating that the risk level is a device operation stop level. Specifically, in this step, an emergency message is transmitted to the electronic device 10 via the communication unit 36. After execution of step S58, the risk level notification process is terminated.

  As described above, according to the present embodiment, it is determined whether or not there is a risk in the audit trail, and when there is a risk, a process for avoiding the risk is performed. Thereby, since the user does not need to perform authentication by inputting the password information, security can be improved. Further, even if the fingerprint information is erroneously recognized, it is not necessary to input the fingerprint information again, so that the trouble of inputting the fingerprint information can be reduced.

  In addition, since the user does not need to memorize password information such as a password or a password, there is no need to perform operations depending on the memory. Further, since a configuration for inputting personal identification information is not required, generation of extra cost can be suppressed as compared with an electronic device having an authentication function using personal identification information and an authentication function using fingerprint.

  In step S24 of the electronic device processing, the encrypted fingerprint information and ID are transmitted to the center server 30 or stored in the flash memory 15. Thereby, by referring to the stored fingerprint information and ID, it is possible to identify a person who has attempted fraud.

  Further, the user can set the risk level in consideration of the fingerprint information identification rate. Thereby, for example, even when fingerprint information is erroneously recognized, it is not necessary to re-input the fingerprint information, so that it is possible to reduce the trouble of inputting the fingerprint information.

  Further, it is determined whether or not there is a risk in the audit trail by referring to the alarm generation level. If it is determined that there is a risk, the alarm means generates an alarm. Thereby, the user can discover an unexpected risk (notice an unexpected risk). In addition, it is possible to take measures to avoid unnecessary operation stop of the electronic device 10.

  Further, it is determined whether or not there is a risk in the audit trail with reference to the operation stop level. When it is determined that there is a risk, the operation of the device (electronic device) is stopped. As a result, the spread of damage such as unauthorized use by a third party can be prevented.

  Further, in step S31 of the electronic device processing, when it is determined that there is an alarm level risk in the audit trail, an alarm message is notified to the center server 30 via the communication unit 16. As a result, the administrator of the center server 30 can take protective measures against the alarm level risk.

  Note that the description in the above embodiment is an example of an electronic device and a program according to the present invention, and the present invention is not limited to this.

  For example, in the above embodiment, the IC card 17A is configured to store card information, but the present invention is not limited to this. For example, it may have a function of identifying fingerprint information. Specifically, with reference to FIG. 9, an electronic apparatus 10A having a function of identifying fingerprint information by an IC card will be described. FIG. 9 shows an internal configuration of the electronic apparatus 10A. Hereafter, the same code | symbol is attached | subjected to the part similar to the electronic device 10, and the detailed description is used and a different part is demonstrated.

  The IC card 17B of the electronic device 10A includes a storage unit 17C and an identification unit 17D. The storage unit 17C stores fingerprint information and an encryption key for encrypting the fingerprint information. The identification unit 17D identifies whether or not the fingerprint information read by the reading unit 18 matches the fingerprint information stored in the storage unit 17C. That is, the user is authenticated by the IC card 17B. Thereby, the payment system 1 which can authenticate a user with the IC card 17B can be constructed.

  At this time, the electronic device 10A may be configured to authenticate the electronic device 10A (permit operation of the electronic device 10A) from the fingerprint information. In this case, authentication of the electronic device 10A is performed by an authentication unit (not shown) for authenticating the electronic device 10A from the fingerprint information.

  In step S22 of the electronic device processing, the audit trail extraction process is performed. However, the audit trail extraction process may not be performed. That is, after executing step S21, the process may proceed to step S23 without performing the audit trail extraction process.

  Also, in the risk level notification process, when it is determined in step S55 that an event has occurred, the event (information indicating that the alarm level or the equipment stop level) is displayed on the display unit 34, and the displayed event is displayed in the center server. The administrator on the 30th side may refer to the event to determine the event (determination of whether the risk level is the alarm level or the device operation stop level).

  The security policy table 40 shown in FIG. 4 is an example. Each item of the security policy table 40 is appropriately created according to the purpose of use of the electronic device 10 by being input via the input unit 12.

  Further, in the terminal process and the risk level determination process, only reading (input) of fingerprint information is performed by the electronic device 10, and all processes after the input of fingerprint information are performed by the center server 30.

  In the above embodiment, the biometric information is described as fingerprint information, but the present invention is not limited to this. For example, the biometric information may be voiceprint information.

  In addition, the detailed configuration and detailed operation of the payment system in the above embodiment can be changed as appropriate without departing from the spirit of the present invention.

It is the schematic which shows the payment system 1 which concerns on this invention. 2 is a block diagram showing an internal configuration of the electronic device 10. FIG. 2 is a block diagram showing an internal configuration of a center server 30. FIG. It is a figure which shows the security policy table. It is a flowchart which shows an electronic device process and a risk level notification process. 6 is a flowchart showing a continuation of the electronic device process and the risk level notification process of FIG. 5. It is a flowchart which shows an audit process. It is a flowchart which shows an audit trail extraction process. It is a block diagram which shows the internal structure of 10 A of electronic devices.

Explanation of symbols

1 Payment System 10, 10A Electronic Device 11, 31 CPU
12, 32 Input unit 13, 33 RAM
14, 34 Display unit 15 Flash memory 16, 36 Communication unit 17 Card reader 17A, 17B Card 17C, 35 Storage unit 17D Identification unit 18 Reading unit 19 Alarm unit 19a Timekeeping unit 30 Center server 40 Security policy table

Claims (6)

Input means for inputting biological information;
Recording means for recording information for identifying biometric information input by the input means as an audit trail;
A discriminating means for analyzing the audit trail recorded by the recording means to discriminate whether there is a risk;
Control means for performing processing for avoiding the risk when the determination means determines that there is a risk;
Electronic equipment comprising. Comprising setting means for setting a risk level for determining whether or not there is a risk in the audit trail;
The discrimination means includes
The electronic device according to claim 1, wherein it is determined whether there is a risk in the audit trail with reference to a risk level set by the setting unit. Equipped with an alarm means for generating an alarm,
The setting means includes
Set an alarm generation level at which the alarm means generates an alarm as the risk level,
The discrimination means includes
With reference to the alarm occurrence level set by the setting means, it is determined whether there is a risk in the audit trail,
The control means includes
The electronic device according to claim 2, wherein when the determination unit determines that there is a risk, the alarm unit generates an alarm. The setting means includes
Set the operation stop level to stop the device operation as the risk level,
The discrimination means includes
With reference to the operation stop level set by the setting means, it is determined whether there is a risk in the audit trail,
The control means includes
The electronic device according to claim 2, wherein when the determination unit determines that there is a risk, the device operation is stopped. A communication means for communicating information;
A notification means for notifying information indicating that there is a risk in the audit trail to a predetermined notification destination via the communication means when the determination means determines that there is a risk. 5. The electronic device according to any one of 1 to 4. Computer
Input means for inputting biological information;
Recording means for recording information for identifying biometric information input by the input means as an audit trail;
Discriminating means for determining whether there is a risk by analyzing the audit trail recorded by the recording means,
Control means for performing processing for avoiding the risk when the determination means determines that there is a risk;
Program to function as.

Images