WO2010070756A1

WO2010070756A1 - Information processing device, authentication program, and authentication method

Info

Publication number: WO2010070756A1
Application number: PCT/JP2008/073083
Authority: WO
Inventors: 琢磨山田; 悟弥▲吉▼
Original assignee: 富士通株式会社
Priority date: 2008-12-18
Filing date: 2008-12-18
Publication date: 2010-06-24

Abstract

It is possible to improve the authentication accuracy by using a fingerprint authentication in combination with other authentication method. A control unit (1a) executes a process when a user is authenticated by an authentication control unit (1d). A fingerprint information acquisition unit (1b) acquires fingerprint information. An identification information acquisition unit (1c) acquires identification inforatmion. An authentication control unit (1d) compares the fingerprint information to the fingerprint authentication information to execute a first authentication and compares the identification information to the identification authentication information to execute a second authentication. If the first authentication and the second authentication are both successful, it is decided that the user is authorized. A fingerprint authentication information storage unit (1e) stores fingerprint authentication information. An identification authentication information storage unit (1f) stores the identification authentication information.

Description

Information processing apparatus, authentication program, and authentication method

The present invention relates to an information processing apparatus, an authentication program, and an authentication method, and more particularly, to an information processing apparatus, an authentication program, and an authentication method that perform authentication using a fingerprint.

In recent years, with the spread of information processing devices and information networks, a lot of information is used in society, and the demand for protection of confidential information and personal information is also increasing. On the other hand, since portable information processing apparatuses such as notebook personal computers (hereinafter referred to as notebook PCs) are relatively frequently used during movement destinations or during movement, security measures are emphasized.

As one of the security measures, there is personal authentication for authenticating the user of the notebook PC. Of these personal authentications, biometric authentication based on biometric information such as fingerprints that are biometrically unique to the user has attracted attention. The following techniques are known for this fingerprint authentication.
JP 2000-293253 A JP 2003-157140 A JP 2006-172129 A JP 2005-100063 A JP 2006-24205 A

However, in the case of biometric authentication such as fingerprint authentication, there is a problem that accuracy may be insufficient with only one type of biometric information.
The present invention has been made in view of such a point, and an object thereof is to provide an information processing apparatus, an authentication program, and an authentication method with high authentication accuracy by using fingerprint authentication and other authentication methods.

The disclosed information processing apparatus includes a fingerprint information acquisition unit that acquires fingerprint information, which is information acquired from the fingerprint of the user to authenticate the user, and information that is used to authenticate the user and the fingerprint information Is an identification information acquisition unit that acquires identification information that is different information, and information that is set in advance for use in authentication as to whether or not the user is legitimate, and compares the fingerprint information with the user. A fingerprint authentication information storage unit for storing fingerprint authentication information for authenticating the information, and information set in advance for use in authenticating whether or not the user is valid, by comparing with the identification information Stored in the identification authentication information storage unit for storing the identification authentication information for authenticating the user, the fingerprint information acquired by the fingerprint information acquisition unit, and the fingerprint authentication information storage unit The fingerprint authentication information is compared with the first authentication, and the identification information acquired by the identification information acquisition unit is compared with the identification authentication information stored in the identification authentication information storage unit. When the second authentication is executed and the first authentication and the second authentication are successful, the authentication control unit authenticates the user as valid, and the authentication control unit authenticates the user. And a control unit that executes a process permitted by a legitimate user when it is authenticated.

According to the disclosed information processing apparatus, fingerprint information is acquired by the fingerprint information acquisition unit. Identification information is acquired by the identification information acquisition unit. Fingerprint authentication information is stored by the fingerprint authentication information storage unit. The identification / authentication information is stored by the identification / authentication information storage unit. The authentication control unit compares the fingerprint information with the fingerprint authentication information to perform the first authentication, compares the identification information with the identification authentication information, performs the second authentication, and performs the first authentication and the first authentication. If the second authentication is successful, the user is authenticated as valid. When the control unit authenticates the user as valid by the authentication control unit, processing permitted to the valid user is executed.

According to the disclosed information processing apparatus, authentication program, and authentication method, the information processing apparatus can increase the accuracy of authentication by using fingerprint authentication and other authentication methods in combination.
These and other objects, features and advantages of the present invention will become apparent from the following description taken in conjunction with the accompanying drawings which illustrate preferred embodiments by way of example of the present invention.

It is a figure which shows the outline | summary of this Embodiment. It is a figure which shows the external appearance of information processing apparatus. It is a figure which shows a one-touch operation part. It is a figure which shows a contact input part. It is a figure which shows the hardware constitutions of information processing apparatus. It is a block diagram which shows the structure of the information processing apparatus of 1st Embodiment. It is a flowchart which shows the procedure of the authentication process of 1st Embodiment. It is a flowchart which shows the procedure of the authentication process of 1st Embodiment. It is a sequence diagram which shows the procedure at the time of the authentication of 1st Embodiment. It is a sequence diagram which shows the procedure at the time of the authentication of 1st Embodiment. It is a sequence diagram which shows the procedure at the time of the authentication of 1st Embodiment. It is a figure which shows decomposition | disassembly into the handwriting of the figure input in determination of the handwriting authentication of 1st Embodiment. It is a figure which shows decomposition | disassembly into the vector of handwriting in determination of handwriting authentication of 1st Embodiment. It is a figure which shows the vector of each part which divided the vector in determination of the handwriting authentication of 1st Embodiment. It is a figure which shows the fingerprint authentication message window of 1st Embodiment. It is a figure which shows the handwriting authentication message window of 1st Embodiment. It is a figure which shows the application window of 1st Embodiment. It is a block diagram which shows the structure of the information processing apparatus of 2nd Embodiment. It is a flowchart which shows the procedure of the authentication process of 2nd Embodiment. It is a sequence diagram which shows the procedure at the time of the authentication of 2nd Embodiment. It is a sequence diagram which shows the procedure at the time of the authentication of 2nd Embodiment. It is a figure which shows the fingerprint authentication message window of 2nd Embodiment. It is a block diagram which shows the structure of the information processing apparatus of 3rd Embodiment. It is a flowchart which shows the procedure of the authentication process of 3rd Embodiment. It is a sequence diagram which shows the procedure at the time of the authentication of 3rd Embodiment. It is a sequence diagram which shows the procedure at the time of the authentication of 3rd Embodiment. It is a figure which shows the external appearance of the automatic transaction apparatus of 4th Embodiment.

Hereinafter, embodiments will be described with reference to the drawings.
FIG. 1 is a diagram showing an outline of the present embodiment. The information processing apparatus 1 illustrated in FIG. 1 outputs a setting execution program for setting a password for the information processing apparatus 1. The information processing apparatus 1 includes a control unit 1a, a fingerprint information acquisition unit 1b, an identification information acquisition unit 1c, an authentication control unit 1d, a fingerprint authentication information storage unit 1e, and an identification / authentication information storage unit 1f.

The control unit 1a receives a start instruction of the information processing apparatus 1 by the user or a login instruction for starting reception of a login, an application start instruction for instructing start of an application, or an application execution instruction for instructing execution of an application. When the process corresponding to the above instruction is a process whose execution is restricted for a user other than a valid user, the control unit 1a performs the above process when the authentication control unit 1d authenticates the user as valid. Based on the instruction, the process authorized by the legitimate user is executed.

The fingerprint information acquisition unit 1b acquires fingerprint information which is information acquired from the user's fingerprint in order to authenticate the user. This fingerprint information is information acquired for executing the above-described processing, and is information indicating the characteristics of the fingerprint of the legitimate user's finger. A user who intends to cause the information processing apparatus 1 to execute the above-described processing is authenticated as valid, so that the fingerprint information acquisition unit of the information processing apparatus 1 has the fingerprint information of the user's previously registered finger. Let 1b read. Thereby, the fingerprint information of the user is acquired.

The identification information acquisition unit 1c acquires identification information that is information for authenticating the user and is different from the fingerprint information. This identification information is information acquired for the execution of the above processing, and the user ID that uses the information processing apparatus 1, such as a user ID (Identification), is authorized to use other users and other users. This information makes it possible to identify a person who does not have The user ID is input by a keyboard, a button-type input device, or other input devices that the information processing apparatus 1 has. The identification information can identify the user, for example, ID information stored in a device owned by the user and capable of storing information such as an IC card, biometric information other than fingerprints such as iris and palm print, etc. It ’s enough if it ’s information.

The authentication control unit 1d performs first authentication by comparing the fingerprint information acquired by the fingerprint information acquisition unit 1b with the fingerprint authentication information stored in the fingerprint authentication information storage unit 1e, and also by the identification information acquisition unit 1c. The second authentication is performed by comparing the acquired identification information with the identification authentication information stored in the identification authentication information storage unit 1f, and if the first authentication and the second authentication are successful, the user is authorized. Authenticate that

The first authentication for comparing the fingerprint information with the fingerprint authentication information is performed by comparing the feature point extracted by reading the user's fingerprint indicated by the fingerprint information with the feature point indicated by the preset fingerprint authentication information. . Similarly, in the second authentication for comparing the identification information and the identification authentication information, the feature point indicated by the identification information acquired from the user to be authenticated is compared with the feature point indicated by the preset identification authentication information. Done.

The fingerprint authentication information storage unit 1e is information set in advance for use in authenticating whether or not the user is valid, and stores fingerprint authentication information for authenticating the user by comparing with the fingerprint information. . This fingerprint authentication information is information that the information processing apparatus 1 has in advance, and is information indicating the characteristics of a fingerprint extracted by reading a legitimate user's fingerprint.

The identification / authentication information storage unit 1f is information set in advance for use in authentication of whether or not the user is valid, and stores identification / authentication information for authenticating the user by comparing with the identification information. This identification authentication information is information that the information processing apparatus 1 has in advance, and makes it possible to identify the ID of the user who uses the information processing apparatus 1 from other users and those who do not have a valid use authority other than the user. Information. The identification authentication information is information that can be compared with the identification information.

According to such an information processing apparatus 1, fingerprint information is acquired by the fingerprint information acquisition unit 1b. Identification information is acquired by the identification information acquisition unit 1c. Fingerprint authentication information is stored in the fingerprint authentication information storage unit 1e. Identification and authentication information is stored in the identification and authentication information storage unit 1f. The authentication control unit 1d compares the fingerprint information with the fingerprint authentication information to perform the first authentication, compares the identification information with the identification authentication information, performs the second authentication, If the second authentication is successful, the user is authenticated as valid. When the control unit 1a authenticates that the user is valid in the authentication control unit 1d, a process permitted to the valid user is executed.

This makes it possible to improve the accuracy of authentication by using fingerprint authentication and other authentication methods, and reduce the processing burden when executing the authentication process by efficiently performing the process. It becomes possible.

[First Embodiment]
Hereinafter, a first embodiment will be described in detail with reference to the drawings.
FIG. 2 is a diagram illustrating an appearance of the information processing apparatus. An information processing apparatus 100 shown in FIG. 2 is a notebook type (laptop type) personal computer to which a security function based on password authentication is added. The information processing apparatus 100 includes an electronic component such as a display unit 120 having an LCD (Liquid Crystal Display) 121, a keyboard 131, and a fingerprint authentication unit 141, a card reader 144, and other CPU (Central Processing Unit) 101 described later in FIG. It has a main body portion 130. A one-touch operation unit 142 is disposed on the upper surface of the main body 130.

The LCD 121 is a display device having a display screen for displaying characters or images. In addition to the LCD, other thin display devices such as an organic EL (Electroluminescence) display may be used as the display device. The keyboard 131 is an input device for inputting characters and performing other operations.

As will be described in detail later with reference to FIG. 3, the one-touch operation unit 142 is an operation unit for the user to perform an input by a pressing operation.
As will be described in detail later with reference to FIG. 4, the contact input unit 143 is an input device having a digitizer 143a for a user to input handwriting and the like, and a fingerprint reading unit 143b for reading fingerprints and inputting fingerprint information. is there.

As will be described in detail later with reference to FIG. 5, the card reader 144 is a device for reading information stored in the IC card by communicating with the IC card.
Note that the information processing apparatus 100 according to the present embodiment has been described with respect to the notebook type personal computer. However, the information processing apparatus 100 is an example of the information processing apparatus, and the user authentication function according to the present embodiment can be performed using a mobile phone or PDA. (Personal Digital Assistant) and other mobile communication terminal devices, desktop type personal computers, information processing system terminal devices, and the like can be applied to information processing devices that perform user authentication.

FIG. 3 is a diagram showing a one-touch operation unit. A one-touch operation unit 142 illustrated in FIG. 3 is an operation unit for a user to perform an input by a pressing operation. The one-touch operation unit 142 includes a one-touch button 142a and a confirmation button 142b.

The one-touch button 142a is a button that receives an input such as an application activation instruction from the user, for example.
The one-touch operation unit 142 according to the present embodiment has four buttons with symbols “1” to “4” as the one-touch buttons 142a. An application to be used by the user is assigned to each button, and an activation instruction for the assigned application is output by a pressing operation of the user. The number of the one-touch buttons 142a and the attached codes are not limited to this, and can be freely set as necessary.

The confirmation button 142b is a button for confirming an input made by operating the one-touch button 142a. When the confirm button 142b is operated, a signal corresponding to the operation by the one-touch button 142a is transmitted to the input interface 105 described later with reference to FIG. When the one-touch button 142a is operated, a signal corresponding to the operation of the one-touch button 142a may be transmitted without waiting for the operation of the confirm button 142b.

FIG. 4 is a diagram showing the contact input unit. The contact input unit 143 shown in FIG. 4 is an input device having a digitizer 143a for a user to input handwriting and the like and a fingerprint reading unit 143b for inputting fingerprint information by reading a fingerprint.

The digitizer 143a acquires coordinates by detecting the contact of the user's fingertip or touch pen with the input surface by detecting a change in pressure or static electricity of the input surface provided on the surface. The digitizer 143a can receive input by the user such as input of real-time (real-time) handwriting drawn by the user by continuously acquiring the coordinates. Also, the digitizer 143a acquires time information at the same time when acquiring the coordinates of the handwriting. Thereby, the coordinates of the handwriting and the time information are acquired in association with each other.

The fingerprint reading unit 143b has a fingerprint sensor that acquires fingerprint information by reading the fingerprint of the user's fingertip. When the fingerprint reading unit 143b reads the fingerprint, the user applies a predetermined fingertip of the fingertip (the side with the fingerprint) for causing the fingerprint reading unit 143b to read the fingerprint, and the arrow A in FIG. Slide in the direction. Accordingly, the fingerprint reading unit 143b can read the fingerprint of the user's finger.

The contact input unit 143 includes an LED (Light Emitting Diode) 143c. The LED 143c is lit for a certain time each time one stroke is read when reading the handwriting of the digitizer 143a. Thus, the user can input a figure while confirming that the handwriting has been read during handwriting authentication.

FIG. 5 is a diagram illustrating a hardware configuration of the information processing apparatus. The information processing apparatus 100 shown in FIG. 5 is a notebook type personal computer as described above, and the entire apparatus is controlled by the CPU 101. A RAM (Random Access Memory) 102, a hard disk drive (HDD: Hard Disk Drive) 103, a graphic processing device 104, an input interface 105, and a communication interface 106 are connected to the CPU 101 via a bus 107.

The RAM 102 temporarily stores at least a part of an OS (Operating System) program and application programs to be executed by the CPU 101. The RAM 102 stores various data necessary for processing by the CPU 101. The HDD 103 stores an OS and application programs.

A display device such as an LCD 121 is connected to the graphic processing device 104. The graphic processing device 104 can display an image on a display screen of a display device such as the LCD 121 in accordance with a command from the CPU 101. Further, the graphic processing device 104 and the LCD 121 are connected by, for example, a serial communication cable, and control signals and image signals are alternately transmitted and received.

The input interface 105 is connected to input devices such as a keyboard 131 and a mouse 13. The input interface 105 outputs a signal sent from an input device such as a keyboard 131 to the CPU 101 via the bus 107. In addition, a fingerprint authentication unit 141, a contact input unit 143, and a card reader 144 are connected to the input interface 105. A one-touch operation unit 142 is connected to the keyboard 131. A signal output by operating the one-touch operation unit 142 is output to the input interface 105 through the keyboard 131 and the bus 107.

The communication interface 106 can be connected to a communication line such as a LAN (Local Area Network). The communication interface 106 can send and receive data to and from other computers via a communication line.

The fingerprint authentication unit 141 accepts and authenticates input of user identification information different from fingerprint information, such as fingerprint information acquired from the user's fingerprint and, for example, handwriting information acquired based on the user's real-time handwriting. I do. When the fingerprint authentication unit 141 succeeds in authentication, the information processing apparatus 100 executes predetermined processing of the information processing apparatus 100 such as starting a predetermined application. The fingerprint authentication unit 141 includes a fingerprint authentication control unit 141a and an authentication information storage unit 141b. Further, a keyboard 131, a card reader 144, and a contact input unit 143 are connected to the fingerprint authentication unit 141, and information input by the user by each input device can be acquired by communicating with these. .

The fingerprint authentication control unit 141a controls authentication using fingerprint information and identification information. The authentication information storage unit 141b stores fingerprint authentication information used for authentication performed by the fingerprint authentication unit 141 and identification authentication information which is an authentication method different from fingerprint authentication and is used for authentication performed by the information processing apparatus 100. Remember. The authentication information storage unit 141b includes an EEPROM (Electronically Erasable and Programmable Read Only Memory). The fingerprint authentication unit 141 can store fingerprint authentication information and identification authentication information used for authentication in the EEPROM included in the authentication information storage unit 141b, and is acquired by the authentication information stored in the EEPROM and the fingerprint reading unit 143b. Authentication is performed based on the fingerprint information and identification information acquired by another input device such as the digitizer 143a.

In this embodiment, the identification authentication information is stored in the authentication information storage unit 141b together with the fingerprint authentication information. However, the present invention is not limited to this, and may be stored separately from the fingerprint authentication information in another storage device.

As described above with reference to FIG. 3, the one-touch operation unit 142 is an operation unit for performing input of an application to be activated and other inputs by a user's pressing operation.
The card reader 144 can be electrically connected to an IC card (not shown) by wireless communication. The card reader 144 can perform information communication with the connected IC card. The information processing apparatus 100 can acquire information stored in the IC card, such as identification information, by wireless communication with the IC card by the card reader 144.

Note that the card reader 144 of this embodiment can be electrically connected to the IC card by wireless communication. However, the card reader 144 is not limited thereto, and is electrically connected by bringing terminals into contact with each other using a card slot or the like. Also good.

With the hardware configuration as described above, the processing functions of the present embodiment can be realized.
FIG. 6 is a block diagram illustrating a configuration of the information processing apparatus according to the first embodiment. The information processing apparatus 100 illustrated in FIG. 6 includes a fingerprint authentication unit 141, an embedded controller 151, an operating system 160, and an application program 170.

The information processing apparatus 100 includes a keyboard 131, a digitizer 143a, and a fingerprint reading unit 143b at the lowest layer. In addition, the information processing apparatus 100 includes an embedded controller 151 in the upper layer of the keyboard 131 and the digitizer 143a. In addition, the information processing apparatus 100 includes a fingerprint authentication unit 141 in the upper layer of the fingerprint reading unit 143b.

An operating system 160 is provided on the upper layer of the fingerprint authentication unit 141 and the embedded controller 151 via the bus 107. An application program 170 is provided in the upper layer of the operating system 160.

The fingerprint authentication unit 141 includes a fingerprint authentication control unit 141a and an authentication information storage unit 141b. The fingerprint authentication control unit 141a and the authentication information storage unit 141b are mounted on the same chip. In addition, a fingerprint reading unit 143b is connected to the fingerprint authentication unit 141.

The fingerprint authentication control unit 141a performs fingerprint authentication by comparing the fingerprint information acquired by the fingerprint authentication unit 141 and the fingerprint reading unit 143b with the fingerprint authentication information stored in the authentication information storage unit 141b. The operating system 160 performs handwriting authentication by comparing the identification information (handwriting information) based on the handwriting of the graphic input by the digitizer 143a and the digitizer controller 151b with the identification authentication information stored in the authentication information storage unit 141b. The operating system 160 authenticates the user as valid when the fingerprint authentication and the handwriting authentication are successful. The fingerprint authentication control unit 141a and the operating system 160 function as an authentication control unit.

The fingerprint authentication unit 141 and the fingerprint reading unit 143b read the fingerprint of the user's finger. Based on the read user fingerprint, fingerprint information, which is information acquired from the user fingerprint to authenticate the user, is acquired. This fingerprint information is information obtained for use in fingerprint authentication for determining whether or not to execute the above-described processing such as execution of an application, and is information indicating the characteristics of the fingerprint of a legitimate user's finger. .

A user who intends to cause the information processing apparatus 100 to execute a process whose execution is restricted to other than the above-mentioned valid user is authenticated as the user's pre-registered finger fingerprint in order to be authenticated. The fingerprint authentication unit 141 and the fingerprint reading unit 143b included in the processing apparatus 100 are caused to read. The fingerprint information is generated by the fingerprint authentication library 162d extracting the characteristics of the fingerprint from the information acquired by the fingerprint reading unit 143b reading the fingerprint. Thereby, the fingerprint information of the user is acquired. The fingerprint authentication unit 141, the fingerprint reading unit 143b, and the fingerprint authentication library 162d function as a fingerprint information acquisition unit.

The authentication information storage unit 141b is information set in advance for use in authenticating whether or not the user is valid, and stores fingerprint authentication information for authenticating the user by comparing with the fingerprint information. This fingerprint authentication information is information that the information processing apparatus 100 has in advance, and is information that indicates the characteristics of a fingerprint extracted by reading a legitimate user's fingerprint. The fingerprint authentication information is set for each user.

Also, the authentication information storage unit 141b is information set in advance for use in authentication of whether or not the user is valid, and stores identification authentication information for authenticating the user by comparing with the identification information. This identification authentication information is information that the information processing apparatus 100 has in advance, and makes it possible to identify the ID of the user who uses the information processing apparatus 100 from other users and those who do not have a valid use authority other than the user. Information. The identification authentication information is information that can be compared with the identification information. The identification authentication information is information based on the user's handwriting acquired in advance.

Fingerprint authentication is performed by comparing a feature point extracted by reading a user's fingerprint indicated by fingerprint information with a feature point indicated by preset fingerprint authentication information. Similarly, the handwriting authentication is performed by comparing the feature point indicated by the identification information extracted from the handwriting of the graphic input by the user who is authenticated with the feature point indicated by the identification authentication information extracted from the preset handwriting. Is called.

The digitizer 143a and the digitizer controller 151b accept the input of the graphic handwriting input by the user. Based on the accepted handwriting, identification information that is information for authenticating the user and information different from the fingerprint information is acquired. This identification information is information acquired for the execution of the above processing, and identifies the ID of the user who uses the information processing apparatus 100 from other users and those who do not have a valid use authority other than the user. It is information that makes it possible.

The digitizer 143a and the digitizer controller 151b function as a handwriting input unit that receives a handwriting input by the user and acquires the handwriting of the user. Based on the handwriting acquired by the digitizer 143a and the digitizer controller 151b, the graphic recognition driver 161c extracts the handwriting characteristics of the user and generates identification information. The digitizer 143a, the digitizer controller 151b, and the figure recognition driver 161c function as an identification information acquisition unit.

The digitizer 143a is connected to the LED 143c. The LED 143c is lit for a certain time each time one stroke is read when reading the handwriting of the digitizer 143a. Thus, the user can input a figure while confirming that the handwriting has been read during handwriting authentication.

The embedded controller 151 has functions such as power management for the information processing apparatus 100, and also includes a keyboard controller 151a, a digitizer controller 151b, and an I / O (Input / Output) controller 151c.

The keyboard controller 151 a periodically monitors key press operations and release operations on the keyboard 131 and transmits information corresponding to the operations to the operating system 160 via the bus 107. The digitizer controller 151b acquires the information input by the digitizer 143a and transmits the acquired information. The I / O controller 151c transmits and receives information related to operations of the one-touch operation unit 142 (described above in FIG. 2) and the like. In addition, the I / O controller 151c receives a control signal transmitted from the fingerprint authentication unit 141 and indicating that the fingerprint authentication is successful.

Communication between the embedded controller 151 and the operating system 160 and communication between the fingerprint authentication unit 141 and the operating system 160 are performed via the bus 107.

The information transmitted from the keyboard controller 151a is transmitted to the keyboard driver 161a and keyboard library 162a of the operating system 160 via the bus 107. Information transmitted from the digitizer controller 151b is transmitted to the digitizer driver 161b and the digitizer library 162b of the operating system 160 via the bus 107.

The operating system 160 is software that manages the entire information processing apparatus 100 by defining functions of each part of the information processing apparatus 100. The operating system 160 includes a keyboard driver 161a, a digitizer driver 161b, a figure recognition driver 161c, a fingerprint authentication driver 161d, a keyboard library 162a, a digitizer library 162b, a figure recognition library 162c, and a fingerprint authentication library 162d.

The operating system 160 receives a start instruction for the information processing apparatus 100 by the user or a login instruction for instructing start of acceptance of login, an application start instruction for instructing start of the application, or an application execution instruction for instructing execution of the application. The operating system 160 functions as a control unit.

When the operating system 160 receives an instruction such as an application activation instruction from the user, if the process corresponding to the above instruction is a process whose execution is restricted to a user other than a valid user, the operating system 160 is based on the received instruction. The fingerprint authentication control unit 141a performs fingerprint authentication, and the operating system 160 performs handwriting authentication. Then, when the user is authenticated by the fingerprint authentication by the fingerprint authentication control unit 141a and the handwriting authentication by the operating system 160, the process permitted to the authorized user, such as starting an application, based on the above instruction Execute.

After the fingerprint authentication control unit 141a succeeds in fingerprint authentication, the operating system 160 causes the digitizer 143a and the digitizer controller 151b to acquire the handwriting of the user, and generates handwriting information indicating the handwriting characteristic points based on the acquired handwriting. Execute handwriting authentication.

In the application program 170, when the application 171a that acquires the information input by the keyboard 131, the information that is input by the digitizer 143a is acquired, and the authentication is successfully performed by the information processing apparatus 100, the application 171b that processes the acquired information. There is an application 171c to be executed.

In this embodiment, when the fingerprint authentication unit 141 succeeds in authenticating the user's fingerprint, handwriting input is started via the I / O controller 151c from the fingerprint authentication unit 141 to the embedded controller 151 to which the digitizer 143a is connected. A control signal instructing is transmitted. Based on this, when the control signal is transferred from the embedded controller 151 to the digitizer driver 161b, the digitizer driver 161b starts transmitting input data from the digitizer 143a to the graphic recognition driver 161c.

Note that the present invention is not limited thereto, and a control signal may be transmitted from the fingerprint authentication driver 161d to the digitizer driver 161b, and the digitizer driver 161b may start transmitting input data from the digitizer 143a to the figure recognition driver 161c based on the control signal.

The fingerprint authentication information according to the present embodiment includes finger-specific fingerprint authentication information set for a plurality of fingerprints of different fingers of the same user, and an order indicating a predetermined order for the fingerprints of the plurality of fingers. Information. In this case, the fingerprint authentication executed by the fingerprint authentication control unit 141a is the fingerprint information based on the fingerprint read by the fingerprint reading unit 143b and the fingerprint authentication unit 141 for the fingerprint information obtained by the user's fingerprint a plurality of times. When all the finger-fingerprint authentication information included in the authentication information matches and the order in which the fingerprint information is acquired matches the order indicated by the order information included in the fingerprint authentication information, it is determined that the authentication is successful. Can do. As a result, in the information processing apparatus 100, authentication is performed on the fingerprints of the plurality of fingers of the user, and the order in which the user who is the subject of authentication reads the fingerprints is also subject to authentication determination, thus improving security. Can be made.

Further, the authentication information storage unit 141b may store a plurality of pieces of identification authentication information indicating the characteristics of the handwriting of the graphic input by the user. The information processing apparatus 100 may include an application activation information storage unit (not shown) that stores application activation information that associates identification authentication information with an application activated by the operating system 160. Furthermore, the operating system 160 may determine which identification / authentication information has succeeded in identification / authentication when handwriting authentication is executed. In this case, the operating system 160 determines an application to be activated based on the application activation information stored in the application activation information storage unit and the determination result by the fingerprint authentication control unit 141a and the operating system 160, and the determined application Can be started. Accordingly, the information processing apparatus 100 can start different applications based on the type of handwriting of the graphic input by the user, so that the user can select the application started by the graphic to be input. Become.

Also, an application activation information storage unit that stores application activation information that associates fingerprints of a plurality of different fingers of the same user with applications activated by the operating system 160 may be provided. The fingerprint authentication information may include finger-specific fingerprint authentication information set for each of a plurality of different fingerprints of the same user. Then, the operating system 160 may determine which fingerprint of the user has succeeded in fingerprint authentication when executing fingerprint authentication. In this case, the operating system 160 determines an application to be activated based on the application activation information stored in the application activation information storage unit and the determination result by the fingerprint authentication control unit 141a and the operating system 160, and the determined application Can be started. Accordingly, the information processing apparatus 100 can start different applications based on the finger that the user has read the fingerprint, so the user can select the application that is started by the finger that reads the fingerprint. become.

In this embodiment, the fingerprint authentication control unit 141a performs fingerprint authentication and the operating system 160 performs handwriting authentication. However, the present invention is not limited to this, and the fingerprint authentication control unit 141a may perform fingerprint authentication and handwriting authentication.

Normally, when different authentication methods are combined, such as fingerprint authentication and handwriting authentication, it is necessary to perform processing separately for each authentication device, so the time required to complete all authentication processing is prolonged. It will be. On the other hand, in the present embodiment, the same control unit executes fingerprint authentication and handwriting authentication, so that the time required for authentication can be shortened even when a plurality of types of authentication processes are executed.

In this case, the fingerprint authentication control unit 141a and the authentication information storage unit 141b may be mounted on the same chip.
As described above, according to the present embodiment, it is possible to simplify the processing of the open / close and call of each driver and library in each application, so that the processing can be simplified.

Next, processing executed in the present embodiment will be described.
7 and 8 are flowcharts illustrating the authentication processing procedure according to the first embodiment. The authentication process shown in FIGS. 7 and 8 is a process executed by the information processing apparatus 100 (described above in FIG. 2). This authentication process is an authentication process executed when the information processing apparatus 100 receives an application activation instruction from the user and activates the application. The authentication process is performed by the user using the keyboard 131 (described above in FIG. 2) or the one-touch operation unit 142. Execution is started based on the application activation operation by the operation (described above in FIG. 2).

[Step S1] The operating system 160 (described above in FIG. 6) displays a fingerprint authentication message window 121a (described later in FIG. 15) on the display screen of the LCD 121 (described above in FIG. 2).

[Step S2] The embedded controller 151 (described above with reference to FIG. 6) accepts an input of a user ID using the keyboard 131 by the user. Based on this, the keyboard controller 151a (described above in FIG. 6) transmits the received user ID to the keyboard driver 161a. At this time, the keyboard controller 151a transmits the received user ID to the fingerprint authentication unit 141 (described above in FIG. 5) via the I / O controller 151 (described above in FIG. 6).

[Step S3] The fingerprint authentication unit 141 starts reading the fingerprint of the user by the fingerprint reading unit 143b (described above in FIG. 6). At this time, the fingerprint authentication control unit 141a (described above in FIG. 5) requests the fingerprint reading unit 143b to transmit fingerprint information until it receives fingerprint information obtained as a result of fingerprint reading. The fingerprint authentication control unit 141a stops fingerprint authentication when there is no transmission of fingerprint information for a certain period of time.

[Step S4] The fingerprint authentication control unit 141a reads out and acquires the fingerprint authentication information corresponding to the user ID transmitted in step S2 from the authentication information storage unit 141b (described above in FIG. 5).

[Step S5] The fingerprint authentication control unit 141a performs authentication by comparing the fingerprint information acquired by the fingerprint reading unit 143b with the fingerprint information corresponding to the user ID acquired from the authentication information storage unit 141b. Determine whether or not. If the authentication is successful, the process proceeds to step S11 (FIG. 8). On the other hand, if the authentication fails, the process proceeds to step S17 (FIG. 8).

[Step S11] The operating system 160 displays a handwriting authentication message window 121b (described later in FIG. 16) on the display screen of the LCD 121.
[Step S12] The digitizer controller 151b (described above in FIG. 6) controls the digitizer 143a (described above in FIG. 6) to accept the input of the handwriting by the user and acquire the handwriting. At this time, when the number of strokes of the handwriting is insufficient for a predetermined number such as the number of strokes registered by the user, the digitizer controller 151b continues to acquire until the number of strokes reaches the predetermined number. Here, the stroke is a handwriting written from a single pen-down to a pen-up at the time of handwriting input, that is, from when the user touches the digitizer 143a until the fingertip is released.

[Step S13] The figure recognition driver 161c (described above in FIG. 6) obtains handwriting information used for handwriting authentication by analyzing the handwriting characteristics of the figure input by the user. At this time, the figure recognition driver 161c generates handwriting information by disassembling the handwriting of the figure input by the user for each stroke and extracting the features of the decomposed stroke.

[Step S14] The graphic recognition library 162c (described above in FIG. 6) acquires handwriting authentication information corresponding to the user ID. This handwriting authentication information is information included in the figure recognition library 162c, and is registered in advance by a user or an administrator.

[Step S15] The graphic recognition library 162c performs handwriting authentication by comparing the handwriting information acquired in step S13 and the handwriting authentication information acquired in step S14, and determines whether or not the result of handwriting authentication is successful. If the result of handwriting authentication is successful, the process proceeds to step S16. On the other hand, if the result of handwriting authentication fails, the process proceeds to step S17.

[Step S16] The operating system 160 activates the application that is the target of the activation instruction by the user. Thereafter, the authentication process ends.
[Step S <b> 17] The operating system 160 displays on the display screen of the LCD 121 an error related to the activation of the application that is the target of the activation instruction by the user. Thereafter, the authentication process ends.

The authentication process according to the present embodiment is started when the information processing apparatus 100 detects an application activation instruction by the user, but is not limited to this, and displays, for example, a login screen (not shown). Execution may be started when the user logs in to the information processing apparatus 100 such as when an operation is performed (such as pressing the control key, Alt key, and Delete key of the keyboard 131 simultaneously).

In the present embodiment, if fingerprint authentication in step S5 fails or if handwriting authentication in step S15 fails, an error is displayed in step S17, but another attempt is made to read the fingerprint and acquire the handwriting again. May be.

9 to 11 are sequence diagrams illustrating a procedure at the time of authentication according to the first embodiment.
Here, the “user interface” in the figure is an input device operated by a user and an output device that performs screen display. Specifically, the keyboard 131, the digitizer 143a, the fingerprint reading unit 143b described above in FIG. 6, the LCD 121 described above in FIG.

Also, the “fingerprint authentication unit” in the figure is the fingerprint authentication unit 141 described above with reference to FIG. As described above, the fingerprint authentication unit 141 includes the fingerprint authentication control unit 141a and the authentication information storage unit 141b.

A “controller” in the figure is a control unit that controls input devices such as a keyboard 131, a one-touch operation unit 142 (described above in FIG. 3), a digitizer 143a, and the like. The embedded controller 151, keyboard controller 151a, digitizer controller 151b, An I / O controller 151c or the like.

In addition, “operating system” in the figure is the operating system 160 and the libraries and drivers included in the operating system 160 described above with reference to FIG.

Hereinafter, a procedure at the time of authentication in the information processing apparatus 100 will be described with reference to the drawings.
[Step S101] The one-touch button 142a or the keyboard 131 of the one-touch operation unit 142 accepts an application activation operation by the user.

[Step S102] The keyboard controller 151a detects the activation operation of the application in step S101. Based on the detection of the application activation operation by the user, a signal based on the application activation instruction is transmitted.

[Step S103] The operating system 160 executes processing for starting fingerprint authentication. Specifically, as will be described later, the fingerprint authentication unit 141 is activated by the fingerprint authentication driver 161d. Also, a fingerprint authentication message window 121a (described later in FIG. 15) is displayed on the graphic processing device 104.

[Step S104] The graphic processing device 104 causes the LCD 121 to display a fingerprint authentication message window 121a.
[Step S105] The keyboard 131 receives an input of a user ID by the user.

[Step S106] The keyboard controller 151a detects the user ID input operation in step S105. Based on the detection of the user ID input operation by the user, the user ID is acquired, and information indicating the acquired user ID is transmitted to the fingerprint authentication unit 141 and the figure recognition driver 161c.

[Step S107] The fingerprint authentication control unit 141a activates the fingerprint reading unit 143b. As a result, the user's fingerprint can be read.
[Step S108] The fingerprint reading unit 143b reads the fingerprint of the user and acquires fingerprint information. The acquired fingerprint information is transmitted to the fingerprint authentication control unit 141a.

[Step S121] The fingerprint authentication control unit 141a reads the fingerprint authentication information corresponding to the user ID transmitted in step S106 from the authentication information storage unit 141b. Next, the fingerprint authentication control unit 141a compares the fingerprint information of the fingerprint read by the fingerprint reading unit 143b in step S108 with the fingerprint authentication information read from the authentication information storage unit 141b and collates them to authenticate the user's fingerprint. Do. Thereby, the legitimacy of the user who tries to start the application is determined based on the fingerprint.

[Step S122] The fingerprint authentication control unit 141a transmits a fingerprint authentication verification result, which is a verification result of fingerprint authentication, to the fingerprint authentication driver 161d.
[Step S123] The fingerprint authentication driver 161d that has received the fingerprint authentication verification result transmitted from the fingerprint authentication control unit 141a transmits the fingerprint authentication verification result to the fingerprint authentication library 162d. Furthermore, the fingerprint authentication library 162d that has received the fingerprint authentication collation result transmitted from the fingerprint authentication driver 161d has succeeded in the fingerprint authentication of the user performed by the fingerprint authentication control unit 141a in step S121 based on the fingerprint authentication collation result. It is determined whether or not. Furthermore, the fingerprint authentication library 162d transmits the fingerprint authentication determination result to the figure recognition library 162c.

[Step S124] If the received determination result of the fingerprint authentication is successful, the operating system 160 executes processing for starting handwriting authentication. Specifically, as will be described later, the figure recognition library 162c causes the digitizer controller 151b to activate the digitizer 143a. Further, the graphic recognition library 162c ends the display of the fingerprint authentication message window 121a on the graphic processing device 104, and displays the handwriting authentication message window 121b (described later in FIG. 16). The graphic recognition library 162c activates the graphic recognition driver 161c.

If the determination result of the fingerprint authentication is an authentication failure, the operating system 160 ends the display of the fingerprint authentication message window 121a and displays an error display on the display screen of the LCD 121 as described above with reference to FIG. End the authentication process.

[Step S125] The graphic processing device 104 ends the display of the fingerprint authentication message window 121a displayed on the display screen of the LCD 121.
[Step S126] The graphic processing device 104 displays a handwriting authentication message window 121b on the display screen of the LCD 121.

[Step S127] The digitizer controller 151b is activated based on the control of the graphic recognition library 162c in step S124, and activates the digitizer 143a in the graphic recognition mode. With this figure recognition mode, the user's handwriting using the digitizer 143a can be acquired.

[Step S128] The digitizer 143a reads the handwriting input by the user and acquires information indicating the handwriting. Information indicating the acquired handwriting is transmitted to the digitizer controller 151b. The digitizer controller 151b that has received the information indicating the handwriting transmits the information indicating the handwriting to the digitizer driver 161b. The digitizer driver 161b that has received the information indicating the handwriting transmits the information indicating the handwriting to the graphic recognition driver 161c. Further, the graphic recognition driver 161c that has received the information indicating the handwriting processes the information indicating the handwriting to generate the handwriting information indicating the characteristics of the handwriting, and transmits the generated handwriting information to the graphic recognition library 162c.

[Step S141] The graphic recognition library 162c reads the handwriting authentication information corresponding to the user ID transmitted in Step S106 among the handwriting authentication information held by itself. Next, the graphic recognition library 162c compares and compares the handwriting information transmitted in step S128 with the read handwriting authentication information, and authenticates the user's handwriting. Thereby, the legitimacy of the user who intends to start an application based on handwriting is determined.

[Step S142] The graphic authentication library 162c determines whether or not the user's handwriting authentication in Step S141 is successful based on the handwriting authentication collation result.
[Step S143] If the determination result of the handwriting authentication is successful, the operating system 160 performs display control when the user authentication is successful. Specifically, the graphic recognition library 162c ends the display of the handwriting authentication message window 121b for the graphic processing device 104.

If the determination result of the handwriting authentication is an authentication failure, the operating system 160 ends the display of the handwriting authentication message window 121b and displays an error display on the display screen of the LCD 121 as described above with reference to FIG. End the authentication process.

[Step S144] The graphic processing device 104 ends the display of the handwriting authentication message window 121b displayed on the display screen of the LCD 121.
[Step S145] The graphic recognition library 162c activates the application that is the target of the user's application activation operation.

Next, the handwriting authentication determination performed in the present embodiment will be described.
FIG. 12 is a diagram illustrating decomposition of an input figure into handwriting in the determination of handwriting authentication according to the first embodiment. FIG. 12A shows a figure (character) input in handwriting authentication. FIG. 12B is a diagram illustrating decomposition of a figure input in handwriting authentication into strokes.

In the handwriting authentication according to the present embodiment, the handwriting of figures and characters input at the time of authentication is registered in advance. When authentication is performed at the time of application startup or login, authentication is performed by inputting a handwriting of a figure or a character registered by the user using the digitizer 143a and the like and comparing it with a handwriting registered in advance. Is called.

FIG. 12A shows “Water”, which is a Chinese character, as an example of a figure input by the user with the digitizer 143a (described above in FIG. 4) in order to cause the information processing apparatus 100 to start an application. The handwriting information generated based on the graphic is compared with the handwriting authentication information stored in the information processing apparatus 100 to authenticate the user.

FIG. 12B shows an example in which the figure input by the user shown in FIG.
The figure input by the user is decomposed for each stroke, with the point at which the finger touches the digitizer 143a as the start point and the point at which the finger has moved away from the digitizer 143a (pen up) as the end point. In the example of FIG. 12B, it is decomposed into three

strokes

1, 2, and 3.

FIG. 13 is a diagram illustrating decomposition of handwriting into vectors in the determination of handwriting authentication according to the first embodiment. FIG. 13A is a diagram illustrating disassembly of each handwriting at regular intervals in handwriting authentication. FIG. 13B is a diagram illustrating decomposition of a figure that is input after being decomposed and input in a certain time in handwriting authentication into strokes (strokes).

FIG. 13A shows an example in which each stroke obtained by disassembling the graphic shown in FIG. 12B is divided at regular intervals based on time information when handwriting is acquired.
In FIG. 13 (A), the points that divide the strokes at regular time intervals are indicated by circles. The center of each circle indicates the point that divides the stroke. In this way, the stroke is divided at regular intervals.

FIG. 13B shows, with respect to the portion where the stroke shown in FIG. 13A is divided, a vector having each divided point (the center of the circle) as a start point and an end point.
This vector indicates the movement speed (movement speed and movement direction) of the fingertip within a certain time when each part of the handwriting is input when the user inputs a figure.

FIG. 14 is a diagram illustrating a vector of each part obtained by dividing a vector in determination of handwriting authentication according to the first embodiment.
FIG. 14 shows the vectors obtained by dividing the strokes of the graphic input by the user shown in FIG. 13B at regular intervals, arranged for each stroke.

It is considered that the vector obtained from each stroke particularly represents the feature of the shape of the figure input by the user. Thereby, the legitimacy of the user can be determined from the graphic input by the user using this vector.

Also, this vector is considered to represent the characteristics of the moving speed of coordinates when each part of the stroke is input. Thereby, using this vector, the legitimacy of the user can be determined based on the feature of the movement of the user's coordinates from the movement speed of the coordinates when the user inputs the figure.

In the present embodiment, handwriting information having information indicating the size and direction of each vector acquired as described above is generated, and handwriting authentication is performed using the generated handwriting information. Furthermore, the handwriting authentication information acquired in advance corresponding to the user ID to be compared with the authentication is also acquired in the same manner, the user's handwriting at the time of inputting the figure, the stroke obtained by disassembling the user's handwriting, and It is information which has the information which shows the vector acquired from the user's handwriting.

In the present embodiment, the following is used as a standard for handwriting authentication.
1. 1. The stroke number of the handwriting of the inputted figure and the figure registered in advance as a comparison target is the same. 2. The difference in the amount of movement between the corresponding strokes (the distance from the start point to the end point of the stroke) is within a certain range. The difference between the direction and length of the vectors corresponding to each stroke must be within a certain range. For example, when all of the above 1, 2, and 3 are satisfied, or all items are converted into evaluation values. It can be assumed that handwriting authentication has succeeded when a certain standard is satisfied, and handwriting authentication has failed otherwise.

In the handwriting authentication of the present embodiment, the user is authenticated by comprehensively evaluating the size and direction of the vector obtained by disassembling the figure as described above. The handwriting authentication method described above is an example, and handwriting authentication may be performed by other methods.

Next, a display screen displayed in the present embodiment will be described.
FIG. 15 is a diagram illustrating a fingerprint authentication message window according to the first embodiment. A fingerprint authentication message window 121a shown in FIG. 15 is an example of a window displayed on the display screen of the LCD 121 included in the information processing apparatus 100 (described above in FIG. 2). In the fingerprint authentication message window 121a, a message and an image for guiding the user to input the user ID and read the fingerprint are displayed.

In the fingerprint authentication message window 121a, for example, a message “Enter your user ID and slide your finger against the sensor” and an image that guides the user ID input and fingerprint reading are displayed. The fingerprint authentication message window 121a has a user ID input field 121a1 and a cancel button 121a2.

The user ID input field 121a1 is an input field for accepting input of a user ID. The user can input a user ID in the user ID input field 121a1 by inputting characters using an input device such as the keyboard 131.

The cancel button 121a2 is a button for canceling the input of the user ID. By operating the cancel button 121a2, the user can cancel the input of the user ID and cancel the activation of the application without performing fingerprint authentication.

FIG. 16 is a diagram illustrating a handwriting authentication message window according to the first embodiment. A handwriting authentication message window 121b illustrated in FIG. 16 is an example of a window displayed on the display screen of the LCD 121 included in the information processing apparatus 100 (described above in FIG. 2). In the handwriting authentication message window 121b, a message and an image for guiding the user to input a figure using the digitizer 143a (described above in FIG. 2) are displayed.

In the fingerprint authentication message window 121a, for example, a message “Please move your finger against the digitizer and input a graphic” and an image for guiding the user to input the graphic are displayed. The handwriting authentication message window 121b has a cancel button 121b2.

The cancel button 121b2 is a button for canceling the figure input. By operating the cancel button 121b2, the user can cancel the input of the figure and can stop the activation of the application.

FIG. 17 is a diagram illustrating an application window according to the first embodiment. An application window 121c illustrated in FIG. 17 is an example of a window displayed on the display screen of the LCD 121 included in the information processing apparatus 100 (described above in FIG. 2). The application window 121c is a screen related to the application that is the target of the user's activation operation.

The application window 121c is a screen related to the operation of the application, such as a screen for inputting search conditions for the database system. The application window 121c is displayed when the user authentication is successful. On the other hand, if the user authentication fails, the application is not started and the application window 121c is not displayed.

In this way, the information processing apparatus 100 steals information to be protected by prohibiting activation of other than authorized users such as database systems and mail systems that need to be protected because personal information and trade secrets are included. Leakage, destruction, etc. can be prevented.

As described above, according to the first embodiment, by performing fingerprint authentication and handwriting authentication in the information processing apparatus 100, the accuracy of user authentication is increased, so that security is improved.

In addition, by performing fingerprint authentication with the fingerprint authentication unit 141 configured with a one-chip IC, the fingerprint authentication process is concealed from the outside, so that cracks can be prevented and safety is improved.

[Second Embodiment]
Next, a second embodiment will be described. Differences from the first embodiment will be mainly described, and the same reference numerals are used for the same matters, and descriptions thereof are omitted.

The second embodiment is different from the first embodiment in that the user is identified by the user's one-touch button operation and the user's fingerprint authentication is performed using the fingerprint authentication information corresponding to the identified user. .

FIG. 18 is a block diagram illustrating a configuration of the information processing apparatus according to the second embodiment. An information processing apparatus 200 illustrated in FIG. 18 includes a fingerprint authentication unit 241, an embedded controller 251, an operating system 260, and an application program 270.

The information processing apparatus 200 includes a keyboard 231, a one-touch operation unit 242, and a fingerprint reading unit 243 b at the lowest layer. In addition, the information processing apparatus 200 includes an embedded controller 251 in the upper layer of the keyboard 231 and the one-touch operation unit 242. In addition, the information processing apparatus 200 includes a fingerprint authentication unit 241 in the upper layer of the fingerprint reading unit 243b.

The operating system 260 is provided on the upper layer of the fingerprint authentication unit 241 and the embedded controller 251 via the bus 207. An application program 270 is provided in the upper layer of the operating system 260.

The fingerprint authentication unit 241 includes a fingerprint authentication control unit 241a and an authentication information storage unit 241b. The fingerprint authentication control unit 241a and the authentication information storage unit 241b are mounted on the same chip. In addition, a fingerprint reading unit 243 b is connected to the fingerprint authentication unit 241.

The fingerprint authentication control unit 241a performs fingerprint authentication by comparing the fingerprint information acquired by the fingerprint authentication unit 241 and the fingerprint reading unit 243b with the fingerprint authentication information stored in the authentication information storage unit 241b. The one-touch operation unit 242 and the embedded controller 251 use, as identification information, a key code based on an operation of a one-touch button (see the one-touch button 142a described above in FIG. 3) included in the one-touch operation unit 242. Then, the I / O controller 251c transmits a key code to the fingerprint authentication unit 241. The fingerprint authentication unit 241 that has received the key code performs one-touch button authentication by comparing the received key code with the identification authentication information stored in the authentication information storage unit 241b. The operating system 260 authenticates the user as valid when the fingerprint authentication based on the fingerprint authentication information obtained by the one-touch button authentication is successful. That is, the fingerprint authentication control unit 241a and the operating system 260 accept the operation of the one-touch button and execute fingerprint authentication using the fingerprint authentication information corresponding to the operated one-touch button. The fingerprint authentication control unit 241a and the operating system 260 function as an authentication control unit.

The fingerprint authentication unit 241 and the fingerprint reading unit 243b read the fingerprint of the user's finger. Based on the read user fingerprint, fingerprint information, which is information acquired from the user fingerprint to authenticate the user, is acquired. This fingerprint information is information obtained for use in fingerprint authentication for determining whether or not to execute the above-described processing such as execution of an application, and is information indicating the characteristics of the fingerprint of a legitimate user's finger. .

A user who intends to cause the information processing apparatus 200 to execute a process whose execution is restricted to other than the above-mentioned authorized user is authenticated as the information of the user's pre-registered finger in order to be authenticated. The fingerprint authentication unit 241 and the fingerprint reading unit 243b included in the processing apparatus 200 are read. The fingerprint information is generated by the fingerprint authentication library 262d extracting the characteristics of the fingerprint from the information acquired by the fingerprint reading unit 243b reading the fingerprint. Thereby, the fingerprint information of the user is acquired. The fingerprint authentication unit 241, the fingerprint reading unit 243b, and the fingerprint authentication library 262d function as a fingerprint information acquisition unit.

The authentication information storage unit 241b is information set in advance for use in authenticating whether or not the user is valid, and stores fingerprint authentication information for authenticating the user by comparing with the fingerprint information. This fingerprint authentication information is information that the information processing apparatus 200 has in advance, and is information that indicates the characteristics of a fingerprint extracted by reading a legitimate user's fingerprint. The fingerprint authentication information is set for each user.

Also, the authentication information storage unit 241b is information set in advance for use in authentication of whether or not the user is valid, and stores identification authentication information for authenticating the user by comparing with the identification information. This identification authentication information is information that the information processing apparatus 200 has in advance, and makes it possible to identify the ID of the user who uses the information processing apparatus 200 from other users and those who do not have a valid use authority other than the user. Information. The identification authentication information is information that can be compared with the identification information. The identification authentication information is information that associates each key code corresponding to the one-touch button with the fingerprint authentication information of each user.

One-touch button authentication is performed by acquiring fingerprint authentication information associated with a key code that is identification information corresponding to a one-touch button operated by a user who is authenticated. Here, the key code of the one-touch button operated by the user and the fingerprint authentication information of each user are associated with each other by the identification authentication information.

The fingerprint authentication is performed by comparing the feature point extracted by reading the user's fingerprint indicated by the fingerprint information with the feature point indicated by the preset fingerprint authentication information.
The one-touch operation unit 242 and the built-in controller 251 accept a pressing operation of the one-touch button by the user. Based on the accepted operation of the one-touch button, a key code associated with each one-touch button is acquired as identification information that is information for authenticating the user and is different from the fingerprint information. Here, a plurality of one-touch buttons are provided in the information processing apparatus 200 and are assigned to each user who uses the information processing apparatus 200. This identification information is information acquired for the execution of the above processing, and identifies the ID of the user who uses the information processing apparatus 200 from other users and those who do not have a valid use authority other than the user. It is information that makes it possible. The one-touch operation unit 242 and the embedded controller 251 function as an identification information acquisition unit.

The one-touch operation unit 242 has a plurality of one-touch buttons that accept key code input as identification information. The one-touch operation unit 242 receives a pressing operation of the one-touch button by the user, and acquires identification information based on the received operation.

The one-touch operation unit 242 of this embodiment has four buttons as one-touch buttons (not shown) (see the one-touch button 142a described above in FIG. 3). A user having a right to use the information processing apparatus 200 is assigned to each button. Each user performs one-touch button authentication by operating a one-touch button assigned to him / her when the application is activated. Not limited to this, the number and the corresponding characters can be freely set as necessary.

The embedded controller 251 has functions such as power management for the information processing apparatus 200, and also includes a keyboard controller 251a and an I / O controller 251c.
The keyboard controller 251 a periodically monitors key press operations and release operations on the keyboard 231, and transmits information corresponding to the operations to the operating system 260 via the bus 207. The I / O controller 251c transmits and receives information related to the operation of the one-touch operation unit 242 and the like with the fingerprint authentication unit 241.

Communication between the embedded controller 251 and the operating system 260 and communication between the fingerprint authentication unit 241 and the operating system 260 are performed via the bus 207.

Information such as a key code transmitted from the keyboard controller 251a is transmitted to the keyboard driver 261a and keyboard library 262a of the operating system 260 via the bus 207. The key code is further transmitted to the one-touch operation unit driver 261e and the one-touch operation unit library 262e via the keyboard driver 261a.

The operating system 260 is software that manages the entire information processing apparatus 200 by defining the functions of each part of the information processing apparatus 200. The operating system 260 includes a keyboard driver 261a, a fingerprint authentication driver 261d, a one-touch operation unit driver 261e, a keyboard library 262a, a fingerprint authentication library 262d, and a one-touch operation unit library 262e.

The operating system 260 accepts a user's activation instruction for the information processing apparatus 200 or a login instruction for instructing the start of acceptance of login, an application activation instruction for instructing application activation, or an application execution instruction for instructing execution of the application. The operating system 260 functions as a control unit.

When the operating system 260 accepts an instruction such as an application activation instruction from the user, if the process corresponding to the above instruction is a process that is restricted to a user other than a valid user, the operating system 260 is based on the accepted instruction. Then, the operating system 260 performs one-touch button authentication, and then causes the fingerprint authentication control unit 241a to perform fingerprint authentication. Then, when the user is authenticated by the fingerprint authentication by the fingerprint authentication control unit 241a, the process authorized by the authorized user, such as starting an application, is executed based on the above instruction.

The operating system 260 acquires a key code (identification information) corresponding to the one-touch button of the one-touch operation unit 242 based on the operation of the one-touch operation unit 242 by the user as one-touch button authentication. Based on this key code, the fingerprint authentication control unit 241a acquires the fingerprint authentication information of the user associated with the acquired key code by the identification authentication information, and acquires the fingerprint acquired based on the one-touch button authentication as the fingerprint authentication. The authentication information is compared with the fingerprint information acquired by the fingerprint reading unit 243b. Thereby, the legitimacy of the user is determined.

Note that instead of the one-touch button authentication, the user may input a user ID or the like by operating the one-touch button a plurality of times, and authentication may be performed using the input user ID as identification information. Specifically, it is assumed that each one-touch button corresponds to “1” to “4”. Each user can input the user ID by operating the buttons “1” to “4” in the order determined as the user ID. For example, when the user ID is defined as “3”, “1”, “2”, “4”, the user presses the one-touch button “3”, “1”, “2”, “4”. After operating in this order, operate the confirm button. Thereby, the input of the user ID by the user is accepted. Then, the fingerprint authentication information is determined based on the user ID input by the operating system 260. Then, authentication of the fingerprint authentication control unit 241a based on the fingerprint authentication information determined by the fingerprint authentication unit 241 is performed, and the legitimacy of the user is determined.

The application program 270 includes an application 271a that acquires information input through the keyboard 231 and an application 271c that is executed when authentication by the information processing apparatus 200 is successful.

In this embodiment, the embedded controller 251 receives the key code based on the operation of the one-touch button, and transmits the received key code to the fingerprint authentication unit 241 via the I / O controller 251c.

The fingerprint authentication unit 241 that has received the key code reads the identification authentication information from the authentication information storage unit 241b. The fingerprint authentication unit 241 reads the fingerprint authentication information associated with the key code by the identification authentication information from the authentication information storage unit 241b, and the fingerprint based on the read fingerprint authentication information and the fingerprint read by the fingerprint reading unit 243b. Fingerprint authentication is performed based on information.

However, the present invention is not limited thereto, and the key code may be transmitted to the fingerprint authentication unit 241 via the keyboard controller 251a and the operating system 260.
The fingerprint authentication information according to the present embodiment includes finger-specific fingerprint authentication information set for a plurality of fingerprints of different fingers of the same user, and an order indicating a predetermined order for the fingerprints of the plurality of fingers. Information. In this case, the fingerprint authentication executed by the fingerprint authentication control unit 241a is performed on the fingerprint information obtained by the fingerprint reading unit 243b and the fingerprint authentication unit 241 with respect to the fingerprint information obtained by the user's fingerprint a plurality of times. When all the finger-fingerprint authentication information included in the authentication information matches and the order in which the fingerprint information is acquired matches the order indicated by the order information included in the fingerprint authentication information, it is determined that the authentication is successful. Can do. As a result, in the information processing apparatus 200, authentication is performed on the fingerprints of a plurality of fingers of the user, and the order in which the user who is the subject of authentication reads the fingerprints is also subject to authentication determination, thus improving security. Can be made.

Further, the authentication information storage unit 241b may store a plurality of pieces of identification authentication information corresponding to the one-touch button operated by the user. Then, the information processing apparatus 200 may include an application activation information storage unit (not shown) that stores application activation information that associates identification authentication information with an application activated by the operating system 260. Furthermore, the operating system 260 may determine which identification / authentication information has succeeded in identification / authentication when executing the one-touch button authentication. In this case, the operating system 260 determines the application to be activated based on the application activation information stored in the application activation information storage unit and the results of determination by the fingerprint authentication control unit 241a and the operating system 260, and the determined application Can be started. As a result, the information processing apparatus 200 can start different applications based on the one-touch button operated by the user, so that the user can select an application to be started by operating the one-touch button.

Also, an application activation information storage unit that stores application activation information that associates fingerprints of a plurality of different fingers of the same user with applications activated by the operating system 260 may be provided. The fingerprint authentication information may include finger-specific fingerprint authentication information set for each of a plurality of different fingerprints of the same user. Then, the operating system 260 may determine which fingerprint of the user's finger is successful when executing the fingerprint authentication. In this case, the operating system 260 determines the application to be activated based on the application activation information stored in the application activation information storage unit and the results of determination by the fingerprint authentication control unit 241a and the operating system 260, and the determined application Can be started. As a result, the information processing apparatus 200 can start different applications based on the finger that the user has read the fingerprint, so the user can select the application that is started by the finger that reads the fingerprint. become.

In this embodiment, the fingerprint authentication control unit 241a performs fingerprint authentication and one-touch button authentication. Normally, when different authentication methods are combined, such as fingerprint authentication and handwriting authentication, it is necessary to perform processing separately for each authentication device, so the time required to complete all authentication processing is prolonged. It will be. On the other hand, in the present embodiment, the same control unit executes fingerprint authentication and handwriting authentication, so that the time required for authentication can be shortened even when a plurality of types of authentication processes are executed.

As described above, according to the present embodiment, the process of opening / closing and calling each driver and library in each application can be simplified, so that the process can be simplified.

Next, processing executed in the present embodiment will be described.
FIG. 19 is a flowchart illustrating an authentication processing procedure according to the second embodiment. The authentication process shown in FIG. 19 is a process executed by the information processing apparatus 200 (described above in FIG. 18). This authentication process is a process for performing authentication performed when the information processing apparatus 200 accepts an application activation instruction from the user and activates the application, and is a one-touch operation unit 242 (described above in FIG. 18) by the user. Execution is started based on an application activation operation by operating a button (not shown). At this time, when the user operates the one-touch operation unit 242 corresponding to the application to be activated, the embedded controller 251 (described above in FIG. 18) receives the operation of the one-touch operation unit 242 operated by the user. As a result, the information processing apparatus 200 starts an authentication process for starting an application corresponding to the operated one-touch operation unit 242.

[Step S21] The keyboard controller 251a (described above in FIG. 18) transmits a key code corresponding to the one-touch operation unit 242 whose operation has been received by the embedded controller 251 to the keyboard driver 261a (described above in FIG. 18). At this time, the keyboard controller 251a transmits the received key code to the fingerprint authentication unit 241 (described above in FIG. 18) via the I / O controller 251c (described above in FIG. 18).

[Step S22] The operating system 260 (described above in FIG. 18) displays a fingerprint authentication message window 221d (described later in FIG. 22) on the display screen of the LCD (not shown) of the information processing apparatus 200.

[Step S23] The fingerprint authentication unit 241 starts reading the fingerprint of the user by the fingerprint reading unit 243b (described above in FIG. 18). At this time, the fingerprint authentication control unit 241a (described above in FIG. 18) requests the fingerprint reading unit 243b to transmit the fingerprint information until it receives the fingerprint information obtained as a result of the fingerprint reading. Note that the fingerprint authentication control unit 241a stops fingerprint authentication when there is no transmission of fingerprint information for a certain period of time.

[Step S24] The fingerprint authentication control unit 241a reads out and acquires the fingerprint authentication information corresponding to the key code transmitted in step S21 from the authentication information storage unit 241b (described above in FIG. 18).

[Step S25] The fingerprint authentication control unit 241a performs authentication by comparing the fingerprint information acquired by the fingerprint reading unit 243b and the fingerprint information corresponding to the key code acquired from the authentication information storage unit 241b. Determine whether or not. If the authentication is successful, the process proceeds to step S26. On the other hand, if the authentication fails, the process proceeds to step S27.

[Step S26] The operating system 260 activates the application that is the target of the activation instruction by the user. Thereafter, the authentication process ends.
[Step S27] The operating system 260 displays an error related to the activation of the application that is the target of the activation instruction by the user on the LCD display screen. Thereafter, the authentication process ends.

The authentication process according to the present embodiment is started when the information processing apparatus 200 detects an application activation instruction by an operation of the user's one-touch operation unit 242, but is not limited thereto. Execution may be started when the user logs in to the information processing apparatus 200 such as when the one-touch operation unit 242 is operated as an operation for displaying a login screen (not shown).

In the present embodiment, when the fingerprint authentication in step S25 fails, an error display is performed in step S27, but another fingerprint reading may be attempted.
20 and 21 are sequence diagrams illustrating a procedure at the time of authentication according to the second embodiment.

Here, “user interface” in the figure is an input device operated by the user and an output device for displaying a screen. Specifically, the keyboard 231, the one-touch operation unit 242, the fingerprint reading unit 243 b, the LCD included in the information processing apparatus 200 and the like described above with reference to FIG.

Also, the “fingerprint authentication unit” in the figure is the fingerprint authentication unit 241 described above with reference to FIG. As described above, the fingerprint authentication unit 241 includes the fingerprint authentication control unit 241a and the authentication information storage unit 241b.

Further, “controller” in the figure is a control unit that controls input devices such as the keyboard 231 and the one-touch operation unit 242, and includes the embedded controller 251, the keyboard controller 251a, the I / O controller 251c, and the like.

Further, “operating system” in the figure is the operating system 260 and the libraries and drivers included in the operating system 260 described above with reference to FIG.

Hereinafter, a procedure at the time of authentication in the information processing apparatus 200 will be described with reference to the drawings.
[Step S201] The one-touch operation unit 242 accepts a pressing operation of a one-touch button (not shown) by the user.

[Step S202] The keyboard controller 251a detects the pressing operation of the one-touch button in step S201.
[Step S203] The keyboard controller 251a transmits a key code corresponding to the operated one-touch button to the keyboard driver 261a based on the pressing operation of the one-touch button detected in Step S202. Further, the I / O controller 251c transmits a key code corresponding to the operated one-touch button to the fingerprint authentication unit 241.

Here, the keyboard driver 261a further transmits the received key code to the one-touch operation unit driver 261e. This key code is transmitted to the one-touch operation unit library 262e by the one-touch operation unit driver 261e. The one-touch operation unit library 262e activates an application based on the received key code when fingerprint authentication described later is successful. The fingerprint authentication unit 241 performs fingerprint authentication using fingerprint authentication information corresponding to the received key code.

[Step S204] The operating system 260 executes processing for starting fingerprint authentication. Specifically, as described later, the operating system 260 causes the fingerprint authentication driver 261d to activate the fingerprint authentication unit 241. Further, a fingerprint authentication message window 221d (described later in FIG. 22) is displayed on a graphic processing device (not shown) included in the information processing device 200.

[Step S205] The graphic processing apparatus displays a fingerprint authentication message window 221d on the LCD.
[Step S206] The fingerprint authentication control unit 241a activates the fingerprint reading unit 243b. As a result, the user's fingerprint can be read.

[Step S207] The fingerprint reading unit 243b reads the user's fingerprint and obtains fingerprint information. The acquired fingerprint information is transmitted to the fingerprint authentication control unit 241a.
[Step S221] The fingerprint authentication control unit 241a reads fingerprint authentication information corresponding to the key code transmitted in step S203 from the authentication information storage unit 241b. Next, the fingerprint authentication control unit 241a compares and compares the fingerprint information of the fingerprint read by the fingerprint reading unit 243b in step S207 with the fingerprint authentication information read from the authentication information storage unit 241b, thereby authenticating the user's fingerprint. Do. Thereby, the legitimacy of the user who tries to start the application is determined based on the fingerprint.

[Step S222] The fingerprint authentication control unit 241a transmits a fingerprint authentication verification result, which is a verification result of fingerprint authentication, to the fingerprint authentication driver 261d.
[Step S223] The fingerprint authentication driver 261d that has received the fingerprint authentication verification result transmitted from the fingerprint authentication control unit 241a transmits the fingerprint authentication verification result to the fingerprint authentication library 262d. Furthermore, the fingerprint authentication library 262d that has received the fingerprint authentication collation result transmitted from the fingerprint authentication driver 261d has succeeded in the fingerprint authentication of the user performed by the fingerprint authentication control unit 241a in step S221 based on the fingerprint authentication collation result. It is determined whether or not. Further, the fingerprint authentication library 262d transmits the fingerprint authentication determination result to the one-touch operation unit library 262e.

[Step S224] If the determination result of the received fingerprint authentication is successful, the operating system 260 performs display control when the user is successfully authenticated. Specifically, as will be described later, the one-touch operation unit library 262e ends the display of the fingerprint authentication message window 221d on the graphic processing device.

If the determination result of the fingerprint authentication is an authentication failure, the operating system 260 terminates the display of the fingerprint authentication message window 221d and displays an error display on the LCD display screen as described above with reference to FIG. End the authentication process.

[Step S225] The graphic processing device ends the display of the fingerprint authentication message window 221d displayed on the LCD display screen.
[Step S226] The one-touch operation unit library 262e activates the application that is the target of the activation operation of the user's application.

Next, a display screen displayed in the present embodiment will be described.
FIG. 22 is a diagram illustrating a fingerprint authentication message window according to the second embodiment. A fingerprint authentication message window 221d shown in FIG. 22 is an example of a window displayed on the LCD display screen of the information processing apparatus 200 (described above in FIG. 18). In the fingerprint authentication message window 221d, a message and an image for guiding the user to read the fingerprint are displayed.

In the fingerprint authentication message window 221d, for example, a message “Please slide your finger against the sensor” and an image for guiding fingerprint reading are displayed. The fingerprint authentication message window 221d has a cancel button 221d2.

The cancel button 221d2 is a button for canceling fingerprint reading. By operating the cancel button 221d2, the user can cancel the fingerprint reading and cancel the activation of the application without performing fingerprint authentication.

As described above, according to the second embodiment, in the information processing apparatus 200, by using authentication with a one-touch button and fingerprint authentication together, the accuracy of user authentication is increased, so that security is improved.

Further, when the fingerprint authentication control unit 241a executes fingerprint authentication and handwriting authentication processing, the same processing unit continuously performs a plurality of authentication processes. As a result, the process of exchanging data between processing units that perform authentication can be omitted, and the time required for authentication can be shortened even when a plurality of types of authentication processes are executed.

In addition, by performing the authentication from the key code corresponding to the one-touch button to the fingerprint authentication by the fingerprint authentication unit 241 configured with a one-chip IC, the authentication process is concealed from the outside, so that cracks can be prevented. Yes, it increases safety.

[Third Embodiment]
Next, a third embodiment will be described. Differences from the first embodiment will be mainly described, and the same reference numerals are used for the same matters, and descriptions thereof are omitted.

In the third embodiment, a user is identified by reading ID information (identification information) stored in an IC card possessed by the user, and fingerprint authentication of the user is performed using fingerprint authentication information corresponding to the identified user. This is different from the first embodiment in that

FIG. 23 is a block diagram illustrating a configuration of the information processing apparatus according to the third embodiment. An information processing apparatus 300 illustrated in FIG. 23 includes a fingerprint authentication unit 341, an embedded controller 351, an operating system 360, and an application program 370.

The information processing apparatus 300 includes a fingerprint reading unit 343b and a card reader 344 at the lowest layer. The information processing apparatus 300 includes an embedded controller 351 in the upper layer of the card reader 344. In addition, the information processing apparatus 300 includes a fingerprint authentication unit 341 in the upper layer of the fingerprint reading unit 343b.

In the upper layer of the fingerprint authentication unit 341 and the embedded controller 351, an operating system 360 is provided via a bus 307. An application program 370 is provided in the upper layer of the operating system 360.

The fingerprint authentication unit 341 includes a fingerprint authentication control unit 341a and an authentication information storage unit 341b. The fingerprint authentication control unit 341a and the authentication information storage unit 341b are mounted on the same chip. In addition, a fingerprint reading unit 343 b is connected to the fingerprint authentication unit 341.

The fingerprint authentication control unit 341a performs fingerprint authentication by comparing the fingerprint information acquired by the fingerprint authentication unit 341 and the fingerprint reading unit 343b with the fingerprint authentication information stored in the authentication information storage unit 341b. The card reader 344 and the embedded controller 351 use the ID information stored in the user's IC card (not shown) read by the card reader 344 as identification information. Then, the I / O controller 351c transmits the ID information to the fingerprint authentication unit 341. The fingerprint authentication unit 341 that has received the ID information compares the received ID information with the identification authentication information stored in the authentication information storage unit 341b to perform card ID information authentication. The operating system 360 authenticates the user as valid when the fingerprint authentication based on the fingerprint authentication information acquired by the card ID information authentication is successful. That is, the fingerprint authentication control unit 341a and the operating system 360 acquire the ID information stored in the IC card read by the card reader 344, and execute the fingerprint authentication using the fingerprint authentication information corresponding to the acquired ID information. To do. The fingerprint authentication control unit 341a and the operating system 360 function as an authentication control unit.

The fingerprint authentication unit 341 and the fingerprint reading unit 343b read the fingerprint of the user's finger. Based on the read user fingerprint, fingerprint information, which is information acquired from the user fingerprint to authenticate the user, is acquired. This fingerprint information is information obtained for use in fingerprint authentication for determining whether or not to execute the above-described processing such as execution of an application, and is information indicating the characteristics of the fingerprint of a legitimate user's finger. .

A user who intends to cause the information processing apparatus 300 to execute a process whose execution is restricted by a person other than the above-mentioned authorized user is authenticated with the fingerprint of the user's pre-registered finger in order to be authenticated. The fingerprint authentication unit 341 and the fingerprint reading unit 343b included in the processing device 300 are read. The fingerprint information is generated by the fingerprint authentication library 362d extracting the characteristics of the fingerprint from the information acquired by the fingerprint reading unit 343b reading the fingerprint. Thereby, the fingerprint information of the user is acquired. The fingerprint authentication unit 341, the fingerprint reading unit 343b, and the fingerprint authentication library 362d function as a fingerprint information acquisition unit.

The authentication information storage unit 341b is information set in advance for use in authentication of whether or not the user is valid, and stores fingerprint authentication information for authenticating the user by comparing with the fingerprint information. This fingerprint authentication information is information that the information processing apparatus 300 has in advance, and is information that indicates the characteristics of a fingerprint extracted by reading a legitimate user's fingerprint. The fingerprint authentication information is set for each user.

Further, the authentication information storage unit 341b stores identification authentication information that is set in advance for use in authentication of whether or not the user is valid and authenticates the user by comparing with the identification information. The identification authentication information is information that the information processing apparatus 300 has in advance, and makes it possible to identify the ID of the user who uses the information processing apparatus 300 from other users and persons who do not have a valid use authority other than the user. Information. The identification authentication information is information that can be compared with the identification information. The identification authentication information is information that associates ID information stored in an IC card possessed by each user with fingerprint authentication information of each user.

Card ID information authentication is performed by acquiring fingerprint authentication information associated with ID information which is identification information stored in an IC card held by a user who is authenticated. Here, the ID information of the one-touch button operated by the user and the fingerprint authentication information of each user are associated by the identification authentication information.

The fingerprint authentication is performed by comparing the feature point extracted by reading the user's fingerprint indicated by the fingerprint information with the feature point indicated by the preset fingerprint authentication information.
The card reader 344 acquires ID information stored in an IC card held by the user as identification information that is information for authenticating the user and is different from the fingerprint information. The card reader 344 can be electrically connected to the IC card by wireless communication, and can read information such as ID information from the connected IC card. In this embodiment, the card reader 344 acquires ID information by wireless communication. However, the present invention is not limited to this, contact communication connected by a cable, a terminal, or the like, reading of information recorded on a magnetic material, barcode Alternatively, it may be acquired by reading optically recorded information such as a QR code. In this embodiment, an IC card is used. However, the present invention is not limited to this, and any medium capable of storing information such as a magnetic card, a small memory, and an optical disk is sufficient.

This identification information is information acquired for executing the above-described processing, and identifies the ID of the user who uses the information processing apparatus 300 from other users and those who do not have a valid use authority other than the user. It is information that makes it possible. The card reader 344 and the embedded controller 351 function as an identification information acquisition unit.

The embedded controller 351 has functions such as power management for the information processing apparatus 300, and also includes a card reader controller 351f and an I / O controller 351c.
The card reader controller 351f periodically monitors the card reader 344 and transmits information acquired by the card reader 344 to the operating system 360 via the bus 307. The I / O controller 351c transmits the ID information acquired by the card reader 344 to the fingerprint authentication unit 341.

Communication between the embedded controller 351 and the operating system 360 and communication between the fingerprint authentication unit 341 and the operating system 360 are performed via the bus 307.

Information such as ID information transmitted from the card reader controller 351f is transmitted to the card reader driver 361f and the card reader library 362f of the operating system 360 via the bus 307. The ID information can also be transmitted to the fingerprint authentication driver 361d and the fingerprint authentication library 362d via the card reader driver 361f.

The operating system 360 is software that manages the entire information processing apparatus 300 by defining functions of each part of the information processing apparatus 300. The operating system 360 includes a card reader driver 361f, a fingerprint authentication driver 361d, a card reader library 362f, and a fingerprint authentication library 362d.

The operating system 360 accepts a user's activation instruction for the information processing apparatus 300 or a login instruction for instructing to start accepting login, an application activation instruction for instructing application activation, or an application execution instruction for instructing execution of the application. The operating system 360 functions as a control unit.

When the operating system 360 accepts an instruction such as an application activation instruction from the user, if the process corresponding to the above instruction is a process that is restricted to a user other than a valid user, the operating system 360 is based on the accepted instruction. Then, the operating system 360 performs card ID information authentication, and then causes the fingerprint authentication control unit 341a to perform fingerprint authentication. Then, when the user is authenticated by the fingerprint authentication by the fingerprint authentication control unit 341a, based on the above instruction, processing authorized by the authorized user, such as activation of an application, is executed.

The operating system 360 acquires ID information (identification information) stored in the IC card based on reading of the IC card held by the user by the card reader 344 as card ID information authentication. As for this ID information, the fingerprint authentication control unit 341a acquires the fingerprint authentication information of the user associated with the acquired ID information by the identification authentication information, and the fingerprint authentication acquired based on the card ID information authentication as the fingerprint authentication The legitimacy of the user is determined by comparing the information with the fingerprint information acquired by the fingerprint reading unit 343b.

The application program 370 includes an application 371 f that acquires information input by the card reader 344 and an application 371 c that is executed when authentication by the information processing apparatus 300 is successful.

In the present embodiment, when the embedded controller 351 receives ID information based on reading by the card reader 344, the embedded controller 351 transmits the received ID information to the fingerprint authentication unit 341 via the I / O controller 351c.

The fingerprint authentication unit 341 that has received the ID information reads the identification authentication information from the authentication information storage unit 341b. The fingerprint authentication unit 341 reads fingerprint authentication information associated with the ID information by the identification authentication information from the authentication information storage unit 341b, and the fingerprint based on the read fingerprint authentication information and the fingerprint read by the fingerprint reading unit 343b. Fingerprint authentication is performed based on information.

The ID information may be transmitted to the fingerprint authentication unit 341 via the card reader controller 351f and the operating system 360.
The fingerprint authentication information according to the present embodiment includes finger-specific fingerprint authentication information set for a plurality of fingerprints of different fingers of the same user, and an order indicating a predetermined order for the fingerprints of the plurality of fingers. Information. In this case, the fingerprint authentication executed by the fingerprint authentication control unit 341a is the fingerprint information based on the fingerprint read by the fingerprint reading unit 343b and the fingerprint authentication unit 341 for the fingerprint information obtained by the user's fingerprint a plurality of times. When all the finger-fingerprint authentication information included in the authentication information matches and the order in which the fingerprint information is acquired matches the order indicated by the order information included in the fingerprint authentication information, it is determined that the authentication is successful. Can do. As a result, in the information processing apparatus 300, authentication is performed on the fingerprints of a plurality of fingers of the user, and the order in which the user who is the authentication target reads the fingerprints is also subject to authentication determination, thus improving security. Can be made.

Further, the authentication information storage unit 341b may prepare a plurality of IC cards owned by the user for the user, and may further change the ID information stored in each IC card. A plurality of identification authentication information corresponding to each ID information may be stored. The information processing apparatus 300 may include an application activation information storage unit (not shown) that stores application activation information that associates identification authentication information with an application activated by the operating system 360. Further, the operating system 360 may determine which identification / authentication information has succeeded in identification / authentication when executing card ID information authentication. In this case, the operating system 360 determines an application to be activated based on the application activation information stored in the application activation information storage unit and the determination result by the fingerprint authentication control unit 341a and the operating system 360, and the determined application Can be started. As a result, the information processing apparatus 300 can start different applications based on the ID information read from the user's IC card. Therefore, the user selects an application to be started by the read IC card. Is possible.

Also, an application activation information storage unit that stores application activation information that associates fingerprints of a plurality of different fingers of the same user with applications activated by the operating system 360 may be provided. The fingerprint authentication information may include finger-specific fingerprint authentication information set for each of a plurality of different fingerprints of the same user. Then, the operating system 360 may determine which fingerprint of the user's finger is successful when executing the fingerprint authentication. In this case, the operating system 360 determines an application to be activated based on the application activation information stored in the application activation information storage unit and the determination result by the fingerprint authentication control unit 341a and the operating system 360, and the determined application Can be started. As a result, the information processing apparatus 300 can start different applications based on the finger that the user has read the fingerprint, so the user can select the application that is started by the finger that reads the fingerprint. become.

In this embodiment, the fingerprint authentication control unit 341a performs fingerprint authentication and card ID authentication. Normally, when different authentication methods are combined, such as fingerprint authentication and card ID authentication, it is necessary to perform processing separately for each authentication device, so the time required to complete all authentication processing is prolonged. Will do. On the other hand, in the present embodiment, the same control unit executes fingerprint authentication and card ID authentication, so that the time required for authentication can be shortened even when a plurality of types of authentication processes are executed.

Next, processing executed in the present embodiment will be described.
FIG. 24 is a flowchart illustrating an authentication processing procedure according to the third embodiment. The authentication process shown in FIG. 24 is a process executed by the information processing apparatus 300 (described above in FIG. 23). This authentication process is a process of performing authentication when the information processing apparatus 300 receives an application activation instruction from the user and activates the application, and includes a one-touch button (not illustrated) included in a one-touch operation unit (not illustrated) by the user. Execution is started based on the application activation operation by the operation of (omitted). At this time, the user operates the one-touch operation unit corresponding to the application to be activated, so that the embedded controller 351 (described above in FIG. 23) receives the operation of the one-touch operation unit operated by the user. As a result, the information processing apparatus 300 starts an authentication process for starting an application corresponding to the operated one-touch operation unit.

[Step S31] The card reader controller 351f (described above in FIG. 23) receives the ID information stored in the user's IC card (not shown) by the card reader 344 (described above in FIG. 23) via the embedded controller 351. By reading, the user's ID information is acquired. Next, the card reader controller 351f transmits the acquired ID information to the card reader driver 361f (described above in FIG. 23). At this time, the card reader controller 351f transmits the received ID information to the fingerprint authentication unit 341 (described above in FIG. 23) via the I / O controller 351c (described above in FIG. 23).

[Step S32] The operating system 360 (described above in FIG. 23) displays a fingerprint authentication message window (not shown) including a display for guiding the user to read the fingerprint on the display screen of the LCD (not shown) of the information processing apparatus 300. indicate.

[Step S33] The fingerprint authentication unit 341 starts reading the fingerprint of the user by the fingerprint reading unit 343b (described above in FIG. 23). At this time, the fingerprint authentication control unit 341a (described above in FIG. 23) requests the fingerprint reading unit 343b to transmit the fingerprint information until receiving the fingerprint information obtained as a result of the fingerprint reading. Note that the fingerprint authentication control unit 341a stops the fingerprint authentication when there is no transmission of fingerprint information for a certain period of time.

[Step S34] The fingerprint authentication control unit 341a reads out and acquires the fingerprint authentication information corresponding to the ID information transmitted in step S31 from the authentication information storage unit 341b (described above in FIG. 23).

[Step S35] The fingerprint authentication control unit 341a compares the fingerprint information acquired by the fingerprint reading unit 343b and the fingerprint information corresponding to the ID information acquired from the authentication information storage unit 341b, and performs authentication. Determine whether or not. If the authentication is successful, the process proceeds to step S36. On the other hand, if the authentication fails, the process proceeds to step S37.

[Step S36] The operating system 360 activates the application that is the target of the activation instruction by the user. Thereafter, the authentication process ends.
[Step S37] The operating system 360 displays on the LCD display screen an error regarding the activation of the application that is the target of the activation instruction by the user. Thereafter, the authentication process ends.

The authentication process of the present embodiment is started when the information processing apparatus 300 detects an application activation instruction by a user operation, but is not limited to this. For example, a login screen (not shown) is displayed. Execution may be started when the user logs in to the information processing apparatus 300 when an operation to display is performed.

In this embodiment, when the fingerprint authentication in step S35 fails, an error display is performed in step S37, but another fingerprint reading may be attempted.
25 and 26 are sequence diagrams illustrating a procedure at the time of authentication according to the third embodiment.

Here, “user interface” in the figure is an input device operated by the user and an output device for displaying a screen. Specifically, the fingerprint reading unit 343b, the card reader 344, the LCD included in the information processing apparatus 300 described above with reference to FIG.

Also, the “fingerprint authentication unit” in the figure is the fingerprint authentication unit 341 described above with reference to FIG. As described above, the fingerprint authentication unit 341 includes the fingerprint authentication control unit 341a and the authentication information storage unit 341b.

Further, “controller” in the figure is a control unit that controls an input device such as a card reader 344, and includes an embedded controller 351, an I / O controller 351c, a card reader controller 351f, and the like.

Also, “operating system” in the figure is the operating system 360 and the libraries and drivers of the operating system 360 described above with reference to FIG.

Hereinafter, a procedure at the time of authentication in the information processing apparatus 300 will be described with reference to the drawings.
[Step S301] The card reader 344 reads and acquires ID information from the user's IC card (not shown). This ID information is transmitted to the card reader controller 351f.

[Step S302] The card reader controller 351f detects the ID information of the IC card read in step S301.
[Step S303] The card reader controller 351f transmits the ID information of the IC card detected in step S302 to the card reader driver 361f. Also, the I / O controller 351c transmits the detected ID information of the IC card to the fingerprint authentication unit 341.

Here, the card reader driver 361f further transmits the received ID information to the card reader library 362f. If the card reader library 362f succeeds in fingerprint authentication described later, the card reader library 362f activates the application based on the received ID information. The fingerprint authentication unit 341 performs fingerprint authentication using fingerprint authentication information corresponding to the received ID information.

[Step S304] The operating system 360 executes processing for starting fingerprint authentication. Specifically, as will be described later, the card reader driver 361f causes the fingerprint authentication driver 361d to activate the fingerprint authentication unit 341. Further, a fingerprint authentication message window (not shown) is displayed on a graphic processing device (not shown) included in the information processing apparatus 300.

[Step S305] The graphic processing device displays a fingerprint authentication message window on the LCD.
[Step S306] The fingerprint authentication control unit 341a activates the fingerprint reading unit 343b. As a result, the user's fingerprint can be read.

[Step S307] The fingerprint reading unit 343b reads the fingerprint of the user and acquires fingerprint information. The acquired fingerprint information is transmitted to the fingerprint authentication control unit 341a.
[Step S321] The fingerprint authentication control unit 341a reads fingerprint authentication information corresponding to the ID information transmitted in step S303 from the authentication information storage unit 341b. Next, the fingerprint authentication control unit 341a compares the fingerprint information of the fingerprint read by the fingerprint reading unit 343b in step S307 with the fingerprint authentication information read from the authentication information storage unit 341b and collates them to authenticate the user's fingerprint. Do. Thereby, the legitimacy of the user who tries to start the application is determined based on the fingerprint.

[Step S322] The fingerprint authentication control unit 341a transmits a fingerprint authentication collation result, which is a fingerprint authentication collation result, to the fingerprint authentication driver 361d.
[Step S323] The fingerprint authentication driver 361d that has received the fingerprint authentication verification result transmitted from the fingerprint authentication control unit 341a transmits the fingerprint authentication verification result to the fingerprint authentication library 362d. Furthermore, the fingerprint authentication library 362d that has received the fingerprint authentication collation result transmitted from the fingerprint authentication driver 361d has succeeded in the fingerprint authentication of the user performed by the fingerprint authentication control unit 341a in step S321 based on the fingerprint authentication collation result. It is determined whether or not.

[Step S324] If the received determination result of the fingerprint authentication is successful, the operating system 360 performs display control when the user is successfully authenticated. Specifically, as will be described later, the fingerprint authentication library 362d ends the display of the fingerprint authentication message window on the graphic processing device.

If the fingerprint authentication determination result is authentication failure, the operating system 160 terminates the display of the fingerprint authentication message window and displays an error display on the LCD display screen as described above with reference to FIG. End the process.

[Step S325] The graphic processing device ends the display of the fingerprint authentication message window displayed on the LCD display screen.
[Step S326] The fingerprint authentication library 362d activates the application that is the target of the activation operation of the user's application.

As described above, according to the third embodiment, in the information processing apparatus 300, by using the authentication based on the ID information of the user's IC card and the fingerprint authentication together, the accuracy of the user authentication is increased, so that the security is improved. .

Further, when the fingerprint authentication control unit 341a executes fingerprint authentication and card ID authentication processing, the same processing unit continuously performs a plurality of authentication processes. As a result, the process of exchanging data between processing units that perform authentication can be omitted, and the time required for authentication can be shortened even when a plurality of types of authentication processes are executed.

Further, since the authentication from the ID information read from the IC card to the fingerprint authentication is performed by the fingerprint authentication unit 341 configured with a one-chip IC, cracking can be prevented by hiding the authentication process from the outside. Yes, it increases safety.

[Fourth Embodiment]
Next, a fourth embodiment will be described. Differences from the first embodiment will be mainly described, and the same reference numerals are used for the same matters, and descriptions thereof are omitted.

In the fourth embodiment, the information processing apparatus is an automatic transaction apparatus, and is an automatic teller machine (ATM: AutomatedＴＭTeller 受け入れ Machine) that accepts and pays out deposits such as banks. The form is different.

FIG. 27 is a diagram illustrating an appearance of the automatic transaction apparatus according to the fourth embodiment. The automatic transaction apparatus 400 includes an operation screen 481, a bill input / output unit 482 a, a coin input / output unit 482 b, a passbook receiving unit 483, a receiving card receiving unit 484, a receipt issuing unit 485, a fingerprint reading unit 486 and a speaker 487.

The operation screen 481 has a display screen for displaying an image showing the contents of a transaction, an image including a message for guiding the user, and a touch panel for receiving user input. The banknote deposit / withdrawal unit 482a deposits / withdraws banknotes for accepting user deposits and dispensing user deposits. The coin deposit / withdrawal unit 482b deposits / withdraws coins for accepting the deposit of the user and paying out the deposit of the user. The passbook accepting unit 483 accepts a passbook when accepting a user's deposit, when paying out a user's deposit, and when other users wish to book. The card reception unit 484 receives a cash card or the like when the user uses it. The receipt issuing unit 485 issues a receipt in which usage details are recorded when the user uses it. The fingerprint reading unit 486 reads the user's fingerprint in order to perform fingerprint authentication of the user at the time of use. The speaker 487 outputs voice guidance and warning sound for guiding the transaction status and operation to the user.

As described above, according to the fourth embodiment, by performing authentication other than fingerprint authentication in the automatic transaction apparatus 400, the accuracy of user authentication for the user using the automatic transaction apparatus 400 is improved. Security increases because it increases.

Also, by performing fingerprint authentication with a fingerprint authentication unit (not shown) configured with a one-chip IC, the fingerprint authentication process is concealed from the outside, so that cracks can be prevented and safety is improved.

Note that the above processing functions can be realized by a computer. In that case, a program describing the processing contents of the functions that the information processing apparatuses 100, 200, 300 and the automatic transaction apparatus 400 should have is provided. By executing the program on a computer, the above processing functions are realized on the computer.

The program describing the processing content can be recorded on a computer-readable recording medium. Examples of the computer-readable recording medium include a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Magnetic recording devices include HDDs, flexible disks (FD), magnetic tapes (MT) and the like. Optical discs include DVD (Digital Versatile Disc), DVD-RAM, CD-ROM (Compact Disc-Read Only Memory), CD-R (Recordable) / RW (ReWritable), and the like. Magneto-optical recording media include MO (Magneto-Optical Disk).

When distributing the above program, for example, a portable recording medium such as a DVD or CD-ROM in which the program is recorded is sold. It is also possible to store the program in a server computer and transfer the program from the server computer to another computer via a network.

The computer that executes the program stores, for example, the program recorded on the portable recording medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. The computer can also read the program directly from the portable recording medium and execute processing according to the program. Further, each time the program is transferred from the server computer, the computer can sequentially execute processing according to the received program.

Although the disclosed information processing apparatus, authentication program, and authentication method have been described based on the illustrated embodiment, the configuration of each unit can be replaced with an arbitrary configuration having the same function. In addition, any other component or process may be added to the disclosed technology. Further, the disclosed technique may be a combination of any two or more of the above-described embodiments.

The above merely shows the principle of the present invention. In addition, many variations and modifications can be made by those skilled in the art, and the disclosed technology is not limited to the exact configurations and applications shown and described above, and all corresponding variations and equivalents are The scope of the invention is to be determined by the appended claims and their equivalents.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Information processing apparatus 1a Control part 1b Fingerprint information acquisition part 1c Identification information acquisition part 1d Authentication control part 1e Fingerprint authentication information storage part 1f Identification authentication information storage part

Claims

A fingerprint information acquisition unit that acquires fingerprint information that is information acquired from the fingerprint of the user to authenticate the user;
An identification information acquisition unit that acquires identification information that is information for authenticating the user and is different from the fingerprint information;
A fingerprint authentication information storage unit for storing fingerprint authentication information to be used for authentication of whether or not the user is legitimate and to authenticate the user by comparing with the fingerprint information When,
An identification authentication information storage unit for storing identification authentication information for authenticating the user by comparison with the identification information, which is information set in advance for use in authentication of whether or not the user is valid;
The fingerprint information acquired by the fingerprint information acquisition unit is compared with the fingerprint authentication information stored in the fingerprint authentication information storage unit to perform a first authentication and acquired by the identification information acquisition unit When the second authentication is performed by comparing the identification information with the identification authentication information stored in the identification authentication information storage unit, and the first authentication and the second authentication are successful, An authentication control unit that authenticates the user as valid;
A control unit that executes processing permitted to a legitimate user when the user is authorized by the authentication control unit;
An information processing apparatus comprising:
The identification authentication information is information based on the user's handwriting acquired in advance,
The identification information acquisition unit includes a handwriting input unit that receives the handwriting input by the user and acquires the handwriting of the user, acquires the handwriting of the user by the handwriting input unit, and acquires the handwriting The information processing apparatus according to claim 1, wherein the identification information is acquired based on the information.
The identification information acquisition unit includes an identification information input unit that receives an input of the identification information, and acquires the identification information input by the user by the identification information input unit. Information processing apparatus according to item.
The identification information is stored in advance in an identification information storage device,
The identification information acquisition unit includes the identification information storage device connection unit electrically connected to the identification information storage device, and the identification information from the identification information storage device connected by the identification information storage device connection unit. The information processing apparatus according to claim 1, wherein:
The information processing apparatus according to claim 1, wherein the authentication control unit and the fingerprint authentication information storage unit are mounted on the same chip.
The information processing apparatus according to claim 1, wherein the fingerprint authentication information storage unit and the identification information storage unit are mounted on the same chip.
The authentication control unit, after succeeding in the first authentication, causes the fingerprint information acquisition unit to acquire the fingerprint information, and based on the identification information acquired by the identification information acquisition unit 3. The information processing apparatus according to claim 2, wherein authentication is executed.
The fingerprint authentication information is set for each user,
The identification information input unit has a plurality of operation units,
The identification information is information associated with each of the operation units,
The identification authentication information is information that associates each identification information with the fingerprint authentication information of each user,
The authentication control unit acquires the identification information corresponding to the operation unit based on the operation of the operation unit by the user as the second authentication, and uses the identification authentication information for the acquired identification information. The fingerprint authentication information of the associated user is acquired, and as the first authentication, the fingerprint authentication information acquired based on the second authentication and the fingerprint information acquired by the fingerprint information acquisition unit The information processing apparatus according to claim 3, wherein comparison is made.
The identification information input unit has a plurality of operation units, and acquires the identification information by receiving input of the identification information by operation of the operation unit by the user,
The identification authentication information is information that associates each identification information with the fingerprint authentication information of each user,
The authentication control unit acquires the fingerprint authentication information of the user associated by the identification authentication information with respect to the identification information acquired by the identification information acquisition unit as the second authentication, and the first authentication 4. The information processing according to claim 3, wherein the authentication is performed by comparing the fingerprint authentication information acquired based on the second authentication with the fingerprint information acquired by the fingerprint information acquisition unit. apparatus.
The control unit receives an activation instruction of the application by the user, causes the authentication control unit to execute the first authentication and the second authentication based on the received activation instruction, and the authentication control unit The information processing apparatus according to claim 1, wherein the application is activated when the user is authenticated as valid.
The fingerprint authentication information includes finger-specific fingerprint authentication information set for fingerprints of a plurality of different fingers of the same user, and order information indicating a predetermined order for the fingerprints of the plurality of fingers. Have
In the fingerprint authentication, the fingerprint information acquired by the fingerprint information acquisition unit for the fingerprint information acquired a plurality of times for the user's fingerprint matches all the fingerprint authentication information included in the fingerprint authentication information. 2. The information processing according to claim 1, wherein when the order in which the fingerprint information is acquired matches the order indicated by the order information included in the fingerprint authentication information, the information processing is determined to be successful. apparatus.
The identification authentication information storage unit stores a plurality of the identification authentication information,
An application activation information storage unit that stores application activation information that associates the identification and authentication information with an application activated by the control unit;
The authentication control unit determines whether the identification authentication is successful with which identification authentication information at the time of execution of the identification authentication,
The control unit determines the application to be activated based on the application activation information stored in the application activation information storage unit and the result of the determination by the authentication control unit, and activates the determined application The information processing apparatus according to claim 1, wherein:
An application activation information storage unit that stores application activation information that associates fingerprints of different fingers of the same user with applications activated by the control unit;
The fingerprint authentication information has finger fingerprint authentication information set for each of the fingerprints of the plurality of different fingers of the same user,
The authentication control unit determines whether the fingerprint authentication is successful by the fingerprint of which finger of the user at the time of executing the fingerprint authentication,
The control unit determines the application to be activated based on the application activation information stored in the application activation information storage unit and the result of the determination by the authentication control unit, and activates the determined application The information processing apparatus according to claim 1, wherein:
Computer
A fingerprint information acquisition unit for acquiring fingerprint information, which is information acquired from the fingerprint of the user to authenticate the user;
An identification information acquisition unit for acquiring identification information that is information for authenticating the user and is different from the fingerprint information;
The fingerprint information acquired by the fingerprint information acquisition unit and the information stored in advance in the fingerprint authentication information storage unit and used for authentication as to whether or not the user is valid, the fingerprint information Is compared with fingerprint authentication information for authenticating the user to execute first authentication, and the identification information acquired by the identification information acquisition unit and stored in the identification authentication information storage unit Information set in advance for use in authenticating whether the user is valid or not, and compared with the identification authentication information for authenticating the user by comparing with the identification information. An authentication control unit that executes authentication and authenticates the user as valid when the first authentication and the second authentication are successful;
A control unit that executes processing permitted to a legitimate user when the user is authenticated by the authentication control unit;
An authentication program characterized by causing it to function as
An authentication method in which a computer authenticates a user,
A fingerprint information acquisition unit acquires fingerprint information that is information acquired from the user's fingerprint to authenticate the user,
An identification information acquisition unit acquires identification information that is information for authenticating the user and is different from the fingerprint information;
The authentication control unit is information set in advance for use in authentication of the fingerprint information acquired by the fingerprint information acquisition unit and whether the user stored in the fingerprint authentication information storage unit is valid. And comparing the fingerprint information with the fingerprint authentication information for authenticating the user to execute the first authentication, and the identification information acquired by the identification information acquisition unit and the identification authentication Compared with identification authentication information for authenticating the user by comparing with the identification information, which is set in advance for use in authentication whether the user stored in the information storage unit is valid or not The second authentication is performed, and when the first authentication and the second authentication are successful, the user is authenticated as valid,
An authentication method, wherein a control unit executes a process permitted to a valid user when the authentication control unit authenticates the user as valid.