JP2006260603A - Method, system and device for authenticating person - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a new improved method, its system and device capable of authenticating a user or a user group of a communication terminal device. <P>SOLUTION: Biometric keys of a user updated in a point of presence 9 and stored in a biometric server 10 and a personal SIM card 3 are collected. Authentication is executed by comparing the latest biometric key with a biometric key stored in the SIM card 3 by a trustable third party (TTP). The latest biometric key is retrieved from the latest video data transmitted to a communication terminal device 1 by an integrated or external video sensor 2. Use of the communication terminal device 1 can be approved or prohibited in dependence on the authentication result, or the result can be transmitted to an external device 13 having security or can be transmitted to an intermediate service provider capable of permitting or rejecting access to the device 13 and a service. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a method, system, and apparatus for authenticating a user or user group of a communication terminal device.

  In the current technology, in addition to a conventional method of authenticating a person using a photograph or a personal certificate, a method of authenticating a person using a biometric feature is known. In the latter method, a physical feature to be measured or recorded is registered as a biometric key, and is compared with a corresponding physical feature of a person to be authenticated at the time of authentication. Examples of such biometric features include fingerprints, eye features, facial contours, voice features, and the like.

German patent application publication DE 343097A1. European Patent EP 0 687 368 B1.

  The personal computer (PC) is equipped with a means such as an external video camera in particular, and this means that the personal computer's face and some features of the face are recorded during the learning process, and later authenticated. It is also known that it can be used again for. In this case, the user can access the personal computer only when the personal computer confirms the facial features again.

  In relation to a videophone, it is also known to combine a video sensor and a communication terminal device. In this case, the video phone has a structure in which a video camera is attached to a mobile phone and can be moved.

  Patent Document 1 introduces a method of transmitting data obtained by measuring a living body such as eye characteristics and fingerprints through a communication network, particularly a mobile phone, as a search concept for finding stored medical data. Yes. In this method, basically, an individual is identified by biometric features, so that the person's medical data can be accessed. However, in this case, it is not a problem to verify the authenticity of the person or to guarantee the authenticity and non-repudiation of the source of data that can be exchanged through the communication network.

  It is an object of the present invention to propose a new and improved method, system and apparatus for authenticating a user or user group of a communication terminal device.

  In the present invention, this object is achieved in particular by the elements presented in the characterizing part of each claim. This object is also achieved by the system of claim 45. Other superior embodiments arise from the dependent claims and the description.

  In particular, the present invention achieves these objects by the following method. That is, body features are securely stored in a personal SIM card as biometric keys, and the user inserts the SIM card into a communication device. When the communication device obtains the actual latest physical characteristics and the biometric key from the user, the communication device authenticates the user by comparing them with the biometric key stored in the SIM card. The advantages of this method can be summarized as follows: passwords can be forgotten or mistyped, and SIM cards can be stolen or misused for misuse. In the case of a personal card, the user can be authenticated in a different communication terminal without the above. Another advantage is that a SIM card for a certain user group is prepared and the biometric keys of all users belonging to the group can be stored.

  In order to prevent authentication from being performed in an unauthorized manner, such as imitating a physical feature with a photograph, body movement is also incorporated into the biometric key.

  In the case of the present invention, by authenticating the user through the communication terminal device, the user can be permitted or prohibited from using the communication terminal device according to the authentication result. In the present invention, the result of authentication can be transmitted to a device having external security through a terminal of wireless, particularly mobile communication (mobile communication), and on the side of the received external device, according to the result of authentication, Users can be permitted or prohibited to access and grant credit to services provided by external devices.

  In the present invention, the initial recording of the biometric key is performed in a point of presence (POP) connected to a certain communication network. The biometric key is safely sent from the POP to the biometric server through the communication network. In the biometric server, the biometric keys are stored in a table, in which at least one biometric key is associated with each corresponding user.

  The addition and update of biometric keys can also be performed through the POP. Further, in the present invention, when there are a plurality of biometric keys already known to the biometric server for the user, the biometric keys can be updated directly from the communication terminal device.

  In the present invention, when biometric keys are authenticated and transmitted, the confidentiality, authenticity, and transmission of data exchanged through a communication network based on the communication procedure of a security service such as a trusted third party (TTP) service. The original non-repudiation and integrity are guaranteed, and the authenticity of the sender of data exchanged at that time can be guaranteed.

  Next, the structure of the present invention will be described using an example. An example of the structure is shown in the attached figure.

  FIG. 1 shows a communication network, a mobile communication terminal device connected to the communication network and equipped with a SIM card and a video sensor, a table and a biometric server connected to the SIM server, a point-of-presence device equipped with security Is shown.

  Reference numeral 9 indicates a point of presence (POP) connected to the POS of the network operator or service company. The point of presence 9 includes one or more computers that can also be used as communication terminal devices, and preferably a personal computer or workstation connected to the communication network 5 such as the fixed network 15. Although not shown in the figure, the point of presence 9 can also use a computer connected to a peripheral device that records physical features such as a video camera. In this case, the video camera is connected to the computer via a cable and a video interface. This computer is equipped with a program that allows you to access and control peripheral devices, and in particular to read, temporarily store, and process data recorded by peripheral devices. The program also has a user interface that can be used by operators who are employees of Point of Presence 9. This user interface presents modules known to those skilled in the art to help the operator record physical features such as the user's facial appearance 7, eye pattern 6 or fingerprint 8. The above modules include, for example, a video camera adjustment module, a contrast adjustment module, a module for properly displaying each part of an image, and a biometric key derived by a program. , Including a module for displaying these biometric keys to the operator after the program has checked on the spot with the help of the client for authentication.

  Especially when recording physical features, the program must instruct the customer and operator to perform certain exercises such as moving their eyes and mouth through the user interface. In this case, it is important to mention that, as a variation, the user interface can be completely automated for recording biometric keys, and instructions can be issued directly to the customer without using an operator. In this variation, the computer is equipped with a screen and a camera, and it is configured like an automatic recording machine for passport photo recording or a bank ATM.

  In addition to visual biometric keys, it is also possible to record sound characteristics using peripheral devices such as microphones and audio interface cards and store them as biometric keys as well.

  A biometric key that has been recorded and processed by a customer can be placed in a corresponding individual user profile or associated with a user group. The program and its user interface utilize elements that can be easily implemented by professionals, and can receive personal data contained in the program or put it into the corresponding user and / or user group profiles. In this case, other security information such as a security level can be recorded. As for the security level, it is possible to subdivide the device 13 with security for different levels of access rights to various services. For example, while the access right of a certain user is limited to a call using the mobile phone 1, other users can execute other incidental functions such as number selection and special services received by the mobile phone 1. Other examples of security information that can be input / output include limiting the validity of a right to a certain period or a specific date, and restricting access rights to devices and services to a certain region. In such cases, there are location indications, personal passwords, and so on.

  It is important to manage biometric key assignments for user and user group profiles. For example, to ensure that only one operator can handle it, use multiple official identification cards with photos, and in some cases ask for confirmation from a third party, so that the conditions for authentication are strict and not misused. Must be.

  To complete the biometric key recording, the user and user group profiles and biometric keys and security information are transferred together in a secure manner in a computer program and managed via the communication network 5 Is stored in a corresponding user or a corresponding user group in the table 11 connected to the biometric server 10.

  It is obvious to a specialist that the biometric server 10 having the table 11 can be realized by various methods. For example, the table 11 is used as a data bank server, and the data bank server is installed in a computer together with the biometric measurement server, or installed in another computer connected to the computer of the biometric measurement server 10 through a communication network. Is also possible. Regarding the storage of information in the table 11, there are various variations that can be made by an expert, but details thereof will not be described here. The same information is stored in the corresponding table of the user's personal SIM card 3, preferably a GSM card, or a plurality of SIM cards 3 of the user group. In that case, the information is sent from the POP 9 to the SIM server 12 and then sent to the SIM card using a special short message via a mobile phone network such as the GSM standard according to the SICAP method disclosed in Patent Document 2. Store it. As another variation, the SIM card 3 may be input to an interface (not shown) of the computer corresponding to the POP 9 and the program may store the information in the table 4 without fail. In this way, the personal SIM card 3 is passed to the card user or user group.

  In order to securely transmit and securely store the biometric key, the confidentiality, authenticity, and source of the transmitted data are determined based on the security service communication procedure by a trusted third party (TTP) service. In addition to ensuring non-repudiation and completeness, the authenticity of the sender of the transmitted data is guaranteed. It is also possible to ensure security using the point-to-point method.

  POP9 also allows other services, especially services that update biometric keys when there are changes due to aging, or services that add other biometric keys or provide other security information. These additional services can be realized from the above description by a person skilled in the art.

  When the user inserts his / her personal SIM card 3 into the communication terminal device 1, the communication terminal device can be switched on. In this example, the communication terminal device 1 is a mobile phone 1 equipped with a video sensor 2 that records body features such as eye features 6, facial features 7, and fingerprints 8. The video sensor 2 is an interface for the SIM card 3 attached to the mobile phone 1 even if it is directly incorporated in the mobile phone 1 or through an adapter equipped with an interface for accommodating the SIM card 3. May be inserted. When the switch is turned on, the authentication program contained in the SIM card 3 is activated, and the user looks into the video sensor 2 from a display (not shown) of the mobile phone 1 or puts a specific finger on the video sensor 2. The user is instructed to wear it or to speak to the mobile phone 1. Data received from the video sensor 2 and possibly a microphone (not shown) of the mobile phone 1 is temporarily stored by an authentication program, and an actual latest biometric key is created therefrom, and the created biometric key is stored. It is compared with the biometric key 4 that has been used. In addition to such a direct comparison method, the biometric key 4 can be confirmed for authenticity and integrity even if the biometric server 10 uses a TTP service. The actual latest biometric key and the biometric key 4 stored in the SIM card 3 are compared, and a correct result is obtained. The stored biometric key 4 is also surely received by the biometric server 10. If the mobile phone 1 is authenticated, the mobile phone 1 can be freely used. On the other hand, in the opposite case, the user is prohibited from using the mobile phone 1 by a method such as turning off the mobile phone 1. The state where the user can make a call can be continued until the cellular phone 1 is switched off again, and the duration of the call can be limited. When limiting the time, the user has to authenticate again after a preset time. Such a re-authentication can be configured to be automatically performed while using the mobile phone 1.

  The SIM card 3 communicates with the biometric server 10 using a special short message. The short message in this case is sent to the SIM server 12 through the mobile phone network 16 in the communication network 5 such as GSM standard. The SIM server is connected to the communication network 5 through the connection 17, and the special short message is sent to the biometric server 10 through the connection 18 and processed according to the SICAP method disclosed in Patent Document 2. .

  In the biometric server 10, when a plurality of biometric keys 11 of the user are known, the biometric key 11 taking into account changes due to aging or the like can be directly created and updated from the mobile phone 1. This requires that the user is authenticated with at least a second biometric key that does not need to be changed and that the quality of the video information used to update the first biometric key is a predetermined minimum requirement. It is assumed that Among these minimum conditions, there are a minimum light relationship and a condition regarding image contrast, or a condition regarding a maximum difference between a new biometric key and an old biometric key.

  Among the variations, the authentication is not used for managing the use of the mobile phone 1, but rather, the result of the authentication as in the above-described embodiment is securely stored and transmitted wirelessly to the device 13 with external security. Therefore, there is also one used for determining whether or not access to the device 13 having security is permitted. Along with the authentication result, the user's personal information can also be sent to the security-equipped device 13. Therefore, the security-equipped device 13 can also permit or deny access using the personal information of the user who has been authenticated as the user. In another variation, other security information about the user such as a security level, a location display, and an expiration date display is also sent to the device 13 with security along with the authentication result, and based on the sent information. A device 13 having security can determine permission or non-permission of access. In yet another variation, when inquired, the security-equipped device 13 sends identification information to the mobile phone 1, thereby allowing the mobile phone 1 to perform security processing, display the location, Other security information of the user, such as the display of the time limit, can also be used to determine whether the user is allowed to access the device 13 with the security and to inform the device 13 with the security. It is like that. External security devices 13 include bank ATMs, video terminals for information inquiries, top-secret manufacturing factories, police dormitories, entrances to nuclear power plants, military bases, airports, factory premises, etc. It is the entrance of a building where access is controlled. The wireless transmission method can be connected without contact by an inductive connection 14 using an electric coil on the SIM card 3. The mobile phone 1 may be configured to transmit to the device 13 with security using a non-contact infrared interface or a short message. The security of transmission is ensured based on the communication procedure of the TTP service or by the point-to-point method.

  In yet another variation, the video sensor is external to the mobile phone 1, such as a device 13 with external security. In this variation, video information is recorded by an external video camera and sent to a mobile phone wirelessly for determination. As a method of sending wirelessly, the SIM card 3 can be connected without contact by the inductive connection 14 by a method of electrically scanning the SIM card 3 or the like. The security device 13 can also have a structure using a non-contact infrared interface or a short message. The security of transmission is ensured by being based on the communication procedure of the TTP service or by the point-to-point method.

  The following points should be emphasized here. That is, in addition to the mobile phone 1, if a communication terminal device such as a personal computer, a laptop computer, or a palmtop computer is also provided with the SIM card 3 and peripheral devices that record physical features, The authentication method can be executed. Further, the use of authentication is not limited to access management to the communication terminal device or the device 13 having external security, but from the communication terminal device 5 including access management to various services, particularly including the Internet. It can be expanded to manage access to available services. In the latter case, the authentication result is sent to the service provider, such as an automated Internet site, and the service provider can decide whether to allow the service based on the received result. The result of the authentication is also a service together with information about the user's access right as to whether the user has the right to use the service or the user's personal information, as shown in the relationship with the device 13 having the above security. Sent to the provider.

  It is entirely possible to provide this method and system as a paid service from a service provider to a third party interested in protecting the service provider's equipment, buildings, territories, services, etc. in exchange for a fee. .

It is a block diagram which shows the structure of the system which authenticates the person which concerns on embodiment of this invention.

Explanation of symbols

1. Communication terminal device,
2 ... Video sensor,
3 ... SIM card,
4 ... Table,
5. Communication network,
6 ... Eye pattern,
7 ... Face appearance,
8 ... fingerprint,
9 ... Point of Presence (POP),
10 ... biometric server,
11 ... Table,
12 ... SIM server,
13 ... a device with security,
14 ... Inductive connection,
15 ... fixed network,
16 ... mobile phone network,
17, 18, 19 ... connection.

Claims (60)

A method for authenticating a user of a communication terminal device,
In a point of presence (POP), recording and temporarily storing a plurality of physical features of the user;
Processing the temporarily stored physical features to extract a plurality of specific features as a plurality of biometric keys;
Storing a plurality of biometric keys in the user identification module;
Reading at least one individual biometric key from the identification module inserted into the user's communication terminal device by the communication terminal device;
Recording and temporarily storing up-to-date information relating to at least one physical feature of the user using a device for recording physical features;
Processing the temporarily stored user's latest information to extract and temporarily store at least one specific feature as the latest biometric key;
Authenticating by comparing at least one latest biometric key of the user stored temporarily with at least one biometric key stored in and read from the identification module; And a method comprising: In the step of recording and temporarily storing the latest information, the apparatus for recording the physical characteristics further records an action,
The method of claim 1, wherein the recorded action is used in the authenticating step.   The temporary storage of the latest information, its processing and further temporary storage, and execution of authentication by comparing the stored biometric keys are performed by the identification module. Or the method of 2.   Guarantees the confidentiality, authenticity, integrity and non-repudiation of the data exchanged over the communication network, at least in the transmission of a given message, and authenticates the sender of the exchanged data 4. The method according to claim 1, wherein a security service of TTP (TTP service) is used to guarantee the security. Multiple biometric keys are stored in multiple tables on the biometric server,
Using the TTP service, additional security information is recorded in the POP and stored in the plurality of tables and the identification module in the biometric server, and the additional security information is stored in the plurality of tables in the plurality of users. Assigned to each
The method according to claim 1, wherein the additional security information is used in the authentication step.   6. The method of claim 5, wherein the additional security information includes a security level.   7. The method according to claim 5, wherein the additional security information includes expiration date information.   The method according to claim 5, wherein the additional security information includes location information.   9. A method as claimed in any one of claims 5 to 8, wherein the additional security information includes a password.   The biometric key stored in the plurality of tables in the biometric server and the biometric key stored in the identification module inserted in the communication terminal device are directly from the communication terminal device using the TTP service. The method according to claim 5, wherein the method is updated.   The communication between the identification module inserted into the communication terminal device and the biometric server is performed by a special message via the identification module server. The method described in one.   12. The method according to claim 1, wherein existing information about each user is updated and supplemented in the POP using a TTP service.   13. The method according to claim 1, wherein facial features are extracted as biometric keys.   The method according to claim 1, wherein eye features are extracted as biometric keys.   The method according to claim 1, wherein a fingerprint is extracted as a biometric key.   16. The method according to claim 1, further comprising recording audio features as biometric keys along with visual features.   The method according to claim 1, wherein the recording of the latest information is performed by a device for recording the physical characteristics provided in the communication terminal device. . The recording of the latest information is executed by a device for recording the physical characteristics provided outside the communication terminal device,
The method according to claim 1, wherein the latest information is transmitted to the communication terminal device for temporary storage and further processing.   19. The method according to claim 18, wherein the transmission of the latest information to the communication terminal device is performed by induction via a coil in the identification module.   19. The method according to claim 18, wherein the transmission of the latest information to the communication terminal device is performed by infrared rays.   The method according to claim 18, wherein the transmission of the latest information to the communication terminal apparatus is performed by a short message.   The method according to any one of claims 18 to 21, wherein the latest information is transmitted to the communication terminal device using a TTP service.   The use of the communication terminal device is permitted when the authenticity of the user is guaranteed, but the use of the communication terminal device is not permitted when the authenticity of the user is not guaranteed. 23. A method according to any one of claims 1 to 22. A communication terminal device for a radiotelephone comprising an interface for accommodating an identification module and a device for recording physical characteristics,
Storage means for storing a plurality of biometric keys;
Processing means for extracting a plurality of specific features from the plurality of physical features;
A communication terminal device comprising comparison means for comparing these specific features against the stored biometric key.   25. The communication terminal apparatus according to claim 24, wherein the communication terminal apparatus includes a mobile radio telephone in which a video sensor for recording physical characteristics is directly incorporated.   25. The communication terminal device according to claim 24, further comprising an adapter in which a video sensor for recording physical characteristics is incorporated.   27. An identification module provided in an interface for accommodating the identification module, wherein the identification module stores the plurality of biometric keys. The communication terminal device according to 1.   28. The communication terminal apparatus according to claim 27, wherein the storage unit, the processing unit, and the comparison unit are mounted in the identification module.   29. The communication terminal device according to claim 24, wherein the processing means is provided to determine a plurality of physical features from the recorded physical features.   30. The communication terminal apparatus according to claim 29, wherein the physical features determined by the processing means include facial features.   The communication terminal apparatus according to claim 29 or 30, wherein the physical feature determined by the processing means includes an eye feature.   32. The communication terminal apparatus according to claim 29, wherein the physical feature determined by the processing means includes a fingerprint.   The communication terminal device according to any one of claims 24 to 32, wherein the biometric key further includes a movement of the body.   An identification module for a communication terminal device, wherein at least one biometric key for authenticating an individual is stored in a memory of the identification module.   35. The identification module of claim 34, wherein the stored biometric key includes facial features.   36. The identification module of claim 34 or 35, wherein the stored biometric key includes eye features.   37. The identification module according to any one of claims 34 to 36, wherein the stored biometric key includes a fingerprint.   38. The identification module according to any one of claims 34 to 37, wherein the stored biometric key further includes audio features as well as visual features.   39. The identification module according to claim 34, wherein additional security information is stored in the identification module.   40. The identification module of claim 39, wherein the stored additional security information includes a security level.   41. The identification module according to claim 39 or 40, wherein the stored additional security information includes expiration date information.   42. The identification module according to any one of claims 39 to 41, wherein the stored additional security information includes location information.   43. The identification module according to any one of claims 39 to 42, wherein the stored additional security information includes a password. Means for temporarily storing a plurality of physical features;
Means for extracting a plurality of specific features from the plurality of temporarily stored physical features and temporarily storing these specific features;
Means for comparing the temporarily stored feature against the stored biometric key;
44. The identification module according to any one of claims 34 to 43, further comprising means for executing different different steps depending on the result of the comparison. Generate and decrypt a digitally signed and encrypted message using a trusted third party (TTP) service to ensure the confidentiality, authenticity, integrity, and originator of the message A means of ensuring non-repudiation and ensuring authenticity of the sender of the message;
45. The identification module according to claim 34, further comprising means for transmitting the message to a biometric server.   46. The identification module according to any one of claims 34 to 45, further comprising means for generating and decoding a message. Equipped with electromagnetic coils,
The identification module according to any one of claims 34 to 46, wherein data relating to security of the external device is exchanged with an external device having security by induction via the electromagnetic coil. .   The method according to any one of claims 1 to 23 by the communication terminal device according to any one of claims 24 to 33, comprising the identification module according to any one of claims 34 to 47. A system for executing, wherein a plurality of the communication terminal devices are connected to each other via a communication network.   49. The system of claim 48, wherein the communication network includes a mobile radio network.   50. The system of claim 49, wherein the mobile radio network is a mobile radio network compliant with GSM standards.   51. A system according to any one of claims 48 to 50, wherein the communication network comprises a fixed network.   52. A system as claimed in any one of claims 48 to 51, wherein the communication network includes the Internet. With additional communication terminal equipment selected from the group including personal computers, laptop computers, palmtop computers,
53. At least one of these communication terminal devices comprises a device for recording physical characteristics and is connected to each other via the communication network. The described system.   The system according to any one of claims 48 to 53, further comprising an external security device that communicates with a plurality of communication terminal devices wirelessly using a TTP service.   55. The system of claim 54, wherein the security device communicates with an identification module inserted into the communication terminal device by guidance.   55. The system of claim 54, wherein the security device communicates with the communication terminal device via infrared.   55. The system of claim 54, wherein the security device communicates with the communication terminal device via a short message.   58. A system according to any one of claims 48 to 57, comprising a security device comprising a video camera. With multiple identification module servers,
59. The system according to any one of claims 48 to 58, wherein the identification module inserted into the communication terminal device communicates with the biometric server via a special message via the identification module server. . A plurality of biometric servers connected to a plurality of tables storing a plurality of biometric keys;
60. A system according to any one of claims 48 to 59, wherein at least one biometric key is assigned to each user in a table.

Images