JP4915169B2 - Authentication system and authentication method - Google Patents

Description

  The present invention relates to a technique for increasing the security of a computer using an IC card.

  Conventionally, various measures have been taken to prevent unauthorized use of a computer. For example, authentication with an IC card (or USB token) is performed at the time of computer login, and when the computer is in use, the screen is locked by removing the IC card from the reader / writer, preventing others from using the computer, and the IC card again. A technique is employed in which the computer is used by releasing the lock by placing the in a reader / writer.

The present applicant also provides a safer screen lock function by combining an IC card and identification information (see, for example, Patent Document 1).
JP 2003-167461 A

  However, the technique described in Patent Document 1 has a problem that it takes time to perform authentication because identification information must be input.

  Therefore, an object of the present invention is to provide an authentication system and an authentication method that are improved in convenience and security by combining troublesome strong authentication with high convenience and light authentication.

  In order to solve the above-mentioned problem, in the present invention, as a method for authenticating a user when using the system, a biometric information matching step of acquiring the biometric information of the user and collating with biometric information registered in advance. And a step of permitting login and setting a screen lock state when it is determined that the user is a valid user as a result of the biometric information collation, and a step of acquiring a card ID recorded on the IC card, A card ID verification stage for verifying the acquired card ID and a pre-registered card ID, and a screen lock state when it is determined that the user is a valid user as a result of the verification of the card ID. The step of canceling is performed.

  Further, the present invention further includes a step of starting counting the no-operation time simultaneously with the release of the screen lock state, and performing a process of invalidating the card ID when the no-operation time reaches a predetermined value. After the screen lock state is released, it further includes the step of periodically checking the presence of the IC card as long as the user is logged in, and setting the screen lock state when there is no IC card.

  According to the present invention, after the biometric information is collated, the card ID is collated, and if both are correct, the user can use the system and the biometric information is once correctly authenticated. In such a case, authentication is performed only by checking the card ID again, so that convenience and security can be improved when using the system.

DESCRIPTION OF EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings.
(System configuration)
FIG. 1 is a functional block diagram showing an embodiment of an authentication system according to the present invention. In FIG. 1, 10 is a biometric information database, 20 is a card ID database, 30 is a biometric information reading unit, 40 is a biometric information collating unit, 50 is a card reader, 60 is a card ID collating unit, 70 is a login permitting unit, and 80 is It is a screen lock part.

  In FIG. 1, a biometric information database 10 is a database in which biometric information about a person who is permitted to use is registered. Any biometric information that can be used for biometric authentication, such as fingerprints and veins, can be used. In the present embodiment, a fingerprint is adopted as biometric information. For this reason, fingerprint data is obtained and registered in advance from a person who permits use. The card ID database 20 is a database in which card IDs recorded on an IC card owned by a person who permits use are registered.

  The biometric information reading unit 30 has a function of reading biometric information from the user. When the fingerprint is adopted as the biological information as in the present embodiment, it is realized by a fingerprint sensor. The biometric information collating unit 40 has a function of collating the biometric information acquired by the biometric information reading unit 30 with the biometric information registered in the biometric information database 10.

  The card reader 50 has a function of reading a card ID recorded on the IC card. The card ID verification unit 60 has a function of verifying the card ID acquired by the card reader 50 and the card ID registered in the card ID database 20.

  The login permission unit 70 has a function of permitting login when the biometric information matches as a result of collation by the biometric information collation unit 40. The screen lock unit 80 has a function of setting the screen lock state when the biometric information matches as a result of the collation by the biometric information collation unit 40, and the card ID matches as a result of the collation by the card ID collation unit 60. In this case, the screen lock state is released.

  The system shown in FIG. 1 is realized by a computer and its peripheral devices. As storage areas for the biometric information database 10 and the card ID database 20, a hard disk or the like is used. The biometric information collation unit 40, the card ID collation unit 60, the login permission unit 70, and the screen lock unit 80 are executed in cooperation with a dedicated application program and the OS.

(Process flow)
Next, the authentication method according to the present invention will be described with reference to the flowchart of FIG. 2 together with the processing operation of the system shown in FIG. First, the biological information reading unit 30 reads the user's biological information (S1). Specifically, the user places a finger on the fingerprint sensor, and the fingerprint sensor recognizes the fingerprint. Subsequently, the biometric information collation unit 40 collates the read biometric information with the biometric information in the biometric information database 10 (S2). Specifically, the read biometric information is collated with each biometric information in the biometric information database 10. If biometric information that matches the read biometric information exists in the biometric information database 10, biometric authentication is successful, and biometric authentication fails if no matching biometric information exists. If biometric authentication fails, a message to that effect is output to the computer screen to return to the biometric information reading standby state (S1).

  On the other hand, if the biometric authentication is successful, the login permission unit 70 permits login (S3). Then, the screen lock unit 80 sets the screen lock state, and shifts to the card ID reading standby state (S4). In this state, when the user brings the IC card closer to the card reader 50, the card reader 50 reads the card ID recorded in the IC card 50, and the card ID verification unit 60 reads the card ID and the card ID database. 20 is collated with the card ID in S20. Specifically, the read card ID is collated with each card ID in the card ID database 20. If a card ID that matches the read card ID exists in the card ID database 20, the card ID authentication is successful, and if there is no matching card ID, the card ID authentication fails. If the card ID authentication fails, a message to that effect is output to the computer screen, and the card ID reading standby state is returned.

  On the other hand, if the card ID authentication is successful, the screen lock unit 80 releases the screen lock state (S6). At this time, the card ID that has been successfully authenticated is stored in a predetermined storage area in association with the biometric information that has been successfully authenticated in S2 as a card ID that has been permitted to be used. By releasing the screen lock state, the computer can be operated from the outside. That is, the computer can be used only when the two authentications of biometric authentication and card authentication are successful, and security is improved.

  From the state where login is performed and the screen lock is released, the login permission unit 70 starts counting the no-operation time (S7). The no-operation time is a time during which no operation is performed on the computer from the outside. Therefore, when any operation is performed on the computer from the outside, the counted no-operation time is cleared and recounted from 0 again. If the counted no-operation time has not reached the preset time, the card reader 50 performs a card check periodically (for example, about once per second) (S9). Specifically, if the card reader 50 reads the card ID from the IC card and the read card ID is the same as the card ID stored in the predetermined storage area in S6, the permitted card It is determined that an ID IC card exists.

  If there is no IC card with the permitted card ID, the process returns to S4, the screen lock unit 80 sets the screen lock state, and shifts to the card ID reading standby state. Accordingly, when the IC card is removed from the card reader 50, such as when the user takes the IC card used for authentication away from the computer, the screen is locked, so that others can use it illegally. I can't do that. In such a case, an authorized user can read the original IC card again by the card reader 50 (S5), release the screen lock (S6), and operate the computer. If card ID authentication is performed after login, only the card ID is permitted. Therefore, even if another card is read by the card reader 50, the authentication is not successful in S5. The screen lock is not released.

  If there is an IC card with the permitted card ID and no operation is performed, the no-operation time count is continued (S7). When the no-operation time reaches the set time, the login permission unit 70 performs card invalidation processing (S10). Specifically, the card ID stored in the predetermined storage area in association with the biological information in S6 is erased. When the card is invalidated in this manner, even if the card reader 50 reads the IC card in order to perform card authentication again, the card ID does not exist in the predetermined storage area, so that the screen lock is released. Will not be.

  After the card invalidation process is performed, the screen lock unit 70 performs the screen lock process, and shifts to a biometric information reading standby state (S11). When the user places a finger on the fingerprint sensor in this state, the biometric information reading unit 30 reads the biometric information of the user (S12). Subsequently, the biometric information collation unit 40 collates the read biometric information with the biometric information stored in the predetermined storage area (S13). When the biometric information that matches the read biometric information exists in the predetermined storage area, the biometric authentication is successful, and when the biometric information does not exist, the biometric authentication fails. If the biometric authentication fails, a message to that effect is output to the computer screen, and the process returns to the biometric information reading standby state (S12). When the biometric authentication is successful, card ID authentication in S5 is performed.

  In the process shown in FIG. 2, the user is not automatically logged out, and is logged out when the user gives a logout instruction.

It is a functional block diagram in one Embodiment of the authentication system which concerns on this invention. It is a flowchart which shows the outline | summary of the authentication method which concerns on this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Biometric information database 20 ... Card ID database 30 ... Biometric information reading part 40 ... Biometric information collation part 50 ... Card reader 60 ... Card ID collation part 70 ... Login permission 80: Screen lock

Claims (4)

A system that authenticates whether a user is legitimate,
A biometric information database that registers biometric information of available subjects,
A card ID database in which the card IDs recorded on the IC card are registered;
A biometric information reader for reading the biometric information of the user;
A biometric information matching unit for matching the read biometric information with the biometric information registered in the biometric information database;
A card reader that reads a card ID from an IC card;
A card ID verification unit that performs verification between the read card ID and the card ID registered in the card ID database;
As a result of collation by the biometric information collating unit, a log-in permitting unit that performs a process of invalidating the card ID when permitting log-in and when no operation time reaches a predetermined value when correctly authenticated;
When the login, the screen lock state is released, and when the IC card no longer exists near the card reader, a screen lock unit for setting the screen lock state,
An authentication system comprising: A method for authenticating a user when using a system,
A biometric information collation stage for obtaining biometric information of a user and collating with biometric information registered in advance;
As a result of collation of the biometric information, when it is determined that the user is a legitimate user, allowing the login and setting the screen locked state;
Obtaining a card ID recorded on the IC card;
A card ID collation step of collating the acquired card ID with a pre-registered card ID;
As a result of the verification of the card ID, when it is determined that the user is a valid user, releasing the screen lock state;
An authentication method characterized by comprising:   The method further includes the step of starting counting the non-operation time simultaneously with the release of the screen lock state, and performing a process of invalidating the card ID when the non-operation time reaches a predetermined value. 3. The authentication method according to claim 2, further comprising the step of periodically checking the presence of the IC card after login as long as the user is logged in, and setting the screen lock state when the IC card does not exist. . The program for making a computer perform the authentication method of Claim 2 or Claim 3.

Images