EP0935221B1 - Remote authentication system - Google Patents

Remote authentication system Download PDF

Info

Publication number
EP0935221B1
EP0935221B1 EP98123757A EP98123757A EP0935221B1 EP 0935221 B1 EP0935221 B1 EP 0935221B1 EP 98123757 A EP98123757 A EP 98123757A EP 98123757 A EP98123757 A EP 98123757A EP 0935221 B1 EP0935221 B1 EP 0935221B1
Authority
EP
European Patent Office
Prior art keywords
authentication
user
information
acquisition
biometrics
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
EP98123757A
Other languages
German (de)
English (en)
French (fr)
Other versions
EP0935221A3 (en
EP0935221A2 (en
Inventor
Hiroshi Nakamura
Teruko Fujii
Tetsuo Sadakane
Yoshimasa Baba
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mitsubishi Electric Corp
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Publication of EP0935221A2 publication Critical patent/EP0935221A2/en
Publication of EP0935221A3 publication Critical patent/EP0935221A3/en
Application granted granted Critical
Publication of EP0935221B1 publication Critical patent/EP0935221B1/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically

Definitions

  • the present invention relates to a remote authentication system in which identification of an individual by biometrics and decision of presence or absence of access right to the information of the individual and application are made intensively by a single authentication terminal.
  • an operation of identifying an individual to decide access permission and inhibition of the individual i.e., authentication is required.
  • an automatic teller machine of a bank or the like generally carries out authentication for identification of an individual and accessing to transaction information of the individual such as balance of the deposit. Authentication of an individual is also carried out for arrival or departure to a research place with high security and member's club.
  • the authentication i.e. identification of an individual and recognition of qualification, is carried out using a magnetic card or IC card which has the same function as an ID cared, individual's memory such as a password or a combination thereof.
  • the password may be forgotten. It may happen that the magnetic card or IC card cannot be authenticated because of loosing or breakage.
  • the individual other than a person in question may be authenticated as the person in question because of steal of the card or leakage of the information of the password.
  • the person in question must be surely authenticated as himself or herself.
  • OTP one-time password
  • memorizing is difficult correspondingly, or the operation of authentication itself becomes complicate.
  • authentication information must be managed intensively.
  • biometrics information which represents living-body characteristics of an individual such as information relative to a fingerprint, a handprint, handwriting, retina, etc. removes the complication and also makes "posing" difficult. If the authentication by biometrics information is required in a wide region, intensive management and authentication are required for the same reason and protection of privacy. When the authentication by biometrics information is executed intensively, it is important to select a suitable method of authentication according to a security level such as a matter, place or system requiring authentication as well as each user, thereby acquiring the authentication information.
  • the RADIUS server which is described by RFC 2138 (Remote Authentication Dial In User Service, hereinafter referred to as RADIUD, renewal of the previous RFC 2058) which is registered in RFC (Request For Comment) of IETF (Internet Engineering Task Force), in response to a request from a RADIUS client, performs the authentication processing intensively to send back the result of authentication.
  • RADIUD Remote Authentication Dial In User Service
  • RADIUD Remote Authentication Dial In User Service
  • RADIUD Remote Authentication Dial In User Service
  • JP-A-9-81518 One example of such a prior art is an "authentication method on a network" disclosed in JP-A-9-81518.
  • the application server when a user host accesses to an application server, the application server requests an authentication server to make authentication of a user using fixed authentication means and authentication information and receives the result of authentication.
  • the biometrics information is efficient to discriminate an individual from other persons. However, it gives rise to problems of privacy protection and sanitary acquisition when a biometrics acquisition device itself involves dirtiness and unpleasantness.
  • US-A-4 993 068 discloses an unforgeable personal identification system for identifying users at remote access control sites.
  • the unforgeable personal identification system generates one-way encrypted versions of physically immutable identification credentials (facial photo, retinal scan, voice and finger prints). These credentials are stored on a portable memory device.
  • the user presents his portable memory device and the encrypted identification credentials are read. The user then submits physically to inputting of his physical identification characteristics to the remote access control site. Comparison is performed with the credentials obtained from the memory device and with the user's physical identity to determine whether to allow or deny access at the remote site.
  • the credentials can be used singly or in combination for comparison with the user's physical identity.
  • attribute or privilege information can be added to the credentials and coupled with the immutable physical trails.
  • Such data may include medical information about the user, particular privileges held by the user, such as organizational affiliations, security clearance levels, passport and visa information or financial information.
  • the present invention has been accomplished to solve the problem as described above, and intends to provide a remote authentication system and remote authentication method which can surely identify an individual and decide the presence or absence of an access right thereof when the individual is authenticated using biometrics information and also can improve ease of usage.
  • the present invention provides a remote authentication system having a network which is connected to an authentication server, an authentication client and a user terminal for accessing data from the authentication client, in which authentication of the user accessing the authentication client is made through the user terminal, comprising plural kinds of biometrics acquisition devices connected to the user terminal, and plural authentication information acquisition software's stored in said authentication server according to the user terminal and/or a user, wherein in accordance with the operation of a prescribed authentication acquisition software corresponding to the user terminal, which is downloaded from the authentication server in authentication, biometrics information acquired by one or plural kinds of biometrics acquisition devices and/or keyed-in user discrimination information are used which are selected depending on the secret level of the data to be accessed.
  • Fig. 1 shows a configuration of the first embodiment when the present invention is applied to a Web system.
  • a network 2 is connected to an authentication server terminal 3, an authentication client terminal 4 (Web server terminal in this embodiment) and a user terminal 5, etc.
  • the Web server 4 when it is accessed through the user terminal 5 from a user, receives individual authentication of the user from the authentication server terminal 3, and on the basis of the result, provides service to the user.
  • the authentication server terminal 3 is a computer device such as a personal computer, workstation, etc. (which may include a CPU, memory, disk, communication control unit, etc. as described hereinafter) which stores an authentication control unit 3A, authentication information data base 3B and authentication information acquisition software pool 3C (hereinafter, software will be referred to S/W).
  • the Web server terminal 4 is a computer device such as a personal computer, workstation, etc. in which a Web server data base 4A, authentication request unit 4B and a Web server S/W 4C requiring authentication of a user are operated.
  • the user terminal device 5 is composed of a browser for displaying information of the Web server terminal 4 and a computer device such as a personal computer or workstation in which authentication information acquisition S/W 5B are operated.
  • the user terminal device 5 is connected to a biometrics acquisition device 6.
  • the biometrics acquisition device 6 includes a fingerprint acquisition device 7 and a handprint acquisition device 8 which acquire a fingerprint and handprint of a living body as biometrics information, respectively, through image processing, a letter recognition tablet 9 for acquiring handwriting information written by a user as biometrics information, a retina information acquisition device 10 for acquiring retina information of a living body as biometrics information by scanning of an eyeground.
  • FIG. 2 A processing flow of authentication in such a Web system is shown in Fig. 2.
  • a user accesses the information of the Web server data base 4A with a high secret degree in the Web server terminal 4 which is a client of authentication, using the browser 5A which is an application operating in the user terminal device 5 (SP1).
  • the Web server S/W 4C which is an application making access control of the information with a high secret degree must make user authentication in order to decide whether the user has an access right (SP10).
  • the Web server S/W 4C in the Web server terminal 4 informs the authentication request unit 4B of necessity of the user authentication as well as a client ID (identifier of the authentication request unit), an application ID (identifier of the Web server S/W 4C which is an application requiring authentication) and an access data class (secret level of the data accessed by the user) (SP11).
  • the authentication request unit 4B transmits the authentication request of the user inclusive of the above information to the authentication server terminal 3.
  • the authentication control unit 3A in the authentication server terminal 3 which has received the authentication request from the user selects an authentication information acquisition S/W 11 from the authentication client ID, application ID and access data type (SP20).
  • the authentication information acquisition S/W 11 acquires a predetermined item of information. It may acquire a plurality of items of authentication information.
  • the authentication control unit 3A transfers the selected authentication information acquisition S/W 11 to the Web server terminal 4 which is a client of authentication (SP21).
  • the authentication request unit 4B in the Web server terminal 4 delivers the transferred authentication information acquisition S/W 11 to the Web server S/W 4C, instructs it to acquire the authentication information from the user. On the basis of this instruction, the authentication information acquisition S/W 11 is transferred from the Web server S/W 4C to the user terminal 5 (SP12).
  • the browser 5A in the user terminal 5 receives the transferred authentication information acquisition S/W 11 and operates it as an authentication information S/W 5B (SP2).
  • the authentication information S/W spontaneously acquires a user ID (name, firm, member number, address, belonging, telephone number, or ID allotted for an individual by the system), biometrics information such as information relative to a fingerprint, a handprint, handwriting, retina, and authentication information which is used normally in a conventional computer system, such as a password, one-time password, etc. In this case, it may operate in cooperation with the other S/W such as a driver acquiring the authentication information.
  • the authentication information acquisition S/W 5B transfers the acquired user ID and authentication information to the Web server terminal 4 through the browser 5A (SP3).
  • the authentication request unit 4B in the Web server terminal 4 transfers the user ID and authentication information acquired from the user to the authentication server terminal 3 through the Web server S/W 4C (SP13).
  • the authentication control unit 3A in the authentication server terminal 3 executes the user authentication using the transferred user ID and authentication information (SP22).
  • the authentication information such as the transferred biometrics information is checked against the individual information initially stored in the authentication information database 3B in the authentication server terminal 3. If a decision of being a person in question is made as results of checking all items of transferred authentication information, the result is informed of the Web server terminal which is an client of identification. If at least one of the results of checking is not right, a decision of not being a person in question is made. This is informed of the Web server terminal (SP23).
  • the Web server S/W 4C decides permission or inhibition of access to the information with a high secret degree in the Web server data base 4A for the user (SP14). For example, the operation for user access such as displaying the secret information is done.
  • encryption between the user terminal 5 (authentication information acquisition S/W 5B) and Web server terminal 4 and between the Web server terminal 4 and authentication server terminal 3 (authentication control unit 3A) permits the authentication information to be concealed and a menace of posing to be reduced.
  • encryption between the user terminal 5 (authentication information acquisition S/W 5B) and authentication server terminal 3 (authentication control unit 3A), but not between the individual terminals, also permits a menace of posing to be reduced.
  • the authentication information database 3B in Fig. 3 includes items of user ID, user level and authentication as information allotted to an individual user.
  • the user ID includes a name, firm, member number, address, belonging, telephone number, or any matter allotted for an individual by the system.
  • the user level represents an access level to secret information.
  • the authentication information is biometrics information such as information relative to a fingerprint, a handprint, handwriting, retina, and authentication information such as a password, one-time password, etc.
  • the authentication information acquisition S/W pool stores authentication information acquisition S/Ws 11 of acquiring information of both fingerprint and retina; acquiring fingerprint information of two fingers and acquiring information of both fingerprint and retina, etc.
  • the authentication information acquisition S/W pool 3C describes the selectable authentication information acquisition S/W 11 corresponding to secret levels and data class.
  • the authentication client ID corresponding to an identifier of the authentication request unit 4B is set at 15, and the application ID corresponding to the identifier of the Web server S/W 4C is set at 25.
  • the Web server S/W 4C informs the authentication request unit 4B of necessity of user authentication.
  • the user request unit 4B transmits the authentication request of the user, inclusive of the above items of information of the data class of 17, authentication client ID of 15 and application ID of 25, to the authentication server terminal 3.
  • the authentication server terminal 3 receives the authentication request inclusive of these items of information.
  • the authentication control unit 3A in the authentication server terminal 3 notices a selectable candidate of the authentication information acquisition S/W 11 not lower than level 2 on the basis of the database in the authentication information acquisition S/W pool 3C in Fig. 4 and that the data class due to the authentication request is level 2.
  • FIG. 5 and 6 an explanation will be given of another embodiment of a part of the authentication information database corresponding to that shown in Fig. 3.
  • the authentication control unit 3A in the authentication server terminal 3 notices candidates of the authentication information acquisition S/Ws 11 selectable from the authentication client ID and from the application ID. Therefore, on the basis of the data class, A, B, C, D, E, F are selected as candidates; on the authentication client ID, C, D, and E are selected as candidates; and on the basis of the application ID, A, D, E, and E are selected as candidates. Finally, either D or E will be selected.
  • the S/W selected at random or fixedly defined from candidates of the selectable authentication information acquisition S/Ws by the authentication server terminal 3 is selected by means of normal selection or sequential selection.
  • the authentication means and authentication information can be flexibly selected according to the environment such as the data class which is access information, authentication request unit 4B operating in a device which is a client of authentication and Web server S/W 4C which is an using application.
  • the Web server terminal 4 acquires a user ID (name, firm, member number, address, belonging, telephone number, or ID allotted for an individual by the system), and requests the authentication request unit 4B to make authentication of the user with the acquired user ID, client ID (identifier of the authentication request unit 4B), application ID (identifier of the We server S/W 4C which is an application requiring authentication) and access data class (secret level of the data accessed by the user).
  • a user ID name, firm, member number, address, belonging, telephone number, or ID allotted for an individual by the system
  • client ID identifier of the authentication request unit 4B
  • application ID identifier of the We server S/W 4C which is an application requiring authentication
  • access data class secret level of the data accessed by the user.
  • the authentication information database shown in Fig. 7, in addition to that shown in Fig. 3, includes information allotted for an individual such as a type of the user (data manager or general user), usable authentication client ID, usable application ID, application control information which is delivered to an application when authentication of being a person in question is made, and checking logs (past selection status of the authentication information acquisition S/W to the prescribed number of authentication and checking rate), total number of times of authentication, selection condition, etc.
  • the authentication server terminal 3 receives the request of authentication inclusive of the above information.
  • A, B, C, D, E, F are selected as candidates; on the authentication client ID, C, D, and E are selected as candidates; and on the basis of the application ID, A, D, E, and E are selected as candidates.
  • either D or E will be selected.
  • Other Examples
  • the authentication information database 3B if the authentication client ID and application ID which are usable for each user are designated, access control such as sending the authentication information acquisition S/W 11 to user only if the designated authentication client ID and application ID are designated can be realized. Now, since the usable client ID includes 15, and the usable application IS includes 25, sending of the authentication information acquisition S/W 11 is permitted.
  • Permission or inhibition of the authentication information acquisition S/W 11 can be decided on the basis of the user type shown in Fig. 7. Like to the user, if a secret level is allotted for the authentication client and application, the authentication server terminal 3 can select the authentication information acquisition S/W 11 on the basis of the levels of the authentication client, application and access data class. For example, control of selecting the authentication information S/W with the highest level in three levels or higher can be made.
  • the total number of times of authentication as an example of the checking rate in Fig. 7 was used as the selection condition.
  • the checking evaluation is used as the selection condition, of the authentication information acquisition S/Ws 11 with the level of 2 or higher, the one with the highest checking evaluation in the past is looked for from the checking logs of the user and selected. Now, E which has the highest checking evaluation at the last time is selected.
  • the authentication acquisition S/W 11 previously acquired by the Web server terminal 4 may be transferred from the authentication server terminal 3 to the Web server terminal 4 without transferring the authentication information acquisition S/W.
  • the authentication information acquisition S/W which dynamically acquires the information required for authentication is selected in accordance with the environment (user having made access, data class which is access information, authentication request unit 4B operating in the Web server terminal 4 which is a client of authentication, Web server S/W 4C which is an using application, etc.) and authentication history (i.e. status at the time of authentication).
  • the environment user having made access
  • data class which is access information
  • authentication request unit 4B operating in the Web server terminal 4 which is a client of authentication
  • Web server S/W 4C which is an using application, etc.
  • authentication history i.e. status at the time of authentication
  • the second embodiment of the present invention is a simplification of the first embodiment.
  • the user terminal which acquires the biometrics information is the same as the terminal of the authentication client.
  • An example of an application requiring authentication is an database retrieval application 5E for executing the database retrieval.
  • the user terminal 5 includes a local database 5C which is used by the database retrieval application 5E, authentication request unit 5D, and a computer (personal computer or workstation) in which the database retrieval application 5E and authentication information acquisition S/W 11 are operated.
  • the biometrics acquisition device 6 is connected to the user terminal 6, and has entirely the same configuration as that in the first embodiment.
  • the authentication server terminal 3 has entirely the same configuration as that in the first embodiment.
  • the database application retrieval application 5E when it accesses the secret information in the local database 5C (SP5), first acquires a user ID (name, firm, member number, address, belonging, telephone number, or ID allotted for an individual by the system) (SP6), and requests the authentication request unit 5D to make authentication of the user with the acquired user ID, client ID (identifier of the authentication request unit 5D), application ID (identifier of the database retrieval application 5E which is an application requiring authentication) and access data class (secret level of the data accessed by the user (SP7).
  • SP5 user ID
  • client ID identifier of the authentication request unit 5D
  • application ID identifier of the database retrieval application 5E which is an application requiring authentication
  • access data class secret level of the data accessed by the user
  • the authentication server terminal 3 executes the same operation of authentication as in the first embodiment.
  • the authentication request unit 5D of the user terminal 5, having received the result of authentication informs the database retrieval application 5E of the result of authentication.
  • the database retrieval application 5E decides permission or inhibition of access to the highly secret information in the local database 5C by the user (SP8). In this case, for example, the operation to user access such as displaying the secret information will be made. In such a configuration in which the user terminal 5 issues a request of authentication, the same effect as in the first embodiment may be obtained.
  • a procedure (SP2B, SP12A) is proposed in which a user rejects the authentication information acquisition S/W when the individual authentication information specified by the authentication information acquisition S/W 11 transferred from the authentication server 3 does not coincide with an user's intention (SP2B, SP12).
  • the authentication server terminal 3 having suffered the rejection of acquisition selects another authentication information acquisition S/W again (SP20A). However, this is limited to the case where there is another authentication information acquisition S/W which can be selected again as described in connection to Fig. 4.
  • biometrics is used as authentication information of an individual, it is necessary for a user to reject a specified biometrics acquisition device 6 involving dirtiness and unpleasantness. Specifically, although the biometrics is efficient to discriminate an individual from other persons, it gives rise to problems of privacy protection and sanitation as described above. For this reason, it is necessary for the user to reject or change the biometrics acquisition.
  • the user may have an intention of specifying the other information than the biometrics, i.e. alternative means such as one-time password (OTP) even if it is complicate.
  • OTP one-time password
  • the authentication information acquisition S/W which dynamically acquires the information for authentication can be selected to identify an individual and decide the presence or absence of the access right of the individual according to the environment surely.
  • This embodiment as means for obtaining the same effect as in the third embodiment, includes the mechanism of selecting the acquired authentication information in the authentication information acquisition S/W itself in the first and second embodiments.
  • the authentication information S/W itself can select authentication D by both fingerprint and handwriting and that E by only the fingerprint.
  • the authentication server transfers the authentication information acquisition S/W capable of acquiring both D and E.
  • the configuration and operation procedure in the Web system 1 itself are the same as in the first and second embodiments.
  • the displayed image of the authentication information acquisition S/W on the side of the user is shown in Fig. 12.
  • the user selects either D or E to acquire authentication means and authentication information for himself.
  • select button 12A or 12B the authentication information acquisition S/W is operated to acquire the authentication information actually selected.
  • the authentication server terminal 3 can decide the type of the received authentication information and if authentication can be made using a set of the received information. Thus, the same effect as in the third embodiment can be obtained.
  • the authentication information to be acquired has been determined by the authentication S/W.
  • the authentication information to be acquired may be only displayed on a screen. For example, at the number of times of authentication in the detailed database in the first embodiment, transfer of the fingerprint information and handwriting information is displayed on the screen.
  • the user spontaneously operates the software for acquiring the authentication information in accordance with the displayed contents, and transfers the authentication information thus acquired to the authentication server terminal 3.
  • the transfer may not be concretely displayed, but previous transfer of the authentication information may be displayed.
  • the user spontaneously operates the software for acquiring the authentication information to acquire all the items of information noticed previously from a manager in accordance with the user's memory and transfers the acquired authenticated information to the authentication server.
  • the same effect as the first embodiment can be realized.
  • the means for acquiring the authentication information is used in a fashion of a password. Therefore, security in acquisition of the authentication information can be improved remarkably.
  • the authentication of a user individual was made by the Web server terminal 4.
  • the present invention should not be limited to this, but may be widely applied to a general controller requires a user's individual such as an arrival/departure terminal device connected to a network.
  • the authentication server when authentication should be made using the biometrics information, the authentication server freely selects and acquires the biometrics acquisition device and authentication information in accordance with the acquisition environment of the biometrics information by the user.
  • a remote authentication system capable of identification of a user and decision of the presence or absence of the access right of the user can be surely realized.
  • the authentication information designated is not satisfactory for the user, he can change the authentication information to be acquired and reject its acquisition. Even when the biometrics acquisition device itself involves dirtiness and unpleasantness, or device for acquiring the biometrics information is not reliable, the identification of the user and decision of the presence or absence of the access right of the user can be made by an alternative means.

Landscapes

  • Engineering & Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)
EP98123757A 1998-02-05 1998-12-14 Remote authentication system Expired - Lifetime EP0935221B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP10024225A JPH11224236A (ja) 1998-02-05 1998-02-05 遠隔認証システム
JP2422598 1998-02-05

Publications (3)

Publication Number Publication Date
EP0935221A2 EP0935221A2 (en) 1999-08-11
EP0935221A3 EP0935221A3 (en) 2000-02-02
EP0935221B1 true EP0935221B1 (en) 2005-11-02

Family

ID=12132338

Family Applications (1)

Application Number Title Priority Date Filing Date
EP98123757A Expired - Lifetime EP0935221B1 (en) 1998-02-05 1998-12-14 Remote authentication system

Country Status (3)

Country Link
EP (1) EP0935221B1 (ja)
JP (1) JPH11224236A (ja)
DE (1) DE69832145T2 (ja)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8271395B2 (en) 2000-04-24 2012-09-18 Visa International Service Association Online account authentication service
US8775302B2 (en) 1999-09-07 2014-07-08 Mastercard International Incorporated Method of and system for making purchases over a computer network

Families Citing this family (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290288B2 (en) 1997-06-11 2007-10-30 Prism Technologies, L.L.C. Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
WO2001009806A1 (fr) 1999-08-02 2001-02-08 E-Mark Systems Inc. Systeme de reglement electronique, dispositif et terminal de reglement
JP3490350B2 (ja) * 1999-08-30 2004-01-26 沖電気工業株式会社 電子決済システム
JP3679953B2 (ja) 1999-09-14 2005-08-03 富士通株式会社 生体情報を用いた個人認証システム
US6505193B1 (en) * 1999-12-01 2003-01-07 Iridian Technologies, Inc. System and method of fast biometric database searching using digital certificates
JP2001216270A (ja) * 2000-01-31 2001-08-10 Netmarks Inc 認証局、認証システム及び認証方法
WO2001059580A1 (fr) * 2000-02-09 2001-08-16 Nobuyoshi Ochiai Systeme d'authentification personnelle
JP2001245342A (ja) 2000-02-28 2001-09-07 Nec Corp 移動通信システム及び移動通信システム動作方法。
CA2369676A1 (en) * 2000-03-21 2001-09-27 Widcomm, Inc. System and method for secure user identification with bluetooth enabled transceiver and biometric sensor implemented in a handheld computer
JP4950384B2 (ja) * 2000-03-28 2012-06-13 株式会社東芝 医療用画像診断装置及びそのセキュリティ管理方法
US7698565B1 (en) 2000-03-30 2010-04-13 Digitalpersona, Inc. Crypto-proxy server and method of using the same
US7409543B1 (en) 2000-03-30 2008-08-05 Digitalpersona, Inc. Method and apparatus for using a third party authentication server
AU2001253795A1 (en) * 2000-04-26 2001-11-07 Global Transaction Company Multi-tiered identity verification authority for e-commerce
AU4779300A (en) * 2000-05-19 2001-11-26 E-Mark Systems Inc. Electronic settlement system, settlement device and terminal
US7523067B1 (en) 2000-08-02 2009-04-21 Softbankbb Corporation Electronic settlement system, settlement apparatus, and terminal
JP2002112340A (ja) * 2000-09-28 2002-04-12 Toshiba Corp 移動機の本人認証システム及びその方法
US6819219B1 (en) * 2000-10-13 2004-11-16 International Business Machines Corporation Method for biometric-based authentication in wireless communication for access control
DE10051461A1 (de) * 2000-10-17 2002-04-25 Siemens Ag Verfahren und System zur Identifikation eines Benutzers
AU773092B2 (en) 2000-11-10 2004-05-13 Ntt Docomo, Inc. Authentication system, authentication agent apparatus, and terminal
JP2002163234A (ja) * 2000-11-28 2002-06-07 Asahi Bank Ltd ユーザ認証システム及びその処理方法、並びに、そのためのプログラムが記録された記録媒体
JP2002236667A (ja) * 2001-02-09 2002-08-23 Sony Corp 認証方法、認証システム、認証装置および認証用モジュール
EP1239629B1 (en) * 2001-03-05 2011-01-12 TELEFONAKTIEBOLAGET LM ERICSSON (publ) Method for the safe use and transmission of biometric data for authentication purposes
JP4390122B2 (ja) * 2001-03-14 2009-12-24 富士通株式会社 バイオメトリック情報を用いた利用者認証システム
KR100442118B1 (ko) * 2001-07-31 2004-07-27 김유진 생체 인식 기술을 이용한 웹 기반의 사용자 인증방법
KR100408835B1 (ko) * 2001-08-07 2003-12-06 구홍식 생체정보 분할 저장 방법
KR20030014946A (ko) * 2001-08-13 2003-02-20 구홍식 다수의 생체정보 인증 프로그램에 대한 통합 인증 방법
JP2003162339A (ja) * 2001-09-14 2003-06-06 Sony Computer Entertainment Inc 認証プログラム,認証プログラムを記憶した記憶媒体,認証サーバ装置,クライアント端末装置,認証システム及び認証方法
US20030152231A1 (en) 2002-02-07 2003-08-14 Minolta Co., Ltd. Verification system, server, and electronic instrument
DE60314871T2 (de) * 2002-05-24 2008-03-13 Telefonaktiebolaget Lm Ericsson (Publ) Verfahren zur authentifizierung eines anwenders bei einem zugang zu einem dienst eines diensteanbieters
WO2004015552A2 (en) * 2002-08-12 2004-02-19 Domain Dynamics Limited Method of authentication
GB0218706D0 (en) * 2002-08-12 2002-09-18 Domain Dynamics Ltd Method of voice authentication
AU2003298616A1 (en) * 2002-11-06 2004-06-03 International Business Machines Corporation Confidential data sharing and anonymous entity resolution
KR100445333B1 (ko) * 2002-11-11 2004-08-18 현대정보기술주식회사 생체인식 이동 단말기를 이용한 모바일 컨텐츠 서비스 방법
KR20040048115A (ko) * 2002-12-02 2004-06-07 주식회사 시큐아이티 이동통신 네트워크에서 인증을 위한 다중생체정보의송수신 장치 및 방법
KR20040048114A (ko) * 2002-12-02 2004-06-07 주식회사 시큐아이티 휴대용 단말기에서 다중생체인식을 통한 인증 장치 및 방법
KR20040048048A (ko) * 2002-12-02 2004-06-07 한국전자통신연구원 다중 생체 정보를 이용한 인증방법 및 usb 인증키 장치
JP2004213128A (ja) * 2002-12-27 2004-07-29 Panasonic Communications Co Ltd 文書管理装置及び文書管理方法
JP4531374B2 (ja) * 2003-01-10 2010-08-25 富士フイルム株式会社 情報保持装置
JP4639033B2 (ja) 2003-01-29 2011-02-23 キヤノン株式会社 認証装置及び認証方法と認証プログラム
JP2004240645A (ja) * 2003-02-05 2004-08-26 Ufj Bank Ltd 本人認証システム及び本人認証の方法
JP2004246715A (ja) 2003-02-14 2004-09-02 Fujitsu Ltd 認証情報処理方法
KR20040082848A (ko) * 2003-03-20 2004-09-30 (주)이바이오이미지 생체정보 인식 이동통신단말기 및 생체정보인식 인증방법
US7962757B2 (en) 2003-03-24 2011-06-14 International Business Machines Corporation Secure coordinate identification method, system and program
JP2005165808A (ja) * 2003-12-04 2005-06-23 Fuji Xerox Co Ltd 認証装置、認証方法及びそのプログラム
DE102005003208B4 (de) * 2005-01-24 2015-11-12 Giesecke & Devrient Gmbh Authentisierung eines Benutzers
US7810143B2 (en) * 2005-04-22 2010-10-05 Microsoft Corporation Credential interface
JP4802670B2 (ja) * 2005-11-10 2011-10-26 日本電気株式会社 カードレス認証システム及び該システムに用いられるカードレス認証方法、カードレス認証プログラム
KR100759813B1 (ko) 2005-12-12 2007-09-20 한국전자통신연구원 생체정보를 이용한 사용자 인증 방법
KR100787114B1 (ko) * 2006-06-20 2007-12-21 연세대학교 산학협력단 생체정보 변환 방법 및 이를 이용한 검증시스템
JP2007305140A (ja) * 2007-06-01 2007-11-22 Fujitsu Ltd ユーザ端末認証プログラム
KR100915589B1 (ko) * 2007-07-12 2009-09-07 엔에이치엔비즈니스플랫폼 주식회사 보안 인증 시스템 및 방법
JP2008047140A (ja) * 2007-09-10 2008-02-28 Fujitsu Fsas Inc データ認証方法
JP4777951B2 (ja) * 2007-09-10 2011-09-21 株式会社富士通エフサス データ認証方法
JP4583428B2 (ja) * 2007-09-25 2010-11-17 株式会社東芝 管理サーバ装置及びプログラム
JP5145003B2 (ja) * 2007-10-03 2013-02-13 京セラドキュメントソリューションズ株式会社 電子機器、その認証処理方法及び認証処理プログラム
JP5387414B2 (ja) * 2007-12-11 2014-01-15 日本電気株式会社 認証装置、認証システム、認証方法及びプログラム
JP5317596B2 (ja) * 2008-09-10 2013-10-16 情報技術開発株式会社 本人認証サーバ及び本人認証方法
JP5302665B2 (ja) * 2008-12-25 2013-10-02 日本電信電話株式会社 認証サーバ提示方法、サービス提供システム、サービス提供装置、およびサービス提供プログラム
EP2479699B1 (en) * 2009-09-18 2018-01-10 Fujitsu Limited Biometric authentication system and control method
CN102111271B (zh) * 2009-12-25 2015-07-29 卡巴斯克 网络安全认证方法及其装置
JP2011181063A (ja) * 2010-02-02 2011-09-15 Ricoh Co Ltd 画像形成装置、入力制御方法、入力制御プログラム、及び記憶媒体
JP5345585B2 (ja) * 2010-04-23 2013-11-20 日本電信電話株式会社 認証システム、認証方法およびプログラム
CN102800138B (zh) * 2011-05-26 2016-01-13 中兴通讯股份有限公司 一种实现门禁控制的方法及装置
CN102385766A (zh) * 2011-06-23 2012-03-21 哈尔滨工业大学深圳研究生院 基于掌纹的认证开锁方法、终端及***
JP6160401B2 (ja) * 2013-09-25 2017-07-12 大日本印刷株式会社 入退室管理装置、入退室管理方法及びプログラム
CN104881667B (zh) 2014-02-28 2019-08-09 阿里巴巴集团控股有限公司 一种特征信息的提取方法及装置
CN104951940B (zh) * 2015-06-05 2018-07-03 西安理工大学 一种基于掌纹识别的移动支付验证方法
JP6122924B2 (ja) * 2015-09-11 2017-04-26 ヤフー株式会社 提供装置、端末装置、提供方法、提供プログラム及び認証処理システム
JP6159840B1 (ja) * 2016-03-16 2017-07-05 株式会社三井住友銀行 決済認証システム、方法、及びプログラム
GB201612038D0 (en) * 2016-07-11 2016-08-24 Lookiimedia (Uk) Ltd Providing access to structured stored data
JP6240349B2 (ja) * 2017-01-26 2017-11-29 ヤフー株式会社 提供装置、提供方法、提供プログラム及び認証処理システム
JP2020201857A (ja) * 2019-06-13 2020-12-17 株式会社東海理化電機製作所 認証システム及び認証方法
JP7045646B2 (ja) * 2019-08-14 2022-04-01 日本電気株式会社 情報処理装置、情報処理方法及びプログラム

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2204971A (en) * 1987-05-19 1988-11-23 Gen Electric Co Plc Transportable security system
JPH08329010A (ja) * 1995-03-27 1996-12-13 Toshiba Corp コンピュータネットワークシステム、このコンピュータネットワークシステムにおけるアクセス管理方法、及びこのコンピュータネットワークシステムにおいて使用される個人認証装置
JP3361661B2 (ja) 1995-09-08 2003-01-07 株式会社キャディックス ネットワーク上の認証方法
EP0762261A3 (en) * 1995-09-08 1999-12-22 Cadix Inc. A verification server and authentication method for use in authentication on networks
CA2234091C (en) * 1995-10-16 2003-06-03 British Telecommunications Public Limited Company Remote access data visualisation system
US6292782B1 (en) * 1996-09-09 2001-09-18 Philips Electronics North America Corp. Speech recognition and verification system enabling authorized data transmission over networked computer systems
US5930804A (en) * 1997-06-09 1999-07-27 Philips Electronics North America Corporation Web-based biometric authentication system and method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8775302B2 (en) 1999-09-07 2014-07-08 Mastercard International Incorporated Method of and system for making purchases over a computer network
US10127535B2 (en) 1999-09-07 2018-11-13 Mastercard International Incorporated Method of and system for authorizing purchases made over a computer network
US8271395B2 (en) 2000-04-24 2012-09-18 Visa International Service Association Online account authentication service

Also Published As

Publication number Publication date
JPH11224236A (ja) 1999-08-17
EP0935221A3 (en) 2000-02-02
DE69832145T2 (de) 2006-07-20
DE69832145D1 (de) 2005-12-08
EP0935221A2 (en) 1999-08-11

Similar Documents

Publication Publication Date Title
EP0935221B1 (en) Remote authentication system
US11095640B1 (en) Proximity-based system for automatic application or data access and item tracking
US11546325B2 (en) Proximity-based system for object tracking
US6219439B1 (en) Biometric authentication system
US8374402B2 (en) Data security system
US7793109B2 (en) Random biometric authentication apparatus
US20020059521A1 (en) Method and system for identifying a user
US20120131657A1 (en) Apparatus and Method for Authenticated Multi-User Personal Information Database
US20060064392A1 (en) Electronic identification system for form location, organization, and endorsment
US9098685B2 (en) Flexible method of user authentication
WO2006041919A1 (en) Security alarm notification using iris detection systems
JP3587045B2 (ja) 認証管理装置及び認証管理システム
US7937423B2 (en) Systems and methods of conducting clinical research
JP2001014276A (ja) 個人認証システム及びその方法
US20130336549A1 (en) Data Security System
Spender Identifying computer users with authentication devices (tokens)
WO2004038630A1 (en) Secure method to identify and retrieve patient information
US20020146154A1 (en) Method and system for mitigating distortive effects in biometric samples in a biometric verification system
US20020147921A1 (en) Method and system for migrating dynamic master templates in a biometric verification system
Breitrose Fingerprint technology gathers momentum
MARKED Biometrics Guide for Access Control Applications
FR2808146A1 (fr) Procede de controle de l'identite d'une personne effectuant une transaction sur un site d'un reseau tel que le reseau internet

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): DE FR GB

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

17P Request for examination filed

Effective date: 20000322

AKX Designation fees paid

Free format text: DE FR GB

17Q First examination report despatched

Effective date: 20020416

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): DE FR GB

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20051129

Year of fee payment: 8

REF Corresponds to:

Ref document number: 69832145

Country of ref document: DE

Date of ref document: 20051208

Kind code of ref document: P

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20051214

Year of fee payment: 8

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20051230

Year of fee payment: 8

RAP2 Party data changed (patent owner data changed or rights of a patent transferred)

Owner name: MITSUBISHI DENKI KABUSHIKI KAISHA

ET Fr: translation filed
PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20060803

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20070703

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20061214

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20070831

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20061214

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20070102