Biometric Authenticaton System and Method with Vulnerability Verification
First Claim
1. A biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network comprising:
- a client terminal that receives an input of the biometric information of the service requester and performs a biometric authentication with its own biometric authentication means using the received biometric information;
a service provider that provides a service; and
a vulnerability verification server that keeps the vulnerability information that is the information showing the level of vulnerability of the biometric authentication means that has a possibility of being connected to the biometric authentication system,wherein;
the client terminal produces the information that specifies the biometric authentication means and the authentication result as a process profile and is equipped with a process profile producing means that is sent to the service provider;
the vulnerability verification server is equipped with a vulnerability verification means that replies to the service provider that provides the vulnerability information corresponding to the biometric authentication means when receiving the provided information that specifies the biometric authentication means from the service provider;
the service provider is equipped with a service providing judgment means that decides whether the service can be provided or not to the client terminal having the applicable biometric authentication means comparing the vulnerability information with an authentication policy, and a service providing means that provides a service to the client terminal where the request of the service was made in the case that the service providing judgment means decides it is possible;
the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means;
andthe authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control.
1 Assignment
0 Petitions
Accused Products
Abstract
A biometric authentication device has a threat of an attack of pretending to be someone else by such as forgery. The present invention supports a service provider to appropriately decide the level of such threat.
A vulnerability verification server 150 is provided in the system, and the vulnerability of each biometric product is centrally managed. A service provider 130 sends the information that specifies the device in which a client terminal 110 executes the biometric authentication to the vulnerability verification server 150, and receives the vulnerability information. The service provider 130 decides whether the service can be provided or not to the client terminal 110 using the vulnerability information that was received.
-
Citations
14 Claims
-
1. A biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network comprising:
-
a client terminal that receives an input of the biometric information of the service requester and performs a biometric authentication with its own biometric authentication means using the received biometric information; a service provider that provides a service; and a vulnerability verification server that keeps the vulnerability information that is the information showing the level of vulnerability of the biometric authentication means that has a possibility of being connected to the biometric authentication system, wherein;
the client terminal produces the information that specifies the biometric authentication means and the authentication result as a process profile and is equipped with a process profile producing means that is sent to the service provider;the vulnerability verification server is equipped with a vulnerability verification means that replies to the service provider that provides the vulnerability information corresponding to the biometric authentication means when receiving the provided information that specifies the biometric authentication means from the service provider; the service provider is equipped with a service providing judgment means that decides whether the service can be provided or not to the client terminal having the applicable biometric authentication means comparing the vulnerability information with an authentication policy, and a service providing means that provides a service to the client terminal where the request of the service was made in the case that the service providing judgment means decides it is possible; the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means; and the authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control. - View Dependent Claims (2, 3, 4, 6, 7, 8)
and in the case of judging that the level is satisfied with the policy verification means, the service providing judgment means decides that the service can be provided.
-
-
4. The biometric authentication system according to claim 3, wherein the policy verification means decides that the service can be provided in the case that both the level of difficulty of fraud and forgery and the level of an attacker in the received vulnerability information are lower than the level that is kept in the authentication policy.
-
6. The biometric authentication system according to claim 4, wherein:
-
the process profile includes the condition of use in addition to the information that specifies the biometric authentication means; and the condition of use is also kept in the vulnerability information keeping means in addition to the information that specifies the biometric authentication means.
-
-
7. The biometric authentication system according to any one of claims 1 to 6, wherein:
-
the service provider can provide a plurality of services; the service providing judgment means decides whether there is a service that can be provided within the vulnerability level of the vulnerability information or not among other services in the case of judging that the service that is requested to be provided from the client terminal cannot be provided; and the service providing means provides a service that was decided to be capable by the service providing judgment means to the client terminal where the request was made.
-
-
8. The biometric authentication system according to claim 1, wherein:
-
the vulnerability verification server is equipped with a change notifying means that notifies the content of the change to the service provider when there is an update in the vulnerability information; and the service provider is equipped with a vulnerability information keeping means that keeps the vulnerability information and is equipped with a vulnerability information management means that updates the vulnerability information that is kept in the vulnerability information keeping means when receiving the content of the update from the vulnerability verification server, the vulnerability verification means extracts the vulnerability information of the biometric authentication means from the vulnerability information keeping means when receiving the provided information that specifies the biometric authentication means from the client terminal; and the service providing judgment means decides whether the service can be provided or not to the client terminal having the biometric authentication means based on the vulnerability information that is extracted by the vulnerability verification means.
-
-
5. (canceled)
-
9. A service providing propriety judging method in the biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network, wherein:
-
the biometric authentication system is equipped with the client terminal, the vulnerability verification server, and the service provider, and that is equipped with; a biometric authentication step of receiving the input of the biometric information of a client service requester at the client terminal, performing the biometric authentication with a biometric authentication means of its own using the received biometric information, and sending the authentication result to the service provider together with the information that specifies the biometric authentication means that performed the authentication; a step of sending the information that specifies the biometric authentication means that was received from the client terminal in the service provider; a step of extracting the vulnerability information that is the information showing the vulnerability level of the biometric authentication means that has a possibility of connecting to the biometric authentication system that is kept in advance by corresponding the received biometric authentication means to the specifying information and sending to the service provider where the information is sent; a service providing judgment step of judging whether the service is provided to the client terminal or not by comparing the vulnerability information with the authentication policy in the service provider; and a service providing step of providing a service to the client terminal in the case that the service providing judgment means decides it is possible, the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means; and the authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control.
-
-
10. A program for running a computer of the service provider in a biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network comprising:
-
a client terminal that receives an input of the biometric information of the service requester and performs a biometric authentication with its own biometric authentication means using the received biometric information; a service provider that provides a service; and a vulnerability verification server that keeps the vulnerability information that is the information showing the level of vulnerability of the biometric authentication means that has a possibility of being connected to the biometric authentication system; wherein the biometric authentication system functions as a vulnerability verification means of sending the provided information that specifies the biometric authentication means that was received from the client terminal to the vulnerability verification server and receiving the vulnerability information of the biometric authentication means from the vulnerability verification server; a service providing judgment means of judging whether the service can be provided or not to the client terminal having the biometric authentication means by comparing the vulnerability information with the authentication policy; and a service providing means of providing a service to the client terminal where the request of the service was made in the case that the service providing judgment means decides it is possible, the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means; and the authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control.
-
-
11. A vulnerability verification server that notifies the vulnerability information of the biometric authentication means of the client depending on the request from the service provider providing the service in the biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network,
comprising: -
a vulnerability information keeping means that keeps the vulnerability information that is the information showing the vulnerability level of the biometric authentication means that can be connected to the biometric authentication system; and a vulnerability verification means that receives the provided information that specifies the biometric authentication means from the service provider and then notifies the vulnerability information corresponding to the biometric authentication means to the service provider where the request was made, the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means; and the authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control. - View Dependent Claims (12, 14)
-
-
13. (canceled)
Specification