Biometric Authenticaton System and Method with Vulnerability Verification

US 20090307764A1
Filed: 03/23/2007
Published: 12/10/2009
Est. Priority Date: 03/24/2006
Status: Active Grant

First Claim

Patent Images

1. A biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network comprising:

a client terminal that receives an input of the biometric information of the service requester and performs a biometric authentication with its own biometric authentication means using the received biometric information;

a service provider that provides a service; and

a vulnerability verification server that keeps the vulnerability information that is the information showing the level of vulnerability of the biometric authentication means that has a possibility of being connected to the biometric authentication system,wherein;

the client terminal produces the information that specifies the biometric authentication means and the authentication result as a process profile and is equipped with a process profile producing means that is sent to the service provider;

the vulnerability verification server is equipped with a vulnerability verification means that replies to the service provider that provides the vulnerability information corresponding to the biometric authentication means when receiving the provided information that specifies the biometric authentication means from the service provider;

the service provider is equipped with a service providing judgment means that decides whether the service can be provided or not to the client terminal having the applicable biometric authentication means comparing the vulnerability information with an authentication policy, and a service providing means that provides a service to the client terminal where the request of the service was made in the case that the service providing judgment means decides it is possible;

the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means;

andthe authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A biometric authentication device has a threat of an attack of pretending to be someone else by such as forgery. The present invention supports a service provider to appropriately decide the level of such threat.

A vulnerability verification server 150 is provided in the system, and the vulnerability of each biometric product is centrally managed. A service provider 130 sends the information that specifies the device in which a client terminal 110 executes the biometric authentication to the vulnerability verification server 150, and receives the vulnerability information. The service provider 130 decides whether the service can be provided or not to the client terminal 110 using the vulnerability information that was received.

Citations

14 Claims

1. A biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network comprising:
- a client terminal that receives an input of the biometric information of the service requester and performs a biometric authentication with its own biometric authentication means using the received biometric information;
  
  a service provider that provides a service; and
  
  a vulnerability verification server that keeps the vulnerability information that is the information showing the level of vulnerability of the biometric authentication means that has a possibility of being connected to the biometric authentication system,wherein;
  
  the client terminal produces the information that specifies the biometric authentication means and the authentication result as a process profile and is equipped with a process profile producing means that is sent to the service provider;
  
  the vulnerability verification server is equipped with a vulnerability verification means that replies to the service provider that provides the vulnerability information corresponding to the biometric authentication means when receiving the provided information that specifies the biometric authentication means from the service provider;
  
  the service provider is equipped with a service providing judgment means that decides whether the service can be provided or not to the client terminal having the applicable biometric authentication means comparing the vulnerability information with an authentication policy, and a service providing means that provides a service to the client terminal where the request of the service was made in the case that the service providing judgment means decides it is possible;
  
  the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means;
  
  andthe authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control.
- View Dependent Claims (2, 3, 4, 6, 7, 8)
- - 2. The biometric authentication system according to claim 1, wherein the vulnerability verification server comprising:
    - a vulnerability information collecting means that collects the vulnerability information of the biometric authentication means equipped in each client terminal anda vulnerability information keeping means that keeps the collected vulnerability information together with the information that specifies the biometric authentication means having the vulnerability information; and
      
      the vulnerability verification means extracts the vulnerability information that is kept in the vulnerability information keeping means corresponding to the information and replies to the service provider where the provision was made when the vulnerability verification means receives the provided information that specifies the biometric authentication equipment from a service provider.
  - 3. The biometric authentication system according to claim 1 or 2, wherein the service providing judgment means of the service provider comprising:
    - the verification policy; and
      
      a policy verification means that decides whether the vulnerability level at which the biometric authentication means of the client terminal can provide a service is satisfied or not comparing the vulnerability level shown by the vulnerability information and the vulnerability level in which the service can be provided that is kept in the verification policy;
4. The biometric authentication system according to claim 3, wherein the policy verification means decides that the service can be provided in the case that both the level of difficulty of fraud and forgery and the level of an attacker in the received vulnerability information are lower than the level that is kept in the authentication policy.
6. The biometric authentication system according to claim 4, wherein:
- the process profile includes the condition of use in addition to the information that specifies the biometric authentication means; and
  
  the condition of use is also kept in the vulnerability information keeping means in addition to the information that specifies the biometric authentication means.
7. The biometric authentication system according to any one of claims 1 to 6, wherein:
- the service provider can provide a plurality of services;
  
  the service providing judgment means decides whether there is a service that can be provided within the vulnerability level of the vulnerability information or not among other services in the case of judging that the service that is requested to be provided from the client terminal cannot be provided; and
  
  the service providing means provides a service that was decided to be capable by the service providing judgment means to the client terminal where the request was made.
8. The biometric authentication system according to claim 1, wherein:
- the vulnerability verification server is equipped with a change notifying means that notifies the content of the change to the service provider when there is an update in the vulnerability information; and
  
  the service provider is equipped with a vulnerability information keeping means that keeps the vulnerability information and is equipped with a vulnerability information management means that updates the vulnerability information that is kept in the vulnerability information keeping means when receiving the content of the update from the vulnerability verification server,the vulnerability verification means extracts the vulnerability information of the biometric authentication means from the vulnerability information keeping means when receiving the provided information that specifies the biometric authentication means from the client terminal; and
  
  the service providing judgment means decides whether the service can be provided or not to the client terminal having the biometric authentication means based on the vulnerability information that is extracted by the vulnerability verification means.

5. (canceled)

9. A service providing propriety judging method in the biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network, wherein:
- the biometric authentication system is equipped with the client terminal, the vulnerability verification server, and the service provider, and that is equipped with;
  
  a biometric authentication step of receiving the input of the biometric information of a client service requester at the client terminal, performing the biometric authentication with a biometric authentication means of its own using the received biometric information, and sending the authentication result to the service provider together with the information that specifies the biometric authentication means that performed the authentication;
  
  a step of sending the information that specifies the biometric authentication means that was received from the client terminal in the service provider;
  
  a step of extracting the vulnerability information that is the information showing the vulnerability level of the biometric authentication means that has a possibility of connecting to the biometric authentication system that is kept in advance by corresponding the received biometric authentication means to the specifying information and sending to the service provider where the information is sent;
  
  a service providing judgment step of judging whether the service is provided to the client terminal or not by comparing the vulnerability information with the authentication policy in the service provider; and
  
  a service providing step of providing a service to the client terminal in the case that the service providing judgment means decides it is possible,the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means; and
  
  the authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control.

10. A program for running a computer of the service provider in a biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network comprising:
- a client terminal that receives an input of the biometric information of the service requester and performs a biometric authentication with its own biometric authentication means using the received biometric information;
  
  a service provider that provides a service; and
  
  a vulnerability verification server that keeps the vulnerability information that is the information showing the level of vulnerability of the biometric authentication means that has a possibility of being connected to the biometric authentication system;
  
  wherein the biometric authentication system functions as a vulnerability verification means of sending the provided information that specifies the biometric authentication means that was received from the client terminal to the vulnerability verification server and receiving the vulnerability information of the biometric authentication means from the vulnerability verification server;
  
  a service providing judgment means of judging whether the service can be provided or not to the client terminal having the biometric authentication means by comparing the vulnerability information with the authentication policy; and
  
  a service providing means of providing a service to the client terminal where the request of the service was made in the case that the service providing judgment means decides it is possible,the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means; and
  
  the authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control.

11. A vulnerability verification server that notifies the vulnerability information of the biometric authentication means of the client depending on the request from the service provider providing the service in the biometric authentication system that provides a service after carrying out personal identification of a service requester through a data communication network,comprising:
- a vulnerability information keeping means that keeps the vulnerability information that is the information showing the vulnerability level of the biometric authentication means that can be connected to the biometric authentication system; and
  
  a vulnerability verification means that receives the provided information that specifies the biometric authentication means from the service provider and then notifies the vulnerability information corresponding to the biometric authentication means to the service provider where the request was made,the vulnerability information includes the type of the vulnerability, the range affected by the vulnerability, the condition of use showing whether the client terminal is used under a prescribed control or not, the difficulty of fraud and forgery, and the level of an attacker that can attack with each specification of the biometrics authentication means; and
  
  the authentication policy includes the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is used under the prescribed control and the difficulty of fraud and forgery and the level of an attacker in the case that the client terminal is not used under the prescribed control.
- View Dependent Claims (12, 14)
- - 12. The vulnerability verification server according to claim 11 further comprising:
    - a vulnerability information collecting means that collects the vulnerability information of the biometric authentication means equipped in each client terminal;
      
      wherein the vulnerability information collecting means registers the collected vulnerability information in the vulnerability information keeping means together with the information that specifies the biometric authentication means having the vulnerability information, andthe vulnerability verification means extracts the vulnerability information that is kept in the vulnerability information keeping means corresponding to the information when receiving the provided information that specifies the biometric authentication equipment from the service provider, and notifies to the service provider where the request was made.
  - 14. The vulnerability verification server according to claim 12, wherein the range affected by the vulnerability that is registered in the vulnerability information keeping means is specified by the information that specifies the device of the biometric authentication means, the information that specifies the software, and the information that specifies the template.

13. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Isobe, Yoshiaki, Mimura, Masahiro

Granted Patent

US 8,312,521 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/51   at application loading time...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 9/3231   Biological data, e.g. finge...

Biometric Authenticaton System and Method with Vulnerability Verification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Biometric Authenticaton System and Method with Vulnerability Verification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links