Authentication system

US 8,866,586 B2
Filed: 06/08/2012
Issued: 10/21/2014
Est. Priority Date: 03/23/2005
Status: Active Grant

First Claim

Patent Images

1. An authentication system for improving accuracy of authentication of a registered person, said authentication system comprising:

a plurality of processing units, wherein each said processing unit comprises at least one information input device, each said information input device being configured witha module for inputting individual information or automatically detecting said individual information for specifying individuals of registered people,a module for recognizing temporal information at which said individual information is inputted or detected,a module for storing spatial information corresponding to a spatial position of a device of said individual and,a module for recognizing spatial information corresponding to a presence of said information input device;

a management server for managing said plurality of processing units as a network-configuring unit and being provided in communication with said information input devices; and

an authentication server configured with a module for performing an authentication of at least one of said registered people based upon said individual information,wherein said authentication server is in communication with and manages said plurality of processing units;

wherein said individual information is input or read by said information input devices within at least one of said plurality of processing units,wherein said authentication server, upon receiving said individual information, said temporal information, and said spatial information from said management server, compares said received spatial information and said received temporal information with stored spatial information and stored temporal information from past authentication processing,wherein, if said received spatial information and said received temporal information are consistent with said stored spatial information and said stored temporal information for a registered person, said authentication server determines that said registered person is present in a spatial region where said unit is located, andwherein, in an event that movement outside of said spatial region is not confirmed after said determination, if said individual information of said registered person through a second one of said information input devices within a second said processing unit is recognized, when the information input devices within said processing unit are configured with a module for providing a predetermined service to said registered person, said authentication server restricts said module for providing said service in said information input device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

[PROBLEMS] To provide an authentication system improving authentication accuracy of existence of a registered person and easily find an unauthorized act to improve the security in a system by performing authentication using coincidence/non-coincidence of biometrics information and temporal/spatial authentication when performing individual authentication via a network by using electronic information which is easily tampered, easily leaks out, and is easily stolen. [MEANS FOR SOLVING PROBLEMS] An authentication server (1) includes a database for managing individual information on a registered person to be authenticated. Moreover, the authentication server (1) is connected to a plurality of management servers (2) via a communication network and correlates the individual information transmitted from an individual information input device (3) via the management server (2) with the individual information in the database, thereby authenticating the existence of the registered person.

30 Citations

View as Search Results

26 Claims

1. An authentication system for improving accuracy of authentication of a registered person, said authentication system comprising:
- a plurality of processing units, wherein each said processing unit comprises at least one information input device, each said information input device being configured witha module for inputting individual information or automatically detecting said individual information for specifying individuals of registered people,a module for recognizing temporal information at which said individual information is inputted or detected,a module for storing spatial information corresponding to a spatial position of a device of said individual and,a module for recognizing spatial information corresponding to a presence of said information input device;
  
  a management server for managing said plurality of processing units as a network-configuring unit and being provided in communication with said information input devices; and
  
  an authentication server configured with a module for performing an authentication of at least one of said registered people based upon said individual information,wherein said authentication server is in communication with and manages said plurality of processing units;
  
  wherein said individual information is input or read by said information input devices within at least one of said plurality of processing units,wherein said authentication server, upon receiving said individual information, said temporal information, and said spatial information from said management server, compares said received spatial information and said received temporal information with stored spatial information and stored temporal information from past authentication processing,wherein, if said received spatial information and said received temporal information are consistent with said stored spatial information and said stored temporal information for a registered person, said authentication server determines that said registered person is present in a spatial region where said unit is located, andwherein, in an event that movement outside of said spatial region is not confirmed after said determination, if said individual information of said registered person through a second one of said information input devices within a second said processing unit is recognized, when the information input devices within said processing unit are configured with a module for providing a predetermined service to said registered person, said authentication server restricts said module for providing said service in said information input device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The authentication system according to claim 1, wherein said information input devices further send said spatial information and said temporal information showing a time at which said individual information is input or detected to said authentication server via said management server,wherein said authentication server, upon receiving said spatial information and said temporal information from a plurality of said information input devices, calculates information showing a time required for movement between said information input devices on a basis of said spatial information, and calculates an input or detect time interval of said individual information on a basis of said temporal information, andwherein when said time interval is shorter than said time required for movement, said authentication server determines that an unauthorized act has been performed during said input or detection of said individual information.
  - 3. The authentication system according to claim 1, wherein said authentication server is equipped with a database for managing said individual information, and said authentication server, upon receiving individual information input into or detected by said information input devices by said registered person from said information input devices, collates said received individual information and said individual information in said database provided in said authentication server itself, and upon determining a match between said individual information and said individual information in said database, performs a specified action.
  - 4. The authentication system according to claim 1, wherein said information input devices are equipped with a database for managing said individual information, and when said individual information is input or detected from said registered person, for collating said input or detected individual information with individual information in said database configured in said input devices, and upon determining a match between said individual information and said individual information in said database, perform a specified action.
  - 5. The authentication system according to claim 1, wherein said authentication server, upon receiving individual information of said registered person, information showing movement destinations of said registered person, and said spatial information of said info nation input device through which said individual information has been input or detected, forecasts a transfer route of said registered person on a basis of said received information, and transmits control information for performing an execution preparation of a specified action to one of said information input devices located on or near said forecasted transfer route.
  - 6. The authentication system according to claim 5, wherein at least one of said information input devices, upon receiving said control information for performing an execution preparation, performs a guiding action up to said movement destination using at least one of a sound, a character, or an image.
  - 7. The authentication system according to claim 5, wherein said authentication server, upon receiving said individual information transmitted from at least one of said information input devices located outside said forecasted transfer route, transmits control information for limiting or prohibiting said specified action to at least one other of said information input device.
  - 8. The authentication system according to claim 1, wherein said management server manages said information input devices collectively as one of a building structure, a transfer means, a facility, a region or an organization.
  - 9. The authentication system according to claim 1, wherein said authentication server or said management server, after recognizing that said registered person is present in a spatial region where said unit is positioned, does not recognizes that said registered person has moved outside said spatial region, and, upon receiving said individual information from said infatuation input device installed in said spatial region, determines a success of said authentication and transmits permission information for permitting execution of a financial transaction or a settlement transaction, to said information input device.
  - 10. The authentication system according to claim 1, wherein said authentication server or said management server, after recognizing that said registered person is present in a spatial region where said unit is positioned, does not recognizes that said registered person has moved outside said spatial region, and, upon receiving said individual information from said information input device installed in said spatial region, determines a success of said authentication and transmits information for recognizing a public identification card to said information input device.
  - 11. The authentication system according to claim 1, wherein said authentication server or said management server identifies local identification IDs used in a limited organization, and individual identification IDs for specifying said registered person used in said authentication system.
  - 12. The authentication system according to claim 1, wherein, in a case of a temporal disconnection of a network connection in said authentication system, said information input devices send a signal to check whether said network connection is available to said authentication server, said management server and said information input devices that have been connectable with a user'"'"'s device and establish said network connection with said authentication server, said management server or said information input devices with which said connection is available.
  - 13. The authentication system according to claim 12, wherein said information input devices store list information showing said authentication server, said management server, or said information input devices that are connectable with said user'"'"'s device, and said list information shows connection priority order, andwherein said information input devices, in a case of a temporal disconnection of said network connection in said authentication system, transmit a signal to check said network connection in accordance with said priority order and establish said network connection.
  - 14. The authentication system according to claim 1, wherein said management server and said information input devices have a preset order of destinations for said received information, and at failure of transmitting said received information, said management server or said information input device transmits said received information to a second one of said destinations.

15. An authentication system for improving accuracy of authentication of a registered person, said system comprising:
- a plurality of processing units, wherein each said processing unit comprises information input devices, each one of said information input devices being equipped with a module for inputting individual information and automatically reading individual information for specifying individuals of registered people, a module for recognizing time information at which said individual information is inputted or read, a module for storing space information corresponding to a spatial position of an installation of said input device, and a module for recognizing said space information in which said information input device is located, anda management server for managing said information input devices as a network-configuring unit, andan authentication server, in communication with the said plurality of units, equipped with a module for performing an authentication of at least one of said registered people based upon said individual information,wherein said authentication server manages said plurality of processing units and is in communication with said plurality of units,wherein said individual information is input or read by said information input devices within at least one said unit,wherein said authentication server, on receiving said input or said read individual information, said time information, and said space information via said management server, compares said received space information and said received time information with stored space information and stored time information from past authentication processing,wherein, if said space information and said time information are consistent with said stored space information and said stored time information for a registered person, said authentication server determines that said registered person has been moved from a first location where a first said unit is disposed to a second location where a second said unit is disposed, andwherein, in a case that said inputting or reading of said individual information through said information input devices occurs within said unit before movement of said registered person, when said information input devices are equipped with a module for providing a predetermined service to said registered person, said authentication server is capable of stopping or limiting said module for providing said predetermined service in said information input devices.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The authentication system according to claim 15, wherein said information input devices further send said spatial information and said temporal information showing a time at which said individual information is input or detected to said authentication server via said management server,wherein said authentication server, upon receiving said spatial information and said temporal information from a plurality of said information input devices, calculates information showing a time required for movement between said information input devices on a basis of said spatial information, and calculates an input or detect time interval of said individual information on a basis of said temporal information, andwherein when said time interval is shorter than said time required for movement, said authentication server determines that an unauthorized act has been performed during said input or detection of said individual information.
  - 17. The authentication system according to claim 15, wherein said authentication server is equipped with a database for managing said individual information, and said authentication server, upon receiving individual information input into or detected by said information input devices by said registered person from said information input devices, collates said received individual information and said individual information in said database provided in said authentication server itself, and upon determining a match between said individual information and said individual information in said database, performs a specified action.
  - 18. The authentication system according to claim 15, wherein said information input devices are equipped with a database for managing said individual information, and when said individual information is input or detected from said registered person, for collating said input or detected individual information with individual information in said database configured in said input devices, and upon determining a match between said individual information and said individual information in said database, perform a specified action.
  - 19. The authentication system according to claim 15, wherein said authentication server, upon receiving individual information of said registered person, information showing movement destinations of said registered person, and said spatial information of said information input device through which said individual information has been input or detected, forecasts a transfer route of said registered person on a basis of said received information, and transmits control information for performing an execution preparation of a specified action to one of said information input devices located on or near said forecasted transfer route.
  - 20. The authentication system according to claim 19, wherein at least one of said information input devices, upon receiving said control information for performing an execution preparation, performs a guiding action up to said movement destination using at least one of a sound, a character, or an image.
  - 21. The authentication system according to claim 19, wherein said authentication server, upon receiving said individual information transmitted from at least one of said information input devices located outside said forecasted transfer route, transmits control information for limiting or prohibiting said specified action to at least one other of said information input device.
  - 22. The authentication system according to claim 15, wherein said management server manages said information input devices collectively as one of a building structure, a transfer means, a facility, a region or an organization.
  - 23. The authentication system according to claim 15, wherein said authentication server or said management server identifies local identification IDs used in a limited organization, and individual identification IDs for specifying said registered person used in said authentication system.
  - 24. The authentication system according to claim 15, wherein, in a case of a temporal disconnection of a network connection in said authentication system, said information input devices send a signal to check whether said network connection is available to said authentication server, said management server and said information input devices that have been connectable with a user'"'"'s device and establish said network connection with said authentication server, said management server or said information input devices with which said connection is available.
  - 25. The authentication system according to claim 24, wherein said information input devices store list information showing said authentication server, said management server, or said information input devices that are connectable with said user'"'"'s device, and said list information shows connection priority order, andwherein said information input devices, in a case of a temporal disconnection of said network connection in said authentication system, transmit a signal to check said network connection in accordance with said priority order and establish said network connection.
  - 26. The authentication system according to claim 15, wherein said management server and said information input devices have a preset order of destinations for said received information, and at failure of transmitting said received information, said management server or said information input device transmits said received information to a second one of said destinations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IHC Corporation
Original Assignee
IHC Corporation
Inventors
Hayashi, Hitoshi
Primary Examiner(s)
Lim, Steven
Assistant Examiner(s)
Knox, Kaleria

Application Number

US13/492,122
Publication Number

US 20120256725A1
Time in Patent Office

865 Days
Field of Search

340/5.53, 340/541, 340/573.1, 340/5.81, 455/456, 370/227, 380/271, 1/1, 701/409
US Class Current

340/5.81
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

G07B 15/00   Arrangements or apparatus f...

G07C 2209/08   With time considerations, e...

G07C 9/257   electronically G07C9/26 tak...

H04L 63/0861   using biometrical features,...

H04L 63/107   wherein the security polici...

Authentication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Authentication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others