Recently increasing numbers of systems use fingerprint authentication for log-in operations of computers, etc. This results from a great cost reduction of fingerprint sensors and greatly improved processing capability of computers.
There are two types of systems which use the fingerprint authentication for log-in operations of computers. The one is stand-alone type and the other is client-server type.
In the stand-alone type system, the computers to be logged in to include fingerprint sensors, fingerprint authentication programs and registered fingerprint data. When a user logs in to the computer, a fingerprint image input via the fingerprint sensor is processed in the computer to be check fingerprint data (i.e., fingerprint data to be checked). The check fingerprint data is compared with the registered fingerprint data using the fingerprint authentication program. Then, if it is determined that the check fingerprint data corresponds to the registered fingerprint data, a log-in process is performed.
The stand-alone type system has a simple configuration and is mainly used for personal computers, mobile phones, etc.
The client-server type system includes two computers, one of which is to be logged in to (referred to as “a client computer”) and another is an authentication server (see Patent Document 1, for example). In general, the client computer includes, as components for the fingerprint authentication, only a fingerprint sensor, a part of a fingerprint authentication program, and a fingerprint data generating program for generating check fingerprint data from the fingerprint image. The authentication server includes a fingerprint authentication program for determining match or mismatch of the fingerprint, user data of plural users, i.e., user IDs, and registered fingerprint data.
When a user logs in to the client computer, the fingerprint image is acquired from the fingerprint sensor and the check fingerprint data is generated using the fingerprint data generating program. The client computer transmits the user ID and the check fingerprint data of the user to the authentication server. The authentication server searches for the corresponding registered fingerprint data based on the received user ID and compares it with the received check fingerprint data using the fingerprint authentication program. The authentication server transmits a result to the client computer, and the client computer performs the log-in process if it receives the result representing correspondence of the data.
The client-server type is used for computers in companies, an arrival and departure managing system using the fingerprint authentication, etc. A configuration of the client-server type is complicated; however, the client-server type provides convenience such that users can log in to any client computers if the user data (user IDs and registered fingerprint data) of the users is registered in the authentication server. Further, in order to prevent the log-in process for a certain user because of retirement or the like, the user data of the user has only to be deleted from the authentication server. In this way, the client-server type has an advantage that central management can be easily implemented. In the companies, this central management function is indispensable. Thus, the overwhelming majority of the companies adopt this client-server type when they introduce the fingerprint authentication.    [Patent Document 1] Japanese Laid-open Patent Publication No. 2000-276445
In the client-server type system, the authentication server undertakes the total fingerprint authentication for the companies. In ordinary companies, starting and finishing times of work and a lunch break are fixed and company staffers go to work according to the starting time of work. In these days, the work in the companies largely depends on computer systems, and e-mail is often used for communications in the companies. For this reason, the company staffers tend to log in to the client computers first of all to check e-mail. Thus, the majority of the company staffers log in to the client computers immediately after the starting time of work, resulting in a heavy load on the authentication server. The causes of the load are as follows.
(1) Establishment of encrypted communication lines between the client computers and the authentication server. It is noted that in the client-server type of the fingerprint authentication, encrypting communications between the client computers and the authentication server is substantially indispensable.(2) Search and retrieval of the user data using a database in the authentication server.(3) Fingerprint authentication process in the authentication server.
However, even under heavy load conditions, it is necessary to transmit communications in the companies to the company staffers as soon as possible. Such a service in which the company staffers are recommended to shift the timing to log in to the client computers is not acceptable. Thus, the authentication server must have a capability sufficient to endure the heavy load. After the peak in the morning, authentication demands do not come frequently, and thus the authentication server is substantially in its idle state. Although it is not efficient in terms of a capital investment, the capability has to be increased according to the peak load, which leads to a problem that cost of hardware resources becomes high.
In this way, the fingerprint authentication of the client-server type has a problem about responsiveness of the authentication server.