1. Field
One embodiment of the present invention relates to a security protection technology suitable for being applied to a personal computer or the like including a function of substituting fingerprint authentication for password entry.
2. Description of the Related Art
Recently, various types of personal computers, such as notebook-type computers and desktop-type computers, are widely used. Along with the popularization of these personal computers, awareness of information leaks prevention has been raised. Under the circumstances, various approaches relating to security protection for computers have been proposed (e.g., Jpn. Pat. Appln. KOKAI Publication No. 2003-122444).
Also, authentication technologies utilizing biological information have been gathering attention recently. For example, reading of a fingerprint, no two are ever the same, enables to start a computer without entering a password which is at risk of being stolen. In other words, all kinds of efforts have been made in order to improve both security strength and convenience in such authentication technologies.
Fingerprint information of a user is registered to the above-mentioned fingerprint authentication device for performing authentication by matching a fingerprint. Also, identification information is registered to the fingerprint authentication device in order to deal with such a case as the fingerprint authentication device itself is abusively exchanged. For example, a BIOS (basic input/output system), which requires password entry for authenticating a user, checks the identification information, and permits, when the identification information is verified, the user to start a computer with approval of the authentication using the fingerprint authentication device, instead of password entry. With this mechanism, an invalid user who abusively exchanges the fingerprint authentication device with a fingerprint authentication device to which fingerprint information of the invalid user is registered is to be required to enter a password. It is because the BIOS does not permit starting of the computer without approval of authentication by the fingerprint authentication device whose identification information is verified, even if the invalid user has his/her fingerprint read.
Establishing correspondence of identification information between a BIOS and a fingerprint authentication device with respect to an individual computer is difficult to be performed at the time of shipment. Therefore, correspondence of identification information is established between a BIOS and a fingerprint authentication device in such a manner that, when a valid password is entered to start a computer, the BIOS sets the identification information and both of the BIOS and the fingerprint authentication device hold the identification information.
Based on the basic principle of the establishment of correspondence of identification information, again, the case wherein the fingerprint authentication device is replaced by a fingerprint authentication device to which fingerprint information of an invalid user is registered is assumed. It is assumed herein that the invalid user let a valid user use the computer with the replaced fingerprint authentication device. In that case, the valid user is required to enter the password because authentication using a read fingerprint of the valid user will not be approved due to mismatch of identification information. If the valid user, being unaware of the replacement of the fingerprint authentication device, believes that reading of the fingerprint is simply failed and enters a valid password to start the computer, correspondence of identification information is to be established between the replaced fingerprint authentication device and the BIOS. As a result, when the invalid user has his/her fingerprint read after the valid user terminates the use of the computer, the invalid user is able to start the computer without entering the password.