1. Field of the Invention
This invention relates to a verification system to verify individually entered data items for authentication or similar and a program check method for such a system, and in particular relates to a verification system and a program check method for a verification system which detects alteration of a program for verification.
2. Description of the Related Art
The spread of data processing equipment in recent years has been accompanied by such problems as the illicit release of personal information and illicit alteration of programs. In particular, measures are required to ensure the security of equipment handling personal data which is used for individual authentication.
For example, there exist numerous parts of the human body which enable differentiation of individuals, such as fingerprints and toe-prints, the retina of the eyes, facial features, and blood vessel patterns. With advances in biometrics technology in recent years, various devices have been provided for individual authentication by identifying such features of a part of the human body.
In particular, blood vessels in the palms and fingers and palm-prints provide a comparatively large volume of individual characteristic data, and users typically show little resistance to use of such characteristics, making them suitable for reliable individual authentication. In particular, blood vessel (vein) patterns do not change from the time of the fetus throughout life, are said to be unique among individuals, and are suitable for individual authentication.
In individual authentication using such blood vessel patterns, the user brings his hand close to an image capture device at the time of registration and authentication. The image capture device emits near-infrared rays, which are incident on the palm. The near-infrared rays which reflected from the palm are received by a sensor. Hemoglobin in the red corpuscles flowing in the veins have lost oxygen; this hemoglobin (reduced hemoglobin) absorbs near-infrared rays at wavelengths near 760 nanometers. Consequently when near-infrared rays are made incident on the palm, there is little reflection only in portions where there are veins, and the intensity of the reflected near-infrared rays enable identification of the positions of veins.
A user first employs the image capture device to register vein image data for his own palm on a server and card. Then, in order to perform individual authentication, the user causes the image capture device to read vein image data for his own hand. The vein patterns in the vein registration image retrieved using the user's ID and in the vein verification image read by the image capture device are verified to authenticate the individual.
In such verification for individual authentication, a program to access the registration data from a card and server, and a verification program to perform verification are used. If such programs were altered, illicit acquisition of individual data and output of illicit verification results would be possible.
In the prior art, various methods have been proposed to prevent the installation of illicit programs in place of the correct programs. For example, a program to be installed may be provided with an electronic signature; the presence or absence of an electronic signature and the legitimacy of the program are judged, to prevent installation of illicit programs (see for example U.S. Pat. No. 6,347,398).
On the other hand, the more sophisticated functionality of personal computers in recent years and their increased convenience of use have made possible substitution of various types of application programs and middleware. The security functions of conventional OSs (Operating Systems) do not address all programs, and there exist programs which allow free substitution by the user. When programs for which such substitution is possible are used for verification and individual authentication, there is the possibility of illicit acquisition of individual information and illicit verification.
Further, the heightened awareness of software by users in recent years has been accompanied by concerns that the check program itself, installed on a personal computer, may be altered, so that it is difficult to guarantee the legitimacy of program checks.