1. Field of the Invention
The present invention relates to an art which is mounted on an information processing device such as a portable device (e.g., cell phone and PDA) and a personal computer and prevents unauthorized use by authenticating whether or not a user trying to execute various processes using the device is a person who is authorized to use it.
2. Background of the Related Art
Recently, under study is provision of various services using a portable device by mounting, on the portable device, a chip or card that realizes a so-called IC card function. For example, a user will be able to use various services by having a user's own portable device mounted with an IC card that communicates with a service terminal provided with an IC card reader/writer. The various services including e-money transaction processes, bonus point service processes accompanying purchase of products or the like, fare adjustment processes at gates of transportation facilities, entry processes by e-ticket, and management processes of entry/exit or attendance record.
Such a chip or card that realizes an IC card function is configured such that programs and important data are concealed in a IC chip and important information as well as a key or logic to access that information cannot be seen by an unauthorized device. The chip or card can encrypt and store important information such as credit card data, e-ticket data, or the like.
While important information stored as above cannot be accessed from an unauthorized device, if an unauthorized user (other than the person) once obtains a portable device mounted with an IC card or IC card function, the unauthorized user can use services provided, based on this important information. Moreover, since a portable device needs frequent charging, it is often left, for example, on a table in an office while being connected to the power. In this case, even if a user does not lose the portable device, it becomes highly likely that the above-mentioned unauthorized use would occur.
A portable device holds not only important information related to e-commerce or the like, but also information related to privacy such as an address book, schedule, incoming and outgoing emails, or records of incoming and outgoing calls. There are a growing number of requests for wanting to avoid a user, other than the person, who dishonestly sees such information stored in a portable device.
Under such circumstances, various mechanisms to prevent unauthorized use are under study. A popular mechanism is password authentication. Recently, a cell phone mounted with a fingerprint authentication device has been commercialized. Japanese Patent Laid-Open Application No. 2002-44727 discloses an art to allow, by way of fingerprint authentication, an operation that lifts a restriction of a communication control section. Also suggested is an art of performing authentication by combining results obtained from various authentication methods. For example, Japanese Patent Laid-Open Application No. 2000-242786 describes an art to judge whether a user is the person or not by determining probabilities of the user's being the person using two or more authentication methods respectively and by determining a logical value from each result. Japanese Patent Laid-Open Application No. 2000-259828 describes an art to judge whether a user is the person or not using two or more authentication methods respectively and decides that the user is the person when all the authentication methods judge that the user is the person.
A known art to prevent unauthorized use is to authenticate in order to unlock a locked process when a user tries to execute the locked process in an information processing apparatus. With such art, a user who wants to protect important or privacy-related information needs to set a lock so that an application to receive services using such information or an application to view such information cannot be started or executed unless authentication is successful. Locking can prevent another person's unauthorized use, but since a special operation for authentication (e.g., inputting password, and pressing a finger on a fingerprint authentication device) is required whenever the person wants to use the device, it is troublesome and takes a longer time to start a desired application due to a process time required for authentication.
If it is possible to continuously confirm by some means whether a user using an information processing device is the person or not, the user will be free of trouble of being asked for a special operation for authentication when the user wants to use some services or information. However, such a continuous authentication is difficult, especially when the information processing device is a portable device, because of the way it is used and its physical restrictions. Therefore, it is required to devise when to conduct authentication, how to prevent unauthorized use during a period that a user is not being authenticated, or the like.