1. Field of the Invention
The present invention relates to an authentication method and an authentication apparatus for authenticating that a user is a valid user of a computer apparatus and the like, and an authentication program storage medium in which an authentication program for causing an information processing apparatus such as a computer apparatus to operate as the authentication apparatus is stored.
2. Description of the Related Art
There has been devised a mechanism in which it is authenticated that the user is a valid user before a computer apparatus is activated. As an example of such a mechanism, password authentication which uses pre-registered combination of characters and numerals has been widely adopted. However, recently, an authentication approach which uses biological data, such as fingerprint authentication and palm vein authentication, is increasingly spreading. Since the risk of analogy or possibility of spoofing is low in the biological data authentication in comparison with the password authentication, biological data authentication is increasingly used for authentication performed at activation of a computer apparatus as only one authentication approach in companies or organizations where more robust security management is required.
However, once biological data authentication is set as only one authentication approach performed at activation, there may be a case where a system administrator cannot activate the apparatus when it is necessary. For example, if the system administrator has a part of his body used for the biological data authentication, such as a finger and a hand, injured or if biological data authentication equipment connected to the computer apparatus becomes out of order, then the system administrator himself cannot activate the apparatus.
In Japanese Patent Laid-Open No. 2002-22022, a technique is disclosed in which both of authentication by inputting a password and authentication by biological data are accepted at activation. By using this technique, it is possible for the system administrator to activate the apparatus by password authentication. In this technique, however, since general users other than the system administrator can also activate the apparatus by password authentication, only security performance at the same level as the case of performing only password authentication can be ensured. Thus, security performance is sacrificed in comparison with the case of setting authentication by biological data as only one authentication approach.
In Japanese Patent Laid-Open No. 2004-33859, a technique is disclosed in which an input screen for a general user and an input screen only for an administrator are provided, and it is possible to proceed to the input screen only for an administrator by an approach known only by the administrator. However, this is a stage after authentication has already been performed and is not related to authentication.
Since a computer apparatus cannot recognize in advance whether a user who is going to use the computer apparatus is a system administrator or a general user, it is not easy to display a screen enabling input of a password only to a system administrator. It is required to take measures, such as preparation of a separate, special activation mode, and activation processing or operation is complicated.
In order to solve this problem, a mechanism is required which allows a general user to perform only biological data authentication while allowing a system administrator to perform password authentication, without preparing a special activation mode for a system administrator, and further makes it unknown to a general user that the system administrator is allowed to use the password authentication.