1. Field of the Invention
The present invention relates to a user authentication system for authenticating a user by using biometric information, and in particular to a user authentication system that accepts only access from a user having an access right to the system to authenticate the user.
2. Description of the Related Art
In recent years, due to the rapid proliferation of the Internet and mobile phones, there are increased chances that each terminal can utilize various services on a network. Some services provided on the network require user authentication. In the case of conducting electronic commercial transactions, checking the balance on an account, making a payment, etc., user authentication via the network is required. Most user terminals are equipped with microphones for a voice input, so that a user can be authenticated by using a voice. Furthermore, CCD cameras recently become standard equipment on user terminals due to a lowered price thereof. Therefore, a user can also be authenticated by using a face picture. Still furthermore, a user authentication system using other various kinds of biometric information is being developed.
In user authentication using biometric information, higher security is ensured compared with the case of using a personal identification number. However, conventional user authentication using a user terminal connected to an authentication server on the network has a problem of unauthorized access by “a person who pretends to be a user”. For example, most user terminals are equipped with microphones that allow a voice input to be conducted, so that in the case of user authentication using a voice as biometric information, it is possible to access an authentication server through the network by using any user terminal equipped with a microphone and to try pretending to be a user by inputting a voice as biometric information. In this case, a certain level of security can be ensured since an input of a voice as biometric information is required. However, as described above, it is possible to try accessing a user authentication server from any terminal by using biometric information through the network.
Thus, in a user authentication system using biometric information, it is required to manage a user terminal that is permitted to access a user authentication system. It is also required to associate a user terminal, a user who is permitted to input biometric information from the user terminal, and the contents of the biometric information with each other.