The present invention relates to a system for authenticating personal identification and more particularly to a personal identification authenticating system for a client terminal in communication with a server.
Proving one""s identify is necessary when accessing a computer whose users are limited. In order to prevent individuals other than the registered users from accessing the computer, a password or a personal identification number is issued with each ID card. Access to the computer is enabled only when both a password and an ID number corresponding to the user""s number read from the ID card is entered through the keyboard.
Transaction execution systems which enable the performance of transactions, such as cash issuance at terminals remote from and in communication with a host data processing system having a central database in which account and other information is stored, are well known.
Such systems, which are frequently used by banks to extend their services, permit the issuance of cash or the receipt of deposits through a terminal, for example, an automatic teller machine (ATM). Such a terminal typically includes a mechanism for receiving and reading information from a card, a user input such as a keyboard, a display and document entry and exit apertures. Issuing a personal ID number with each credit card attains increased security for the issuance of cash or other banking transactions without intervention of a bank employee. A credit card transaction is then enabled only when an ID number corresponding to the account number read from the credit card is entered through the keyboard. This required correspondence prevents a thief or mere finder of a credit card from receiving cash, for example, from a terminal. Upon entry by a terminal user or a customer of a credit card and personal identification number, the terminal is instructed to communicate the credit card data and the personal identification number to the host for authorization of the transaction. At the host, a database of identification numbers is accessed by the card data. The identification number obtained from the database is compared with the personal identification number received from the terminal to perform a host PIN check.
When ID cards, credit cards or other cards are stolen, passwords and/or ID numbers read from cards are .decrypt ed. Thus, presenting a password or a personal identification number with a card is woefully inadequate in preventing individuals other than the registered users from accessing the computer.
It is known to use fingerprints in conjunction with an identification card to verify ownership of the card. JP-A 63-288365 discloses an ATM wherein a selector button to be pressed by a customer for transaction is transparent. A fingerprint of the customer impressed on this transparent button is recorded using an optical system including a video camera. The recorded fingerprint information is compared with stored fingerprint information.
JP-A 1-154296 discloses an ATM wherein a selector button, such as a yen key, is provided with a fingerprint pickup head of an optical fingerprint recording system.
Various compact fingerprint sensors are disclosed by U.S. Pat. No. 5,446,290 (issued on Aug. 29, 1995) that is considered to correspond to JP-A 6-325158, U.S. Pat. No. 5,635,723 (issued on Jun. 3, 1997) that is considered to correspond to JP-A 8-380173, and U.S. Pat. No. 5,708,497 (issued on Jan. 13, 1998) that is considered to correspond to JP-A 9-136328.
In transaction execution systems, a transaction terminal is designed for maximum likelihood that the user of the terminal can perform the transaction in an error free manner even if the user has never operated the terminal before. Such a terminal typically includes a group of selector buttons which allow the customer to perform the transactions and a keypad which may be used by the customer to enter money amounts. Thus, the selector or key switches or buttons of the terminal do not exceed a certain number in the neighborhood of 40. The transaction terminal may include a supply of cash and a cash dispensing mechanism and may also include a depository for receiving customer deposits. These components would then be located within the security chest. In addition, the main control electronics for the terminal may also be located within the security chest so as to prevent any unauthorized access to the control electronics. In addition to the components of the terminal system located within the security chest, a number of components may be located outside the security chest. Thus, the terminal is not compact. In the transaction execution systems, a highly reliable communication means such as an exclusive line is used to establish communication between each terminal with the host data processing system.
In a local area network (LAN) or a wide area network (WAN), personal computers and workstations are used as terminals. Internet system with great number of servers and clients allows the use of desktop or hand-held terminals. A keyboard of such a terminal includes a great number of key or selector switches that amount in number to approximately 300. In the internet systems, each server may perform an exclusive service for a group of authorized users and also may perform an open service whose users are unlimited. Communication means used to connect each terminal to such a server is not highly reliable.
It would therefore be desirable to provide a personal identification authenticating system for use in a terminal that can request both an exclusive service and an open service to a server. The exclusive service requires authentication of personal identification of the terminal user before access to a computer of the server although the free service requires password only from the terminal user.
An object of the present invention is to provide a small-sized personal identification authenticating system for preventing unauthorized individuals from accessing a computer.
According to one aspect of the present invention, there is provided a system for authenticating personal identification, comprising:
a server including a computer whose users are limited, said server having a database storing information related to ID numbers assigned to said users and information related to fingerprints of said users;
an IC card storing personal information including information related to an ID number of the card owner and information related to a fingerprint of the card owner;
a client terminal in communication with said server, said client terminal including a card reader for reading the stored personal information on said IC card, and a fingerprint sensor for sensing a fingerprint of the client terminal user;
an authenticator that compares the sensed fingerprint information of the client terminal user with the stored fingerprint information of the card owner and produces an authentication signal if the sensed fingerprint information matches the stored fingerprint information;
a transmitter that transmits personal information including the sensed fingerprint information and the authentication signal to said server if the authentication signal is produced; and
an authorizer that compares the transmitted personal information of the card owner with the stored personal information on the database and produces an authorization signal if the transmitted personal information matches the lo stored information on the database, thereby to give the client terminal user an access to said computer of said server.
According to another aspect of the present invention, there is provided a method of authenticating personal identification for a client terminal in communication with a server that includes a computer and a database, the method comprising the steps of:
storing into the database information related to identification numbers and fingerprints of users who are allowed to access into the computer of the server;
storing into an IC card information related to an identification number and a fingerprint of each of the users;
presenting descriptive screen to a client terminal user to give instructions to the client terminal user;
sensing a fingerprint of the client terminal user;
reading the stored information on the IC card;
comparing the sensed fingerprint information with the stored fingerprint information of the card owner;
transmitting the sensed fingerprint information of the client terminal user and the stored information of the card owner to the server from the client terminal if the sensed fingerprint information matches the stored fingerprint information of the card owner;
comparing the transmitted information with the stored information on the database; and
authorizing the client terminal use to access into the computer if the transmitted information matches the stored information on the database.