Search

EP-3929777-B1 - AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD

EP3929777B1EP 3929777 B1EP3929777 B1EP 3929777B1EP-3929777-B1

Inventors

  • MORIWAKI, SOTARO
  • NISHIDA, SHIGENOBU
  • FUJITA, YUICHI
  • KOKUBUN, Ayumi
  • TANAKA, KOJI

Dates

Publication Date
20260506
Application Date
20200327

Claims (11)

  1. An authentication system using a plurality of types of authentication for authentication of a user, the system comprising: an authentication information acquisition unit (16a) configured to acquire from the user pieces of authentication information corresponding to the plurality of types of authentication; a comprehensive authentication unit (25b) configured to obtain a comprehensive authentication result from results of the plurality of types of authentication performed by using the pieces of authentication information, wherein the plurality of types of authentication respectively output evaluation values as authentication results, and the comprehensive authentication unit (25b) adds up the evaluation values to calculate a comprehensive evaluation value; and an operation control unit(25d) configured to control stepwise a range of operations to be permitted for the user, based on the comprehensive evaluation value obtained by the comprehensive authentication unit (25b);wherein in a case where the comprehensive evaluation value is higher than a first threshold, the operation control unit (25d) permits operations including a low security operation and a high security operation, in a case where the comprehensive evaluation value is lower than or equal to the first threshold but higher than a second threshold, the operation control unit (25d) permits the low security operation but does not permit the high security operation, and in a case where the comprehensive evaluation value is lower than or equal to the second threshold, the operation control unit (25d) prohibits operations including the low security operation and the high security operation; and wherein on a condition that an evaluation value of a predetermined type of authentication, among the plurality of types of authentication, exceeds a threshold that is set for the evaluation value, the comprehensive authentication unit (25b) applies weights to the evaluation values of the plurality of types of authentication and adds up weighted evaluation values to calculate the comprehensive evaluation value.
  2. The authentication system according to claim 1, wherein the comprehensive authentication unit (25b) performs additional authentication when the comprehensive evaluation value is insufficient for an operation required by the user, and controls whether or not to permit the operation required by the user, based on a result of the additional authentication.
  3. The authentication system according to any one of claims 1 to 2 wherein the comprehensive authentication unit (25b) makes the weights, which are applied to the evaluation values of the plurality of types of authentication before the evaluation values are added up, different from each other based on acquisition environment of the authentication information.
  4. The authentication system according to claim 3, wherein the comprehensive authentication unit (25b) determines, based on the authentication information, the acquisition environment of the authentication information.
  5. The authentication system according to any one of claims 1 to 4, wherein the authentication information acquisition unit (16a) acquires, as the authentication information, a face image of the user, and the comprehensive authentication unit (25b) varies a way of obtaining the comprehensive authentication result, based on presence/absence of a mask being worn by the user in the face image.
  6. The authentication system according to claim 5, wherein when there is a mask being worn by the user, the comprehensive authentication unit (25b) obtains the comprehensive authentication result while placing greater importance on a result of authentication using a factor other than the face image.
  7. The authentication system according to claim 5 or 6, wherein when there is a mask being worn by the user, the comprehensive authentication unit (25b) obtains the comprehensive authentication result by using a result of partial face authentication for which an area around eyes is intensively used.
  8. The authentication system according to any one of claims 1 to 7, further comprising a model face image display unit (16b) configured to, when the authentication information acquisition unit (16a) has acquired a face image of the user as the authentication information, display a model face image corresponding to the acquired face image, to the user.
  9. The authentication system according to claim 8, wherein the model face image display unit (16b) determines an area and an orientation of the model face image in accordance with an area and an orientation of the acquired face image.
  10. The authentication system according to claim 8 or 9, wherein when a specific condition has been satisfied, the model face image display unit (16b) displays a model face image having a shape corresponding to the specific condition.
  11. An authentication method using a plurality of types of authentication for authentication of a user, the method comprising: acquiring from the user pieces of authentication information corresponding to the plurality of types of authentication; obtaining a comprehensive authentication result from results of the plurality of types of authentication performed by using the pieces of authentication information, wherein the plurality of types of authentication respectively output evaluation values as authentication results, and the evaluation values are added up to calculate a comprehensive evaluation value; and controlling stepwise a range of operations to be permitted for the user, based on the comprehensive evaluation value obtained in the obtaining wherein in a case where the comprehensive evaluation value is higher than a first threshold, permitting operations including a low security operation and a high security operation, in a case where the comprehensive evaluation value is lower than or equal to the first threshold but higher than a second threshold, permitting the low security operation but not permitting the high security operation, and in a case where the comprehensive evaluation value is lower than or equal to the second threshold, prohibiting operations including the low security operation and the high security operation; wherein on a condition that an evaluation value of a predetermined type of authentication, among the plurality of types of authentication, exceeds a threshold that is set for the evaluation value, applying weights to the evaluation values of the plurality of types of authentication and adding up weighted evaluation values to calculate the comprehensive evaluation value.

Description

TECHNICAL FIELD The present invention relates to an authentication system and an authentication method using a plurality of types of authentication. BACKGROUND ART Conventionally, authentication of a user has been performed by registering a password, biometric information, or the like in advance, and determining whether or not a password or biometric information received from the user matches the registered information. Furthermore, in order to ensure higher security and authentication accuracy, one-time password authentication using a single-use password, and multi-factor authentication using a plurality of types of authentication have also been adopted. For example, Japanese Laid-Open Patent Publication No. 2017-111608 discloses multi-factor authentication using two or more pieces of information among biometric information, possession information, and knowledge information. Meanwhile, Japanese Laid-Open Patent Publication No. 2017-535986 (Japanese Translation of PCT International Application) discloses multi-factor authentication using a plurality of pieces of biometric information such as a face and a voice. US-A-2016/110528 discloses a computing device processor which performs multifactor authentication operations that include determining one or more of a transaction type criticality value, a user confidence value, a software integrity confidence value, and a historical behavior value, using the one or more of these values to determine a number of authentication factors that are be evaluated when authenticating a user of the computing device, and authenticating the user by evaluating the determined number of authentication factors. US-A-2014/331293 discloses a computer-implemented method comprising: receiving, from a device used by a user, a request to access a resource hosted by a computer system; identifying, by the computer system, a level of risk associated with the user requesting access to the resource; adjusting, by the computer system an authentication standard for access to the resource, adjusting based on the identified level of risk; determining values for authentication factors used in authenticating the user's access to the resource; applying weights to the values for the authentication factors; and determining, based on a comparison of the weighted values to the adjusted authentication standard, whether the user is authorized to access the resource. SUMMARY OF THE INVENTION PROBLEMS TO BE SOLVED BY THE INVENTION In the conventional art, however, flexible use of authentication according to purpose and situation cannot be performed, resulting in reduction in convenience. For example, in the configuration where whether or not to permit an operation is determined based on whether or not authentication of a user is success or failure, if the authentication has failed, no operations can be performed. In actuality, the level of security required for each operation varies depending on the content of each operation. However, since strictness of authentication needs to be set according to an operation requiring the highest security level, excessively strict authentication is imposed on an operation having a lower security level, resulting in a situation that convenience to the user is reduced. When authentication is performed in a dark place, effectiveness of authentication based on an image is reduced. When authentication is performed in a noisy place, effectiveness of authentication based on a voice is reduced. If authentication can be performed in an environment with suitable brightness and sound, influence of the environment can be reduced. However, when authentication is performed by using a portable terminal device in various environments, accuracy of authentication may be degraded due to influence of the environment. Therefore, in the multi-factor authentication using a plurality of types of authentication, it is an important issue to realize flexible use according to purpose and situation, and enhance convenience. The present invention is made to solve the problems of the conventional art, and one object of the present invention is to enhance convenience in an authentication system using a plurality of types of authentication. SOLUTION TO THE PROBLEMS In order to solve the above problems and achieve the object, the present invention provides an authentication system using a plurality of types of authentication, and an authentication method using a plurality of types of authentication, according to the respective independent claims. Further features according to some embodiments are according to the dependent claims. ADVANTAGEOUS EFFECTS OF THE INVENTION According to the present invention, it is possible to enhance convenience in an authentication system using a plurality of types of authentication. BRIEF DESCRIPTION OF THE DRAWINGS [FIG. 1] FIG. 1 illustrates a concept of an authentication system according to an embodiment.[FIG. 2] FIG. 2 illustrates a system configuration of the authenticat