WO2015128128A1 - Procédé de mise en mémoire de données d'accès biométriques pour un système informatique, système informatique et mémoire de données - Google Patents

Procédé de mise en mémoire de données d'accès biométriques pour un système informatique, système informatique et mémoire de données Download PDF

Info

Publication number
WO2015128128A1
WO2015128128A1 PCT/EP2015/051250 EP2015051250W WO2015128128A1 WO 2015128128 A1 WO2015128128 A1 WO 2015128128A1 EP 2015051250 W EP2015051250 W EP 2015051250W WO 2015128128 A1 WO2015128128 A1 WO 2015128128A1
Authority
WO
WIPO (PCT)
Prior art keywords
access data
biometric
data
computer system
biometric access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2015/051250
Other languages
German (de)
English (en)
Inventor
Ulrich Ahn
Thomas Schkoda
Mario Wegener
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Technology Solutions Intellectual Property GmbH
Original Assignee
Fujitsu Technology Solutions Intellectual Property GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Technology Solutions Intellectual Property GmbH filed Critical Fujitsu Technology Solutions Intellectual Property GmbH
Publication of WO2015128128A1 publication Critical patent/WO2015128128A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the invention relates to a method for depositing
  • biometric access data for a computer system with biometric access control for a computer system with biometric access control.
  • the invention further relates to a computer system and a data memory.
  • Security level can be increased by an additional installation of a biometric query.
  • a biometric query In order to equip a computer system, for example in a company network with biometric access control, it is necessary that the individual users who use the computer system, registered and their biometric data in the
  • the object of the invention is to describe a method for storing biometric access data for a computer system with biometric access control, which allows a user to easily deposit his biometric access data in the computer system. It is another object of the invention, a for such a
  • the object is achieved by
  • the method comprises the steps:
  • Access control does not provide biometric access to a user profile, for example, locally or on one
  • biometric credentials to the user profile are captured as soon as a user logs on. This is particularly effective when biometric accessibility has been re-established and users subsequently log in to the computer system for the first time. For a user profile for which non-biometric access data are already available, biometric access data are recorded. This avoids the need for the user to be personally authorized at a central office.
  • the following steps are additionally performed after the step of checking
  • biometric access data was positive. If biometric access data are already stored in the computer system, then the user profile is unlocked as soon as the biometric access data are checked and considered correct were. Thus, a user can directly without
  • the step of checking biometric access data is repeated several times up to a predetermined number
  • the method becomes more error-tolerant.
  • the biometric access data comprise at least one of the following biometric data: fingerprint; Vein pattern;
  • biometric data types of the aforementioned list have different advantages. For example, while a fingerprint is straightforward and quick to grasp, a fingerprint will often be left on surfaces, posing a greater security risk than, for example, an iris structure. By a Combination of different biometric data types can further increase security.
  • the non-biometric access data comprise at least one of
  • a well-chosen password still provides a relatively high level of security.
  • the above-mentioned proven and usual non-biometric data types can also be used for verification, for example, if the biometric
  • the computer system includes a
  • the safety device is to
  • Access data are assigned.
  • the security device is further configured to provide the biometric access data to the selected user profile via the biometric
  • Input component to capture and save, if the
  • Access data can be recorded and saved to a user profile, is a change from one
  • Safety device further set up the
  • Security device a login component for logging in a user to the computer system.
  • the object is achieved by a
  • a credential query for an operating system.
  • a credential query may be a password query or biometric data collection.
  • a credential query is a query of credentials.
  • Credentials query allows a user not only to the computer system, but also directly to a computer
  • Figure 1 is a schematic representation of a computer system according to an embodiment of the invention.
  • FIG. 2 shows a flowchart of a method according to FIG.
  • FIG. 1 shows a schematic representation of a
  • the computer system 10 has a
  • Safety device 11 on.
  • the security device 11 controls accesses and authorizations for the computer system 10. This includes an access control.
  • Safety device 11 presents a user on a screen connected to computer system 10
  • the securing device 11 has a registration component 12.
  • the login component 12 further serves to manage various access data and
  • the security device 11 evaluates the received from the login component
  • Validation data If the validation data is positive, the security device 11 grants a user access to higher levels of software, such as an operating system (Credential Provider for Microsoft Windows, or Plugable Authentication Modules (PAM) for Unix / Linux derivatives).
  • an operating system such as Microsoft Windows, or Plugable Authentication Modules (PAM) for Unix / Linux derivatives.
  • Security device 11 allows a user access to higher levels of software.
  • the data memory 13 may be, for example, a local hard disk such as an SSD hard disk, but also another storage medium.
  • the data memory 13 may also be a network memory, for example via a
  • Data network is accessible. Furthermore, the
  • Input component 14 and a non-biometric
  • Input component 15 connected.
  • the nonbiometric input component 15 is in
  • Non-biometric access data such as passwords
  • nonbiometric input component 15 around a card reader. In this case, over the non-biometric
  • Input component 15 Access data from a chip card
  • non-biometric input component 15 for one device, a combination of multiple devices, or software for acquiring nonbiometric access data.
  • the biometric input component 14 is used to acquire biometric access data.
  • biometric input component 14 designed as a fingerprint sensor.
  • Other configurations may, of course, be other sensors such that other biometric data such as venous pattern, iris structure, retina, etc. may be used
  • Face or a voice can be detected.
  • Login component 12 match the acquired access data with stored in the data memory 13 access data. If a match of access data is detected, the security device 11 grants access to the user
  • Computer system 10 may be connected to a data store via a data network. In this case, a reconciliation of access data via the data network takes place.
  • the computer system 10 may be connected to a plurality of local and / or data stores connected to the computer system 10 via a data network. In this case, the login component 12 matches access data with a current access data record.
  • Flowchart 20 describes a method for storing biometric access data. For example, the procedure is performed after an administrator considers switching to a biometric user login as the only valid one
  • a user profile is selected by a user. For example, by entering a user name in an input field provided for this purpose. Has the
  • biometric access data is acquired.
  • Securing device 11 presents the user with a surface with a query for acquiring the biometric access data on a screen.
  • Input component 14 detects the backup device 11 now the biometric access data of the user.
  • step 23 is of the
  • Security device 11 checks whether biometric access data are stored for the selected user profile.
  • step 24 the validity of the in
  • Step 22 reviewed biometric access data reviewed.
  • step 25 If the acquired biometric access data has been rejected as invalid, the user is denied access to the computer system 10 and the method is terminated in step 25. In an alternative, not shown
  • Embodiment in a negative validity check in step 24 for a predetermined number of repetitions, such as three repetitions, again biometric
  • Access data via the biometric input component 14 detected and checked for validity. This makes it possible to compensate for an erroneous detection of valid biometric access data. If biometric access data were recognized as valid in step 24, the user is granted access to the computer system 10 in step 26. This includes, for example, a login to an operating system and access
  • step 23 If it was determined in step 23 that there is no biometric access data for the selected user profile
  • Login component 12 a surface for input
  • nonbiometric access data The user now has the option of entering non-biometric access data via the non-biometric input component 15. These nonbiometric access data are provided by the user
  • the non-biometric access data acquired in step 27 are checked for validity by the security device 11 in step 28. Are the non-biometric
  • step 25 the process is aborted in step 25.
  • the user is given a predetermined number of repetitions and thus opportunities for re-entry non-biometric
  • Access data via the non-biometric input component 15 allows before access to the computer system 10 is finally denied.
  • step 29 the detected
  • step 26 the user is granted access to the computer system 10 in step 26.
  • the process continues in step 21. This is
  • the user is granted no access immediately after the acquisition of the biometric data, but again displayed a login screen through which the user can log on with the stored biometric access data.
  • User profile determination then additionally takes place automatically in step 24. If no profile can be assigned, the acquisition of the nonbiometric access data is then continued in step 27.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé pour mettre en mémoire des données d'accès biométriques pour un système informatique (10) avec un contrôle d'accès biométrique. Le procédé comprend les étapes suivantes : - la détection des données d'accès biométriques ; - le contrôle consistant à vérifier si des données d'accès biométriques ont été mises en mémoire et attribuées à un profil d'utilisateur après que des données d'accès biométriques ont été détectées ; - la détection et l'examen de données d'accès non biométriques du profil d'utilisateur si la vérification était négative ; et - le stockage des données d'accès biométriques détectées dans le profil d'utilisateur. L'invention concerne en outre un système informatique (10) et une mémoire de données.
PCT/EP2015/051250 2014-02-27 2015-01-22 Procédé de mise en mémoire de données d'accès biométriques pour un système informatique, système informatique et mémoire de données Ceased WO2015128128A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102014102637.3 2014-02-27
DE102014102637.3A DE102014102637B4 (de) 2014-02-27 2014-02-27 Verfahren zum Hinterlegen biometrischer Zugangsdaten für ein Computersystem, Computersystem und Datenspeicher

Publications (1)

Publication Number Publication Date
WO2015128128A1 true WO2015128128A1 (fr) 2015-09-03

Family

ID=52446350

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/051250 Ceased WO2015128128A1 (fr) 2014-02-27 2015-01-22 Procédé de mise en mémoire de données d'accès biométriques pour un système informatique, système informatique et mémoire de données

Country Status (2)

Country Link
DE (1) DE102014102637B4 (fr)
WO (1) WO2015128128A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120090015A1 (en) * 2010-10-08 2012-04-12 Fujitsu Limited Device and method for authenticating biological information
WO2013100697A1 (fr) * 2011-12-29 2013-07-04 Intel Corporation Procédé, appareil et support d'enregistrement lisible par ordinateur pour authentifier un utilisateur

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120090015A1 (en) * 2010-10-08 2012-04-12 Fujitsu Limited Device and method for authenticating biological information
WO2013100697A1 (fr) * 2011-12-29 2013-07-04 Intel Corporation Procédé, appareil et support d'enregistrement lisible par ordinateur pour authentifier un utilisateur

Also Published As

Publication number Publication date
DE102014102637B4 (de) 2020-12-10
DE102014102637A1 (de) 2015-08-27

Similar Documents

Publication Publication Date Title
DE102007033812B4 (de) Verfahren und Anordnung zur Authentifizierung eines Nutzers von Einrichtungen, eines Dienstes, einer Datenbasis oder eines Datennetzes
DE102014101495B4 (de) Verfahren zum Zugang zu einem physisch abgesicherten Rack sowie Computernetz-Infrastruktur
DE112009001794T5 (de) System, Vorrichtung und Verfahren zum Sichern einer Vorrichtungskomponente
EP1147494A1 (fr) Procede et systeme de protection contre la fraude en cas de reconnaissance biometrique de personnes
AT507759A1 (de) Anforderungsbasiertes personenidentifikationsverfahren
EP3471068B1 (fr) Système distribué de génération des données à caractère personnel, procédé et produit programme informatique
DE102008014741A1 (de) System und Verfahren zum Registrieren eines Fingerabdrucks, zum Setzen eines Benutzeranmeldeverfahrens einer Anwendung, und zum Anmelden in der Anwendung
DE112013002539B4 (de) Validierung mobiler Einheiten
DE102008046639A1 (de) Serversystem und Verfahren zur Bereitstellung mindestens einer Leistung
EP3963485B1 (fr) Authentification d'un utilisateur
DE102020109591A1 (de) Biometrisches fahrzeugsystem mit automatisch erneuerten ablaufperioden zur aufbewahrung von daten
DE102013203436A1 (de) Generieren eines Schlüssels zum Bereitstellen von Berechtigungsinformationen
EP4283625A1 (fr) Authentification de personnes pour régler au moins une pompe à perfusion
EP3483842B1 (fr) Système d'authentification permettant d'authentifier une personne, procédé d'authentification et produit de programme informatique
WO2010003849A1 (fr) Procédé et dispositif d'amélioration de systèmes d'identification biométrique
DE102014102637B4 (de) Verfahren zum Hinterlegen biometrischer Zugangsdaten für ein Computersystem, Computersystem und Datenspeicher
DE102009044173A1 (de) Kreuzweiser Abgleich von Tippverhaltensdaten zur Authentifizierung und/oder Identifizierung einer Person
DE102013100227B4 (de) Biometrische Online-Altersverifizierung
EP3279821A1 (fr) Procede et systeme d'authentification d'un utilisateur pour l'utilisation d'une pluralite d'applications ou de services dans un reseau informatique
EP2834767B1 (fr) Système d'ordinateur et procédé pour chargement d'un ordinateur
DE102015210294A1 (de) Clientvorrichtung und Servervorrichtung zum abgesicherten Freischalten von Funktionen eines Clients
EP3210357B1 (fr) Procédé d'authentification d'un équipement d'utilisateur lors de la demande de connexion à un serveur
EP3792794B1 (fr) Appareil de capture d'empreintes
DE102005025447B4 (de) Zugangsverfahren für drahtloses Authentifikations-Anmeldesystem
DE102017221300A1 (de) Verfahren und System zum Bereitstellen einer datentechnischen Funktion mittels eines Datenverarbeitungssystems eines spurgebundenen Fahrzeugs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15702409

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15702409

Country of ref document: EP

Kind code of ref document: A1