asy United States
`a2) Patent Application Publication co) Pub. No.: US 2003/0051138 Al
`(43) Pub. Date: Mar. 13, 2003
`
`Maeda etal.
`
`US 20030051138A1
`
`(54)
`
`(75)
`
`MOBILE TERMINAL AUTHENTICATION
`METHOD AND A MOBILE TERMINAL
`THEREFOR
`
`Inventors: Fukiko Maeda, Yokohama-shi (JP);
`Hidetoshi Yazaki, Yokosuka-shi (JP);
`Takeshi Higuchi, Yokohama-shi (JP)
`
`Correspondence Address:
`OBLON, SPIVAK, MCCLELLAND, MAIER &
`NEUSTADT,P.C.
`1940 DUKE STREET
`ALEXANDRIA, VA 22314 (US)
`
`(73)
`
`Assignee: NTT DoCoMo,Inc., Tokyo JP)
`
`(21)
`
`Appl. No.:
`
`10/176,629
`
`(22)
`
`Filed:
`
`Jun. 24, 2002
`
`(30)
`
`Foreign Application Priority Data
`
`Jun. 25, 2001
`
`(IP) coccccccecseeseestenteneee 2001-191645
`
`Publication Classification
`
`(51) Unt, C17 aceccccsssssssstsssntsssnsnssistssen HO4L 9/00
`(52) US. CMe
`icceesensesessessetentetenenee 713/168; 713/186
`
`(57)
`
`ABSTRACT
`
`A mobile terminal authentication method used for utilizing
`a service supplied from an information server to a mobile
`terminal is provided. The method authenticates the mobile
`terminal based on user information by which the information
`serveridentifies the mobile terminal. The method comprises
`an authentication step by the mobile terminal, carrying out
`an authentication using biometric information representing a
`user’s biometric characteristic and read by a reading device,
`and previously registered user’s biometric information; and
`a transmitting step by the mobile terminal, transmitting the
`user information to the information server when the biomet-
`
`ric information read by the reading device coincides with the
`previously registered user’s biometric information.
`
`MENU
`SELECTION
`
`
`
`
`
`FINGERPRINT AUTHENTICATION
`REQUESTING SCREEN
`S6 r
`
`AUTHENTICATION
`
`
`
`
`AUTHENTICATION
`RESULT
`K
`
`
`SELECTION MODE
`
`TIMER STARTS
`
`
`
`
`
`
`NON-OPERATION TIME
`> N HOURS ?
`
`
`
`SELECTION
`MODE SCREEN
`
`OPERATION IN
`SELECTION MODE
`
`PNC 1107
`PNC 1107
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 1 of 14
`
`US 2003/0051138 Al
`
`002
`
`
`
`dOHSYO4YSANSS
`
`@ASIWdYaLNa
`
`
`
`
`
`dGSALLIMNOASYOsSYAAYNAS
`
`
`
`dOHSYOdYAANAS
`
`VASIYdYALNA
`
`|Old MYOMLAN
`
`NOILVOINNNNOOITaOWw
`ww|
`
`IWNIANYSALATION
`
`O}
`
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 2 of 14
`
`US 2003/0051138 Al
`
`FIG.2
`
`BIOMT.
`INFO READER
`
`29
`
`26
`
`27
`
`28
`
`24
`DATA
`MEMORY
`
`DISPLAY
`
`INPUT
`
`MIKE
`
`SPEAKER
`
`29
`
`CONTROLLER
`
`23
`
`TO ANTENNA
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 3 of 14
`
`US 2003/0051138 Al
`
`FIG.3
`
`FINGERPRINT
`REG. MODE
`
`S|
`
`INPUT
`PASSWORD
`
`NG
`
`S2
`
`
` FINGERPRINT?
`
`OK
`
`FAILURE
`
`NO
`
`.
`
`REG. FINISHED
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 4 of 14
`
`US 2003/0051138 Al
`
`FIG.4
`
`USER DATA
`REG. MODE
`
`S11
`
`FINGERPRINT
`REQUEST
`
`$12
`
`FINGERPRINT
`AUTHENTICATION
`
`13
`
`NG
`
`AUTHENTICATION
`RESULT
`
`OK
`
`
`
`
`
`
`
`
`S14
`
`S15
`
`$16
`
`INPUT
`PASSWORD
`
`CONFIRMATION
`SCREEN
`
`U.D. REG.
`FINISHED
`
`

`

`Patent Application Publication Mar. 13, 2003 Sheet 5 of 14
`
`US 2003/0051138 Al
`
`dIYasn
`
`SMYVANSY
`
`
`
`(AWVNV.LVGYSN)
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 6 of 14
`
`US 2003/0051138 Al
`
`FIG.6
`
`Q@INITIAL REGISTRATION
`
`USER
`
`REGISTRATION
`SCREEN
`
`USER ID/PASSWORD
`REQUEST
`
`CALL FINGERPRINT
`AUTHENTICATION MODE
`
`
`
`$21
`
`$22
`
`
`
`FINGERPRINT
` $23
`NG
`AUTHENTICATION
`
` $24
`
`
`
`AUTHENTICATIO
`RESULT
`
`
`
`OK
`
`$25
`
`READ OUT
`REGISTERED USER DATA
`
`
`
`S26~
`
` PUSH
`“SEND” BUTTON
`
`
`TRANSMIT
`$27
`
`USER DATA,
`
`PRODUCTNO.
` AUTHENTICATION
`
`
`ON SERVER SIDE
`
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 7 of 14
`
`US 2003/0051138 Al
`
`FIG./
`
`12345---
`
`PASSWORD
`
` USER NAME
`
`* * KK KK KK K *K
`
`SEND
`
`Menu
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 8 of 14
`
`US 2003/0051138 Al
`
`FIG.8
`
`USER ID/PASSWORD
`INPUT SCREEN
`
`$31
`
`USER ID/PASSWORD
`REQUEST
`
`$32
`
`CALL FINGERPRINT
`AUTHENTICATION MODE
`
`$33
`
`FINGERPRINT
`~ AUTHENTICATION
`
`$34
`
`AUTHENTICATION
`RESULT
`
`
`
`OK
`
`$35
`
`READ OUT
`REGISTERED USER DATA
`
`
`
`
`NG
`
`
`
`
`$36
`
`$37
`
`
`
`PUSH
`“SEND” BUTTON
`
`
`TRANSMIT
`USER DATA,ETC.
`
`
`
`AUTHENTICATION
`ON SERVER SIDE
`
`
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 9 of 14
`
`US 2003/0051138 Al
`
`FIG.9
`
`FINGERPRINT
`REG. MODE
`
`INPUT
`PASSWORD
`
`|
`
`NO
`
`S41
`S44
`
`AUTHENTICATION~S &
`RESULT
`
`
`
`
`$42
`
`OK
`
`REG.
`TERMINATED
`
`REGISTER
`FINGERPRINT
`DATA
`
`AND THE LIKE
`
`343
`
`TRANSMIT TO SERVER
`FOR SHOP ENTERPRISE
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 10 of 14
`
`US 2003/0051138 A1
`
`FIG.10
`
`FINGERPRINT
`
`
` AUTHENTICATE
`
`FINGERPRINT DATA,
`
`
`REQUEST
`IMAGE OR FEATURES
`RESULT S93
`
` AUTHENTICATION
`
`SEND TO SERVER
`FOR SHOP ENTERPRISE A
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 11 of 14
`
`US 2003/0051138 Al
`
`FIG.11
`
`
`
`MENU
`SELECTION
`
`
`
`
`
`FINGERPRINT AUTHENTICATION
`REQUESTING SCREEN
`$61
`
`
`
`AUTHENTICATION
`
`
`
` NON-OPERATION TIME
`
`
`AUTHENTICATION
`RESULT
`
`
`
`0 K
`
`
`
`$63
`
`
`
`ENTER
`SELECTION MODE
`
`TIMER STARTS
`
`2 N HOURS ?
`
`SELECTION
`- MODE SCREEN
`
`~~OPERATIONIN-
`SELECTION MODE
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 12 of 14
`
`US 2003/0051138 Al
`
`FIG.12
`
`FINGERPRINT
`AUTHENTICATION
`STARTS
`
`
`
`
`
`
`FINGERPRINT
`
`AUTHENTICATION
`REQUEST SCREEN
`
`$71
`
`$72
`
`
`AUTHENTICATION
`RESULT
`
`$73
`OK
`
`374
`
`$75
`
`NG
`
`PASSWORD
`INPUT
`
`NO
`
`AUTHENTICATION
`
`
` $78
`OK AUTHENTICATION
`
`
`
`AUTHENTICATION
`RESULT
`
`
`
`COMPLETED
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 13 of 14
`
`US 2003/0051138 A1
`
`FIG.13
`
`FINGERPRINT
`REG. MODE
`
`S81
`
`PASSWORD
`INPUT
`
`S82.
`
`83
`
`|
`
`AUTHENTICATION
`
`OK
`
`FINGERPRINT
`DATA REG.
`
`NG
`
`
`
`
`
`
`
`
`
`
`
` S86
`
`FAILURE
`
`384
`
`REGISTRATION
`PROCESS
`
`SUCCESS
`
`NO
`
`YES
`
`COLLATION
`ORDER REG.
`
`REG. COMPLETED
`
`

`

`Patent Application Publication Mar. 13,2003 Sheet 14 of 14
`
`US 2003/0051138 Al
`
`FIG.14
`
`FINGERPRINT
`AUTHENTICATION
`STARTS
`
`391
`
`992
`
`FINGERPRINT
`AUTHENTICATION
`REQUEST SCREEN
`
`NO
`
`AUTHENTICATION
`
`
`N FINGERPRINTS
`AND ORDER
`MATCHED?
`
`
`
`YES
`
`
`
`FINGERPRINT
`AUTHENTICATION
`
`
`COMPLETED —
`
`

`

`US 2003/0051138 Al
`
`Mar. 13, 2003
`
`MOBILE TERMINAL AUTHENTICATION
`METHOD AND A MOBILE TERMINAL
`THEREFOR
`
`BACKGROUND OF THE INVENTION
`
`(0001]
`
`1. Field of the Invention
`
`[0002] The present invention generally relates to mobile
`terminal authentication methods and mobile terminals there-
`for, and specifically relates to a user authentication method
`cmployed when doing commercial
`transactions such as
`electronic commerce and mobile banking via a mobile
`communication network and a general communication net-
`work such as the Internet, and relates to a mobile terminal
`for such an authentication method.
`
`[0003]
`
`2. Description of the Related Art
`
`In recent years, in the wake of a rapid proliferation
`[0004]
`of mobile phones, electronic commerce using mobile phones
`is becoming more and more popular among the general
`public including the consuming public. Electronic com-
`merce includes electronic purchase over a communication
`network such as the Internet and mobile banking capable of
`checking bank balances and depositing/withdrawing money
`on line. Electronic commerce such as e-shopping over a
`communication network such as the Internet requires an
`individual authentication when settling the transaction
`online. This individual authentication is to confirm whether
`
`a communicating party is really the accepted person himself/
`herself. A typical authentication is accomplished by a pass-
`word authentication method. In the password authentication
`method, a combination of a user ID and a passwordts used
`for authentication or collation. The password methodis also
`usedfor login to an electronic system as well as e-commerce
`over a communication network. Other authentication tech-
`nologies using biometric information suchas fingerprints are
`being much discussed these days. For example, Japanese
`Patent Laid-open Publications Nos. 4-352547 and 4-352548
`disclose an authentication technology in which fingerprint
`authentication is carried out in a mobile phone and calling
`from an individual phone numberis allowed only when the
`phone numberis successfully authenticated. Further, Japa-
`nese Patent Laid-open Publications Nos. 2000-307715 and
`2000-59501 propose an authentication technology in which
`acceptance/rejection of calling from a mobile phone is
`controlled based on a result of biometric information (fin-
`gerprint, iris) collation.
`
`In the above referenced technologies, however, the
`[0005]
`individual authentication is performed in a mobile phone in
`order to make mobile phone functions valid/invalid. These
`technologies cannot realize personal or individual authenti-
`cation in servers by which financial institutions or shops
`settle transactions over a communication network. There-
`fore, whenever mobile terminal users conduct e-commerce
`or mobile banking over mobile communication network
`(e.g. PDC-P network), they have to input user data (e.g. user
`data=user ID and password) into their mobile terminals and
`transmit the user data to a settlement server each time. ‘The
`user data are different from bank to bank or from e-shop to
`e-shop. In the settlement server, user authentication is car-
`ried out based on the user ID and password sent from the
`mobile terminal.
`
`[0006] As mentioned above, when mobile terminal users
`conduct e-commerce or mobile banking over a communi-
`
`cation network, they have to find out a unique user ID and
`password for each transaction and input
`them into their
`mobile phones manually and send them. urther, mobile
`terminal users have to strictly administer each user ID and
`password for each bank or shop respectively. It is burden-
`some for users having various transactions to administer
`user IDs and passwordsso they are not stolen by others. And
`after finding out the correct user ID and password with some
`difficulty, it is burdensome to input them manually, espe-
`cially so whenthe user has mistakenly input the user ID and
`password and has to input them again from the beginning.
`
`SUMMARYOF THE INVENTION
`
`[0007] Accordingly, it is one object of the present inven-
`tion to provide a mobile terminal authentication method,
`which enables users to easily find out a user ID and
`password and transmit
`them to an authentication server
`while keeping tight security.
`
`It is another object of the present invention to
`[0008]
`provide a mobile terminal, which can perform individual
`authentication using such a method.
`
`[0009] Another and more specific object of the present
`invention is to provide a mobile terminal authentication
`method used for utilizing a service supplied from an infor-
`mation server to a mobile terminal communicating with the
`information server via a radio path,
`the mobile terminal
`authentication method authenticating the mobile terminal
`based on user information by which the information server
`identifies the mobile terminal. The method comprises an
`authentication step by the mobile terminal, carrying out an
`authentication using biometric information representing a
`user’s biometric characteristic and read by a reading device,
`and previously registered user’s biometric information; and
`a transmitting step by the mobile terminal, transmitting the
`user information to the information server when the biomet-
`
`ric information read bythe reading device coincides with the
`previously registered user’s biometric information. In addi-
`tion, the user information may be information relating to a
`process of the biometric information authentication. Alter-
`natively the user information includesat least either one of
`information relating to a process of the biometric informa-
`tion authentication and information representing a history of
`the process.
`
`
`
`invention is to
`[0010] Still another object of the present
`provide a mobile terminal authentication method used for
`utilizing a service supplied from an information server to a
`mobile terminal communicating with the information server
`via a radio path, the mobile terminal authentication method
`authenticating the mobile terminal based on the user’s
`biometric information by which the information server iden-
`tifies the mobile terminal. The method comprises a regis-
`tration step for previously registering the user’s biometric
`information in the mobile terminal and the information
`server, an authentication step by the mobile terminal, car-
`rying out an authentication using biometric information
`representing the user’s biometric characteristic and read by
`a reading device, and the previously registered user’s bio-
`metric information; and a transmitting step by the mobile
`terminal, transmitting the user’s biomctric-information read
`by the reading device to the information server when the
`biometric information read by the reading device coincides
`with the previously registered user’s biometric information.
`
`
`
`

`

`US 2003/0051138 Al
`
`Mar. 13, 2003
`
`In addition, the mobile terminal authentication method fur-
`ther comprises a determining step by the mobile terminal,
`counting the numberof the authentications carried out when
`the user’s biometric information read by the reading device
`coincides with the previously registered user’s biometric
`information, and determining whether the number of the
`authentications carried out exceeds a predetermined num-
`ber; and a collation step at the mobile terminal, inputting a
`personal identification number (PIN) when the number of
`the authentications carried out is determined to exceed the
`predetermined number, and collating the input PIN with a
`previously registered PIN. In addition, the mobile terminal
`previously registers a combination and sequence of a plu-
`rality of user’s biometric information sets as the user’s
`biometric information; the mobile terminal carries out the
`authentication using the previously registered user’s biomet-
`ric information and a plurality of user’s biometric informa-
`tion sets read by the reading device; and the mobile terminal
`considersthe user to be an authorized user whentheplurality
`of user’s biometric information sets read by the reading
`device are determined to coincide with the previously reg-
`istered user’s biometric information.
`
`read by the reading device coincides with the previously
`registered user’s biometric information, and determining
`whether
`the number of the authentication carried out
`
`exceeds a predetermined number; and a personal identifica-
`tion number (PIN) collation unit for receiving a PIN when
`the number of authentication carried out is determined to
`
`exceed the predetermined number, and collating the received
`PIN with a previously registered PIN. The mobile terminal
`further comprises a biometric information registration unit
`for registering a combination and sequence ofa plurality of
`user’s biometric information sets as the user’s biometric
`information; a biometric information authentication unit for
`carrying out the authentication using the previously regis-
`tered user’s biometric information and a plurality of user’s
`biometric information sets read by the reading device; and a
`biometric information determining unit
`for determining
`whether the plurality of user’s biometric information sets
`read by the reading device coincides with the previously
`registered user’s biometric information.
`
`[0013] Features and advantages of the present invention
`will be set forth in the description, which follows,and in part
`will become apparent from the description and the accom-
`panying drawings, or may be learned by practice of the
`invention according to the teachings provided in the descrip-
`tion. Objects as well as other features and advantages of the
`present invention will be realized and attained by an appa-
`ratus particularly pointed out in the specification in suchfull,
`clear, concise, and exact terms as to enable a person having
`ordinary skill in the art to practice the invention.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0014] FIG. 1 shows a communication system that an
`embodiment of the present invention can be applied to;
`
`(0015] FIG. 2 is a block diagram of a mobile terminal
`shown in FIG.1;
`
`invention is to
`(0011] A further object of the present
`provide a mobile terminal communicating with an informa-
`tion servervia a radio path to utilize a service supplied from
`the information server, the mobile terminal being authenti-
`cated by the information server based on user information by
`which the information server identifies the mobile terminal.
`The mobile terminal comprises an individual authentication
`unit for carrying out an authentication using biometric
`information representing a user’s biometric characteristic
`and read by a reading device, and previously registered
`user’s biometric information; and a transmission unit for
`transmitting the user information to the information server
`when the biometric information read by the reading device
`is considered to coincide with the previously registered
`user’s biometric information. In addition, the transmission
`{0016] FIG.3is a flowchart showing a process of initially
`unit
`transmits information relating to a process of the
`biometric information authentication as the user information
`registering a fingerprint according to the present invention;
`to the information server. The transmission unit transmits at
`
`least either one of information relating to a process of the
`biometric information authentication and information rep-
`resenting a history of the process as the user information to
`the information server.
`
`[0012] Another object of the present invention is to pro-
`vide a mobile terminal communicating with an information
`server via a radio path to utilize a service supplied from the
`information server, the mobile terminal being authenticated
`by the information server based on the user’s biometric
`information by which the information server identifies the
`mobile terminal,
`the user’s biometric information being
`previously registered in the mobile terminal and the infor-
`mation server. The mobile terminal comprises an individual
`authentication unit for carrying out an authentication using
`user’s biometric information read by a reading device, and
`the previously registered user’s biometric information; and
`a transmission unit for transmitting the user’s biometric
`information read by the reading device to the information
`server when the user’s biometric information read by the
`reading device is considered to coincide with the previously
`registered uscr’s biometric information. In addition,
`the
`mobile terminal further comprises an authentication number
`determining unit for counting the number of the authenti-
`cations carried out when the user’s biometric information
`
`(0017] FIG. 4 is a flowchart showing a process of regis-
`tering uscr data according to the present invention;
`
`{0018] FIG. 5 shows a user data administration table
`according to the present invention;
`
`[0019] FIG. 6 is a flowchart showing a process of initially
`registering user data into an information server according to
`Example 1 of the present invention;
`
`[0020] FIG. 7 shows a display of the mobile terminal
`when sending user data;
`
`[0021] FIG. 8 is a flowchart showing a process of using
`authentication according to Example 1 of the present inven-
`tion;
`
`[0022] FIG. 9 is a flowchart showing a process of initially
`registering a fingerprint in a server according to Example 2
`of the present invention;
`
`[0023] FIG. 10 is a flowchart showing a process of using
`authentication according to Example 2 of the present inven-
`tion;
`
`FIG.11 is a flowchart showing a process of enter-
`[0024]
`ing the fingerprint authentication request mode according to
`Example 2 of the present invention;
`
`

`

`US 2003/0051138 Al
`
`Mar. 13, 2003
`
`[0025] FIG. 12 is a flowchart showing a case where the
`fingerprint authentication gives multiple times of NG (No
`Good) according to Example 2 of the present invention;
`
`[0026] FIG. 13 is a flowchart showing a process of
`initially registering multiple fingerprints according to
`Example 2 of the present invention; and
`
`[0027] FIG. 14 is a flowchart showing a process of
`authenticating multiple fingerprints according to Example 2
`of the present invention.
`
`DESCRIPTION OF TITE PREFERRED
`EMBODIMENTS
`
`In the following, embodiments of the present
`[0028]
`invention will be described with reference to the accompa-
`nying drawings.
`
`[0029] FIG. 1 shows a communication system to which a
`mobile terminal authentication method of the embodiment
`of the present invention is applied.
`
`In this communication system shown in FIG. 1, a
`[0030]
`user can communicate with servers 200, 300, 400 and 500
`through a mobile terminal 10 over a mobile communication
`network 20 (e.g. PDC-P(Personal Digital Cellular-Packet)
`network) and a general communication network such as the
`Internet 100. The servers 200 and 300 can be used by
`e-shops or business enterprises for settling commercial
`goods sales, and referred to later as a “server 200 for shop
`enterprise A” and a “server 300 for shop enterprise B”
`respectively. The servers 400 and 500 can be used by a bank
`and a
`securities company for
`settling their
`financial
`accounts, and therefore referred to later as a “server 400 for
`bank C”and a “server 500 for securities D”, respectively. In
`cach scrver, respective transaction settlement is carricd out
`based on individual authentication. In FIG. 1, the mobile
`terminal 10 can radio-communicate with a radio node(e.g.
`a radio base station, not shown) in the PDC-P network 20,
`and communicate with each of servers 200-500 via the
`
`Internet 100 for respective settlements. In the mobile termi-
`nal 10 and each server 200-500 as a commercial transaction
`
`party, individual authentication is carried out in order to
`verify identity when doing commercial business.
`
`(0031] Referring to FIG. 2, the mobile terminal 10 com-
`prises a radio unit (RF/IF) 21, a signal processor 22, a
`controller 23, a biometric information reader 24, a dala
`memory 25, a display 26, an input unit 27, a microphone 28,
`a speaker 29 and a timer 30.
`
`[0032] The radio unit 21 modulates a base band signal
`output from the signal processor 22, and converts it to a
`radio frequencysignal. The radio unit 21 also demodulates
`a radio frequency signal received at the antenna and converts
`it to a base band signal. The signal processor 22 performs
`voice-encoding process on an analog voice signal input
`mainly at the microphone 28 to covert it to a digital signal.
`The biometric information reader 24 reads biometric infor-
`
`mation such as a fingerprint, a retina pattern, a voiceprint, a
`face line andthe like input at a predetermined input unit(not
`shown)and transmits it to the controller 23. The timer 30 is
`used for setting time for monitoring input leaving at the
`input unit 27.
`
`[0033] The controller 23 controls each unit in the mobile
`terminal 10. For example, the controller performs an extract-
`
`ing process on the biometric information transmitted from
`the biometric information reader 24, and transmits charac-
`teristic data extracted outin the extracting processto the data
`memory 25. The data memory 25 stores the characteristic
`data. In this embodiment, the raw biometric data from the
`biometric reader 24 is not stored as it is, but the character-
`istic data are stored after the controller 23 has extracted
`
`biometric features out. However, the data memory 25 may
`store the raw biometric data.
`
`[0034] The controller has an authentication function of
`collating the biometric information input from the biometric
`reader 24 with the biometric information stored in the data
`
`memory 25.
`
`[0035] The controller 23 is connected to the input unit 27
`for inputting phone numbers and various commands, and
`connected to the display 26 for showing various data and
`information necessary for individual authentication accord-
`ing to the present invention.
`
`[0036] FIG. 3 shows a process for initially registering
`biometric information (=data) used for the mobile terminal
`authentication according to the present invention. The bio-
`metric information includes fingerprints, retina patterns,
`face outlines, voiceprints and the like. In this embodiment,
`fingerprints are utilized as the biometric information.
`
`In FIG. 3, when a user activates the mobile termi-
`[0037]
`nal 10, a menulist appears on the display 26. When the user
`selects a fingerprint registration mode from the menulist, a
`password requesting screen appears. The user inputs his/her
`password at step S1, and then the controller 23 collates the
`input password with a passwordpreviously registered in the
`data memory 25 by the user at step S2. If the controller 23
`determines “OK”in the collation step (S2), the process goes
`to the next step (S3). If the controller 23 determines “NG”
`(No Good), the process returns to the password requesting
`screen.
`
`is “OK”, fingerprint
`[0038] When the collation result
`information (referred to as “fingerprint data” later) is regis-
`tered at the step S3. The fingerprint data registration process
`is accomplished as follows.
`
`[0039] The user places his/her own finger on a predeter-
`mined portion of the biometric information reader 24, and
`then the fingerprint data are read by the biometric informa-
`tion reader 24. The read fingerprint data are extracted by the
`controller 23 and sent to the data memory 25 for storing.
`
`the user’s fingerprint data are
`In this manner,
`[0040]
`normally (correctly) registered in the data memory 25at step
`S4. After successful registration of the fingerprint (S4),it is
`determined whether there exists an additional fingerprint to
`be registered at step S5. If it is determined at step S5 that
`there exists an additional fingerprint to be registered, then
`the process goes back to step S3 and repeats steps $3, S4 and
`$5 to register all remaining fingerprints. If it is determined
`at step S5 that
`there is no additional fingerprint
`to be
`registered, then the registration process is finished. If the
`fingerprint is not normally (correctly) registered in the data
`memory 25 (Step S4),
`then the fingerprint reading and
`registering process is performed again (S3). In this embodi-
`ment, the total number of fingerprints to be registered is
`assumed to be 3. Therefore, the initial registration process is
`not finished until all the data for all three fingerprints are
`
`

`

`US 2003/0051138 Al
`
`Mar. 13, 2003
`
`‘The determining step S5 determines
`correctly registered.
`whether the numberof registered fingerprints reaches 3 or
`not.
`
`[0041] The registered fingerprint data can be deleted after
`inputting the password into the mobile terminal in the same
`manner as in the registration process mentioned above.
`(Note: I do not understand how the preceding sentence is
`true.)
`[0042] After the fingerprints are successfully registered in
`the data memory 25 in the mobile terminal 10, user data are
`registered in the mobile terminal 10. User data,also referred
`to as personalidentification number (PIN), meansdata to be
`used for verifying identity. A format of the user data is
`composed of, for example, 10 characters or less of user ID
`plus 10 characters or less of password. In this embodiment,
`the maximum number of registrable user data characters is
`assumed to be 10. Each user data set (user ID plus password)
`is assigned by one of the servers 200-500 at a mobile
`terminal user’s request. It is assumedthat the user data have
`been already assigned by servers 200-500 for explanatory
`purposes in this embodiment.
`[0043] FIG. 4 showsa processfor registering the user data
`in the mobile terminal 10. In FIG.4, the user can enter into
`a user registration mode by performing a predetermined
`input operation on the mobile terminal 10, and then the
`fingerprint request appears on the display 26 at step S11. At
`step $12, predetermined fingerprint authentication is carried
`out. In this step $12 of fingerprint authentication, the user
`can cause the mobile terminal 10 to read his/her fingerprint
`and store the fingerprint data in area B of the data memory
`25. The previously registered fingerprint data are assumedto
`be stored in area A of the data memory 25. The controller 23
`reads out the registered fingerprint data from area A of the
`data memory 25 and user’s fingerprint data from area B of
`the data memory 25, and collates them. If the controller 23
`determines the authentication to be “OK”, then the process
`goes to the next step (S14). On the other hand,
`if the
`controller 23 determines the authentication to be “NG”, then
`the process returns to the step S12 and starts the authenti-
`cation process again.
`[0044] After the authentication is determined “OK”at the
`step S13, the user can input his/her user data (user ID and
`password) at the input unit 27. The uscr ID and password
`have been previously assigned by the server 200 for shop
`enterprise A. The user inputs his/her user ID at step $14 and
`password at step $15. The user sees the display 26 showing
`the input user data to confirm that the input user data have
`no errors at step $16. If the input user data are confirmed to
`have noerrors,the userfinally fixes the input user data to be
`entered into the mobile terminal 10 for registration by hitting
`an “input fixed” button. In this embodiment, the user ID is
`used as the user data nameby default setting. In this way, the
`registration of the user data assigned by the server 200 for
`shop enterprise A is completed.
`[0045] Next, other user data assigned by server 300 for
`shop enterprise B, server 400 for bank C and server 500 for
`securities D can be input to the mobile terminal 10 and
`registered therein. After all the registrations are completed,
`all the user data are held in the data memory 25 asa table
`(referred ta as a “user data administration table”) shown in
`FIG. 5.
`
`[0046] The user data administration table shown in FIG.
`5 is like a telephone directory. When a desired registration
`
`numberis designated, its user ID and password appear on
`the display 26 for confirmation. This table contains regis-
`tration
`numbers(1),
`user
`IDs(2),
`passwords(3)
`and
`remarks(4) from the left to the right.
`
`In this example shown in FIG. 5, a user ID
`[0047]
`“12345 ...” and a password for the shop enterprise A are
`registered as the first user data (Reg. No. 1). A user ID
`“123ab ...” and a password for the shop enterprise B are
`registered as the second user data (Reg. No. 2). A user ID
`“ABCDE...” and a password for the bank C are registered
`as the third user data (Reg. No. 3). Auser ID “ABCab...”
`and a password for the securities D are registered as the
`fourth user data (Reg. No. 4).
`
`In this manner, according to this embodiment, the
`[0048]
`user data are previously registered in the user data admin-
`istration table. Therefore, the user can easily ascertain the
`uscr ID and password necessary for a desired transaction
`party, by only calling up the user data administration table
`and designating the corresponding registration number.
`
`[0049] As explained above, user data can be registered
`only after the fingerprint authentication has been success-
`fully carried out. Further the correction and deletion of the
`registered user data also need the fingerprint authentication,
`and therefore high security can be kept.
`
`[0050] Next, referring to FIG. 6, a transaction example 1
`according to the present invention will be explained,
`in
`which commercial transactions such as e-commerce and
`
`mobile banking are accomplished over a communication
`network based on fingerprint authentication.
`
`[0051] A processfor previously (initially) registering user
`data in a server, using server 200 for shop enterprise A, will
`be explained. The server 200 is used as one example for
`explanatory purposes, and the present
`invention can be
`applied to any kind of sever.
`
`EXAMPLE1
`
`[0052] FIG. 6 showsa process for initially registering user
`data to the server 200. The mobile terminal 10 at first shows
`
`a user registration screen on the display 26. The mobile
`terminal user can select a user ID/password requesting
`screen (S21) from the registration screen. Thenthe user hits
`a menu button without inputting a user ID/password,
`to
`display a menu screen. Fingerprint authentication can be
`called and selected on the menu screen at step $22. After
`being selected, fingerprint authentication is carried out at
`step S23. If the result of the fingerprint authentication is
`“OK”at step $24, the process goes to step S25. At stcp $25,
`the controller 23 reads out one set of previously registered
`user data from the data memory 25, which is designated by
`the user. In this Example 1, the user data set for the server
`200 for shop enterprise A is read out. The read out user data
`set is displayed on the display 26. For example, the display
`26 displays user name and password as shown in FIG.7.
`
`[0053] The mobile terminal user confirms that the user
`data set (user name and password) displayed on the display
`26 is the desired one, and hits a “SEND”button (S26)at the
`lowerleft corner of the display 26 (FIG.7). In this way, the
`user data (user ID and password) and production serial
`number of the mobile terminal 10 are transmitted to the
`server 200 for shop enterprise A (S27).
`
`

`

`US 2003/0051138 Al
`
`Mar. 13