(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2001/0014883 A1
`(43) Pub. Date:
`Aug. 16, 2001
`Yamane et al.
`
`US 20010014883A1
`
`(54) PORTABLE RECORDING MEDIUMAND
`METHOD OF USING PORTABLE
`RECORDING MEDIUM
`(76) Inventors: Shigeaki Yamane, Tokyo (JP);
`Tadahiro Imajo, Tokyo (JP); Naokuni
`Yoshida, Tokyo (JP)
`Correspondence Address:
`DONALD. K. HUBER
`McCORMICK, PAULDING & HUBER LLP
`CityPlace II
`185 Asylum Street
`Hartford, CT 06103-4102 (US)
`(21) Appl. No.:
`09/781,839
`(22) Filed:
`Feb. 12, 2001
`(30)
`Foreign Application Priority Data
`
`Feb. 15, 2000 (JP)......................................... 2OOO-36399
`
`Publication Classification
`
`(51) Int. Cl." .............................. G06F 12/14; H04L 9/00
`(52) U.S. Cl. ............................... 705/51; 380/201; 705/59
`
`(57)
`
`ABSTRACT
`
`This invention makes it possible to conveniently use various
`application Softwares with high portability and high Security.
`A CD-RW comprises a read-only physical access protect
`area and a rewritable area in which data can be rewritten. A
`plurality of application Softwares, a user authentication
`program for performing user authentication by fingerprint
`collation, a fingerprint authentication engine, and the like are
`Stored in the physical acceSS protect area. A registered
`fingerprint data and a fingerprint information in which a
`corresponding user ID is Stored in a protect area, which can
`not be copied, of the rewritable area, So that user authenti
`cation by fingerprint collation and user of the application
`Software after the authentication are completed in one CD
`RW.
`
`
`
`
`
`
`
`
`
`u1000
`
`1001
`
`OO2
`
`LACCESS PROTECT AREA) }
`ROM (PHYSICA)
`
`USERAUTHENTCATION:10
`
`USERIE MANAGEMENT 0
`
`INGRPRINT ENFORMATON
`MANAEMEN
`
`0-2
`
`AUTHENTICATION REQUEST O-3
`
`NGERPRINATHENTICATION INNE: 20
`
`EXTRACTION
`
`COLLATION
`
`20-1
`
`20-2
`
`2-PHASE AUTHENTICATION:30
`30-1
`
`ATIENTICAONSERVERLENKAE
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`)
`RAM (REWRITABLE)
`PROTECT AREA (COPY IMPOSSIBLE)
`ENCRYPTION PERFORMED BY SOFTWARE
`
`1002-1
`
`USERINFORMATION: 60
`USERD o
`RESENCEIABSENCE OF
`60-2
`FNGERRINTREGSRA
`
`FINGERPRNT
`NFORMATION:
`
`
`
`USERID
`
`70-1
`
`FINGERPRINT DATA 70-2
`
`LOGINFORMATION: 80
`
`USERI)
`
`AUTHENTICATION KEY
`INFORMATION: 9
`USERD 90-l
`APPLICATION NAME 90-2
`
`
`
`
`
`LICENSEKEY
`
`9-3
`
`FINGERPRNTATA
`-
`-
`TRACER:40
`INGERPRENT DATA COLLECTION 40-l
`
`APPLICATION MANAGEMENTSO
`APPLECATION CENSE
`KEY MANAGEMENT
`
`50-1
`
`FREE AREA (FREELY USED BY USER}
`
`APPLICAONSOFTWARE
`
`--rr-uu-all------
`
`S
`
`IPR2022-00600
`Apple EX1006 Page 1
`
`

`

`NOY
`
`7-06FWYNNOILVOITdd¥
`
`
`COL|VLVGINRdaONT|rou|_aruasa
`
`AgaNOMLYOLLNERLAY,
`06+NOMLYAMOANI
`
`OL:NOILVAYOANI
`LNTEdCaSONT
`
`
`
`(AIEISSOdWIAdOD)VAAVLOALOUd
`
`
`(aaSnAGGASNATATADVAUVTAMA
`
`a08VIVdLNTaddaONL
`1-08diwasn
`ais|09:NOILYWRIOINIwasn
`NDILYULSIOgeeINRERIZONTel
`08+NOILVWUOUNIO07
`AOTINTSAV/ANASAad!
`
`(AIAVINIMRDAVE
`
`
`AUVMIAOSAdGHNUOAMdNOILLdAYONG::
`
`
`O@*ENIDN'TNOILVOLLNSHLAVLNONET
`zozNOLLVTIO09
`|.“
`
`1-02NOLLOVULXA
`
`
`€-O1LsHndOddNOILVOLLNEHLNV
`
`
`colNOLLVWHOANTLNIAAYTONTA
`
`Of:-NOLLVOLLNAHLNY4SVHd-e
`
`
`
`
`ADVANIWAAMHSNOLLVOLLNEHLAY
` LNAWADVNYWCIaasn
`
`Tol
`
`JNFINFDVYNYA
`
`
`
`OL-NOILVOTLNAHLINYVYasn
`
`
`
`
`
`LOINOLLOATIONV.LYCLNIAdYAONIS
`
`OPAVUL
`
`
`
`OS-LNAWADVNVIANOLLVOIIddv
`
`
`
`HSNAOTTNOLLVOITddy¥
`
`LNEYNADYNVAAd
`
`
`
`FaAVAMLAOSNOIMLVOITddV
`
`IPR2022-00600
`Apple EX1006 Page 2
`
`Patent Application Publication Aug. 16,2001 Sheet 1 of 6
`
`US 2001/0014883 Al
`
`I D
`
`JA
`
`
`
`
`
`
`
`(VEMVLOBLOUdSSHQOVTVOISAHA)
`
`IPR2022-00600
`Apple EX1006 Page 2
`
`

`

`Patent Application Publication Aug. 16, 2001 Sheet 2 of 6
`
`US 2001/0014883 A1
`
`000},
`
`(0002),
`
`
`
`CTI RIGHS []
`
`
`
`
`
`NOI LWW HOHNI HEISIT
`
`
`
`*{{HJLSIO EIXI
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CII RIGHST|
`
`9
`
`09
`
`(L-OL)
`
`900S
`
`(L-OL)
`
`(L-OL)
`
`Z00S
`
`SEÅ
`
`IPR2022-00600
`Apple EX1006 Page 3
`
`

`

`Patent Application Publication Aug. 16, 2001 Sheet 3 of 6
`
`US 2001/0014883 A1
`
`
`
`
`
`|-EIJ.W.O.H.LNEH, V RIGHST)
`
`(THOORTH
`
`[[OS
`
`IPR2022-00600
`Apple EX1006 Page 4
`
`

`

`Patent Application Publication Aug. 16, 2001 Sheet 4 of 6
`
`US 2001/0014883 A1
`
`(000Z)
`000?
`
`
`
`
`
`
`
`NOI LVOITJAV JLYHVILS
`
`
`
`
`
`CII RIGHSQ I–06
`
`8-00),
`
`8
`
`Z
`
`I-001 |
`
`OILVOITIAIAV
`
`(1-008
`
`CTRIOO™OETH
`
`()007
`
`0008
`
`
`
`
`
`09 : NOJ LVW HOHNI HOEIS!)
`
`IPR2022-00600
`Apple EX1006 Page 5
`
`

`

`Patent Application Publication Aug. 16,2001 Sheet 5 of 6
`
`US 2001/0014883 Al
`
`asvavLvd COOL
`
`T-00L|NOLLVoridav¢-009INIddaaON||
`
`
`
`004"NOLLVARON.009‘NOLLVWUYOANIDOT
`AIAVN7Vivd
`
`
`
`O07:SNIONANOLLVOLINSHLAVLNIdddaON
`QO7|LNANFDVNYWSNNOLLVOITdd¥
`
`100eUHAUASNOLLVOLLNAHLAV
`
`
`$fNOLLVOMdg¥
`
`
`
`N05:NOILVNWYOANIWASA
`
`VIVOLNIdYION
`
`LOATIOO
`
`00€+WADVAL
`
`
`
`/AITIAISSOdFAIA
`
`aSnNOILVOTIddv
`
`dOALIIISSOdWI
`
`0008
`
`Toor]araasndovNVN
`
`QOL+NOLLVOLINGHLAVYasn
`
`NOLLVOITddV
`
`C00NOILVOITddVAOVNVA
`
`
`
`
`can,GOISSIAGAASNAOMTASN
`
`IPR2022-00600
`Apple EX1006 Page 6
`
`IPR2022-00600
`Apple EX1006 Page 6
`
`
`

`

`Patent Application Publication Aug. 16, 2001 Sheet 6 of 6
`
`US 2001/0014883 A1
`
`FIG.6
`
`4000
`
`2005
`
`v
`
`NETWORK
`
`INTERFACE
`
`2001
`
`MPU
`
`2002
`MAIN MEMORY (
`
`
`
`2009
`
`50A
`97 (10)
`(20)
`(30)
`(40)
`(50)
`
`2008
`
`2006
`
`2004
`
`USER INTERFACE
`
`2007
`
`INPUT DEVICE
`
`PORTABLE O
`MEDIUM DRIVE
`O
`
`(O) to
`
`IPR2022-00600
`Apple EX1006 Page 7
`
`

`

`US 2001/0014883 A1
`
`Aug. 16, 2001
`
`PORTABLE RECORDING MEDUMAND METHOD
`OF USING PORTABLE RECORDING MEDIUM
`
`user is increased because of the password management, e.g.,
`recitation, concealment, or the like of the password.
`
`FIELD OF THE INVENTION
`0001. The present invention relates to a portable record
`ing medium and a technique of using the Same and, more
`particularly, a technique effectively applied to a portable
`recording medium or the like in which an application
`Software requiring advanced and various Security manage
`ments is Stored.
`
`BACKGROUND OF THE INVENTION
`0002 For example, with development of information
`networkS Such as So-called Internet and wide spreading of
`high-performance personal computers, electronic com
`merce, Securities and financial Services using personal com
`puters as exchange terminals have spread.
`0003. Each of these various services using personal com
`puters as exchange terminals is often performed Such that a
`terminal Software (application Software) only for the corre
`sponding Services is installed in an external Storage device
`such as a fixed disk drive (HDD) included in a specific
`personal computer.
`0004. When a terminal software is installed in a specific
`personal computer to use a Service, a place where the
`corresponding Service is available is limited to a place where
`the personal computer is established. This is a technical
`problem that is inconvenient for users.
`0005. In addition, prior to actual use of a service, a
`Software must be installed in a personal computer. A general
`user who is poor in the knowledge of a personal computer
`is too hard to use the Service. This is an obstacle to the spread
`of the Services and lacks convenience.
`0006. On the other hand, in recent years, rewritable
`portable large-capacity Storage medium represented by a
`CD-RW (Compact Disc-Rewritable), an MO (Magneto
`Optical disc), a DVD (Digital Versatile Disc), and the like
`have been able to be used. In particular, the CD-RW System
`is rapidly spread because the price of a medium and the price
`of a drive are low and because a CD-ROM of the previous
`generation can be used.
`0007. Therefore, terminal softwares only for various ser
`vices are installed at once in the large-capacity portable
`medium such as a CD-RW, and an arbitrary terminal soft
`ware is directly started from the CD-RW loaded on an
`arbitrary personal computer, So that a Service that has high
`portability and is not limited to the position where the
`computer is established may be realized.
`0008 However, since a large-capacity portable medium
`has high portability, the large-capacity portable medium
`always has the risks of loss, theft, and the like. When the
`large-capacity portable medium is managed by a conven
`tional password, Security management for checking a user is
`insufficient. For this reason, it is worried to apply the
`large-capacity portable media to Services Such as electronic
`commerce, Securities and financial Services that require high
`Security.
`0009 AS countermeasures to the security, for example, a
`method of causing a user to Set a complex password, the
`other technical problem is posed. That is, a load acting on the
`
`SUMMARY OF THE INVENTION
`0010. It is an object of the present invention to provide a
`portable recording medium for making it possible to easily
`use various application Softwares with high portability and
`high Security and a technique of using the portable recording
`medium.
`0011. It is another object of the present invention to
`provide a portable recording medium for making it possible
`to easily use various application Softwares with high port
`ability and high Security without giving a load Such as
`password management to a user and a technique of using the
`portable recording medium.
`0012. It is still another object of the present invention to
`provide a portable recording medium for making it possible
`to use an application Software at various license levels with
`high portability and high Security and a technique of using
`the portable recording medium.
`0013. According to the present invention, personal iden
`tification information Such as a fingerprint is registered in
`advance in a portable recording medium in which an appli
`cation Software is Stored, and personal authentication using
`the personal identification information makes it possible that
`only a true uses the application Software.
`0014) More specifically, the portable recording medium
`according to the present invention is designed to Store an
`application Software, personal identification information of
`a proper user of the application Software and an authenti
`cation Software for performing personal authentication using
`the personal identification information prior to the use of the
`application Software by an arbitrary user.
`0015 According to a method of using a portable record
`ing medium according to the present invention, in a portable
`recording medium in which an application Software is
`Stored, personal identification information of a proper user
`of the application Software is Stored, and personal authen
`tication using the personal identification information is
`performed prior to the use of the application Software in the
`portable recording medium by an arbitrary user So as to
`cause the proper user to use the application Software Stored
`in the portable recording medium.
`0016. According to a portable recording medium and a
`method of using a portable recording medium according to
`the present invention, an advantage of making it possible to
`conveniently use various application Softwares with high
`portability and high Security can be achieved.
`0017 According to a portable recording medium and a
`method of using a portable recording medium according to
`the present invention, without giving a load Such as pass
`word management to a user, an advantage of making it
`possible to conveniently use various application Softwares
`with high portability and high Security can be achieved.
`0018. According to a portable recording medium and a
`method of using a portable recording medium according to
`the present invention, an advantage of making it possible to
`use an application Software at various license levels with
`high portability and high Security can be achieved.
`
`IPR2022-00600
`Apple EX1006 Page 8
`
`

`

`US 2001/0014883 A1
`
`Aug. 16, 2001
`
`BRIEF DESCRIPTIONS OF THE DRAWINGS
`0.019
`FIG. 1 is a conceptual diagram showing an
`example of the configuration of a portable recording
`medium according to an embodiment of the present inven
`tion;
`0020 FIG. 2 is a flow chart showing an example of a
`method of using a portable recording medium according to
`an embodiment of the present invention;
`0021
`FIG. 3 is a flow chart showing an example of a
`method of using a portable recording medium according to
`an embodiment of the present invention;
`0022 FIG. 4 is a flow chart showing an example of a
`method of using a portable recording medium according to
`another embodiment of the present invention;
`0023 FIG. 5 is a conceptual diagram showing an
`example of the configuration of an authentication Server
`used in a method of using a portable recording medium
`according to another embodiment of the present invention;
`and
`0024 FIG. 6 is a conceptual diagram showing an
`example of the configuration of an information processing
`device Such as a personal computer using a method of using
`a portable recording medium according to an embodiment of
`the present invention.
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`0.025 Embodiments of the present invention will be
`described below in detail with reference to the accompany
`ing drawings.
`0026 (Embodiment 1)
`0.027
`FIG. 1 is a conceptual diagram showing an
`example of the configuration of a portable recording
`medium according to an embodiment of the present inven
`tion, and FIGS. 2 and 3 are flow charts showing a method
`of using a portable recording medium according to the
`embodiment.
`0028. In this embodiment, as an example of a portable
`recording medium, a CD-RW will be exemplified.
`0029 A CD-RW 1000 according to the embodiment has
`a data Storage region constituted by a read-only physical
`access protect area 1001 and a rewritable area 1002 in which
`data can be rewritten.
`0.030. In the physical access protect area 1001, when
`various Softwares (to be described later) are written, data
`Writing is executed by using a rewritable data writing
`Scheme, and it is impossible to perform falsification by
`rewriting or the like.
`0031) The rewritable area 1002 is constituted by a protect
`area 1002-1 in which written data is protected by encryption
`performed by a software and a free area 1002-2 which can
`be accessed by a user or an application program (to be
`described later).
`0.032 The physical access protect area 1001 stores a user
`authentication program 10, a fingerprint authentication
`engine 20, a 2-phase authentication program 30, a tracer 40,
`
`an application management program 50, a plurality of appli
`cation Softwares 50A, and the like.
`0033. The user authentication program 10, as will be
`described later, is a Software for performing a process of
`deciding a proper user on the basis of user fingerprint
`information input from the outside and fingerprint informa
`tion which is registered in advance, and has the functions of
`a user ID management function 10-1, a fingerprint informa
`tion management function 10-2, a authentication request
`function 10-3, and the like.
`0034. The fingerprint authentication engine 20 is a soft
`ware for performing a collation process of fingerprint infor
`mation under the control of the user authentication program
`10. The fingerprint authentication engine 20 comprises func
`tions Such as a fingerprint data extraction function 20-1 for
`extracting pieces of characteristic information from the input
`fingerprint information and the registered fingerprint infor
`mation; and a fingerprint collation function 20-2 for decid
`ing if it is identified or not by collation of the pieces of
`characteristic information.
`0035. The 2-phase authentication program 30 is a soft
`ware for performing Such an authentication process that an
`external authentication server (to be described later) is
`requested to perform the collation of fingerprints, and com
`prises an authentication Server linkage function 30-1 or the
`like.
`0036) The tracer 40 performs processes of monitoring
`and recording an authentication proceSS by a fingerprint, and
`comprises a fingerprint data collection function 40-1 or the
`like for recording input fingerprint information or the like
`when authentication is a failure to Subsequently perform
`analysis or the like of illegal access later.
`0037. The application management program 50 com
`prises an application license key management function 50-1
`for limiting a available function or the like with respect to
`the various application Softwares 50A depending on a
`license key or the like obtained from an authentication
`Server or the like in the 2-phase authentication program 30
`(to be described later).
`0038. As the application softwares 50A, for example, a
`banking transaction Software for Supporting a Service related
`to a Settlement transaction with a bank, an asset management
`Software for performing an operating management Service of
`investment trusts, Stocks, and other financial products, a life
`planning Software for performing insurance product Ser
`vices, a financial information Software for providing invest
`ment-related information, corporate information, and the
`like; and an electronic commerce Software for performing
`electronic commerce and the like, can be Stored.
`0039) User information 60, fingerprint information 70,
`log information 80, authentication key information 90, and
`the like are stored in the protect area 1002-1 of the rewritable
`area 1002.
`0040. The user information 60 is constituted by pieces of
`information Such as a user ID 60-1 and a fingerprint regis
`tration presence/absence flag 60-2 which are uniquely given
`to respective users.
`0041. The fingerprint information 70 is constituted by
`pieces of information such as a user ID 70-1 and fingerprint
`data 70-2 or the like which are obtained in the following
`registration process.
`
`IPR2022-00600
`Apple EX1006 Page 9
`
`

`

`US 2001/0014883 A1
`
`Aug. 16, 2001
`
`0042. The log information 80 is constituted by pieces of
`information such as user ID 80-1, fingerprint data 80-2, and
`date data (not shown) which are obtained when collation in
`a fingerprint authentication proceSS is a failure.
`0043. The authentication key information 90 is consti
`tuted by pieces of information such as a user ID 90-1, an
`application software name 90-2, and a license key 90-3.
`0044 FIG. 6 is a conceptual diagram showing an
`example of the configuration of an information processing
`device Such as a personal computer used in a method of
`using a portable recording medium according to this
`embodiment.
`0045. In a personal computer 2000 in FIG. 6, reference
`numeral 2001 denotes a microprocessor (MPU); 2002, a
`main memory in which a Software and data executed in the
`microprocessor 2001 are stored; 2003, an external storage
`device such as a fixed disk drive (HDD); 2004, a portable
`medium drive Such as a CD-ROM drive or a CD-RW drive
`for input/output data to/from the CD-RW 1000 loaded from
`the outside; 2005, a network interface connected to an
`information network Such as the Internet, 2006, a user
`interface; 2007, a personal identification information input
`device for receiving personal identification information Such
`as a fingerprint; and 2008, a bus to which these components
`are connected.
`0046) The personal identification information input
`device 2007, for example, may be a device integrated with
`a display, a keyboard, a mouse, and the like constituting the
`user interface 2006 or may be a device being independent of
`the display, the keyboard, the mouse, and the like.
`0047. In the main memory 2002, for example, a general
`purpose operating System 2002a for a personal computer is
`resident. On the general-purpose operating System 2002a,
`the main memory 2002 is loaded from the CD-RW 1000, and
`the application softwares 50A are operated.
`0.048. An example of the portable recording medium
`according to this embodiment and the method of using the
`portable recording medium will be described below. Refer
`ence numerals in parentheses in FIG. 2 denote the reference
`numerals of programs and functions for executing the pro
`CCSSCS.
`0049. The process of registering the fingerprint informa
`tion of a proper user on the CD-RW 1000 will be described
`below with reference to the flow chart in FIG. 2. This
`registering process keeps its Security Such that, for example,
`the registering process is performed by the proper user under
`the control of a provider when the application software 50A
`or the like is stored in the CD-RW 1000 to be provided to the
`USC.
`0050. The user of the CD-RW 1000 loads the CD-RW
`1000 on the portable medium drive 2004 to cause a medium
`automatic start mechanism of the OS 2002a to start the
`CD-RW 1000, and loads the user authentication program 10,
`the fingerprint authentication engine 20, and the like on the
`main memory 2002 to execute the user authentication pro
`gram 10, the fingerprint authentication engine 20, and the
`like (step S001).
`0051) The start of the CD-RW 1000 is not performed by
`using only the medium automatic Start mechanism of the OS
`2002a. The start of the CD-RW 1000 may be performed such
`
`that a menu program is started to Select the Start of the
`CD-RW 1000 from the menu program.
`0052 The user ID management function 10-1 of the user
`authentication program 10 decides whether a fingerprint has
`been registered or not with reference to the fingerprint
`registration presence/absence flag 60-2 of the user informa
`tion 60 (step S002). If the fingerprint has not been registered,
`an authentication information Setting Screen for urging a
`user to register a fingerprint is shown to the user (step S003).
`0053. The user who saw the screen inputs a user ID of a
`predetermined form (step S004). The input user ID is written
`in the user information 60 as the user ID 60-1 by the userID
`management function 10-1 (step S005).
`0054 The user causes the personal identification infor
`mation input device 2007 to read the fingerprint of the user
`(step S006). Characteristic information is extracted from the
`read fingerprint information by the fingerprint data extrac
`tion function 20-1 of the fingerprint authentication engine 20
`started by the user authentication program 10 (step S007).
`The extracted fingerprint data is encrypted by the fingerprint
`information management function 10-2, and then Stored
`together with the user ID in the fingerprint information 70 as
`the user ID 70-1 and the fingerprint data 70-2 (step S008),
`So that the fingerprint data registering process is completed.
`0055 An example of a method of using an application
`Software at an arbitrary opportunity after the registration
`described above.
`0056. The user of the CD-RW 1000 loads the CD-RW
`1000 on the portable medium drive 2004 of the nearest
`personal computer 2000 to cause the medium automatic start
`mechanism of the OS 2002a to start the CD-RW 1000, and
`loads the user authentication program 10, the fingerprint
`authentication engine 20, and the like on the main memory
`2002 to execute the user authentication program 10, the
`fingerprint authentication engine 20, and the like (Step
`S010).
`0057 The user ID management function 10-1 of the user
`authentication program 10 refers to the fingerprint registra
`tion presence/absence flag 60-2 of the user information 60 to
`confirm that the fingerprint has registered (step S011).
`0058. The user ID management function 10-1 shows a
`fingerprint authentication Screen for urging the user to
`execute a fingerprint reading process to user to perform
`fingerprint authentication for deciding whether the user is a
`proper user or not (step S012).
`0059. The user who saw the screen inputs the fingerprint
`of the user from the personal identification information input
`device 2007 (step S013). Characteristic information is
`extracted from the read fingerprint as fingerprint data by the
`fingerprint data extraction function 20-1 of the fingerprint
`authentication engine 20. At the same time, the fingerprint
`data extraction function 20-1 reads the registered fingerprint
`data 70-2 from the fingerprint information 70 (step S014).
`The fingerprint collation function 20-2 performs a collation
`decision to check if it is identified or not between the input
`fingerprint data and the registered fingerprint data 70-2 (Step
`S015). If it is determined that the fingerprint data is identi
`fied with each other, a start request of an arbitrary applica
`tion software 50A is accepted from the user to permit the use
`of the application software 50A (step S016). The application
`
`IPR2022-00600
`Apple EX1006 Page 10
`
`

`

`US 2001/0014883 A1
`
`Aug. 16, 2001
`
`Software 50A is read from the CD-RW 1000 and started to
`be used by the user (step S017).
`0060. By using a free region of the protect area 1002-1 of
`the CD-RW 1000, the started application software 50A
`encrypts and writeS data required for the operation and data
`required for Security management among data generated
`during the operation. The other data are recorded by using
`the free area 1002-2. In this manner, the application software
`50A is operated by only the CD-RW 1000.
`0061 Unlike the above description, the application soft
`ware 50A is not only started and caused to be used. For
`example, an arbitrary application Software 50A and license
`level information for a Specific user Specified by a user ID
`may be set in a part of the user information 60 or the
`fingerprint information 70, and functions which can be used
`by the application software 50A may be limited at the start
`of step S016.
`0062) If it is decided not-identified in step S015, pieces of
`passage information Such as input fingerprint data, a userID,
`and date data are recorded as the log information 80 (Step
`S018). With reference to the log information 80, tracing and
`analyzing the progress of use of the CD-RW 1000 and illegal
`use can be appropriately performed.
`0.063. In the above deciding process, step S013 to step
`S015 and step S018 are repeated a predetermined set number
`of times. When the number of times exceeds the predeter
`mined Set number of times, a process of making the Subse
`quent use of the CD-RW 1000 impossible may be added.
`0064. In this manner, according to the CD-RW 1000 of
`this embodiment and the method of using the CD-RW 1000,
`user authentication is performed by using personal identifi
`cation information Such as fingerprints and the like regis
`tered in the CD-RW 1000 in advance. For this reason,
`without user's burden about control of password and the
`like, identity can be guaranteed, and high Security can be
`realized. In addition, since all application softwares 50A
`required to provide services are stored in the CD-RW 1000
`Serving as a portable medium, in addition to the high
`portability which is an advantage of the CD-RW 1000, the
`easy use of the various application softwares 50A stored in
`the CD-RW 1000 can be advantageously made possible.
`0065) More specifically, when a user holding the CD-RW
`1000 only loads the CD-RW 1000 on the nearest personal
`computer 2000, an arbitrary service that requires high Secu
`rity can be received.
`0066. As a result, the CD-RW 1000 can be reliably used
`to store and use the application software 50A which requires
`high Security in electronic commerce, financial transaction,
`and the like. An improvement in convenience on a user Side
`and a Service provider Side by high Security and high
`portability can be realized.
`0067 (Embodiment 2)
`0068 Another embodiment of a method of using a por
`table recording medium according to the present invention
`will be described below.
`0069. In the above description of Embodiment 1, by
`using the user authentication program 10 or the like Stored
`in the CD-RW 1000, an authentication process is performed
`in a closed state in the CD-RW 1000. However, when an
`
`external Server or the like is requested to perform collation
`offingerprints and the authentication process, authentication
`management or the like in use of the various application
`Softwares 50A can also be realized. An example of a method
`ofusing the CD-RW 1000 described above will be described
`below.
`0070 FIG. 4 is a flow chart showing an example of a
`method of using a portable recording medium according to
`Embodiment 2 of the present invention, and FIG. 5 is a
`conceptual diagram showing an example of the configura
`tion of an authentication Server used in Embodiment 2.
`0071. The same reference numerals as in Embodiment 1
`denote the same parts in Embodiment 2, and a repetitive
`description will be omitted.
`0072 First, a configuration of an authentication server
`3000 according to Embodiment 2 will be described below,
`referring to FIG. 5. The authentication server 3000 com
`prises a user authentication program 100, a fingerprint
`authentication engine 200, a tracer 300, and an application
`use management program 400.
`0073. The user authentication program 100 comprises a
`user ID management function 100-1.
`0074 The fingerprint authentication engine 200 com
`prises a fingerprint collation function 200-1.
`0075. The tracer 300 comprises a fingerprint data collec
`tion function 300-1.
`0076. The application use management program 400
`comprises an application use possibility/impossibility deci
`Sion function 400-1 and an application use license key issue
`management function 400-2.
`0077. The authentication server 3000 comprises, as a
`database 3002, user information 500, a log information 600,
`application use information 700, and the like.
`0078. In the user information 500, a user ID 500-1
`registered and managed by a manager of the authentication
`Server 3000 is recorded.
`0079. In the log information 600, a user ID 600-1
`obtained in an authentication proceSS in which fingerprint
`authentication is a failure, a fingerprint data 600-2, date data
`(not shown), and the like are recorded.
`0080. In the application use information 700, a plurality
`of user IDs 700-1 registered and managed by a manager of
`the authentication server 3000; an application software name
`700-2 of an application software 50A the use of which is
`permitted in accordance with the user IDs 700-1; a license
`key 700-3 representing the possibility/impossibility of the
`use and a usage level permitted and Set for the user of the
`user IDs 700-1 with respect to the application software 50A,
`and the like are Stored to correspond to each other.
`0081. An example of the operation of Embodiment 2 will
`be described below with reference to the flow chart in FIG.
`4. Reference numerals in parentheses in FIG. 4 denote the
`reference numerals of programs and functions for executing
`the processes.
`0082) The start of the CD-RW 1000 is the same as that in
`Embodiment 1. However, in Embodiment 2, a user authen
`tication program 10 and a 2-phase authentication program
`30 are used. A menu program (not shown) for Service
`
`IPR2022-00600
`Apple EX1006 Page 11
`
`

`

`US 2001/0014883 A1
`
`Aug. 16, 2001
`
`Selection is Started, and, at the entrance of each actual
`Service, fingerprint authentication using the authentication
`server 3000 is performed by the user authentication program
`10 and the 2-phase authentication program 30.
`0.083 More specifically, when a service using an arbitrary
`application software 50A at the start of the CD-RW 1000 is
`Selected, an input process of a user ID and a fingerprint from
`a user is executed by the user authentication program 10
`(step S020). The fingerprint data input by the user; the user
`ID 70-1 and the fingerprint data 70-2 registered in the
`CD-RW 1000 in advance by the process of the flow chart in
`FIG. 2; and the application software name 90-2 serving as
`the name of the application software 50A started by the
`corresponding Service, are transmitted to the authentication
`server 3000 by the authentication server linkage function
`30-1 of the 2-phase authentication program 30 (step S021).
`0084. The authentication server 3000, which receives
`these data, performs user confirmation by collation between
`the user ID 500-1 and the user ID 70-1 in the user authen
`tication program 100 (step S022). Thereafter, the authenti
`cation server 3000 collates the fingerprint data input by the
`user with the registered fingerprint data 70-2 (step S023).
`0085. If the fingerprint data is not identified with each
`other, the fingerprint data or the like received from the user
`(personal computer 2000) side is recorded together with date
`data or the like (step S024). It is answered to the user that
`the use of the corresponding Service be impossible (Step
`S025).
`If the fingerprint data is identified with each other,
`0.086
`the possibility/impossibility of the use of the application
`Software 50A by the user is decided with reference to the
`application use information 700 by using the application
`Software name 90-2 and the user ID 70-1 received from the
`user