JP2011053969A - Personal identification system in e-learning system - Google Patents

Abstract

To provide a system for further strengthening the identity authentication of a user of e-learning and preventing “spoofing” of a person other than the user.
In a system including a terminal having a biometric authentication device, an authentication server, and a learning server, when authentication by the authentication server at the first login is successful, a previous authentication time and a random generation are generated. The elapsed time up to the next authentication time and the timely authentication time obtained by adding the elapsed time to the previous authentication time are stored in the DB, and after the first login, the content of the request from the terminal is determined. The user is prompted to authenticate again by biometric authentication at each learning material classification unit or at irregular authentication times, and if the authentication server succeeds in authentication, the request requested by the user is executed.
[Selection] Figure 1

Description

  The present invention is a biometric authentication method for learners of a teaching material at every chapter, at the end of a chapter, or at irregular intervals while using the teaching material in an e-learning system performed from the home, workplace, training institution, etc. via the Internet. This is related to a personal authentication system that prevents personal impersonation.

  In recent years, the use of learning forms using e-learning systems is increasing in educational institutions and company training. As an e-learning system format, “synchronous” that transmits information in real time using a video conference system or Internet broadcasting, or a learner (hereinafter referred to as “user”) using the Internet is turned on. There is an “asynchronous type” with a high degree of freedom that enables learning without being restricted by time and place on demand.

FIG. 6 is a system configuration diagram showing an outline of a conventional asynchronous type e-learning system.
This system includes a user client terminal 001, the Internet 002, an authentication proxy server 003, an authentication database (DB) server 009, a learning application (AP) / Web server 005, and a learning database (DB) server 011. The authentication proxy server 003 also has the function of the Web server 004, and the authentication DB server 009 has a personal authentication database (DB) 010 that holds authentication information.

  The learning AP / Web server 005 also has a function of the Web server 006, a program that realizes the function of the database (DB) update processing unit 007, and a program that realizes the function of the database (DB) search processing unit 008. It has. The learning database server 011 includes a learning material database (DB) 012 that holds contents of the learning material, an individual progress management database (DB) 013 that holds progress data indicating which chapter each user has completed, and a user And a user information database (DB) 014 that holds authority information and the like of which educational material contents can be used.

In the e-learning system having such a configuration, the user starts the browser on the client terminal 001, and the authentication screen in the user authentication DB 010 is transferred from the Web server 004 in the authentication proxy server 003 to the browser via the Internet 002. indicate. When the user's ID and password prompted on the authentication screen are entered and the OK button is pressed, the authentication information stored in the user authentication DB 010 is collated. If it is displayed and succeeds, the user information DB 014 and the personal progress management DB 013 in the learning DB server 011 are referred to from the Web server 006 in the learning AP / Web server 005, and the learning material DB 012 can be selected by the user. Display appropriate teaching material content in the browser.
Thereafter, until the user intentionally logs off, it is possible to learn with the contents of the teaching material stored in the learning DB server 011 and usable by the user.

  By the way, in asynchronous e-learning, when the user enters the ID and password from the authentication screen at the start of learning and the user is authenticated, the user information DB 014 and the personal progress management DB 013 start from the first learning. It is determined when the chapters are finished, and the contents of the learning material in the learning material DB 012 are provided according to the progress of the user. After learning, when the user logs out, the individual progress management DB 013 is updated. Thereby, when starting next time, it can start from the middle of learning.

  However, while asynchronous e-learning can be performed at any time and place, there is a risk that the user will be “spoofed” in place of another person without being supervised by the teacher. In the first place, it is possible for a person other than the learner to log in by stealing the ID and password, and even if the ID and password are not stolen, they can impersonate themselves after logging in or during learning. It will be possible to continue learning.

  As a general technique for preventing such spoofing after login, a technique for performing authentication at any time after login is known. However, in a system in which an operation for personal authentication is performed every time the user operates an application, the burden on the user increases. Therefore, a mechanism for authenticating without making the user aware of it is necessary. For example, Patent Document 1 discloses that a fingerprint acquisition device is mounted on a mouse so that when a user performs a mouse operation, the user can acquire the user's fingerprint without being conscious of the user. A technique is disclosed in which authentication is performed at the timing when a file reference / update operation is performed after activating.

Published Patent Publication No. 2005-250810

  However, operations such as file reference and update are not performed using only the mouse. For example, instead of clicking the “Update” button with the mouse, it is often possible to perform the operation by keyboard operation such as pressing the “ENTER” key of the keyboard. Some users do not like mouse operations. Furthermore, in order to obtain a correct fingerprint, the burden on the user, such as placing the finger at an appropriate position at all times, is large. In particular, when performing finger vein authentication, which has been widely used recently, it is necessary to place a finger at an appropriate position with an appropriate inclination. For these reasons, it is difficult to employ the technique of Patent Document 1.

  Furthermore, since e-learning often involves operations other than computer operations such as taking notes during learning, it is impossible to employ the technique of Patent Document 1 in e-learning that employs finger vein authentication. It can be said.

  It is an object of the present invention to provide a personal authentication system that enhances the user authentication of e-learning users while reducing the user's burden and prevents “spoofing” regardless of the type of biometric authentication. .

In order to solve the above-described problems, a personal authentication system in an e-learning system according to the present invention includes a client terminal that includes a biometric authentication device and a browser and is connected to the Internet, and an authentication server that includes a Web server function and performs personal authentication processing. And a learning server that has a Web server function and performs e-learning processing.
The authentication server includes the following means.
(A) Means for previously storing a login ID and biometric authentication information in the authentication DB in order to perform the personal authentication process.
(B) At the time of the first login, the user ID is successfully authenticated by matching the login ID and biometric information sent from the client terminal with the login ID and biometric information stored in the authentication DB. Means for issuing a request from the client terminal to the learning server.
(C) After the first login, the biometric authentication information sent from the client terminal is matched with the biometric authentication information held in the authentication DB to perform the personal authentication process again. Means for issuing a client terminal request to the learning server;
The learning server includes the following means.
(D) Means for holding e-learning teaching materials composed of a plurality of teaching material division units in the learning DB in advance.
(E) Upon initial login, in response to receiving a request for successful authentication from the authentication server, the login ID, the previous authentication time with initial authentication time as the initial value, and a randomly generated Means for storing an elapsed time up to the next authentication time and an arbitrary authentication time obtained by adding the elapsed time to the previous authentication time in the learning DB.
(F) Means for prompting the client terminal to authenticate again by only biometric authentication in response to receiving a learning material classification unit end request from the client terminal every time the learning material classification unit ends after the first login .
(G) After the first login, in response to receiving a request other than a teaching material classification unit end request from the client terminal, for the corresponding login ID stored in the learning DB, compare the authentication time with the current time. And means for processing the request if it is before the arbitrary authentication time, and prompting the client terminal to perform the personal authentication again only by biometric authentication after the arbitrary authentication time.
(H) After the first login, in response to receiving a request for successful authentication again from the authentication server, for the corresponding login ID stored in the learning DB, the previous authentication is performed again with the user authentication time. The time is updated, the elapsed time is updated with an elapsed time until the next authentication time newly generated at random, and the updated elapsed time is added to the updated previous authentication time, and the authentication time is required Means to update.

  According to the present invention, in the e-learning system, every time one teaching material classification unit ends after the initial login, or based on a random authentication time that is set at random, a second authentication process by biometric authentication is performed. Therefore, it is possible to prevent others other than the user from illegally learning from the contents of the teaching material and performing tests in the teaching material.

1 is a system configuration diagram showing an embodiment of the present invention. It is a database table figure which shows one Example of this invention. It is the screen schematic which shows one Example of this invention. It is the screen schematic which shows one Example of this invention. It is a flowchart of the first login process in the system. It is a server side flowchart at the time of request issue. It is a system configuration | structure figure which shows the outline | summary of the asynchronous type of the conventional e-learning system.

DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings showing an example.
FIG. 1 is a system configuration diagram showing an embodiment of a personal authentication system according to the present invention incorporated in an e-learning system. In FIG. 1, in the e-learning system, a client part (upper half of the figure) and a server part (lower half of the figure) transmit information to each other via the Internet 102.

  As for the client portion, a client terminal 101 equipped with a browser is connected to the Internet 102. A user who uses the client terminal 101 is a learner who learns various teaching materials using an e-learning system. Each client terminal 101 includes a biometric authentication device. The biometric authentication device is, for example, a finger vein authentication device, but is not limited to this.

The server part is divided into “authentication system” and “learning system” as main parts.
The authentication system includes an authentication proxy server 103 that performs user authentication, and an authentication DB server 111 that is a database (DB) server connected to the authentication proxy server 103. Only the user who has succeeded in the personal authentication by the personal authentication process in the authentication system can actually perform e-learning using the learning system.
The authentication proxy server 103 and the authentication DB server 111 in the authentication system may be collectively referred to as “authentication server”.

The authentication proxy server 103 has a function of the Web server 104 that responds to a request (request) of personal authentication issued from the browser of the client terminal 101. The authentication DB server 111 includes a personal authentication DB 112 that holds biometric authentication information for performing personal authentication, a user-specific login ID, a password, and the like.
A DB in the authentication system may be referred to as an “authentication DB”.

In the learning system, a learning application (AP) / Web server 105 which is a learning server for performing processing related to the e-learning teaching material itself, and a learning DB server 113 corresponding to a database server connected to the learning AP / Web server 105 It has. The learning AP / Web server 105 causes the browser of the client terminal 101 to display the learning menu including the contents of the learning material acquired from the learning DB server 113, the personal progress management menu, and the like.
The learning AP / Web server 105 and the learning DB server 113 in the learning system may be collectively referred to as a “learning server”.

  The learning AP / Web server 105 is provided in the learning DB server 113, which is a function of the Web server 106 that responds to requests for content display of teaching materials and requests for personal progress management issued from the browser of the client terminal 101. A function of the DB update processing unit 107 for updating each of the received DBs, a function of the DB search processing unit 108 for searching for each DB, and a session determination unit 109 for determining the contents of each request from the client terminal 101 And a program for realizing the function of the random number generation unit 110 for generating the random elapsed time so as to set the point in time for prompting the user authentication again by the random elapsed time.

Each DB provided with the learning DB server 113 holds the learning material DB 114 that holds the content data of the learning material, which is the original purpose of e-learning, and the progress data that indicates which material the user has completed up to which chapter The individual progress management DB 115 and the user information DB 116 that holds authority information on which educational material contents the user can use.
A DB in a learning system may be referred to as a “learning DB”.

  FIG. 2 shows two tables stored in the personal progress management DB 115 of the learning DB server 113 shown in FIG. (A) is a session status table 201 showing an example of session request related information, which includes “login ID” 202, “login date and time / minute / second” 203, “end chapter code” 204, “end of chapter problem code” 205, Each column includes “status” 206. (B) is an ad hoc authentication time table 207, which includes “login ID” 208, “previous authentication time” 209, “random interval” 210, and “anytime authentication time” using the login ID 202 column of the session status table 201 as an external key. "It consists of 211 columns.

In the session status table 201, when a request for successful personal authentication at the first login reaches the Web server 106 of the learning AP / Web server 105 from the authentication proxy server 103, the row data with the login ID 202 as a key is newly added. Inserted. The login date / minute / second 203 is updated from the system time and indicates the user authentication time at the first login. The end chapter code 204 is updated by referring to which chapter the user has ended from other tables in the personal progress management DB 115 of FIG. Similarly, the chapter end problem code 205 is also updated from other tables by referring to which chapter end issue the user has finished.
The status 206 is always updated to “0” in the normal case, but is updated to “1” when it is determined that the same user has double-logged in at the time of request content confirmation. A user with a login ID whose status 206 is “1” displays a message indicating that multiple logins are made on the browser of the client terminal 101 when the next request is issued, forcibly logs out, and retrieves the corresponding row data from the session status table 201. delete.

  Note that the meaning of “chapter” in the teaching material indicates one category in which the teaching material is divided into appropriate amounts according to the content and theme, but is not limited to this designation. For example, the terms “volume”, “lesson”, “section”, “section”, etc. have the same meaning. In the present invention, “chapter” is used as a representative name which means a section of the teaching material. The “chapter problem” is not limited to this name, and the names “exercise” and “review task” have the same meaning. Therefore, “chapter” or “chapter problem” in the teaching material is referred to as “teaching material classification unit”. That is, the end chapter code 204 and the end-of-chapter problem code 205 of the session status table 201 indicate progress information for each teaching material division unit.

  The authentication time table 207 is updated at any time when the session status table 201 is updated, and the login ID 208 as a key refers to the session status table 201 externally. The previous authentication time 209 is updated with the same date / time / minute / second as the user authentication time of the login date / time / minute / second 203 of the session status table 201 as an initial value at the time of the first login. After the first login, the date / time / minute / second at which the re-authentication was performed when biometric authentication was prompted again during the same session (at the end of the teaching material unit or forced authentication at any time). Updated to

  Further, the random interval 210 is updated with a natural number between “300” and “600” generated by the random number generator 110 of the learning AP / Web server 105 of FIG. This indicates the elapsed time from the previous authentication time 209 to the forced authentication based on the next occasional time with the unit “second”. Then, the next authentication time is determined by adding the value of the random interval 210 to the previous authentication time 209 in seconds. For example, when the user authentication time at the time of the first login is “2009/6/25 13:23:02”, “2009/6/25 13:23:02” is updated at the previous authentication time 209 first. At this time, when “305” is generated by the random number generation unit 110 of the learning Web / AP server 105 in FIG. 1, the random interval 210 is updated with “305”, and the last authentication time 209 “2009/6/25” 13:23:02 ”,“ 305 ”of the random interval 210 is added as seconds, and the authentication time 211 is updated to“ 2009/6/25 13:28:07 ”as needed. When the request from the client terminal is received after the first login, if the request is other than the teaching material class end request, refer to the authentication time table 207 at any time and the current time is later than the authentication time 211 at any time. If so, the user is prompted to authenticate again by biometric authentication. This prevents the user from performing “spoofing”.

FIG. 3A is a schematic diagram illustrating an example of a screen displayed on the client terminal 101 in the personal authentication system of the present invention.
The “EL system user login screen” screen 301 shown in (a) is a screen requesting the user's “user name (login ID)” and “password”. After entering the login ID and password, the “OK” button is clicked. When pressed, a request is issued to the authentication proxy server 103 in FIG. The authentication proxy server 103 collates with the login ID and password data stored in the personal authentication DB 112 of the authentication DB server 111, and if it is determined that the authentication result is correct, the subsequent biometric authentication (b) If it is invalid, a message indicating that authentication has failed is displayed on the screen.

  The “EL system finger vein authentication screen” screen 302 shown in (b) is a message for prompting user biometric authentication. Here, description will be made by using finger vein authentication as an example. When the user places a finger on the finger vein authentication device after this screen 302 is displayed, the finger vein authentication information is read and a request is issued to the authentication proxy server 103. The authentication proxy server 103 collates with the finger vein authentication information stored in the personal authentication DB 112 of the authentication DB server 111, and issues a request to the learning AP / Web server 105 if it is determined that the authentication result is correct. If it is invalid, a message indicating authentication failure is displayed on the screen.

FIG. 3B is a schematic diagram of another example of a screen displayed on the client terminal 101.
The “Chapter X Heading” screen 303 shown in FIG. 5A is a learning page of Chapter X with contents of teaching materials which are the core of the e-Learning system. The “Exit Chapter X” menu is displayed on this screen. When the “End Chapter X” menu is pressed, a teaching material unit end request is issued to the learning AP / Web server 105 of FIG.
The “Chapter X Chapter ending question” screen 304 shown in FIG. 5B is a page for confirming the learning effect, which is performed after learning on the “Chapter X Heading” screen 303. The “End chapter problem” menu is also displayed on this screen. When the “End chapter ending question” menu is pressed, a teaching material unit end request is issued to the learning AP / Web server 105 of FIG.

  This completes the description of the configuration and functions of the personal authentication system in e-learning according to the present embodiment.

Hereinafter, the operation of the personal authentication system in e-learning according to the present embodiment will be described.
FIG. 4 is a flowchart showing the initial login process in the system. In the description, reference is also made to FIGS. 1 and 2 as appropriate.

  First, the user starts a browser from the client terminal 101 and accesses with the URL of the e-learning system (step 401). Therefore, the authentication proxy server 103 outputs a screen for prompting the login ID and password (see FIG. 3A (a)) (step 402). The user enters a login ID and password. The authentication proxy server 103 collates the login ID and password data in the personal authentication DB 112 of the authentication DB server 111 (step 403). Therefore, when the personal authentication fails, a message indicating the authentication failure is displayed on the screen of the browser of the client terminal 101 (step 405). If the personal authentication is successful, the authentication proxy server 103 makes a transition to a screen prompting biometric authentication (see FIG. 3A (b)) (step 404).

  When the user reads the biometric authentication information from the biometric authentication device installed in the client terminal 101, the authentication proxy server 103 collates with the biometric authentication information of the personal authentication DB 112 of the authentication DB server 111 (step 406). Therefore, when the personal authentication fails, a message indicating the authentication failure is displayed on the screen of the browser of the client terminal 101 (step 408). If the personal authentication is successful, the authentication proxy server 103 issues a request to the learning AP / Web server 105.

  When the learning AP / Web server 105 receives a request relating to the successful authentication of the user from the authentication proxy server 103, it passes through the function of the Web server 106, and the session determination unit 109 determines whether the request is for the first login or the request after the first login. Judge whether it is. If it is the first login, new data is inserted into the session status table 201 and the authentication time table 207 as needed (step 407).

  Then, the DB search processing unit 108 of the learning AP / Web server 105 confirms the user information DB 116 and the personal progress management DB 115 of the learning DB server 113, and transitions to the portal top page of the e-learning system (step 409). On the portal top page, a menu of teaching material contents that can be used by the user is displayed.

FIG. 5 is a flowchart showing processing when a request is issued from a client terminal in the system.
First, the user issues a request from the client terminal 101 (step 501). Note that whether or not the login is the first time is determined by the session determination unit 109, and here, the processing after the first login will be described.

  Whether the issued request is “Chapter End Request”, which is one of the teaching material category unit end requests, that is, a request in which the “End Chapter X” menu on the screen 303 in FIG. 3B (a) is pressed. It is determined by the session determination unit 109 whether or not (step 502). If it is a “chapter end request”, a transition is made to a screen (see FIG. 3A (b)) that prompts another person authentication by biometric authentication (step 506).

  If it is not “Chapter End Request”, then whether the issued request is “Chapter End Problem End Request” which is another teaching material section unit end request, that is, “Chapter” of the screen 304 in FIG. 3B (b). The session determination unit 109 determines whether or not the request is for pressing the “end problem is terminated” menu (step 503). If it is a “chapter end question end request”, the screen transitions to a screen (see FIG. 3A (b)) that prompts the user to authenticate again by biometric authentication in the same manner as the “chapter end request” (step 506).

  If it is not a “chapter end question end request” in step 503, it is determined that the request from the client terminal was not any teaching material division unit end request. Next, the authentication time table 207 is referred to as needed (step 504). The optional authentication time 211 for the corresponding login ID in the optional authentication time table 207 is compared with the current time, and if the current time is before the optional authentication time 211, the request from the client terminal is processed (step 511). . If the current time is later than the authentication time 211 as needed, the screen transits to a screen (see FIG. 3A (b)) that prompts another authentication by biometric authentication (step 506).

  When the request content determination as described above determines that it is a teaching material unit end request (chapter end request or end of chapter problem end request), or a request after the authentication time at any time, and is prompted to authenticate again by biometric authentication. The user of the client terminal 101 performs the personal authentication again by biometric authentication in the same way as the first login (step 507). In the personal authentication again after the first login, the personal authentication based on the login ID is not performed, but the personal authentication based only on the biometric authentication is performed.

  If the authentication fails, the row data of the corresponding login ID in the session status table 201 and the ad hoc authentication time table 207 is deleted (step 509). Thereafter, the user is made to log in again for the first time.

  If the user authentication is successful again, the previous authentication time in the authentication time table 207 is updated as needed to the current time when the user authentication is performed again. At this time, a new natural number is generated by the random number generation unit 110 and the elapsed time of the random interval 210 is also updated. The updated authentication time 211 is also updated by adding the updated elapsed time to the updated previous authentication time (step 510). Thereafter, the request intended by the user is processed.

101: Client terminal
102: Internet
103: Authentication proxy server
104: Web server
105: Learning AP / Web server
106: Web server
107: DB update processor
108: DB search processor
109: Session Judgment Department
110: Random number generator
111: Authentication DB server
112: Identity authentication DB
113: Learning DB server
114: Learning Material DB
115: Individual progress management database
116: User information DB

Claims (1)

E-Learning comprising: a client terminal having a biometric authentication device and a browser connected to the Internet; an authentication server having a Web server function and performing personal authentication processing; and a learning server having a Web server function and performing e-learning processing A personal authentication system in the system,
The authentication server is:
(A) means for preliminarily storing a login ID and biometric authentication information in the authentication DB in order to perform the personal authentication process;
(B) At the time of the first login, the user ID is successfully authenticated by matching the login ID and biometric information sent from the client terminal with the login ID and biometric information stored in the authentication DB. Means for issuing a request of the client terminal to the learning server in the case of
(C) After the first login, the biometric authentication information sent from the client terminal is matched with the biometric authentication information held in the authentication DB to perform the personal authentication process again. Means for issuing a client terminal request to the learning server,
The learning server is
(D) means for preliminarily storing e-learning teaching materials composed of a plurality of teaching material division units in a learning DB;
(E) Upon initial login, in response to receiving a request for successful authentication from the authentication server, the login ID, the previous authentication time with initial authentication time as the initial value, and a randomly generated Means for storing, in the learning DB, an elapsed time until the next authentication time, and an arbitrary authentication time obtained by adding the elapsed time to the previous authentication time;
(F) Means for prompting the client terminal to authenticate again by only biometric authentication in response to receiving a learning material classification unit end request from the client terminal every time the learning material classification unit ends after the first login When,
(G) After the first login, in response to receiving a request other than a teaching material classification unit end request from the client terminal, for the corresponding login ID stored in the learning DB, compare the authentication time with the current time. Means for processing the request if it is before the optional authentication time, and prompting the client terminal to perform the personal authentication again only by biometric authentication after the optional authentication time;
(H) After the first login, in response to receiving a request for successful authentication again from the authentication server, for the corresponding login ID stored in the learning DB, the previous authentication is performed again with the user authentication time. The time is updated, the elapsed time is updated with an elapsed time until the next authentication time newly generated at random, and the updated elapsed time is added to the updated previous authentication time, and the authentication time is required And a means for updating the personal authentication system in the e-learning system.

Images