JP2011227573A - Authentication device, authentication method, and authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication device with a high security level considering user's convenience for re-authentication, when authentication is failed.SOLUTION: The number of images displayed on an authentication screen increases depending on the number of authentication failure. Therefore, probability of successful authentication may decline, since the number of images displayed for re-authentication increases after authentication is failed. When authentication is failed, security is enhanced for re-authentication, which means authentication may become harder to succeed.

Description

  The present invention relates to an authentication apparatus, an authentication method, and an authentication program for authenticating a user, and particularly to authentication for selecting an option such as an image.

  When using a cash card or a credit card or accessing a computer network, a password such as a personal identification number is generally required. In the case of a cash card, if the wrong password is entered three times, the card is often automatically disabled. Therefore, it is necessary for the cardholder to go to a counter such as a bank and perform a procedure for making the card usable.

  Also, if the password required for accessing the network etc. is incorrect several times, the user's account will be locked and may not enter the network unless the system administrator unlocks it. .

  Under these circumstances, if the number of times the wrong password or password is entered is too small, the card or network is often unusable. When it becomes unusable, it is necessary to ask a bank window or network administrator for work to make it usable, which reduces the convenience for the user.

  In addition, when entering a hotel room or when a password is required in a public place such as using a locker, the convenience of the user is reduced if the lock is applied due to unauthorized access.

  On the other hand, if the user's convenience is to be improved, the allowable number of times may be increased even if the password is incorrect. However, simply increasing the number of times that mistakes are allowed increases the chances that an unauthorized user of a card or a person trying to gain unauthorized access to the network will find the correct password, thus reducing security.

  For example, in Japanese Patent Application Laid-Open No. 2003-141079, if an incorrect password is entered, the number of errors in the password character is counted, and if it exceeds a certain value, the number of password input requests is changed to enhance security. The method to do is disclosed.

  Japanese Patent Application Laid-Open No. 7-271729 discloses a method for strengthening security by providing means for enlarging a password portion for confirming a match when the number of erroneous inputs exceeds a predetermined number.

  In Japanese Patent Laid-Open No. 2000-259276, when the number of illegal passwords input exceeds the allowable number of incorrect password inputs, the second password function is enabled and the password function is doubled. Thus, a method is disclosed in which the password function is strengthened sequentially only when the password is about to be broken.

  However, the above method has a problem that the burden on storage is large, such as storing a long password length in advance or storing another password, and lacking user convenience. .

  In Japanese Patent Laid-Open No. 2002-91921, an ecological feature determination criterion is changed (lowered) by using an authentication process using a biometric feature together with an authentication process using a password. A method for maintaining a security level by using two types of authentication together is disclosed.

  Japanese Patent Application Laid-Open No. 11-159425 discloses a method in which when a wrong password is entered, the degree of the mistake is judged and the retry of password entry is permitted according to the degree.

  However, the above method has a heavy load on the apparatus side, and authentication processing may be complicated.

JP 2003-141079 A JP 2002-91921 A JP 11-259425 A JP 7-271729 A JP 2000-259276 A

  The present invention has been made to solve the above-described problems, and in re-authentication when authentication fails, an authentication apparatus and authentication method that take into account user convenience while ensuring a high security level And to provide an authentication program.

  An authentication apparatus according to an aspect of the present invention is received by an option presenting unit that presents a plurality of options on a display unit, a selection accepting unit that accepts a user's selection input for the presented multiple options, and a selection accepting unit An authentication determination unit that determines whether or not authentication can be performed according to selection / non-selection of the correct answer, and a re-authentication security level that again requests selection of the correct option according to the number of authentication failures in the authentication determination unit Authentication strength adjusting means.

  Preferably, when the number of authentication failures in the authentication determination unit increases, the authentication strength adjusting unit decreases the probability of successful authentication when performing re-authentication.

  In particular, the authentication strength adjusting means instructs to change the number of options presented by the option presenting means for re-authentication according to the number of authentication failures in the authentication determining means.

  In particular, the authentication strength adjustment unit instructs the authentication determination unit for re-authentication to change the number of authentication determinations for determining whether authentication is possible, according to the number of authentication failures in the authentication determination unit.

  Preferably, the authentication strength adjustment unit instructs to adjust the authentication period in the case of re-authentication according to the number of authentication failures in the authentication determination unit.

  Preferably, the authentication strength adjustment unit sets the authentication to be impossible when the number of authentication failures in the authentication determination unit exceeds a predetermined number.

  Preferably, a notification means for notifying alarm information to the outside is further provided. The authentication strength adjustment unit instructs the notification unit to notify the alarm information to the outside when the number of authentication failures in the authentication determination unit exceeds a predetermined number.

Preferably, the authentication determination unit performs image authentication or password authentication.
An authentication method according to an aspect of the present invention includes a step of presenting a plurality of options on a display means, a step of receiving an input of a user's selection for the plurality of presented options, and selection / non-selection of an accepted correct option And determining whether or not authentication is possible, and adjusting the security level of re-authentication that prompts the user to select the correct option again according to the number of authentication failures.

  An authentication program according to an aspect of the present invention includes a step of presenting a plurality of options on a display unit to a computer of an authentication device, a step of receiving an input of a user's selection with respect to the displayed plurality of options, and an accepted correct answer Executes a process comprising: determining whether or not authentication is possible according to selection / non-selection of an option; and adjusting a security level of re-authentication that again requests selection of a correct option according to the number of authentication failures Let

  An authentication apparatus according to an aspect of the present invention includes an authentication strength adjustment unit that adjusts a security level of re-authentication for obtaining again selection of a correct answer according to the number of authentication failures in the authentication determination unit. Depending on the number of failures, the security level of re-authentication that requires selection of the correct answer option is adjusted, so that a high security level can be secured and the user is required to re-select the correct answer option during re-authentication Convenience is high for.

It is a figure explaining the key management system according to Embodiment 1 of this invention. It is a schematic block diagram of the key management system according to Embodiment 1 of the present invention. It is a figure explaining the hardware constitutions of the authentication apparatus 20 according to Embodiment 1 of this invention. It is a block diagram which shows the control structure in the key management system according to Embodiment 1 of this invention. It is a figure explaining the initial screen of the image authentication according to Embodiment 1 of this invention. It is a figure explaining the user ID selection screen 104 displayed in the authentication apparatus 20 according to Embodiment 1 of this invention. It is a figure explaining the new user registration screen 310 displayed in the authentication apparatus 20 according to Embodiment 1 of this invention. It is a figure explaining the image selection screen 320 displayed in the authentication apparatus 20 according to Embodiment 1 of this invention. It is a figure explaining the new user registration confirmation screen 330 displayed in the authentication apparatus 20 according to Embodiment 1 of this invention. FIG. 6 is a diagram for explaining a relationship between image data 253 stored in an authentication data storage unit 250 and a data ID. It is a sequence diagram which shows the procedure of the new user registration in the authentication apparatus 20 according to Embodiment 1 of this invention. 4 is a diagram for explaining authentication data stored in an authentication data storage unit 250. FIG. 6 is another diagram illustrating authentication data stored in authentication data storage unit 250. FIG. It is a figure explaining the user ID selection screen 104 # displayed in the authentication apparatus 20 according to Embodiment 1 of this invention. It is a figure explaining the authentication screen 400 displayed in the authentication apparatus 20 according to Embodiment 1 of this invention. It is a sequence diagram which shows the procedure of the authentication process in the authentication apparatus 20 according to Embodiment 1 of the present invention. It is a figure explaining the relationship between the authentication failure frequency according to Embodiment 1 of this invention, and the screen structure for authentication. It is a figure explaining the transition of the number of the images displayed on the authentication screen according to Embodiment 1 of this invention. It is a flowchart explaining the main flow of the authentication process according to Embodiment 1 of this invention. It is a flowchart explaining the subroutine process of the new user registration process according to Embodiment 1 of the present invention. It is a flowchart explaining the subroutine process of the image authentication screen display process according to Embodiment 1 of this invention. It is a figure explaining the relationship between the frequency | count of authentication failure according to the modification 1 of Embodiment 1 of this invention, and the number of authentication screens. It is a figure explaining the transition of the number of the authentication screens according to the modification 1 of Embodiment 1 of this invention. It is a figure explaining the relationship between the authentication failure frequency according to the modification 2 of Embodiment 1 of this invention, and an authentication screen time limit. It is a figure explaining the outline | summary of the key management system according to Embodiment 2 of this invention. It is a figure explaining the outline | summary of another system according to an embodiment of this invention.

(Embodiment 1)
Hereinafter, Embodiment 1 of the present invention will be described in detail with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

FIG. 1 is a diagram illustrating a key management system according to the first embodiment of the present invention.
Referring to FIG. 1, here, as an example, an outline of a key management system that manages a key 2 provided on a door 4 such as a hotel room is shown.

  The user 3 operates the authentication device 20 provided near the door 4. In the authentication device 20, the key 2 is unlocked when the authentication is successful. When the key 2 of the door 4 is unlocked, the user can open the door 4 and enter a building (for example, a house).

FIG. 2 is a schematic block diagram of the key management system according to the first embodiment of the present invention.
Referring to FIG. 2, the key management system according to the first embodiment of the present invention includes key 2, key management device 5 that manages the unlocking / locking of key 2, and authentication device 20. The key management device 5 and the authentication device 20 are connected so as to be able to exchange information.

  Typically, when a user accesses the authentication device 20, the authentication device 20 requests an authentication process. In the key management system according to the first embodiment, an authentication process for determining a match / mismatch with the input information input is executed based on registration information registered in advance for each user, as will be described later.

  When the authentication process in the authentication device 20 is successful according to the user's input, that is, when the input information input matches the registered information registered in advance for each user, the key management device 5 is notified that the authentication process has been successful. The

  The key management device 5 receives the notification that the authentication process has been successful, and sets the key 2 to the unlocked state. Then, after a predetermined time (for example, 20 seconds), the locked state is automatically set. Here, it is assumed that the predetermined time is set in advance by the administrator for a time that is considered sufficient for the user 3 to open the door 4 and enter the building. When the user 3 leaves the building, the door 4 can be opened and closed at all times. In this example, the case where the authentication process is performed when the user 3 opens the door 4 and enters the building will be mainly described.

  After the key 2 is unlocked and the door 4 is opened, the key management device 5 locks the key 2 when the door is closed again. With this system, only the user who has succeeded in authentication can unlock the door 4 and enter the building, so that the safety in the building can be ensured.

This will be specifically described below.
FIG. 3 is a diagram illustrating a hardware configuration of authentication apparatus 20 according to the first embodiment of the present invention.

  Referring to FIG. 3, authentication apparatus 20 according to the first embodiment of the present invention includes a CPU 202 as processing means, RAM 204, ROM 206 and HDD 210 as storage means, CD drive 208 as a data reading unit, and communication. A communication I / F 212 as a means, a display 214 as a display means, and a touch panel 216 as an input means are included. These parts are connected to each other via the internal bus 220.

  In authentication device 20, CPU 202 expands and executes programs for executing various processes including an image authentication process according to the first embodiment stored in HDD 210 or the like in RAM 204 or the like. The HDD 210 stores a program read from a CD-ROM (Compact Disc-Read Only Memory) 208 a by the CD drive 208.

  Further, this program generally includes an operating system (OS). The RAM 204 is a volatile memory and is used as a work memory. The HDD 210 is typically a nonvolatile magnetic memory.

  The communication I / F 212 typically supports a general-purpose communication protocol such as Ethernet (registered trademark). In this example, the communication I / F 212 provides data communication with the key management device 5 or the like connected via a network. In this example, it is assumed that the key management device 5 and the authentication device 20 are connected to the network wirelessly or by wire as an example, but the key management device 5 and the authentication device 20 directly connect a cable. It is also possible to adopt a configuration in which these are connected. As the network, a LAN (Local Area Network), a WAN (Wide Area Network), or the like is assumed.

  The display 214 includes a liquid crystal display device, a CRT (Cathode Ray Tube), a plasma display device, and the like, and displays a processing result by the CPU 202 and the like. The touch panel 216 is provided on the display 214 and receives a touch input by the user. The touch input may be a form that is directly touched with a user's finger, or may be a form that is input via a touch pen or the like. In this example, a case where touch input is mainly performed using the touch panel 216 as an input unit will be described, but information is input by an input unit using a normal keyboard, mouse, or the like instead of the touch panel 216. Of course it is also possible to do. Alternatively, it may be input by voice, or it may be possible to execute an input for specifying a position by using a wearable display or a line-of-sight input device. There is no question about the means.

  FIG. 4 is a block diagram showing a control structure in the key management system according to the first embodiment of the present invention.

  Referring to FIG. 4, authentication device 20 has, as its control structure, authentication data storage unit 250, external communication unit 255, authentication screen generation unit 256, authentication determination unit 258, and user information reception unit 260. The authentication strength adjustment unit 262 and the data input / output unit 264 are included.

  The authentication data storage unit 250 is typically provided as a specific area of the HDD 210 of the authentication device 20. The external communication unit 255 is provided by cooperation between the CPU 202 of the authentication device 20 and the communication I / F 112. The user information reception unit 260 is provided by the cooperation of the display 214 and the touch panel 216 of the authentication device 20 and the CPU 202. Other parts are provided by the CPU 202 of the authentication device 20 executing a program.

First, the control function in the authentication device 20 will be described.
The authentication data storage unit 250 stores authentication data 252 and image data 253.

  Authentication data 252 describes user information (user ID or the like) when performing image authentication for each user according to the first embodiment of the present invention, and registration information (correct image data) associated with the user information. . Details will be described later.

  The image data 253 is not limited to the data stored in the authentication data storage unit 250 in advance, and may be acquired from the outside via a network.

  The data stored in the authentication data storage unit 250 can be accessed from other parts through the data input / output unit 264.

  The external communication unit 255 is physically and logically connected to the external communication unit 6 of the key management device 5 via a network, and exchanges data with the external communication unit 6 of the key management device 5.

  The authentication screen generation unit 256 generates data for displaying an image authentication screen for the user to input information in the image authentication process for each user. More specifically, data for displaying an authentication input screen is generated based on image data or the like. That is, the authentication screen generation unit 256 presents the authentication screen on display means such as the display 214 (FIG. 3). Then, the information (designated image data) input via the user information receiving unit 260 by the user to be authenticated is sent to the authentication determining unit 258.

  Further, the authentication screen generating unit 256 generates data for displaying an image authentication screen corresponding to the authentication strength notified from the authentication strength adjusting unit 262. Therefore, the generated image authentication screen differs according to the authentication strength.

  The authentication determination unit 258 determines whether the input information input by the user matches / does not match the registration information registered in advance in association with the user who is the object of image authentication. Based on the result, the authentication is successful. Judge whether there is. More specifically, it is determined that the authentication is successful when the input image data input by the user matches the registered image data registered. That is, authentication is performed based on the match / mismatch between the input image data and the registered image data.

  The user information receiving unit 260 receives a user operation input via the touch panel 216 (FIG. 3) of the authentication device 20 and transmits the information to other parts through the data input / output unit 164.

  Further, the user information receiving unit 260 displays an authentication input screen based on the information generated by the authentication screen generating unit 256 on the display 214 (FIG. 3) of the authentication device 20. Further, a user ID selection screen, an image authentication screen, and the like for selecting a user who is a target of image authentication related to the image authentication process are displayed.

  As will be described later, the authentication strength adjusting unit 262 adjusts the authentication strength of the determination result by the authentication determining unit 258 according to the number of mismatches. Specifically, the authentication screen generation unit 256 is notified of the authentication strength according to the number of mismatches.

The data input / output unit 164 controls data exchange between the aforementioned parts.
Next, a control function in the key management device 5 will be described.

  The key management device 5 includes, as its control structure, an external communication unit 6 connected to a network, and a lock / unlock management unit 7 that sets the key 2 to a locked state or an unlocked state.

  The external communication unit 6 is physically and logically connected to the external communication unit 255 of the authentication device 20 via a network, and exchanges data with the external communication unit 255 of the authentication device 20.

  The locking / unlocking management unit 7 sets the key 2 to the unlocked state or the locked state based on the information transmitted from the authentication device 20.

Next, the image authentication method according to the first embodiment of the present invention will be specifically described.
FIG. 5 is a diagram illustrating an initial screen for image authentication according to the first embodiment of the present invention.

Referring to FIG. 5, here, an initial screen 100 when performing image authentication is shown.
The image authentication process is started when the user presses the start button 102 provided on the initial screen 100 via the touch panel 216 in accordance with the guidance message “Please press the start button” displayed on the initial screen 100.

Then, the next user ID selection screen is displayed on the display 214.
FIG. 6 is a diagram illustrating user ID selection screen 104 displayed on authentication device 20 according to the first embodiment of the present invention.

  Referring to FIG. 6, in the user ID selection screen 104, a user ID selection button 106 for selecting a user ID, a return button 107, and a determination button 108 are displayed together with a guidance display “Please select a user ID.” Is provided.

  In this example, the user ID selection buttons are displayed based on user information (“Alice”, “Bob”, “Charlie”, “David”) included in the authentication data, which will be described later. ing.

  The user who is the object of image authentication selects the user ID selection button 106 corresponding to his / her user ID (here, name) displayed on the user ID selection screen 104 via the touch panel 216.

  Subsequently, when the user selects the determination button 108, the selection of the user ID is confirmed. When the return button 107 is selected, the previously selected user ID is cancelled. When the return button 107 is selected with no user ID selected, the screen returns to the initial initial screen 100.

  If the user ID is not displayed on the user ID selection screen, new user registration is required. In this example, it is assumed that a new user registration process is started when the user presses the “new user registration” button 110.

  FIG. 7 is a diagram illustrating new user registration screen 310 displayed on authentication device 20 according to the first embodiment of the present invention.

  In this example, it is assumed that the new user registration button 110 is pressed on the initial screen 100 described above.

  Referring to FIG. 7, the new user registration screen 310 shows a case where an input display area 312, a soft keyboard 314, a return button 316, and an enter button 318 are provided. A return button 316 and an enter button 318 are provided.

  The user operates the soft keyboard 314 to input a user ID as user information to be newly registered. A new user may input the user ID. This input user ID is reflected in the input display area 312. When the user selects the enter button 318 after inputting the user ID, the input of the user ID is confirmed. Then, the process proceeds to the next process. When the return button 316 is selected, the user ID that has been input previously is reset. That is, the contents displayed in the input display area 342 are deleted.

  Here, as an example, a case where “Erik” is input as the user ID in the input display area 342 according to the operation of the soft keyboard 314 is shown.

  FIG. 8 is a diagram illustrating an image selection screen 320 displayed on authentication device 20 according to the first embodiment of the present invention.

  In this example, it is assumed that the enter button 318 is pressed after entering the user ID in the input display area 312 on the new user registration screen 310 described above.

  Referring to FIG. 8, image selection screen 320 shows a case where a plurality of images that can be selected as correct images are displayed along with a message “Please select two correct answers”.

  In the image selection screen 320, the user can select images that are two correct images to be selected on the authentication screen.

  In this example, as an example, a case where the “present” image 322 and the “rabbit” image 323 are selected as correct images is shown.

  An “OK” button 324 and a “Cancel” button 326 are provided.

  When the user selects two correct images and selects an “OK” button 324, the input of the correct image is confirmed. Specifically, the input user ID and two correct images are registered as user information. Then, a new user registration confirmation screen as the next process is displayed.

  When the “Cancel” button 326 is selected, a new user registration screen 310, which is the previous screen, is displayed.

  In this example, the method of inputting the user ID and the correct image on separate screens has been described. However, the present invention is not limited to this, and the user ID and the correct image may be input on one screen.

  FIG. 9 is a diagram illustrating a new user registration confirmation screen 330 displayed on authentication device 20 according to the first embodiment of the present invention.

  In this example, it is assumed that two correct images are selected on the image selection screen 320 and the “OK” button 324 is pressed.

  Referring to FIG. 9, the new user registration confirmation screen 330 shows a case where two selected correct images are displayed on the image selection screen 320 together with the display “Erik was newly registered”. Has been.

  On the new user registration confirmation screen 330, the user can confirm that his / her user ID has been registered, and can reconfirm the two selected correct images.

  Then, it is possible to select the self-registered user ID on the initial screen described above by this processing.

  FIG. 10 is a diagram for explaining the relationship between the image data 253 stored in the authentication data storage unit 250 and the data ID.

  Referring to FIG. 10, a plurality of image data is stored in authentication data storage unit 250, and a data ID is assigned to each. As an example, here, 100 image data are assigned to data IDs “1” to “100”, respectively. Therefore, by storing the user ID in association with the data ID corresponding to the image data selected by the user, it is possible to easily refer to the correct image selected by the user from the authentication data storage unit 250. .

  FIG. 11 is a sequence diagram showing a procedure for new user registration in authentication device 20 according to the first embodiment of the present invention.

  Each step illustrated in FIG. 11 is executed by the authentication screen generation unit 256, the authentication data storage unit 250, the user information reception unit 260, and the authentication determination unit 258 of the authentication device 20 illustrated in FIG.

  First, when authentication is requested, the processing shown in FIG. 11 is started. As a condition for requiring this authentication, a case where the start button 102 is pressed on the initial screen 100 described with reference to FIG. 5 can be considered.

  In step S2, the authentication determination unit 258 instructs the authentication screen generation unit 256 to display a user ID selection screen. In step S <b> 4, the authentication screen generation unit 256 requests authentication data from the authentication data storage unit 250 in accordance with the instruction to display the user ID selection screen from the authentication determination unit 258. In step S <b> 6, the authentication data storage unit 250 transmits the authentication data stored therein in response to the request from the authentication screen generation unit 256.

  FIG. 12 is a diagram for explaining the authentication data stored in the authentication data storage unit 250.

  Referring to FIG. 12, here, authentication data before update is shown. Specifically, the user ID and the data ID corresponding to the image data selected as the correct image are stored in association with each other.

  For example, “Alice”, “Bob”, “Charlie”, “David” are registered in the user ID, and a correct data ID is associated with each user ID. Has been.

  Referring to FIG. 11 again, in step S8, authentication determination unit 258 refers to all user IDs included in the authentication data based on the authentication data received from authentication data storage unit 250, and selects a user ID. Generate information to display the screen. In step S10, the authentication screen generation unit 256 sends information for displaying the generated user ID selection screen to the user information reception unit 260 and displays the information. Specifically, the user information receiving unit 260 displays the user ID selection screen 104 (FIG. 6) on the display 214 (FIG. 3) or the like based on the information for displaying the user ID selection screen received from the authentication screen generation unit 256. ) Is displayed.

  Then, assume that the user selects the new user registration button 110 on the user ID selection screen 104 shown in FIG. 6 (user operation in step S12). Then, in step S <b> 14, the user information reception unit 260 sends an instruction for new user registration in accordance with the selection of the new user registration button 110 to the authentication screen generation unit 256.

  In step S <b> 16, the authentication screen generation unit 256 generates information for displaying the new user registration screen according to the new user registration instruction. In step S18, the authentication screen generation unit 256 sends information for displaying the generated new user registration screen to the user information reception unit 260 and displays the information. Specifically, the user information accepting unit 260 displays the new user registration screen 310 (FIG. 7) on the display 214 (FIG. 3) or the like based on the information for displaying the new user registration screen received from the authentication screen generation unit 256. ) Is displayed.

  Then, on the new user registration screen 310 shown in FIG. 7, it is assumed that the user inputs the user ID and selects the decision button 318 (user operation in step S20). Then, in step S <b> 22, the user information reception unit 260 sends the input user ID data (registration data) to the authentication screen generation unit 256. In step S24, the authentication screen generation unit 256 notifies the authentication determination unit 258 of the registration data. In step S26, the authentication determination unit 258 confirms registration of the notified user ID data (registration data) (step S26). Specifically, it is determined whether or not the user ID input this time is new with reference to the authentication data. If the user ID input by the user has already been registered, the new user registration process is canceled and the authentication screen generation unit 256 is instructed to display the user ID selection screen.

  If the user ID input by the user is new (that is, not registered), the authentication determination unit 258 instructs the authentication screen generation unit 256 to display an image selection screen in step S28. In step S <b> 30, the authentication screen generation unit 256 requests image data from the authentication data storage unit 250 in accordance with an instruction to display an image selection screen from the authentication determination unit 258. The authentication data storage unit 250 sends the requested image data to the authentication screen generation unit 256 (step S32).

  Then, the authentication screen generation unit 256 generates information for displaying the image selection screen based on the image data received from the authentication data storage unit 250. In step S 36, the authentication screen generation unit 256 sends information for displaying the generated image selection screen to the user information reception unit 260 for display. Specifically, the user information receiving unit 260 displays the image selection screen 320 (FIG. 8) on the display 214 (FIG. 3) or the like based on the information for displaying the image selection screen received from the authentication screen generation unit 256. indicate.

  Then, assume that the user selects an image and selects the OK button 324 on the image selection screen 320 shown in FIG. 8 (user operation in step S38). Then, in step S <b> 40, the user information reception unit 260 sends the input selected image data to the authentication screen generation unit 256. In step S42, the authentication screen generation unit 256 notifies the authentication determination unit 258 of the selected image data.

  In step S <b> 44, the authentication determination unit 258 stores the user information regarding the user ID and the selected image data in the authentication data storage unit 250. As a result, the authentication data in the authentication data storage unit 250 is updated.

  FIG. 13 is another diagram for explaining the authentication data stored in the authentication data storage unit 250.

  Referring to FIG. 13, here, the updated authentication data is shown. Further, the user ID “Erik” is added as user information to the authentication data before the update, and the user ID is associated with the selected image (“present” image, “rabbit” image). “6” and “7” are stored in association with each other. As a result, the authentication process for the user ID “Erik” can be executed.

  Referring to FIG. 11 again, in step S46, authentication determination unit 258 instructs authentication screen generation unit 256 to display a new user registration confirmation screen. In step S <b> 48, the authentication screen generation unit 256 requests authentication data in accordance with an instruction to display a new user registration confirmation screen from the authentication determination unit 258. In step S50, the authentication data storage unit 250 transmits the requested authentication data to the authentication screen generation unit 256. The authentication screen generation unit 256 generates information for displaying a new user registration confirmation screen based on the received updated authentication data. Specifically, information for displaying a new user registration confirmation screen is generated based on the newly updated authentication data (user ID “Erik”, “present” image, “rabbit” image). In step S54, the authentication screen generation unit 256 sends information for displaying the generated new user registration confirmation screen to the user information reception unit 260 for display (step S54). Specifically, the user information reception unit 260 displays a new user registration confirmation screen (FIG. 3) on the display 214 (FIG. 3) or the like based on the information for displaying the new user registration confirmation screen received from the authentication screen generation unit 256. 9) is displayed.

  Assume that the user selects the confirmation button 334 on the new user registration confirmation screen 330 shown in FIG. 9 (user operation in step S56). Then, in step S <b> 58, the user information reception unit 260 sends the selected confirmation instruction to the authentication screen generation unit 256. In step S60, the authentication screen generation unit 256 generates information for displaying a user ID selection screen regarding all users included in the authentication data, based on the authentication data. In step S62, the authentication screen generation unit 256 sends information for displaying the generated user ID selection screen to the user information reception unit 260 and displays the information. Specifically, the user information reception unit 260 displays the user ID selection screen on the display 214 (FIG. 3) or the like based on the information for displaying the user ID selection screen received from the authentication screen generation unit 256.

  FIG. 14 is a diagram illustrating user ID selection screen 104 # displayed on authentication device 20 according to the first embodiment of the present invention.

  Referring to FIG. 14, user ID selection screen 104 # shows a case where “Erik” user ID selection button 109 is further provided as compared to user ID selection screen 104 of FIG. Yes.

  Therefore, by executing the new user registration process, it is possible to execute image authentication for the newly registered user ID “Erik”.

  Here, when the user ID selection button is selected, image authentication for the corresponding user ID is started.

  FIG. 15 is a diagram illustrating authentication screen 400 displayed on authentication device 20 according to the first embodiment of the present invention.

  Referring to FIG. 15, there is shown a case where an image 402 as a plurality of options is displayed together with a message “Please select correct answer”. Specifically, it is assumed that nine 3 × 3 images are displayed in a selectable state. The user selects the correct image registered by himself / herself from the nine images displayed on the authentication screen 400 and selects an “OK” button 404. By this operation, authentication determination processing is executed. When the user selects the correct image, the authentication is successful, and when the user selects the incorrect image, the authentication fails. It is also possible to further reduce the probability of successful authentication by providing a “none” button that is selected when there is no correct image.

  If the authentication is successful, the authentication device 20 outputs information indicating that the authentication is successful to the key management device 5 and unlocks the key. On the other hand, if the authentication fails, the authentication device 20 requests the user to re-authenticate.

Then, the authentication device 20 requests the user to re-authenticate until the authentication is successful.
In the first embodiment, the authentication strength (security level) of re-authentication is adjusted according to the number of authentication failures. More specifically, the probability of successful authentication when re-authentication is adjusted.

  FIG. 16 is a sequence diagram showing a procedure of authentication processing in authentication device 20 according to the first embodiment of the present invention.

  Each step illustrated in FIG. 16 is executed by the authentication screen generation unit 256, the authentication data storage unit 250, the user information reception unit 260, the authentication determination unit 258, and the authentication strength adjustment unit 262 of the authentication device 20 illustrated in FIG. Is done. In this example, a process when the authentication succeeds for the third time after the second authentication failure will be described.

  In step S60 described above, the authentication screen generation unit 256 sends information for displaying the generated user ID selection screen to the user information reception unit 260 for display. Specifically, the user information accepting unit 260 displays the user ID selection screen 104 (FIG. 14) on the display 214 (FIG. 3) or the like based on the information for displaying the user ID selection screen received from the authentication screen generation unit 256. ) Is displayed.

  Then, assume that the user selects user ID “Erik” on user ID selection screen 104 # shown in FIG. 14 (user operation in step S62). Then, in step S64, the user information reception unit 260 sends a user ID selection instruction to the authentication screen generation unit 256.

  In step S66, the authentication screen generation unit 256 requests image data from the authentication data storage unit 250 in accordance with a user ID selection instruction. The authentication data storage unit 250 sends the requested image data to the authentication screen generation unit 256. In step S <b> 70, the authentication screen generation unit 256 generates information for displaying an authentication screen having a correct image according to the correct data ID according to the selected user ID and a habit image that becomes an incorrect image.

  In step S72, the authentication screen generating unit 256 sends information for displaying the generated authentication screen to the user information receiving unit 260 and displays the information. Specifically, the user information reception unit 260 displays the authentication screen 400 (FIG. 15) on the display 214 (FIG. 3) or the like based on the information for displaying the authentication screen received from the authentication screen generation unit 256. .

  Then, it is assumed that the user selects an image and selects the OK button 404 on the authentication screen 400 shown in FIG. 15 (user operation in step S74). Then, in step S76, the user information reception unit 260 sends the selected image data to the authentication screen generation unit 256. In step S78, the authentication screen generation unit 256 notifies the authentication determination unit 258 of the selected image data. Specifically, the data ID corresponding to the selected image data is notified.

  In step S80, the authentication determination unit 258 performs authentication determination to determine whether the notified data ID matches the correct data ID registered corresponding to the user ID included in the authentication data. Execute. In this example, it is assumed that authentication has failed. In step S <b> 82, the authentication determination unit 258 outputs an authentication failure notification to the authentication strength adjustment unit 262. In step S84, the authentication strength adjustment unit 262 counts the number of authentication failures. In step S <b> 86, the authentication strength adjustment unit 262 outputs a re-authentication screen generation instruction to the authentication screen generation unit 256 together with authentication strength information according to the counted number of authentication failures.

  In step S88, the authentication screen generation unit 256 generates information for displaying a re-authentication screen corresponding to the authentication strength information (N = 1). The re-authentication screen will be described later.

  In step S90, the authentication screen generation unit 256 sends information for displaying the generated re-authentication screen to the user information reception unit 260 for display. Specifically, the user information reception unit 260 displays the re-authentication screen on the display 214 (FIG. 3) or the like based on the information for displaying the re-authentication screen received from the authentication screen generation unit 256.

  Then, it is assumed that the user selects an image and selects the OK button 404 on the re-authentication screen (user operation in step S92). Then, in step S94, the user information reception unit 260 sends the selected image data to the authentication screen generation unit 256. In step S96, the authentication screen generation unit 256 notifies the authentication determination unit 258 of the selected image data. Specifically, the data ID corresponding to the selected image data is notified.

  In step S98, the authentication determination unit 258 performs authentication determination to determine whether or not the notified data ID matches the correct data ID registered corresponding to the user ID included in the authentication data. Execute. In this example, it is assumed that authentication has failed. In step S <b> 100, the authentication determination unit 258 outputs an authentication failure notification to the authentication strength adjustment unit 262. In step S102, the authentication strength adjustment unit 262 counts the number of authentication failures. In step S104, the authentication strength adjustment unit 262 outputs a re-authentication screen generation instruction to the authentication screen generation unit 256 together with authentication strength information (N = 2) according to the counted number of authentication failures.

  In step S106, the authentication screen generation unit 256 generates information for displaying a re-authentication screen corresponding to the authentication strength information (N = 2).

  In step S108, the authentication screen generation unit 256 sends information for displaying the generated re-authentication screen to the user information reception unit 260 and displays the information. Specifically, the user information reception unit 260 displays the re-authentication screen on the display 214 (FIG. 3) or the like based on the information for displaying the re-authentication screen received from the authentication screen generation unit 256.

  In the re-authentication screen, it is assumed that the user selects an image and selects the OK button 404 (user operation in step S110). Then, in step S112, the user information reception unit 260 sends the selected image data to the authentication screen generation unit 256. In step S114, the authentication screen generation unit 256 notifies the authentication determination unit 258 of the selected image data. Specifically, the data ID corresponding to the selected image data is notified.

  In step S116, the authentication determination unit 258 performs authentication determination to determine whether the notified data ID matches the correct data ID registered corresponding to the user ID included in the authentication data. Execute. In this example, it is assumed that authentication is successful. In step S <b> 118, the authentication determination unit 258 outputs an authentication success notification to the authentication screen generation unit 256. In step S120, the authentication screen generation unit 256 sends information for displaying an authentication result (authentication success) screen to the user information reception unit 260 and displays the information. Then, the authentication device 20 notifies the key management device 5 that the authentication process has been successful, and the key 2 is set to the unlocked state.

  FIG. 17 is a diagram illustrating the relationship between the number of authentication failures and the authentication screen configuration according to the first embodiment of the present invention.

  Referring to FIG. 17, in this example, the number of authentication failures and the authentication strength information take the same value, and the number of images displayed as the authentication screen configuration increases according to the number of authentication failures (authentication strength information). The case to be shown is shown.

  Specifically, when authentication has not failed, that is, when the number of authentication failures N = 0, nine images that are 3 × 3 images are displayed.

  When the number of authentication failures N = 1, 16 images that are 4 × 4 images are displayed. According to the same method, when the number of authentication failures N = M, (M + 3) × (M + 3) images are displayed.

  FIG. 18 is a diagram illustrating transition of the number of images displayed on the authentication screen according to the first embodiment of the present invention.

  Referring to FIG. 18, the number of images displayed on the authentication screen increases according to the number of authentication failures (N). Therefore, the probability of successful authentication can be reduced by increasing the number of images displayed at the time of re-authentication due to the failure of authentication. In other words, when authentication fails, security can be strengthened at the time of re-authentication, making it difficult for the authentication to succeed. Since the correct image is not changed, the convenience for re-authentication is high for a true user.

  FIG. 19 is a flowchart illustrating a main flow of authentication processing according to the first embodiment of the present invention.

  Each step shown in FIG. 19 is provided by the CPU 202 (FIG. 3) executing a program.

  Referring to FIG. 19, first, CPU 202 displays an initial screen (step S200). Specifically, the initial screen 100 described with reference to FIG.

  Subsequently, the CPU 202 determines whether or not there is a start instruction (step S202). Specifically, it is determined whether or not the start button 102 has been input on the initial screen 100 of FIG. If not input (NO in step S202), the process of step S200 is repeated.

  If CPU 202 determines that there has been an input of a start button (YES in step S202), it next displays a user ID selection screen (step S204). Specifically, the above-described user ID selection screen 104 of FIG. 6 is displayed based on the authentication data.

  Next, in step S206, the CPU 202 determines whether or not a new user registration instruction has been given. If it is determined in step S206 that there is a new user registration instruction (YES in step S206), a new user registration process is executed (step S208). Specifically, it is determined whether or not the new user registration button 110 has been selected on the user ID selection screen 104 (the new user registration button 110 and the determination button 108 have been pressed). When the new user registration button 110 is selected, a new user registration process is executed. The new user registration process will be described later.

  On the other hand, if it is determined in step S208 that there is no new user registration instruction (NO in step S206), it is determined whether there is an instruction for a user name (step S210). Specifically, it is determined whether or not the user ID selection button 106 is selected on the user ID selection screen 104 (the user ID selection button 106 and the determination button 108 are pressed). If the user ID selection button 106 is selected, a process for displaying an image authentication screen is executed (step S212). Processing for displaying the image authentication screen will be described later.

  If there is no user name instruction in step S210 (NO in step S210), the process returns to step S200. Specifically, when the return button 107 is selected on the user ID selection screen 104, the screen returns to the initial screen.

  After the process of displaying the image authentication screen in step S212, it is determined whether an image has been selected (step S214). If an image is selected in step S214 (YES in step S214), authentication determination is executed (step S216).

  Next, it is determined whether or not the authentication is OK (step S218). If it is determined in step S218 that the authentication is OK (YES in step S218), a notification that the authentication is OK is sent (step S222). Specifically, the CPU 202 notifies the key management device 5 that the authentication is OK via the communication I / F 212. The key is unlocked according to the notification.

  On the other hand, if the authentication has failed (NO in step S218), the number of authentication failures is counted up (N = N + 1) (step S220). In step S212, the process returns to the process for displaying the image authentication screen. Similarly, if no image is selected in step S214 (NO in step S214), the process returns to step S212.

Next, the new user registration process will be described.
FIG. 20 is a flowchart illustrating a subroutine process of the new user registration process according to the first embodiment of the present invention.

  Referring to FIG. 20, CPU 202 displays a new user registration screen (step S310). Specifically, the new user registration screen 310 described with reference to FIG.

  Subsequently, the CPU 202 determines whether or not data has been input (step S312). Specifically, in the new user registration screen 310, the user operates the soft keyboard 314, inputs a user ID as user information to be newly registered, and determines whether the determination button 318 is selected. If CPU 202 determines in step S312 that data has been input (YES in step S312), it confirms registration (step S314).

  Then, the CPU 202 determines whether it is already registered (step S316). If it is determined in step S316 that the registration has been completed (YES in step S316), the process is interrupted and the process returns to step S204. Specifically, when the user has already been registered, the user is prompted to input data related to another user ID again.

  On the other hand, in step S316, if the CPU 202 determines that it has not been registered (YES in step S316), it displays an image selection screen (step S318). Specifically, the image selection screen 320 described with reference to FIG. Then, the CPU 202 determines whether or not there is a selection input on the image selection screen 320 (step S320). If CPU 202 determines in step S320 that there has been a selection input (YES in step S320), it updates the authentication data (step S322). Specifically, user information in which the input user ID is associated with the selected image data ID is stored in the authentication data storage unit 250. As a result, the authentication data in the authentication data storage unit 250 is updated as described with reference to FIG.

  Then, the CPU 202 displays a new user registration confirmation screen (step S324). Specifically, the new user registration confirmation screen 330 described with reference to FIG. Then, the process ends (return). Specifically, in the new user registration confirmation screen 330, the processing is ended by pressing the confirmation button 334, and the process returns to step S204 again, and the user ID selection screen 104 # described with reference to FIG. 14 is displayed. .

  FIG. 21 is a flowchart illustrating a subroutine process of the image authentication screen display process according to the first embodiment of the present invention.

  Referring to FIG. 21, CPU 202 confirms authentication strength information (step S330). Specifically, in this example, the authentication strength information is the number of authentication failures.

  Next, an authentication screen corresponding to the authentication strength information is generated (step S332). Specifically, as described in FIGS. 17 and 18, the number of images displayed on the authentication screen is adjusted according to the number of authentication failures (authentication strength information). Therefore, the probability of successful authentication can be reduced by increasing the number of images displayed at the time of re-authentication due to the failure of authentication. In other words, when authentication fails, security can be strengthened at the time of re-authentication, making it difficult for the authentication to succeed.

  Conventionally, when the authentication fails, there is a problem that the password length becomes long or it is necessary to re-authenticate using another password and the burden on memory is large and the convenience is lacking. The method according to the first embodiment only increases the number of obscured images that are incorrect images at the time of re-authentication, and does not impose a heavy burden on the user's memory, allowing easy re-authentication and high re-authentication. A security level can be secured.

(Modification 1 of Embodiment 1)
In the above description, the case where the number of images displayed on the authentication screen is adjusted according to the number of authentication failures on the re-authentication screen has been described. In the first modification of the first embodiment, a case where the number of authentications is adjusted according to the number of authentication failures will be described.

  FIG. 22 is a diagram illustrating the relationship between the number of authentication failures and the number of authentication screens according to the first modification of the first embodiment of the present invention.

  Referring to FIG. 22, in this example, the number of authentication failures and the authentication strength information take the same value, and the number of authentication screens increases according to the number of authentication failures (authentication strength information). .

  Specifically, when authentication has not failed, that is, when the number of authentication failures N = 0, 16 images that are 4 × 4 images are displayed once as an authentication screen.

  When the number of authentication failures N = 1, 16 images that are 4 × 4 images are displayed twice as an authentication screen. According to the same method, when the number of authentication failures N = M, the authentication screen is displayed M + 1 times.

  When the configuration of the first embodiment is used, the authentication strength adjustment unit 262 notifies the authentication determination unit 258 of authentication strength information (N).

  Then, the authentication determination unit 258 may repeat authentication for the number of times according to the authentication strength information (N). For example, when receiving the notification of the authentication strength information (N = 1), the authentication determination unit 258 instructs the authentication screen generation unit 256 to generate two re-authentication screens. Specifically, the authentication determination unit 258 performs authentication determination on the first re-authentication screen generated by the authentication screen generation unit 256, and even if the authentication determination unit 258 succeeds, the authentication determination unit 258 further performs the authentication determination on the authentication screen generation unit 256. Instructs the generation of the second re-authentication screen. It is assumed that the authentication is successful when the authentication determination for the second re-authentication screen is successful. Authentication can be repeated a plurality of times by this method.

  FIG. 23 is a diagram for explaining the transition of the number of authentication screens according to the first modification of the first embodiment of the present invention.

  Referring to FIG. 23, the number of authentication screens increases according to the number of authentication failures (N). Therefore, it is possible to reduce the probability of successful authentication by increasing the number of authentication screens displayed at the time of re-authentication, that is, the number of authentications, due to failure of authentication. In other words, when authentication fails, security can be strengthened at the time of re-authentication, making it difficult for the authentication to succeed.

  Therefore, the method according to the first modification of the first embodiment of the present invention only increases the number of times of authentication at the time of re-authentication, and does not impose a heavy burden on the user's memory. It is possible to ensure a high security level.

  It is also possible to increase the number of authentications as well as the number of images in combination with the first embodiment.

(Modification 2 of Embodiment 1)
In the above, the case where the number of authentications is adjusted according to the number of authentication failures on the re-authentication screen has been described.

  FIG. 24 is a diagram illustrating the relationship between the number of authentication failures and the authentication screen time limit according to the second modification of the first embodiment of the present invention.

  Referring to FIG. 24, in this example, the number of authentication failures and the authentication strength information take the same value, and the time limit of the authentication screen is adjusted according to the number of authentication failures (authentication strength information). ing.

  Specifically, when authentication has not failed, that is, when the number of authentication failures N = 0, 16 images that are 4 × 4 images are displayed as the authentication screen, and no time limit is provided.

  When the number of authentication failures N = 1, 16 images that are 4 × 4 images are displayed as the authentication screen, and the time limit is set to 1 minute.

  When the number of authentication failures N = 2, 16 images that are 4 × 4 images are displayed as the authentication screen, and the time limit is set to 50 seconds. According to the same method, when the number of authentication failures N = M, the time limit is set shorter. Accordingly, it is possible to reduce the probability of successful authentication by shortening the time limit for re-authentication due to failure of authentication. In other words, when authentication fails, security can be strengthened at the time of re-authentication, making it difficult for the authentication to succeed.

  When the configuration of the first embodiment is used, the authentication strength adjustment unit 262 notifies the authentication screen generation unit 256 of authentication strength information (N). Then, the authentication screen generation unit 256 may determine whether or not the selected image data is sent from the user information receiving unit 260 within the time limit according to the authentication strength information (N). If the selected image data is not sent to the authentication screen generating unit 256 within the time limit, the authentication determining unit 258 is notified that the selected image data is not sent. As a result, the authentication determination unit 258 can determine that the authentication has failed if there is no input within the time limit.

  In this modification, the case where the time limit for successful authentication is shortened according to the number of authentication failures as the authentication screen time limit has been described, but conversely, the time for determining authentication according to the number of authentication failures You may make it lengthen.

  For example, in the flowchart of FIG. 21, it is possible to adjust the time by providing a waiting time until the authentication strength information is confirmed in step S330 and the authentication screen is created according to the number of authentication failures.

  For example, when the number of authentication failures N = 0, the standby time is set to zero. When the number of authentication failures N = 1, the standby time is set to 30 seconds. When the number of authentication failures N = 2, the waiting time is set to 1 minute. Increasing the waiting time increases the time that an unauthorized user waits on the spot. Therefore, the probability of being noticeable increases and the security level can be increased.

  Note that it is also possible to use in combination with the modification of the first embodiment.

(Other variations)
In the above embodiment, if the number of authentication failures is added and the authentication fails eight times, the authentication process may be locked. For example, in the flowchart of FIG. 21, when the authentication strength information is confirmed in step S330 and the number of authentication failures is 8, the authentication process can be locked without generating an authentication screen. By locking the authentication process, it is possible to prevent re-authentication without restriction and to avoid intrusion due to unauthorized access. When the number of authentication failures is 8, the alarm information may be notified from the authentication device 20 to the outside.

  As another modification, an incorrect image that is a habit image may be changed along with the feature of the correct image according to the number of authentication failures. For example, when the correct image is a male face, by using a human face or another male face in the spear image, the probability of successful authentication is reduced by displaying a spider image that is confused with the correct image. It is possible to strengthen the security at the time of re-authentication and make it difficult for the authentication to succeed. As an example, it is possible to use a known technique (for example, Japanese Patent Laid-Open No. 2001-202523) that searches for a habit image that is confusing with the correct image, that is, a similar image. Alternatively, depending on the number of authentication failures, the color of the correct image and the wrong image that is an incorrect image are changed, rotated, or the image size is changed. Since the impression of a correct image or the like changes depending on the method, it is possible to reduce the probability of successful authentication and enhance security at the time of re-authentication, making it difficult to perform authentication.

(Embodiment 2)
FIG. 25 is a diagram illustrating an outline of the key management system according to the second embodiment of the present invention.

  Referring to FIG. 25, there is shown a case where a lighting device 40 and / or a management server 30 are newly provided as compared with the key management system according to FIG.

  The management server 30 and the lighting device 40 are assumed to be connected to the authentication device 20. For example, when the number of authentication failures is 8, the CPU 202 of the authentication apparatus 20 may transmit alarm information to the management server 30 via the communication I / F 212, for example. In addition, the lighting device 40 is controlled so that light is emitted from the lighting device 40 to a user who is executing the authentication process, and when the user is an unauthorized user, the unauthorized user can be easily identified. Is possible. Therefore, the probability of being noticeable increases and the security level can be increased. Or you may make it adjust the light quantity which controls the illuminating device 40 and irradiates light according to the frequency | count of authentication failure. Or although not shown in figure, it is also possible to adjust the volume output from the touch panel from the speaker according to the number of authentication failures, or to notify the alarm information according to the number of authentication failures.

  Therefore, the method according to the second embodiment of the present invention operates in conjunction with other devices at the time of re-authentication, so that the burden on the user's memory is not great, and re-authentication can be easily performed. It is possible to ensure a high security level for authentication.

[Other embodiments]
The authentication apparatus according to the present embodiment can be applied to other than the key management system shown in FIG.

  FIG. 26 is a diagram illustrating an outline of another system according to an embodiment of the present invention.

  Referring to FIG. 26, here, server device 28 connected to network NW1 is provided. This server device 28 accepts access by a mobile terminal 22 such as a PDA, a mobile phone 23 and the like in addition to a PC (Personal Computer) 24 connected to the same network NW1. That is, the mobile terminal 22 accesses the server device 28 via the wireless relay station 25 connected to the network NW1. The mobile phone 23 accesses the server device 28 via the base station 27 and the network NW2 connected to the base station 27. It is assumed that the server device can execute a predetermined application. Examples include services such as Internet shopping, groupware services, photo albums, document management, mail services, and the like.

  The network NW1 and the network NW2 are connected to a gateway (GW) 26.

  When accessing the server device 28 from such various devices, the image authentication as described above is executed. In a certain form, the server apparatus 28 performs all the processes related to image authentication. In this case, for example, various screens as described above may be provided using a Web application executed on the mobile terminal 22 and / or the mobile phone 23.

  In another embodiment, the server device 28 and the portable terminal 22 or the like cooperate to execute processing related to image authentication. In this case, a dedicated application such as the portable terminal 22 is installed, and this application provides a user interface and intermediate processing necessary for image authentication.

  In the above description, the image authentication in which two correct images are registered, two correct images are selected on the authentication screen, and the authentication process is executed has been described. However, the present invention is not limited to two. It is good, and 3 or more may be sufficient. Further, a method of registering the order of selecting images and selecting correct images in the order may be employed. Also, password authentication is possible without being limited to images. For example, 4-digit character data may be registered, and a 4-digit character may be input from a plurality of character data on the authentication screen. In this case, for example, the types of character data that can be selected according to the number of authentication failures may be increased.

  In addition, it is also possible to provide a program that causes a computer to function for each unit that controls the above-described apparatus, and executes control as described in the above flow. Such programs are not temporary, such as a flexible disk attached to the computer, a CD-ROM (Compact Disk-Read Only Memory), a ROM (Read Only Memory), a RAM (Random Access Memory), and a memory card. It can also be recorded on a recording medium and provided as a program product. Alternatively, the program can be provided by being recorded on a recording medium such as a hard disk built in the computer. A program can also be provided by downloading via a network.

  The program may be a program module that is provided as part of an operating system (OS) of a computer and that calls necessary modules in a predetermined arrangement at a predetermined timing to execute processing. In that case, the program itself does not include the module, and the process is executed in cooperation with the OS. A program that does not include such a module can also be included in the program according to the present invention.

  The program according to the present invention may be provided by being incorporated in a part of another program. Even in this case, the program itself does not include the module included in the other program, and the process is executed in cooperation with the other program. Such a program incorporated in another program can also be included in the program according to the present invention.

  The provided program product is installed in a program storage unit such as a hard disk and executed. The program product includes the program itself and a recording medium on which the program is recorded.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is shown not by the above description of the embodiments but by the scope of claims, and is intended to include all modifications within the meaning and scope equivalent to the scope of claims.

  2 keys, 3 users, 4 doors, 5 key management device, 6,255 external communication unit, 7 unlocking management unit, 20 authentication device, 22 mobile terminal, 23 mobile phone, 25 wireless relay station, 27 base station, 28 server Device, 30 management server, 40 lighting device, 164, 264 data input / output unit, 204 RAM, 206 ROM, 208 CD drive, 210 HDD, 214 display, 216 touch panel, 220 internal bus, 250 data storage unit for authentication, 252 authentication Data, 253 Image data, 256 Authentication screen generation unit, 258 Authentication determination unit, 260 User information reception unit, 262 Authentication strength adjustment unit.

Claims (10)

An option presenting means for presenting a plurality of options on the display means;
Selection accepting means for accepting an input of a user's selection for the plurality of presented options;
Authentication determination means for determining whether or not authentication is possible in response to selection / non-selection of a correct answer option received by the selection reception means;
An authentication apparatus comprising: an authentication strength adjusting unit that adjusts a security level of re-authentication for re-selecting the selection of the correct answer according to the number of authentication failures in the authentication determination unit.   The authentication apparatus according to claim 1, wherein the authentication strength adjusting unit decreases a probability of successful authentication when re-authentication is performed when the number of authentication failures in the authentication determination unit increases.   The said authentication strength adjustment means is instruct | indicated to change the number of the choices shown by the said choice presentation means in the case of re-authentication according to the frequency | count of the authentication failure in the said authentication determination means. Authentication device.   The authentication strength adjustment unit instructs the authentication determination unit to change the number of authentication determinations for determining whether or not authentication is possible in the re-authentication in accordance with the number of authentication failures in the authentication determination unit. Or the authentication apparatus of 2.   The authentication apparatus according to claim 1, wherein the authentication strength adjustment unit instructs to adjust an authentication period when re-authentication is performed according to the number of authentication failures in the authentication determination unit.   The authentication apparatus according to claim 1, wherein the authentication strength adjustment unit sets authentication to be impossible when the number of authentication failures in the authentication determination unit exceeds a predetermined number. A notification means for notifying alarm information to the outside;
The authentication according to claim 1, wherein the authentication strength adjustment unit instructs the notification unit to notify the alarm information to the outside when the number of authentication failures in the authentication determination unit exceeds a predetermined number. apparatus.   The authentication apparatus according to claim 1, wherein the authentication determination unit executes image authentication or password authentication. Presenting a plurality of options on the display means;
Receiving a user selection input for the plurality of presented options;
Determining whether or not to authenticate according to selection / non-selection of the accepted correct answer option;
Adjusting the security level of re-authentication for reselecting the selection of the correct answer according to the number of authentication failures. In the computer of the authentication device,
Presenting a plurality of options on the display means;
Receiving a user selection input for the plurality of presented options;
Determining whether or not to authenticate according to selection / non-selection of the accepted correct answer option;
Adjusting the security level of re-authentication for reselecting the selection of the correct answer according to the number of authentication failures.

Images