JP2017162415A - Authentication device, authentication method and electronic apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technique for supporting a smooth input of a password by a normal user without substantially reducing a security.SOLUTION: An authentication device (image formation device 100) comprises: an operation display part for displaying a fact that each of characters forming an input password is input, by display of any of a first symbol and a second symbol different from the first symbol; and an authentication part for storing a password which does not match an authentication password, as a storage password, when the input password and the authentication password do not match. The authentication part compares a storage character string formed of a plurality of characters forming the storage password, with a re-input character string formed of a plurality of characters forming a re-input password which is input again after storage of the storage password, then displays each character of the re-input character string which matches a storage character string, on the operation display part by a first symbol, and displays each character of the re-input character string which does not match the storage character string on the operation display part by a second symbol.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an authentication apparatus, an authentication method, and input of a password in an electronic device.

  Some electronic devices, such as portable terminals, store data that should be allowed to be accessed only by legitimate users, such as personal information, and require authentication using a password. Some of such electronic devices are restricted in the number of re-inputs in order to eliminate password input due to trial and error of a third party by guessing, for example. In this electronic device, when a predetermined number of re-inputs is reached, a corresponding process for limiting misuse by a third party such as locking (login restriction or the like) or deletion of personal data is performed. However, if a legitimate user repeatedly enters the wrong password due to misunderstanding or pushing the password, the lock or data deletion may be performed against the will of the legitimate user. . With respect to such a problem, Patent Document 1 discloses a technique for stopping a count by a password input count (error count) counting means and inputting a password re-input if a predetermined avoidance character is additionally input in addition to the password. Has proposed.

JP 2012-8734 A

  However, according to the technique of Patent Document 1, there is a problem that the countermeasures due to lock and data deletion are substantially relaxed. As described above, adopting a mitigation measure against an erroneous input of a legitimate user has caused a trade-off problem between user convenience and security enhancement, which substantially reduces security.

  The present invention has been made in view of such a situation, and an object of the present invention is to provide a technology that supports a smooth input of a password by a legitimate user without substantially reducing security.

  An authentication apparatus according to the present invention includes a storage unit for storing an authentication password, an input of a password, and a first symbol and a first symbol indicating that each character constituting the input password has been input. When the operation display unit indicated by any one of the second symbols different from the above and the input password and the authentication password match, authentication is performed, and the password and the authentication password do not match And an authentication unit that stores the unmatched password as a storage password, and the authentication unit re-stores a storage character string formed of a plurality of characters constituting the storage password and after storing the storage password. A re-entry character string composed of a plurality of characters constituting the re-entry password that is the input password is compared with the stored character string. Each character of the re-input character string being displayed is displayed on the operation display unit with the first symbol, and each character of the re-input character string not matching the stored character string is displayed with the second symbol. It is displayed on the operation display unit.

  The authentication method according to the present invention includes a storage step of storing an authentication password, an input of the password, and a first symbol and the first symbol indicating that each character constituting the input password has been input. The operation display step of displaying with one of the second symbols different from the above, and when the input password and the authentication password match, the use restriction is released, and the password and the authentication password match. An authentication step of storing the unmatched password as a storage password when there is no password, and the operation display step includes a storage character string composed of a plurality of characters constituting the storage password, and the storage password Compared to a re-entry string consisting of multiple characters that make up a re-entry password, which is a re-entered password after storage. And each character of the re-input character string that matches the stored character string is displayed by the first symbol, and each character of the re-input character string that does not match the stored character string is displayed in the second The process of displaying with the symbol of.

  According to the image reading apparatus and the like of the present invention, it is possible to provide a technology that supports a smooth input of a password by a legitimate user without substantially reducing security.

1 is a block diagram showing a functional configuration of an image forming apparatus according to an embodiment of the present invention. The flowchart which shows the content of the authentication process which concerns on one Embodiment. Explanatory drawing which shows the login screen which concerns on one Embodiment. The flowchart which shows the content of the password input process which concerns on one Embodiment. The example of the input display in the password input screen which concerns on one Embodiment.

  Hereinafter, modes for carrying out the present invention (hereinafter referred to as “embodiments”) will be described with reference to the drawings.

  FIG. 1 is a block diagram showing a functional configuration of an image forming apparatus 100 according to an embodiment of the present invention. The image forming apparatus 100 includes a control unit 110, an image forming unit 120, an operation display unit 130, and a storage unit 140. The image forming unit 120 reads an image from a document to generate image data, and performs printing on a print medium based on the processed image data. The operation display unit 130 functions as a touch panel and accepts input of a password by the user. The control unit 110 includes an authentication unit 111 that performs user authentication using a password. The control unit 110 releases the use restriction of the image forming apparatus 100 according to user authentication. The usage restriction is a restriction on a function permitted only to an authenticated user, for example.

  The control unit 110 includes main storage means such as RAM and ROM, and control means such as MPU (Micro Processing Unit) and CPU (Central Processing Unit). The control unit 110 also has controller functions related to various I / O, USB (Universal Serial Bus), bus, and other hardware interfaces, and controls the entire image forming apparatus 100.

  The storage unit 140 is a storage device including a hard disk drive or a flash memory that is a non-temporary recording medium, and stores a control program and data for processing executed by the control unit 110.

  FIG. 2 is a flowchart showing the contents of the authentication process according to an embodiment. In step S10, the user touches the operation display unit 130 of the image forming apparatus 100 in a non-login state, for example. The control unit 110 displays a login screen 131 in response to a touch on the operation display unit 130.

  FIG. 3 is an explanatory diagram illustrating a login screen 131 according to an embodiment. The login screen 131 includes a user name field 132 for inputting a login user name, a password field 133 for inputting a password configured as a character string, and a login icon 134. In the user name field 132, an employee number 2511 is input as a user name.

  FIG. 3A shows an initial input screen, and FIG. 3B shows a re-input screen. The initial input screen shows a state (input state) in which a user first inputs a password after inputting a login user name. On the initial input screen, a predetermined symbol (* mark) is uniformly displayed corresponding to each character of the input password.

  In the present embodiment, the input state of each character of a password input with a predetermined symbol (* mark) is uniformly displayed with the predetermined symbol (* mark) so that the input character is not specified by a third party. ing. Thereby, it is possible to suppress a situation where a password is seen by a third party.

  Note that the re-input screen indicates that the password is re-input after entering the password incorrectly (input status). Details of the re-input screen will be described later.

  In step S20, the user executes a password input process. Details of the password input process will be described later. In step S30, the user touches the login icon 134 in response to the completion of password input.

  In step S40, the authentication unit 111 determines whether or not the input password matches the authentication password. The authentication password is registered in advance in the storage unit 140 for each user. The authentication unit 111 reads out the authentication password associated with the employee number 2511 from the storage unit 140 and compares it with the input password. If they match, the process proceeds to step S70, and the login of the user having the employee number 2511 is permitted. On the other hand, if the two do not match, the process proceeds to step S50.

  In step S50, the authentication unit 111 counts (counts up) the number N of re-inputs. The initial value of the re-input count N is “0”. In step S50, the authentication unit 111 performs counting by executing the processing of the calculation formula (N = N + 1).

  In step S60, the authentication unit 111 determines whether or not the re-input count N is larger than a preset threshold value Th. Specifically, for example, when Th = 5 is set, when N is 6, the process proceeds to step S80, and when N is 5 or less, the process returns to step S20.

  In step S80, the authentication unit 111 executes a lock process. In the lock process, for example, when the login user name is 2511, the password field 133 of the login screen 131 is locked and the password input is not accepted. This state continues, for example, after a predetermined time (for example, 10 minutes) elapses or until a release process is performed by the system administrator. As a result, the image forming apparatus 100 can make it difficult for unauthorized access by trial and error by a third party.

  However, in reality, there are cases where a legitimate user fails to authenticate many times and lock processing is executed. The inventor of the present application analyzed the cause of this situation and found out the following reason. That is, since the login screen 131 displays the input state of each character of the password by a predetermined symbol (* mark), the user cannot confirm the input character. Therefore, when the authentication fails, the user cannot confirm whether the user has failed due to the intended input content or simply fails to press.

  In particular, when it fails with the intended contents, that is, when the user mistakenly enters the password for logging in to another device (not shown) instead of making a mistake, and the user misunderstands that it is just a mistake. There is a high possibility that authentication will fail repeatedly. The present invention has been created based on such analysis and knowledge by the inventors.

  FIG. 4 is a flowchart showing the contents of password input processing according to an embodiment. FIG. 5 is an explanatory diagram illustrating an example of a password input screen according to an embodiment. In step S21, the user inputs the first character (first character) constituting the password in the password field 133 (see FIG. 3B).

  In step S22, the authentication unit 111 determines whether the password is re-input. This determination is made based on whether or not the re-input count N is the initial value “0”. If the password is re-input (N ≠ 0), the process proceeds to step S23. If the password is not re-input (N ≠ 0), the process proceeds to step S25.

  The re-entered password is also called a re-enter password. The re-input password is a password that is input after the input password is stored at least once (that is, after storage in step S27). Each character constituting the re-entry password is also called a re-entry character. The re-input password is configured as a re-input character string having a plurality of re-input characters.

  In step S23, the authentication unit 111 determines whether or not the character input this time is different from the character input last time. Specifically, the authentication unit 111 includes the first character (first character) included in the password among the previously input characters and the first character (first character) included in the password among the characters input this time. To determine whether or not. If they are different, the process proceeds to step S24; otherwise, the process proceeds to step S25.

  In the input example shown in FIG. 5A, the first character constituting the password among the previously inputted characters is “A”, and the first character constituting the password among the characters inputted this time is also “ A ". Therefore, the process proceeds to step S25.

  In step S25, the authentication unit 111 displays a predetermined symbol (* mark) on the left end of the password field 133 in response to the input of the first character “A”. As a result, the user can confirm that the first character of the password has been input to the image forming apparatus 100, but cannot confirm what has been input.

  Here, since the character “B” has been input for the second character both last time and this time, the authentication unit 111 starts from the left end of the password field 133 in response to the input of “B”, which is the second character. A predetermined symbol (* mark) is displayed at the second position. The same applies to the fourth and sixth characters. The predetermined symbol (* mark) is also called a first symbol.

  On the other hand, for the third character, since the character “X” was input last time and the character “C” was input this time, the authentication unit 111 responds to the input of “C”, which is the third character. The character “C” is displayed at the third position from the left end of the password field 133. Thereby, the user can confirm that the character “C” is input this time and the character other than the character “C” is input last time. The same applies to the fifth character. That is, the user can confirm that the character “E” has been input this time and that a character other than the character “E” has been input last time. Note that the letter “C” and the letter “E” are also called second symbols.

  An erroneous input due to a wrong press is generally caused by pressing an adjacent key rather than a target key (not shown). In this type of erroneous input, not all characters but only some characters are often erroneously input, so it is possible to confirm which character has been pressed incorrectly. As a result, the user can be careful about inputting the wrong key after the next time, so that password input can be facilitated. Furthermore, since the cause of the authentication failure can be specified during the password input, the psychological burden on the user can be reduced.

  On the other hand, in the input example shown in FIG. 5B, it is assumed that the user misinterprets a password for an electronic device other than the image forming apparatus 100 as a password for the image forming apparatus 100. In this example, the character string constituting the password among the previously input characters and the character string constituting the password among the characters input this time are completely matched. In this case, the authentication unit 111 displays a predetermined symbol (* mark) in the password field 133 for all character inputs.

  Thereby, since the user can confirm that the same password as the password that failed to be authenticated is input, it is possible to prevent repeated authentication failures when the same password is input. Specifically, the user notices that a password for an electronic device other than the image forming apparatus 100 is input. In addition, the user can delete the entered password and input the correct password by preventing the mistake by pressing the key carefully without counting the authentication failure.

  In step S26, the user determines whether or not the input is completed. If the input is complete, the process proceeds to step S27. If the input is not complete, the process returns to step S21. Thus, by repeating steps S21 to S25 for each character constituting the password, all characters from the first character to the sixth character constituting the password can be input.

  In step S27, the authentication unit 111 stores the input password in the storage unit 140, and then proceeds to step S30 (see FIG. 2). In step S40, the authentication unit 111 determines whether or not the password input as described above matches the authentication password. The input password stored in the storage unit 140 is not only used for login authentication in step S40, but also used in step S23 described above.

  The input password may not necessarily be stored in the storage unit 140 but may be stored in the main storage unit such as the above-described RAM included in the control unit 110. The stored input password is also called a stored password. Each character constituting the stored password is also called a stored character. The stored password is configured as a stored character string having a plurality of stored characters.

  As described above, according to the present embodiment, there is provided a technique for supporting a smooth input of a password by a legitimate user without substantially reducing security. In the present embodiment, smooth input of a password is supported using a history of input passwords input by an authorized user.

  As a result, the essence of the present embodiment is that smooth input of a password can be supported without changing any security-related configuration such as lock processing and without using any information related to an authentication password. It has the characteristic. In addition, when entering a password, the user knows that part of the input is a mistake, so the psychological stress of entering the password can be reduced, and the password can be entered smoothly and quickly. it can.

  The present invention can be implemented not only in the above embodiments but also in the following modifications.

  Modification 1: In the above embodiment, when the stored character matches the re-input character, the input state of each character of the password input with the predetermined symbol (* mark) is uniformly set to the predetermined symbol (* mark). ) And the input characters are not specified, but the display method is not limited to this.

  Specifically, as shown in FIG. 5C, for example, a character is displayed instead of a predetermined symbol in response to an input of a password character (for example, the first character), and the next character (for example, the second character) is displayed. In response to the input, the previous character (for example, the first character) may be changed to a predetermined symbol, and the next character may be displayed as a character. In this way, each character can be seen only at the moment it is entered, and it is not seen as a character string by a third party, so a legitimate user can You can check the characters.

  In this modification, when the previous character (for example, the first character) is changed to a predetermined symbol in response to the input of the next character (for example, the second character), the stored character does not match the re-input character Is displayed with a predetermined symbol (● mark) that is different from the predetermined symbol (* mark), thereby indicating a mismatch of input characters. The predetermined symbol (* mark) is also called a first symbol. The predetermined symbol (● mark) is also called a second symbol.

  Modification 2: In the above embodiment, when the stored character and the re-input character do not match, it is not always necessary to indicate that each character of the re-input character string can be specified. The second symbol may be different from the first symbol indicating the match between the stored character and the re-input character as described above. However, if the authentication unit is configured such that the second symbol indicates each character of the re-input character string so as to be able to be specified, it is possible to easily confirm a mistake in pressing by a legitimate user.

  Note that the difference between the first symbol and the second symbol is not necessarily stationary, and may be temporary (temporarily changing). The difference between the first symbol and the second symbol may be, for example, that at least one of the presence / absence of an underline, the color, and the font is different.

  Modification 3: In the above embodiment, the re-input character string and the stored character string are input one character at a time and matching is determined for each input. For example, when passwords are copied and pasted and input in a batch The present invention is also applicable. In this case, instead of the input order, each character corresponding to the re-input character string and the storage character string (for example, the n-th character (n is a natural number) of the re-input character string and the n-th character of the storage character string) ) Is determined. In the present specification, the match between the re-input character string and the stored character string in each character means the match between the corresponding characters in the re-input character string and the stored character string.

Modification 4: In the above embodiment, the password input is made smooth by allowing the user to know the match or mismatch of the re-input character string and the stored character string for each character, but it does not necessarily match for each character. There is no need to make the user aware of the discrepancy. Specifically, for example, when the re-input character string and the stored character string completely match, the user may be alerted by the following processing.
(1) The whole specified symbol blinks or changes color (2) Warning window display showing the same password input (warning display)
Furthermore, when the re-input character string matches the stored character string, the authentication unit 111 may be configured not to count the number N of re-inputs, for example, by skipping step S50.

  Modification 5: In the above embodiment, the image forming apparatus is embodied. However, the present invention can be applied to an authentication apparatus used for a portable terminal, a tablet, or other electronic devices that can store personal information and the like. is there. In this case, for example, a portable terminal or a tablet has a function unit that restricts the use of a predetermined function and releases the restriction on the use of the predetermined function in accordance with authentication by the authentication device.

DESCRIPTION OF SYMBOLS 100 Image forming apparatus 110 Control part 111 Authentication part 120 Image forming part 130 Operation display part 140 Storage part

Claims (7)

An authentication device,
A storage unit for storing an authentication password;
An operation display unit that accepts input of a password and indicates that each character constituting the input password has been input by displaying either the first symbol or a second symbol different from the first symbol When,
An authentication unit that authenticates when the input password and the authentication password match, and stores the password that does not match as a storage password when the password and the authentication password do not match;
With
The authentication unit is composed of a storage character string composed of a plurality of characters constituting the storage password, and a plurality of characters constituting a re-entry password that is a password re-entered after the storage password is stored. The re-input character string is compared, and each character of the re-input character string that matches the stored character string is displayed on the operation display unit by the first symbol, and does not match the stored character string An authentication apparatus for displaying each character of the re-input character string on the operation display unit with the second symbol. The authentication device according to claim 1,
The second symbol is different from the first symbol in at least one of presence / absence of an underline, color, and font. The authentication device according to claim 1 or 2,
The second symbol is an authentication device that indicates that each character of the re-input character string that does not match the stored character string can be specified. The authentication device according to any one of claims 1 to 3,
The authentication unit is configured to display a warning display indicating the match on the operation display unit when the re-input password and the stored password match. The authentication device according to any one of claims 1 to 4, further comprising:
A counting unit that counts the number of mismatches between the input password and the authentication password;
The authentication unit restricts input of a password in the operation display unit when the number of times exceeds a preset threshold value,
The count unit is an authentication device that excludes the mismatch between the input password and the authentication password from the number of times when the stored character string matches the re-input character string. Electronic equipment,
An authentication device according to any one of claims 1 to 5,
Use of a predetermined function is restricted, and a function unit that releases the restriction on the use of the predetermined function in response to authentication by the authentication device;
Electronic equipment comprising. An authentication method,
A storage step for storing an authentication password;
An operation display step of accepting input of a password and displaying that each character constituting the input password is input by either a first symbol or a second symbol different from the first symbol; ,
An authentication step of releasing the use restriction when the input password matches the authentication password, and storing the mismatched password as a storage password when the password does not match the authentication password When,
With
The operation display step is composed of a storage character string composed of a plurality of characters constituting the storage password and a plurality of characters constituting a re-entry password which is a password re-entered after the storage password is stored. The re-entry character string, and each character of the re-input character string that matches the stored character string is displayed with the first symbol, and the re-input character that does not match the stored character string. An authentication method including a step of displaying each character of a column with the second symbol.