JP2022052398A - User authentication system - Google Patents

Abstract

To provide a user authentication system capable of performing login operations using information that is difficult for third parties to know and is easy for users to manage.SOLUTION: A user authentication system 1 comprises: input means 2 for allowing a user to input identification information D1, a password D2, slide information D3 that shifts characters contained in the password D2 and replaces them with other characters; password conversion means 3 for creating a conversion password D5 from the password D2 based on the slide information D3; registration means 4 for associating and registering the identification information D1 and conversion password D5 as registration identification information D6 and a registration password D7; and authentication means 5 for identifying whether or not the user who performed a login operation is a registered user based on a comparison result between the conversion password D5 and the registration password D7, wherein the conversion password D5 is created by the password conversion means 3 based on the password D2 and the slide information D3 entered in the input means 2.SELECTED DRAWING: Figure 2

Description

Whether or not the present invention is a person who is permitted to use a service provided via the Internet or a person who intends to use a device such as a personal computer (a person who has performed a login operation) (a person who has performed a login operation). It relates to a user authentication system for performing user authentication for confirming (whether or not the registered user is the person himself / herself).

As the user authentication system, for example, a communication terminal for inputting identification information and a password at the time of registration (so-called user registration) or login operation by a user, as disclosed in Patent Document 1, and for authentication. A system using a host computer in which identification information and a password are registered and user authentication is performed by comparing the identification information and the password input to the communication terminal with the identification information and the password for authentication is known.

Further, since the host computer of the above user authentication system is configured to complicate the password entered in the communication terminal at the time of user registration and then register it in the password file, the password entered by the user at the time of registration is simple. Even if it is, it is possible to prevent a third party from knowing the password for authentication by attacking the password file of the host computer.

Japanese Patent Application Laid-Open No. 2003-6163

By the way, in the user authentication system, the security of the authentication password registered in the host computer is enhanced, but if the password entered by the user at the time of registration is simple, the password is guessed by a third party. The risk of becoming easier remains.

In addition, if the user registers a complicated password in order to reduce such risk, it becomes difficult to remember the password. Therefore, for example, if the user copies the password on a medium such as paper, there is a risk that the password will be known to a third party through this medium. Another problem arises, such as the hassle of reissuing a password if it is forgotten and cannot be remembered.

As described above, in the user authentication system, it is difficult to make the password difficult to be known by a third party and to make it easy to manage the password.

Therefore, in view of such circumstances, it is an object of the present invention to provide a user authentication system capable of performing a login operation using information that is difficult for a third party to know and is easy for the user to manage.

The user authentication system of the present invention is
The user deviates the identification information, which is the user's own unique information, the password represented by the character string, and the characters contained in the password from the reference keys to which the same characters are assigned in the key arrangement of the keyboard. Slide information for replacing with the character assigned to another key at the position, input means that can be input, and
A password conversion means for creating a conversion password obtained by converting characters included in the password based on the slide information.
A registration means for registering the identification information and the conversion password in a state of being associated with the registration identification information and the registration password, respectively, after using the registration identification information and the registration password as the registration identification information and the registration password, respectively.
In a state where the identification information, the password, and the slide information are input to the input means, and the conversion password is created by the password conversion means, the conversion password and the registration identification information matching the identification information are used. It is provided with an authentication means for comparing the associated registered password and identifying whether the user who performed the login operation based on the comparison result between the converted password and the registered password is the registered user. , Login authentication system.

In the user authentication system having the above configuration, not only the identification information and the password but also the slide information are added to the information required when the user logs in, so that it becomes difficult to guess the information used by the user at the time of login.

In addition, since the slide information is information that specifies how to shift characters based on the keyboard key arrangement, it is easy for the user to remember and remember in relation to the keyboard being used. It becomes easier to manage the identification information, password, and slide information used by the user during the login operation.

In the user authentication system of the present invention
The slide information includes the number of slides used to select a key at a position deviated from the position of the reference key, and includes the number of slides indicating the number of the keys deviated from the reference key. good.

According to the user authentication system having the above configuration, since the number of slides is information related to the key layout of the keyboard, it is easy for the user to remember and remember it in relation to the keyboard being used.

in this case,
The slide information may include a slide range that specifies a range of character strings input as the password to be converted into characters by the password conversion means.

In this way, even if the slide range is familiar to the user, information that is unfamiliar to a third party is required at the time of login operation, so information used at login to a person other than the user can be inferred. It becomes difficult to be done.

The user authentication system of the present invention is
The input means may display the password input unit for inputting the password and the slide information input unit for inputting the slide information on the same screen.

According to the user authentication system having the above configuration, the user can register the identification information and the like while looking at both the password and the slide information used for password conversion, so that the password and the slide information can be associated with each other. It will be easier to remember. In addition, when the user performs a login operation, the password and slide information input units are displayed on the same screen as when the identification information is registered, so that the user can remember the password and slide information. It will be easier.

The user authentication system of the present invention is
The registration means displays a keyboard image showing the arrangement of the keys on the keyboard, and among the keys in the keyboard image, the keys corresponding to the characters included in the password and the characters included in the converted password. It may be configured to display the corresponding key in a separate display mode.

According to the user authentication system with the above configuration, the password and slide information can be registered while observing the password and how the password changes depending on the slide information. Therefore, the password and slide information entered at the time of registration are stored in the user's memory. It becomes easy to remain.

As described above, the user authentication system of the present invention can exert an excellent effect that the login operation can be performed using information that is difficult for a third party to know and is easy for the user to manage.

FIG. 1 is a schematic diagram of a usage environment of a user authentication system according to an embodiment of the present invention. FIG. 2 is a block diagram of the configuration of the user authentication system according to the embodiment. 3A and 3B are explanatory views of an operation screen of a user authentication system according to the same embodiment, FIG. 3A is an explanatory diagram of an operation screen for registration, and FIG. 3B is an explanatory diagram of an operation screen for authentication. 4A and 4B are explanatory diagrams of key map information of the user authentication system according to the same embodiment, FIG. 4A is an explanatory diagram of a state in which an element corresponding to a reference key is selected, and FIG. 4B is a diagram different from the reference key. It is explanatory drawing of the state which the element corresponding to a key is selected. 5A and 5B are operation explanatory diagrams of the registration process of the user authentication system according to the same embodiment, FIG. 5A is an explanatory diagram of a state in which the registration means calls the password conversion means to create a conversion password, and FIG. 5B is an explanatory diagram. The figure shows the state in which the registration means has acquired the identification information and the conversion password, and (c) is the figure in which the identification information and the conversion password are registered as the registration identification information and the registration password. 6A and 6B are explanatory diagrams of the operation of the authentication process of the user authentication system according to the same embodiment, FIG. 6A is an explanatory diagram of a state in which the authentication means calls the password conversion means to create a conversion password, and FIG. 6B is an explanatory diagram. The figure shows the state in which the authentication means has acquired the identification information, the conversion password, the registration identification information, and the registration password, and (c) is the figure in which the authentication means compares the conversion password with the registration password. FIG. 7 is an explanatory diagram of an operation screen of the user authentication system according to another embodiment of the present invention.

Hereinafter, the user authentication system according to the embodiment of the present invention will be described with reference to the attached drawings.

The user authentication system of the present embodiment is a person who is permitted to use a service provided via the Internet or a person who intends to use a device such as a personal computer (a person who has performed a login operation). It is a system for performing user authentication to confirm the existence, and to execute the registration process for registering the user and the authentication process for confirming whether the user who performed the login operation is the registered user. It is configured.

The user authentication system is, for example, as shown in FIG. 1, an operation screen W for accepting an operation from a user (operation screen W1 for registration (see FIG. 3A)) or an operation screen W2 for authentication (FIG. 3). It is used in an environment in which an operation terminal T1 that displays 3 (b))) and a processing terminal T2 that executes registration processing and authentication processing in response to an operation on the operation terminal T1 are used.

In the user authentication system, as shown in FIG. 2, the user performing the login operation has an identification information (so-called ID) D1 which is unique information of the user, a password D2 represented by a character string, and the password D2. Input that allows input of slide information D3 for replacing the character contained in the password with the character assigned to another key located at a position deviated from the reference key to which the same character is assigned in the key arrangement of the keyboard. The means 2 and the password conversion means 3 for creating the conversion password D5 by converting the characters included in the password D2 based on the slide information D3, and the identification information D1 and the conversion password D5 are registered and identified, respectively. And the registration password D7, the registration means 4 for registering the registration identification information D6 and the registration password D7 in association with each other, and the identification information D1, the password D2, and the password D2 conversion to the input means 2. With the information input and the conversion password D5 created by the password conversion means 3, the conversion password D5 and the registration password D7 associated with the registration identification information D6 matching the identification information D1. The user is provided with an authentication means 5 for identifying whether the user who has performed the login operation based on the comparison result between the converted password D5 and the registered password D7 is the registered user himself / herself.

In the user authentication system of the present embodiment, the registration means 4 registers the registration identification information D6 by writing to the storage means 6 in a state where the registration identification information D6 and the registration password D7 are associated with each other. ..

Further, in the user authentication system, all of the input means 2, the password conversion means 3, the registration means 4, and the authentication means 5 may be introduced in the processing terminal T2 of FIG. 1, and for example, a part of the input means 2 and the like. The configuration of may be introduced in the operation terminal T1.

As shown in FIGS. 3A and 3B, the input means 2 is an identification information input unit for inputting the identification information D1 on both the registration operation screen W1 and the authentication operation screen W2. 20, a password input unit 21 for inputting the password D2, and a slide information input unit 22 for inputting the slide information D3 are configured to be displayed.

A character string is input to the identification information input unit 20 and the password input unit 21. Both the identification information input unit 20 and the password input unit 21 can input a character string using characters, numbers, symbols, and the like.

In the slide information D3 of the present embodiment, the number of slides information used when selecting a key at a position deviated from the position of the reference key, the number of slides indicating the number of keys deviated from the reference key, and the password D2 are input. Among the converted character strings, a slide range for designating a range (hereinafter referred to as a conversion range) for which characters are converted by the password conversion means 3 is included.

Therefore, the slide information input unit 22 has a slide number input unit 220 for inputting the number of slides and a slide range input unit 221 for inputting the slide range.

The slide number input unit 220 is configured to input a number (the number of characters included in the password D2 to be slid).

A number (a number that determines the conversion range) can also be input to the slide range input unit 221.

That is, the slide range is also specified by a number. The slide range of the present embodiment is a number for designating the start position of the conversion range, and the password conversion means 3 is from the first character of the character string of the password D2 to the number of characters on the tail side corresponding to the slide range. Although it is configured to convert the characters of, the slide range may, for example, indicate the end position of the conversion range, or may indicate the start position and the end position of the conversion range. ..

As shown in FIG. 2, the password conversion means 3 has a character selection process for selecting one character from the characters in the conversion range among the characters included in the password D2, and the same character as the character selected in the selection process. In the search process to search for the assigned reference key from each key on the keyboard, the key selection process to select another key at the position indicated by the number of slides from the reference key, and the character selection process. It is configured to execute a replacement process of replacing the selected character with the character assigned to the other key.

Further, the password conversion means 3 is configured to perform character selection processing, search processing, key selection processing, and replacement processing for all characters within the conversion range.

As shown in FIG. 4A, for example, the password conversion means 3 is a key map information KM represented by a two-dimensional array, in which a key code indicating a character assigned to the key is set and a key code is set. It may be configured to convert the characters included in the password D2 by using the key map information KM having a plurality of elements C arranged together with the keys on the keyboard.

In the search process, an element C (an element C indicating a reference key, which is an element C indicating a reference key, and a reference numeral C1 is attached in FIG. 4A) in which a key code indicating the same character as the character of the password D2 to be converted is set. In the key selection process, as shown in FIG. 4 (b), the element C (indicating another key) located at a position separated by the number of slides from the element C indicating the reference key. It is an element C and is selected as the element C with the reference numeral C2 in FIG. 4B)), and in the replacement process, the character selected in the selection process is set to the element C selected in the key selection process. You can replace it with the character indicated by the code.

In the present embodiment, the direction of shifting the position from the reference key according to the number of slides is fixed to the right direction (right direction in FIGS. 4A and 4B), but the direction of shifting the position from the reference key. May be leftward, upward, downward, diagonally upward, diagonally downward, or the like. Further, the direction for searching for another key with reference to the reference key may be set in advance or may be specified by the user.

As shown in FIG. 2, the registration means 4 calls the password conversion means 3 to create a conversion password D5, and the registration means 4 is a conversion created by the identification information D1 input by the input means 2 and the registration conversion process. The registration information acquisition process for acquiring the password D5, the identification information D1 and the conversion password D5 acquired in the registration information acquisition process are set to the registration identification information D6 and the registration password D7, respectively, and then the registration identification information D6 and the registration password D7. It is configured to execute the registration process of registering (writing to the storage means 6) in association with and.

As described above, the registration means 4 is configured to register the conversion password D5 created by the password conversion means 3 instead of the password D2 itself entered in the password input unit 21.

Further, the registration identification information D6 and the registration password D7 are used in the user authentication system as information used by the user authentication system to confirm whether or not the user who has performed the login operation is the registered user. Information managed by.

The registration means 4 displays, for example, the registration button B1 for starting the execution of each process on the operation screen W (see FIG. 3A), and the registration conversion process is performed when the registration button B1 is pressed. , The registration information acquisition process and the registration information acquisition process may be executed.

The authentication means 5 of the present embodiment has an authentication conversion process for calling the password conversion means 3 to create the conversion password D5, and the identification information input to the identification information input unit 20 of the input means 2 by the user who has performed the login operation. D1 and the conversion password D5 created in the conversion process for authentication (specifically, the password D2 input to the password input unit 21 by the user who performed the login operation, and the slide information D3 input to the slide information input unit 22). The conversion password D5) created in the authentication conversion process based on the above, and the authentication information acquisition process for acquiring the registration password D7 associated with the registration identification information D6 matching the identification information D1, and the authentication information. It is configured to execute an authentication process for authenticating whether or not the user is a registered user based on the comparison result between the converted password D5 and the registered password D7 acquired in the acquisition process.

As described above, the authentication means 5 is configured to compare the converted password D5 created by the password converting means 3 with the registered password D7, not the password D2 itself entered in the password input unit 21. That is, in the user authentication system of the present embodiment, between the input means 2 and the registration means 4 or the authentication means 5, the conversion created by the password conversion means 3 is not the password D2 itself entered by the user in the password input unit 21. The password D5 has come to be used.

The authentication means 5 also displays, for example, the authentication button B2 for starting the execution of each process on the operation screen W (see FIG. 3B), and when the authentication button B2 is pressed, the authentication conversion process is performed. , The authentication information acquisition process and the authentication information acquisition process may be executed.

In the authentication information acquisition process, the authentication means 5 informs the user when the registration password D7 associated with the registration identification information D6 matching the identification information D1 input by the input means 2 cannot be acquired (if not found). You may end the process by notifying that it is not registered.

Further, in the authentication process, when the conversion password D5 acquired in the authentication information acquisition process and the registration password D7 match, the authentication means 5 identifies that the user who performed the login operation is the registered user himself / herself. However, if the conversion password D5 acquired in the authentication information acquisition process and the registration password D7 do not match, the user who performed the login operation is configured to be identified as not the registered user himself / herself.

The authentication means 5 is configured to notify the identification result of the user who performed the login operation to a service provided via the Internet, a device such as a personal computer, or to notify the user who performed the login operation. You may be.

The configuration of the user authentication system according to this embodiment is as described above. Subsequently, the operation of the user authentication system (operation of registration processing and operation of authentication processing) will be described.

First, the operation at the time of executing the registration process of the login authentication system will be described.

In the registration process, as shown in FIG. 3A, the operation screen W1 for registration is displayed on the operation terminal T1, and the operation screen W1 for registration shows the identification information input unit 20, the password input unit 21, and the slide. The number input unit 220, the slide range input unit 221 and the registration button B1 are displayed.

The user inputs the identification information D1 to the identification information input unit 20, the password D2 is input to the password input unit 21, the slide number is input to the slide number input unit 220, and the slide range is input to the slide range input unit 221. When the registration button B1 is pressed in this state, the process by the registration means 4 is started.

As shown in FIG. 5A, the registration means 4 executes a registration conversion process, calls the password conversion means 3, and causes the password conversion means 3 to create the conversion password D5.

Then, as shown in FIG. 5B, the registration information acquisition process is executed, and the identification information D1 input to the input means 2 and the conversion password D5 created in the registration conversion process are acquired.

Next, as shown in FIG. 5C, the registration process is executed, and the identification information D1 and the conversion password D5 acquired in the registration information acquisition process are registered as the registration identification information D6 and the registration password D7, respectively. The identification information D6 and the registration password D7 are associated and registered (written in the storage means 6).

As a result, the information used by the user during the login operation (information for proving that the user is the person himself / herself) is registered in the user authentication system.

Next, the operation of the authentication process of the login authentication system will be described.

In the authentication process, as shown in FIG. 3B, the operation screen W2 for authentication is displayed on the operation terminal T1, and the operation screen W2 for authentication shows the identification information input unit 20, the password input unit 21, and the slide. The number input unit 220, the slide range input unit 221 and the authentication button B2 are displayed.

The user inputs the identification information D1 to the identification information input unit 20, the password D2 is input to the password input unit 21, the slide number is input to the slide number input unit 220, and the slide range is input to the slide range input unit 221. When the authentication button B2 is pressed in this state, the processing by the authentication means 5 is started.

As shown in FIG. 6A, the authentication means 5 executes an authentication conversion process, calls the password conversion means 3, and causes the password conversion means 3 to create the conversion password D5.

Then, as shown in FIG. 6B, the authentication means 5 executes the authentication information acquisition process, the identification information D1 input to the input means 2, the conversion password D5 created by the authentication conversion process, and the authentication means 5. , Acquire the registration password D7 associated with the registration identification information D6 that matches the identification information D1.

Next, as shown in FIG. 6C, the authentication means 5 executes an authentication process, compares the converted password D5 acquired in the authentication information acquisition process with the registered password D7, and logs in based on the comparison result. Identifies whether the user who performed the operation is the registered user.

If the conversion password D5 and the registration password D7 acquired in the authentication information acquisition process match, the user who performed the login operation is identified as the registered user and acquired in the authentication information acquisition process. If the converted password D5 and the registered password D7 do not match, it is identified that the user who performed the login operation is not the registered user.

In the user authentication system according to the present embodiment, the registration process and the authentication process are performed as described above. Then, in the user authentication system, not only the identification information D1 and the password D2 but also the slide information D3 are added to the information used at the time of the user login operation (information necessary for the user to log in), so that the user logs in. It becomes difficult to guess the information to be used.

Further, since the slide information D3 is information for specifying how to shift characters based on the keyboard key arrangement, the information is easy for the user to remember and remember in association with the keyboard being used. Therefore, it becomes easy to manage the identification information D1, the password D2, and the slide information D3 used by the user during the login operation.

Therefore, the user authentication system 1 of the present embodiment can exert an excellent effect that the login operation can be performed using information that is difficult for a third party to know and is easy for the user to manage.

Further, since the number of slides included in the slide information D3 is information related to the key layout of the keyboard, it is easy for the user to remember and remember it in association with the keyboard being used.

Further, the slide range included in the slide information D3 requires information that is familiar to the user who entered the slide range in the registration process but is not familiar to a third party at the time of login operation. Therefore, it becomes difficult for a person other than the user to guess the information used at the time of login.

Then, in the user authentication system 1 of the present embodiment, the password input unit 21 and the slide information input unit 22 (slide number input unit 220, slide range input unit 221) are displayed on the same screen by the input means 2. Therefore, when performing the registration process, the user can register the identification information D1 and the like while looking at both the password D2 and the slide information D3 used for converting the password D2, so that the password D2 and the slide information D3 can be registered. It becomes easier to remember while associating with each other, and at the time of login operation, the password input unit 21 and the slide information input unit 22 are displayed on the same screen as when registering the identification information D1 and the like. Makes it easier to remember the password D2 and the slide information D3.

It should be noted that the user authentication system according to the present invention is not limited to the above embodiment, and it goes without saying that various changes can be made without departing from the gist of the present invention.

Although not particularly mentioned in the above embodiment, the registration means 4 is a keyboard image (hereinafter referred to as a keyboard image) KP showing the keyboard key arrangement as shown in FIG. 7 on the registration operation screen W1. In the image display processing, the key area corresponding to the character included in the password D2 in the area corresponding to the key (hereinafter referred to as the key area) KA in the keyboard image KP can be executed. The KA1 and the key area KA2 corresponding to the characters included in the conversion password D5 may be configured to be displayed in different display modes.

By doing so, the user can see how the password D2 is converted into the conversion password D5 together with the password D2 entered by the user and the slide information D3 (number of slides D30, slide range D31). The password D2 and the slide information D3 are associated with each other to make it easier to remember.

Further, as shown in FIG. 7, the registration means 4 is configured to display different keyboard image KPs for each predetermined number of characters (that is, display a plurality of keyboard image KPs) in the image display process. It may be configured to display one keyboard image, but if it is configured to display a plurality of keyboard image KPs, it is converted to the password D2 entered by the user himself / herself. It becomes easier to confirm the password D5.

Note that FIG. 7 illustrates a keyboard image KP when the password is "4rfc26ts5rsv", the number of slides is "3", and the slide range is "6". Further, as shown in FIG. 7, when the registration means 4 has duplicate characters in the password in the image display process, a display M for notifying the key area corresponding to the duplicate characters is added. You may do so.

In the above embodiment, the password conversion means 3 is configured to convert some characters among the plurality of characters included in the character string of the password D2 to another character, but the present invention is not limited to this configuration. For example, the password conversion means 3 may be configured to convert all the characters included in the character string of the password D2 into another character.

1 ... User authentication system, 2 ... Input means, 3 ... Password conversion means, 4 ... Registration means, 5 ... Authentication means, 6 ... Storage means, 20 ... Identification information input unit, 21 ... Password input unit, 22 ... Slide information input Unit, 220 ... Slide number input unit, 221 ... Slide range input unit, B1 ... Registration button, B2 ... Authentication button, C ... Element, C1 ... Code, C2 ... Code, D1 ... Identification information, D2 ... Password, D3 ... Slide Information, D30 ... Number of slides, D31 ... Slide range, D5 ... Conversion password, D6 ... Registration identification information, D7 ... Registration password, KA1 ... Key area, KA2 ... Key area, KM ... Keymap information, KP ... Keyboard image, M ... Display, T1 ... Operation terminal, T2 ... Processing terminal, W ... Operation screen, W1 ... Registration operation screen, W2 ... Authentication operation screen

Claims (5)

The user deviates the identification information, which is the user's own unique information, the password represented by the character string, and the characters contained in the password from the reference keys to which the same characters are assigned in the key arrangement of the keyboard. Slide information for replacing with the character assigned to another key at the position, input means that can be input, and
A password conversion means for creating a conversion password obtained by converting characters included in the password based on the slide information.
A registration means for registering the identification information and the conversion password in a state of being associated with the registration identification information and the registration password, respectively, after using the registration identification information and the registration password as the registration identification information and the registration password, respectively.
In a state where the identification information, the password, and the slide information are input to the input means, and the conversion password is created by the password conversion means, the conversion password and the registration identification information matching the identification information are used. It is provided with an authentication means for comparing the associated registered password and identifying whether the user who performed the login operation based on the comparison result between the converted password and the registered password is the registered user. ,
User authentication system. The slide information includes the number of slides used when selecting a key at a position deviated from the position of the reference key, and includes the number of slides indicating the number of the keys deviated from the reference key.
The user authentication system according to claim 1. The slide information includes a slide range that specifies a range of character strings input as the password to be converted into characters by the password conversion means.
The user authentication system according to claim 2. The input means displays a password input unit for inputting the password and a slide information input unit for inputting the slide information in the same screen.
The user authentication system according to any one of claims 1 to 3. The registration means displays a keyboard image showing the arrangement of the keys of the keyboard, and corresponds to the key corresponding to the character included in the password and the character included in the conversion password among the keys in the keyboard image. It is configured to display the key to be displayed in a separate display mode.
The user authentication system according to any one of claims 1 to 4.

Images