JP4813943B2 - Authentication system - Google Patents

Description

  The present invention relates to a system for performing user authentication.

  As a method for performing user authentication, for example, when logging in to a computer system, the user is requested to input a user name (user ID) and a password, and if both the user name and the password match, the user is a valid user. Is used.

  The password is information that only the user should grasp and manage. However, since it is difficult to store meaningless character strings, many users use, for example, a password that uses a part of a name, date of birth, and the like. However, when personal information such as name and date of birth is used as a password, it is relatively easy to identify the password, which is problematic in terms of reliability.

Therefore, a method has been proposed in which a plurality of figures are arranged in a matrix table, a random number is assigned to each figure, and a password is input (Patent Document 1). In this prior art, the user registers a favorite figure in the system in advance. At the time of authentication, the user finds a registered figure from the matrix table and inputs a random number assigned to the figure. Based on the input random number, the system determines whether or not the user is himself.
JP 2004-213117 A

  In the technique described in the above document, the random number assigned to each figure in the matrix table changes every time. Therefore, in the prior art, user authentication can be performed using random random numbers.

  However, in the prior art, since the password is derived only by a combination of one or more specific figures, it is relatively easy to infer a specific figure from the matrix table, which is an improvement in terms of security. There is room. By increasing the total number of figures included in the matrix table and increasing the number of figures used for the combination, the possibility of being guessed by others can be reduced. However, when the total number of figures in the matrix table increases, the user needs to find a specific figure from among a large number of figures, and the usability decreases.

  In the prior art, a plurality of matrix tables can be used, but only a plurality of the same type of matrix tables are used, and different types of matrix tables are not used. Since the prior art is configured to input random numbers assigned to one or a plurality of specific figures, each matrix table basically has the same type of configuration.

  Furthermore, in the prior art, the user only uses the matrix table presented from the system, and the user cannot freely select the matrix table. Since the conventional technique only uses one or a plurality of specific figures and basically uses the same type of matrix table, a technical idea of free selection of the matrix table by the user appears. There is no room.

  As described above, according to the related art, the same kind of matrix table determined by the system is used in a passive posture by the user. Therefore, it is difficult to set a complicated password using a large number of figures. Although it varies depending on the individual qualities of the user, it is relatively difficult to give specific meanings to figures such as simple triangles and stars, and it is difficult to memorize multiple figures that are not related to each other. It is. In this respect, this conventional technique is not much different from a technique that simply uses an alphanumeric password.

  Therefore, an object of the present invention is to provide an authentication system that can improve usability and reliability. Another object of the present invention is to provide an authentication system that can improve user convenience by allowing a user to freely select a reference screen with a theme and register a selection pattern. . The further objective of this invention will become clear from description of embodiment mentioned later.

  In order to solve the above-described problem, an authentication system according to one aspect of the present invention irregularly assigns inputable character symbols to each of a plurality of types of display elements and a registration unit that registers display element selection patterns. The screen generation means for generating a plurality of types of reference screens for selection pattern input, the screen providing means for providing the plurality of types of generated reference screens, and the screen display means for displaying the provided reference screens are displayed. A selection means for selecting one or a plurality of reference screens from a plurality of types of reference screens, and a character symbol assigned to a display element included in the selected reference screen is selected according to the selection pattern. Conversion means for converting an input character symbol string into a selection pattern based on an input means for inputting a string and an input character symbol string and a selected reference screen , And a collating means for collating the registered selected pattern by the translated selected pattern registering means.

  In the embodiment of the present invention, each display element is configured as a graphic element that symbolizes a specific event, and each reference screen has a different theme, and each reference screen has its own theme. It is configured to include display elements that match

  In the embodiment of the present invention, the selection pattern includes the selection order of a plurality of reference screens to be selected.

  In the embodiment of the present invention, the screen generating means generates a reference screen by randomly assigning at least some of the character symbols to a plurality of display elements in an irregular manner.

  In the embodiment of the present invention, the screen generation means changes the number of character symbols assigned to each display element within the same reference screen or between different reference screens.

  In the embodiment of the present invention, the screen providing means provides a plurality of types of reference screens simultaneously.

  In the embodiment of the present invention, the screen providing unit provides a list of reduced screens of a plurality of types of reference screens first, and provides a reference screen selected from the list of reduced screens.

  In the embodiment of the present invention, the screen providing means hierarchically provides a plurality of types of reference screens that are related to each other.

  In the embodiment of the present invention, the collation unit collates each selected reference screen, and the screen providing unit provides the next reference screen when the collation by the collation unit is successful.

  In the embodiment of the present invention, the information processing apparatus further includes a change request unit that requests the change of the selection pattern, and when the change request unit requests the change of the selection pattern, the registration unit is a reference screen related to the currently registered selection pattern. A new selection pattern is registered using a different reference screen.

  In the embodiment of the present invention, the registration unit repeatedly provides a plurality of types of reference screens by the screen providing unit a plurality of times, and analyzes the information input from the input unit each time, thereby determining the selection pattern. Then, the determined selection pattern is registered as a selection pattern.

  In the embodiment of the present invention, the screen generating means can generate a reference screen by irregularly assigning at least some of the character symbols to a plurality of display elements, and registering means. In the case of registering a selection pattern according to the above, the frequency of assigning character symbols to a plurality of display elements redundantly is reduced.

  In the embodiment of the present invention, the image providing means provides a reference screen via the first communication network, and the selection means selects the reference screen via the first communication network and is input by the input means. The selection pattern is transmitted to the verification unit via a second communication network different from the first communication network.

  An authentication system according to another aspect of the present invention is an authentication system including an authentication server and a client terminal. The authentication server includes a registration unit that registers a selection pattern of display elements, and a plurality of types of displays that match a theme. By randomly assigning inputable character symbols to each element, a screen generation means for generating a reference screen for selection pattern input for each theme, and a reference screen for each generated theme for each client terminal A screen providing means to be provided; a conversion means for converting the input character / symbol string into a selection pattern based on the character / symbol string input from the client terminal and a reference screen selected by the client terminal; Collating means for collating the pattern with the selected pattern registered by the registering means. A screen display means for displaying a reference screen provided from the authentication server, a selection means for selecting one or more reference screens from a plurality of displayed reference screens and notifying the authentication server, and a selection An input means for inputting a character symbol string by selecting a character symbol assigned to a display element included in the displayed reference screen according to a selection pattern, and notifying the authentication server of the input character symbol string And comprising.

  An authentication method according to still another aspect of the present invention is a method for performing an authentication process between an authentication server and a client terminal, the step of registering a display element selection pattern in the authentication server, By randomly assigning inputable characters and symbols to each of the multiple types of display elements, multiple types of reference screens for selection pattern input are generated, and the generated multiple types of reference screens are sent from the authentication server to the client terminal. The client terminal, displaying the reference screen provided from the authentication server at the client terminal, and selecting one or more reference screens from the plurality of types of displayed reference screens at the client terminal. The step of notifying the authentication server and the selected reference screen on the client terminal A character symbol assigned to the display element to be selected is selected according to a selection pattern, and a character symbol string composed of the selected character symbol is transmitted from the client terminal to the authentication server; A step of converting the received character symbol string into a selection pattern based on the character symbol string received from the client terminal and the reference screen selected by the client terminal, and the selection selection registered with the converted selection pattern in the authentication server And a step of matching the pattern.

  A program according to another aspect of the present invention is a program for causing a computer to perform an authentication process, and the computer can be input to each of a plurality of types of display elements and means for registering a display element selection pattern. By randomly assigning character symbols, a means for generating a plurality of types of reference screens for inputting a selection pattern, a means for providing a plurality of types of reference screens generated, and a plurality of types of reference screens provided Means for specifying one or more selected reference screens; and means for receiving a character symbol string formed by selecting a character symbol assigned to a display element included in the selected reference screen according to a selection pattern; A means for converting the received character symbol string into a selection pattern based on the received character symbol string and the selected reference screen; It means for collating the selected patterns registered pattern, to, to function respectively.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is an explanatory diagram showing the overall concept of the present embodiment. In this embodiment, a display element selection pattern is used as a password used for user authentication. The selection pattern is information indicating the order of specific display elements. That is, it means the order of display elements such as which display element is selected first, which display element is selected second, and which display element is selected third.

  Each reference screen is preset with a different theme, and each reference screen is composed of display elements that match each theme. The reference screen is a screen used by the user when inputting a selection pattern. The reference screen can be called a password input basic screen, for example.

  Themes include, for example, “world map”, “Japan map”, “Kanto map”, “first-class river”, “designated city”, “business center”, “animal”, “plant”, “food”, “Hobbies”, “famous buildings”, “actors”, “singers”, “entertainment”, “masterpiece paintings”, “masterpieces”, and the like. Multiple themes can be set on the same reference screen. For example, by setting two themes “Japan map” and “hot spring”, it is possible to configure a reference screen that displays hot spring areas in each prefecture.

  The display element indicates, for example, an element such as a graphic, an image, or a character that can be displayed on the screen. Each display element represents a specific event. A specific event means an entity that specifically exists, or an idea or concept that is specifically recalled. For example, unlike a simple triangle, a display element shaped like a mountain synthesized from several triangles reminds us of the notion of “mountain”. Also, unlike simple numeric strings and meaningless character strings, the display element “Mt. Fuji” is reminiscent of an actual mountain called Mt. Fuji.

  As described above, each reference screen is set with a different theme, and is composed of display elements that match each theme. Therefore, for example, when the theme of the reference screen is “world map”, the reference screen includes, for example, a display element that symbolizes the Eurasian continent, a display element that symbolizes the Americas, a display that symbolizes the Australian continent and the African continent. Elements, and other display elements that symbolize islands.

  In addition, for example, when the theme of the reference screen is “Japanese hot springs”, in addition to the display element group indicating each Japanese terrain, the reference screen displays symbols, images, names or the like that symbolize hot springs. Elements are also included.

  Each display element is randomly assigned with a character symbol. Here, the character symbol in this specification is information that can be input to a computer system by an input device such as a keyboard switch, a pointing device, or a microphone, and includes, for example, alphabets, numbers, hiragana, katakana, at marks, and inequality signs. Various symbols such as can be mentioned.

  Even if the reference screen is the same theme, each display element is irregularly assigned a character symbol each time it is presented to the user. For example, the authentication system randomly assigns a character symbol to each display element using a random number generator or a random number generation function. Therefore, each time user authentication is performed, the character / symbol string transmitted to the authentication system is different each time.

  The character symbols can be integrated into the display element or can be superimposed as separate information. “Integrating a character symbol into a display element” indicates, for example, a case in which an image of a character symbol is drawn over the image data of the display element. Instead of this, the character symbol and the display element may be drawn on separate planes, and the two planes may be superimposed and output on the screen. By integrating the character symbol and the display image as one piece of image data, security can be improved. This is because it is generally difficult to extract character codes by mechanically recognizing character symbols from image data.

  Moreover, a character symbol can be assigned to a plurality of display elements in an overlapping manner. That is, all or part of the character symbols can be assigned to different display elements in duplicate. Assigning the same character symbol to multiple display elements makes it difficult to specify which display element is selected by the user even when another person peeks at the reference screen with a camera or the like. improves.

  The user can freely select any one or a plurality of reference screens from a plurality of types of reference screens presented from the authentication system. Then, the user selects at least one (preferably a plurality of) display elements from the plurality of display elements included in the selected reference screen. Further, the user selects another reference screen, and similarly to the above, selects one or a plurality of display elements of this reference screen.

  The selection order of the display elements selected by the user is registered in the authentication system as a selection pattern. This selection pattern is a password used during user authentication. In the example shown in FIG. 1, “Japan” is selected first from the reference screen G1 (theme: world map), “Africa” is selected second, “Europe” is selected third, and “Europe” is selected from the reference screen G2. A selection pattern of “selecting“ Hokkaido ”is registered in the authentication system.

  When the user wishes to authenticate, the user selects a reference screen that matches the registered selection pattern from a plurality of types of reference screens presented by the authentication system. In the above example, the user first selects the “world map” reference screen. Then, the user selects a display element included in the selected reference screen according to the registered selection pattern.

  As shown in FIG. 1, character symbols such as numerals and alphabets are assigned to the display elements. While viewing the reference screen, the user inputs a character symbol assigned to the display element selected by the user from a keyboard switch or the like. When the selection pattern is registered across a plurality of reference screens, the user switches to the next reference screen and inputs the character symbols assigned to the predetermined display elements from the keyboard switch or the like as described above.

In the above example, the user first selects a reference screen having the theme of “world map” and then inputs “4 3 5” from a keyboard switch or the like. The display element symbolizing “Japan” is assigned “4”, the display element symbolizing “Africa” is assigned “3”, and the display element symbolizing “Europe” is assigned “5”. It is.

  Next, the user switches the reference screen to “Japan map” and inputs “A” from a keyboard switch or the like. This is because in this reference screen, the character symbol “A” is assigned to the display element indicating “Hokkaido”.

  In this way, the user sequentially selects and inputs character symbols from the reference screen according to the selection pattern set by the user. The input character / symbol string is transmitted to the authentication system and converted into a selection pattern. That is, the authentication system generates the character symbol string “425A” based on the configuration of the reference screen provided to the user (which character element is assigned to which display element) and the character symbol string input by the user. Convert to display element selection order.

  Here, as described above, when the same character symbol is assigned to different display elements in duplicate, the character symbol string input from the user corresponds to a plurality of selection patterns. For example, in the above example, the character symbol string “425A” includes ““ Middle East ”,“ Australia ”in addition to the correct selection pattern of“ “Japan”, “Africa”, “Europe”, “Hokkaido” ”. ”,“ China ”,“ Kansai ”, etc. The authentication system detects all the selection patterns corresponding to the input character string, and the plurality of detected selections. If a selected pattern associated with the user ID is detected among the patterns, it is determined that the user is a valid user.

  Thus, in the present embodiment, the display element selection pattern is used as a password by using a reference screen selected from a plurality of types of reference screens. Therefore, the number of selection patterns can be increased as compared with the number of display elements, and the possibility of being guessed by others can be reduced to improve the reliability. Further, since the display element selection pattern is used, the reference screen can be configured relatively simply. Therefore, the user can quickly find a target display element from the reference screen, and usability is improved.

  In the present embodiment, the user can freely select a reference screen from a plurality of types of reference screens. Therefore, the user can use his / her favorite reference screen according to his / her experience and hobbies, and is ready to store the selection pattern.

  In this embodiment, the user can select and use any one or a plurality of reference screens from a plurality of types of reference screen groups having different themes. Each reference screen is configured to include display elements that match each theme.

  Therefore, the user can reflect his / her experience and preference in the selection order (selection pattern) of the display elements relatively easily, and can store the selection pattern with meaning. For example, in the example shown in FIG. 1, the user is born in Japan, travels to Africa during his student days, and works for a European company. Depending on the story, experience, hope, preference, etc., you can build your own choice patterns. In general, it is difficult to forget the selection pattern that is given this meaning. In addition, since the meaning is based on the unique information of the user, it is difficult for a third party unrelated to the user to guess the selection pattern. Hereinafter, this embodiment will be described in more detail.

  FIG. 2 is an explanatory diagram schematically showing a basic method when a selection pattern of display elements is used as a password. However, FIG. 2 shows an outline of a basic procedure, and the features of the present invention will be described in detail together with another drawing.

  A schematic procedure for registering a selection pattern in the authentication system is shown on the left side of FIG. 2, and a schematic procedure for authentication is shown on the right side of FIG. First, the selection pattern registration procedure will be described first.

  As shown in the uppermost row on the left side of FIG. 2, when registering the selection pattern in the authentication system, the authentication system provides the user with a registration screen composed of a plurality of display elements (S1). For convenience of explanation, here, each display element is identified by the coordinate values of the X axis and the Y axis.

  The user first selects the display element (X1, Y1) (S2), and secondly selects the display element (X1, Y4) (S3). Further, the user selects the third display element (X4, Y4) (S4), and the fourth selects the display element (X4, Y1) (S5). Accordingly, in this case, the selection patterns registered in the authentication system are “(X1, Y1), (X1, Y4), (X4, Y4), (X4, Y1)” (S6).

  As shown on the right side of FIG. 2, when the user desires authentication (S7), the authentication system provides the user with an authentication screen (S8). Character symbols are irregularly assigned to each display element on this screen. In this screen, the same character symbol is assigned to a plurality of display elements.

  As described above, the user registers a selection pattern in which the four corners of the registration screen are selected in order counterclockwise. Therefore, the user picks up the character symbols on the screen according to the selection pattern and inputs them in order (S9). In the example shown in FIG. 2, the character symbol string that matches the selected pattern is “1537” (S10).

The authentication system converts the character / symbol string input by the user into a selection pattern based on the authentication screen (S11). As described above, at least some of the character symbols are assigned to a plurality of display elements. Accordingly, there are a plurality of selection patterns corresponding to the character symbol string input by the user. The authentication system determines whether or not a selection pattern registered by the user is included in the plurality of selection patterns detected. If included, the authentication system authenticates that the user is a valid user (S12).
In addition, although the case where it collates after converting the character symbol string input from the user into a selection pattern was described, instead of this, the character symbol string input from the user and the authentication system temporarily hold A method of comparing with a character symbol string may be used.
That is, when the authentication system provides the user with an authentication screen, the authentication system refers to the authentication screen provided to the user and the registered selection pattern, so that it is a valid user when input from the user. A method may be used in which a unique character / symbol string for determination is temporarily stored in a memory, and when the character / symbol string input by the user matches the character / symbol string, the user is determined to be a valid user. .
In such a configuration, it is not necessary to convert the character / symbol string into a selection pattern, and the control configuration of the authentication system can be simplified.

  By the way, since the basic procedure shown in FIG. 2 uses the display element of the individuality identified by the X-axis coordinate and the Y-axis coordinate, the user hardly remembers the selection pattern. For this reason, even if the number of selection patterns that exist in theory is large, the number of selection patterns that are actually used is small. For example, the user selects display elements at the four corners in order clockwise or counterclockwise, or selects display elements included only in a specific column or row. If the number of selection patterns actually used is small, it may be guessed by a third party.

  Therefore, as will be described later, in this embodiment, the screen is configured using display elements that are relatively easy for the user to remember, and the selection pattern reflecting the individuality of the user can be set relatively easily. As will be described later, in this embodiment, a plurality of screens are selected from a plurality of types of screens to perform user authentication. Thereby, even when a character symbol is duplicated and assigned to a display element, it is possible to reduce the possibility that the selection patterns coincide by chance. In addition, the degree of freedom when setting the selection pattern is increased, and user convenience is improved.

  FIG. 3 is a block diagram of the authentication system of the present embodiment. This authentication system includes, for example, an authentication server 1 and a client terminal 2. Although a plurality of authentication servers 1 and a plurality of client terminals 2 can be provided, for convenience of explanation, a case where one authentication server 1 and one client terminal 2 are provided is taken as an example here.

  The configuration of the authentication server 1 will be described first. The authentication server 1 includes, for example, a selection pattern registration unit 10, a reference screen generation unit 11, a reference screen provision unit 12, a conversion unit 13, a matching unit 14, a selection pattern storage unit 15, and a display element storage unit 16. The random number generation unit 17 and the screen management unit 18 can be provided.

  The selection pattern registration unit 10 stores the selection pattern registered by the user in the selection pattern storage unit 15.

  The reference screen generation unit 11 uses the display element storage unit 16 and the random number generation unit 17 to generate a reference screen. The generated reference screen is stored in a storage device such as a memory or an auxiliary storage device, for example. For example, the response performance of the authentication server 1 can be improved by generating and storing a reference screen having a high use frequency in advance. In addition, a reference screen (reference screen only for display elements) is generated in a stage before assigning character symbols to display elements, and character symbols generated irregularly when a reference image is transmitted to the client terminal 2 It may be configured to be combined into image data. The reference screen generated in this way is stored in the storage device and managed by the screen management unit 18.

  Instead of a configuration in which all or part of the reference screen is generated and stored in advance, a configuration in which a reference screen is generated each time a request is made from the client terminal 2 may be used.

  The display element storage unit 16 stores data of display elements such as map data, image data of animals and plants, food and drink, and portrait data of people. The display element storage unit 16 stores various display element groups prepared in advance. Not limited to this, image data and graphics data registered by the user can be stored in the display element storage unit 16 as display elements. For example, the user can register original data such as a landscape or a person photographed with a digital camera or the like as a display element in the authentication server 1 and generate a reference screen using the original data.

  The random number generation unit 17 is configured as, for example, a random number generation function or a random number generation circuit. Based on the random number generated by the random number generator 17, a character symbol is randomly assigned to each display element included in the reference screen. When the screen providing unit 12 assigns a character symbol to a display element, the random number generating unit 17 is used by the screen providing unit 12.

  The reference screen providing unit 12 transmits the generated reference screen to the client terminal 2 and provides it to the user. The reference screen providing unit 12 can provide the reference screen to the user by various methods. For example, the reference screen providing unit 12 can first transmit a list of thumbnail images of the reference screen to the client terminal 2 and then transmit again a reference screen selected from the list of reference screens. .

  The conversion unit 13 converts the character symbol string input from the client terminal 2 into a selection pattern. That is, the conversion unit 13 converts the input character symbol string into a selection pattern based on the information on the reference screen used when inputting the character symbol string.

  The collation unit 14 collates the converted selection pattern with the selection pattern registered for the user, and outputs the collation result. When the selection pattern converted from the input character / symbol string matches the registered selection pattern, it is determined that the user is a valid user. In other cases, it is determined that the access is unauthorized, and the user authentication is requested again. As a result of the collation, when it is determined that the user is a valid user, the user can use various business service processes via the client terminal 2. Examples of the business service process include a customer management system, an inventory management system, and a process management system.

  Next, the configuration of the client terminal 2 will be described. The client terminal 2 includes, for example, a screen display unit 20, a screen selection unit 21, and an input unit 22. The screen display unit 20 displays a reference screen received from the authentication server 1. The screen selection unit 21 is for selecting a reference screen used for inputting a selection pattern. The input unit 22 is for inputting a character symbol string that matches the selection pattern based on the reference screen.

  FIG. 4 is an explanatory diagram showing an overview of the hardware configuration and software configuration of the authentication system. The authentication server 1 includes, for example, a processor (“CPU” in the figure) 101, a memory 102, a communication unit 103, and storage devices 104, 105, and 106.

  The processor 101 includes, for example, one or a plurality of processor cores, and performs a user authentication process by reading and executing a program stored in the memory 102.

  The memory 102 stores various programs P11 to P15. The selection pattern registration program P11 is a program for associating and registering a selection pattern for each user ID of each user. When the processor 101 executes the selection pattern registration program P11, the selection pattern registration unit 10 in FIG. 3 is realized.

  The screen generation program P12 is a program for generating a reference screen. When the processor 101 executes the screen generation program P12, the reference screen generation unit 11 in FIG. 3 is realized.

  The screen providing program P13 is a program for providing a reference screen to the client terminal 2 (user). When the processor 101 executes the screen providing program P13, the reference screen providing unit 12 in FIG. 3 is realized.

  The character symbol string conversion program P14 is a program for converting a character symbol string input from the client terminal 2 into a selection pattern. When the processor 101 executes the character / symbol string conversion program P14, the conversion unit 13 in FIG. 3 is realized.

  The collation program P15 is a program for comparing the converted selection pattern with a registered selection pattern and determining whether or not they match. When the processor 101 executes the verification program P15, the verification unit 14 in FIG. 3 is realized.

  The communication unit 103 performs bidirectional communication with the client terminal 2 via a communication network CN such as the Internet or a LAN (Local Area Network). The communication unit 103 includes a communication protocol used with the client terminal 2. For example, the communication unit 103 corresponds to a protocol having security such as SSL (Secure Sockets Layer) or IPsec (IP Security).

  The storage devices 104, 105, 106 are configured as, for example, a flash memory or a hard disk drive. The storage devices 104, 105, and 106 can be provided in the same physical device, respectively.

  The first storage device 104 corresponds to the selection pattern storage unit 15 in FIG. 3 and is used for registering a selection pattern. The storage device 104 stores, for example, user management information F1 in which a user ID (“UID” in the figure) and a selection pattern are associated with each other.

  The second storage device 105 corresponds to the screen management unit 18 in FIG. 3 and is used for managing the reference screen. In the storage device 105, for example, reference screen management information F2 for managing each reference screen is stored.

  The third storage device 106 corresponds to the display element storage unit 16 in FIG. 3 and is used for storing each display element constituting the reference screen. The storage device 106 stores, for example, data F3 of a plurality of types of display elements for each theme. As described above, each user stores his / her favorite image data, graphics data, and the like in the storage device 106 as a dedicated display element or as a display element used in the group to which the user belongs. You can also.

  The configuration of the client terminal 2 will be described. The client terminal 2 is configured as a computer terminal such as a personal computer, a portable information terminal, a mobile phone, or the like. The client terminal 2 includes, for example, a processor 201, a memory 202, a communication unit 203, a display unit 204, and an input unit 205.

  The processor 201 controls the operation of the client terminal 2. The memory 202 stores software such as an operating system and a WWW (World Wide Web) browser. The communication unit 203 is for performing bidirectional communication with the authentication server 1 via the communication network CN.

  The display unit 204 can be configured as a liquid crystal display, an organic EL (Electronic Luminescent) display, or the like, for example. The display unit 204 displays the reference screen received from the authentication server 1 and corresponds to the screen display unit 20 in FIG.

  The input unit 205 can be configured as, for example, a keyboard switch, a numeric keypad, a pointing device (mouse, trackball, trackpad, tablet, etc.), or a combination thereof. Moreover, it is good also as a structure which can be input by a microphone and a speech recognition program. The input unit 205 is used to select a reference screen or input a character symbol string, and corresponds to the screen selection unit 21 and the input unit 22 in FIG.

  FIG. 5 is an explanatory diagram illustrating a configuration example of a reference screen provided from the authentication server 1. The authentication server 1 can provide each user with a plurality of types of reference screens. Which reference screen group is provided to which user can be set as appropriate. For example, in addition to one or a plurality of reference screens used by the user, a reference screen group can be configured including other types of reference screens. Further, for example, users can be grouped, and the configuration of the reference screen group can be changed for each group. The user can input a character symbol string that matches the selected pattern by switching and using a plurality of types of reference screens G1 to G3 each having a different theme.

  Unlike the matrix arrangement composed of non-individual and meaningless display elements as described with reference to FIG. 2, the reference screen of the present embodiment is composed of a plurality of display elements that are easily meaningful. A display element that is easily meaningful can be defined as a display element that symbolizes a specific event such as a geographical event, a concept, or an object.

  The reference screen G1 shown in the upper part of FIG. 5 has a theme of “world map”, for example, geographical symbols that symbolize North America, South America, Eurasia, Africa, Australia, Japan, etc. Consists of display elements. Each display element is assigned a character symbol.

  The reference screen G2 shown in the middle part of FIG. 5 has the theme “Japan map” and includes, for example, geographical display elements that symbolize Hokkaido, Honshu, Shikoku, Kyushu, and the like. Each display element is assigned a character symbol.

  The reference screen G3 shown in the lower part of FIG. 5 has a theme of “animal” and includes, for example, display elements (image data, graphics data, etc.) meaning dogs and cats. Each display element is assigned a character symbol.

  In the reference screen, the same type of character symbols are used, and at least some of the character symbols are assigned to a plurality of display elements included in the reference screen. That is, on the reference screen G1 of “World Map”, a single-digit number is used as a character symbol. For example, the number “1” is assigned to North America and India, the number “2” is assigned to South America and Australia, and the number “3” is assigned to Africa and Russia.

  Similarly, on the reference screen G2 of “Japan map”, a one-digit (one character) alphabet is used as a character symbol. The alphabet “A” is assigned to the Hokkaido and Kinki regions, the alphabet “B” is assigned to the Kanto region and the Kyushu region, and the alphabet “C” is assigned to the Tohoku region and the Chugoku-Shikoku region.

  Similarly, in the “animal” reference screen G3, a two-digit number is used as a character symbol and is assigned to a plurality of images in an overlapping manner.

  Within the same reference screen, use the same type of character symbols, and assign at least some of the character symbols to multiple display elements to increase the possibility of a selection pattern being guessed by a third party. Can be reduced. Even if the input scene of the character / symbol string by the user is voyeurized by a third party, it is possible to make it difficult to guess the selection pattern by the third party.

  In addition, the number of character symbols (number of digits) used for each display element is changed between different reference screens, so the user can input a selection pattern while switching between reference screens with different number of character symbols per display element. If so, security can be improved. That is, even if a third party steals the input scene of the selection pattern by the user, it is difficult to specify which display element of which reference screen is selected.

  For convenience of explanation, FIG. 5 shows the reference screen relatively coarsely. However, in actuality, each reference screen can be configured to include more display elements. For example, on the reference screen G1 of the “world map”, a finer region, mountain range, river, lake, etc. can be expressed. In addition, for example, in the “Japanese map” reference screen G2, prefectures can also be expressed. Furthermore, in the “animal” reference screen G3, a greater variety of animals can be included. Note that the configuration of the reference screen may be adjusted according to the display resolution, screen size, and the like of the client terminal 2.

  FIG. 6 is an explanatory diagram showing an example of the reference screen management information F2. The reference screen management information F2 is prepared for each reference screen. Each reference screen is set with a reference screen ID for identifying each. For example, each reference screen ID can be associated with a target ID, a target name, a storage destination address of image data, a character symbol, and a policy.

  “Target ID” is information for identifying a display element included in the reference screen. The “target name” is a name set for the display element. The target ID can be set uniquely in the authentication system, and each display element can be specified by only the target ID. Therefore, the target name is not always necessary. However, by managing including the target name, it is possible to easily maintain and change the reference screen management information F2.

  The “image data storage destination address” is information for indicating a location where display element data is stored. That is, the storage position in the storage device 106 in FIG. 4 is set to the image data storage destination address.

  In the “character symbol”, code information of the character symbol assigned to the display element is set. Which character symbol is set for which display element is determined at random based on, for example, a “policy” set for each reference screen. The “policy” is information indicating a condition regarding the configuration of the reference screen, and includes, for example, a character symbol assignment condition. The “policy” can also be referred to as a screen configuration policy, for example. For example, when the policy of “assigning a single digit number in duplicate” is set, a single digit number is assigned to each display element of the reference screen. For example, when the policy of “assign two-digit characters without duplication” is set, each display element on the reference screen is assigned two-letter character symbols without duplication.

  FIG. 7 is an explanatory diagram showing a state in which the character / symbol allocation method for each display element is changed between the selection pattern registration and the user authentication. An example of a reference screen used at the time of user authentication is shown on the upper side of FIG.

  At the time of user authentication, a predetermined number of character symbols of a predetermined type are assigned to each display element in accordance with the screen configuration policy described above. When overlapping assignment of character symbols is set in the policy, the same character symbol is assigned to different display elements in duplicate.

  On the other hand, on the lower side of FIG. 7, a reference screen used when the user registers a selection pattern is shown. In the reference screen at the time of registration, different character symbols are assigned to each display element, and there is no duplication. Therefore, when registering the selection pattern in the authentication server 1, the selection pattern desired by the user can be immediately specified based on the character / symbol string input from the client terminal 2. There are various other methods, which will be described in another embodiment.

  FIG. 8 is a flowchart showing a registration process when a selection pattern is registered in the authentication server 1. The same applies to the flowcharts described below, but the outline of each process will be described within the scope necessary for understanding and implementation of the present invention. For this reason, the flowchart may be different from the actual program. In the following description, “step” is abbreviated as “S”.

  First, when the user accesses the authentication server 1 via the client terminal 2 (S21), the authentication server 1 transmits a menu screen to the client terminal 2 (S22). When the user selects the password registration menu from the menu screen (S23), the authentication server 1 transmits the password registration screen to the client terminal 2 (S24).

  The password registration screen can include, for example, a user ID input field for setting a user ID, a thumbnail display of a reference screen group, and the like. When the user inputs the user ID on the password registration screen (S25), the authentication server 1 stores the user ID in the user management information F1 (S26).

  Next, when the user selects a reference screen from the list of thumbnail images via the client terminal 2, the authentication server 1 transmits the selected reference screen (S28). The user inputs a part or all of the selection pattern by sequentially selecting display elements while referring to the reference screen (S29).

  Here, as described above, each reference screen is made up of display elements that can be easily given specific meanings under respective themes set. Then, the user can select one or a plurality of reference screens according to his / her preference from the list of reference screens. Therefore, the user can select the reference screen according to his / her experience, taste, hobbies, and the like, and can select display elements in an order that is easy for the user to memorize.

  For example, a user who was born in Japan, grew up in the United States, and worked for a European company would use a reference screen with the theme of “World Map” to display geographical information in the order of “Japan → America → Europe”. Elements can be selected.

  In addition, for example, a user who was born and raised in Hokkaido, entered a school in Kanto, married a opposite sex in the Kinki region, and had a cat can use the reference screen for the theme of “Japan Map” to select “Hokkaido → Kanto region”. After selecting the "Kinki region" display element in turn, the display screen can be switched to the reference screen of the "Animal" theme and the display element indicating "Cat" can be selected.

  Furthermore, for example, a user who is interested in food and drink can select food and drink in the order of his / her preference using a reference screen of the theme of “food and drink”.

  In addition, for example, the user uploads, in advance, a souvenir photograph at family or work, a photograph derived from his work or career, etc., to the authentication server 1 so as to include a unique photograph group including these personal photographs. A reference screen can also be configured. Then, the user can select photos in order so as to trace his / her past using the reference screen unique to the user.

  As described above, in this embodiment, a reference screen is generated for each theme using display elements associated with specific events instead of using tasteless figures. Therefore, the user can set the selection pattern according to personal information such as the user's own experience. Thereby, each user can set the selection pattern which is hard to forget, respectively, and can reduce the possibility of being guessed by a third party. In addition, since each user can set different selection patterns based on personal information, the authentication system can maintain a variety of selection patterns.

  Now, part or all of the selection pattern input from the client terminal 2 is transmitted to the authentication server 1 (S29). For example, as shown as the password transmission information D1, the characters and symbols assigned to the display elements are transmitted to the authentication server 1 in the order of selection. The transmission information D1 includes a reference screen ID for specifying the reference screen from which the character / symbol string is selected.

  Upon receiving the password transmission information D1 from the client terminal 2, the authentication server 1 converts this character / symbol string into a selection pattern (S30). Here, as described in conjunction with FIG. 7, at the time of password registration, different character symbols are assigned to the respective display elements in each reference screen. Therefore, in what reference screen and in what order the display elements are selected can be easily determined from the reference screen ID and the character symbol string.

  When the authentication server 1 converts the character / symbol string into a selection pattern, the authentication server 1 stores the converted selection pattern in the selection pattern storage unit 15 (S31).

  On the other hand, the user can also switch to another reference screen and continue the password (selection pattern) setting operation (S31). When the reference screen is switched (S31: YES), the client terminal 2 requests the authentication server 1 to transmit the reference screen selected by the user as described above (S27). In response to this request, the authentication server 1 transmits the selected reference screen to the client terminal 2 (S28). The user can set a selection pattern using the switched reference screen (S29).

  In this way, the user can set a selection pattern using one or a plurality of reference screens. When the selection pattern setting is completed, the client terminal 2 notifies the authentication server 1 that the selection pattern setting has been completed (S32). Upon receiving the selection pattern setting completion notification, the authentication server 1 determines the contents of the user management information F1 (S34).

  As shown in the lower part of FIG. 8, the user management information F1 includes a reference screen ID and a selection order of display elements on the reference screen. The selection order of display elements can be specified, for example, by arranging display element target IDs in the order in which the display elements are selected. Since the user management information F1 also includes a reference screen ID, when registering a selection pattern using a plurality of reference screens, the switching order between the reference screens can also be used as part of the selection pattern. it can.

  When registering a selection pattern, from the viewpoint of security, for example, the authentication server 1 can request the user to set the selection pattern using a plurality of reference screens. As the number of reference screens to be used increases and the number of reference screen switching increases, it becomes more difficult for a third party to guess the selection pattern. However, if the number of reference screens to be used is increased, the effort for password registration also increases. Therefore, the authentication server 1 can request the user for the number of reference screens used, for example, so that security and operability are balanced. The complexity of the selection pattern can be changed according to the type of business service that the user desires to use, or can be changed for each group to which the user belongs.

  FIG. 9 is a flowchart showing user authentication processing. First, the user accesses the authentication server 1 via the client terminal 2 (S41). The authentication server 1 transmits a login screen to the client terminal 2 (S42).

  When the user inputs a user ID on the login screen via the client terminal 2 (S43), the authentication server 1 refers to the user management information F1 to check whether or not the input user ID exists ( S44). If the user ID is not confirmed, the authentication server 1 can ask the user to re-enter the user ID.

  When the user ID is confirmed, the authentication server 1 transmits a list of reference screen groups to the client terminal 2 (S45). The authentication server 1 provides a plurality of types of reference screens including a reference screen associated with the user ID to the client terminal 2 in a list format. The authentication server 1 can provide the thumbnail images of each reference screen to the client terminal 2 in a list format.

  The client terminal 2 stores the list of reference screen groups received from the authentication server 1 as a temporary file (S46). The user selects a reference screen that matches the registered selection pattern from the list of reference screen groups (S47). When the reference screen is selected by the user, a transfer request for the reference screen is transmitted from the client terminal 2 to the authentication server 1, and the authentication server 1 transmits the requested reference screen to the client terminal 2 (S48).

  The user inputs a part or all of the selection pattern based on the reference screen received from the authentication server 1 (S49). When the registered selection pattern uses a plurality of reference screens, the user inputs the selection pattern (S49) while switching the reference screens (S52).

  Upon receiving the information (reference ID and character symbol string) input from the client terminal 2, the authentication server 1 converts the character symbol string into a selection pattern (S50). The selection pattern detected from the received character symbol string is stored in a temporary file in the memory (S51).

  When the input of the selection pattern is completed (S53: YES), an input completion notification is transmitted from the client terminal 2 to the authentication server 1 (S54). The authentication server 1 acquires the selection pattern associated with the user ID confirmed in S44 from the selection pattern storage unit 15 (S55), and the selection pattern converted from the input character / symbol string and the registered selection pattern Is matched (S56).

  If both the selection patterns match (S56: YES), the authentication server 1 determines that the user is a valid user, and causes the user to provide business service processing (S57). On the other hand, when both the selection patterns do not match (S56: NO), the authentication server 1 performs error processing (S58). In the error processing, for example, an error message indicating that the input selection pattern does not match the user ID is notified to the client terminal 2. Further, for example, when error processing is performed a predetermined number of times or more for the same user ID, the authentication server 1 may be configured not to accept user authentication related to the user ID. Furthermore, when error processing is performed, it is good also as a structure which contacts with the contact address of the user registered beforehand by an e-mail etc.

  According to this embodiment configured as described above, it is possible to set a selection pattern derived from personal information of each user relatively easily by using a plurality of types of reference screens prepared for each theme. it can. As a result, the user can memorize the selection pattern without much trouble, and there is no need to manage passwords with a notebook or the like, which improves usability.

  In addition, since each user usually has different careers, hobbies, etc., the diversity of selection patterns can be ensured. By ensuring the diversity of the selection patterns, it is possible to reduce the possibility of a third party uncovering the selection pattern and to increase the security of the authentication system.

  In addition, after receiving the selection pattern input completion notification from the client terminal 2, the registered selection pattern is acquired when the user ID is confirmed (S44) instead of acquiring the registered selection pattern corresponding to the user ID. The structure to do may be sufficient. In this case, the character symbol string received from the client terminal 2 is converted into a selection pattern, compared with the registered selection pattern, and error processing (S58) is executed when the two patterns do not match. Also good.

  A second embodiment will be described with reference to FIG. Each of the following embodiments including this embodiment corresponds to a modification of the first embodiment. In the present embodiment, the selection pattern is registered by the user directly selecting the display element of the reference screen.

  FIG. 10 is a flowchart showing a registration process when a selection pattern is registered in the authentication server 1. Since this flowchart includes steps common to the flowchart shown in FIG. 8, a redundant description will be omitted, and the description will focus on the steps characteristic of this embodiment.

  When the user selects a desired reference screen from the group of reference screens included in the password registration screen (S27), the authentication server 1 transmits the selected reference screen to the client terminal 2 (S28).

  The user inputs a selection pattern by directly selecting a display element in the reference screen displayed on the client terminal 2 (S29A). For example, the user directly designates a display element by selecting the display element of the reference screen with a pointer or the like. That is, it is not necessary to assign a character symbol to the display element of the reference screen when registering the selection pattern. Each display element of the reference screen is associated with a target ID for identifying it. Therefore, the authentication server 1 can directly recognize the selection pattern without analyzing the character symbol string.

  Configuring this embodiment like this also achieves the same operational effects as the first embodiment. In addition to this, in this embodiment, since the display element in the reference screen is directly selected by a pointing device or the like, the user does not need to input while picking up the character symbol, and the operability is improved. However, when a state of selecting a display element is voyeurized, a selection pattern may be specified by a third party. Therefore, this embodiment is preferably used in an environment where voyeurism and peeping by a third party are prevented.

  A third embodiment will be described with reference to FIG. In this embodiment, every time the user selects a reference screen, a list of reference screen groups is transmitted from the authentication server 1 to the client terminal 2.

  FIG. 11 is a flowchart showing user authentication processing. When the user accesses the authentication server 1 via the client terminal 2 (S61), the authentication server 1 transmits a login screen to the client terminal 2 (S62).

  When the user inputs a user ID via the client terminal 2 (S63), the authentication server 1 checks whether or not the input user ID has been registered (S64), and displays a list of reference screen groups on the client terminal. 2 (S65).

  When the user selects a desired reference screen from the list of reference screens displayed on the client terminal 2 (S66), the authentication server 1 transmits the selected reference screen to the client terminal 2 (S67). .

  The user selects at least a part of the selection pattern as a character symbol string by selecting a display element included in the selected reference screen (S68). The authentication server 1 converts the character / symbol string input from the client terminal 2 into a selection pattern (S69) and stores it (S70).

  The user can set a selection pattern using a plurality of reference screens. When the reference screen is switched (S71: YES), the client terminal 2 requests the authentication server 1 to retransmit the reference screen group list (S72). As a result, the authentication server 1 retransmits the list of reference screen groups to the client terminal 2 (S65). That is, in this embodiment, each time the reference screen is switched, a list of reference screen groups is transmitted from the authentication server 1 to the client terminal 2, and steps S65 to S72 are repeatedly executed.

  As described in the first embodiment, when the input of the selection pattern is completed (S73: YES), an input completion notification is transmitted from the client terminal 2 to the authentication server 1 (S74). The authentication server 1 acquires the registered selection pattern corresponding to the user ID (S75), and determines whether the selection pattern input from the client terminal 2 matches the registered selection pattern (S76). If both the selection patterns match (S76: YES), business service processing is provided (S77). If they do not match, error processing is performed (S78).

  Configuring this embodiment like this also achieves the same operational effects as the first embodiment. In addition, in this embodiment, every time the user selects a reference screen, a list of reference screen groups is transmitted from the authentication server 1 to the client terminal 2 every time, so the configuration of the reference screen group is changed each time. It is possible to improve security. That is, in the present embodiment, it is not necessary to include all of the plurality of reference screens used for inputting the selection pattern by the user in the first reference screen group in advance, and the reference screen group according to the progress of the selection pattern input. It is also possible to change the configuration.

  A fourth embodiment will be described with reference to FIG. In this embodiment, at the time of registering a selection pattern, the user inputs a character symbol string a plurality of times, and the authentication server 1 automatically determines the selection pattern that the user desires to register.

  FIG. 12 is a flowchart showing the selection pattern registration process. This flowchart includes steps common to the flowchart shown in FIG. Therefore, the steps characteristic of this embodiment will be mainly described.

  First, as a precondition, in the selection pattern registration process according to the present embodiment, a character / symbol string is irregularly and redundantly assigned to each display element of the reference screen, similarly to the reference screen used at the time of user authentication.

  In the first embodiment, as described in conjunction with FIG. 7, on the reference screen used at the time of registration of the selection pattern, a character symbol is assigned to uniquely specify each display element. That is, since the character symbol assigned to each display element does not overlap, the selection pattern can be immediately specified by the reference screen ID and the character symbol string.

  In the second embodiment, the user directly selects the display element of the reference screen using a pointing device or the like, and transmits the target ID of the display element to the authentication server 1. Therefore, the authentication server 1 can immediately specify the selection pattern that the user desires to register.

  On the other hand, in the present embodiment, the character / symbol strings are assigned to the display elements in the same manner as in the reference screen used in the actual user authentication. In this embodiment, the authentication server 1 analyzes the character / symbol string input from the client terminal 2 to identify a selection pattern that the user desires to register.

  As shown in the flowchart of FIG. 12, when a character symbol string is input from the client terminal 2 (S29), the authentication server 1 of the present embodiment converts this character symbol string into a selection pattern (S30). However, since a character symbol is assigned to each display element in duplicate, the selection pattern cannot be specified even if the character symbol string is received only once. This is because there are a plurality of selection patterns corresponding to the input character symbol string.

  Therefore, the authentication server 1 determines whether or not the selection pattern has been identified based on the character / symbol string input from the client terminal 2 (S81). If the selection pattern cannot be identified (S81: NO), the authentication server 1 changes the character symbols assigned to the display elements of the reference screen (S82), and transmits the reference screen to the client terminal 2 again (S28). This reference screen is different only in the character symbol assignment state, and there is no change in other configurations (themes, types of display elements included).

  The user picks up the character symbol corresponding to the selection pattern desired to be registered based on the reference screen in which the assignment of the character symbol is changed, and inputs the character symbol string (S29). The authentication server 1 again converts the character / symbol string input from the client terminal 2 into a selection pattern (S30), and determines whether the selection pattern has been identified (S80).

  The authentication server 1 compares the plurality of selection patterns detected at the previous conversion with the selection pattern detected at the current conversion, and leaves only the selection patterns detected at both as registered pattern candidates. The authentication server 1 transmits a reference screen in which the character / symbol assignment state is changed to the client terminal 2 until the number of registered pattern candidates is narrowed down to one, and requests the user to input a character / symbol string. When the registered pattern candidates are narrowed down to one, the selection pattern desired by the user is specified (S81: YES).

  The authentication server 1 stores the specified selection pattern (S31), and notifies the client terminal 2 that it has been specified (S83). Upon receiving this specific completion notification, the client terminal 2 is allowed to switch to the next reference screen (S31). Furthermore, when registering a selection pattern using another reference screen, the user selects another reference screen (S27). As described above, a character / symbol string is input a plurality of times for the reference screen newly selected by the user, and the authentication server 1 automatically determines the selection pattern.

  Configuring this embodiment like this also achieves the same effects as the first embodiment. In addition to this, in this embodiment, the selection pattern is registered using a reference screen used at the time of user authentication. Therefore, in this embodiment, an unfamiliar user can be given an opportunity to practice, and the authentication system can be operated smoothly. Further, as in the case of user authentication, since the character symbols are irregularly and redundantly assigned to the display elements, the security can be further improved.

  A fifth embodiment of the present invention will be described with reference to FIG. In this embodiment, it is automatically prompted to change the registered selection pattern. FIG. 15 is a flowchart showing a password (selection pattern) change process.

  The authentication server 1 determines, for each user ID, whether a predetermined time has elapsed since the last change of the registered selection pattern (S91). When a predetermined time has elapsed since the previous change (S91: YES), the change of the selection pattern shown in S93 and thereafter is started. Even if the predetermined time has not elapsed since the previous change (S91: NO), if the selection pattern change instruction is input from the system administrator (S92: YES), the change of the selection pattern is started. The

  Thus, in this embodiment, the registered selection pattern can be changed every predetermined period, for example, every month or every three months. Also, the registered selection pattern can be changed when the system administrator issues a change instruction. The configuration may be such that all the users are prompted to change the selection pattern all at once, or the configuration may be such that only some users are prompted to change the selection pattern.

  When changing the registered selection pattern, the authentication server 1 waits for access from the client terminal 2 (S93). When accessed, the authentication server 1 stores the current registered selection pattern from the selection pattern storage unit 15 (S93: YES). Obtain (S94).

  Then, the authentication server 1 requests the client terminal 2 to change the registered selection pattern (S95). After requesting the change, the authentication server 1 generates a reference screen different from the reference screen related to the currently registered selection pattern (S96), and transmits a list of reference screen groups including the new reference screen to the client terminal 2. (S97). Thereby, the user can set a new selection pattern using a new reference screen. The configuration may be such that all the reference screens used in the currently registered selection pattern are totally replaced at once, or a configuration in which some reference screens are left as they are and the remaining reference screens are replaced with new ones.

  Configuring this embodiment like this also achieves the same operational effects as the first embodiment. In addition to this, in this embodiment, since the configuration prompts the change of the registered selection pattern, the security can be further improved. Further, in this embodiment, since the configuration of the reference screen group used when registering the selection pattern is changed, a selection pattern different from the currently registered selection pattern can be registered, and the security is further improved. For example, when the current selection pattern is set based on the reference screen of “Japan map” and the reference screen of “Kanto region map”, the authentication server 1 intentionally selects “ Exclude the “Kanto region map” and add a reference screen such as “Food & Drink” or “Hobby”. As a result, the user re-registers the selection pattern using another reference screen (such as “food” or “hobby”) instead of the reference screen of “Kanto region map”.

  A sixth embodiment of the present invention will be described with reference to FIG. In this embodiment, the communication network used for transmitting the reference screen is separated from the communication network used for inputting the character / symbol string.

  FIG. 14 is a block diagram of an authentication system according to the present embodiment. In the authentication system of the present embodiment, the first client terminal 2A and the second client terminal 2B are used as the client terminal 2.

  The first client terminal 2A is a reference screen terminal used for selection and reception of a reference screen. The first client terminal 2A is configured as, for example, a mobile phone, a portable information terminal, a personal computer, or the like, and includes a screen display unit 20 and a screen selection unit 21. The first client terminal 2A is connected to the authentication server 1 via the first communication network CN1.

  The second client terminal 2B is a character symbol string input terminal used for inputting a character symbol string. Similar to the first client terminal 2A, the second client terminal 2B is configured as a mobile phone, a portable information terminal, a personal computer, or the like, and includes an input unit 22. The second client terminal 2B is connected to the authentication server 1 via the second communication network CN2.

  Here, as an example, the first client terminal 2A is configured as a mobile phone, and the first communication network CN1 is configured as a mobile communication network and the Internet. The second client terminal 2B is configured as a personal computer, and the second communication network CN2 is configured as the Internet or a LAN.

  While confirming the reference screen displayed on the first client terminal 2A, the user finds a character symbol that matches the selection pattern and inputs a character symbol string from the second client terminal 2B.

  Configuring this embodiment like this also achieves the same operational effects as the first embodiment. In addition to this, in this embodiment, since the selection and display of the reference screen and the input of the character / symbol string are performed using separate communication networks CN1 and CN2, security can be improved. Note that a configuration may be adopted in which a plurality of virtual client terminals are provided in the same physical computer terminal, and each virtual terminal is connected to an authentication server via a separate communication network.

The present invention is not limited to the above-described embodiment. A person skilled in the art can make various additions and changes within the scope of the present invention.
For example, as described in the description of FIG. 2, when the authentication screen (reference screen) is provided to the user, the authentication system side specifies in advance the character / symbol string that will be input from the legitimate user. It is possible to temporarily store the data in a memory, compare the temporarily stored character symbol string with the character symbol string input by the user, and determine that the user is a valid user if they match. Good.
Such a configuration can be expressed as follows, for example. In other words, “a screen for generating a plurality of types of reference pattern input reference screens by irregularly assigning inputable character symbols to each of a plurality of types of display elements and a registration means for registering display element selection patterns” Generating means, screen providing means for providing the generated plural types of reference screens, screen display means for displaying the provided reference screens, and one or more of the displayed plural types of reference screens. Selection means for selecting a plurality of reference screens, input means for selecting a character symbol assigned to the display element included in the selected reference screen according to a selection pattern, and inputting a character symbol string, and the registration A character symbol string obtained from the provided reference screen based on the selection pattern registered in the means is created and stored in advance, and the stored character symbol And a character / symbol string input from the input means, and if the two match, the authentication system includes a verification means for authenticating that the user is a valid user. it can.

It is explanatory drawing which shows the concept of embodiment of this invention. It is explanatory drawing which shows the outline of registration and authentication of a selection pattern. It is a block diagram of an authentication system. It is explanatory drawing which shows the hardware constitutions and software constitutions of an authentication system. It is explanatory drawing which shows the example of a reference screen. It is explanatory drawing which shows the structure of reference screen management information. It is explanatory drawing which compares and shows the reference screen used for user authentication, and the reference screen used for registration of a selection pattern. It is a flowchart which shows the registration process of a selection pattern. It is a flowchart which shows a user authentication process. It is a flowchart which shows the registration process of the selection pattern performed with the authentication system which concerns on 2nd Example. It is a flowchart which shows the user authentication process performed with the authentication system which concerns on 3rd Example. It is a flowchart which shows the registration process of the selection pattern performed with the authentication system which concerns on 4th Example. It is a flowchart which shows the change request process of the selection pattern performed with the authentication system which concerns on 5th Example. It is a block diagram of the authentication system which concerns on 6th Example.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Authentication server, 2, 2A, 2B ... Client terminal, 10 ... Selection pattern registration part, 11 ... Reference screen production | generation part, 12 ... Reference screen provision part, 13 ... Conversion part, 14 ... Collation part, 15 ... Selection pattern memory | storage , 16 ... display element storage unit, 17 ... random number generation unit, 18 ... screen management unit, 20 ... screen display unit, 21 ... screen selection unit, 22 ... input unit, G1 to G3 ... reference screen, CN, CN1, CN2 ... Communication network, 101 ... Processor, 102 ... Memory, 103 ... Communication unit, 104, 105, 106 ... Storage device, 201 ... Processor, 202 ... Memory, 203 ... Communication unit, 204 ... Display unit, 205 ... Input unit, D1 ... password transmission information, F1 ... user management information, F2 ... reference screen management information, F3 ... display element data, P11 ... selection pattern registration program, P12 ... screen generation program , P13 ... screen providing program, P14 ... character symbol string conversion program, P15 ... matching program

Claims (14)

A registration means for registering a display element selection pattern;
Screen generation means for generating a plurality of types of reference pattern input reference screens by irregularly assigning inputable character symbols to each of a plurality of types of display elements;
Screen providing means for providing the generated plural types of reference screens;
Screen display means for displaying the provided reference screen;
A selection means for selecting one or more reference screens from the plurality of displayed reference screens;
An input means for selecting a character symbol assigned to the display element included in the selected reference screen according to a selection pattern and inputting a character symbol string;
Conversion means for converting the inputted character symbol string into a selection pattern based on the inputted character symbol string and the selected reference screen;
Collation means for collating the converted selection pattern with the selection pattern registered by the registration means;
Equipped with a,
The screen generation means can generate the reference screen by randomly assigning at least some of the character symbols to a plurality of display elements in an irregular manner, and
An authentication system configured to reduce the frequency of assigning the character symbol to a plurality of display elements in a duplicated manner when registering the selection pattern by the registration means . Each of the display elements is configured as a graphic element that symbolizes a specific event,
Each reference screen has a different theme, and
The authentication system according to claim 1, wherein each reference screen includes a display element that matches each theme.   The authentication system according to claim 1, wherein the selection pattern includes a selection order of the plurality of selected reference screens.   The authentication system according to claim 1, wherein the screen generation unit changes the number of the character symbols assigned to each display element within the same reference screen or between different reference screens.   The authentication system according to claim 1, wherein the screen providing unit provides the plurality of types of reference screens simultaneously.   The authentication system according to claim 1, wherein the screen providing unit provides a list of reduced screens of the plurality of types of reference screens first, and provides a reference screen selected from the list of reduced screens.   The authentication system according to claim 1, wherein the screen providing unit provides a plurality of types of reference screens that are related to each other in a hierarchical manner. The collation means collates each of the selected reference screens,
The authentication system according to claim 1, wherein the screen providing unit provides the next reference screen when the collation by the collating unit is successful. It further comprises a change request means for requesting a change of the selection pattern,
2. When the change request unit requests a change of a selection pattern, the registration unit registers a new selection pattern using a reference screen different from a reference screen related to the currently registered selection pattern. The authentication system described in.   The registration means discriminates the selection pattern by repeatedly providing a plurality of types of reference screens by the screen providing means, and analyzing the information input from the input means each time. The authentication system according to claim 1, wherein the selected pattern is registered as the selected pattern. The image providing means provides the reference screen via a first communication network;
The selection means selects the reference screen via the first communication network,
The authentication system according to claim 1, wherein the selection pattern input by the input unit is transmitted to the verification unit via a second communication network different from the first communication network. An authentication system comprising an authentication server and a client terminal,
The authentication server is
A registration means for registering a display element selection pattern;
Screen generation means for generating a reference pattern input reference screen for each theme by irregularly assigning inputable character symbols to each of the plurality of types of display elements that match the theme,
Screen providing means for providing the client terminal with a reference screen for each generated theme;
Conversion means for converting the inputted character symbol string into a selection pattern based on a character symbol string inputted from the client terminal and a reference screen selected by the client terminal;
Collating means for collating the converted selection pattern and the selection pattern registered by the registration means,
The client terminal is
Screen display means for displaying a reference screen provided from the authentication server;
Selecting means for selecting one or more reference screens from the displayed plural types of reference screens and notifying the authentication server;
By selecting a character symbol assigned to the display element included in the selected reference screen according to a selection pattern, a character symbol string is input, and the input character symbol string is notified to the authentication server. Input means for,
Equipped with a,
The screen generation means can generate the reference screen by randomly assigning at least some of the character symbols to a plurality of display elements in an irregular manner, and
An authentication system configured to reduce the frequency of assigning the character symbol to a plurality of display elements in a duplicated manner when registering the selection pattern by the registration means . A method for performing authentication processing between an authentication server and a client terminal,
In the authentication server, registering a display element selection pattern;
In the authentication server, by randomly assigning character symbols that can be input to each of a plurality of types of display elements, a plurality of types of reference screens for selection pattern input are generated. Providing the client terminal with the authentication server , wherein the reference screen can be generated by randomly assigning at least some of the character symbols to a plurality of display elements in an irregular manner. When,
In the client terminal, displaying a reference screen provided from the authentication server;
In the client terminal, selecting one or a plurality of reference screens from the plurality of displayed reference screens and notifying the authentication server;
In the client terminal, a character symbol assigned to the display element included in the selected reference screen is selected according to a selection pattern, and a character symbol string composed of the selected character symbol is selected from the client terminal. Sending to the authentication server;
In the authentication server, based on the character symbol string received from the client terminal and a reference screen selected by the client terminal, converting the received character symbol string into a selection pattern;
In the authentication server, matching the converted selection pattern with the registered selection pattern;
Run, respectively,
The authentication method , wherein the step of registering the selection pattern reduces the frequency of assigning the character symbol to a plurality of display elements redundantly . A program for causing a computer to perform authentication processing,
The computer,
Means for registering display element selection patterns;
Means for generating a plurality of types of reference pattern input screens by randomly assigning inputable character symbols to each of a plurality of types of display elements , wherein at least some of the character symbols It is possible to generate the reference screen by randomly assigning to a plurality of display elements, and when registering the selection pattern, the frequency of assigning the character symbols to the plurality of display elements is reduced. Means to
Means for providing the generated plural types of reference screens;
Means for specifying one or a plurality of reference screens selected from the plurality of provided reference screens;
Means for receiving a character symbol string formed by selecting a character symbol assigned to the display element included in the selected reference screen according to a selection pattern;
Means for converting the received character symbol string into a selection pattern based on the received character symbol string and the selected reference screen;
A program that functions as a means for collating the converted selection pattern with the registered selection pattern.

Images