JP5593280B2 - Authentication apparatus and authentication method - Google Patents

Description

  The present invention relates to an authentication device and an authentication method for preventing unauthorized access.

  In recent years, small and lightweight devices such as USB memories, smartphones, and tablet devices that can easily carry digital information have become widespread. However, while it has become easier to carry digital data, information leakage of digital information is regarded as a problem, and security technology is required to reduce or prevent information leakage. When a device having a memory storing data information is used, it will lead to information leakage as soon as it is lost.

  In order to solve such a problem, there is a method in which digital information is stored in a server on a network, and the digital information is accessed and operated using communication. And in order to ensure security when accessing a server, the input of the password comprised by the symbol string by keyboard input and the technique regarding biometric authentication are also proposed (for example, refer nonpatent literature 1). .

“Biometric”, [online], Wikipedia, [Search June 9, 2011], Internet, <URL: http: //en.wikipedia.org/wiki/%E7%94%9F%E4%BD% 93% E8% AA% 8D% E8% A8% BC>

  However, when inputting a password by keyboard input, the arrangement of the symbols does not include personal characteristics such as handwriting, so that no trace of the person who made unauthorized access remains clearly. In biometric authentication technology, there are still problems with high system cost and recognition rate. Furthermore, there remains a problem that biometric authentication technology cannot be corrected once it is stolen.

  The present invention has been made paying attention to the above circumstances, and an object of the present invention is to provide an authentication system that can secure high security at low cost.

  To achieve the above object, according to a first aspect of the present invention, there is provided a device having a plurality of conductive portions, a touch screen for simultaneously detecting the positions of the plurality of conductive portions, and the positions of the conductive portions of the device. A device information storage unit that stores in advance a layout pattern indicating a coordinate relationship, a layout pattern derived from the position of a conductive unit detected by the touch screen, and a layout pattern stored in the device information storage unit are collated. A device identification unit that identifies the device, a device collation unit that collates the identification information of the device identified by the device identification unit, and the identification information of the device previously associated with the access target, and a user Handwriting information storage unit for storing handwriting information obtained by operating the device on the touch screen in advance , Wherein when the verification result by the device verification unit is correct, provides authentication apparatus and a trajectory collation unit for collating the the trace drawn on the touch screen and the handwriting information.

  In addition, according to a second aspect of the present invention, a user who operates the device is authenticated by an authentication device including a device in which a plurality of conductive portions are arranged and a touch screen that simultaneously detects the positions of the plurality of conductive portions. A step of preliminarily storing an arrangement pattern indicating a relationship of position coordinates of the conductive portion of the device, an arrangement pattern derived from the position of the conductive portion detected by the touch screen, and the accumulated A step of identifying the device by collating with an arrangement pattern; a step of collating identification information of the identified device with identification information of a device associated in advance with an access target; and Preliminarily storing handwriting information obtained by operating on the touch screen; and If the scan of the collation result is correct, it provides an authentication method and a step of collating the trace drawn on the touch screen and the handwriting information.

  According to the first and second aspects, an authentication technique using a device in which a plurality of conductive parts are arranged and a touch screen is proposed as an authentication technique different from key input and biometric authentication using a conventional keyboard. Specifically, when a device identified by the touch screen is moved on the touch screen, a path such as a symbol or a character drawn by each conductive part grounded on the touch screen is used as a password input. Since no data is stored in a single device having a plurality of conductive parts, there is no direct information leakage even when the device is lost. Since an operation history of the device remains on the application, it can be an authentication technology that utilizes personal characteristics.

  That is, according to the present invention, it is possible to provide an authentication system that can ensure high security at low cost.

1 is an external view of an authentication device according to an embodiment of the present invention. The functional block diagram which shows the function structure of a tablet device. The figure which shows an example of the information accumulate | stored in the device information storage part of FIG. The figure for demonstrating the bit pattern of a physical device. The figure which shows the equivalence of bit pattern information. The flowchart which shows operation | movement of an authentication apparatus. The flowchart which shows an example of a process of the grounding device of FIG. 2, and a ground surface detection process part. The flowchart which shows an example of a process of the grounding device direction calculation process part of FIG. The figure for demonstrating the direction of a device. The figure which shows an example of the locus | trajectory drawn by the center coordinate of the physical device. The figure which shows an example of the locus | trajectory drawn by all the electroconductive parts of the ground plane of a physical device.

Hereinafter, an authentication apparatus and an authentication method according to an embodiment of the present invention will be described in detail with reference to the drawings.
FIG. 1 is an external view of an authentication apparatus according to an embodiment of the present embodiment.
This authentication apparatus includes a tablet device 1 and a physical device 2. The physical device 2 does not have an electronic circuit and has one or more surfaces including a plurality of conductive portions 21 and other nonconductive portions. The conductive part 21 has a region charged with static electricity. The area can have many shapes, for example, a dot shape or a rectangular shape. The electroconductive part 21 should just be a conductor, for example, is produced with an aluminum foil or a copper film. The non-conductive portion may be a dielectric, such as wood or polystyrene foam. The arrangement pattern determined by the positions of the plurality of conductive portions 21 on each surface is different on all surfaces.

  The tablet device 1 has a capacitive touch screen 11 attached thereto, and can detect the positions of a plurality of electrostatic points at the same time. When the conductive portion 21 of the physical device 2 is grounded to the touch screen 11, it acts in the same manner as when a finger is touched at the ground position. Conversely, even if the non-conductive portion is grounded to the touch screen 11, it acts as if nothing is grounded to the touch screen 11.

FIG. 2 shows a functional block diagram of the tablet device 1.
In addition to the touch screen 11 shown in FIG. 1, the tablet device 1 includes a grounding point detection processing device 50, a first database 60, a second database 65, a real-time processing generation device 70, a grounding point information processing device 80, and display screen processing. A device 90 is provided.

The ground point detection processing device 50 includes a ground point position coordinate acquisition processing unit 51. The ground point position coordinate acquisition processing unit 51 detects the conductive unit 21 of the physical device 2 grounded to the touch screen 11 and accumulates the position coordinates of the conductive unit 21 in the ground point information storage unit 61.
The first database 60 includes a grounding point information storage unit 61, a handwriting information storage unit 62, a device information storage unit 63, and a grounding device center coordinate and direction storage unit 64.
The ground point information accumulation unit 61 accumulates information on the ground point acquired by the ground point position coordinate acquisition processing unit 51. When accumulating information, the position coordinates of the contact point and the acquisition time are stored.

  The handwriting information storage unit 62 stores handwriting information obtained by the user operating the physical device 2 on the touch screen 11 in association with the handwriting ID in advance. The handwriting information can be obtained by the ground point information processing apparatus 80 based on the ground device center coordinates and the position and direction stored in the direction storage unit 64.

  The device information storage unit 63 includes, for example, the type of physical device (device ID corresponding to the type), the ground plane of the physical device 2 to be grounded with the touch screen 11, and the positions of all the conductive sections on the plane (the conductive section The arrangement pattern), the distance ratio between the conductive parts, and the distance and orientation of the center coordinates with respect to the reference position (Origin Position) are stored in association with each other.

  The ground device center coordinate and direction accumulating unit 64 accumulates the center coordinate and orientation of the physical device 2 that is grounded and obtained by the ground point information processing apparatus 80. The ground point information processing device 80 detects center coordinates and orientations at regular time intervals in accordance with events issued by the real time processing generator 70, and sends these detected information to the ground device center coordinates and direction storage unit 64. hand over.

The second database 65 is constructed on a server or the like on the network and includes an information storage unit 66. The information storage unit 66 stores, for example, data such as conference materials (access target) registered in advance by the user and a device ID and handwriting ID used for authentication when accessing the data in association with each other.
The real-time processing generator 70 generates an event for notifying information processing of the tablet device 1 at regular time intervals.

The ground point information processing apparatus 80 includes a ground device and ground plane detection processing unit 81, a ground device direction calculation processing unit 82, a ground device position coordinate calculation processing unit 83, a ground device verification processing unit 84, an action verification processing unit 85, and data. A sending and issuing unit 86 is provided.
The ground device and ground plane detection processing unit 81 detects the type of the physical device 2 grounded to the touch screen 11 and the ground plane. Specifically, the grounding device and grounding surface detection processing unit 81 determines the type of the physical device 2 used by the user and the grounding surface from the relationship (arrangement pattern) of the position coordinates of the conductive unit 21 of the physical device 2. Uniquely identify.

The ground device direction calculation processing unit 82 detects the direction of the physical device 2 by calculation from the position coordinates of the conductive unit 21 of the physical device 2 grounded to the touch screen 11.
The ground device position coordinate calculation processing unit 83 detects the center coordinates of the physical device 2 from the position coordinates of the conductive unit 21 of the physical device 2 grounded to the touch screen 11 by calculation.

  The ground device verification processing unit 84 associates the device ID corresponding to the type of the physical device 2 detected by the ground device and the ground plane detection processing unit 81 with the data stored in the information storage unit 66 of the second database 65. The physical device 2 is checked to determine whether the physical device 2 is a device that allows access to data in the server.

  The action collation processing unit 85 collates the action on the touch screen of the ground device (the trajectory drawn on the touch screen) with the handwriting information accumulated in the handwriting information accumulation unit 62. And the action collation process part 85 collates handwriting ID corresponding to the handwriting information identified by collation, and handwriting ID matched with the data memorize | stored in the information storage part 66 of the 2nd database 65, The said It is determined whether the user is permitted to access data in the server.

The data sending / issuing unit 86 issues a query for sending data stored in the information storage unit 66 of the second database 65 to the server when the matching results of the ground device matching processing unit 84 and the action matching processing unit 85 are correct. .
The display screen processing device 90 includes an image update processing unit 91. The image update processing unit 91 displays an image on the touch screen 11 based on the position, orientation, and frame coordinates of the physical device 2 that is grounded.

Here, information stored in the device information storage unit 63 will be described with reference to FIG. 3A.
As shown in FIG. 3A, the device information storage unit 63 determines the physical device type, the ground plane and the positions of all conductive parts (also referred to as bit parts) on the surface, the distance ratio between the conductive parts, Origin The distance and the direction of the center coordinates with respect to the Position are stored in association with each other.

  3A shows the position of the conductive portion, the position of the protruding portion may be shown. In this case, a touch screen 11 having a function of detecting the position of the point receiving the pressure is installed instead of the position of the point charged with static electricity. In this case, a device having a protruding portion is used instead of the conductive portion.

  In FIG. 3A, the distance ratio between the conductive portions is accumulated, but an angle ratio having an equivalent meaning may be stored. Based on this distance ratio or angle ratio, the tablet device 1 can recognize the relationship between the position coordinates of each electrostatic part (hereinafter also referred to as a bit pattern).

Here, the bit pattern will be described with reference to FIGS. 3A, 3B, and 3C. The bit pattern is a type indicating an arrangement relationship of positions of bit portions arranged on the surface on the physical device 2. The bit portion may be indicated in any format as long as the touch screen 11 can recognize the position in the screen. Examples of the bit part include a conductive part made of a conductor and a pressure part that applies pressure to the touch panel. If the position of the bit portion on the touch screen 11 is different, the tablet device 1 recognizes that it indicates a different bit pattern, and performs different operations depending on these different bit patterns. In the case of physical devices 2 shown in FIG. 1, for example, there are six bit patterns illustrated in FIG. 3 A. Different operation contents can be associated with each of the six bit patterns.

  In the case of the physical device 2 shown in FIG. 1 above, in order to recognize which of the six bit patterns the group of bit parts detected by the tablet device 1 corresponds to, There are a case where recognition is performed based on a ratio of distances between bit portions and a case where recognition is performed based on a certain angle of a figure connecting the bit portions. When recognizing by the ratio of the distances between the bit parts, three position coordinates are acquired from the ground point information accumulation part 61, and the distance between the three points is calculated from these coordinates. Three of these distances are normalized with the shortest distance. In the case of the bit patterns shown in FIGS. 3A and 3B, there are three distance ratios as shown in FIGS. 3A and 3B. Therefore, the upper stage of the six patterns in FIG. 3B depends on the distance ratio. You can see which of the three types shown in the middle and bottom. Whether the pattern is a base bit pattern or a mirror-symmetrical pattern of this pattern cannot be determined from the distance ratio alone. Therefore, it is possible to determine whether the bit is a base bit pattern or a mirror-symmetric pattern by acquiring from the ground point information storage unit 61 where the bit part called Third Point or Long Hand is located. . Here, three bit parts are defined. A bit portion that forms the shortest distance and forms the longest distance is referred to as “Orgin in Point” (hereinafter referred to as OP). Of the two conductive parts 201 forming the shortest distance, a point excluding OP is referred to as a second point (hereinafter referred to as SP or short hand). The last remaining point is referred to as Third Point (hereinafter referred to as TP or Long Hand).

  When recognizing from a certain angle of the figure connecting the bit portions, the angles of the three corners of the triangle formed from the three points are calculated from the three position coordinates acquired from the contact point information storage unit 61. By examining the maximum angle among these three angles, it can be determined which of the three patterns shown in the upper, middle, and lower stages of the six patterns in FIG. Whether the bit pattern is a base bit pattern or a mirror-symmetric pattern is the same as in the case of recognition based on the ratio of the distances between the bit portions.

  As can be understood from the above description, as shown in FIG. 3C, the bit pattern shown in FIGS. 3A and 3B is equivalent to the expression of the ratio of the distance between the bit parts and the position of TP. It is also equivalent to expressing with a certain angle of the figure connecting the parts and the position of TP.

Next, the operation of the authentication device according to the present embodiment will be described with reference to FIG. FIG. 4 is a flowchart showing the processing contents of the authentication apparatus. Here, it is assumed that the user grounds one surface selected from the six surfaces of the physical device 2 to the touch screen 11 and uses it for authentication.
When the physical device 2 used for authentication by the user is grounded to the touch screen 11, the real-time processing generator 70 generates an event every 33 ms, for example, using the timer processing of the CPU present in the tablet device 1 (step S101). . When an event occurs, the ground point position coordinate acquisition processing unit 51 detects the position coordinates of the conductive unit 21 of the physical device 2 based on the electrostatic distribution on the touch screen 11 and accumulates it in the ground point information accumulation unit 61 (step). S102).

In the ground point information processing apparatus 80, the ground device and ground plane detection processing unit 81 detects the type of the physical device 2 grounded to the touch screen 11 and the ground plane (step S121).
FIG. 5 is a flowchart of processing of the ground device and ground plane detection processing unit 81. The position coordinates of the three conductive parts 21 detected by the ground point position coordinate acquisition processing part 51 are acquired from the ground point information storage part 61 (step S501), and the distance between the conductive parts 21 is calculated (step S502). The smallest distance among the obtained three distances is used as a reference, and each distance derived by the distance is divided and normalized (step S503). On the other hand, as shown in FIG. 3A, the device information storage unit 63 stores the relationship between the device and the device surface corresponding to the bit pattern (positional relationship of the bit part; here, the ratio of the distance) as shown in FIG. 3B. Has been. The ratio and the position of TP obtained by normalization are compared with the information in the database of the device information storage unit 63 to uniquely identify the ground device and the ground plane (step S504).

  The ground device verification processing unit 84 obtains a device ID corresponding to the type of the ground device detected in step S121 and a device ID associated with the data stored in the information storage unit 66 of the second database 65. Collation is performed to determine whether the physical device 2 is a device that allows access to the data (step S122). If the collation result of the physical device 2 is incorrect, no processing is performed and the process returns to step S101.

On the other hand, if the collation result of the physical device 2 is correct, the ground device direction calculation processing unit 82 calculates the direction from the position coordinates of the conductive portion of the ground surface of the physical device 2 (step S123).
FIG. 6 is a flowchart of the process of the ground device direction calculation processing unit 82. The detected position coordinates of the three conductive parts 21 are acquired from the ground point information storage part 61, and the distances between the conductive parts 21 are calculated (steps S501 and S502). When the distance is calculated, the conductive portion 21 that forms the shortest distance and forms the longest distance is set as OP (step S601). Next, a point excluding OP among the two conductive portions 21 forming the shortest distance is set as SP (step S602). The last remaining point is set as TP (step S603). The position coordinates of OP and SP are acquired (step S604). At this time, an angle from the OP with respect to the touch screen coordinate system to the SP is set as the device direction (step S605).

  Here, the direction of the device will be described with reference to FIG. Device orientation refers to the touch screen coordinate system. The touch screen coordinate system is a coordinate system in which, for example, the horizontal direction of the touch screen is a horizontal axis and the vertical direction is a vertical axis. The angle formed between the straight line connecting OP and SP and the horizontal axis of the touch screen coordinate system is defined as the device direction.

  Next, the grounding device position coordinate calculation processing unit 83 calculates center coordinates from the position coordinates of the conductive portion of the grounding surface of the physical device 2 (step S124). In the device information storage unit 63, the distance and direction to the center coordinates are stored in the device for OP. This distance and direction are, for example, vector information of arrows in FIG. 3A. The center coordinates of the device with reference to the touch screen coordinate system can be obtained by adding the arrow vector of FIG. 3A from the position coordinates of the OP viewed from the touch screen coordinate system. Here, the central coordinates are used as the position coordinates of the device, but may be changed according to the user's intention, application, and the like.

The direction and center coordinates of the grounded physical device 2 obtained by the ground point information processing apparatus 80 are accumulated in the ground device center coordinate and direction accumulation unit 64.
The image update processing unit 91 updates the display on the touch screen with the position and direction of the physical device 2 (step S125). For example, a locus drawn by the center coordinates of the physical device 2 is displayed on the touch screen 11.

  When the user presses the verification key after completing the action (signature) with the physical device 2 (step S120: YES), the action verification processing unit 85 determines whether the authentication action performed by the user is correct (step S130). . The action collation method can be identified by performing pattern matching on the handwriting information registered in the handwriting information storage unit 62 in advance and the locus drawn on the touch screen 11 by image processing technology. Then, the action collation processing unit 85 collates the handwriting ID corresponding to the identified handwriting information with the handwriting ID associated with the data stored in the information storage unit 66 of the second database 65, and the user It is determined whether the user is allowed to access data in the server. If the authentication action is correct (step S131: YES), the data sending / issuing unit 86 issues a query for sending data from the server (step S132).

  FIG. 8A and FIG. 8B show examples of trajectories drawn by the physical device 2. FIG. 8A shows a trajectory drawn by the center coordinates of the ground plane of the physical device 2. FIG. 8B shows a trajectory drawn using all the conductive portions 21 on the ground plane of the physical device 2. As shown in FIG. 8B, since the trajectory drawn using the plurality of conductive portions 21 is more complicated, higher security can be ensured. In addition, the locus | trajectory used for collation may use the locus | trajectory drawn by one of the electroconductive parts 21, and a figure etc. may be sufficient not only as a symbol and a character.

  As described above, according to the above-described embodiment, a physical device on which a plurality of conductive parts are arranged is grounded on the touch screen, and the device is identified by comparing with a pre-registered arrangement pattern. A high level of security can be ensured by performing authentication by comparing the drawn trajectory with pre-registered handwriting information.

  Since no data is stored in a single device having a plurality of conductive parts, there is no direct information leakage even when the device is lost. Since an operation history of the device remains on the application, it can be an authentication technology that utilizes personal characteristics. In addition, physical devices can be made of materials that can be purchased easily and inexpensively, such as aluminum foil and paper, which are sold on a daily basis, and have the advantage that they can be made into any shape according to the size of the user's hand. is there.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Further, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, you may combine suitably the component covering different embodiment.

  DESCRIPTION OF SYMBOLS 1 ... Tablet device, 11 ... Touch screen, 2 ... Physical device, 21 ... Conductive part, 50 ... Grounding point detection processing apparatus, 51 ... Grounding point position coordinate acquisition processing part, 60 ... 1st database, 61 ... Grounding point information storage 62: Handwriting information storage unit, 63: Device information storage unit, 64 ... Ground device center coordinate and direction storage unit, 65 ... Second database, 66 ... Information storage unit, 70 ... Real-time processing generator, 80 ... Ground point Information processing apparatus, 81 ... ground device and ground plane detection processing unit, 82 ... ground device direction calculation processing unit, 83 ... ground device position coordinate calculation processing unit, 84 ... ground device collation processing unit, 85 ... action collation processing unit, 86 ... Data sending and issuing unit, 90 ... Display screen processing device, 91 ... Image update processing unit.

Claims (4)

A device having a plurality of surfaces in which a plurality of conductive portions are arranged in different arrangement patterns, and
A touch screen that simultaneously detects the positions of a plurality of conductive parts on a grounded surface ;
A device information accumulating unit that accumulates in advance an arrangement pattern indicating the relationship between the position coordinates of the conductive portions of the device;
A device identification unit for identifying the device by comparing the arrangement pattern derived from the position of the conductive part detected by the touch screen with the arrangement pattern accumulated in the device information accumulation unit;
A device verification unit that compares the identification information of the device identified by the device identification unit with the identification information of the device associated in advance with the access target;
A handwriting information accumulating unit for preliminarily accumulating handwriting information obtained by operating a device on the touch screen by grounding one surface selected from the plurality of surfaces by the touch screen;
An authentication apparatus, comprising: a trajectory collation unit that collates a trajectory drawn on the touch screen with the handwriting information when a collation result by the device collation unit is correct. The authentication apparatus according to claim 1, wherein the handwriting information is a locus drawn by all the conductive parts on a surface grounded to the touch screen. The device is operated by an authentication device including a device having a plurality of surfaces in which a plurality of conductive portions are arranged in different arrangement patterns and a touch screen that simultaneously detects the positions of the plurality of conductive portions on the grounded surface. A method of authenticating a user,
Pre-accumulating an arrangement pattern indicating the relationship between the position coordinates of the conductive portions of the device;
Identifying the device by comparing the arrangement pattern derived from the position of the conductive part detected by the touch screen with the accumulated arrangement pattern;
Collating the identification information of the identified device with the identification information of a device previously associated with the access target;
Pre-accumulating handwriting information obtained by a user grounding one surface selected from the plurality of surfaces to the touch screen and operating the device on the touch screen;
Collating a trajectory drawn on the touch screen with the handwriting information when the collation result of the device is correct;
An authentication method characterized by comprising: The authentication method according to claim 3, wherein the handwriting information is a trajectory drawn by all the conductive parts on a surface grounded to the touch screen.

Images