JP6330625B2 - Authentication program, authentication method, and authentication apparatus - Google Patents

Description

  The present invention relates to an authentication program, an authentication method, and an authentication device.

  Authentication systems are widely used for the purpose of preventing unauthorized access to computers connected to a network and preventing unauthorized access to highly confidential data. One of the authentication methods used by the authentication system is a challenge response type test (hereinafter referred to as CR test). The CR test is a mechanism in which an authentication system that has received an authentication request from a user issues a problem to the user (challenge) and approves access to the authentication system (authentication success) when the user's answer (response) is correct. .

  One CR test is called CAPTCHA. CAPTCHA, which is currently widely used, presents an image with a distorted character string and a camouflage background to the user, causes the user to input the character string, and determines that the authentication is successful when the input character string is correct To do. Since the distorted character string is displayed in the background of the camouflage color, it is difficult for the computer program to automatically read the character string. Therefore, it is possible to prevent an attack (for example, mass acquisition of accounts) that repeatedly accesses the authentication system using a computer program (hereinafter referred to as a bot) that performs work on behalf of a human.

JP 2009-175988 A

  Although the improvement of the authentication technique using CAPTCHA is performed every day, the performance of the bot is also improved. As a result of taking measures to increase the distortion of the character string and complicate the background in order to compete with high-performance bots, it becomes difficult for humans to read the character string, and it is possible to input the character string correctly Authentication may fail many times without being able to. On the other hand, a method of hiring a large number of workers in areas with low wages and attacking the authentication system using human tactics (relay attack) has also become a problem, with string distortion and background complexity within human perception. It is difficult to improve attack resistance simply by increasing.

  Therefore, according to one aspect, an object of the present invention is to provide an authentication program, an authentication method, and an authentication device that increase the difficulty of authentication by an access source other than a specific person.

  According to one aspect of the present disclosure, when authenticating an access source on a computer, a plurality of images read from a storage unit that stores an image and a character string in association with each other are displayed on a display unit in a selectable manner. The selection for the plurality of displayed images is accepted, and the selection order for the plurality of images is selected next to a predetermined number of characters from the end of the character string associated with the selected image and the selected image. An authentication program is provided that executes a process of determining that authentication is successful when the order of selection matches a predetermined number of characters from the beginning of a character string associated with an image. Is done.

  According to another aspect of the present disclosure, when the computer authenticates the access source, a plurality of images read from a storage unit that stores an image and a character string in association with each other can be selected as a display unit. The selection of the plurality of displayed images is received, and the selection order of the plurality of images is determined by the number of characters from the tail of the character string associated with the selected image and the selected image. Next, a process for determining that the authentication is successful is executed when the order of selection matches the predetermined number of characters from the beginning of the character string associated with the selected image. An authentication method is provided.

  According to another aspect of the present disclosure, when authenticating an access source, a plurality of images read from a storage unit that stores an image and a character string in association with each other are displayed on a display unit in a selectable manner. A display control unit, a reception unit that accepts selections for a plurality of displayed images, and a selection order for the plurality of images, a character for a predetermined number of characters from the tail of a character string associated with the selected images, And a determination unit that determines that the authentication is successful when the number of characters corresponding to the predetermined number of characters from the beginning of the character string associated with the image selected next to the selected image matches the selected order. An authentication device is provided.

  According to the present invention, it is possible to increase the difficulty of authentication by an access source other than a specific person.

It is the figure which showed an example of the authentication system which concerns on 1st Embodiment. It is the figure which showed an example of the authentication system which concerns on 2nd Embodiment. It is the figure which showed an example of the hardware of the terminal device which concerns on 2nd Embodiment. It is the sequence diagram which showed an example of the authentication process of a challenge response system. It is the block diagram which showed an example of the function of the terminal device which concerns on 2nd Embodiment. It is the block diagram which showed an example of the function of the authentication server which concerns on 2nd Embodiment. It is the figure which showed an example of the character database which concerns on 2nd Embodiment. It is the figure which showed an example of the image database which concerns on 2nd Embodiment. It is a figure showing an example of authentication operation (selecting an image in order) concerning a 2nd embodiment. It is the figure which showed an example of authentication operation (an image is moved to an answer column) concerning 2nd Embodiment. It is the figure which showed an example of the preparation process (creation of a character string ID list) of the problem which concerns on 2nd Embodiment. It is a figure showing an example of problem creation processing (selection of image data) concerning a 2nd embodiment. It is the flowchart which showed an example of operation | movement of the terminal device which concerns on 2nd Embodiment. It is a figure for demonstrating the deviation | shift amount of the movement locus | trajectory which concerns on 2nd Embodiment. It is the flowchart which showed an example of operation | movement (whole) of the authentication server which concerns on 2nd Embodiment. It is the flowchart which showed an example of operation | movement (problem creation) of the authentication server which concerns on 2nd Embodiment. It is the figure which showed an example of the character database which concerns on the modification (Modification # 1: 2 character shiritori) of 2nd Embodiment. It is the flowchart which showed an example of operation | movement of the terminal device which concerns on the modification (Modification # 2: No designation | designated of the first image) of 2nd Embodiment. It is the flowchart which showed an example of the operation | movement (whole) of the authentication server which concerns on the modification (Modification # 2: No designation | designated of the first image) of 2nd Embodiment. It is the figure which showed an example of the problem display which concerns on the modification (Modification # 3: Display of the image which is not used) of 2nd Embodiment.

  Embodiments of the present invention will be described below with reference to the accompanying drawings. In addition, about the element which has the substantially same function in this specification and drawing, duplication description may be abbreviate | omitted by attaching | subjecting the same code | symbol.

<1. First Embodiment>
The first embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating an example of an authentication system according to the first embodiment. The first embodiment relates to an authentication system that performs authentication using a so-called “shiritori”. This authentication system may select a plurality of images so that the name of the object included in the image is properly arranged to be “sit-out”, present the plurality of images to the user, and the user can arrange the images correctly. If successful, it is determined that authentication is successful.

The authentication system according to the first embodiment includes a terminal device 10, an authentication device 20, and a storage unit 30.
The terminal device 10 and the authentication device 20 are, for example, a personal computer, a server device, or a computer such as a smartphone or a tablet terminal. The storage means 30 is a storage device such as an HDD (Hard Disk Drive) or an SSD (Solid State Drive). The storage means 30 may be a storage device such as a RAID (Redundant Array of Inexpensive Disks) device or a NAS (Network Attached Storage) device that is a combination of a plurality of storage devices.

  The terminal device 10 includes a display unit 11 and can communicate with the authentication device 20 via the network NW. The network NW is a communication network formed by, for example, a wired or wireless communication line, or a communication line combining these. The display means 11 is a display device such as an LCD (Liquid Crystal Display) or an ELD (Electro-Luminescence Display). The authentication device 20 is connected to the storage unit 30 and can read data stored in the storage unit 30 or write data to the storage unit 30. The storage unit 30 may be built in the authentication device 20.

  The authentication device 20 includes a display control unit 21, a reception unit 22, and a determination unit 23. The authentication device 20 may include a volatile storage device such as a RAM (Random Access Memory) or a nonvolatile storage device such as an HDD or a flash memory.

  The display control unit 21, the reception unit 22, and the determination unit 23 are processors such as a CPU (Central Processing Unit) and a DSP (Digital Signal Processor). However, the display control unit 21, the reception unit 22, and the determination unit 23 may be electronic circuits such as an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA). For example, the display control unit 21, the reception unit 22, and the determination unit 23 execute a program stored in a memory such as the nonvolatile storage device or the storage unit 30 described above.

  As shown in FIG. 1, the storage means 30 stores an image PCT and a character string STR in association with each other. FIG. 1 illustrates three images Pic # 1 to Pic # 3 as the image PCT. Pic # 1 is an image of the camera. Pic # 2 is an image of a chair. Pic # 3 is an image of a watermelon. In this case, the character string STR corresponding to Pic # 1 is “camera”. Similarly, the character string STR corresponding to Pic # 2 is “chair”, and the character string STR corresponding to Pic # 3 is “watermelon”.

  The storage means 30 stores, for example, a set of a partial character string (hereinafter referred to as the first partial string) positioned at the beginning of the character string STR and a partial character string positioned at the end (hereinafter referred to as the trailing partial string) in association with the image PCT. May be. The partial character string referred to here is a character corresponding to a predetermined number of characters. In the example of FIG. 1, the predetermined number of characters is set to one character, but the predetermined number of characters may be set to two or more characters. In the example of FIG. 1, for example, the storage unit 30 stores a pair (K, LA) of the first substring “K” and the last substring “La” of the character string “Camera” in association with Pic # 1. Also good. The same applies to Pics # 2 and # 3.

  When the authentication device 20 authenticates the access source (for example, the user of the terminal device 10), the display control unit 21 causes the display unit 11 to display a plurality of images PCT read from the storage unit 30 in a selectable manner. For example, the display control unit 21 reads Pic # 1 to # 3 from the storage unit 30, transmits the read Pic # 1 to # 3 to the terminal device 10, and displays the display unit 11 (for example, a display of a Web browser or dedicated software). Area). At this time, the display control unit 21 enables the user to select Pics # 1 to # 3 displayed on the display unit 11.

  If Pic # 1 to Pic # 3 are arranged in the order of Pic # 2, Pic # 3, and Pic # 1, the corresponding character strings are in the order of “chair”, “watermelon”, and “camera”, and “shiritori” is established. Whether or not “shitoritori” is established between one character string STR and another character string STR is whether the last substring of one character string STR matches the first substring of another character string STR. Judgment is based on the logic ("Shiritori" logic). Therefore, the display control unit 21 refers to the first substring and the last substring of each character string STR, selects a combination of character strings STR in which the above “shiritori” is established, and displays the combination of the selected images PCT. 11 is displayed.

  The accepting unit 22 accepts selection for a plurality of displayed images PCT. For example, the reception unit 22 acquires information regarding the order in which the user has selected Pics # 1 to # 3 from the terminal device 10. In the example of FIG. 1, Pic # 2 is first selected, then Pic # 3 is selected, and then Pic # 1 is selected. In this case, the reception unit 22 acquires information on the order (Pic # 2 → Pic # 3 → Pic # 1) from the terminal device 10.

  In addition, the code | symbol H in a figure represents the operation body for a user to select Pic # 1- # 3. In the case of an operation using a touch panel or a touch pad, a human finger or a stylus pen can be used as an operation body. On the other hand, in the case of an operation using an input interface such as a mouse, a pointer displayed on the display means 11 as an operation body can be used.

  The determination unit 23 determines that the authentication is successful when the selection order of the plurality of images PCT is “shiritori”. That is, the determination unit 23 determines the number of characters from the end of the character string STR associated with the selected image PCT and the character associated with the image PCT selected next to the selected image PCT. It is sequentially determined whether or not a predetermined number of characters match from the top of the column STR. Then, the determination unit 23 determines that the authentication is successful when it is determined in the determination that all of the selected images PCT match in order of selection.

  For example, the determination unit 23 determines whether the end subsequence “S” corresponding to the selected Pic # 2 matches the start subsequence “S” corresponding to Pic # 3 selected next to Pic # 2. judge. Next, the determination unit 23 determines whether or not the tail substring “K” corresponding to Pic # 3 matches the head substring “K” of Pic # 1 selected next to Pic # 3. In this case, since both match, the determination unit 23 determines that the selection order is “shiritori” (chair → watermelon → camera), and determines that the authentication is successful.

  CAPTCHA, which displays a distorted character string on a complex background and allows the user to read the character string and input the character string for authentication (hereinafter referred to as a normal method), characterizes the character to increase attack resistance. The visibility of the column is reduced. On the other hand, the authentication system according to the first embodiment obtains the basis of attack resistance in the logic of “Shiritori” and does not rely on the complexity of the display contents. Therefore, according to the authentication system which concerns on 1st Embodiment, the visibility of a display content can be ensured and attack tolerance can be improved, maintaining the ease of input operation.

  In the first place, “Shiritori” depends on the language. For example, except for chances, “Shiritori” is established in Japanese, but “Shiritori” is not established in English. Therefore, even if the same set of image PCTs is displayed, the image PCT can be easily selected in the order of “Shiritori” for Japanese-speaking people, but in the order of “Shiritori” for English-speaking people. It is difficult to select the image PCT. That is, according to the authentication system according to the first embodiment, it is possible to improve the attack resistance against a person other than the specific language area.

As one of modified examples for further improving attack resistance in the authentication system according to the first embodiment, a method of additionally displaying an image PCT that is not used for “shiritori” is conceivable.
For example, in the example of FIG. 1, even if the “car” image Pic # 4 (not shown) is displayed, Pic # 4 is not used for “shiritori” established for Pic # 1 to # 3. Whether or not the image PCT is used for “shiritori” can be easily judged by a person who can easily understand “shiritori”. On the other hand, if the number of displayed images PCT increases, the number of “permutations” for sequentially selecting the images PCT increases, which increases the difficulty for a bot that tries the selection order of the images PCT brute force. That is, the attack resistance is further improved.

On the other hand, as one of modifications that enhance the ease of input operation in the authentication system according to the first embodiment, a method of previously displaying an image PCT to be selected first is conceivable.
For example, a method of displaying a number such as “1” on the image PCT to be selected first, or a method of highlighting the image PCT in a state where the image PCT cannot be selected can be considered. The user can quickly “sit” by selecting the first image PCT in advance. Further, by combining with the above-described method of additionally displaying the image PCT that is not used for “shiritori”, it is possible to adjust the balance between the attack resistance and the ease of input operation.

  In addition, as one of the modifications for further improving the attack resistance in the authentication system according to the first embodiment, a plurality of images PCT having the same combination of the start subsequence and the end subsequence are prepared and used every time authentication is performed. A method of changing the PCT at random is conceivable.

  For example, the combination of the first substring and the last substring of the character string “camera” is (K, La), but the combination of the first substring and the last substring of the character string “Castera” is also (K, La). . In other words, if one of two character strings “camera” and “castera” can be used for a certain “shiritori”, the other can be used for the “shiritori”. Therefore, even if the “castera” image PCT is displayed instead of Pic # 1 in the example of FIG. 1, the authentication device 20 can determine the success or failure of the authentication with the same logic. If a plurality of character strings STR and images PCT having the same combination of the first substring and the last substring are stored in the storage unit 30 in association with each other, the method according to the modified example is facilitated.

  When the above method is applied, it is possible to give a plurality of variations to the combination of image PCTs for the same “shiritori”, and against an attack that happens to memorize and reuse the combination of image PCTs that happen to be successfully authenticated. Resistance can be strengthened. Further, even if the image PCT combination is varied, the logic of “shiritori” based on the combination of the leading subsequence and the trailing subsequence does not change, so the main processing performed by the authentication device 20 is not changed. There is also an advantage that this method can be applied.

The first embodiment has been described above.
<2. Second Embodiment>
Next, a second embodiment will be described. The second embodiment relates to an authentication system that performs authentication using “shiritori”. This authentication system may select a plurality of images so that the name of the object included in the image is properly arranged to be “sit-out”, present the plurality of images to the user, and the user can arrange the images correctly. If successful, it is determined that authentication is successful.

[2-1. Authentication system]
FIG. 2 is a diagram illustrating an example of an authentication system according to the second embodiment.
As shown in FIG. 2, the authentication system according to the second embodiment includes a terminal device 100 and an authentication server 200. The terminal device 100 is a computer such as a personal computer, a tablet terminal, or a smartphone. The authentication server 200 is a computer such as a server device, for example. The terminal device 100 can communicate with the authentication server 200 via a network. The network is, for example, a communication network formed by a wired or wireless communication line, or a communication line combining these.

  Hereinafter, although the authentication of the access source (the user of the terminal device 100) in the above authentication system will be described as an example, the technique according to the second embodiment is directed to login authentication for one computer, authentication for a specific process, and the like. Is also applicable. Such applications naturally belong to the technical scope of the second embodiment.

[2-2. hardware]
FIG. 3 is a diagram illustrating an example of hardware of the terminal device according to the second embodiment. The terminal device 100 is an example of a terminal device according to the second embodiment.

  The functions of the terminal device 100 can be realized using, for example, hardware resources shown in FIG. That is, the functions of the terminal device 100 are realized by controlling the hardware shown in FIG. 3 using a computer program.

  As shown in FIG. 3, this hardware mainly includes a CPU 902, a ROM (Read Only Memory) 904, a RAM 906, a host bus 908, and a bridge 910. Further, this hardware includes an external bus 912, an interface 914, an input unit 916, an output unit 918, a storage unit 920, a drive 922, a connection port 924, and a communication unit 926.

  The CPU 902 functions as, for example, an arithmetic processing unit or a control unit, and controls the overall operation of each component or a part thereof based on various programs recorded in the ROM 904, the RAM 906, the storage unit 920, or the removable recording medium 928. . The ROM 904 is an example of a storage device that stores a program read by the CPU 902, data used for calculation, and the like. The RAM 906 temporarily or permanently stores, for example, a program read by the CPU 902 and various parameters that change when the program is executed.

  These elements are connected to each other via, for example, a host bus 908 capable of high-speed data transmission. On the other hand, the host bus 908 is connected to an external bus 912 having a relatively low data transmission speed via a bridge 910, for example. As the input unit 916, for example, a mouse, a keyboard, a touch panel, a touch pad, a button, a switch, a lever, or the like is used. Furthermore, as the input unit 916, a remote controller capable of transmitting a control signal using infrared rays or other radio waves may be used.

  As the output unit 918, for example, a display device such as a CRT (Cathode Ray Tube), an LCD, a PDP (Plasma Display Panel), or an ELD is used. As the output unit 918, an audio output device such as a speaker or headphones, or a printer may be used. In other words, the output unit 918 is a device that can output information visually or audibly.

  The storage unit 920 is a device for storing various data. As the storage unit 920, for example, a magnetic storage device such as an HDD is used. Further, as the storage unit 920, a semiconductor storage device such as an SSD or a RAM disk, an optical storage device, or a magneto-optical storage device may be used.

  The drive 922 is a device that reads information recorded on a removable recording medium 928 that is a removable recording medium or writes information on the removable recording medium 928. As the removable recording medium 928, for example, a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory is used.

  The connection port 924 is a port for connecting an external connection device 930 such as a USB (Universal Serial Bus) port, an IEEE 1394 port, a SCSI (Small Computer System Interface), an RS-232C port, or an optical audio terminal. For example, a printer or a camera is used as the external connection device 930.

  The communication unit 926 is a communication device for connecting to the network 932. As the communication unit 926, for example, a communication circuit for wired or wireless LAN (Local Area Network), a communication circuit for WUSB (Wireless USB), a communication circuit or router for optical communication, an ADSL (Asymmetric Digital Subscriber Line) Communication circuits, routers, communication circuits for mobile phone networks, and the like are used. A network 932 connected to the communication unit 926 is a wired or wireless network, and includes, for example, the Internet, a LAN, a broadcast network, a satellite communication line, and the like.

  Although the hardware of the terminal device 100 has been described above, the functions of the authentication server 200 can also be realized by the hardware illustrated in FIG. Therefore, description of the hardware of the authentication server 200 is omitted.

[2-3. Example of authentication processing]
The authentication processing according to the second embodiment is based on challenge-response authentication processing. Therefore, an outline of challenge-response authentication processing will be described. FIG. 4 is a sequence diagram illustrating an example of challenge-response authentication processing.

(S101) The terminal device 100 transmits a message (authentication request) requesting to start execution of the authentication process to the authentication server 200.
(S102, S103) The authentication server 200 generates challenge data in response to the received authentication request. In the case of the second embodiment, the challenge data is data indicating a problem to be answered by the user. The authentication server 200 transmits the generated challenge data to the terminal device 100. That is, the authentication server 200 gives a question to the user.

  (S104, S105) The terminal device 100 accepts input of response data corresponding to the received challenge data. The response data is data indicating an answer to the problem indicated by the challenge data. The terminal device 100 transmits the input response data to the authentication server 200. That is, the user answers an inquiry from the authentication server 200 via the terminal device 100.

  (S106, S107) The authentication server 200 determines whether the answer indicated by the response data is correct or incorrect. In the case of correct answer, the authentication server 200 transmits an authentication result (authentication success) to the terminal device 100, and executes processing (for example, account issuance and access permission) at the time of successful authentication. On the other hand, in the case of an incorrect answer, the authentication server 200 transmits an authentication result (authentication failure) to the terminal device 100 and ends a series of authentication processes or executes the processes subsequent to S102 again.

  As described above, the authentication server 200 sends challenge data to the terminal device 100, executes processing for the challenge data on the terminal device 100 side, and returns a result of the processing to the authentication server 200 as response data. Say the method. The challenge response method can change the challenge data every time, so even if the response data is eavesdropped, it is unlikely that unauthorized authentication using the response data will be successful, and it is highly resistant to eavesdropping. It is done.

  In the authentication processing according to the second embodiment, the problem to be presented to the user is further devised, and a correct answer can be easily made by a human but a problem that is difficult for the computer is used as a challenge. However, the authentication process according to the second embodiment does not mean that anyone can easily answer correctly, but it can be easily answered by a specific person but difficult for other persons to answer correctly. Use. Hereinafter, a problem generation method according to the second embodiment, an authentication process using the method, and the like will be further described.

[2-4. Terminal device functions]
Here, functions of the terminal device 100 will be described. FIG. 5 is a block diagram illustrating an example of functions of the terminal device according to the second embodiment.

The terminal device 100 includes an input unit 101, a communication processing unit 102, and a display unit 103.
The function of the input unit 101 can be realized by using the input unit 916 described above. The function of the communication processing unit 102 can be realized using the connection port 924, the communication unit 926, and the like described above. The function of the display unit 103 can be realized by using the output unit 918 described above. In addition, control of the terminal device 100 and data retention can be realized using the CPU 902, the RAM 906, the storage unit 920, and the like.

  The input unit 101 receives user input. For example, the user inputs an instruction to start access to the authentication server 200 via the input unit 101. The input unit 101 that has received an access start instruction inputs an authentication request transmission command to the communication processing unit 102. The communication processing unit 102 to which the transmission command is input in the authentication request transmits the authentication request to the authentication server 200. The communication processing unit 102 receives the challenge data transmitted from the authentication server 200 in response to the authentication request and inputs the challenge data to the display unit 103.

  The display unit 103 displays the problem indicated by the challenge data input from the communication processing unit 102. As will be described later, the challenge data according to the second embodiment includes a plurality of image data and an image ID corresponding to each image data. The image ID is identification information for specifying each image data. The problem indicated by the challenge data is to arrange a plurality of images in the order of “shiritori”. The display unit 103 displays the image in a selectable manner using the image data included in the challenge data as a problem. The input unit 101 detects a selection operation for each image, and inputs the selection order to the communication processing unit 102.

  The communication processing unit 102 determines that the selection operation is completed when a user input operation is detected via the input unit 101 or when all images are selected. When the selection operation is completed, the communication processing unit 102 transmits the image selection order (for example, information in which the image ID and the selection order are associated) to the authentication server 200 as response data.

[2-5. Authentication server function]
Next, functions of the authentication server 200 will be described. FIG. 6 is a block diagram illustrating an example of functions of the authentication server according to the second embodiment.

The authentication server 200 includes a storage unit 201, a communication processing unit 202, a problem creation unit 203, a correctness determination unit 204, and an authentication processing unit 205.
The function of the storage unit 201 can be realized using the above-described RAM 906, the storage unit 920, or the like. The function of the communication processing unit 202 can be realized using the connection port 924, the communication unit 926, and the like described above. The functions of the problem creation unit 203, the correctness determination unit 204, and the authentication processing unit 205 can be realized by using the CPU 902 described above.

  The storage unit 201 includes a character database 201a and an image database 201b. The character database 201a is a database in which character string information used for a problem to be transmitted to the terminal device 100 as challenge data is registered. The image database 201b is a database in which information about image data used for the problem is registered in association with the character string of the character database 201a.

FIG. 7 is a diagram showing an example of a character database according to the second embodiment.
As shown in FIG. 7, in the character database 201a, a set of a first partial string and a last partial string of a character string and a character string ID are registered in association with each other as character string information. In other words, the character string ID is identification information for identifying an arbitrary character string having a corresponding head substring and tail substring. For example, the character string ID “0002” corresponding to the first substring “A” and the last substring “I” is an arbitrary character string “Asai”, “Akogaigai”, etc. Corresponds to a character string.

FIG. 8 is a diagram illustrating an example of an image database according to the second embodiment.
As shown in FIG. 8, in the image database 201b, image data itself, an image ID for specifying the image data, and a character string ID are registered in association with each other as information about the image data. The character string ID registered in the image database 201b corresponds to the character string indicating the name of the object included in the image of the corresponding image data.

  For example, the image data (image ID = P01) of the image of “chair” is associated with the character string ID corresponding to the set of the first substring “I” and the last substring “su”. Therefore, when there are a plurality of pieces of image data corresponding to the same set of head subsequence and tail subsequence, such as “castera” (image ID = P02) and “camera” (image ID = P03), a plurality of pieces of image data Are associated with the same character string ID. The image ID “P04” is associated with the image data of the image “watermelon”.

Refer to FIG. 6 again. The communication processing unit 202 receives an authentication request from the terminal device 100, and requests the problem creation unit 203 to create a problem that becomes challenge data in response to the authentication request.
Upon receipt of the above request, the problem creating unit 203 refers to the character database 201a and extracts a combination of character string IDs for which “shiritori” is established for the corresponding pair of the first partial sequence and the final partial sequence. It is assumed that the number of character string IDs extracted by the problem creating unit 203 (for example, 3 or more) is set in advance. In addition, the problem creation unit 203 refers to the image database 201b and selects one image ID corresponding to each extracted character string ID.

  The problem creation unit 203 acquires image data corresponding to the image ID selected for each character string ID from the image database 201b, and inputs the acquired image data and image ID to the communication processing unit 202 as a problem. The communication processing unit 202 transmits the image data and the image ID input as a problem from the problem creation unit 203 to the terminal device 100 as challenge data. In addition, the problem creating unit 203 generates order information (hereinafter referred to as order information) in which the image IDs are arranged so that “shiritori” is established, and inputs the order information to the correctness determination unit 204.

  The communication processing unit 202 receives response data including an answer to the above problem from the terminal device 100. Then, the communication processing unit 202 inputs the answer included in the received response data to the correctness determination unit 204. The answer is information (hereinafter referred to as selection information) indicating the order in which the user selects images. The selection information is information in which the image ID is associated with the selection order.

  The correctness determination unit 204 determines whether or not the order indicated by the selection information input from the communication processing unit 202 matches the arrangement order indicated by the order information input from the problem creation unit 203. If the two match, the correctness determination unit 204 determines that the answer is correct, and inputs a determination result indicating successful authentication to the authentication processing unit 205. On the other hand, if the two do not match, the correctness determination unit 204 determines that the answer is an incorrect answer, and inputs a determination result indicating an authentication failure to the question creation unit 203.

  The authentication processing unit 205 executes a process set in advance to be executed after successful authentication. For example, when the authentication result is input from the correctness determination unit 204, the authentication processing unit 205 executes processing such as issuing an account to the terminal device 100, and grants access permission to the access source user. give.

  On the other hand, the problem creation unit 203, to which the determination result indicating the authentication failure is input, creates a new problem and transmits challenge data to the terminal device 100 again via the communication processing unit 202. Further, the problem creation unit 203 counts the number of times challenge data is transmitted to the same access source. If the count is greater than a preset number (for example, 5 times), the problem creation unit 203 does not create a new problem and does not create the same problem. An authentication request by the access source may be rejected. By blocking authentication by an access source that repeatedly fails authentication, unauthorized authentication by a bot or the like can be effectively avoided.

[2-6. Example of authentication operation]
Next, an example of an authentication operation performed by the user using the terminal device 100 will be described. The interface of the authentication operation illustrated here is an example, and the technique of the second embodiment can be applied to any one that can specify the selection order for each image displayed on the display unit 103 so as to be selectable. The following description is made based on the contents (P01, P03, P04) of the character database 201a illustrated in FIG. 7 and the image database 201b illustrated in FIG.

(Method to select images in order)
An operation method in which the user sequentially selects a plurality of images displayed on the display unit 103 is illustrated. FIG. 9 is a diagram illustrating an example of an authentication operation (selecting images in order) according to the second embodiment.

  At the time of authentication, a plurality of images are displayed on the display unit 103 together with rules for solving the problem (that is, selecting in the order of “Shiritori”) (see FIG. 9A). An image to be selected first (may be selected from the beginning) may be designated. In this example, the first image to be selected is designated by an order display indicating the order.

  The user selects the image corresponding to the character string “shiritori” as the second image between the character strings corresponding to the first image (see FIG. 9B). When the second image is selected, the display unit 103 displays an order display indicating that the second image is selected. Similarly, the user selects the third image (see FIG. 9C).

  When the last image (the third image in this example) is selected, the display unit 103 displays a transmission button for confirming the selection result and transmitting the selection result to the authentication server 200 as response data. The When the transmission button is pressed, response data is transmitted from the terminal device 100 to the authentication server 200.

  According to the method illustrated in FIG. 9, an input operation is facilitated because an image can be input simply by sequentially selecting images. In the case of the normal method CAPTCHA, there is an inconvenience such as displaying a software keyboard when using a touch panel or the like. However, according to the above method, the operation procedure is small and intuitive. Since operation becomes possible, the ease of input operation increases.

(Method to move the image to the answer column)
Next, an operation method in which the user moves a plurality of images displayed on the display unit 103 to the answer column will be exemplified. FIG. 10 is a diagram illustrating an example of an authentication operation (moving an image to an answer column) according to the second embodiment. The example of FIG. 10 shows a method in which a plurality of answer fields corresponding to the selection order are provided, and the user answers by dragging an image to each answer field.

  As in the case of FIG. 9, the display unit 103 displays a plurality of images to be selected along with the rules (see FIG. 10A). In this example, the first image to be selected is designated in advance, and is input to the answer column corresponding to the first order from the beginning. Therefore, the user drags the image corresponding to the character string “shiritori” to the answer column corresponding to the second order with the character string corresponding to the first image (see FIG. 10B). ). Similarly, the user drags the third image to the answer column (see FIG. 10C).

  When all the images (three images in this example) are dragged to the answer column, the display unit 103 has a transmission button for confirming the selection result and transmitting the selection result to the authentication server 200 as response data. Is displayed. When the transmission button is pressed, response data is transmitted from the terminal device 100 to the authentication server 200.

  In the case of the method illustrated in FIG. 10 as well, as in the example of FIG. 9, input can be performed simply by dragging an image. In the case of the normal method CAPTCHA, there is an inconvenience such as displaying a software keyboard when using a touch panel or the like. However, according to the above method, the operation procedure is small and intuitive. Since operation becomes possible, the ease of input operation increases.

[2-7. Problem creation process]
Next, the problem creation processing by the problem creation unit 203 will be further described. The problem creation process is a process of extracting and listing combinations of character string IDs so as to be “shiritori” (creating a character string ID list), and image data used as a problem for each extracted character string ID Including the process of selecting.

(Create a string ID list)
First, creation of a character string ID list (a list of character string IDs used for a problem) will be described. FIG. 11 is a diagram showing an example of a problem creation process (creation of a character string ID list) according to the second embodiment.

  As shown in FIG. 11A, the problem creating unit 203 randomly selects a character string ID to be used first for “Shiritori” from the character database 201a. Then, the problem creating unit 203 prohibits selection of a character string ID having the same character string as the first substring corresponding to the selected character string ID as the end substring (selection prohibition setting).

  By performing the above-described selection prohibition setting, it is possible to avoid that the arrangement order of images to be “shiritori” cannot be uniquely determined. For example, three character strings “tomato”, “dragonfly”, and “boat” are (1) “dragonfly” → “boat” → “tomato” and (2) “boat” → “tomato” → “dragonfly”. There are two types of “Shiritori”. Therefore, when the image to be selected first is not designated in advance, there are two correct answers. If two correct answers are allowed, the probability of correct answer is doubled, and the method of performing the above selection prohibition setting has higher attack resistance.

  As shown in FIG. 11B, the problem creating unit 203 that has selected the first character string ID sets a character string ID having the same character string as the end substring corresponding to the first character string ID as the end substring. Select at random. At this time, the problem creating unit 203 does not select the character string ID set to the selection prohibition. Then, the problem creating unit 203 prohibits selection of a character string ID having the same character string as the first substring corresponding to the selected character string ID as the end substring.

  As shown in FIG. 11C, the problem creating unit 203 that has selected the second character string ID sets a character string ID having the same character string as the end substring corresponding to the second character string ID as the end substring. Select at random. At this time, the problem creating unit 203 does not select the character string ID set to the selection prohibition. Then, the problem creating unit 203 registers each selected character string ID in the character string ID list, and associates each character string ID with the selected order.

  The example of FIG. 11 shows a case where three character string IDs are selected, but the same applies when four or more character string IDs are selected. The timing for registering the character string ID in the character string ID list may be the timing at which each character string ID is selected.

(Select image data)
Next, selection of image data will be described. FIG. 12 is a diagram illustrating an example of a problem creation process (selection of image data) according to the second embodiment.

  The problem creation unit 203 that created the character string ID list searches the image database 201b for an image ID corresponding to each character string ID, as shown in FIG. When the detected image ID is one, the problem creating unit 203 uses the image data corresponding to the detected image ID for the problem. On the other hand, when a plurality of image IDs are detected, the problem creating unit 203 randomly selects one image ID. At this time, the problem creating unit 203 may select the image IDs so that the number of selections of a plurality of image IDs corresponding to the same character string ID is averaged.

  In the example of FIG. 12, the image data (image ID = P02) of the image “castera” and the “camera” are added to the character string ID “0264” corresponding to the set of the head substring “ka” and the tail substring “ra”. Is associated with image data (image ID = P03). In this case, the problem creating unit 203 selects any one of the image data (for example, image data with the image ID P03) as the image data corresponding to the character string ID “0264”. Further, the problem creation unit 203 refers to the character string ID list, and generates order information by associating the selected image ID with the order corresponding to the character string ID used to select the image ID.

The set of image data selected by the problem creation unit 203 by the above method is used as a problem, and is included in the challenge data and transmitted to the terminal device 100.
[2-8. Process flow]
Next, the flow of processing executed by the terminal device 100 and the authentication server 200 will be described. The following description is based on the authentication operation interface illustrated in FIG.

(Operation of terminal equipment)
First, the flow of processing related to the operation of the terminal device 100 will be described.
FIG. 13 is a flowchart showing an example of the operation of the terminal device according to the second embodiment.

(S201) The user performs an authentication start operation using the input unit 101. In response to this operation, the communication processing unit 102 transmits an authentication request for performing authentication to the authentication server 200.
(S202) The communication processing unit 102 receives the challenge data transmitted from the authentication server 200 in response to the authentication request. The challenge data includes a plurality of image data used as a problem to be presented to the user and an image ID corresponding to each image data.

  (S203) The display unit 103 displays, as a problem, a plurality of images that can be selected using a plurality of image data included in the challenge data. At this time, the display unit 103 displays a message that prompts the user to arrange the images in the order of “shiritori” (display of rules). The display unit 103 also displays an answer column that is a drag destination of the image. The input unit 101 monitors the movement of the image to the answer column.

  (S204) The input unit 101 monitors the movement trajectory of the operating body (finger, stylus, etc.) when dragging each image. That is, the input unit 101 detects the movement locus of the operation body (or image) from when the image to be dragged is selected by the operation body until the image reaches the answer column, and holds information on the detected movement locus. . Then, the input unit 101 calculates the amount of deviation between the detected movement locus and a preset reference line by a method as shown in FIG.

FIG. 14 is a diagram for explaining the shift amount of the movement locus according to the second embodiment.
The reference line is, for example, a straight line connecting the image to be dragged and the answer column. The deviation amount is, for example, the area of a region surrounded by the reference line and the movement locus. In the example of FIG. 14, there are a plurality of areas A1, A2,..., A6 between the reference line and the movement locus. In this case, the input unit 101 calculates the areas of the regions A1, A2,..., A6 and holds the calculated areas as deviation amounts. At this time, the input unit 101 holds the length of the reference line in association with the shift amount.

  (S205) The input unit 101 determines whether all the answers have been obtained (whether the answer column is filled). If all the answers have been obtained, the process proceeds to S206. On the other hand, if all the answers have not been obtained, the process proceeds to S204.

  (S206) The input unit 101 calculates a deviation amount (average deviation amount) per unit movement distance from the deviation amount calculated for each image dragged to the answer column. That is, the input unit 101 calculates the average deviation amount by dividing the total value of the calculated deviation amounts by the total length of the reference line.

  The amount of deviation depends on the distance between the image display position and the answer column. For this reason, even when the same image combination is used, the shift amount changes every time when the display position of the image is determined at random. However, the change can be suppressed by averaging with the length of the reference line as described above. However, when the change in the shift amount related to the display position of the image can be allowed as an error, the input unit 101 may calculate the shift amount for each image and set the shift amount as the average shift amount.

(S207) The communication processing unit 102 transmits to the authentication server 200 the answer including the image ID of the image dragged to each answer field and the arrangement order of the images as an answer.
(S208) The communication processing unit 102 transmits the average deviation amount calculated in S206 to the authentication server 200 as operation data. Note that the communication processing unit 102 may include the operation data in the response data and transmit it to the authentication server 200. When the process of S208 is completed, the series of processes shown in FIG.

(Operation of authentication server)
Next, the flow of processing related to the operation of the authentication server 200 will be described.
FIG. 15 is a flowchart showing an example of the operation (whole) of the authentication server according to the second embodiment.

(S211) The communication processing unit 202 receives an authentication request from the terminal device 100.
(S212) The question creating unit 203 creates a question to be answered by the user.
The problem creating unit 203 refers to the character database 201a and selects a combination of character string IDs so that the corresponding start partial sequence and end partial sequence are “shiritori”. Further, the problem creating unit 203 refers to the image database 201b and selects image data and an image ID corresponding to each selected character string ID. Then, the problem creating unit 203 uses the order information in which the image IDs and the order are associated with each other in the order of the character string IDs arranged so as to form the “shiritori”, and the selected plurality of image data as problems. Use.

  (S213) The communication processing unit 202 transmits challenge data including the problem created by the question creation unit 203 to the terminal device 100 (question). The challenge data includes a plurality of image data and an image ID corresponding to each image data.

(S214) The communication processing unit 202 receives response data from the terminal device 100 (answer). The response data includes selection information in which the image ID is associated with the selection order.
(S215) The communication processing unit 202 receives, from the terminal device 100, operation data related to the amount of deviation between the movement locus and the reference line.

  (S216) The correctness determination unit 204 determines whether the arrangement order indicated by the order information matches the selection order indicated by the selection information. When both match, the correctness determination unit 204 determines that the answer is correct. On the other hand, when both do not match, the correctness determination unit 204 determines that the answer is not correct. If the answer is correct, the process proceeds to S217. On the other hand, if the answer is incorrect, the process proceeds to S212.

  (S217) The correctness determination unit 204 determines whether the average deviation amount indicated by the operation data is greater than the threshold value ThTr. The threshold value ThTr is a preset value. For example, the threshold value ThTr is set to a lower limit value of an average deviation amount obtained by causing a plurality of persons to perform a drag operation (a margin for an allowable error may be taken into account). If the average deviation amount is larger than the threshold value ThTr, the process proceeds to S218. On the other hand, when the average deviation amount is not larger than the threshold value ThTr, the process proceeds to S212.

  The above determination is processing for determining whether the operation is a human operation or a bot operation. In the case of the bot, it is expected that the drag operation becomes regular (for example, linear) when the image is moved from the image display position to the answer column position. On the other hand, in the case of a human being, even when trying to operate regularly, disorder occurs in regularity (for example, coincidence with a straight line). That is, in the case of bots, the average deviation amount is small, and in the case of humans, the average deviation amount is large. Therefore, if the above determination is made, the difference between a bot and a human can be determined.

  (S218) The authentication processing unit 205 executes processing when authentication is successful. For example, the authentication processing unit 205 notifies the terminal device 100 of successful authentication, issues an account, and permits access. When the process of S218 is completed, the series of processes shown in FIG.

Here, the process of S212 will be further described.
FIG. 16 is a flowchart showing an example of the operation (problem creation) of the authentication server according to the second embodiment.

(S221) The problem creating unit 203 randomly selects one character string ID from the character database 201a (selection of the first character string).
(S222) The problem creating unit 203 prohibits selection of all character string IDs having the end substring of the same character string as the first substring of the character string ID selected immediately before.

  (S223) The problem creation unit 203 randomly selects one character string ID having the same first character string as the last character string ID of the character string ID selected immediately before. At this time, if there is a character string ID that is prohibited from being selected in the character database 201a, the problem creating unit 203 randomly selects one character string ID from the character strings ID that is not prohibited.

  (S224) The question creating unit 203 determines whether or not a predetermined number of character string IDs have been selected. The predetermined number is, for example, an integer of 3 or more. If the predetermined number of character string IDs have been selected, the process proceeds to S225. On the other hand, if the predetermined number of character string IDs have not been selected, the process proceeds to S222.

  (S225) The problem creation unit 203 creates a character string ID list by listing the selected character string IDs. The character string ID list is list information in which each character string ID selected by the problem creation unit 203 and the order in which each character string ID is selected are registered in association with each other.

  (S226) The problem creation unit 203 refers to the image database 201b and extracts one image ID corresponding to each character string ID registered in the character string ID list. When a plurality of image IDs exist for one character string ID, the problem creation unit 203 randomly extracts one image ID. Further, the problem creation unit 203 extracts image data corresponding to the extracted image ID from the image database 201b.

  (S227) The problem creating unit 203 sets the plurality of image IDs extracted in S226 and the image data corresponding to each image ID as problems, and includes them in the response data. When the process of S226 is completed, the series of processes shown in FIG.

[2-9. Modification # 1: Two-character shiritori]
Here, a modified example (modified example # 1) of the second embodiment will be described.
So far, the description has been made by taking “Shiritori” where the number of characters in the first substring and the last substring is 1 as an example, but “shiritori” where the number of characters is 2 or more can also be realized. That is, for m = 1, 2, 3,..., M−1 (M is a predetermined number), the last substring of the Nth character (N ≧ 2) of the mth character string and the N characters of the m + 1st character string The M character strings having the same initial partial sequence of “N” are “shiritori” of N characters. For example, three character strings “Yokohama”, “Hamamatsu”, and “Matsumoto” form two characters “Shiritori” via the character strings “Hama” and “Matsu”.

  Modification # 1 relates to a modification for applying the technique according to the second embodiment described above to the “shiritori” of N characters. The main deformation part is in a set of a head substring and a tail substring registered in the character database 201a. FIG. 17 is a diagram illustrating an example of a character database according to a modification of the second embodiment (modification # 1: two-character ritual). When N is 2, the character database 201a is transformed as shown in FIG. That is, a pair of a head substring and a tail substring combining two characters is registered in the character database 201a in association with the character string ID. The same applies to the case where the number of characters is changed to “shiritori” with 3 or more characters.

[2-10. Modification # 2: No first image specified]
Next, another modified example (modified example # 2) of the second embodiment will be described.
In the above description, a method for designating an image corresponding to the first character string of “Shiritori” and a method for not designating the image have been described. Modification # 2 employs a method in which an image corresponding to the first character string is not designated, and the access source is a human by using the time until the image is selected (hereinafter referred to as answer time). Or a modification for adding a mechanism for discriminating whether a bot. Furthermore, the modification # 2 includes a modification for adding a mechanism for dealing with an advanced attack by a high-performance bot for determining the average deviation amount. Modification # 2 can further increase attack resistance.

(Operation of terminal equipment)
The flow of processing relating to the operation of the terminal device 100 in Modification Example # 2 will be described.
FIG. 18 is a flowchart showing an example of the operation of the terminal device according to a modification of the second embodiment (modification # 2: no first image is specified).

(S301) The user performs an authentication start operation using the input unit 101. In response to this operation, the communication processing unit 102 transmits an authentication request for performing authentication to the authentication server 200.
(S302) The communication processing unit 102 receives the challenge data transmitted from the authentication server 200 in response to the authentication request. The challenge data includes a plurality of image data used as a problem to be presented to the user and an image ID corresponding to each image data.

  (S303) The display unit 103 displays, as a problem, a plurality of images that can be selected using a plurality of image data included in the challenge data. At this time, the display unit 103 displays a message that prompts the user to arrange the images in the order of “shiritori” (display of rules). The display unit 103 also displays an answer column that is a drag destination of the image. The input unit 101 monitors the movement of the image to the answer column. Further, the input unit 101 starts measuring the answer time at the timing when the display unit 103 displays the question.

  (S304) The input unit 101 determines whether the first answer has been obtained. That is, the input unit 101 monitors whether or not the image corresponding to the first character string “Shiritori” has been dragged to the answer field, and determines that the first answer has been obtained when the image is dragged to the answer field. To do. If the first answer is obtained, the process proceeds to S305. On the other hand, when the first answer is not obtained, the process of S304 is repeated and monitoring by the input unit 101 is continued.

(S305) The input unit 101 finishes counting the answer time at the timing when the first answer is obtained, and calculates the time (answer time) from the start to the end of timing.
(S306) The input unit 101 monitors the movement trajectory of the operating body (finger, stylus, etc.) when dragging each image. That is, the input unit 101 detects the movement locus of the operation body (or image) from when the image to be dragged is selected by the operation body until the image reaches the answer column, and holds information on the detected movement locus. . Then, the input unit 101 calculates a deviation amount between the detected movement locus and a preset reference line by a method as shown in FIG.

  In the example of FIG. 18, monitoring of the movement trajectory is started after the first answer, but the input unit 101 may also monitor the movement trajectory at the time of the first answer and calculate a deviation amount for the movement trajectory. In this case, the monitoring of the movement track is started after displaying the problem in S303.

  (S307) The input unit 101 determines whether all the answers have been obtained (whether the answer column is filled). If all the answers have been obtained, the process proceeds to S308. On the other hand, if all the answers have not been obtained, the process proceeds to S306.

  (S308) The input unit 101 calculates a deviation amount (average deviation amount) per unit movement distance from the deviation amount calculated for each image dragged to the answer column. However, when the change in the shift amount related to the display position of the image can be allowed as an error, the input unit 101 may calculate the shift amount for each image and set the shift amount as the average shift amount.

(S309) The communication processing unit 102 transmits to the authentication server 200 the answer including the image ID of the image dragged to each answer column and the arrangement order of the images as an answer.
(S310) The communication processing unit 102 transmits the answer time calculated in S305 and the average deviation calculated in S308 to the authentication server 200 as operation data. Note that the communication processing unit 102 may include the operation data in the response data and transmit it to the authentication server 200. When the process of S310 is completed, the series of processes illustrated in FIG.

(Operation of authentication server)
Next, the flow of processing related to the operation of the authentication server 200 in Modification Example # 2 will be described.

FIG. 19 is a flowchart showing an example of the operation (whole) of the authentication server according to a modification of the second embodiment (modification # 2: no first image is specified).
(S311) The communication processing unit 202 receives an authentication request from the terminal device 100.

(S312) The question creation unit 203 creates a question to be answered by the user.
The problem creating unit 203 refers to the character database 201a and selects a combination of character string IDs so that the corresponding start partial sequence and end partial sequence are “shiritori”. Further, the problem creating unit 203 refers to the image database 201b and selects image data and an image ID corresponding to each selected character string ID. Then, the problem creating unit 203 uses the order information in which the image IDs and the order are associated with each other in the order of the character string IDs arranged so as to form the “shiritori”, and the selected plurality of image data as problems. Use.

  (S313) The communication processing unit 202 transmits challenge data including the problem created by the question creation unit 203 to the terminal device 100 (question). The challenge data includes a plurality of image data and an image ID corresponding to each image data.

(S314) The communication processing unit 202 receives response data from the terminal device 100 (answer). The response data includes selection information in which the image ID is associated with the selection order.
(S315) The communication processing unit 202 receives operation data including information on the answer time and the average deviation amount from the terminal device 100.

  (S316) The correctness determination unit 204 determines whether or not the arrangement order indicated by the order information matches the selection order indicated by the selection information. When both match, the correctness determination unit 204 determines that the answer is correct. On the other hand, when both do not match, the correctness determination unit 204 determines that the answer is not correct. If the answer is correct, the process proceeds to S317. On the other hand, if the answer is incorrect, the process proceeds to S312.

  (S317) The correctness determination unit 204 determines whether or not the average deviation amount indicated by the operation data is larger than the threshold value ThTr. The threshold value ThTr is a preset value. For example, the threshold value ThTr is set to a lower limit value of an average deviation amount obtained by causing a plurality of persons to perform a drag operation (a margin for an allowable error may be taken into account). If the average deviation amount is larger than the threshold value ThTr, the process proceeds to S318. On the other hand, when the average deviation amount is not larger than the threshold value ThTr, the process proceeds to S312.

  (S318) The correctness determination unit 204 determines whether or not the average deviation amount indicated by the operation data is smaller than the threshold value ThOv. The threshold value ThOv is a preset value. For example, the threshold value ThOv is set to an upper limit value of an average deviation amount obtained by causing a plurality of persons to perform a drag operation (allowable margins may be taken into account). If the average deviation amount is smaller than the threshold value ThOv, the process proceeds to S319. On the other hand, when the average deviation amount is not smaller than the threshold value ThOv, the process proceeds to S312.

  High performance bots may be designed to simulate human movement. In other words, taking into account the fact that humans cannot move images with regular movement along the reference line, it is predicted that the bot may be designed so that the movement trajectory is curved and shifted from the reference line it can. On the other hand, the shift between the movement trajectory and the reference line caused by the operation performed by the human is not so large because it is not caused by the human. For this reason, it is often possible to determine that a movement with a large average deviation amount is caused by a bot. Therefore, by providing the determination of S318, the possibility that an attack by a bot can be eliminated increases.

  (S319) The correctness determination unit 204 determines whether or not the answer time indicated by the operation data is greater than the threshold value ThFA. The threshold value ThFA is a preset value. For example, the threshold ThFA is a lower limit value of the time required to answer a plurality of questions to a plurality of people and answer the image corresponding to the first character string of “Shiritori” (including a margin for an allowable error). May be set). If the answer time is greater than the threshold value ThFA, the process proceeds to S320. On the other hand, if the answer time is not greater than the threshold value ThFA, the process proceeds to S312.

  The above determination is also processing for determining whether the operation is a human operation or a bot operation. In the case of human beings, it takes time to think about which one will be the first image, but in the case of bots, it is expected to select an image immediately without considering which one will be the first image. Therefore, when the time until the answer to the first image is obtained is short, it can be determined that the operation is a bot operation. Therefore, if the above determination is made, the difference between a bot and a human can be determined.

  (S320) The authentication processing unit 205 executes processing upon successful authentication. For example, the authentication processing unit 205 notifies the terminal device 100 of successful authentication, issues an account, and permits access. When the process of S320 is completed, the series of processes shown in FIG. 19 ends.

(Other)
In the above example, a mechanism for discriminating between operations by bots and human operations by paying attention to the magnitude of the average deviation amount has been introduced. It can be considered as a modification.

  For example, focusing on the fact that the movement of the bot is regular, there is a mechanism for determining that the operation is performed by the bot when the variation in the average deviation amount for each image (for example, the difference average or the variance value) is smaller than the allowable value. Conceivable. For example, the allowable value is set to a lower limit value of variation in average deviation amount measured by an operation performed by a human on a plurality of problems (a margin for an allowable error may be taken into account). If this mechanism is executed instead of the process of S318 or in combination with the process of S318, the attack resistance is further increased.

  In the above example, we introduced a mechanism to discriminate between bot operations and human operations by paying attention to the length of the answer time for the first image. A method for realizing the above-described determination by paying attention to the length of the thinking time is also conceivable. For example, a method of determining an operation by a bot by calculating an answer time per question from a time required to obtain all the answers and determining a threshold value of the calculated answer time can be considered. The threshold used in this method may be set to the lower limit value of the answer time obtained experimentally.

[2-11. Display of unused images]
Next, still another modified example (modified example # 3) of the second embodiment will be described.
Up to now, the explanation has been made assuming that all images displayed on the display unit 103 are used as the answer to the problem. However, the display unit 103 is modified so that an image not used as the answer to the problem is displayed. You can also For example, when three images corresponding to three character strings “chair”, “watermelon”, and “camera” are answers to a problem, it is possible to transform the display unit 103 to display an image of “car” that does not become the answer. Yes (see FIG. 20).

FIG. 20 is a diagram illustrating an example of a problem display according to a modification of the second embodiment (modification # 3: display of an image that is not used).
When the number of images to be selected is L and the number of answer columns is K, the probability Pr of answering by chance is given by the following equation (1).

  For example, when the number K of answer columns is 5 and all images are used for answers (that is, when K = 5 and L = 5), the probability Pr is 1/120. Further, when three images that are not used in the answer are added (that is, K = 5, L = 8), the probability Pr is 1/6720.

  Since it is easy for a human to distinguish an image that is not used for an answer, the degree of difficulty for a human is not as high as the difference in the probability Pr. On the other hand, in the case of a bot that obtains correct answers using a brute force method that tries all image combinations, the correct answer rate is proportional to the probability Pr. Therefore, the addition of an image that is not used for the answer can greatly increase the difficulty level for the bot. Therefore, by adding the contrivance of modification # 3, it is possible to increase the resistance to attacks by bots without greatly impairing the ease of answering for humans.

The second embodiment has been described above.
In the above explanation, “Shiritori” based on Japanese Hiragana (Katakana) is assumed. It is also possible to do. By changing the beginning substring and the end substring of the character database 201a and modifying the association of the image database 201b, it is possible to further cope with language changes. The same applies to “Shiritori” of three or more characters. Such a modification naturally belongs to the technical scope of the second embodiment.

<3. Addendum>
The following additional notes are disclosed with respect to the embodiment described above.
(Supplementary note 1)
When authenticating the access source, a plurality of images read from the storage means for storing the images and character strings in association with each other are displayed on the display means so as to be selectable.
Accept selections for the plurality of displayed images;
The selection order of the plurality of images includes a character corresponding to a predetermined number of characters from the end of a character string associated with the selected image, and a character associated with the image selected next to the selected image. An authentication program for executing a process of determining that authentication is successful when the number of characters corresponding to the predetermined number of characters from the top of the column is in the order of selection.

(Supplementary Note 2) The selection includes an operation of moving the image from a display position to a predetermined position,
In the computer,
The authentication program according to appendix 1, wherein a process for determining an authentication failure is executed when the movement operation has regularity.

(Supplementary note 3)
The authentication program according to appendix 1 or 2, characterized in that when the time until the first selection of the image displayed on the display means is shorter than a predetermined time, processing for determining authentication failure is executed.

(Supplementary Note 4)
The authentication program according to any one of appendices 1 to 3, wherein a process of displaying a larger number of images than the selectable number of images on the display unit is executed.

(Additional remark 5) The said predetermined number of characters is 1. The authentication program in any one of Additional remark 1-4 characterized by the above-mentioned.
(Appendix 6) In the computer,
The authentication program according to any one of appendices 1 to 5, wherein a process for displaying information for specifying an image to be selected first is executed.

(Supplementary note 7)
The authentication according to claim 2, wherein a process of determining that there is regularity is executed when the movement trajectory detected at the time of selection is a straight line connecting the display position and the predetermined position. program.

(Supplementary note 8)
The authentication according to appendix 7, wherein a process of determining an authentication failure is executed when a deviation amount representing a difference between the movement locus detected at the time of selection and the straight line is larger than a predetermined amount. program.

(Additional remark 9) The said deviation | shift amount is the total area of the area | region enclosed by the said movement locus | trajectory and the said straight line. The authentication program of Additional remark 8 characterized by the above-mentioned.
(Appendix 10) The computer
When authenticating the access source, a plurality of images read from the storage means for storing the images and character strings in association with each other are displayed on the display means so as to be selectable.
Accept selections for the plurality of displayed images;
The selection order of the plurality of images includes a character corresponding to a predetermined number of characters from the end of a character string associated with the selected image, and a character associated with the image selected next to the selected image. An authentication method, comprising: executing a process of determining that authentication is successful when the number of characters corresponding to the predetermined number of characters from the top of the sequence matches a selection order.

(Supplementary Note 11) When performing authentication of an access source, a display control unit that displays a plurality of images read from a storage unit that stores an image and a character string in association with each other on a display unit;
A receiving unit that receives selections for the displayed plurality of images;
The selection order of the plurality of images includes a character corresponding to a predetermined number of characters from the end of a character string associated with the selected image, and a character associated with the image selected next to the selected image. An authentication apparatus comprising: a determination unit that determines that authentication is successful when the predetermined number of characters from the top of the sequence match the selected order.

  (Supplementary note 12) A computer-readable recording medium in which the authentication program according to any one of supplementary notes 1 to 9 is stored.

DESCRIPTION OF SYMBOLS 10 Terminal device 11 Display means 20 Authentication apparatus 21 Display control part 22 Acceptance part 23 Determination part 30 Storage means NW Network H Operation object PCT Image STR Character string

Claims (7)

On the computer,
When authenticating the access source, a plurality of images read from the storage means for storing the images and character strings in association with each other are displayed on the display means so as to be selectable.
Accept selections for the plurality of displayed images;
The selection order of the plurality of images includes a character corresponding to a predetermined number of characters from the end of a character string associated with the selected image, and a character associated with the image selected next to the selected image. An authentication program for executing a process of determining that authentication is successful when the number of characters corresponding to the predetermined number of characters from the top of the column is in the order of selection. The selection includes an operation of moving the image from a display position to a predetermined position;
In the computer,
The authentication program according to claim 1, wherein when the movement operation has regularity, a process of determining that the authentication has failed is executed. In the computer,
The authentication program according to claim 1 or 2, wherein when the time until the first selection of the image displayed on the display means is shorter than a predetermined time, a process for determining that the authentication has failed is executed. In the computer,
The authentication program according to any one of claims 1 to 3, wherein a process of displaying a larger number of images than the selectable number of images on the display means is executed. The authentication program according to any one of claims 1 to 4, wherein the predetermined number of characters is one. Computer
When authenticating the access source, a plurality of images read from the storage means for storing the images and character strings in association with each other are displayed on the display means so as to be selectable.
Accept selections for the plurality of displayed images;
The selection order of the plurality of images includes a character corresponding to a predetermined number of characters from the end of a character string associated with the selected image, and a character associated with the image selected next to the selected image. An authentication method, comprising: executing a process of determining that authentication is successful when the number of characters corresponding to the predetermined number of characters from the top of the sequence matches a selection order. A display control unit that displays a plurality of images read from a storage unit that stores an image and a character string in association with each other when the access source is authenticated;
A receiving unit that receives selections for the displayed plurality of images;
The selection order of the plurality of images includes a character corresponding to a predetermined number of characters from the end of a character string associated with the selected image, and a character associated with the image selected next to the selected image. An authentication apparatus comprising: a determination unit that determines that authentication is successful when the predetermined number of characters from the top of the sequence match the selected order.

Images