JP6589518B2 - Password management program, password management apparatus, and password management method - Google Patents

Description

  The present invention relates to a password management program, a password management device, and a password management method.

  In recent years, password authentication processing is used in various systems such as bank ATMs (Automatic Teller Machines), web sites, and applications. The user manages the password by, for example, storing the password or leaving a memo.

  In such a case, if the number of passwords to be used is small, the burden on the user is small. However, if the number of passwords to be handled is large, the user may not manage the password and may make a mistake or forget it.

  In order to reduce the burden of managing passwords, for example, a password that is easy to remember, such as a date of birth or a telephone number, may be used, or the same password may be reused for a plurality of authentication destinations. In this case, security is low. In addition, the system may require periodic password changes to increase security.

  In this regard, a technique for providing a method for managing authentication having security in a plurality of applications is known (for example, Patent Document 1). Also, a technology for providing an information management system that can refer to confidential information such as a password even when away from home and can be recovered even if the confidential information is lost is known. (For example, patent document 2). A technique for improving convenience in a system in which a client device is connected to an application server via a network and uses an application is known (for example, Patent Document 3). A technique for providing a single sign-on system that dynamically updates authentication information is known (for example, Patent Document 4).

JP 2007-35041 A JP 2009-116726 A JP 2005-182343 A JP 2012-33042 A

The security strength of the password can be kept high, for example, by complicating the password so that it is difficult to guess by others. On the other hand, in order to facilitate password management and prevent forgetting, it is desirable that the password be, for example, a simple character string that is easy to remember. Thus, passwords are required to have conflicting properties. Therefore, it is desired to provide a technique capable of reducing the user's password management burden while maintaining high security.
In one aspect, an object of the present invention is to provide a technique capable of reducing a user's password management burden.

  A password management program according to one aspect of the present invention causes a computer to execute an updating process, a generating process, and a password generating process. In the process of updating, when changing the password corresponding to the usage target, the computer updates the number of times the password corresponding to the usage target is changed from the first number to the second number. In the generation process, the computer generates the first value based on the input character string, the usage target information corresponding to the usage target, and the predetermined unique information. In the process of generating a password, the computer generates a first value in accordance with a predetermined generation rule from a second value obtained by performing a predetermined operation on the first value using the second number of times. Generate a password.

  The user's password management burden can be reduced.

It is a figure which illustrates the functional block structure of the password management apparatus which concerns on embodiment. It is a figure which illustrates the password management screen displayed on the display part of a password management apparatus. It is a figure which illustrates the change history screen displayed on the display screen of a display part. It is a figure which illustrates the usage history screen displayed on the display screen of a display part. It is a figure which illustrates the verification result screen displayed on the display screen of a display part. It is a figure which illustrates the operation | movement flow of the production | generation process of a password. It is a figure which illustrates the production | generation process of a password. It is a figure which illustrates change history information concerning an embodiment. It is a figure which illustrates the operation | movement flow of a change process of a password. It is a figure which illustrates the operation | movement flow of the display process of a change history. It is a figure which illustrates the use history information concerning an embodiment. It is a figure which illustrates the operation | movement flow of the production | generation process of a usage history. It is a figure which illustrates the operation | movement flow of the display process of a usage history. It is a figure which illustrates the operation | movement flow of the export process of a password management function. It is a figure which illustrates the operation | movement flow of the import process of a password management function. It is a figure which illustrates the operation | movement flow of a password verification process. It is a figure which illustrates the hardware constitutions of the computer for implement | achieving the password management apparatus which concerns on embodiment.

  As described above, it is desired to provide a technique capable of reducing the burden of managing a user's password. In the embodiment described below, the password generation device generates a password using, for example, a word, use target information corresponding to a password use target, unique information, and the number of password changes. Note that the word may be a character string that is easy to remember, such as a date of birth, a telephone number, a pet name, or a favorite word. The usage target information may include, for example, information for identifying a password usage target and information for identifying a user in the usage target. The information for identifying the usage target may be, for example, a bank name if the usage target is a bank, or a website name if the usage target is a website that performs login authentication. The information for identifying the user in the usage target may be, for example, an account number if the usage target is a bank, or a registered user ID (identifier) if the usage target is a website that performs login authentication. ) Etc. The unique information may be, for example, a unique ID such as a MAC address (Media Access Control address) or a character string designated by the user, and may be information that is difficult to obtain except for the user of the password generation device. The number of password changes may be, for example, the number of times the password corresponding to the usage target has been changed.

  As described above, in the embodiment, the password that corresponds to each usage target is used by using the usage target information corresponding to the usage target, the unique information that is difficult to be known by others, and the number of times the password is changed. Generate. Since a password is generated by combining other information with a word that is easy for a user to remember, a password with high security strength can be generated. In addition, since the user can generate a password if he / she remembers an easy-to-remember word, password management becomes easy. Furthermore, since the usage target information differs for each usage target, it is possible to easily generate a different password for each usage target. Since unique information uses information that is difficult for others to obtain, for example, even if a word is known to others, the unique information is not known, and it is difficult for others to generate a password. Further, by using the number of times the password is changed for generating the password, for example, even when the password is changed, a different password can be easily generated every time the password is changed.

  Hereinafter, some embodiments of the present invention will be described in detail with reference to the drawings. In addition, the same code | symbol is attached | subjected to the corresponding element in several drawing.

  FIG. 1 is a diagram illustrating a functional block configuration of a password management apparatus 100 according to the embodiment. The password management device 100 may be, for example, a personal computer (PC), a notebook PC, a smartphone, a mobile phone, a tablet terminal, or the like. The password management apparatus 100 includes, for example, a control unit 101, a storage unit 102, and a display unit 103. The control unit 101 includes functional units such as an update unit 111, a generation unit 112, and a password generation unit 113, for example. The storage unit 102 of the password management apparatus 100 stores, for example, unique information and information such as change history information 800 and usage history information 1100 described later. The display unit 103 may be a display device such as a display, for example, and may display a password management screen or the like according to an instruction from the control unit 101. Details of these functional units and details of information stored in the storage unit 102 will be described later.

  Hereinafter, the display screen displayed on the display unit 103 of the password management apparatus 100 will be exemplified with reference to FIGS. These display screens may be displayed on the display screen of the display unit 103, for example, when the control unit 101 of the password management apparatus 100 executes a password management program.

  FIG. 2 is a diagram illustrating a password management screen 200 that is displayed on the display screen by the display unit 103 of the password management apparatus 100 in accordance with an instruction from the control unit 101. The password management screen 200 includes, for example, password generation information 201 and password list information 202. The password generation information 201 includes a word 211, a generation rule 212, a period 213, a usage target 214, a user ID 215, and a password 216. Further, the password generation information 201 includes a generation button 217 and a save button 218.

  The word 211 may be a word used for password generation. For example, a plurality of words may be connected by a comma or a space separator. The generation rule 212 is a rule for generating a password, and includes, for example, the number of digits and the character type. The number of digits is, for example, the number of digits of the password. The character type is, for example, a character type that is allowed to be used in a password. Character types are, for example, numbers only, English uppercase letters and numbers, English lowercase letters and numbers, English uppercase letters and lowercase letters and numbers, English uppercase letters and numbers and symbols, English lowercase letters and numbers and symbols, It may be selected from uppercase and lowercase letters, numbers and symbols. The period 213 may be a password validity period. For example, when it is required to change the password periodically, it may be set to “Yes”. In that case, in the period 213, the number of days for which the password is valid may be designated. The usage target 214 may be information indicating a target for which a password is used, and may be, for example, a bank name, a card name, an application name, or the like representing a target for which a password is used. The user ID 215 may be information for identifying the user at the usage destination of the password indicated in the usage target 214, for example. The user ID 215 may be, for example, a bank account number, a card number of a card, and a user ID in an application. When the user presses the generation button 217 on the password management screen 200, for example, the control unit 101 generates a password using information such as the word 211, the generation rule 212, the usage target 214, and the user ID 215, and the password 216 To display. When the user presses the save button 218 on the password management screen 200, information about the generated password is stored in the storage unit 102, and an entry including information about the generated password is displayed in the password list information 202. May also be displayed.

  The password list information 202 includes information about passwords stored in the storage unit 102 when the user presses the save button 218 in the password generation information 201 on the password management screen 200, for example. The entries registered in the password list information 202 include, for example, a usage target, a user ID, a password, a generation rule, a usage history, and a change history. The usage target, user ID, and generation rule are registered in the usage target 214, user ID 215, and generation rule 212 when the password included in the entry is generated, and may be information used for generating the password. . The usage history is information indicating whether or not to record the usage history of the password included in the entry. In the example of FIG. 2, “Yes” is registered when the usage history is recorded. If there is no recording, “None” is registered. For example, when “Yes” is registered in the usage history, when the user presses “Yes” via a click or the like, the control unit 101 displays a usage history screen 400 of FIG. It's okay. The change history is information indicating whether or not to record the change history of the password included in the entry. In the example of FIG. 2, “Yes” is registered when the change history is recorded. If there is no recording, “None” is registered. When “Yes” is registered in the change history, when the user presses “Yes” via, for example, a click, the control unit 101 displays a change history screen 300 of FIG. You can do it. The password list information 202 includes, for example, a verification button 221, a delete button 222, a change button 223, and an end button 224.

  For example, when the user selects an entry from the password list information 202 via a check box and presses the verification button 221, the control unit 101 determines the security strength of the password of the selected entry. And the control part 101 may display the verification result screen 500 of FIG. 5 mentioned later on the display part 103, for example.

  For example, when the user selects an entry from the password list information 202 via a check box or the like and presses the delete button 222, the control unit 101 is selected from the password list information 202 via a check box or the like. Delete the entry. For example, when the user selects an entry from the password list information 202 via a check box or the like and presses the change button 223, the control unit 101 executes a process for changing a password, which will be described later. Thereby, the user can change the password. Details of the password change will be described later. For example, when the user presses the end button 224 of the password list information 202, the control unit 101 may close the password management screen 200 and end password management.

  FIG. 3 is a diagram illustrating a change history screen 300 displayed on the display screen of the display unit 103. For example, when the user presses “Yes” in the change history in the password list information 202, the control unit 101 may display the change history screen 300 for the password of the entry for which “Yes” is pressed. The change history screen 300 includes, for example, information on the usage target and user ID of the entry for which “Yes” in the change history is pressed, and further includes a display period 301 and a change history 302. The change history screen 300 includes, for example, a display button 303, an entry button 304, and an end button 305. The display period 301 is used, for example, for designating a period for displaying the change history for the password of the entry whose “present” is pressed. For example, when the user designates a period for the display period 301 and presses the display button 303, the control unit 101 displays the change history of the password in the designated period in the change history 302.

  The entry of the change history 302 is, for example, No. And date and time. No. May be, for example, a number assigned to an entry included in the change history. The date / time indicates the date / time when the password was generated or changed, and the memo may be, for example, a memo entered by the user. For example, the user may register the memo in the entry of the change history 302 by pressing the entry button 304 and entering the memo on the displayed screen. When the user presses the end button 305, the change history screen 300 displayed on the display screen of the display unit 103 may be closed.

  FIG. 4 is a diagram illustrating a usage history screen 400 displayed on the display screen of the display unit 103. For example, when the user presses “Use” in the use history in the password list information 202, the control unit 101 may display the use history screen 400 for the password of the entry for which “Yes” is pressed. The usage history screen 400 includes, for example, information on the usage target and user ID of the entry for which “Yes” in the usage history is pressed, and further includes a display period 401 and a usage history 402. The usage history screen 400 includes a display button 403, an entry button 404, and an end button 405, for example. The display period 401 is used, for example, for designating a period for displaying the use history for the password of the entry whose “present” is pressed. For example, when the user designates a period for the display period 401 and presses the display button 403, the control unit 101 displays the use history of the password for the designated period in the use history 402.

  The entry of the usage history 402 is, for example, No. (Number), date and time, and notes. No. May be, for example, a number assigned to an entry included in the usage history. The date / time indicates, for example, the date / time when the password is used, and the memo may be, for example, a memo entered by the user. The user may register the memo in the entry of the usage history 402 by, for example, entering a memo on the displayed screen by pressing the entry button 404. When the user presses the end button 405, the usage history screen 400 displayed on the display screen of the display unit 103 may be closed.

  FIG. 5 is a diagram illustrating a verification result screen 500 displayed on the display screen of the display unit 103. For example, when the user selects an entry via a check box in the password list information 202 and presses the verification button 221, the control unit 101 may display the verification result screen 500. The verification result screen 500 may include, for example, an entry indicating a password verification result of the entry selected in the password list information 202. The entry of the verification result screen 500 is, for example, No. , Result, usage object, password, judgment reason, etc. No. Is a number assigned to an entry included in the verification result screen 500, for example. The result may be information indicating the evaluation result of the security strength of the password included in the entry, for example. The usage target is, for example, information indicating the usage target of the password included in the entry. The determination reason may be information indicating the reason determined in the evaluation result indicated in the entry result. The verification result screen 500 includes a detail button 501 and an end button 502, for example. For example, the user can know detailed information regarding the security strength of the password included in the entry by viewing the information displayed on the display screen of the display unit 103 by pressing the detail button 501. When the user presses the end button 502, the verification result screen 500 displayed on the display screen of the display unit 103 may be closed.

  For example, using the display screen as described above, the password management apparatus 100 may accept input of information from the user and may present information to the user.

  Subsequently, generation of a password according to the embodiment will be described. FIG. 6 is a diagram illustrating an operation flow of password generation processing executed by the control unit 101 of the password management apparatus 100. 6 may be started when the control unit 101 of the password management apparatus 100 displays the password management screen 200 on the display screen of the display unit 103, for example.

  In step S <b> 601, the control unit 101 of the password management apparatus 100 accepts input of a word, usage target information, a generation rule, and a period. Below, the case where a utilization object and user ID are used as utilization object information is illustrated. However, the embodiment is not limited to this. For example, the embodiment may be implemented by using either the usage target or the user ID, or using different information as the usage target information. Further, for example, the user inputs information to the word 211, the usage target 214, the user ID 215, the generation rule 212, and the period 213 on the password management screen 200, and presses the generation button 217, so that the information is stored in the password management apparatus 100 may be entered. When the user presses the generation button 217, the control unit 101 may advance the process to S602. In step S <b> 602, the control unit 101 determines whether there is uninputted information among words, usage target information, generation rules, and periods. If there is uninput information (Yes in S602), the flow returns to S601 to notify the user of information instructing input. On the other hand, if there is no uninput information (No in S602), the flow proceeds to S603. In step S <b> 603, the control unit 101 concatenates the word, usage target information (for example, usage target and user ID), and unique information into one data value. The unique information is a value set for the password management device 100, for example. The unique information may be, for example, a unique ID such as a MAC address, or predetermined information determined by the user. For example, the unique information may be stored in the storage unit 102, and the control unit 101 may read and use the unique information from the storage unit 102.

  In step S604, the control unit 101 inputs the concatenated data value to the hash function to obtain a hash value. Note that the size of the hash value may vary depending on the hash function. For example, if the hash function is MD5 (Message Digest Algorithm 5), it may be 16 bytes. If the hash function is SHA256 (Secure Hash Algorithm 256-bit), it may be 32 bytes. If the hash function is RIPEMD 160 (RACE Integrity Primitives Evaluation Message Digest), it may be 20 bytes. In step S <b> 605, the control unit 101 performs a predetermined calculation on the hash value using the number of times the password is changed, and generates a password from the obtained value according to a generation rule.

  FIG. 7 is a diagram illustrating a password generation process in S605. For example, in the password generation rule 212 input in S601, uppercase and lowercase letters, numbers, and symbols are designated as character strings that can be used for passwords, and 8 digits are designated as the number of digits. Suppose that In this case, for example, the control unit 101 divides the number of bytes of the hash value obtained by inputting the concatenated data value into the hash function by the number of digits specified by the generation rule. For example, if the hash value is 16 bytes, it is divided by 8 and the obtained 2 is acquired as an interval of bytes to be processed in order to generate a password from the hash value. That is, for example, it is assumed that the hash value is 16 bytes and the byte interval to be processed is 2. In this case, the control unit 101 processes the first byte, the third byte, the fifth byte, the seventh byte, the ninth byte, the eleventh byte, the thirteenth byte, and the fifteenth byte data (the hatched portion in FIG. 7). It may be a target (S701 in FIG. 7). Then, the control unit 101 adds the number of password changes to the byte value at each position to be processed (S702 in FIG. 7). Note that the operation flow of FIG. 6 is a process executed when the password is generated for the first time, so the number of changes is zero. In this case, the control unit 101 adds 0 to the 1st byte, 3rd byte, 5th byte, 7th byte, 9th byte, 11th byte, 13th byte, and 15th byte data. For example, if the number of changes is 2 and the data in the first byte is “01101001”, the control unit 101 may add 2 so that the data becomes “01101011”.

  Subsequently, the control unit 101 converts the data value at each position to which the number of changes has been added, into uppercase letters A to Z of alphabets, lowercase letters a to z of letters, numbers 0 to 9, symbols (predetermined 10 types) Etc.) (S703 in FIG. 7). In one example, this conversion may be performed using a correspondence table in which 1-byte values are associated with these characters. The password may be generated by arranging the obtained characters in the order of the first byte, the third byte, the fifth byte, the seventh byte, the ninth byte, the eleventh byte, the thirteenth byte, and the fifteenth byte ( S704 in FIG.

  Note that the above password generation process is an example, and the embodiment is not limited to this. For example, it is assumed that only a number is specified as a character string that can be used for a password and four digits are specified as the number of digits according to the password generation rule 212 input in S601. In this case, for example, the control unit 101 divides the number of bytes of the hash value by the number of digits: 4. For example, if the hash value is 16 bytes, it is divided by 4 and the obtained 4 is obtained as an interval of bytes to be processed in order to generate a password from the hash value. That is, for example, if the hash value is 16 bytes and the processing target byte interval is 4, the control unit 101 processes the data of the first byte, the fifth byte, the ninth byte, and the thirteenth byte. As good as Then, the control unit 101 may add the number of password changes to the byte value at each position to be processed, and convert the obtained value into a number. In addition, the predetermined calculation performed using the number of times the password is changed for the byte value at each position to be processed is not limited to addition. For example, in another embodiment, other calculation such as subtraction may be used. There may be.

  As illustrated above with reference to FIG. 7, when the control unit 101 generates a password from a hash value in accordance with the generation rule 212, the flow proceeds to S606. In step S606, the control unit 101 determines whether the save button 218 has been pressed. If the save button 218 has not been pressed (No in S606), the flow repeats S606. On the other hand, when the save button 218 is pressed (S606: Yes), the flow proceeds to S607. In step S <b> 607, the control unit 101 stores the generated password information in the change history information 800.

  FIG. 8 is a diagram illustrating change history information 800. Each entry registered in the change history information 800 includes, for example, user information, unique information, a generation rule, a generation / change date, a word, a password, a period, the number of times, and a memo. In the user information of the change history information 800, for example, the usage target of the password included in the entry and the user ID in the usage target may be registered. In the unique information of the change history information 800, for example, unique information used for generating a password included in the entry may be registered. For example, the generation rule used to generate the password included in the entry may be registered in the generation rule of the change history information 800. In the generation / change date of the change history information 800, a date when the password included in the entry is generated or a date when the password is changed may be registered. For example, the word used to generate the password included in the entry may be registered in the word of the change history information 800. In the period of the change history information 800, a password validity period may be registered. As an example, when a password change is requested in a predetermined period, the number of days in the predetermined period may be registered in the period, and 0 may be registered in the period when no change is requested. The number of changes of the password may be registered in the number of changes history information 800. For example, a memo input by the user is registered in the memo.

  In step S <b> 607, the control unit 101 converts the word input in step S <b> 601, the usage target information, the generation rule, and the period, and the unique information used in step S <b> 603 into the word, the usage target information, the generation rule, Each period and unique information may be registered. In S607, the control unit 101 may register the password generated in S605 and the date when the password is generated in the password and generation / change date of the change history information 800. Further, for example, since the operation flow of FIG. 6 is a process executed when the password is generated for the first time, 0 may be registered as the number of changes in S607. For example, in S607, since the user has not received a memo input, the memo may be blank. In step S <b> 607, the control unit 101 may display an entry in the password list information 202 based on the information regarding the password stored in the change history information 800.

  When the information regarding the password generated by the control unit 101 in S607 is stored in the change history information 800, the operation flow ends. Even when the save button 218 is not pressed in S606 and the process of S606 is repeated, for example, when the end button 224 is pressed in the password list information 202, the operation flow ends. Good.

  In the password generation processing described above with reference to FIGS. 6 and 7, the control unit 101 of the password management apparatus 100 functions as the generation unit 112, for example, in the processing of S <b> 604. In the processing of S605 and S701 to S704, the control unit 101 functions as the password generation unit 113, for example.

  Next, password change will be described. FIG. 9 is a diagram illustrating an operation flow of password change processing executed by the control unit 101 of the password management apparatus 100. 9 may be started when the control unit 101 displays the password management screen 200 on the display screen of the display unit 103, for example.

  In step S <b> 901, the control unit 101 of the password management apparatus 100 waits for the change button 223 to be pressed on the password management screen 200 displayed on the display screen of the display unit 103, for example. When the change button 223 is pressed, the control unit 101 acquires information on whether or not a password is selected in the password list information 202, for example, through a check made on a check box. In step S902, the control unit 101 determines whether one password has been selected. When a plurality of passwords are selected (No in S902), an instruction is given to select one password and press the change button 223, and the flow returns to S901. On the other hand, if one password has been selected (S902: Yes), the flow proceeds to S903.

  In step S <b> 903, the control unit 101 reads information on an entry including the selected password from the change history information 800. In step S <b> 904, the control unit 101 displays the read password information on the display screen of the display unit 103, for example. In step S <b> 905, the control unit 101 compares whether the word and the generation rule included in the read password information are the same as the values set in the word 211 and the generation rule 212 of the password generation information 201. Further, the control unit 101 compares the unique information included in the read password information with the unique information stored in the storage unit 102 of the password management apparatus 100.

  When the comparison results of the word, the generation rule, and the unique information are all the same, the control unit 101 determines Yes in S906, and the flow proceeds to S907. In step S907, the control unit 101 adds 1 to the number of times included in the password information read from the change history information 800 in step S903, and updates the number of changes. In step S908, the control unit 101 generates a password using the word, user information, unique information, and the number of times updated in step S907. In this case, the words, user information, generation rules, and unique information used for password generation include the words, user information, generation rules, and unique information included in the password information read from the change history information 800 in S903. It may match the unique information.

  On the other hand, if any of the words, the generation rule, and the unique information is not the same in S906 (S906 is No), the flow proceeds to S908. In this case, a password is generated based on new information different from the previous one. Therefore, the control unit 101 uses the word 211 on the password management screen 200, user information (use target 214 and user ID 215), and unique information stored in the storage unit 102, and uses 0 times as the number of changes. In accordance with the generation rule 212, a password is generated. Note that the password generation in S908 may be executed in the same manner as the processing from S603 to S605, for example.

  In step S909, the control unit 101 determines whether the password generated in step S908 is registered in the change history information 800. When the generated password is registered in the change history information 800 (Yes in S909), the flow returns to S907, and the control unit 101 adds 1 to the number of changes used to generate the password and changes the number of times. Update password and generate password again. On the other hand, if the password generated in S908 is not registered in the change history information 800 (S909: No), the flow proceeds to S910.

  In step S910, the control unit 101 displays the generated password on the password 216 of the password management screen 200. In step S911, the control unit 101 determines whether the save button 218 has been pressed. When the save button 218 is not pressed (S911 is No), the flow repeats S911. On the other hand, when the save button 218 is pressed (S911 is Yes), the flow proceeds to S912. In step S912, the control unit 101 stores the generated password information in the change history information 800. Note that the storage of the generated password information in the change history information 800 in S912 may be executed in the same manner as in S607, for example. When the information regarding the password generated by the control unit 101 in S912 is stored in the change history information 800, the operation flow ends. Even when the save button 218 is not pressed in S911 and the processing of S911 is repeated, for example, when the end button 224 is pressed in the password list information 202, the operation flow ends. Good.

  As described above, in the password generation processing and change processing according to the embodiment, the control unit 101 uses the words that are easy for the user to remember, the usage target information, the unique information, and the number of times the password is changed. Generate a password corresponding to the usage target. Since a password is generated by combining other information with a word that is easy for a user to remember, a password with high security strength can be generated. In addition, since the user can generate a password if he / she remembers an easy-to-remember word, password management becomes easy. Furthermore, since the usage target information corresponding to the usage target is different for each usage target, it is possible to easily generate a different password for each usage target. Since unique information uses information that is difficult for others to obtain, for example, even if a word is known to others, the unique information is not known, and it is difficult for others to generate a password. Further, by using the number of times the password is changed for generating the password, for example, even when the password is changed, a different password can be easily generated every time the password is changed.

  In the password change process described above with reference to FIG. 9, the control unit 101 of the password management apparatus 100 functions as, for example, the update unit 111 in the process of S907. In the processing of S908, the control unit 101 functions as, for example, the generation unit 112 and the password generation unit 113.

  Subsequently, a change history display process according to the embodiment will be exemplified. FIG. 10 is a diagram illustrating an operation flow of a change history display process executed by the control unit 101 of the password management apparatus 100. The operation flow in FIG. 10 may be started when the user presses “Yes” in the change history in the password list information 202 of the password management screen 200, for example.

  In step S <b> 1001, the control unit 101 reads, from the change history information 800, an entry including a password whose change history “Yes” is pressed in the password list information 202 of the password management screen 200. In step S <b> 1002, the control unit 101 generates a change history based on the read information and displays the change history on the display screen of the display unit 103. The change history displayed on the display screen of the display unit 103 may be the change history screen 300, for example. In step S <b> 1003, the control unit 101 determines whether the entry button 304 has been pressed on the change history screen 300. When the entry button 304 is not pressed, the control unit 101 determines No in S1004, and the flow proceeds to S1007. On the other hand, when the entry button 304 is pressed, the control unit 101 determines Yes in S1004, and the flow proceeds to S1005.

  In step S1005, the control unit 101 displays an entry window for entering a memo on the display screen, and accepts an input of the memo from the user. In step S1006, the control unit 101 determines whether a save button for saving the entered information is pressed in the entry window. If the save button is not pressed in the entry window (No in S1006), the flow returns to S1005 and repeats the process. On the other hand, if the save button is pressed in the entry window (Yes in S1006), the control unit 101 saves the entered information in the memo of the entry of the change history information 800 read in S1001, and is also entered. The reflected information is reflected in the memo column of the change history screen 300. Thereafter, the flow proceeds to S1007. In step S1007, the control unit 101 determines whether the end button 305 of the change history screen 300 has been pressed. If the end button 305 of the change history screen 300 has not been pressed (No in S1007), the flow returns to S1003. On the other hand, when the end button 305 of the change history screen 300 is pressed (S1007 is Yes), this operation flow ends.

  According to the password change history display processing described above with reference to FIG. 10, the user can check the password change history. For example, a password that has not been used in the past can be easily generated. .

  Subsequently, a password use history generation process and a display process according to the embodiment will be exemplified. FIG. 11 is a diagram illustrating usage history information 1100 according to the embodiment. Each entry registered in the usage history information 1100 includes, for example, usage target information, a password, a usage date, and a memo. In the usage target information of the usage history information 1100, for example, the usage target of the password included in the entry and the user ID in the usage target may be registered. The usage date may be a date when the password included in the entry is used. In the memo, a memo input by the user is registered.

  FIG. 12 is a diagram illustrating an operation flow of a use history generation process executed by the control unit 101 of the password management apparatus 100. The operation flow of FIG. 12 may be started when the control unit 101 of the password management apparatus 100 displays the password management screen 200 on the display screen of the display unit 103, for example.

  In step S <b> 1201, the control unit 101 determines whether the password has been copied and pasted (copied and pasted) from the password list information 202 on the password management screen 200. For example, when the password is copied from the password list information 202 and then the password is pasted on the login screen or the like, the control unit 101 may determine that the password has been copied and pasted. When it is determined that the password has been copied and pasted, the control unit 101 determines Yes in S1202, and the flow proceeds to S1203. In this case, the control unit 101 may execute processing for deleting the copied and pasted password from the password management screen 200.

  In step S <b> 1203, the control unit 101 registers the use history of the copied and pasted password in the use history information 1100. For example, the control unit 101 acquires the usage target and user ID of the copied and pasted password from the password list information 202 and registers them in the usage target information column of the usage history information 1100. Further, the control unit 101 registers the password for which copy and paste has been executed in the password column of the usage history information 1100. The control unit 101 registers the date when the copy and paste is executed as the usage date of the usage history information 1100. The memo field may be blank when registering information in the usage history information 1100. For example, as described above, the control unit 101 may register use history information in the use history information 1100.

  On the other hand, when the password is not copied and pasted in S1201, the control unit 101 determines No in S1202, and the flow proceeds to S1204.

  In step S1204, the control unit 101 determines whether or not a password has been dragged and dropped (dragged and dropped). For example, when a password is selected from the password list information 202 and the password is dragged and dropped on the login screen or the like, the control unit 101 may determine that the password has been dragged and dropped. If the control unit 101 determines that the password has been dragged and dropped, the control unit 101 determines Yes in step S1205, and the flow advances to step S1206. In this case, the control unit 101 may execute a process of deleting the dragged and dropped password from the password management screen 200.

  In step S <b> 1206, the control unit 101 registers the use history of the dragged and dropped password in the use history information 1100. Note that registration of the use history of the dragged and dropped password in the use history information 1100 may be performed in the same manner as described in S1203, for example. In step S <b> 1207, the control unit 101 determines whether an instruction to end password management processing has been input. For example, when the end button 224 is pressed on the password management screen 200, the control unit 101 may determine Yes in S1207, and in this case, the operation flow ends. On the other hand, if the password management processing end instruction has not been input (No in S1207), the flow returns to S1201.

  Note that the operation flow of FIG. 12 described above describes an example in which the use of a password is detected based on execution of password copy and paste or drag and drop. However, the embodiment is not limited to this. In another embodiment, for example, when the user presses an input button associated with a password displayed on the password management screen 200, the control unit 101 detects that the password has been used, and records the usage history. May be.

  Subsequently, a usage history display process according to the embodiment will be exemplified. FIG. 13 is a diagram illustrating an operation flow of a usage history display process executed by the control unit 101 of the password management apparatus 100. The operation flow of FIG. 13 may be started when the user presses “Use” in the usage history in the password list information 202 of the password management screen 200, for example.

  In step S <b> 1301, the control unit 101 reads, from the usage history information 1100, an entry including a password whose usage history “Yes” is pressed in the password list information 202 of the password management screen 200. In step S <b> 1302, the control unit 101 generates a usage history based on the read information and displays the usage history on the display screen of the display unit 103. The usage history displayed on the display screen of the display unit 103 may be the usage history screen 400, for example. In step S1303, the control unit 101 determines whether the entry button 404 has been pressed on the usage history screen 400. When the entry button 404 is not pressed, the control unit 101 determines No in S1304, and the flow proceeds to S1307. On the other hand, when the entry button 404 is pressed, the control unit 101 determines Yes in S1304, and the flow proceeds to S1305.

  In step S1305, the control unit 101 displays an entry window for entering a memo on the display screen, and accepts an input of the memo from the user. In step S1306, the control unit 101 determines whether a save button for saving the entered information is pressed in the entry window. If the save button is not pressed in the entry window (No in S1306), the flow returns to S1305 and repeats the process. On the other hand, when the save button is pressed in the entry window (Yes in S1306), the control unit 101 saves the entered information in the memo of the entry of the use history information 1100 read in S1301, and the entry is also made. The information is reflected in the memo column of the usage history screen 400. Thereafter, the flow proceeds to S1307. In step S <b> 1307, the control unit 101 determines whether the end button 405 of the usage history screen 400 has been pressed. If the end button 405 of the usage history screen 400 has not been pressed (No in S1307), the flow returns to S1303. On the other hand, when the end button 405 of the usage history screen 400 is pressed (S1307 is Yes), this operation flow ends.

  According to the password use history generation process and display process described above with reference to FIGS. 11 to 13, the password use history is recorded, and the user can check the use history. Therefore, for example, when an unauthorized use of a password by a third party is performed, the unauthorized use can be detected.

  Subsequently, an export process of the password management function according to the embodiment will be described. FIG. 14 is a diagram illustrating an operation flow of the password management function export process executed by the control unit 101 of the password management apparatus 100. Note that the operation flow in FIG. 14 may be started, for example, when an instruction to execute export processing is input to the control unit 101.

  In step S1401, the control unit 101 transfers a predetermined program for executing the password management function included in the password management program to the export destination apparatus. In step S1402, the control unit 101 transfers the entry information registered in the change history information 800 to the export destination apparatus. In step S1403, the control unit 101 determines whether transfer of all entries registered in the change history information 800 has been completed. If transfer of all entries registered in the change history information 800 has not been completed (No in S1403), the flow returns to S1402 to perform transfer. On the other hand, when the transfer of all entries registered in the change history information 800 has been completed (Yes in S1403), the flow proceeds to S1404.

  In step S <b> 1404, the control unit 101 transfers the entry information registered in the usage history information 1100 to the export destination apparatus. In step S <b> 1405, the control unit 101 determines whether transfer of all entries registered in the usage history information 1100 has been completed. If transfer of all entries registered in the usage history information 1100 has not been completed (No in S1405), the flow returns to S1404 to perform transfer. On the other hand, if all entries registered in the usage history information 1100 have been transferred (Yes in S1405), the flow proceeds to S1406. In step S1406, the control unit 101 transfers the unique information stored in the storage unit 102 of the export source password management apparatus 100 to the export destination apparatus, and the operation flow ends.

  After completion of the export process, the export destination apparatus executes at least one of the operation flows of FIG. 16, which will be described later with reference to FIG. 6, FIG. 9, FIG. 10, and FIG. Can be executed. Therefore, the user can use the password management function according to the embodiment using the change history information 800 and the usage history information 1100 transferred in the export destination apparatus. For example, when a user who normally operates the management function on a personal computer goes to the bank, the management function is exported to the smartphone, so that the password is displayed on the smartphone when the bank ATM is used. Can do.

  Subsequently, an import process of the password management function according to the embodiment will be described. FIG. 15 is a diagram illustrating an operation flow of the import process of the password management function executed by the control unit 101 of the password management apparatus 100. Note that the operation flow of FIG. 15 may be started, for example, when an import processing execution instruction is input to the control unit 101.

  In step S1501, the control unit 101 receives information on entries registered in the change history information 800 of the export destination apparatus from the export destination apparatus. In step S1502, the control unit 101 compares the entry transferred from the export destination with the entry registered in the change history information 800 stored in the storage unit 102. In step S <b> 1503, the control unit 101 determines whether an entry that matches the entry transferred from the export destination is registered in the change history information 800 stored in the storage unit 102. If the same entry is registered (Yes in S1503), the flow returns to S1501 to transfer the next entry. On the other hand, if the same entry is not registered (No in S1503), the flow proceeds to S1504, and the control unit 101 adds the transferred entry to the change history information 800. In step S1505, the control unit 101 determines whether all entries from the export destination have been transferred. If transfer of all entries has not been completed (No in S1505), the flow returns to S1501 to perform transfer. On the other hand, if all entries have been transferred (S1505 is Yes), the flow proceeds to S1506.

  In step S <b> 1506, the control unit 101 receives transfer of entry information registered in the usage history information 1100 of the export destination device from the export destination device. In step S <b> 1507, the control unit 101 compares the entry transferred from the export destination with the entry registered in the usage history information 1100 stored in the storage unit 102. In step S <b> 1508, the control unit 101 determines whether an entry that matches the entry transferred from the export destination is registered in the usage history information 1100. If the same entry is registered (Yes in S1508), the flow returns to S1506 to transfer the next entry. On the other hand, if the same entry is not registered (S1508: No), the flow proceeds to S1509, and the control unit 101 adds the transferred entry to the usage history information 1100. In step S1510, the control unit 101 determines whether transfer of all entries from the export destination has been completed. If transfer of all entries has not been completed (No in S1510), the flow returns to S1506 to perform transfer. On the other hand, when the transfer of all entries has been completed (S1510 is Yes), this operation flow ends.

  As a result of the above import processing, the password change and password use history information performed in the export destination device is reflected in the change history information 800 and the use history information 1100 of the export source password management device 100. Therefore, for example, the user can centrally manage the password change history and the use history in the export source password management apparatus 100.

  Subsequently, a password verification process according to the embodiment will be described. FIG. 16 is a diagram illustrating an operation flow of password verification processing executed by the control unit 101 of the password management apparatus 100. 16 may be started when the control unit 101 of the password management apparatus 100 displays the password management screen 200 on the display screen of the display unit 103, for example.

  In step S1601, the control unit 101 of the password management apparatus 100 waits for the verification button 221 to be pressed on the password management screen 200, for example. When the verification button 221 is pressed, the control unit 101 acquires information on whether or not a password is selected in the password list information 202, for example, through a check on a check box. In step S1602, the control unit 101 determines whether one or more passwords are selected based on the acquired information. If no password is selected (No in S1602), an instruction is sent to select one or more passwords and the verification button 221 is pressed, and the flow returns to S1601. On the other hand, if one or more passwords are selected (S1602 is Yes), the flow proceeds to S1603.

  In step S1603, the control unit 101 reads the change history of the selected password from the change history information 800. Further, the control unit 101 reads the usage history of the selected password from the usage history information 1100. In step S <b> 1604, the control unit 101 identifies the number of digits of the password and the number of types of characters that can be used for the password from the password generation rule read from the change history information 800.

  In step S <b> 1605, the control unit 101 identifies the password usage period from the password generation / change date read from the change history information 800. For example, the control unit 101 may acquire the number of days from the generation / change date of the password specified from the change history information 800 to the current time as the usage period for the selected password.

  In step S <b> 1606, the control unit 101 identifies the number of times the password is used from the password usage history read from the usage history information 1100. In step S <b> 1607, the control unit 101 evaluates the security strength of the password based on the number of digits and character types specified above, the password usage period, and the password usage count. In step S <b> 1608, the control unit 101 displays the evaluation result on the display screen of the display unit 103. For example, the control unit 101 may display the verification result screen 500 as an evaluation result.

  In step S1609, the control unit 101 determines whether the end button 502 of the verification result screen 500 has been pressed. If the end button 502 has not been pressed (No in S1609), the flow repeats S1609. On the other hand, if the end button 502 is pressed (S1609: Yes), the flow proceeds to S1610. In step S1610, the control unit 101 closes the verification result screen 500 displayed on the display unit 103, and the operation flow ends.

  The password security strength verification process according to the embodiment described above with reference to FIG. 16 allows the user to know whether or not the password being used is safe.

  As described above, according to the embodiment, the password is generated according to the generation rule using the word, the usage target information, the unique information, and the password change count. Therefore, if the user remembers an easy-to-remember word, the user can generate a password with high security strength using the usage target information, unique information, and the number of password changes stored in the storage unit 102. . Further, for example, since the usage target information for identifying the usage target of the password is different for each usage target, the user can easily generate a different password for each usage target. Furthermore, since the password is generated using the number of password changes, even when the password is changed, the user can easily generate a different password according to the change in the number of password changes.

  Further, for example, it is assumed that a password that has not been used in the past is required to be changed in an authentication system to be used for the password. Even in such a case, according to the embodiment, the change history is recorded. Therefore, for example, if the generated password already exists in the change history, the control unit 101 can generate another password, and as a result, the user can easily obtain a password that has not been used in the past. be able to.

  In addition, known fixed information can be used for the usage target information, the unique information, and the generation rule, and the password change count is information that changes with regularity. Therefore, for example, even if the managed password is lost due to a failure of the password management apparatus 100, the password can be easily recovered as long as the user remembers only the word.

  In addition, since the use history is recorded according to the embodiment, for example, when an unauthorized use of a password by a third party is performed, the unauthorized use can be detected.

  In addition, according to the embodiment, the password management device 100 has an export function of a password management function, and thus, for example, a password can be used using another device other than the password management device 100. Furthermore, since the password management apparatus 100 has an import function of a password management function, even when a password is used using another apparatus by the export function, information related to the use can be centrally managed in the password management apparatus 100. Can do.

  Further, according to the embodiment, the password management apparatus 100 can verify the security strength of the generated password, for example, so that the user can know whether or not the password being used is safe.

  In the above embodiment, since a generation rule can be specified when generating a password, it is possible to easily generate an appropriate password according to the usage target. Furthermore, since the expiration date of the password can be specified when generating the password, for example, when the specified expiration date is approached, the user can be notified with an alert or a warning.

  Therefore, according to the embodiment, problems such as password management and security maintenance can be solved, and a user's password management burden can be reduced.

  In the above, although embodiment was illustrated, embodiment is not limited to this. For example, the above-described operation flow is an example, and the embodiment is not limited to this. If possible, the operation flow may be executed by changing the order of processing, may include additional processing, or some processing may be omitted.

  For example, the processing of S1201 to S1203 and the processing of S1204 to S1206 in FIG. Similarly, the processes in S1402 to S1403 and the processes in S1404 to S1405 in FIG. The processing of S1501 to S1505 and the processing of S1506 to S1510 in FIG.

  Further, in the above-described embodiment, for example, when it is determined that password copy and paste or drag and drop has been executed and it is detected that the password has been used, the control unit 101 displays the used password on the display screen. The process may be executed so as to erase from. For example, in this way, by automatically erasing the password after using the password, the possibility of receiving shoulder hacking can be reduced.

  FIG. 17 is a diagram illustrating a hardware configuration of a computer 1700 for realizing the password management apparatus 100 according to the embodiment. 17 includes, for example, a processor 1701, a memory 1702, a storage device 1703, a reading device 1704, a communication interface 1706, an input / output interface 1707, and a display device 1710. Note that the processor 1701, the memory 1702, the storage device 1703, the reading device 1704, the communication interface 1706, and the input / output interface 1707 are connected to each other via a bus 1708, for example.

  The processor 1701 provides a part or all of the functions of the control unit 101 described above by executing a password management program describing the procedure of the operation flow described above using the memory 1702, for example. For example, the processor 1701 functions as the update unit 111, the generation unit 112, and the password generation unit 113 by executing a password management program stored in the memory 1702. Further, the storage unit 102 includes, for example, a memory 1702, a storage device 1703, and a removable storage medium 1705. The storage device 1703 of the password management device 100 may store information such as unique information, change history information 800, and usage history information 1100, for example.

  The memory 1702 is a semiconductor memory, for example, and may include a RAM area and a ROM area. Note that RAM is an abbreviation for Random Access Memory. ROM is an abbreviation for Read Only Memory. The storage device 1703 is, for example, a hard disk, a semiconductor memory such as a flash memory, or an external storage device.

  The reading device 1704 accesses the removable storage medium 1705 in accordance with instructions from the processor 1701. The detachable storage medium 1705 includes, for example, a semiconductor device (USB memory or the like), a medium (information such as a magnetic disk) to which information is input / output by a magnetic action, For example, a DVD). USB is an abbreviation for Universal Serial Bus. CD is an abbreviation for Compact Disc. DVD is an abbreviation for Digital Versatile Disk.

  For example, the communication interface 1706 is connected to the network 1720 in accordance with an instruction from the processor 1701 to transmit and receive data. The input / output interface 1707 may be an interface between an input device and an output device, for example. The input device is a device such as a keyboard, a mouse, and a touch panel that receives an instruction from the user, for example. The output device is an audio device such as a speaker and a printing device such as a printer. The input / output interface 1707 is connected to the display device 1710. The display device 1710 may be a display, for example. The display unit 103 described above is a display device 1710, for example. 2 to 5 may be displayed on the display device 1710, for example.

Each program according to the embodiment is provided to the password management apparatus 100 in the following form, for example.
(1) Installed in advance in the memory 1702.
(2) Provided by the removable storage medium 1705.
(3) Provided from a server 1730 such as a program server.

  The hardware configuration of the computer 1700 described with reference to FIG. 17 is an exemplification, and the embodiment is not limited to this. For example, some or all of the functions of the above-described functional units may be implemented as hardware such as FPGA and SoC. Note that FPGA is an abbreviation for Field Programmable Gate Array. SoC is an abbreviation for System-on-a-chip.

  In the above, several embodiments are described. However, the embodiments are not limited to the above-described embodiments, and should be understood as including various modifications and alternatives of the above-described embodiments. For example, it will be understood that various embodiments can be embodied by modifying the components without departing from the spirit and scope thereof. It will be understood that various embodiments can be implemented by appropriately combining a plurality of components disclosed in the above-described embodiments. Further, various embodiments may be implemented by deleting or replacing some components from all the components shown in the embodiments, or adding some components to the components shown in the embodiments. Those skilled in the art will appreciate that this can be done.

100 Password Management Device 101 Control Unit 102 Storage Unit 103 Display Unit 111 Update Unit 112 Generation Unit 113 Password Generation Unit 1700 Computer 1701 Processor 1702 Memory 1703 Storage Device 1704 Reading Device 1705 Removable Storage Medium 1706 Communication Interface 1707 Input / Output Interface 1708 Bus 1710 Display device 1720 Network 1730 Server

Claims (6)

When changing the password corresponding to the usage target, the number of times of changing the password corresponding to the usage target is updated from the first number to the second number,
A first value is generated based on the input character string, usage target information corresponding to the usage target, and predetermined unique information,
Generating a first password in accordance with a predetermined generation rule from a second value obtained by performing a predetermined calculation on the first value using the second number of times;
When the entry including the first password is not registered in the change history information, the first password, the usage target information corresponding to the usage target, the predetermined unique information, and the second number of times, Is registered in the change history information,
If an entry including the first password is registered in the change history information, the number of changes is updated from the second number to a third number,
Generating a second password in accordance with the predetermined generation rule from a third value obtained by performing the predetermined calculation using the third number of times for the first value;
A password management program that causes a computer to execute processing. Displaying the first password on the display screen of the display unit;
When the first password displayed on the display screen of the display unit is used, an entry including information on the use of the first password is registered in the usage history information.
The password management program according to claim 1 , further causing the computer to execute processing. Outputting the change history information and the use history information to another computer;
When the second change history information and the second use history information are input from the other computer, an entry of the second change history information not included in the change history information is registered in the change history information. And registering an entry of the second usage history information not included in the usage history information in the usage history information.
The password management program according to claim 2 , further causing the computer to execute processing. If the first password displayed on the display screen of the display unit is used, erase the first password from the display screen;
The password management program according to claim 2 or 3 , further causing the computer to execute processing. An update unit that updates the number of changes of the password corresponding to the usage target from the first number to the second number when changing the password corresponding to the usage target;
A generating unit that generates a first value based on the input character string, usage target information corresponding to the usage target, and predetermined unique information;
A password generation unit that generates a first password in accordance with a predetermined generation rule from a second value obtained by performing a predetermined calculation on the first value using the second number of times; ,
When the entry including the first password is not registered in the change history information, the first password, the usage target information corresponding to the usage target, the predetermined unique information, and the second number of times, A control unit that registers an entry including the change history information, and
When an entry including the first password is registered in the change history information,
The update unit updates the change count from the second count to a third count,
The password generation unit uses a third value obtained by performing the predetermined calculation on the first value using the third number of times, and then generates a second value in accordance with the predetermined generation rule. Generate a password,
A password management device. Updating the password corresponding to the usage target from the first number to the second number when changing the password corresponding to the usage target;
Generating a first value based on the input character string, use target information corresponding to the use target, and predetermined unique information;
Generating a first password in accordance with a predetermined generation rule from a second value obtained by performing a predetermined calculation using the second number of times for the first value;
When the entry including the first password is not registered in the change history information, the first password, the usage target information corresponding to the usage target, the predetermined unique information, and the second number of times, Registering an entry including the change history information,
When the entry including the first password is registered in the change history information, updating the number of changes from the second number to a third number;
Generating a second password in accordance with the predetermined generation rule from a third value obtained by performing the predetermined calculation using the third number of times for the first value; ,
A password management method executed by a computer, including:

Images