JP2003122721A - Data input authentication system, data input authentication method, and input terminal for data authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable anyone to conveniently input data, to easily memorize authentication information and to prevent pretension of others in the case of input in an ID/ password system. SOLUTION: In this data input authentication system 10 by which a user selects and inputs authentication information by operating an input terminal 11, in which the input terminal 11 is connected with a main server 23 via a network 20 and the main server 23 authenticates the user and manages information regarding service to the user, the input terminal 11 is provided with an authentication information input means 19 for selecting and inputting data as a password or an ID, an authentication information converting means 46 for converting the data selected and inputted by the authentication information input means 19 into specific authentication information including numerals and a transmitting means 42 on the terminal's side for transmitting the authentication information and the main server 23 is provided with an authentication information collating means 91 for receiving and collating the authentication information including numerals which is transmitted from the transmitting means 42 on the terminal's side and a transmitting means 92 on the server's side for transmitting this collation result to the input terminal 11.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data input authentication system, a data input authentication method, and an input terminal used for a data input authentication system for selectively inputting data such as images, moving images and music instead of passwords.

[0002]

2. Description of the Related Art A method of confirming the identity of a person using an ID and a password is widely used. Examples include bank cash cards, credit cards, membership cards, and mobile phone terminals. Numerical numbers are most often used in the method of confirming whether or not the user is who he / she is using this ID and password. For example, a bank or a credit card can be used to input only numbers. Also, there are many combinations of numbers and alphabets.

In recent years, with the spread of the Internet,
For example, when making a dial-up connection to the Internet using the keyboard of a personal computer, when making an Internet connection using the i-mode of NTT Docomo using the ten-key pad of a mobile phone terminal, or when making an online account or online via the Internet. When using shopping, it is often the case that an ID or password is entered by combining both numbers and alphabets.

[0004]

By the way, in the above-mentioned password system, in order to easily remember the set password / ID (especially the password), for example, one's own birth date, telephone number, etc. are already present. In many cases, it is associated with the number you are using. In this case, it is relatively easy for a third party to guess the password. If a password is obtained by such a guess, the third party often impersonates the person (card holder or the like) and withdraws cash or uses a credit card for shopping.

In order to prevent this, it is preferable to set a password or the like to a random number (alphanumeric character) that is completely unrelated to the personal information that the user has because it makes it difficult for a third party to guess the password. However, if a random number (alphanumeric character) is set, it becomes difficult to remember the password, and there is a risk of forgetting the password. In particular, in today's aging society, there are cases where elderly people are not confident in their memory. Therefore, you can set a password in association with your own personal information,
Alternatively, it is often the case that a password or the like is written on a notebook or the like, and the risk of stealing the password or the like cannot be eliminated in many cases.

[0006] Recently, many people have a plurality of cash cards and credit cards. If a password is set separately for each of the plurality of cards, the memory becomes difficult. For this reason, card users often use only one number as a password for almost all cards. In such a case, the risk of the card being stolen or lost increases in combination with the above-mentioned association of the personal information and the password.

As an alternative to the password method, there are, for example, authentication (biometrics) using biometric information such as a fingerprint, and a PKI method using a secret key. However, these methods are still unfamiliar. in addition,
The biometrics method has a problem in that many people feel a sense of resistance due to concerns about leakage of personal information, etc., and also cost because it requires expensive equipment. Also,
In the PKI method, it is necessary to carry a secret key further,
There is also a problem that it takes much labor and cost.

In this respect, the method of using the ID and password is the most popular method of personal authentication,
It is superior to other personal authentication methods in that it is not familiar and has no resistance and can be used easily. Therefore, it is preferable to further improve the ID / password method so that the user can easily use it.

Here, as an example of what is to be authenticated only by a simple input, a password consisting of a combination of current numbers and numbers and alphabetic characters is replaced by a picture or color instead of numbers or alphanumeric characters mainly in a PDA device. A method of using a combination as a password is disclosed in Japanese Patent Laid-Open No. 9-15299.
It is disclosed in Japanese Patent Publication No. This publication limits access to secret data in a data storage device such as a PDA device by storing and inputting a password composed of a combination of pictographic data and color designation data. Things are disclosed.

However, the above-mentioned Japanese Patent Laid-Open No. 9-1529.
In the data storage device disclosed in Japanese Patent Publication No. 91, access to secret data is restricted, and its usage form is limited. If pictogram data or color designation data is entered, RO
It is stored in M. Therefore, if code data is stolen on the network, for example, impersonation of another person is permitted. Further, even if the user is in a hurry and wants to input numbers instead of pictographic data, such input cannot be performed, and there is a problem that prompt input is lacking.

The present invention has been made based on the above circumstances. The purpose of the present invention is to enable anyone to easily select and enter the ID / password by the ID / password method.
A data input authentication system that makes it easy to select and enter passwords and remember them, while also preventing impersonation by others
It is intended to provide an input terminal used for a data input authentication method and a data input authentication system.

[0012]

In order to achieve the above object, according to the present invention, a user operates an input terminal to perform selection input for authentication, and the input terminal is connected to a main server via a network. Authentication information provided on an input terminal in a data input authentication system that is connected and manages information on services to the user by authenticating the user with the main server, and selectively inputs data as a password or ID at the input terminal An input means and an authentication information conversion means provided in the input terminal for converting the data selectively input by the authentication information input means into specific authentication information including at least a numeral, and provided in the input terminal and converted by the authentication information conversion means. Provided on the terminal side transmitting means for transmitting the authentication information obtained, and the main server,
An authentication information collating means for receiving and collating the authentication information transmitted by the terminal side transmitting means, and a server side transmitting means provided in the main server for transmitting the collation result of the authentication information collating means to the input terminal. To do.

Therefore, the password or ID is input to the input terminal.
When data is selected and input as, the data is converted into authentication information including numbers by the authentication information conversion means. Thereby, if the converted authentication information is transmitted by the terminal side transmitting means, the main server side can perform the conventional authentication.
In addition, since data is selectively input on the input terminal side instead of a password or ID, if the data is an image, for example, the password or ID can be set to a combination of images of interest, so it is easy to remember and easy to forget. It can be a password or ID. Especially, even if you are not confident in your own memory, such as elderly people, once you enter the password or I
By setting D, it becomes possible to easily remember.

In addition, it is possible to reduce the number of passwords or IDs associated with one's own telephone number, date of birth, etc., which has conventionally occurred. Thus, even if another person tries to steal the password or ID, it is possible to prevent the other person from stealing by setting the password or ID with a combination of images or the like that is difficult for the other person to distinguish. Furthermore, since the main server stores the password including the conventional numbers, the main server does not need to make a major system change, and the present invention can be implemented at low cost.

According to another aspect of the invention, in addition to the above-mentioned aspect, the authentication information conversion means converts the respective data in correspondence with the authentication information including one or a plurality of numbers. By doing so, when one piece of data is selected and input by the input terminal, this one piece of data is converted into authentication information including one or a plurality of numbers. Then, when the data is transmitted from the input terminal to the main server side through the network by converting the data into the authentication information,
It is easier to send the data than to send the data directly. In addition, by converting the authentication information including numbers, the data can be stored on the main server side, the data can be transmitted to the main server, and the collation can be performed faster than when the data are collated. It will be possible.

Furthermore, in another invention, in addition to the above-mentioned invention, the authentication information converting means converts the selectively input data string in correspondence with the authentication information of the string containing one numeral. . By doing so, the selected and input data string is converted into the authentication information of the column including one number, so that it is possible to freely set the authentication information of the column including the number obtained by converting the data string. It is possible to improve the degree.

Further, it becomes difficult to elucidate the converted authentication information, and it becomes possible to further prevent the theft of another person.
Further, by converting the data into the authentication information of the column including the numbers, when the data is transmitted from the input terminal to the main server side via the network, the data is easier to transmit than when the data is directly transmitted. Also, by converting to a column containing numbers, the data can be stored on the main server side,
The collation can be performed earlier than the case of transmitting the data to the main server and collating the data with each other.

According to another aspect of the invention, in addition to the above aspects of the invention, input data determining means for selecting / determining data to be selectively input as a password or ID prior to the selective input of data by the authentication information input means. In addition to having
When selecting and inputting the data as the password or ID, the password or ID is used together with the password or ID.
In order to disclose fake data different from the data as D, a fake data determination means for selecting and determining proper fake data is provided, and the password and fake data are stored in the customer database provided in the main server. It was decided.

As described above, by providing the fake data determining means for selecting and determining the fake data, the user can only discriminate the data that the other person selectively inputs as the password or the ID, but the other person discriminates the data. It is possible to set it so that it cannot be performed. For example, if you set the password and ID only with the images of your own children and grandchildren,
Images other than the images of your child or grandchild are selected and input as false data. This makes it easy for the user to remember the password or ID, although it is difficult for the other person to be discriminated, and it is possible to reduce the risk of forgetting. That is, it is possible to improve the security of the data selectively input as the password or the ID.

Further, in addition to the above-mentioned invention, another invention is that the fake data and the password input data are encrypted by the encryption means when transmitted by the server side transmission means. By doing so, even if a third party illegally obtains fake data and password input data in the middle of the network, the third party will be encrypted by the encryption means to prevent unauthorized third parties. It becomes impossible to use, and it becomes possible to improve the security when transmitting data from the main server.

According to another invention, in addition to the above-mentioned inventions, the input terminal further comprises card reading means for inserting a card to read the information written on the card. The information is read instead of the ID, and the main server performs authentication by selecting and inputting data as a password.

In this way, the card is inserted into the input terminal,
By reading the information written on this card by the card reading means and using it instead of the ID, it becomes unnecessary to select and input the ID, and the user only has to perform the work of selecting and inputting the data as the password. . This reduces the work performed by the user.

When a card is used, the information written on the card is read to immediately access the customer database for each card owned by the user. Then, when this customer database is accessed, it is possible to extract the fake data and the password input data corresponding to the card to the input terminal. In other words, since the user's own input screen for the user to select and input as the password is displayed on the input terminal, even if a third party picks up the card and tries to select and input the password, the input screen when the password is input is displayed. Is completely different,
It becomes difficult for a third party to select and enter the password, and it is difficult to guess.

Further, in addition to each of the above-mentioned inventions, another invention further comprises a conversion from data to specific authentication information including at least a numeral by the authentication information conversion means, and a conversion from the data to other authentication information. As described above, the conversion changing means for automatically changing the authentication information converting means is provided.

Therefore, for example, if the conversion result is changed at the time of converting the data into the authentication information by the conversion changing means on a regular basis, even if a third party steals the authentication information, it is difficult to misuse the authentication information. It is possible to further improve safety.

Further, in addition to the above-mentioned invention, another invention further comprises a data changing means capable of changing the data selectively input to the input terminal according to the wish or need of the user. In this way, using the data change means,
The user can appropriately change the data to be selectively input to the input terminal. As a result, even on the user side, it is possible to improve the security against the theft of data used as a password.

According to another aspect of the invention, a user operates an input terminal to perform selection input for authentication, and the input terminal is connected to a main server via a network, and the user can be connected to the main server via the network. In the data input authentication method for performing authentication of the user and management of information related to services for users, at least a numeral is required for the authentication information input step of selectively inputting data as a password or ID at the input terminal and the data selectively input by the authentication information input step An authentication information conversion step of converting to authentication information including
A terminal side transmitting step for transmitting the authentication information converted by the authentication information converting step to the main server, an authentication information collating step for receiving and collating the authentication information transmitted by the terminal side transmitting step, and an authentication information collating step And a server-side transmitting step of transmitting the verification result in 1. to the input terminal.

Therefore, the password or ID is input to the input terminal.
When data is selected and input as, the data is converted into authentication information including numbers in the authentication information conversion step. Accordingly, if the converted authentication information is transmitted in the terminal side transmission step, the main server side can perform the conventional authentication.
In addition, since data is selectively input on the input terminal side instead of a password or ID, if the data is an image, for example, the password or ID can be set to a combination of images of interest, so it is easy to remember and easy to forget. It can be a password or ID. Especially, even if you are not confident in your own memory, such as elderly people, once you enter the password or I
By setting D, it becomes possible to easily remember.

In addition, it is possible to reduce the conventionally occurring password or ID associated with one's own telephone number, date of birth, or the like. Thus, even if another person tries to steal the password or ID, it is possible to prevent the other person from stealing by setting the password or ID with a combination of images or the like that is difficult for the other person to distinguish. Furthermore, since the main server stores the password including the conventional numbers, the main server does not need to make a major system change, and the present invention can be implemented at low cost.

According to another aspect of the invention, in addition to the above-mentioned aspect of the invention, in the authentication information converting step, each data is converted so as to correspond to the authentication information including one or a plurality of numbers. By doing so, when one piece of data is selected and input by the input terminal, this one piece of data is converted into authentication information including one or a plurality of numbers. Then, when the data is transmitted from the input terminal to the main server side through the network by converting the data into the authentication information,
It is easier to send the data than to send the data directly. In addition, by converting the authentication information including numbers, the data can be stored on the main server side, the data can be transmitted to the main server, and the collation can be performed faster than when the data are collated. It will be possible.

Further, in addition to the above-mentioned invention, another invention is that in the authentication information converting step, the selected and input data string is converted by associating the authentication information of the string including one numeral with each other. . By doing so, the selected and input data string is converted into the authentication information of the column including one number, so that it is possible to freely set the authentication information of the column including the number obtained by converting the data string. It is possible to improve the degree.

Further, it becomes difficult to understand the alphanumeric string after conversion, and it becomes possible to further prevent the theft of others.
Further, by converting the data into the authentication information of the column including the numbers, when the data is transmitted from the input terminal to the main server side via the network, the data is easier to transmit than when the data is directly transmitted. Also, by converting to a column containing numbers, the data can be stored on the main server side,
The collation can be performed earlier than the case of transmitting the data to the main server and collating the data with each other.

Further, in addition to the above-mentioned invention, another invention further comprises an input data determining step for selecting and determining data to be selectively input as a password or ID prior to the selective input of data in the authentication information input step. With the provision
When selecting and inputting the data as the password or ID, the password or ID is used together with the password or ID.
In order to disclose fake data different from the data as D, a fake data determination step of selecting and determining proper fake data is provided, and the password and fake data are stored in the customer database provided in the main server. A storage process is provided.

As described above, by providing the fake data determination step of selecting and determining fake data, the user can only discriminate the data that the other person selects and inputs as the password or ID, but the other person discriminates the data. It is possible to set it so that it cannot be performed. For example, if you set the password and ID only with the images of your own children and grandchildren,
Images other than the images of your child or grandchild are selected and input as false data. This makes it easy for the user to remember the password or ID, although it is difficult for the other person to be discriminated, and it is possible to reduce the risk of forgetting. That is, it is possible to improve the security of the data selectively input as the password or the ID.

Further, in addition to the above-mentioned invention, another invention further comprises an encryption step for performing encryption when transmitting the fake data and the password input data by the server side transmission step. Is. By doing this, even if a third party illegally obtains fake data and password input data in the middle of the network,
By performing the encryption in the encryption step, it becomes impossible for an unauthorized third party to use, and it becomes possible to improve the security at the time of data transmission from the main server.

According to another invention, in addition to the above-mentioned inventions, when a card is inserted into an input terminal at the time of selecting and inputting data in the authentication information input step, the information written on this card is read. Equipped with a card reading process,
By reading the information on this card, I
In addition to D, authentication is performed on the main server by selecting and inputting data as a password in the authentication information input step.

In this way, insert the card into the input terminal,
By reading the information written on this card in the card reading process and using it instead of the ID, it becomes unnecessary to select and input the ID, and the user only has to perform the work of selecting and inputting the data as the password. . This reduces the work performed by the user.

When a card is used, the information written on the card is read and the customer database for each card possessed by the user is immediately accessed. Then, when this customer database is accessed, it is possible to extract the fake data and the password input data corresponding to the card to the input terminal. In other words, since the user's own input screen for the user to select and input as the password is displayed on the input terminal, even if a third party picks up the card and tries to select and input the password, the input screen when the password is input is displayed. Is completely different,
It becomes difficult for a third party to select and enter the password, and it is difficult to guess.

Further, in addition to each of the above-mentioned inventions, another invention further comprises a conversion from data to specific authentication information including at least a numeral in the authentication information conversion step, and a conversion from the data to other authentication information. As described above, a conversion changing step for automatically changing the authentication information converting step is provided.
Therefore, for example, if the conversion result at the time of converting the data into the authentication information by the conversion changing step is made different, it becomes difficult to misuse the authentication information even if a third party steals the authentication information, It is possible to further enhance safety.

Further, in addition to the above-mentioned invention, another invention further comprises a data changing step for changing the data selectively input to the input terminal according to the wish or need of the user. In this way, the data changing step enables the user to appropriately change the data to be selectively input to the input terminal. As a result, even on the user side, it is possible to improve the security against the theft of data used as a password.

Still another aspect of the present invention is that an input terminal for use in a data input / authentication system connected to a main server via a network is used for inputting data by operating a user to perform selection input for authentication. Authentication information input means for selectively inputting as a password or ID, authentication information conversion means for converting the data selectively input by the authentication information input means into specific authentication information including at least numbers, and authentication converted by the authentication information conversion means And a terminal side transmitting means for transmitting information.

Therefore, when data is selected and input as a password or ID into this input terminal, this data is converted by the authentication information conversion means into authentication information containing numbers. Thereby, if the converted authentication information is transmitted by the terminal side transmitting means, the main server side can perform the conventional authentication. Further, since the data is selected and input instead of the password or the ID, when the data is an image, for example, the password or the ID can be set to a combination of desired images. be able to. In particular, even if the elderly person or the like is not confident in their own memory, once the password or ID is set, it becomes possible to easily remember it.

In addition, it is possible to reduce the number of passwords or IDs associated with one's own telephone number, date of birth, etc., which has conventionally occurred. Thus, even if another person tries to steal the password or ID, it is possible to prevent the other person from stealing by setting the password or ID with a combination of images or the like that is difficult for the other person to distinguish.

According to another aspect of the invention, in addition to the above-mentioned aspect, the authentication information converting means converts each piece of data in correspondence with the authentication information containing one or a plurality of numbers. By doing so, when one piece of data is selected and input by the input terminal, this one piece of data is converted into authentication information including one or a plurality of numbers. Then, when the data is transmitted from the input terminal to the main server side through the network by converting the data into the authentication information,
It is easier to send the data than to send the data directly. In addition, by converting the authentication information including numbers, the data can be stored on the main server side, the data can be transmitted to the main server, and the collation can be performed faster than when the data are collated. It will be possible.

Further, in another invention, in addition to the above-mentioned invention, the authentication information converting means converts the selectively input data string in correspondence with the authentication information of the string including one numeral. . By doing so, the selected and input data string is converted into the authentication information of the column including one number, so that it is possible to freely set the authentication information of the column including the number obtained by converting the data string. It is possible to improve the degree.

Further, it becomes difficult to understand the alphanumeric string after conversion, and it becomes possible to further prevent the theft of others.
Furthermore, by converting the data into alphanumeric characters, when the data is transmitted from the input terminal to the main server side via the network, it becomes easier than when the data is directly transmitted. Also, by converting to a column containing numbers,
The data can be stored on the main server side, the data can be transmitted to the main server, and the data can be collated with each other faster than the collation.

According to another invention, in addition to the above-mentioned inventions, an input data determining means for selecting / determining the data to be selectively input as a password or an ID prior to the selective input of the data by the authentication information input means. In addition to having
When selecting and inputting the data as the password or ID, the password or ID is used together with the password or ID.
In order to disclose false data different from the data as D, a false data determining means for selecting and determining appropriate false data is provided.

As described above, by providing the fake data determining means for selecting and determining the fake data, the user can only discriminate the data that the other person selectively inputs as the password or the ID, but the other person discriminates the data. It is possible to set it so that it cannot be performed. For example, if you set the password and ID only with the images of your own children and grandchildren,
Images other than the images of your child or grandchild are selected and input as false data. This makes it easy for the user to remember the password or ID, although it is difficult for the other person to be discriminated, and it is possible to reduce the risk of forgetting. That is, it is possible to improve the security of the data selectively input as the password or the ID.

Further, in another invention, in addition to the above-mentioned inventions, a card reading means for inserting a card and reading the information written on the card is further provided, and the information written on the card is read. It is characterized in that it is used as a substitute for the ID, and further, data as a password is selectively input.

In this way, the card is inserted into the input terminal,
By reading the information written on this card by the card reading means and using it instead of the ID, it becomes unnecessary to select and input the ID, and the user only has to perform the work of selecting and inputting the data as the password. . This reduces the work performed by the user.

When a card is used, the information written on the card is read to immediately access the customer database for each card owned by the user.
Then, when this customer database is accessed, it is possible to extract the fake data and the password input data corresponding to the card to the input terminal. In other words, since the user's own input screen for the user to select and input as the password is displayed on the input terminal, even if a third party picks up the card and tries to select and input the password, the input screen when the password is input is displayed. Is completely different, it is difficult for a third party to select and enter the password,
Moreover, it is difficult to guess.

According to another aspect of the invention, in addition to the above-mentioned aspect, the conversion from data to specific authentication information including at least a numeral by the authentication information conversion means is conversion from the data to other authentication information. As described above, the conversion changing means for automatically changing the authentication information converting means is provided. Therefore, for example, if the conversion result at the time of converting the data into the authentication information by the conversion changing unit is made different,
Even if a third party steals the authentication information, it becomes difficult to misuse the authentication information, and the security can be further enhanced.

Further, in addition to the above-mentioned invention, another invention further comprises a data changing means capable of changing the selectively input data according to the wish or need of the user. In this way, the user can appropriately change the data to be selectively input to the input terminal by using the data changing unit. As a result, even on the user side, it is possible to improve the security against the theft of data used as a password.

[0054]

BEST MODE FOR CARRYING OUT THE INVENTION An embodiment of the present invention will be described below with reference to FIGS. 1 to 9. Note that this embodiment is an embodiment in the case where the user has a card such as a cash card.

FIG. 1 is a schematic diagram showing the structure of a data input authentication system 10 of the present invention. In this figure, a data input authentication system 10 has an input terminal 11 for a user to select and input and store a password. The input terminal 11 causes the card 20 possessed by the user to be read by the card reading means 12 included in the input terminal 11. The input terminal 11 equipped with the card reading means 12 (see FIG. 2) includes, for example, ATM (automated tellers machine) terminals of banks, various credit cards, and CD terminals (cash) for cashing with various membership cards. There is a dispenser).

This input terminal 11 is, as shown in FIG.
A card reading unit 12 such as a card vendor that reads the information written on the card 20, a banknote unit 13 that can store the banknotes inside and out of the banknotes, and a coin that stores the coins inside and the coins. Coin unit 14 capable of moving in and out, a receipt printer 15 issuing a receipt notifying the user of the deposit / withdrawal status, an open / close sensor, an impact sensor, a temperature sensor, a fusing sensor, a background noise sensor, and a proximity sensor. And various sensors 16, a display 17 that a user operates while looking at the screen, a computer unit 18 that is connected to all of these to perform control, and image data (hereinafter, simply referred to as an image) while the user looks at the display 17. Input section 19 as an authentication information input means for selecting / deciding. It is provided.

The input unit 19 may be of a touch panel type integrated with the display 17. Alternatively, the image displayed on the display 17 may be selected and determined by using, for example, an arrow key or a numeric keypad.

Further, the input terminal 11 is provided with a dedicated line 21 as a network such as ISDN or analog,
It is connected to the host computer 22. The host computer 22 is further connected to a main server 23 that manages the entire financial institution such as a bank. As a result, the money deposit / withdrawal information by operating the input terminal 11 is stored in the host computer 22, which is an intermediate path, and further stored in the main server 23.

Of these, the computer unit 18 is
It has a function equivalent to that of an ordinary personal computer or workstation, and its configuration is, as shown in FIG. 3, a program section 30 and a database section 31.
An interface unit 32 for connecting to an external device or an external line, a control unit 33, and a data storage unit 34 for temporarily storing various data.

Of these, the program unit 30 is designed so that a micro-compact processor, a storage unit such as a ROM, a RAM, a hard disk, and the like cooperate to carry out its function.

Here, the program section 30 is provided with the AT
A terminal program 40 for operating the M terminal, an encryption program 41 functioning as a part of encryption means for performing encryption when transmitting information, and information transmission / reception with an external host computer 22 or the like. A transmission / reception program 42 as a part of the terminal-side transmission means for performing, a determination program 43 for determining whether a bill or coin is genuine, a deposit / withdrawal processing program 44 for depositing / dispensing money, and a screen of the display 17. A screen program 45 for displaying a predetermined image on the screen is stored.

Further, in the program section 30, a conversion program 46 as a part of the authentication information conversion means for converting the image data as the data selected and input by the user into the numerical authentication information, and the password for the first time. A password deciding program 47 as an input data deciding means for selecting and deciding, and a pallet 100 consisting of an image for entering a password to be displayed on the display 17 by inserting the card 20 and an image as fake data (see FIG. 7).
In order to change the image to be selected and input as the password in the input terminal 11, the display image determination program 48 as the false data determination means for selecting and determining the image as the false data other than the password is created for the first time. Data changing program 49 functioning as a part of the data changing means and the overwriting program 50 (details will be described later).
Is stored.

In addition to the programs listed above, a separate program may be provided. Further, the listed programs may be integrated as necessary.

Further, the database section 31 has a screen display database 6 to be displayed on the screen of the display 17.
0, an anti-counterfeiting database 61 that stores information about the authenticity of banknotes and coins, and an image database 62 for displaying and selecting an image initially set by the user as a password are provided. The image data stored in the image database 62 is classified into folders for each category as shown in FIG. In this folder, for example, "animals and plants", "people", "vehicles", "food", "scenery", etc. are classified.

Inside the folder for each category, various image data classified into that category are stored. It should be noted that a folder may be further subdivided inside the folder to have a hierarchical structure of several layers. In addition to the above-mentioned folders, the user also sends and stores the image data that he or she owns.
You may make it have a folder.

Further, even for image data in the same category, different image data may be prepared for each user, and a password may be selected based on the folder. In this case, since the image displayed when selecting and inputting as a password differs for each user, it becomes difficult to infer the password of a third party from the image selected as a password by a specific person, It will be more preferable.

The encryption program 41 selects an image as a password, and thereafter, the conversion program 46 converts the password to obtain a numerical password as authentication information. The ID / card number used is encrypted. After performing such encryption, the encrypted information is transmitted via the dedicated line 21.

The conversion program 46 converts the image data designated as the password into numbers. This conversion is performed by a method in which numbers are associated with image data in a one-to-one correspondence as shown in FIG. 5A, or as shown in FIG. There are a method of making correspondence with a pair n), and a method of creating a numeric string from a combination of selected image data as shown in FIG. 5C. As a modification of 1 to n in FIG. 5B, a method may be used in which the numbers and the image data correspond to each other n to 1.

First, in the method of associating the numbers with the image data in a one-to-one correspondence or a one-to-n correspondence, the corresponding numbers are designated when selecting the image data as the password. However, instead of such a method, when the image data as the password is selected or after the selection, a random number may be assigned to each image data. This number does not necessarily have to be a decimal number, but may be a hexadecimal number or, in some cases, a higher number.

Further, in a method of creating a numeral string from a combination of selected image data, there is a method of generating a numeral string from the selected image data string by using, for example, a predetermined function. It should be noted that the method in which the numbers correspond to the image data in a one-to-one or one-to-n manner and the method in which the number sequence is generated from the sequence of the image data may coexist.

It should be noted that the image data and the numbers are in a one-to-one or one
In the method of making correspondence with the pair n, each of the correspondences may be stored in the correspondence database (not shown) of the input terminal 11. In this case, conversion program 4
6 refers to this corresponding database and converts the image data into numbers. Further, in this case, only predetermined image data whose correspondence with numbers is clear is used.

Here, when converting the image data designated by the conversion program 46 into numbers, the correspondence between the numbers and the image data is changed as appropriate, or the function is changed to change the generation of the number string. Preferably. The way of generating the number string is changed by changing the function of the conversion program 46 or the conversion program 46 itself.

This change is performed by downloading a new conversion program 46 by, for example, an ASP (Application Service Provider) method and performing an overwrite installation of the conversion program 46. Alternatively, the conversion program 46 may be upgraded by storing the new conversion program 46 in a recording medium such as a CD-ROM and then causing the computer unit 18 to read the recording medium.

Further, the conversion program 46 is stored in the program section 30 and the conversion program 46 is started by appropriately activating the overwrite program 50.
May be changed. In this case, the overwriting program 50 functions as a part of the conversion changing unit.

A detailed description of the other programs will be given in the operation of the data input authentication system 10 described later.

FIG. 6 shows the configuration of the main server 23. The main server 23 is provided with a customer database 70 that stores deposit information for each user. The customer database 70 stores user deposit information and the like as customer data for each user, and also stores password information regarding the user. The password information stores a numerical string corresponding to the image data designated by the user.

When the number string is changed by changing the function of the conversion program 46 or the like, the password information of the customer data in the customer database 70 is updated corresponding to the change.

The main server 23 is also provided with a program section 80. In addition, the interface 81 and the data storage unit 8 are the same as those of the input terminal 11 described above.
2. A control unit 83 is provided.

The program section 80 includes a server program 90 for activating the main server 23 and a verification program 9 which functions as a part of the authentication information verification means.
1 and a transmission / reception program 92 which receives the card information and the password information transmitted from the input terminal 11 and functions as a part of the server side transmission means for transmitting the collated result to the input terminal 11. Remembered

Further, in the main server 23, when the deposit information in the customer database 70 is updated, an update program 93 for updating the contents, a search program 94 for searching the customer database 70, and various data. In order to ensure safety, input a defense program 95 such as various firewalls, and a pallet 100 (see FIG. 7) consisting of an image for entering a password to be displayed on the display 17 by inserting the card 20 and an image as fake data. An encryption program 96 as an encryption means for encrypting the palette 100 when transmitting to the terminal 11,
Is remembered.

In addition to the above, various programs are stored in the main server 23 as needed. Further, in the program unit 90 as well as the above-described program unit 30, a microminiaturized arithmetic processing device, a storage unit such as a ROM, a RAM, a hard disk, and the like cooperate to carry out its function.

Next, the user's operation in the data input authentication system 10 having the above configuration will be described mainly with reference to FIGS. 8 and 9.

First, when using the data input authentication system 10, the user needs to set a password consisting of image data as data. The setting of this password is performed by the image data selected by the user, and this flow is shown in FIG. In this case, the password determination program 47 is first activated (step S1). Then, the password determination program 47 is activated, and an image as a favorite password is selected from the images displayed on the display 17 (step S2).

In setting the password, first, a desired folder is selected from the folders shown in FIG. 4 listed on the screen. Then, the image data stored in the designated folder is displayed in a list. In this state, the images that are one element of the password are designated from among the images that are listed.

Here, there are cases where the user wants to set the image data uniquely possessed by the user as one element of the password. In this case, for example, the folder displayed as "personal" is clicked. After that, a recording medium in which image data is stored is inserted into a recording medium insertion opening (not shown) attached to the input terminal 11, and the input terminal 11 is made to read the image data recorded in the recording medium. Then, the image read by the input terminal 11 is displayed on the display 17, and an image to be set as a password is selected and designated from the displayed image.

By pressing or touching the corresponding number from the image displayed on the display 17, the number corresponding to the selected image is designated.
That is, when displaying an image in a favorite folder or an image in a recording medium, the images are displayed in units of, for example, 10 and the images are made to correspond to the buttons "0" to "9". By selecting the image data, the password as a numeral is also selected. In the case of the touch panel type, a number corresponding to each displayed candidate image is displayed. In this way, when selecting an image serving as a password, the numeric string of the password is also determined. This number string is associated with each image by the conversion program 46. The user can also remember the password consisting of a numerical string.

The method of setting the image uniquely owned by the user as one element of the password is not limited to the method of reading from the above-mentioned recording medium, and for example, the personal computer possessed by the user via the Internet. A method of transmitting image data which is one element of a password from a computer or an information terminal, a method of reading a photograph or a picture with a reading means such as a scanner, and setting the read image data as one element of the password. There are various methods.

After the image to be the password is designated, the image to be displayed on the pallet 100 is selected and input as shown in FIG. 7 for selecting the password at the input terminal 11 (step S4). This is because when you select and enter a password, if you open the folder where the password exists one by one and specify the password, it may take time, so it is only displayed when selecting and entering the password. The pallet 100 is set.

In this case as well, as in the case of the password described above, first, a desired folder is selected from the folders listed on the screen. Then, the images stored in the specified folder are displayed in a list. In this state, the images displayed on the palette 100 are designated from the images displayed in a list.

The designated image is image data other than the image data selectively input as the password, and is false data. However, when a large amount of image data is selected and input as the password and covers all the elements of the image data of the palette 100, it is not necessary to select and input the false data.

Even in the case of the image data selectively input as the password, for example, the image data specified first is the image data of 1 and the image data specified next is 5
Image data selected as a password other than the first designated image data of 1 and the image data selected as a password other than the designated 5 image data of 5 are also false data. Become.

As an example of the above selection, for example, an elderly person can display a lot of pictures of the faces of children on the password selection screen, and set the faces of several grandchildren of them as passwords. Although it cannot be discriminated by others, it can be configured so that the user can immediately select and input the password. Also, from among various categories, only the ones the person likes may be set as the password, and the ones other than the favorite one may be set as the elements of the image data of the other palette 100.

The elements of the image data other than the password displayed on the palette 100 may be automatically selected. In this case, the user sets a password and then presses a button (automatic selection button or the like) for automatically creating the pallet 100. Thereby, the elements of the image data of the palette 100 other than the password are automatically selected. In this selection, for example, when the password is selected only from the image data of the “car” category, the password selection display image is preferably selected from the “car” category. .

In addition, the pallet 10 that has been automatically selected once
When it is desired to change the elements of the image data other than the 0 password, the button for automatically selecting the password selection display image is pressed again. Then, the palette 100 including elements of different image data is displayed this time. Again, palette 10
When it is desired to change the elements of the image data other than the 0 password, the operation of pressing the button is repeated.

After the selection of the image data elements other than the password of the palette 100 is completed, the user confirms whether the image as the password or the image of the palette other than the password is appropriate (step S4). As a result of this confirmation, if the user recognizes that the password is appropriate, the image data of the password and the display image data of the palette are stored (step S5). This memory is stored in the customer database 70 of the main server 23. Also,
As a result of confirmation, if the user recognizes that it is not appropriate,
The process returns to the selection of the password image (step S2) again.

It is not always necessary to create the pallet 100, and the user may open each folder and select the image for the password existing in each folder when selecting and inputting the password.

When a random number is assigned to each image data, or when a number string is created from a combination of image data as shown in FIG. 5 (c), at the stage when all the images for the selected password are prepared, A password consisting of a numerical string of passwords is displayed on the display 17 and presented to the user. Thereby, the user can store or record the password. Not only a string of numbers, but also a combination of numbers and symbols such as “#” and “*”, a combination of numbers and alphabets, a combination of alphabets and symbols, alphabets or symbols only. A column consisting of
Alternatively, the row may be a combination of all of these.

After the setting of the password and the setting of the password selection display image are completed, the normal input terminal 1
The operation No. 1, that is, the operation by selecting and inputting the password is enabled. The flow of the password selection input operation will be described with reference to FIG. In this case, first, the card 20 such as a cash card is inserted from the card insertion port 11a of the input terminal 11.

Then, the card reading means 12 reads the information such as the card number written on the card 20 (step SS1), and the information is transmitted to the main server 23 (step SS2).

When the personal information is transmitted to the main server 23, the retrieval work is executed by the retrieval program 95 in the main server 23 based on the personal information. And
Customer database 7 in which relevant personal information is stored
The image data of the pallet 100 of 0 is extracted (step SS3), and the image data is transmitted / received by the transmission / reception program 9
2 to the input terminal 11 side (step SS
5).

In the extraction of the image data from the customer database 70, the data of the pallet 100 is extracted from the customer database 70 and the encryption program 9
The data is encrypted by 6 (step SS4) and then transmitted by the transmission / reception program 92.

As a result, the palette 100 is displayed on the display 17 on the input terminal 11 side (step SS6). That is, the user can immediately perform the password selection input operation from the pallet 100 displayed on the display 17 without performing the operation of selecting and opening the folder. As shown in FIG. 7, a touch panel method is used to display 10 or more images, and a touch panel method or selection buttons 0 to 9 are prepared to display 10 or 9 or less images. Here, in the case of the button method, the number of the button corresponding to the image does not correspond to the number of the password as described above.

When the user performs the password selection work (image selection work) and this is detected (step S
S7), the conversion program 46 is started. Then, the conversion program 46 converts the sequence of image data selected and input as the password into a sequence of numbers (step SS8). The state of this conversion is as shown in FIG. 5 described above. Next, the converted number string is encrypted by the encryption program 41 (step SS9). An example of this encryption method is a public key / secret key method using a hash function.

After the encryption is applied to the numeral string, the transmission / reception program 42 of the computer unit 18 is started, and the numeral string is sent to the host computer 2 through the dedicated line 21.
It is transmitted to the main server 23 via 2 (step SS10). After this transmission, the main server 23 activates the collation program 91 to activate the customer database 70.
It is checked whether or not the password matches the password stored in it (step SS11). The collation result is transmitted from the main server 23 to the input terminal 11 via the host computer 22 by the transmission / reception program 92 (step SS12).

Then, the input terminal 11 which has received the collation result
Then, the collation result is confirmed (step SS1).
3). If they match, the user can operate the input terminal 11 to withdraw cash from the input terminal 11 (step SS14). When the collation is not performed, the password of the image data is input again on the display 17.

When depositing cash, it is not necessary to input the password as it is, but the password may be selectively input. The above is an example of using the card 20.

According to the data input authentication system 10 having such a configuration, when the image as the password is selectively input to the input terminal 11 after the card 20 is inserted into the card insertion slot 11a or the like, the image data of this image is converted into a conversion program. By 46, it is converted into the authentication information of the numerical string.

As a result, if the input terminal 11 sends the converted authentication information to the main server 23 by the transmission / reception program 42 in the computer unit 18, the main server 23 side authenticates based on the password of the conventional numeric string. Can be done. Further, on the input terminal 11 side, an image is selected and input as the password, so that the password can be set by a combination of the favorite images selected by the user himself. For this reason, the password is easy to remember, and once remembered, it is hard to forget.

Particularly in a situation where a large number of people have a plurality of cards 20 as in recent years, the easiness of remembering and forgetting a password is very effective. In addition, even in the present and future aging society and the like, it becomes possible to use a password that can be easily remembered by an elderly person who is not confident in his memory.

Further, it is possible to prevent setting a password associated with one's own telephone number, date of birth, etc. as in the conventional case. As a result, even if another person tries to steal the password, only the holder of the card 20 can discriminate it, but it is possible for another person to set the password with a combination of images or the like that is difficult to discriminate. By doing so, it becomes possible to prevent the password theft of another person. Further, if necessary, the password of the numerical string can be used as it is, and the speeding up of the input is not impaired.

Furthermore, also for the main server 23 side,
Although the burden of storing the image data in the customer database 70 is increased, since the verification is performed with the password of the numeral as in the conventional case, the load generated on the main server 23 side does not increase so much and the large-scale system can be used. No changes needed. That is, the present invention can be implemented at low cost.

In the conversion program 46, one image data may be converted so that one or a plurality of numbers correspond to each other.
Alternatively, the conversion may be performed so that one number string corresponds to one. When conversion is performed so that one number string corresponds to each image data, the conversion can be easily executed. Further, when conversion is performed so that one number string corresponds to one column of image data, it is possible to freely set the number string obtained as the conversion result of the image data string. It is possible to improve the degree of freedom. Further, it becomes difficult to understand the converted number string, and it becomes possible to further prevent the plagiarism of others.

By converting the image data into the numerical data by using the conversion program 46, the load and time required for data transmission from the input terminal 11 to the main server 23 through the dedicated line 21 are reduced. Therefore, it becomes easy to transmit. In addition, when the collation program 91 on the main server 23 side is used for collation, the collation can be performed earlier than when collating image data with each other.

Further, since the password determining program 47 determines the password and the display image determining program 48 for determining the image to be displayed on the screen as the false data is stored, the user can input the image selected and input by another person as the password. It is possible to set so that only the user can make a distinction, but other people cannot make a distinction. As an example, when the password is set only by the images of one's own children and grandchildren, an image other than the images of one's own children and grandchildren is selected as false data and the palette 100 is selected and input.
To create. If such a setting is made, it will not be possible for other people to distinguish it, and the password can be remembered immediately by itself while keeping the confidentiality and security as a password, reducing the risk of forgetting. Is possible.

Further, since the input terminal 11 inserts the card 20 and reads the information written on the card 20, it is not necessary to select and input the ID and the like, and only the work of selecting and inputting the image data as the password is required. The user should do this. This reduces the work performed by the user.

When the card 20 is used, the image data corresponding to the card 20 is stored in the customer database 70, and when the information written on the card 20 is read, the data for each user is immediately saved. The customer database 70 corresponding to the card 20 can be accessed.
And when this customer database 70 is accessed,
Corresponding to the card 20, a pallet 100 including fake data and image data for password input is input terminal 11
Can be pulled out.

That is, when the user selects and inputs the password, the pallet 100 for selection and input unique to the user.
Is displayed on the input terminal 11. Therefore, even if a third party picks up the card 20 and tries to select and input the password, the pallet 100 displayed when selecting and inputting the password is completely different from that of the third party. It becomes difficult to select and input, and it becomes difficult to guess the password.

Furthermore, by providing the encryption programs 41 and 96, a third party in the middle of the network can illegally use the palette 100 made up of fake data and image data for selecting and inputting the password, and the password of the numerical string. Even if it is obtained, it cannot be used by an unauthorized third party because it is encrypted. Thereby, it becomes possible to improve the safety at the time of data transmission from the main server 23.

Further, when the overwrite program 50 is used, for example, the overwrite program 50 is regularly executed.
If you re-install the conversion program 46 with,
The conversion result when the image data is converted by the conversion program 46 is different. As a result, even if a third party steals the password of the numerical string, it becomes difficult to misuse it for a long time, and it becomes possible to further enhance the security. It should be noted that when the conversion program 46 is converted, the password of the numerical string obtained by the new conversion program 46 may be changed and then displayed on the display 17 at the first use to notify the user.

When the data change program 49 is used, the image selectively input as the password can be changed as appropriate. As a result, even on the user side, it is possible to improve security against theft of image data used as a password.

Although one embodiment of the present invention has been described above, the present invention can be variously modified in addition to this. For example, in the above-described embodiment, a case has been described in which the password selection input pallet 100 that is displayed at the time of password selection input is set for each user. Alternatively, the pallet 100 may be fixedly displayed in advance, and the password may be selectively input from the screen display of the pallet 100 thus determined.

Further, the use of the card 20 is not always necessary, and an ID or the like may be selectively input instead of the card 20. In the case where the card 20 is not used, when the personal computer is connected to the Internet to perform authentication when connecting to the provider, for example,
There are cases where various kinds of contents are provided to members using the Internet, cases where web shopping is carried out, cases where personal computers, mobile phone terminals, etc. are set to the secret mode.

In this case, an ID for identifying an individual is selected and input instead of the card 20. And
In order to authenticate whether or not the individual is authentic, it is necessary to select and input the ID or select and input the ID and the password. Note that I
Besides D, an individual's name may be selectively input.

Here, the method of selectively inputting the ID and password is, as one of them, the case of selecting and inputting only numbers when the ID is selectively input. In this case, after selecting and inputting the ID with a numeral, the ID is transmitted to the same server as the main server 23 on the service provider side via the Internet or the like, or accessed to the hard disk of the personal computer. And
After this, the pallet 100 for password selection input for selectively inputting an image as described in the above-described embodiment is displayed. The following process is similar to the above case.

As another one, the ID is also used to select and input an image like the password. In this case, the configuration required when selecting and inputting the password is also required when selecting and inputting the ID. In this case, the pallet 100 including the images enumerated for selecting and inputting the ID and the pallet 100 including the images enumerated for selecting and inputting the password may be common or separate. The process of selecting and inputting an image when selecting and inputting an ID is the same as the above-described case of selecting and inputting a password as image data.

Further, in the above embodiment, the case where the password is set by using the image data as the data has been described, but the password may be set by a combination of, for example, music other than the image data. .

Further, it is also possible to use a combination of languages of various countries such as Japanese (Hiragana, Kanji, Katakana), Russian, Korean, etc., or a combination of languages of a plurality of countries. For example, a lover's name “Example; Yamada Hanako” is set as a password, or a dog name “Example: Pochi” is set as a password, and the corresponding numeral is, for example, “21”.
96762 ". In such a case, the titles such as "lover" and "dog name" are displayed on the selection screen of the display 17.

Further, for example, a character string formed by a combination of title names of movies, music, games, etc., or a character string formed by a combination of person names may be used as the password. When setting a password with a combination of these title names or personal names, make a number correspond to one cylinder of the title name or personal name, or generate a numeric string from the title name column or the personal name column. May be. That is, not only image data but also various data such as music data can be used as the password.

As another password, for example, by selecting the action on the screen in the moving image data having the story property, the moving image story may be used as the password. As an example, a case will be described in which a baseball category is selected and a certain baseball attack is set as a password. In this case, it is assumed that the batter first appeared in the video. Then, the action of the batter is selected from among “struck out”, “foreball”, “hit”, “second home run”, “third home run”, “home run” and the like.

When "hit" is selected, for example, the next action of the runner is selected from "hit end run", "steal base", "does not move", and the like. Also, as the action of the next batter, as in the above, "struck out",
Select from among "foreball", "hit", "second home run", "third home run", "home run", etc.
This is repeated until the attack for one time ends or until an appropriate middle part of the time. If you select in this way, even if it is video data in the same category,
Since each person has different selections, each person has a different movie story. Authentication can be performed using moving image data having different story characteristics for each person, as in the case of the image data described in the above-described embodiment.

Further, voice data such as conversation may be set as the password as in the case of the moving image data. For example,
When Mr. A and Mr. B are talking, the category to which the conversation belongs is first selected, and then the story of Mr. A is selected.
Next, the story of Mr. B corresponding to the story of Mr. A is selected. In this way, the conversation between A and B is established. Even when voice data such as this conversation is used as a password, different users make different selections, so that different conversations are formed. Therefore, the voice data of this conversation is used to describe the above-mentioned embodiment. Authentication can be performed as in the case of image data.

The storylines can be applied not only to the above-mentioned moving image data and audio data but also to the case of inputting the image data described in the above-mentioned embodiment. For example, the password may be formed by selectively inputting each frame of the four-frame cartoon.

Further, in the above-mentioned embodiment, the case where the user input screen for selecting and inputting the password unique to the user is displayed in the customer database 70 has been described.
As shown in FIG. 10, a system may be used in which the pallet 100 displayed on the display 17 is sequentially changed every time a password is entered (in the example shown in FIG. 10, pallet 1 to pallet 4).

Further, the authentication does not always have to be performed by the main server 23, and the terminal such as the input terminal 11 may perform the authentication. When performing authentication on the terminal side, the collation program 91 described above exists on the terminal side such as the input terminal 11. Further, the part of the customer database 70 relating to the authentication of the customer data exists on the terminal side such as the input terminal 11.

In addition, in the above-described embodiment, the input terminal 1
The case of performing authentication by the computer unit 18 or the main server 23 of No. 1 has been described. For example, an IC card is used, and the conversion program 46,
At least one function of the matching program 91 and the specific customer data of the customer database 70 may be divided and provided.

In this case, since the above-mentioned program and data are independently stored in the IC card in a state where the functions are divided from those of the computer unit 18 and the main server 23, the data can be read from this IC card. It is possible to improve the processing speed of the collation work using the password. The programs and databases stored in the IC card are not limited to those described above,
It may exist in the computer unit 18 and the main server 23 within a possible range.

Further, in the above-mentioned embodiment, the private line 2
Although the case of using 1 has been described, the communication line other than the dedicated line 21 may be used.

Further, in the above embodiment, the case where the image data is converted by the conversion program 46 to generate the numerical password has been described, but the numerical password may be linked with the image data. In this case, it is possible to convert a numeric password into image data, as opposed to creating a numeric password by converting the image data described above. In the case of changing from a numeric password to image data, a method in which numbers are associated with image data in a one-to-one or one-to-n (or n-to-1) manner, or a method of generating a sequence of image data from a number sequence But good.

Besides, various modifications can be made without departing from the scope of the present invention.

[0140]

According to the present invention, when data is selected and input as a password or ID in the input terminal, this data is converted into alphanumeric authentication information by the authentication information conversion means. Thereby, if the converted authentication information is transmitted by the terminal side transmitting means, the main server side can perform the conventional authentication. In addition, since data is selectively input on the input terminal side instead of a password or ID, if the data is an image, for example, the password or ID can be set to a combination of images of interest, so it is easy to remember and easy to forget. It can be a password or ID. In particular, even if the elderly person or the like is not confident in their own memory, once the password or ID is set, it becomes possible to easily remember it.

In addition, it is possible to reduce the password or ID associated with one's own telephone number, date of birth, etc., which has conventionally occurred. Thus, even if another person tries to steal the password or ID, it is possible to prevent the other person from stealing by setting the password or ID with a combination of images or the like that is difficult for the other person to distinguish. Further, since the main server side stores the conventional alphanumeric password, it is not necessary to make a large-scale system change on the main server side, and the present invention can be implemented at low cost.

[Brief description of drawings]

FIG. 1 is a schematic diagram showing a configuration of a data input authentication system according to an embodiment of the present invention.

FIG. 2 is a schematic diagram showing a configuration of an input terminal in the data input authentication system of FIG.

FIG. 3 is a diagram showing an outline of a functional configuration of a computer unit in the input terminal of FIG.

FIG. 4 is a diagram showing an example of classification of folders for each category in the data input authentication system of FIG.

5 is a diagram showing an image when conversion is performed using a conversion program in the data input authentication system shown in FIG. 1, and FIG.
(B) is a case where images and numbers correspond to each other in a one-to-n manner, (c)
Indicates a case where one image sequence is converted into one number sequence.

6 is a diagram showing an outline of a functional configuration of a main server in the data input authentication system of FIG.

7 is a schematic diagram showing a pallet for selecting and inputting a password, which is displayed on the input terminal, in the data input authentication system of FIG.

8 is a flowchart showing a procedure for setting a password and an image displayed on a palette in the data input authentication system of FIG.

9 is a flowchart showing a procedure for inputting a password consisting of image data using a card and performing authentication in the data input authentication system of FIG.

FIG. 10 is a diagram related to a modified example of the present invention and showing how a palette is sequentially changed every time one password is selected and input.

[Explanation of symbols]

10 ... Data input authentication system 11 ... Input terminal 12 ... Card reading unit 18 ... Computer unit 19 ... Input unit (authentication information input unit) 20 ... Card 21 ... Dedicated line (network) 23 ... Main server 30 ... Program unit 31 ... Database Part 32 ... Interface part 33 ... Control part 34 ... Data storage part 41 ... Encryption program (part of encryption means) 42 ... Transmission / reception program (part of terminal side transmission means) 45 ... Screen program 46 ... Conversion program ( Part of authentication information conversion means 47 ... Password determination program (part of input data determination means) 48 ... Display image determination program (part of false data determination means) 49 ... Data modification program (part of data modification means) 50 ... Overwriting program (part of conversion changing means) 62 ... Image database 70 ... (part of the authentication information collation means) customer database 80 ... program portion 91 ... matcher 92 ... (part of the server-side transmission unit) transceiver Program (part of the encryption means) 96 ... encryption program 100 ... Palette

Claims (23)

[Claims] 1. A user operates an input terminal to perform selection input for authentication, and the input terminal is connected to a main server via a network, and the main server authenticates the user and provides the user with the authentication information. In a data input authentication system for managing information related to services, an authentication information input means is provided in the input terminal for selectively inputting data as a password or an ID in the input terminal, and the authentication information input is provided in the input terminal. Authentication information conversion means for converting the data selectively input by the means into specific authentication information including at least a number; and terminal side transmission means provided in the input terminal for transmitting the authentication information converted by the authentication information conversion means And the authentication transmitted from the terminal side transmission means provided in the main server Authentication information collating means for receiving and collating information, and server-side transmitting means provided in the main server for transmitting the collation result of the authentication information collating means to the input terminal. Data entry authentication system. 2. The data input authentication system according to claim 1, wherein the authentication information conversion means converts each piece of data in correspondence with authentication information containing one or more numbers. 3. The data input authentication system according to claim 1, wherein the authentication information conversion means converts the selected and input data string in correspondence with the authentication information of the string including one numeral. 4. An input data deciding means for selecting and deciding data to be selectively inputted as a password or an ID prior to the selective input of the data by the authentication information input means, and the data as the password or the ID is provided. When selecting and inputting, in order to disclose false data different from the data as the password or ID together with the password or ID, a false data determining means for selecting and determining appropriate false data is provided, and the password and the password The data input authentication system according to any one of claims 1 to 3, wherein the fake data is stored in a customer database provided in the main server. 5. The data input authentication system according to claim 4, wherein when the fake data and the password input data are transmitted by the server side transmission means, the encryption means performs encryption. 6. The input terminal comprises a card reading means for inserting a card to read the information written on the card. By reading the information written on the card, the input terminal is used as a substitute for the ID. The data input authentication system according to any one of claims 1 to 5, wherein the main server performs authentication by selecting and inputting data as a password. 7. The conversion by the authentication information conversion means from the data to specific authentication information including at least a numeral,
7. The conversion changing means for automatically changing the authentication information converting means so as to convert the data to other authentication information, according to any one of claims 1 to 6. Data entry authentication system. 8. The data changing unit according to claim 1, further comprising a data changing unit capable of changing data to be selectively input to the input terminal according to a user's desire or need. Data entry authentication system. 9. A user operates an input terminal to perform a selective input for authentication, and the input terminal is connected to a main server via a network, and the main server authenticates the user and provides the user with the user. In a data input authentication method for managing information related to services, an authentication information input step of selectively inputting data as a password or an ID at the input terminal, and authentication information including at least a numeral for the data selectively input by the authentication information input step. To the main server, the authentication information conversion step of converting to the authentication information conversion step, the terminal side transmission step of transmitting the authentication information converted by the authentication information conversion step to the main server, and the authentication information transmitted by the terminal side transmission step The verification result of the verification information verification process and the verification information verification process Data input authentication method characterized by comprising a server-side transmission step of transmitting the force terminal. 10. The data input authentication method according to claim 9, wherein, in the authentication information conversion step, each data is converted by being associated with authentication information including one or a plurality of numbers. 11. The data input authentication method according to claim 9, wherein in the authentication information conversion step, the selected and input data string is converted in correspondence with the authentication information of the string including one numeral. 12. An input data determination step of selecting / determining data to be input as a password or ID is provided prior to the selective input of data in the authentication information input step, and the data as the password or ID is selected. In order to disclose fake data different from the data as the password or ID together with the password or ID when inputting, a fake data determination step of selecting and determining appropriate fake data is provided, and the password and the fake The data input authentication method according to claim 9, further comprising a storage step of storing data in a customer database provided in the main server. 13. The data input authentication method according to claim 12, further comprising an encryption step of performing encryption when the fake data and the password input data are transmitted by the server side transmission step. 14. A card reading step of reading the information written on the card when the card is inserted into the input terminal at the time of selecting and inputting the data in the authentication information input step is provided. 14. The authentication by the main server is performed by reading the stored information as a substitute for the ID, and further by selecting and inputting data as a password in the authentication information inputting step. The data input authentication method according to item 1. 15. The conversion by the authentication information converting step from the data to specific authentication information including at least a numeral is a conversion of the data to other authentication information.
15. The data input authentication method according to any one of claims 9 to 14, further comprising a conversion changing step of automatically changing the authentication information converting step. 16. The data changing process according to claim 9, further comprising a data changing step of changing data to be selectively input to the input terminal according to a user's desire or need. Data entry authentication method. 17. A user operates to perform selection input for authentication, and selects data as a password or ID at an input terminal provided to a data input authentication system connected to a main server via a network. Authentication information input means for inputting, authentication information conversion means for converting the data selectively input by the authentication information input means into specific authentication information including at least numbers, and transmitting the authentication information converted by the authentication information conversion means An input terminal for use in a data input authentication system, comprising: 18. The input terminal for use in a data input authentication system according to claim 17, wherein the authentication information conversion means converts each piece of data in correspondence with authentication information containing one or a plurality of numbers. . 19. The data input authentication system according to claim 17, wherein the authentication information conversion means converts the selected and input data string in correspondence with the authentication information of the string including one numeral. Input terminal to serve. 20. An input data determining means for selecting / determining data to be selectively input as a password or an ID is provided prior to the selective input of the data by the authentication information inputting means, and the data as the password or the ID is provided. When selecting and inputting, in order to disclose false data different from the data as the password or ID together with the password or ID, a false data determining means for selecting and determining appropriate false data is provided. An input terminal used for the data input authentication system according to claim 17. 21. A card reading means is provided for inserting a card and reading the information written on the card, and the ID is obtained by reading the information written on the card.
21. The input terminal for use in the data input authentication system according to claim 17, wherein the data input as a password is further selectively input. 22. The conversion by the authentication information converting means from the data to specific authentication information including at least a numeral is a conversion from the data to other authentication information.
22. The input terminal provided for the data input authentication system according to claim 17, further comprising conversion changing means for automatically changing the authentication information converting means. 23. The data input according to any one of claims 17 to 22, further comprising a data changing unit capable of changing the data to be selectively input according to a user's desire or need. An input terminal used for the authentication system.