JP2006146541A - User authentication program and user authentication device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To reduce the labor of a user while securing security in a user authenticating device for selecting any one of the combinations of a plurality of questions and answers preliminarily registered for each user at random, and for requesting the user to give an answer. <P>SOLUTION: In this user authentication device, a first answer requesting means 13 selects any one of a plurality of questions stored as those of a user who has performed access, and requests the user to give an answer. A pass right applying means 15 applies a pass right for enabling the user to avoid giving an answer to the user when the user does not give any answer requested by the first and second answer requesting means 13 and 17. A second answer requesting means 17 selects any one of a plurality of questions, and requests the user to give an answer when the user exercises the pass right. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a user authentication program and a user authentication device.

In a service providing system that provides a predetermined service to a specific user, there is already known a user authentication device that determines whether or not a user is permitted to use the system when accessed by the user. .
In this type of user authentication device, generally, for each user, a combination of a set of IDs and corresponding passwords is registered in advance, and the information entered by the user at the time of access matches the registered information. Authenticated as a legitimate user and allowed to use the system.

However, in such a user authentication device, if a password is leaked, it may be illegally accessed by a person other than the user authorized to use the system.
Therefore, for each user, a combination of a plurality of combinations of a question to be answered by the user and a correct answer corresponding to the question is registered in advance instead of the ID and password, and is registered in advance when the user accesses. There has already been proposed a technique for selecting any one from a group of questions and asking the user for an answer (for example, see Patent Document 1).

In this technology, questions to be asked to the user are randomly selected and different questions are asked each time. Even if one question and its correct answer are leaked, authentication is performed with a pair of ID and password as before. Security can be strengthened compared to the case of doing so.
JP 2004-1337 A

  However, in the technique of Patent Document 1, since one question is randomly selected from a plurality of questions, depending on the selected question, it may be difficult for the user to forget the correct answer or the like. is there. Therefore, in order to avoid such inconvenience, it is necessary for the user to remember correct answers for all registered questions, and if he / she fails to answer, he / she is authenticated even though he / she is a valid user. The situation that it is not possible occurs.

  An object of the present invention is to provide a user authentication device that randomly selects any one of a combination of a plurality of questions and correct answers registered in advance for each user and requests a response from the user. It is to reduce.

  The user authentication program according to claim 1 causes a computer to realize a storage function, a first answer request function, a pass right grant function, a second answer request function, an answer reception function, and an authentication function. It is a program. In the memory function, a combination of a plurality of combinations of questions for authentication and correct answers to the questions can be stored for each user. In the first answer request function, when there is an access from the user, one of the plurality of questions stored as those of the accessing user is selected and an answer is requested from the user. The pass right grant function gives the user a pass right for avoiding an answer when the user cannot make an answer requested by the answer request function. In the second answer request function, when the user exercises the pass right, one of the other questions is selected from a plurality of questions and the user is requested to answer. The answer acceptance function accepts an answer from the user. In the authentication function, the user is authenticated based on whether or not the answer received by the answer receiving function matches the correct answer stored by the storage function.

  When this program is executed, the computer can previously store a plurality of questions and their correct answers for each user. Then, when there is an access from the user, the computer selects any one question from the question group stored as that of the user and requests the user for an answer. In response, if the user can prepare a correct answer, the authentication is successful as a valid user.

  On the other hand, if the user forgets the correct answer or fails to prepare the correct answer, such as answering the question, the user is given a pass right, and when this pass right is exercised, Selects a question different from the previous question and requests the user to answer further.

  Thus, even when a user cannot answer a question issued from a computer, the user can draw out a question that is easier to answer by exercising a pass right to avoid this. Therefore, here, the user does not need to remember the correct answers for all questions, and the burden is reduced.

  In the present invention, the case where the user cannot answer is, for example, the case where there is no answer even after a predetermined time has elapsed since the computer requested the answer to the question, or the user passes the answer. There is a case where there is an intention display (for example, a press of a pass key described later).

  Also, the pass right grant function gives a pass right not only when the first answer request function requests an answer but also when the user cannot answer when the second answer request function requests an answer. Can do. Therefore, the second answer request function selects the next question and requests further answers when the user who has exercised the pass right further exercises the pass right (when the pass right is exercised multiple times). It is also included.

  Furthermore, the computer that executes this program may be a computer provided in a service providing device that provides a predetermined service to a specific user, and is provided separately from the service providing device. Also good. Examples of such service providing devices include an automatic teller machine (ATM) installed in a bank or the like, an image forming apparatus that provides a printing service, and the like.

According to a second aspect of the present invention, in the program of the first aspect, the pass right granting function can grant the pass right a predetermined number of times.
In this program, the security effect can be maintained by limiting the number of times the pass right can be exercised.

The user authentication program according to claim 3 further requests correct answers by the number corresponding to the number of times the user has exercised the pass right in the program according to claim 2.
In this program, in order to avoid the possibility that security cannot be ensured by exercising the pass right multiple times, the user is additionally asked for correct answers as many times as the number of passes.

The number corresponding to the number of pass rights may be, for example, the same number as the number of pass rights actually given to the user, but the number of remaining questions decreases as the user continues the pass. In such a case, the number is preferably less than the number of remaining questions.
According to a fourth aspect of the present invention, in the program according to any one of the first to third aspects, the authentication function performs a predetermined security ensuring process when the answer does not match the correct answer.

In this program, the security is further improved by performing a predetermined security ensuring process when the authentication fails.
The predetermined security ensuring process includes, for example, denying access from the user, moving to the next question, or requesting re-input of the answer.

  According to a fifth aspect of the present invention, there is provided a user authentication apparatus comprising storage means, first answer request means, pass right grant means, second answer request means, answer acceptance means, and authentication means. The storage means can store, for each user, a combination of a question for authentication and a correct answer to the question. When there is an access from the user, the first answer request means selects any one of a plurality of questions stored as those of the accessing user and requests an answer from the user. The pass right granting unit gives the user a pass right for avoiding an answer when the user cannot make the answer requested by the answer requesting unit. The second answer request means selects one of the other questions from the plurality of questions and requests the user to answer when the user exercises the pass right. The answer accepting unit accepts an answer from the user. The authentication unit authenticates the user based on whether or not the answer received by the answer receiving unit matches the correct answer stored by the storage unit.

In this apparatus, the same effect as in the first aspect can be obtained.
Note that the user authentication device may be completed inside the service providing device, or may be established by being connected to a device different from the service providing device.

  According to the present invention, even when a user cannot answer a question issued from a computer, the user can draw out a question that is easier to answer by exercising a pass right to avoid this. Therefore, here, the user does not need to remember the correct answers for all questions, and the burden is reduced.

<Configuration of image forming apparatus>
1 and 2 show an image forming apparatus (user authentication apparatus) 1 in which an embodiment of the present invention is adopted. It is assumed that the image forming apparatus 1 is installed in an environment that can be used by an unspecified number of people.

The image forming apparatus 1 is a multifunction machine having functions as a copying machine, a printer, a facsimile machine, and a scanner device, and includes an input / output unit such as an image reading unit 3, an image forming unit 5, an operation panel 7, and the like. And a control unit 9 for controlling the operation of the input / output unit.
The image reading unit 3 is for reading image information of a document on a document table and has an optical system (not shown).

The image forming unit 5 forms an image on a transfer material such as paper based on the image information read by the image reading unit 3 or image data sent from the outside, and has a photosensitive drum, a fixing device, and the like. is doing.
The operation panel 7 is for inputting a print instruction, printing conditions, and the like, and includes a plurality of operation keys 7a and a display panel 7b.

The operation key 7a includes a start key for instructing a printing operation, a numeric keypad, a setting key for setting various printing conditions, and the like.
The display panel 7b is composed of a touch panel type liquid crystal display, and can display various operation screens that accept external input. Such an operation screen includes an operation screen displayed by executing a user authentication program described later.

  Other input units include a communication unit, a paper feed unit, a paper discharge unit (all not shown), an automatic document feeder (hereinafter referred to as ADF) 31, and the like. The communication unit receives print data sent from an externally connected device connected to the image forming apparatus 1 (for example, a personal computer in which the printer driver of the image forming apparatus 1 is installed), and facsimile received data from other facsimile machines. Receive.

The control unit 9 is composed of a microcomputer including a CPU and a memory. In addition to various control programs executed by the CPU, the user authentication program is stored in the memory.
When a predetermined operation on the image forming apparatus 1 is detected, the control unit 9 executes a user authentication program and performs an authentication operation. Examples of the predetermined operation include an opening / closing operation of the ADF 31 or a document setting, or some operation on the operation panel 7 (for example, pressing a setting key or the like).

The control unit 9 executes the user authentication program to thereby store the storage unit 11, the user confirmation unit 12, the first response request unit 13, the pass right grant unit 15, the second response request unit 17, and the response reception. It functions as means 19 and authentication means 21.
The storage means 11 is for storing a plurality of combinations of a question issued to the user and a correct answer to the question in advance for each user. Specifically, a predetermined operation screen is displayed on the display panel 7b, and the user can arbitrarily input a question and its correct answer. The combination of the inputted question and the correct answer is stored in the memory as a table as shown in FIG. 3 for each user. The storage unit 11 displays an operation screen for registration when a predetermined operation key 7a is operated.

  The user confirmation unit 12 displays an operation screen for requesting input of a user name when the user performs the predetermined operation to use the image forming apparatus 1. In this operation screen, for example, the user may display a character input key to input an ID or a user name, and can select from a pre-registered user list. Also good. The user confirmation unit 12 identifies who the user is from the ID or the like input on the operation screen.

  The first answer request means 13 searches and specifies the question and the correct answer stored as the user specified by the user confirmation means 12, and randomly selects any one question from the specified question group. To display an operation screen for requesting an answer. In this operation screen, together with the contents of the question, an answer field for the user to input an answer and a character input key for inputting an answer in the answer field are displayed together.

  The pass right granting unit 15 performs a predetermined time without any operation on the operation screen displayed on the display panel 7 (including those displayed by both the first and second response requesting units 13 and 17). When (e.g., several seconds) elapses, the pass key is displayed, and the user can pass the answer to the question by pressing the pass key. Here, the pass can be performed a predetermined number of times (for example, three times).

  When the user passes the answer, the second answer request means 17 further selects the next question at random from the remaining questions and displays an operation screen for requesting the answer to the user. Also on this operation screen, similar to the operation screen displayed by the first answer request means 13, the contents of the question, the answer field, and the character input key are displayed.

The answer accepting unit 19 accepts an answer input by the user in response to requests from the first and second answer requesting units 13 and 17.
The authentication unit 21 determines whether or not the answer received by the answer receiving unit 19 matches a pre-registered correct answer while referring to the table of the combination of the question and the correct answer. In contrast, the use of the image forming apparatus 1 is permitted and a normal print standby screen is displayed. On the other hand, if the answer and the correct answer do not match, the user's use of the image forming apparatus 1 is rejected and a message to that effect is displayed.

<Operation of Image Forming Apparatus>
Next, an authentication operation performed in the image forming apparatus 1 will be described with reference to FIG.
Here, a case where the user uses the image forming apparatus 1 as a copying machine will be described as an example.
When using this image forming apparatus 1, each user operates a predetermined operation key 7a to display an operation screen for registration, and a plurality of questions and correct answers used for the authentication operation when used by the user. A combination of sets is registered in advance.

When this registration operation is completed (S1), and then the user performs a predetermined operation such as setting a document on the ADF 31 (S2), this is detected by the control unit 9, and the user authentication program is executed. The authentication operation is performed.
First, a predetermined operation screen is displayed on the display panel 7b, the first question is presented, and a blank for answering the question is shown (S3). In response to this, the user inputs the answer without passing the answer if the answer is possible (S4, S5), and if the answer is difficult, the user presses the pass key displayed after a predetermined time has passed. Pass (S4).

  The content of the answer given by the user in step S5 is accepted (S6), and it is determined whether or not it matches the correct answer (S7). As a result, if the answer is correct, the user is authenticated as a valid user, and the use of the image forming apparatus 1 is permitted (S8). On the other hand, if it does not match the correct answer, the use of the image forming apparatus 1 by the user is rejected (S11).

If the answer is passed in step S4, an operation screen for the next question presentation and answer request is displayed (S3) until the number of passes exceeds a predetermined number (S10).
As described above, the operations in steps S4, S10, and S3 are repeated until the number of times the pass right is exercised exceeds the predetermined number.

  According to the image forming apparatus 1 described above, since it is not known which of a plurality of questions registered in advance is selected, it may be difficult for the user to answer depending on the selected question. However, even in such a case, even if it is difficult to answer, the user can draw out and answer a question that is easier to answer by exercising the pass right. Therefore, here, the user does not need to remember the correct answers for all questions, and the burden is reduced.

  Further, in this apparatus 1, since the number of times that can be passed is limited to a predetermined number of times, it is possible to avoid a situation in which security cannot be ensured as a result of all questions presented to the user being passed.

<Other embodiments>
(A) In the above embodiment, the image forming apparatus may perform an authentication operation not only when used as a copying machine but also when used as a printer or a scanner apparatus.
For example, when used as a printer, an operation screen similar to that displayed on the display panel in the above embodiment is displayed on a monitor of a personal computer in which the printer driver of the image forming apparatus is installed, and a keyboard is displayed. Alternatively, it may be configured such that an answer can be input and transmitted with a mouse or the like.

(B) In the above embodiment, the pass key displayed on the operation screen may be displayed from the beginning together with the question and answer fields, not after a predetermined time has elapsed.
(C) The authentication means, as the processing contents when the authentication fails, in addition to not permitting use, further selects the next question and requests the answer, prompts the user to re-enter the answer, or network It is also possible to employ a method of reporting to a management server or the like of the image forming apparatus connected via the network.

(D) The user may be not only an individual but also a predetermined department in an organization such as a company or a school. In this case, the user confirmation may be performed using a department card or the like in which information indicating that the person belongs to the department is recorded.
(E) For storing each user's question and correct answer, not only a memory but also a hard disk drive device, an externally connected database server, or the like may be employed.

(F) In the above-described embodiment, the authentication unit may be configured such that the authentication is successful only after the user has correctly answered the same number as the number of times the user has passed the answer or the number corresponding thereto.
(G) The present invention is not limited to an image forming apparatus, but can be applied to other service providing devices such as bank ATMs.

The figure which shows the user authentication apparatus by which one Embodiment of this invention was employ | adopted. The block diagram which shows the structure of the said user authentication apparatus. The table which shows the relationship between the question used in the said user authentication apparatus, and its correct answer. The flowchart for demonstrating operation | movement of the said user authentication apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 User authentication apparatus 9 Control part 11 Memory | storage means 13 1st response request means 15 Pass right grant means 17 2nd response request means 19 Answer reception means 21 Authentication means

Claims (5)

On the computer,
A storage function capable of storing for each user a combination of a plurality of combinations of questions for authentication and correct answers to the questions;
When there is an access from the user, a first answer request function for requesting an answer from the user by selecting any one of the plurality of questions stored as those of the user who made the access When,
A pass right granting function for giving a pass right for avoiding an answer to the user when the user cannot make an answer requested by the answer request function;
A second answer request function for requesting an answer from the user by selecting any one of the plurality of questions when the user exercises the pass right;
An answer acceptance function for accepting an answer from the user;
An authentication function for authenticating the user depending on whether the answer received by the answer receiving function matches the correct answer stored by the storage function;
User authentication program for realizing   The user authentication program according to claim 1, wherein the pass right granting function can grant a pass right a predetermined number of times.   The user authentication program according to claim 2, wherein the authentication function further requests correct answers by a number corresponding to the number of times the user has used the pass right.   The user authentication program according to any one of claims 1 to 3, wherein the authentication function performs a predetermined security ensuring process when the answer and the correct answer do not match. Storage means capable of storing, for each user, a combination of a plurality of sets of questions for authentication and correct answers to the questions;
First answer request means for requesting an answer from the user by selecting any one of the plurality of questions stored as belonging to the user who made the access when the user has made an access When,
A pass right granting unit for giving a pass right to avoid an answer to the user when the user cannot make an answer requested by the answer request unit;
Second answer request means for requesting an answer from the user by selecting any one of the plurality of questions when the user exercises the pass right;
An answer receiving means for receiving an answer from the user;
Authentication means for authenticating the user depending on whether the answer received by the answer receiving means matches the correct answer stored by the storage means;
User authentication device with

Images