JP2006287843A - Authentication processing method and device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide authentication techniques in which security is improved so as to hold out against a brute force attack. <P>SOLUTION: In an authentication processing method for authenticating a user by processing inputted information by means of a computer, the computer generates a key for first information to be used for authenticating the user, calculates a first hash value using this key and third information (e.g., random number), stores the first hash value into a storage section, generates image information using the third information, encrypts the image information and stores it into the storage section. When authenticating the user, the computer generates a key from the first information inputted from an input device, uses the key to decrypt the image information stored in the storage section, and displays the image on a display. The user inputs from the input device second information recognized from the displayed image. The computer uses the inputted second information and the key to calculate a second hash value. The computer then collates first hash value stored in the storage section with the second hash value to perform the authentication. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an authentication processing method and apparatus, and more particularly to a technique for authenticating a user in an information processing apparatus and a service providing apparatus used in a stand-alone environment.

  When an information processing apparatus such as a personal computer (PC) is used, or when a service is provided from a provider using a network such as the Internet, authentication of whether the user is an authorized person is performed.

Regarding user authentication, the user's ID and password are usually registered in advance in the information processing apparatus or provider server, and the ID and password entered by the user at the time of use are checked against those registered in advance. If they match, the user is regarded as a legitimate person and access is permitted.
A hash function is used to hide previously registered IDs and passwords. For user authentication, for example, information (hash value) calculated by a hash function is registered in advance in a storage device, and information hashed from ID and password information input at the time of authentication is registered in advance. This is done by checking the hash value.

  As a publicly known example of this type, for example, Japanese Patent Laid-Open No. 2002-353958 (Patent Document 1) has a collation information obtained by hashing a data string of a user ID and a personal identification number and uses it for identity verification. Techniques to do this are disclosed.

  By the way, in the authentication technology that can evaluate the reliability, the encryption logic of the information (authentication information) input for authentication and the calculation logic of the hash value are often disclosed. For this reason, if information (verification information) registered in advance for authentication is stolen, the authentication information may be decrypted using publicly available encryption logic or hash value calculation logic. In particular, in a device placed in a stand-alone environment (referred to as a stand-alone device), authentication information is ultimately more likely to be stolen as a result of trial and error by a malicious person.

JP 2002-353958 A

  Therefore, as a measure for preventing the authentication information from being stolen by trial and error as described above, it is conceivable to make the authentication information as long as possible. In this way, even if a bad guy performs a brute force attack or a dictionary attack, it takes a long time to acquire valid authentication information, so it is expected that theft will be difficult as a result. It is.

  However, since human memory is limited, if the authentication information is too long, the user cannot remember it or it is very difficult to memorize it. The user who thinks that it is difficult to memorize may write his / her authentication information in a notebook or memo, and if they are stolen, the meaning as authentication information is lost.

SUMMARY OF THE INVENTION An object of the present invention is to provide an authentication processing method, a program therefor, and an authentication device for improving the strength of security so that it can withstand an exhaustive search attack.
Another object of the present invention is suitable for an offline device that avoids an excessive burden on the user's memory for the authentication information and can prevent the authentication information from being stolen from a brute force attack using a relatively short authentication information. Is to provide a reliable authentication technology.

An authentication processing method according to the present invention includes a key generated with respect to first information used for user authentication in an authentication processing method in which information input from an input device is processed by a computer to perform user authentication. The first hash value is calculated using the third information, the first hash value is stored in the storage unit in advance, and the image information is generated using the third information, and encrypted with the key. Storing in advance in the storage unit, generating a key for the first information input from the input device at the time of user authentication, and decrypting the image information stored in the storage unit using the key The step of displaying the image on the display unit, the step of inputting the second information recognized by the user from the image displayed on the display unit from the input unit, and the step of using the key and the second information 2 ha An authentication processing method comprising: a step of calculating a check value; and a step of collating the first hash value and the second hash value stored in the storage unit and performing authentication according to the result of the collation (claim) (Related to item 1).
In a preferred example, the first hash value is calculated using the key and a random number as the third information, and stored in the storage unit.
Preferably, image information is generated in association with a random number, and information encrypted with a key is stored in the storage unit.
Preferably, the first information is a user password, and image information is generated when the password is correct, and information unrelated to the image information is generated when the password is not correct.
In one example, the second information recognized by the user from the image displayed on the display device is input from the input device as character string information.
In another example, the second information recognized by the user from the image displayed on the display is input from the input device as voice information.

More generally, the authentication processing method according to the present invention is a first information used for user authentication in an authentication processing method for authenticating a user by processing information input from an input device by a computer. Generating the first one-way function information using the key generated with respect to the third information and storing the first one-way function information in the storage unit in advance, and the fourth information that can be perceived by a human using the third information Are generated and encrypted with a key and stored in the storage unit in advance, a step of generating a key with respect to the first information input from the input device at the time of user authentication, and using the key in the storage unit Decoding the stored fourth information and outputting the related information to the output unit; and inputting the second information recognized by the user from the related information output to the output unit from the input unit The key and the second information And generating the second unidirectional function information and performing authentication by comparing the first directional function information and the second directional function information. (Related to item 7).
In a preferred example, the computer processes using image information or audio information as the fourth information, and processes using a hash function as the first and second directional function information.
In a preferred example, the computer processes using the random number as the third information.

  Furthermore, the present invention is grasped as a program having a function of executing each step of the authentication processing method on a computer (related to claim 10).

An authentication processing apparatus according to the present invention includes an input device that inputs information for authenticating a user in an authentication processing device that performs user authentication by processing information input from an input device, and information An output device, a storage unit that stores information used for authentication processing, and a computer that performs information processing for authentication,
The computer further includes a key generation unit that generates a key for certain information, a one-way function calculation unit that calculates a one-way function using the certain information, and a one-way property generated by the one-way function calculation unit. Collating means for collating the function,
And the computer
A key is generated by the key generation unit with respect to the first information used for user authentication, and the first one-way function information is generated by the one-way function calculation unit using the generated key and the third information. And storing the first one-way function information in the storage unit,
Generating fourth information that can be perceived by a human using the third information, storing the fourth information encrypted with the key in the storage unit,
At the time of user authentication, a key is generated by the key generation means for the first information input from the input device, the fourth information stored in the storage unit is read using the key, and the fourth information is related to the fourth information. Output the information to the output device,
The second one-way function information is generated by the one-way function calculation means using the second information and the key that are recognized by the user from the related information output to the output device and input from the input device. And an authentication processing device that performs authentication processing by comparing the first directional function information and the second directional function information by a verification unit (related to claim 11).
In a preferred example, the one-way function calculation means is a hash value calculation means, and a storage unit registers a hash value used by the hash value calculation means and a file name of the image information in advance in association with a user. The management table to be stored is stored.
In a preferred example, the one-way function calculation means is a hash value calculation means, calculates a hash value using a random number as third information, and generates image information or fourth information as means for generating fourth information. Means for generating audio information;

The authentication processing method according to the present invention can be grasped as follows if the expression is further changed. That is, in an authentication processing method in which information obtained from a user is processed by a computer to authenticate the user, a key is generated according to the authentication information of the user, and the first is executed by the computer using the key and other information. Unidirectional function information is generated and stored in the storage unit in advance,
Specific information including image information or audio information that can be perceived by humans is generated by a computer using other information used in the generation of the first one-way function information, and is encrypted and stored in advance using a key. Stored in the department,
At the time of user authentication, a key is generated according to the user authentication information input from the input device, and specific information stored in the storage unit is decrypted using the key and output to the output device. Input from the input device the second information recognized by the user from the output information,
The computer generates second unidirectional function information using the key and the second information, and authenticates the user by comparing the first directional function information and the second directional function information. An authentication processing method (related to claim 14).

  ADVANTAGE OF THE INVENTION According to this invention, the authentication technique which improved the intensity | strength of security so that it can endure an exhaustive search attack can be provided. Further, by using relatively short authentication information, it is possible to reduce the burden on the user and prevent the authentication information from being stolen from a brute force attack or the like.

Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings.
First, the concept of an authentication technique according to an embodiment of the present invention will be described with reference to FIG.
The user inputs authentication information (authentication information) P1 to the computer. The computer generates a key K1 from the input authentication information P1, decrypts the stored image with the key K1, and generates a deformed output image D2. In the illustrated example, an output image of alphanumeric characters “smwm” deformed from the saved image is generated.

The output image D2 is displayed on the display screen. The user inputs a character recognized by the user from the displayed image D2 as a character string X2. On the processing device side, in a database (DB) connected to the computer, D2 encrypted by K1 (hereinafter referred to as K1 (D2)) and h (K1, X2) which are hash values of K1 and X2 are stored. ) And hold.
Therefore, the hash value H2 is calculated from the input character strings X2 and K1, and collated with the hash value H1 registered in advance in the DB. If the result is correct, the person is authenticated as a valid person.

  The targets of the offline exhaustive search attack are K1 (D2) and h (K1, X2). Therefore, even if K1 (D2) is decoded, since the recognition target is an image, it is extremely difficult for the person other than humans to perform the recognition. That is, compared with the case where authentication information is generated from the permutation combination processing of character strings by computer trial and error, the human recognition of the image intervenes. It is difficult with technology. Further, it is appropriate for a person other than a legitimate user to input legitimate authentication information P1 by trial and error, and to recognize the correct X2 from a normal image generated and displayed based on the legitimate authentication information P1. It will take time.

  In this way, an exhaustive search attack based on the K1 value is very difficult for the user to visually confirm the image, and the combined information of K1 and X2 has a sufficient length, so that h (K1, X2) An exhaustive search attack becomes even more difficult.

FIG. 2 shows the registration of authentication information.
When the recognition information P1 is input from the user, the computer generates a key K1 from the information P1. In the computer, a random number X2 is generated to generate the deformed image D2. Then, a saved image D2 ′ obtained by encrypting the image D2 with the key K1 is generated and stored in the DB. Further, the computer generates a hash value h (K1, X2) that is a one-way function and stores it in the DB.

  The reason why the random number X2 is used here is that it is used as information unrelated to the key K1. That is, a brute force attack by a malicious person who knows the internal logic for generating the random number X2 from the key K1 by guessing the key K1 from the person who saw the image D2 (in this case, the brute force length is not K1 + X2 K1 and X2 are used as irrelevant information.

As a method for generating a deformed image from an alphanumeric character string, for example, a conventionally known CAPTCHA method is used. In the CAPTCHA method, since the algorithm for generating D2 from X2 is irreversible, X2 cannot be calculated from D2. Further, an exhaustive search attack using X2 values can be prevented by inserting random numbers into the image of D2 as noise like a digital watermark.
As an encryption method, a conventionally known AES (Advanced Encryption Standard) method or the like is used.

Next, with reference to FIG. 3, the hardware configuration of the authentication processing apparatus in the present embodiment will be described.
The authentication processing device includes a storage device in which an input device 11, a display device 12, a computer (CPU) 13, and a database (DB) 14 are connected to a common bus. For example, a personal computer (PC) may be assumed.

  The input device 11 is, for example, a keyboard or a mouse, and is primarily used for inputting the above-described authentication information and characters, but is also used for inputting various other information. The display 12 displays a deformed image at the time of authentication, but also displays various guidance to the user at the time of authentication and registration of authentication information.

  The CPU 13 performs processing of information input / output between the input device 11, the display device 12, and the DB 14 and controls transfer of the information. In particular, the encryption program and the hash value calculation program are executed to generate the above encryption key, the deformed image is generated, the hash value is calculated, and the calculated hash value is collated. For the process, etc.

  The database (DB) 14 stores a file management table 40 that associates a user with a hash value and an encrypted image, and a storage image M1 obtained by encrypting the image with a key K1.

FIG. 4 shows an example of the file management table 40.
The table 40 registers a hash value 402 (meaning the first hash value) used by the user and an encrypted image file name 403 corresponding to the user name 401.

FIG. 5 shows an example of the storage image D2 stored in the DB.
Although the deformed image D2 is shown in (1) to (3) of FIG. 5, the encrypted image D2 is actually stored. Each of these images is designated by an encrypted image file name 403 in the management table 40 of FIG.

Next, the registration operation and authentication operation of authentication information in this embodiment will be described with reference to FIGS.
First, the authentication information registration operation will be described with reference to FIG.
At the time of registration, the input screen G is displayed on the display 12 (S61). On the displayed input screen G, the user inputs a user name U, for example, “Tanaka” from the input device 11 (S62). Subsequently, the user inputs authentication information (authentication information) P1 (S63). For example, as the authentication information P1, as shown in FIG. 8, a password consisting of 8 characters is input in the input area of the input screen.

  The recognition information P1 input from the input device 11 is generated by the computer 13 from the information P1 by the computer 13 (S64). The key K1 is binary data obtained by replacing the information P1 with a numerical value. Then, a random number X2 is generated from the alphanumeric string (S65). A random number generation method can be realized using a generally known method.

  Next, the computer 13 generates a deformed image D2 of random numbers X2 to X2 consisting of alphanumeric characters (S66). Then, the stored image M1 is generated by encrypting the image D2 with the key K1, and is stored in the DB 14 (S47). In this case, a file name is assigned to the saved image M1, and the file name is registered in the file management table 40.

  Thereafter, the computer 13 calculates a hash value from the random number X2 and the key K1 (S68). The obtained hash value H1 is stored in the DB 14 as a storage hash value in the same manner as the storage image M1 generated previously. Here, the hash value H1 and the saved image M1 are registered in the file management table 40 in association with the user (S69). When the above operations are completed, a series of registration operations is terminated.

Here, as a method for generating the deformed image D2 from the alphanumeric character string, for example, the CAPTCHA (registered trademark of Carnegie Mellon University) method is preferably used. In the CAPTCHA method, since the algorithm for generating the image D2 from the random number X2 is irreversible, the original value X2 cannot be calculated from D2. Further, an exhaustive search attack using a random number X2 value can be prevented by inserting random numbers into the image D2 as noise like a digital watermark.
For example, the AES method is used as the encryption method, and a well-known method such as SHA1 or MD5 is preferably used as the hash function.

Next, the authentication operation will be described with reference to FIG.
First, when the input screen G is displayed on the display device 12 (S701), the user inputs a user name U such as “Tanaka” from the input device 11 to the input screen G (S702), and further authentication. Information P1 is input (S703). As the authentication information P1, for example, an 8-character password is entered in the input area of the input screen shown in FIG.

  The computer 13 generates a key K1 obtained by converting the input authentication information P1 into alphanumeric characters (S704). Then, the hash value 401 and the encrypted image file name 403 registered corresponding to the user name “Tanaka” are acquired with reference to the file management table 40 registered in the DB 14. Then, the stored image M1 corresponding to the encrypted image file name 403 is read from the DB 14 (S705).

  The computer 13 decrypts the read saved image M1 with the key K1, and generates an image D2 (S706). Then, the image D2 is displayed on the display device 12 (S708). The displayed image D2 is a deformed image as shown in FIG. 9, for example.

  The user himself recognizes the meaning from the image D2 displayed on the display device 12, and inputs the recognized character string X2 in the input area of the display screen with alphanumeric characters (S709).

  On the other hand, if the recognition information P1 input in step S703 is not valid for the user, the regular image file is not read from the file management table 40, and therefore the correct image D2 is not displayed on the display unit 12. Become. Even if something is displayed, the image is completely meaningless. Therefore, since an unauthorized user cannot correctly recognize the displayed meaningless image, a valid character string X2 cannot be input or a lot of trial and error is repeated. Therefore, it is monitored whether or not the input of the valid character string X2 is within a certain time (S710), and if it takes more than a certain time, it is determined that the authentication has failed. That effect is displayed on the display 12.

  The character string X2 correctly input within a certain time is sent to the computer 13. (S710). The computer 13 calculates a hash value H2 from the key K1 and the received character string X2 (S711). Further, the hash value H1 registered corresponding to the user is read from the management table 40 (S712). Then, the computer 13 collates the previously calculated hash value H2 with the hash value H1 read from the management table 40 (S713).

  As a result of the collation, if the two match, it is considered that the authentication is successful (S714 to 715), and the subsequent processing is performed. For example, the user is allowed to access the PC. On the other hand, if they do not match as a result of the collation, it is regarded as an authentication failure, the fact is displayed on the display device 12 and notified to the user, and the authentication process is terminated (S716).

  The registration process and the authentication process described above are realized by executing a program for performing each step on a computer.

  According to the present embodiment, the verification information held by the system may be stolen or leaked, and the algorithm may be known to an attacker to authenticate the user. Under the environment, it is possible to provide a security strength that can withstand an offline exhaustive search attack for decrypting the user's recognition information simply by using the relatively short authentication information information.

As mentioned above, although one Example of this invention was described, this invention is not limited to the said Example, In addition to this, various deformation | transformation or application can be implemented.
For example, the definition and terminology of the terms in the above embodiment are merely examples and are not limited thereto. For example, the configuration and name related to the table are examples, and the present invention is not limited to the above-described embodiment. The above table may be configured as a DB.

As another modification, the input of the authentication information P1 is not limited to the example of inputting the password character string in the input area of the input screen as shown in FIG. For example, 16 pictograms may be displayed in Marix (4 × 4), and from the pictograms, two pictures in each row may be selected and input according to a picture and order predetermined for each user.
For example, if 8 characters are selected from 8 alphanumeric characters and 46 bits, 10 × 10 = 100 pictures, a 53-bit key K1 is obtained. The random number X2 is 57 bits long if it is 10 alphanumeric characters. When combined with the key K1, (K1, X2) is about 110 bits long.

  As another example, after the image D2 is recognized, the character string X2 input by the user may be input by voice using a voice input device instead of from the keyboard.

  In the above embodiment, the image D2 is displayed on the display, and the character string X2 recognized by the user is input from the displayed image. However, in another example, D2 ′ is output as voice to the voice output device instead of the display, and the user inputs the information X2 ′ recognized from the output voice D2 ′ by inputting characters or voice. Also good. In this case, since the sound output to the output device can be understood only by humans (it cannot be understood by a machine such as a computer), it has the same effect as the above-described image.

  As yet another example, in the above embodiment, the random number X2 is generated and used as information unrelated to the key K1, but the present invention is not limited to the random number. As long as the information is irrelevant to the key K1, it may be a fixed value, or may be date and time information that changes from day to day.

The figure for demonstrating the concept of the authentication in one Example of this invention. The figure which shows the outline | summary of registration of the authentication information in one Example. The figure which shows the hardware constitutions of the authentication apparatus in one Example. The figure which shows the structural example of the file management table in the authentication processing apparatus of one Example. The figure which shows the example of the image used in the authentication processing apparatus of one Example. The flowchart figure with which it uses for description of operation | movement of the registration in the authentication processing method by one Example. The flowchart figure with which it uses for operation | movement description of the authentication processing method by one Example. The figure which shows the example of the input screen in the authentication processing apparatus of one Example. The figure which shows the example of the input screen for the recognition information input in the authentication processing apparatus of one Example.

Explanation of symbols

11: Input device 12: Display device
13: Computer (CPU) 14: Database (DB)
40: File management table 401: User name 402: Hash value 403: Image file name P1: Authentication information D2: Output image K1: Key H1, H2: Hash value X2: Random number

Claims (14)

In an authentication processing method for authenticating a user by processing information input from an input device with a computer,
Calculating a first hash value using a key generated with respect to the first information used for user authentication and the third information, and storing the first hash value in a storage unit in advance;
Generating the image information using the third information, performing encryption processing with the key, and storing in advance in the storage unit;
Generating a key for the first information input from the input device when authenticating the user;
Decrypting the image information stored in the storage unit using the key and displaying the image on a display;
Inputting from the input device second information recognized by a user from the image displayed on the display device;
Calculating a second hash value using the key and the second information;
Collating the first hash value stored in the storage unit with the second hash value and performing authentication according to the result of the collation;
An authentication processing method characterized by comprising: The authentication processing method according to claim 1, wherein a first hash value is calculated using the key and a random number as the third information, and is stored in the storage unit. 3. The authentication processing method according to claim 2, wherein the image information is generated in association with the random number, and the information encrypted with the key is stored in the storage unit. The first information is a password of a user, and the image information is decrypted when the password is correct, and information unrelated to the image information is generated when the password is not correct. The authentication processing method according to any one of 1 to 3. 5. The authentication processing method according to claim 1, wherein second information recognized by a user from an image displayed on the display is input from the input device as character string information. 5. The authentication processing method according to claim 1, wherein the second information recognized by the user from the image displayed on the display is input as voice information from the input device. In an authentication processing method for authenticating a user by processing information input from an input device with a computer,
Generating first unidirectional function information using the key generated with respect to the first information used for user authentication and the third information, and storing the first unidirectional function information in advance in a storage unit;
Generating fourth information that can be perceived by a human using the third information, encrypting the information with the key, and storing the information in a storage unit in advance;
Generating a key for the first information input from the input device when authenticating the user;
Decrypting the fourth information stored in the storage unit using the key and outputting related information to the output unit;
Input from the input device second information recognized by a user from the related information output to the output device;
Generating second one-way function information using the key and the second information;
Authenticating by comparing the first directional function information with the second directional function information;
An authentication processing method characterized by comprising: 8. The computer according to claim 7, wherein the computer processes using image information or audio information as the fourth information, and processes using a hash function as the first and second directional function information. Authentication processing method. 9. The authentication processing method according to claim 7, wherein the computer performs processing using a random number as the third information. A program having a function of executing each step of the authentication processing method according to any one of claims 1 to 9 on a computer. In an authentication processing device that processes information input from an input device by a computer and authenticates a user,
It has an input device for inputting information for user authentication, an output device for outputting information, a storage unit for storing information used for authentication processing, and a computer for information processing for authentication ,
The computer further includes a key generation unit that generates a key for certain information, a one-way function calculation unit that calculates a one-way function using the certain information, and a one-way function generated by the one-way function calculation unit. Collating means for collating the directional function,
And the computer
A key is generated by the key generation unit with respect to the first information used for user authentication, and the first one-way function is calculated by the one-way function calculation unit using the generated key and third information. Generating information, storing the first one-way function information in the storage unit,
Generating fourth information that can be perceived by a human using the third information, and storing the fourth information encrypted with the key in the storage unit;
At the time of user authentication, the key generation unit generates a key for the first information input from the input device, reads the fourth information stored in the storage unit using the key, and Outputting information related to the fourth information to the output device;
The second information is recognized by the user from the related information output to the output unit and is input from the input unit and the key, and the second one is calculated by the one-way function calculation means. Generate directionality function information,
An authentication processing apparatus, characterized in that authentication processing is performed by comparing the first directional function information and the second directional function information by the verification means. The one-way function calculating means is a hash value calculating means;
12. The authentication processing apparatus according to claim 11, wherein the storage unit stores a management table in which hash values used by the hash value calculation unit and a file name of the image information are registered in advance in association with a user. . The one-way function calculation means is a hash value calculation means, calculates a hash value using a random number as the third information,
13. The authentication processing apparatus according to claim 11 or 12, further comprising means for generating image information or audio information as means for generating the fourth information. In an authentication processing method in which information obtained from a user is processed by a computer to authenticate the user,
In addition to generating a key according to the user authentication information, using the key and other information, the computer generates first one-way function information and stores it in a storage unit in advance.
Using the other information used in the generation of the first one-way function information, specific information including image information or audio information that can be perceived by a human is generated by the computer, and encryption is performed using the key. Stored in advance in the storage unit,
Upon user authentication, a key is generated according to the user authentication information input from the input device, and the specific information stored in the storage unit is decrypted using the key and output to the output device. The second information recognized by the user from the information output to the output device is input from the input device;
The computer generates second unidirectional function information using the key and the second information, and collates the first directional function information with the second directional function information. An authentication processing method characterized by authenticating a user.

Images