JP2007072702A - Personal password management method, personal password association support device, personal password association support program, personal password management system and authentication server - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To unitarily manage passwords required in an infinite variety of systems on a user side. <P>SOLUTION: In a log-in screen, a user first inputs a user ID to a user ID input column 204. An authentication part 22 extracts an association generation term corresponding to the inputted user ID from an authentication DB 23, and transmits the association generation term to a client 1. When a Web browser 11 receives the association generation term from an authentication server 2, the Web browser 11 displays it in an association generation term display column 206. A combination rule known by only the user oneself is applied on the basis of the association generation term and a password base predetermined only inside brains by the user oneself to obtain the original password. Thus, an individual side can systematically manage a lot of the different passwords which the individual faces. Though the association generation term is disclosed, another person cannot generate the password from the association generation term by undisclosing the base and the rule. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a technique for easily managing a plurality of passwords on an individual side.

  In recent years, opportunities to access various sites such as banks, stock trading, online shopping content, program downloads, membership clubs, companies, schools, government offices, and communities from the Internet homepage have increased.

  If you decide to always use one password for access to any site, if the password is stolen, all authentication will be unprotected, so it usually differs for each login screen. It is recommended to set a password. In addition, users who want to separate passwords for important access and passwords for other access, such as separate passwords for logging in to Internet banks and passwords for registering members on temporary homepages. There are many.

  In addition, when logging in to a personal computer of a company, there is an example in which different passwords are set for BIOS-level and OS-level login to enforce double security.

  In addition, even on a single login screen, the password may have to be changed periodically due to the system requirements, which also increases the amount of passwords that individuals must manage. Yes.

  In spite of this, individuals are unwilling to manage many different passwords, including passwords necessary for accessing various sites and passwords for personal computers and storage devices. When a large number of passwords are required, it is often inconvenient that the person himself forgets which password was set at which login. If you enter an incorrect password with ambiguous memory, you will encounter an error such as "Please confirm the password and enter again", which is unpleasant.

  Also, once you forget your password, you will have to issue and set a new password through a rather cumbersome procedure such as identity verification.

  One way to manage these multiple passwords is to store a table describing which passwords should be entered on which login screen in a personal computer, or to increase the number of passwords by creating paper notes, etc. It may be possible to maintain the table by rewriting it every time an invalid password is generated.

  However, extra work is required to check which password by opening this table or taking out a memo at login. Since management of such a table is performed by an individual, forgetting to perform maintenance or the like occurs, and strict maintenance management is difficult. In addition, there is a possibility that any access becomes impossible due to the failure of the personal computer or the erroneous erasure of the table.

  Furthermore, if this table is illegally stolen or copied, unauthorized access pretending to be the user can be easily performed. Such a risk can occur in the same way when noting the table as data and taking notes on paper or the like.

Also in the prior art, there is a technique for reducing the burden of password management used for personal authentication in a computer system. For example, according to Patent Document 1, user information of a network system is centrally managed by an authentication server, and a password management unit generates and manages a device individual password that combines a user-determined basic password with a token that can be easily recognized by the user. To do. Furthermore, a password information is memorize | stored in a portable terminal and the function which presents the password with respect to a user's desired server is provided.
JP 2004-295711 A

  The technology of Patent Document 1 is based on a basic password for a plurality of devices existing in one managed and defined system system, and information (tokens) specific to the device and a fixed IP address before and after that. In addition, it is a method of generating individual passwords for each device. That is, it can be applied only to “one well-managed system” and cannot be used to manage a plurality of passwords for a plurality of independent systems with different owners.

  Furthermore, Patent Document 1 merely provides convenience to the user from the system side, and the fundamental problem of how one user corresponds to a variety of differently designed systems. It does not touch any points.

  The present invention has been made in view of such problems, and an object of the present invention is to provide a technology capable of centrally managing passwords required by various systems on the user side.

  In order to solve the above-described problem, the personal password management method according to the present invention provides an arbitrary password corresponding to each of a plurality of user identification information predetermined to identify a specific user in each of a plurality of authentication services. A step of accepting, for each desired authentication service, registration of an associative word that is an arbitrary character string that uniquely associates a plurality of passwords consisting of character strings with each user for each authentication service, and a registration for each desired authentication service. Storing the received associative word in the database in association with the user identification information in the desired authentication service, receiving the input of the user identification information in the specific authentication service, and in the input specific authentication service A database that extracts associative words corresponding to user identification information from the database. Includes-up, and notifying the association generated word extracted from the database, the.

  In order to solve the above-described problem, the personal password management method according to the present invention includes an arbitrary character string corresponding to user identification information that is predetermined for identifying a specific user in a specific authentication service. A step of accepting registration of an associative word that is an arbitrary character string that uniquely associates a password with a user, and storing the associative word that is accepted for registration in the database in association with user identification information in a specific authentication service A step of accepting input of user identification information in a specific authentication service through a login screen of the specific authentication service, and associative generation corresponding to the user identification information in the specific authentication service inputted through the login screen Extracting words from the database, and extracting words from the database Including the step of notifying an associative generation language.

  In order to solve the above-mentioned problem, the personal password management method according to the present invention corresponds to each of a plurality of user identification information predetermined for identifying a specific user in each of a plurality of authentication services. A step of accepting, for each desired authentication service, registration of an associative word that is an arbitrary character string that uniquely associates a user with a plurality of passwords made of arbitrary character strings for each desired authentication service; Associating the associative word accepted for registration with the user identification information in the desired authentication service and storing it in the database, and inputting the user identification information in the desired authentication service via a predetermined single login screen Accepting step and desired authentication service entered via a predetermined single login screen Including definitive extracting association product word corresponding from the database to the user identification information, and notifying an associative product word extracted from the database, the.

  When a specific authentication service is used from among a plurality of authentication services, when user identification information is input from the login screen, an associative word arbitrarily registered by the user is notified to the user. The user can uniquely associate only the password used in the authentication service from the notified associative word. Thereby, it is possible to easily remember and use a plurality of passwords set in the past individually by a plurality of authentication services. The passwords targeted in the present invention include those having similar characteristics such as PIN (Personal Identification Number) and personal identification number.

  Here, the associative word may be registered in the server of each authentication service, or may be registered in the user terminal. In particular, if an associative word is registered in the user terminal, it is not necessary to provide a special mechanism for registering the associative word in each authentication service server.

  In order to realize the above, the plurality of passwords include a corresponding associative word and a password base which is a predetermined common character string.

  In other words, once a single password base is determined, a group of multiple passwords can be uniquely associated and generated by combining an associative word with that password base, so many different authentication services (login screens) It is possible to respond to any number of times.

  The authentication server according to the present invention is an arbitrary character that allows a user to uniquely associate a password consisting of an arbitrary character string corresponding to user identification information that is predetermined in order to identify a specific user in a specific authentication service. A registration unit that accepts registration of associative words that are columns via a terminal used by the user, a database that stores the association word that is registered by the registration unit in association with user identification information, and In response to a request, a login screen providing unit that provides a terminal with a login screen that accepts input of user identification information and a password, a user identification information input unit that receives input of user identification information in a specific authentication service via the login screen, Associative words corresponding to user identification information entered via the login screen are retrieved from the database. It includes an extraction unit for output, and a notification unit that notifies the association generated word extracted from the database to the terminal, the.

  The personal password association support device according to the present invention includes a plurality of passwords made up of arbitrary character strings corresponding to a plurality of user identification information predetermined in order to identify a specific user in each of a plurality of authentication services. For each authentication service, a registration unit that accepts an association-generated word, which is an arbitrary character string that uniquely associates the user with each authentication service, for each desired authentication service, and a registration unit that accepts registration for each desired authentication service A database that stores the associative words in association with user identification information in a desired authentication service; and a user identification information input unit that accepts input of user identification information in a desired authentication service via a predetermined single login screen; The user identification information in the desired authentication service input to the user identification information input unit It includes an extraction unit that extracts an associative generation word to respond from a database, and a notification unit that notifies the association generated word extracted from the database, the.

  The personal password management system according to the present invention provides a plurality of passwords composed of arbitrary character strings corresponding to a plurality of predetermined user identification information for identifying a specific user in each of a plurality of authentication services. A registration unit that accepts registration of an associative word that is an arbitrary character string that is uniquely associated with the user for each authentication service for each desired authentication service, and an association word that is registered by the registration unit Database stored in association with user identification information in authentication service, user identification information input unit for receiving input of user identification information in specific authentication service, and associative generation corresponding to input user identification information in specific authentication service Extractor that extracts words from the database and And a notification unit that notifies the association generation word.

  The personal password association support program according to the present invention includes a plurality of passwords made up of arbitrary character strings corresponding to a plurality of predetermined user identification information for identifying a specific user in each of a plurality of authentication services. For each desired authentication service, and for each desired authentication service, the registration of the associative word whose registration is accepted for each desired authentication service. Storing in the database in association with user identification information in a desired authentication service, accepting input of user identification information in a specific authentication service, and association associated with the input user identification information in the specific authentication service Extracting generated words from the database and data It is executed and notifying the association generated word extracted from over scan, to the computer.

  In addition, the personal password association support program according to the present invention uniquely assigns a password consisting of an arbitrary character string corresponding to user identification information predetermined for identifying a specific user in a specific authentication service to the user. A step of accepting registration of an associative word that is an arbitrary character string to be associated, a step of storing the associative word received for registration in a database in association with user identification information in a specific authentication service, and a specific authentication A step of accepting input of user identification information in the service through a login screen of a specific authentication service, and a step of extracting from the database an associative word corresponding to the user identification information in the specific authentication service input through the login screen And the associative words extracted from the database Comprising the steps of, causing the computer to execute.

  The personal password association support program according to the present invention includes a plurality of arbitrary character strings corresponding to each of a plurality of user identification information predetermined in order to identify a specific user in each of a plurality of authentication services. Accepting for each desired authentication service registration of an associative word that is an arbitrary character string uniquely associating the user's password with each authentication service, and associative generation with registration accepted for each desired authentication service Storing a word in a database in association with user identification information in a desired authentication service, accepting input of user identification information in a desired authentication service via a predetermined single login screen, User identification in the desired authentication service entered via one login screen Extracting association product word corresponding to the information from the database, to perform the steps, to the computer to inform the association generated word extracted from the database.

  According to the present invention, when using a specific authentication service among a plurality of authentication services, when user identification information is input from the login screen, an associative word that is arbitrarily registered in advance by the user is notified. The user can uniquely associate and generate a password used in the authentication service from the notified associative word. Thereby, it is possible to easily remember and use a plurality of passwords set in the past individually by a plurality of authentication services.

  Hereinafter, preferred embodiments of the present invention will be described with reference to the accompanying drawings.

<First Embodiment>
FIG. 1 is a block diagram of a personal authentication system according to a preferred embodiment of the present invention. In this system, a client 1 constituted by a personal computer or an information terminal and a plurality of authentication servers 2a and 2b (sometimes collectively referred to as an authentication server 2) are connected via a network 3 such as the Internet.

  The authentication server 2 is used for authenticating a specific user in various services such as a community site and a commercial site.

  The web browser 11 provided in the client 1 receives and displays web pages transmitted from the web servers 21 a and 21 b (also collectively referred to as the web server 21) provided in the authentication server 2.

  In particular, the Web server 21 transmits a registration form (registration screen) that is a Web page for password registration or an authentication form (login screen) that is a Web page for user authentication to the client 1. A user ID and a password are input to a registration form or an authentication form in accordance with an operation of the operation unit 12 configured with a mouse or the like, and this is transmitted to the Web server 21.

  Here, the registration form transmitted by the Web server 21a and the registration form transmitted by the Web server 21b are independent from each other and are completely irrelevant. In order to distinguish the two, the registration form transmitted by the Web server 21a is represented by RF1, and the registration form transmitted by the Web server 21b is represented by RF2.

  Further, the authentication form transmitted by the Web server 21a and the authentication form transmitted by the Web server 21b are independent from each other and are completely irrelevant. In order to distinguish between the two, the registration form transmitted by the Web server 21a is represented by AF1, and the registration form transmitted by the Web server 21b is represented by AF2.

  Each of the authentication servers 2a and 2b is an authentication database (DB) 23a or 23b (collectively referred to as an authentication DB 23) that stores a unique user ID given to each user and a password arbitrarily determined by each user. Authentication units 22a and 22b (collectively) that collate the user ID and password received from the client 1 with the user ID and password stored in the authentication DB 23 and authenticate the user according to whether they match. The password / associative word registration unit 24a, 24b for registering the password arbitrarily input by the user and the association generation described later in the authentication DB 23a, 23b (collectively, the registration unit 24). In addition, it may be abbreviated as registration units 24a and 24b).

  In this figure, two authentication servers 2a and 2b are shown as an example of a plurality of authentication servers for convenience of explanation, but three or more authentication servers and the client 1 may be connected or connectable. For convenience of explanation, it is assumed that the configurations of the authentication servers 2a and 2b are the same, and a and b are added only when it is necessary to particularly distinguish the blocks constituting them. However, the authentication servers 2a and 2b and the blocks constituting them are independent and independent, and are not related to each other.

  The Web browser 11 of the client 1 transmits the information input from the operation unit 12 to the authentication server 2 in addition to the browsing function of the Web page, and the authentication of the Web server 21 configured by, for example, a CGI (Common Gateway Interface) program. It also has a function of handing over to the unit 22 and the registration unit 24.

  FIG. 2 shows an example of a registration form (registration screen). For convenience of explanation, it is assumed that the layout layout design of the registration forms RF1 and RF2 is the same. However, the present invention is not related to the layout design. The registration form is a graphical user interface that allows the user to input and specify items necessary for registering a password by an arbitrary operation of the operation unit 22 by the user. Specifically, in this registration form, a user ID input field 201 for inputting a user ID, which is unique identification information given in advance to each user, and an arbitrary character string to be registered as a password are input. A password input field 202 and an associative word input field 203 for inputting an associative word that uniquely associates the password with the user are provided. Registration buttons 210 are provided on the registration forms RF1 and RF2.

  Now, a procedure for registering a new password in the authentication server 2a is shown below (however, the procedure for registering in the authentication server 2b is exactly the same, so the description is omitted). When the registration button 210 of the registration form RF1 is pressed, the Web browser 11 is input to the user ID input to the user ID input field 201, the password input to the password input field 202, and the associative word input field 203. The associative word (usually, a part in which a password base to be described later is removed from a password to be newly registered) is transmitted to the Web server 21a.

  The web server 21a delivers the user ID, password, and associative word received from the registration form RF1 to the registration unit 24a. The registration unit 24a associates the user ID, password, and associative generated word delivered from the Web server 21a and stores them in the authentication DB 23a.

  FIG. 3 shows an example of an authentication form (login screen). For convenience of explanation, it is assumed that the layout layout design of the authentication forms AF1 and AF2 is the same. However, the present invention is not related to the layout design. The authentication form is a user interface in which items necessary for the user to be authenticated, that is, a user ID and a password are input. Specifically, a user ID input field 204 for inputting a user ID and a password input field 205 for inputting a password are provided. Furthermore, an associative word display field 206 for displaying an associative word registered from the registration form is also provided. A login button 220 is provided on the authentication forms AF1 and AF2.

  Now, the procedure for logging in to the authentication server 2a is shown below (however, the procedure for logging in to the authentication server 2b is exactly the same, and the description is omitted). In the authentication form AF1, first, when a user ID is entered in the user ID input field 204, an associative word is sent from the system side to the associative word display field 206. The user who sees it recalls the password to be entered on the login screen from the combination of the password base and the associative word, inputs it in the password entry field 205, and presses the login button 220. When the login button 220 of the authentication form AF1 is pressed, the Web browser 11 transmits the user ID input in the user ID input field 204 and the password input in the password input field 205 to the Web server 21a.

  The Web server 21a delivers the user ID and password received from the authentication form AF1 to the authentication unit 22a. The authentication unit 22a compares the user ID and password delivered from the Web server 21a with the user ID and password stored in the authentication DB 23a, and authenticates that the user is valid if both match.

  FIG. 4 is a conceptual explanatory diagram of information stored in the authentication DBs 23a and 23b. The authentication DBs 23a and 23b store an authentication table in which “user ID”, “password”, and “association word” are associated with each other. The authentication table is created, stored, and managed for each user. In this figure, the user ID for a specific user is “XYZ01” in the authentication DB 23a and “UVWq” in the authentication DB 23b, and the services operating the authentication servers 2a and 2b are defined completely independently. . On the other hand, the passwords “haru001” and “haru002” corresponding to the user ID are arbitrarily determined by the user, and some character strings “haru” are common. In this example, “haru” corresponds to the password base.

  More generally speaking, a user who accesses the authentication server 2 from the client 1 manages a password group used in the authentication server 2 as follows.

  1. For a set of passwords to be managed, determine a single password base that is never revealed to anyone. For example, a password base is made up of five characters x (1) x (2) x (3) x (4) x (5). However, the length of the password base is arbitrary. The user stores only the password base in his / her head.

  2. Next, for that password base, the individual password that you actually use on each login screen is, for example, x (1) x (2) x (3) x (4) x (5) a (1) As in the form of a (2) a (3), the structure is determined by adding a three-digit number of a (1) a (2) a (3) after the password base. This additional part (a (1) a (2) a (3) in this example) is called an associative word.

  3. The individual passwords generated from this base are then x (1) x (2) x (3) x (4) x (5) 000, x (1) x (2) x (3) x (4 ) x (5) 001, x (1) x (2) x (3) x (4) x (5) 002,..., 1000 different passwords can be generated.

  4). In the registration form (registration screen), after the user ID is entered in the user ID entry field 201, the password entry field 202 displays “x (1) x (2) x (3) x (4) x (5) a ( 1) a (2) a (3) ”is entered, and“ a (1) a (2) a (3) ”is entered in the associative word input field 203.

  5. The authentication server 2 stores the user ID, the password, and the associative word entered in the registration form in the authentication DB 23 in association with each other. The user ID and password are managed in association with each other as in the conventional technology, but the associative word is also stored in the authentication DB 23 in a form associated with the ID and password on the authentication server 2 side. Just leave it.

  6). In the authentication form (login screen), the user first inputs the user ID into the user ID input field 204. The web browser 11 determines whether or not the input of the user ID is finished. This determination is made, for example, by pressing the return key of the operation unit 12 or when the cursor moves to another location. Alternatively, a user ID input completion button may be separately provided and the user ID input completion may be notified to the system side by pressing this button. When the Web browser 11 determines that the input of the user ID has been completed, the authentication unit 22 extracts an associative word corresponding to the input user ID from the authentication DB 23 and transmits this associative word to the client 1. When the web browser 11 receives the associative word from the authentication server 2, it displays it in the associative word display field 206.

  7). The user confirms the associative word displayed in the associative word display field 206, and the password basis x (1) x (2) x (3) x (4) x (5 The associative generator a (1) a (2) a (3) is input after the input of). In this case, the user himself has a rule that “the password is followed by the association word after the password base”. That is, by registering a part of the password as an associative word in advance in the authentication server 2, it is possible to obtain the associative word from the authentication server 2 at the time of authentication and to input the entire password without fail. . The point of this method is that even if the associative generator a (1) a (2) a (3) is known to a third party, the password basis x (1) x (2) x (3) x (4) x As long as (5) is unknown and the combination method is unknown, it is impossible for a third party to decrypt and create a password.

  Thus, in order for an individual to manage a plurality of passwords, one password base is determined (there is only a single password and the possibility of forgetting is extremely small), and an associative word added to the password base is sent to the authentication server 2. By making it public, the person can generate the individual password required at that time in a complete form and can still be kept secret from the third party. The associative word is perfect supplementary information for the person, but others alone do not know what the true password is.

  In the above example, the password character string has a structure in which an associative word consisting of three digits is added to the password base, but in general there are no restrictions on the character string and character type of the password base or the associative word. Absent. For example, if “saori” is used as an associative word, “saori” is displayed in the associative word display field 206. Therefore, under the combination rule of “continue the associative word after the base”, the user must enter the password As “x (1) x (2) x (3) x (4) x (5) saori”.

  For example, consider a case where a password is formed by placing the first three letters of an associative word in front of the password base and the second letter after the associative word. In this case, when tj803 is displayed in the associative word display field 206, the password is tj8x (1) x (2) x (3) x (4) x (5) 03. Furthermore, the last letter of the 5-character associative word is made into a number, meaning that only this number from the beginning of the associative word is placed at the base, and the rest continues after the base. If interpreted, it can be shown that tj803 was the rule of attaching tj8 to the head of the base and 03 after the base. Furthermore, such a rule itself can be applied such that it is indicated by a hyphen or less at the end of the associative word. In any case, it is important that only the registered person can immediately find out the combination rule and the password to be generated from the associative word.

  Further, the length of the password base and the length of the character string added to the password base are arbitrary, and it goes without saying that the security level increases if these character strings are long.

  For a more advanced usage, it is not necessary to incorporate the associative word into the password as it is, if the associative word and the password correspond one-to-one, and the combination rule can be easily understood by the user. Anything is fine. For example, if “love” is selected as the base, “musume” is registered as the association generation word, and “lovesaori” is registered as the password, the user sees the display of the association generation word “musume” when logging in, and the user's own daughter Recalling the name “saori”, you can quickly enter “lovesaori” as a password. Since this is based on the mapping rule determined only in the user's head, the security level for concealing the password from others can be further increased.

  As described above, the additional portion other than the base portion of the password may be any character string that can be surely converted from the associative word to the one-to-one by the user himself, and thus can be said to have very high versatility. . The combination of the converted character string (saori in the above example) and the password base to be used as a password may be calculated from a rule (formula etc.) determined in the user's head. ) Can be modified and applied as much as you like.

  According to the method described above, the password registration screen and the login screen of the overflowing website only support the function of inputting and displaying associative words, making personal password management very functional and convenient. Become.

  However, the associative words are not necessarily displayed in the associative word display field 206 and may be displayed in the password input field 205 for convenience. Alternatively, the user may be notified by transmitting an associated word generated to an electronic device owned by the user, for example, a mobile phone, or by transmitting and playing a sound corresponding to the associated word. Any specific configuration may be used as long as it is a means for notifying an associative word.

  Further, the present invention includes a program that causes a computing device and a storage device of a personal computer and a server to function as the authentication unit 22, the authentication DB 23, and the registration unit 24.

Second Embodiment
In the first embodiment, each authentication server 2 individually transmits a registration form (registration screen) or an authentication form (login screen) to the client 1 and is input from the registration of the associative word entered in the registration form or the authentication form. Each authentication server 2 has performed extraction of the associative word corresponding to the user ID. However, the client 1 manages a single registration form (registration screen) and authentication form (login screen) corresponding to all systems, and the client 1 also performs registration and extraction of associative words corresponding to the user ID locally. Things are also possible. In other words, all of the single registration form and authentication form are managed on the client side, and when registering / logging in to the actual site, this single form is used to register and log in to the specified fields (user ID and password fields) on the actual site. Consider a form in which inputs are linked automatically. The first embodiment is not realized unless the system on the actual site side adopts a system incorporating the concept of associative words. However, the second embodiment does not change the actual site (only the user ID and password fields). Even if it does not exist, a means for realizing the method of the present invention on the user side (client side) is provided. Hereinafter, since the registration system side is simple, the description will focus on the movement of the authentication system side including that.

  FIG. 5 is a block diagram of an authentication system according to the second embodiment. Unlike the first embodiment, the client 1 includes an associative generated word DB 14 and an associative generated word extracting unit 13.

  Unlike the first embodiment, the authentication DBs 23a and 23b of the authentication servers 2a and 2b store user IDs and passwords in association with each other, but do not store associative words.

  For example, as shown in FIG. 6, the authentication DB 23a stores “XYZ0” and the password “haru001” as user IDs in association with each other, and the authentication DB 23b supports “UVWq” and the password “haru002” as user IDs. I remember it.

  FIG. 7 is a conceptual explanatory diagram of an associative word management table stored in the associative word DB 14. As shown in the figure, the associative word management table stores “site”, “user ID”, and “association word” in association with each other. The user arbitrarily designates which associative word is stored in association with which user ID from the operation unit 12. Since the associative word management table may be illegally acquired by a third party, the password is not stored.

  As shown in FIG. 8, the Web browser 11 displays a predetermined single authentication form (login screen) corresponding to all the authentication servers 2a and 2b accessed by the user. In this figure, an authentication form that serves as both the authentication form F1 for the authentication server 2a of "A bank" and the authentication form F2 for the authentication server 2b of "B net store" is shown. Since this form is prepared in advance on the client 1 side, it is not necessary to provide it from the authentication server 2.

  The client 1 includes an associative word extraction unit 13. The associative word extraction unit 13 extracts an associative word corresponding to the user ID used in the authentication server 2 accessed by the user from the associative word DB 14 and outputs it to the Web browser 11.

  For example, it is assumed that the user ID “XYZ01” is input to the user ID input field 204a of the authentication form F1. The associative word extraction unit 13 determines whether or not the input of the user ID has been completed. If it is determined that the input of the user ID is completed, the associative word extraction unit 13 extracts the associative word “001” corresponding to the user ID of “A bank” from the associative word DB 14. The associative word extraction unit 13 outputs the extracted associative word to the web browser 11. The Web browser 11 displays the associative word output from the associative word generation unit 13 in the associative word display column 206a of “A bank”.

  The user recalls the password by looking at the associative word displayed in the associative word display field 206a, and inputs the password in the password input field 205a. When the login button 220 is pressed, the Web browser 11 authenticates the user ID entered in the user ID entry field 204a and the password entered in the password entry field 205a in the actual site (authentication server 2a). (Login screen, see FIG. 3), a command corresponding to the operation of pressing the login button 220 is executed, and when viewed from the site side, the login can be made the same as that. The site does not know that the associative word processing operation has been performed on the client side, and processes it as a normal user ID and password login, so there is no need to change the site system. The authentication server 2a authenticates the user by comparing the received user ID and password with the user ID and password stored in the authentication DB 23a.

  For example, it is assumed that the user ID “UVWq” is input to the user ID input field 204b of the authentication form F2. The associative word extraction unit 13 determines whether or not the input of the user ID has been completed. If it is determined that the input of the user ID is finished, the associative word extraction unit 13 extracts the associative word “002” corresponding to the user ID “B net store” from the associative word DB 14. The associative word extraction unit 13 outputs the extracted associative word to the web browser 11. The Web browser 11 displays the associative word output from the associative word extraction unit 13 in the associative word display field 206b of “B net store”.

  The user recalls the password by looking at the associative word displayed in the associative word display field 206b, and inputs the password in the password input field 205b. When the login button 220 is pressed, the Web browser 11 transfers the user ID input in the user ID input field 204b and the password input in the password input field 205b to the login screen of the actual site (authentication server 2b). . The authentication server 2b authenticates the user by comparing the received user ID and password with the user ID and password stored in the authentication DB 23b.

  As described above, since this method can be realized on the personal terminal side without forcing any changes on the site (authentication servers 2a, 2b) side, from the viewpoint of personal password management, on the client 1 side. It is possible to manage and control multiple login functions freely on one screen. For example, a screen software called MyLOGIN is prepared on the client side, and LOGIN BOX (bank 1, bank 2, online store, XX member, etc.) for which you are a member is laid out on the screen, and for each LOGIN BOX In addition, it is sufficient that the associative words can be registered, extracted, and notified in the client 1. This is realized by causing a computing device and a storage device of a personal computer and an information terminal to function as the associative generated word extraction unit 13 and the associative generated word DB 14, respectively. After the correct password is entered, the necessary data may be transferred from the LOGIN BOX to the login screen provided by a predetermined original system. Such client software seems to be quite useful, and such software package sales are possible.

  The present invention can be applied not only to Internet homepages but also to login methods using passwords for computers, digital home appliances, mobile phones, embedded devices, information devices, etc. in general.

Block diagram of an authentication system according to the first embodiment Figure showing an example of a registration form The figure which shows an example of the authentication form which concerns on 1st Embodiment Conceptual explanatory diagram of information stored in the authentication database according to the first embodiment Block diagram of an authentication system according to the first embodiment Conceptual explanatory diagram of information stored in the authentication database according to the second embodiment Conceptual explanatory diagram of information stored in the associative word database The figure which shows an example of the authentication form which concerns on 2nd Embodiment

Explanation of symbols

1: client, 2: authentication server, 13: associative generated word extraction unit, 14: associative generated word database, 22: authentication unit, 23: authentication database, 24: registration unit

Claims (10)

A plurality of passwords made up of arbitrary character strings corresponding to a plurality of user identification information predetermined for identifying a specific user in each of a plurality of authentication services are uniquely assigned to the user for each authentication service. Receiving a registration of associative words, which is an arbitrary character string to be associated, for each desired authentication service;
Storing an associative word accepted for registration for each desired authentication service in a database in association with user identification information in the desired authentication service;
Receiving input of user identification information in a specific authentication service;
Extracting from the database an associative word corresponding to input user identification information in a specific authentication service;
Notifying the associative words extracted from the database;
Personal password management method including. An associative word that is an arbitrary character string that uniquely associates a password consisting of an arbitrary character string corresponding to predetermined user identification information for identifying a specific user in a specific authentication service; A step of accepting registration;
Associating the associative word accepted for registration with the user identification information in the specific authentication service and storing it in a database;
Receiving input of user identification information in the specific authentication service via a login screen of the specific authentication service;
Extracting from the database an associative word corresponding to user identification information in a specific authentication service entered via the login screen;
Notifying the associative words extracted from the database;
Personal password management method including. A plurality of passwords made up of arbitrary character strings corresponding to a plurality of user identification information predetermined for identifying a specific user in each of a plurality of authentication services are uniquely assigned to the user for each authentication service. Receiving a registration of associative words, which is an arbitrary character string to be associated, for each desired authentication service;
Storing an associative word whose registration is accepted for each desired authentication service in a database in association with user identification information in the desired authentication service;
Receiving input of user identification information in the desired authentication service via a predetermined single login screen;
Extracting from the database an associative word corresponding to user identification information in a desired authentication service input via the predetermined single login screen;
Notifying the associative words extracted from the database;
Personal password management method including.   4. The personal password management method according to claim 1, wherein the plurality of passwords include a corresponding associative word and a password base that is a predetermined common character string. An associative word that is an arbitrary character string that uniquely associates a password consisting of an arbitrary character string corresponding to user identification information that is predetermined for identifying a specific user in a specific authentication service. A registration unit that accepts registration via a terminal used by the user;
A database that stores association-generated words accepted by the registration unit in association with the user identification information;
In response to a request from the terminal, a login screen providing unit that provides the terminal with a login screen that accepts input of the user identification information and the password;
A user identification information input unit for receiving input of user identification information in the specific authentication service via the login screen;
An extraction unit that extracts associative words corresponding to user identification information input via the login screen from the database;
A notification unit for notifying the terminal of associative words extracted from the database;
An authentication server comprising: A plurality of passwords made up of arbitrary character strings corresponding to a plurality of user identification information predetermined for identifying a specific user in each of a plurality of authentication services are uniquely assigned to the user for each authentication service. A registration unit that accepts registration of associative generated words, which are arbitrary character strings to be associated, for each desired authentication service;
A database that stores association-generated words whose registration is accepted for each desired authentication service by the registration unit in association with user identification information in the desired authentication service;
A user identification information input unit that accepts input of user identification information in the desired authentication service via a predetermined single login screen;
An extraction unit for extracting an associative word corresponding to user identification information in a desired authentication service input to the user identification information input unit from the database;
A notification unit for notifying an associative word extracted from the database;
A personal password association support device. A plurality of passwords made up of arbitrary character strings corresponding to a plurality of user identification information predetermined for identifying a specific user in each of a plurality of authentication services are uniquely assigned to the user for each authentication service. A registration unit that accepts registration of associative generated words, which are arbitrary character strings to be associated, for each desired authentication service;
A database that stores the associative generated words accepted by the registration unit in association with user identification information in a desired authentication service;
A user identification information input unit for receiving input of user identification information in a specific authentication service;
An extraction unit that extracts an associative word corresponding to user identification information in the input specific authentication service from the database;
A notification unit for notifying an associative word extracted from the database;
A personal password management system. A plurality of passwords made up of arbitrary character strings corresponding to a plurality of user identification information predetermined for identifying a specific user in each of a plurality of authentication services are uniquely assigned to the user for each authentication service. Receiving a registration of associative words, which is an arbitrary character string to be associated, for each desired authentication service;
Storing an associative word accepted for registration for each desired authentication service in a database in association with user identification information in the desired authentication service;
Receiving input of user identification information in a specific authentication service;
Extracting from the database an associative word corresponding to input user identification information in a specific authentication service;
Notifying the associative words extracted from the database;
Personal password association support program that allows a computer to execute a password. An associative word that is an arbitrary character string that uniquely associates a password consisting of an arbitrary character string corresponding to user identification information that is predetermined for identifying a specific user in a specific authentication service. A step of accepting registration;
Associating the associative word accepted for registration with the user identification information in the specific authentication service and storing it in a database;
Receiving input of user identification information in the specific authentication service via a login screen of the specific authentication service;
Extracting from the database an associative word corresponding to user identification information in a specific authentication service entered via the login screen;
Notifying the associative words extracted from the database;
Personal password association support program that allows a computer to execute a password. A plurality of passwords made up of arbitrary character strings corresponding to a plurality of user identification information predetermined for identifying a specific user in each of a plurality of authentication services are uniquely assigned to the user for each authentication service. Receiving a registration of associative words, which is an arbitrary character string to be associated, for each desired authentication service;
Storing an associative word whose registration is accepted for each desired authentication service in a database in association with user identification information in the desired authentication service;
Receiving input of user identification information in the desired authentication service via a predetermined single login screen;
Extracting from the database an associative word corresponding to user identification information in a desired authentication service input via the predetermined single login screen;
Notifying the associative words extracted from the database;
Personal password association support program that allows a computer to execute a password.

Images