JP2007128281A - Authentication device, password change method and program therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve confidentiality preservation effect without making a user feel that a password change is troublesome. <P>SOLUTION: A set information storage means 9 stores set information of a changeover condition and a plurality of candidate passwords by IDs. A next-time changeover date calculation means 13 calculates a latest next-time changeover date about each the candidate password in reference to the changeover condition and imparted present date information, and stores it in each the candidate password. A present password change means 15 decides whether the present date information accords with the next-time changeover date made to be stored or not when the present date information is imparted from a present date information acquisition means 11, and rewrites a present password into the candidate password corresponding to the next-time changeover date in the case of the accordance. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an authentication process capable of changing a password, a password changing method, and a password changing program.

Conventionally, when a computer is used, an authentication process for confirming using an ID and a password is performed. Since the security effect is reduced if the first registered password is fixedly used, an authentication system is known in which a new password and its switching date are registered in advance, and this is automatically switched when the specified date is reached. (For example, refer to Patent Document 1).
JP-A-4-142655

  However, the conventional system has a problem in that when a password is changed, a new password must be registered each time.

  An object of the present invention is to solve such a conventional problem, and to provide a password changing method that does not require a complicated registration procedure and has a high security effect.

  In order to achieve the above object, a password changing method according to the present invention includes a step of storing a set of candidate passwords and periodic switching conditions together with an ID for each ID, a step of acquiring current date information, and the current Referring to date information and the periodic switching condition, calculating the most recent next switching date for each candidate password of the plurality of sets of information, storing for each candidate password, obtaining current date information and It is determined whether it matches with one of the stored next switching dates, and if it matches, the step of rewriting the current password with a candidate password corresponding to the matching next switching date is provided.

  In the present invention, the password is automatically switched according to the periodic switching condition. Since such a switching condition is a periodic switching condition, it is not necessary to make a reservation input of a new password each time it is switched.

  In this specification, “periodic switching condition” means a condition for switching the corresponding password to the current password at a predetermined cycle. When the current date information is given, the next switching date is specified periodically. The conditions that can be done. In the embodiment, every Monday or 15th of every month is applicable.

  In this embodiment, the period is a constant width, but the period is not constant and a predetermined change may be made. For example, it may be a day set at random among the 10th to 20th of every month, or the 1st and 10th of every month. In the latter case, the period varies from 9 days between 1st and 10th days, such as 20th or 21st between 10th and 1st (February is further different). Moreover, the number of days from a certain reference date may be used. For example, if the reference date is September 1, the first candidate is every 15 days, the second candidate is every 25 days, and so on. In addition, such a periodic change condition such as 10 days after a specific date may be used instead of such a periodic in the calendar.

Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is a block diagram showing a configuration of an authentication apparatus using a password changing method according to an embodiment of the present invention.

  The authentication device 1 shown in FIG. 1 includes an authentication unit 1a and a password change unit 1b. The authentication unit 1 a includes a current authentication data storage unit 3 and an authentication unit 5. The current authentication data storage means 3 stores the ID and the corresponding password as current authentication data. When the authentication means 5 is given an ID and a password from the authorized person, the authentication means 5 reads out the password corresponding to the ID from the current authentication data, and determines whether or not the given password matches the read password. Judgment is made, and if they match, authentication processing is performed.

  The password changing unit 1b includes an input unit 7, a set information storage unit 9, a current date information acquisition unit 11, a next switching date calculation unit 13, and a current password change unit 15.

  The input means 7 inputs a plurality of pieces of set information of candidate passwords and periodic switching conditions together with the ID of the person to be authorized. The group information storage means 9 stores the plurality of group information for each ID. The current date information acquisition unit 11 acquires current date information.

  The next switching date calculation means 13 refers to the given current date information and the periodic switching condition, calculates the next switching date of the most recent time for each candidate password of the plurality of sets of information, and for each candidate password Remember.

  When new current date information is given from the current date information acquisition unit 11, the current password changing unit 15 determines whether it matches any of the stored next switching dates, and if it matches, the current password is changed. Is replaced with the candidate password corresponding to the next switching date.

  Thus, in this embodiment, the password is periodically changed from a plurality of candidates. Generally, a password is changed by its own active action. This is because the password after change is not known. On the other hand, in the present embodiment, the changed password is one of the candidates previously input by the certifier, so that the certifier can authenticate by inputting any of the above passwords. Thereby, the password is periodically changed without making the user feel that the password change is troublesome.

  Next, the hardware configuration of the authentication device 1 shown in FIG. 1 will be described. FIG. 2 is a diagram illustrating an example of a hardware configuration in which the authentication apparatus 1 is configured using a CPU, FIG. 3 is a diagram illustrating a data structure of authentication data, and FIG. 4 is a diagram illustrating switching conditions.

  The authentication device 1 includes a CPU 23, a memory 27, a hard disk 26, an input device 28, a display 30, a communication unit 32, and a bus line 29.

  The CPU 23 controls each unit via the bus line 29 according to the program stored in the hard disk 26.

  The hard disk 26 includes a program storage unit 26p that stores programs to be described later, a current password storage unit 26c, and a switching condition storage unit 26j. This program is read from a CD-ROM storing the program via a CD-ROM drive (not shown) and installed in the hard disk 26. In addition to the CD-ROM, programs such as a flexible disk (FD) and an IC card may be installed on a hard disk from a computer-readable recording medium. Furthermore, it may be downloaded using a communication line.

  In the present embodiment, the program stored in the CD-ROM is indirectly executed by the computer by installing the program from the CD-ROM to the hard disk 26. However, the present invention is not limited to this, and the program stored in the CD-ROM may be directly executed from the CD-ROM drive.

  Note that programs that can be executed by a computer are not only those that can be directly executed by being installed as they are, but also those that need to be converted into another form once (for example, those that have been compressed) In addition, those that can be executed in combination with other module parts are also included.

  As shown in FIG. 3, the current password storage unit 26c stores the current password associated with each ID as authentication data. In the switching condition storage unit 26j, as shown in FIG. 4A, a plurality of passwords are stored for each ID, and periodic switching conditions are associated with each password and stored. For example, in this case, three passwords “1234”, “3412”, and “4321” are stored as candidate passwords in the ID “HONDA”, and periodic switching conditions are stored in each. As will be described later, the next switching date is calculated from the current date and stored as shown in FIG. 4B.

  Next, the switching date calculation process of this embodiment will be described with reference to FIG. FIG. 5 is a flowchart showing the switching date calculation process.

  In FIG. 5, when the candidate password and the switching condition are stored together with the ID in the switching condition storage unit 26j, the CPU 23 acquires each candidate password and the switching condition for the certain ID from the switching condition storage unit 26j (step S1). ). In this case, the passwords “1234”, “3412”, “4321” and these switching conditions “every Monday”, “1st of every month”, and “15th of every month” are read out.

  Next, the CPU 23 acquires today's date (step S3). Here, it is assumed that October 6, 2004 has been acquired. The process number i is initialized (step S5), and the next switching date is calculated and stored for the i-th candidate password (step S7). In this case, since today's date is “October 6, 2004”, the next switching date for password “1234” is “October 11, 2004”, so that the data is stored. Is done.

  The CPU 23 determines whether or not the calculation process for the next switching date has been completed for all candidates (step S9). In this case, since all processing has not been completed, the process number i is incremented (step S11), and the process of step S7 is performed. As a result, “November 1, 2004” is stored as the next switching date for the password “3412”, and “November 15, 2004” is stored as the next switching date for the password “4321”. FIG. 4B shows a state where the calculation result is additionally written.

  When the calculation process for the next switching date is completed for the three candidate passwords, it is determined in step S9 that all the processes have been completed, and the switching date calculation process ends.

  Next, the password switching process for the ID “HONDA” will be described with reference to FIG. FIG. 6 is a flowchart showing the password switching process.

  In FIG. 6, when the CPU 23 detects a date update, the CPU 23 acquires a new today date (step S21). In the following description, it is assumed that “October 11, 2004” has been acquired as the current date. The CPU 23 acquires the next switching date (step S23), and determines whether there is a matching candidate password for the next switching date (step S25).

  In this case, since the next switching date is the same for the candidate password “1234”, the process proceeds to step S27 to determine whether there is a duplicate candidate password (step S27). The stored password is stored as the current password (step S31).

  If there are duplicate candidate passwords, the higher priority which will be described in detail later is selected (step S29). The updated password list is shown in FIG. 3B.

  As with general authentication, when an ID and a password are input, the current password is read for the input ID, and it is determined whether or not it matches the input password. Good.

  As described above, in this embodiment, even when the month changes, the switching condition that can determine the switching date is stored in association with each candidate password, so that the password change is automatically performed. Is called. In general, when changing a password, a password once used is often not used. On the other hand, in the present invention, the switching is performed sequentially under the periodic switching condition. Therefore, if the user remembers only a plurality of passwords, the user can authenticate without being confused even if the password is automatically changed. This is because, in general, if the password is changed without the operator's knowledge, the operator will be confused. Once the periodic switching condition is set, it is often not recognized on the actual change day even if it is recognized. However, since it is only switched to one of a plurality of passwords, authentication is established if a plurality of preset passwords are sequentially input.

  Next, a case where there are duplicate candidate passwords will be described. That is, the next switching date of each candidate password overlaps. For example, in the case of the candidate password group shown in FIG. 4C, when December 15 is Monday, the next switching date of the candidate password “1234” and the candidate password “4321” is both December 15. In order to prevent this, in this embodiment, a priority is set for each candidate password, and the higher priority is selected (step S29 in FIG. 6). For example, the priority is represented by a number such as “1, 2, 3,...” And may be input as set information together with an ID, a candidate password, and a periodic switching condition, or may be arbitrarily given by a computer. You may make it do.

  It should be noted that such priority may not be defined, and any one of the applicable ones may be arbitrarily selected by the computer. For example, it may be determined by generating a random number.

  In addition, when authentication failure is repeated for a certain ID, a process may be performed to prevent authentication with that ID for security. In the present embodiment, there is a possibility that authentication cannot be performed unless the user repeats password input by the number of stored passwords. Accordingly, it is desirable that at least authentication processing can be performed for the number of candidate passwords stored for each ID.

  In the present embodiment, the calculation process of the next switching date of each candidate password has been illustrated in advance as an example when the candidate password and the switching condition are input together with the ID. However, after that, the password is switched. It is desirable to calculate each time and update the next switching date. Also, the password manager or the user himself / herself may be able to instruct processing at any time, or may be set to perform calculation at a predetermined time such as a time determined every day.

  Further, in the present embodiment, an example is shown in which the password switching process is performed when the date changes. However, the password manager or the user himself / herself may be able to instruct the process at any time, or may be determined every day. It may be set to be executed at a predetermined time such as time.

  In the present embodiment, the certifier is not notified that the password has been changed. However, the change of the password may be displayed on the screen at the time of authentication or the like.

  In addition, the switching condition shown in FIG. 4 may be changed by the password administrator, and this can be maintained by the user himself / herself. In this case, candidate passwords and switching conditions can be changed.

  In this embodiment, each password is periodically changed by storing a periodic switching condition on the calendar in association with each other. However, the present invention is not limited to this, and a condition for switching with a random number or the like may be determined from the candidate group, and the current password may be changed when the conditions are met. In this case, candidate selection conditions and change timing determination conditions may be stored in advance as to which candidate is selected and at which timing.

  The candidate selection condition may be selected regularly or irregularly. In a regular case, the selection condition may be stored, and in a non-regular case, it may be determined randomly using a random number or the like. Further, the change time determination condition may be periodically executed using the switching time determination condition. For example, when such a determination is made every fixed period (for example, every week) and a candidate already selected as a change candidate is selected again, the password is not changed until the next fixed period elapses. Even in such a case, the password is periodically changed.

  Thus, even when the user is not involved in how to switch, the user is selected from any of the plurality of candidate passwords, so that the user can obtain authentication by sequentially inputting the previously stored candidates. .

  In the present embodiment, in order to realize the function shown in FIG. 1, this is realized by software using a CPU, but part or all of it may be realized by hardware such as a logic circuit.

  Note that an operating system (OS) may be used separately from the above-described program, and a part of the processing may be performed by the OS.

  Although the case where the password is changed based on the date has been described above, the password is not limited thereto, and the password may be changed according to time, month, or a combination thereof.

  The password may be changed every time N times (N is a natural number).

  Alternatively, the password may be changed to a predetermined password when the password change is instructed.

  In this case, the location and time of setting a new password and changing the password can be changed, so that the risk of the password being stolen and misused can be reduced.

  Further, the password may be determined by a combination of time and the like.

For example, if it is October 24 (or 10:24), 1024 + 1234 = 2258 is calculated and 2258 is used as the password.

  The password changing method of the present invention can be used as a method for changing a password of an authentication system or the like that improves user convenience and improves the confidentiality keeping effect.

Functional block diagram of an authentication apparatus using a password changing method according to an embodiment of the present invention The figure which shows an example of the hardware constitutions of FIG. The figure which shows the data structure of the data for authentication of the authentication apparatus using the password change method concerning one embodiment of this invention The figure which shows the switching conditions of the authentication apparatus using the password change method concerning one embodiment of this invention The flowchart which shows the switch date calculation process of the authentication apparatus using the password change method concerning one embodiment of this invention The flowchart which shows the password switching process of the authentication apparatus using the password change method concerning one embodiment of this invention

Explanation of symbols

9 Set information storage means 11 Current date information acquisition means 13 Next switching date calculation means 15 Current password change means

Claims (7)

An authentication apparatus comprising password input means transmitted for authentication, authentication means for determining whether or not the password input means has predetermined contents, and means for changing the predetermined contents in accordance with a predetermined rule. Current authentication data storage means for storing an ID and a corresponding password as current authentication data;
When an ID and a password are given, a password corresponding to the given ID is read out of the current authentication data, and it is determined whether or not the given password matches the read password. In some cases, an authentication means for performing authentication processing;
Set information storage means for storing set information of candidate passwords and periodic switching conditions together with IDs for each ID;
Current date information acquisition means for acquiring current date information;
Referring to the acquired current date information and the periodic switching condition, calculating a next switching date of the most recent time for each candidate password of the plurality of sets of information, and storing next switching date calculating means for each candidate password;
When current date information is given from the current date information acquisition means, it is determined whether it matches any of the stored next switching dates, and if it matches, the candidate password corresponding to the next switching date that matches the current password An authentication device comprising current password changing means for rewriting the password. Set information storage means for storing set information of candidate passwords and periodic switching conditions together with IDs for each ID;
Current date information acquisition means for acquiring current date information;
Referring to the acquired current date information and the periodic switching condition, calculating a next switching date of the most recent time for each candidate password of the plurality of sets of information, and storing next switching date calculating means for each candidate password;
When current date information is given from the current date information acquisition means, it is determined whether it matches any of the stored next switching dates, and if it matches, the candidate password corresponding to the next switching date that matches the current password A password change device, comprising: a current password change means for rewriting the password. 4. The password change device according to claim 3, wherein when the next switching date is the same among the plurality of pieces of group information, the password of the group information having a high priority is set as the current password. A password change method in which a computer periodically changes a password used for authentication processing, wherein a set information of a candidate password and a periodic switching condition is stored for each ID together with the ID,
Obtaining current date information;
Referring to the current date information and the periodic switching condition, calculating the latest switching date for each candidate password of the plurality of sets of information, and storing each candidate password;
Obtaining current date information and determining whether it matches any of the stored next switching dates, and if it matches, rewriting the current password to the corresponding candidate password and the corresponding next switching date. Characteristic password change method. Storing the set information of the candidate password and the periodic switching condition together with the ID in the computer for each ID;
Obtaining current date information;
Referring to the current date information and the periodic switching condition, calculating the latest switching date for each candidate password of the plurality of sets of information, and storing each candidate password;
To obtain current date information and determine whether it matches any of the stored next switching dates, and if so, execute the step of rewriting the current password with the matching next password and the corresponding candidate password Password change program. A candidate storage step for storing a plurality of candidate passwords for each ID in the computer;
A password change step of selecting either one of the plurality of candidate passwords as a determined password regularly or irregularly, and storing the determined password as a password used for the authentication;
A password changing program for executing the step of periodically executing the password changing step in accordance with a predetermined switching condition;

Images