JP2008084111A - Authentication device, method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To aim at both input ease and safety when authenticating. <P>SOLUTION: The apparatus is provided with: a rhythm acquisition part for acquiring rhythm data input by a user three times; a storage part for storing the acquired rhythm data as initial data; a similarity detection part for calculating similarity between the acquired rhythm data and detecting its average similarity; a judgement criterion generation part for generating a threshold to be an authentication judgement criterion when authenticating the rhythm data to be input by the user with the initial data; and an authentication criterion threshold storage part for storing a threshold to be a generated authentication judgement criterion. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an authentication apparatus, method, and program for performing authentication based on a user authentication operation.

  Conventionally, as a method for authenticating the identity, the most common method is to accept an input of a password, which is an arbitrary character string, from the principal and authenticate based on the identity of the password.

  There are various methods for authenticating whether or not the user is a user. For example, there is a method for authenticating a user by inputting a user authentication operation. As a method of performing authentication by the user authentication operation, for example, a method of accepting input of a user's handwritten signature (signature) and determining the identity between the signature and a signature registered in advance for verification is available. is there.

  As another method of performing authentication by a user authentication operation, there is a method disclosed in Patent Document 1. In the method disclosed in Patent Document 1, in an apparatus including one or more buttons, rhythm data that is a sequence of timings at which the buttons are pressed is acquired, and the same as rhythm data registered in advance for collation. Authentication is performed by determining

  By the way, in most authentication methods, there is a trade-off between high security and ease of input. For example, in a password authentication method, the longer the password character string, the larger the amount of information. Therefore, it becomes difficult for others to guess and the safety is improved, but it is not easy to input the password.

  In the case of authentication based on the above-described user authentication operation (for example, signature or rhythm), the problem is how much the data registered in advance for verification and the acquired authentication operation are similar to each other. That is, even when performing authentication by such a user authentication operation, it is necessary to consider the balance between safety and ease of input.

  For example, if it is determined that the user is the same only when the user's authentication operation matches almost perfectly, the possibility of falsely authenticating another person is reduced, but the person himself / herself is matched almost perfectly. Since it is difficult to do so, there is a high possibility that the person will not be judged correctly. On the other hand, if it is determined that the user's authentication operations are the same even if they are significantly different, the user's input can be authenticated with the user's identity almost certainly, but the other's similar input is mistaken as the user's input. There is a high possibility that it will end.

  The existence of such a trade-off is generally recognized in biometric authentication (biometric authentication). That is, in biometric authentication, FRR (False Rejection Rate) and FAR (False Acceptance Rate) are in a trade-off relationship. Therefore, it is common to determine the balance between FRR and FAR to an appropriate value based on the use of the apparatus.

  As a technique for appropriately balancing the FRR and FAR, there is a technique described in Patent Document 2, for example. In the technique described in Patent Document 2, the balance between FRR and FAR is adjusted by changing the threshold value for authentication according to the importance of authentication.

JP 2002-180719 A JP 2003-248661 A

  However, when the authentication is performed by the user authentication operation, the accuracy differs for each user depending on the appropriateness of the user authentication operation (presence / absence of knowledge capable of reproducing the same authentication operation) and skill level. That is, since the accuracy of reproducing the authentication operation is different for each user, it is difficult to fix the identity determination threshold that determines the balance of FRR and FAR to an appropriate value.

  The present invention has been made in view of the above, and provides an authentication apparatus, method, and program for the purpose of achieving both ease of input and safety during authentication.

  In order to solve the above-described problems and achieve the object, an authentication apparatus according to the present invention includes an authentication operation acquisition unit that acquires at least two user authentication operations, and an authentication that indicates the acquired user authentication operations. A storage unit that stores at least one operation information as registration information, a similarity detection unit that detects mutual similarity of the acquired at least two or more authentication operations, and use according to the detected similarity A determination criterion generation unit that generates an authentication determination criterion for performing authentication with the registration information in an authentication operation of a person, and a determination criterion storage unit that stores the generated authentication determination criterion .

  The authentication device according to the present invention is generated from a similarity between a storage unit that stores authentication operation information indicating an authentication operation performed in advance by the user and two or more authentication operations performed in advance by the user. Stored in the storage unit, the determination criterion storage unit that stores the authentication determination criterion when authenticating by the authentication operation, the authentication operation acquisition unit that acquires the authentication operation of the user, the acquired authentication operation, and the storage unit When the similarity detection unit that detects mutual similarity with the authentication operation indicated by the authentication operation information, and the detected similarity exceeds the authentication determination criterion stored in the determination criterion storage unit, A user authentication unit that performs acceptance determination on user authentication.

  In addition, an authentication method according to the present invention stores at least one authentication operation acquisition step for acquiring at least two user authentication operations, and at least one authentication operation information indicating the acquired user authentication operations as registration information. A storage step for storing in the unit, a similarity detection step for detecting a mutual similarity of the acquired at least two or more authentication operations, and the registration information by a user authentication operation according to the detected similarity A determination criterion generation step for generating an authentication determination criterion for performing authentication, and a determination criterion storage step for storing the generated authentication determination criterion in a determination criterion storage unit.

  The authentication method according to the present invention includes an authentication operation acquisition step for acquiring a user's authentication operation and an authentication operation previously performed by the user indicated by the authentication operation information stored in the storage unit. A similarity detection step for detecting a similarity, and an authentication generated from the similarity between two or more authentication operations performed in advance by a user, in which the detected similarity is stored in the determination criterion storage unit A user authentication step of performing acceptance determination for user authentication when the determination criterion is exceeded.

  An authentication program according to the present invention is a program that causes a computer to function as a means for authenticating a user, and includes an authentication operation acquisition step of acquiring at least two user authentication operations, A storage step of storing at least one or more authentication operation information indicating the authentication operation as registration information in a storage unit, a similarity detection step of detecting a mutual similarity of the acquired at least two or more authentication operations, and detection A determination criterion generating step for generating an authentication determination criterion for performing authentication with the registration information in a user authentication operation according to the similarity, and the generated authentication determination criterion in the determination criterion storage unit The determination criterion storing step for storing is characterized by causing the computer to function.

  An authentication program according to the present invention is a program for causing a computer to function as a means for authenticating a user, an authentication operation acquisition step for acquiring a user authentication operation, and an authentication stored in a storage unit. A similarity detection step for detecting a mutual similarity with an authentication operation previously performed by the user indicated by the operation information, and the detected similarity is stored in the determination criterion storage unit in advance by the user. The computer is caused to function as a user authentication step for performing acceptance determination for user authentication when the authentication determination criterion generated from the similarity between two or more authentication operations performed is exceeded. .

  According to the present invention, there is an effect that it is possible to achieve both ease of input and safety during authentication.

  Exemplary embodiments of an authentication device according to the present invention will be described below in detail with reference to the accompanying drawings. In the following embodiments, an example in which the authentication device is applied to a mobile phone terminal will be described. However, the authentication device may be applied to any other device.

(First embodiment)
As shown in FIG. 1, the mobile phone terminal 100 includes a button 101 and a liquid crystal screen 102. The mobile phone terminal 100 includes a CPU and a memory (not shown) that perform processing when the button 101 is pressed by the user. In this embodiment, a case where the user authentication operation is a rhythm in which the button 101 is pressed will be described. The authentication operation refers to a movement performed by the user at the time of authentication.

  Thus, when acquiring a user's authentication operation | movement as a rhythm, the apparatus which authenticates should just be what can acquire ON / OFF from a user. As an example other than the cellular phone terminal, a button may be pressed by a remote controller or a PC (Personal Computer). In addition to the buttons, the rhythm can be acquired by using a touch panel, an acceleration sensor, an infrared sensor, a voice input receiving means such as a microphone, a photographing means for authenticating an arm by a camera, etc. Is possible.

  As shown in FIG. 2, the mobile phone terminal 100 includes a rhythm acquisition unit 201, a storage unit 202, a change reception unit 203, a user authentication unit 204, a similarity detection unit 205, and a determination criterion generation unit 206. And an authentication standard threshold value storage unit 207.

  The rhythm acquisition unit 201 acquires a time series signal indicating that the button 101 of the mobile phone terminal 100 is pressed, and interprets the time series signal as rhythm data. The rhythm acquisition unit 201 stores the interpreted rhythm data in the storage unit 202 described later.

  As illustrated in FIG. 3, the rhythm acquisition unit 201 defines, as rhythm data, a list of keystroke timing interval sequences in milliseconds from the keystroke time-series signal for the button 101.

  The storage unit 202 is a storage unit that stores the rhythm data acquired by the rhythm acquisition unit 201 as initial data (registration information) used for authentication, and includes an HDD (Hard Disk Drive), a memory card, and a RAM (Random Access Memory). ) Etc., and can be constituted by any generally used storage means.

  As shown in FIG. 4, the storage unit 202 stores initial data indicating rhythm data stored in advance for performing authentication and history data indicating rhythm data acquired when performing authentication. This initial data (registration information) is retained for a long time in order to authenticate the user. On the other hand, the history data is temporarily stored by updating the oldest rhythm data every time the rhythm data is acquired. In addition, the initial data may hold not only rhythm data acquired by the rhythm acquisition unit 201 but also rhythm data prepared in advance depending on the usage form.

  The similarity detection unit 205 calculates “blur” for a plurality of rhythm data when they are the same rhythm, and detects the similarity between rhythms input by the user. For example, the similarity detection unit 205 detects the similarity between rhythm data indicating the latest history stored in the rhythm acquisition unit 201 and initial data (rhythm data) stored in the storage unit 202 in advance.

  Also, the similarity detection unit 205 detects the mutual similarity of the three rhythm data acquired by the rhythm acquisition unit 201 when the user's rhythm is registered. A detailed processing procedure will be described later.

  The determination criterion generation unit 206 generates an authentication determination criterion (threshold value T) used during authentication by the user authentication unit 204 described later, from the rhythm similarity input by the user detected by the similarity detection unit 205. . Then, the determination criterion generation unit 206 stores the generated authentication determination criterion in the authentication criterion threshold storage unit 207.

  In addition, the determination criterion generation unit 206 performs a process of rewriting the threshold T already registered in the authentication criterion threshold storage unit 207 to another threshold T when the similarity exceeds a predetermined necessary similarity during authentication. In this way, the authentication standard generation unit 206 has a function as a rewriting means in other words.

  The authentication criterion threshold storage unit 207 stores the authentication determination criterion generated by the determination criterion generation unit 206.

  The change receiving unit 203 receives a request for changing the authentication determination criterion from the user. Detailed processing will be described later.

  The user authentication unit 204 determines whether or not the similarity detected from the rhythm data input at the time of the authentication by the similarity detection unit 205 is higher than the authentication criterion stored in the authentication criterion threshold storage unit 207. Then, it is determined whether or not to accept user authentication.

  That is, when a rhythm intended for an authentication attempt is input from the user to the mobile phone terminal 100, rhythm data indicating the rhythm is stored in the storage unit 202. Thereafter, the similarity detection unit 205 detects the similarity between the latest stored rhythm data and the initial data (rhythm data) registered in advance for authentication. Then, if the detected similarity exceeds the authentication criterion, the user authentication unit 204 regards the rhythm from the same user and performs user authentication processing.

  A flow of processing in the mobile phone terminal 100 according to the present embodiment will be described. The processing flow of the mobile phone terminal 100 includes a registration phase for registering rhythm data for verification for user authentication and an authentication phase for trying authentication.

  First, the registration phase of the mobile phone terminal 100 will be described. The registration phase is a phase in which a user registers a rhythm used for verification of authentication.

  As shown in FIG. 5, first, the rhythm acquisition unit 201 acquires a rhythm by pressing the button 101 of the user's mobile phone terminal 100, and generates rhythm data (step S501). That is, the user presses the button 101 of the mobile phone terminal 100 several times rhythmically. In the present embodiment, the number of times the button is pressed is valid when it is 6 times or more and 20 times or less.

  Thus, a case where there are seven keystrokes will be described as an example. First, it is assumed that the keystroke A shown in FIG. 3 is accepted as the rhythm input to the user first. Next, the rhythm acquisition unit 201 prompts the user to input the same rhythm for confirmation. Accordingly, it is assumed that the rhythm acquisition unit 201 has received the keystroke B shown in FIG. Furthermore, the rhythm acquisition unit 201 prompts rhythm input and accepts the keystroke C.

  The rhythm acquisition unit 201 generates rhythm data for each received keystroke pattern, and stores the generated rhythm data in the storage unit 202 as initial data.

  Returning to FIG. 5, the similarity detection unit 205 detects (calculates) the similarity between the three rhythm data stored in the storage unit 202 (step S502). Next, the similarity calculation procedure according to the present embodiment will be described.

  In the registration phase, the similarity is detected based on the input rhythm input. Hereinafter, the similarity between the two rhythm data RA (keystroke A rhythm data) and RB (keystroke B rhythm data) can be calculated as follows.

First, a numerical sequence indicating the rhythm data RA for registration is expressed as an equation (1), and a numerical sequence indicating the rhythm data RB for confirmation is expressed as an equation (2).
RA = {rAi} (1)
RB = {rBi} (2)
In these formulas (1) and (2), the variable i is a value that takes 0-6.

When LA = ΣrAi and LB = ΣrBi, the degree of deviation DAB between the rhythm data RA and the rhythm data RB can be expressed by the following equation (3).
DAB = Σ | (rAi / LAi) − (rBi / LBi) | (3)

That is, the similarity detection unit 205 calculates the divergence DAB by using the equation (3). The degree of similarity increases as the divergence degree DAB decreases. Therefore, the similarity SAB can be expressed by the following formula (4).
SAB = 100-DAB (4)

  Thereby, the similarity detection part 205 can determine the similarity between rhythm data by the score of -infinity-100. In this calculated similarity, the same rhythm is determined as 100 points. In addition, the calculated similarity is a negative number. Further, the calculated similarity is regarded as not similar at all when the number of terms of the two rhythm data does not match, and the similarity is defined as a −∞ point. The similarity is calculated not only between RA and RB but also between RA and RC (keystroke C rhythm data) and between RB and RC. Then, the similarity detection unit 205 outputs the calculated average value of the plurality of similarities to the determination criterion generation unit 206 as the average similarity.

  Next, the determination criterion generation unit 206 adjusts the authentication determination criterion for performing user authentication based on the input average similarity (step S503).

  As shown in FIG. 7, in the threshold adjustment table held by the determination criterion generation unit 206, safety, threshold T, and necessary similarity are associated with each other. Then, the determination criterion generation unit 206 acquires an appropriate threshold value T from the detected similarity degree from the threshold adjustment table.

  Thereby, the authentication criterion (threshold value T) corresponding to the detected similarity is generated. Then, the determination criterion generation unit 206 stores the acquired threshold T in the authentication criterion threshold storage unit 207.

  For example, when the detected average similarity is 63 points, the determination criterion generation unit 206 acquires the threshold T′50 ”associated with the required similarity“ 60 ”from the threshold adjustment table, and the threshold T ′ 50 ′ is stored in the authentication reference threshold storage unit 207.

  By the way, when registering rhythm data by the conventional technique, the similarity between the input rhythm data for input and the rhythm data for authentication is judged, and when the similarity exceeds a predetermined threshold, Rhythm data was registered. A threshold value for authentication is determined in advance, and when the similarity between the rhythm data input for authentication and the registered rhythm data exceeds the threshold value, the user is authenticated.

  In such a conventional technique, the act of inputting a rhythm from a user is greatly different in similarity depending on whether it is a simple rhythm or the user's own rhythm feeling and proficiency level. For example, when a user plays a musical instrument, it is equivalent to a difference in accuracy when a user plays the same song multiple times.

  However, according to the conventional technique, a threshold is predetermined when performing user authentication. When identity is determined using such a threshold, the balance between safety and ease of input is fixed. Therefore, it is impossible to deal with the similarity (accuracy) at the time of rhythm input that differs for each user.

  For example, if the threshold value T is set to a lower value “20”, the rhythm input for authentication is accepted even if it is slightly deviated, so the ease of input is improved, but with a different rhythm input by another user. Even if it exists, possibility that it will be determined that it is the same will improve. This makes it relatively easy for a malicious user to impersonate. That is, when the ease of input is increased, the safety is lowered.

  As another example, when the threshold value T is set to a high “80”, when a malicious user attempts to impersonate, the authentication device detects a slight difference in input and determines a different rhythm. Improves. However, it is necessary to accurately reproduce the rhythm registered for authentication by the user himself / herself. For this reason, possibility that a user's rhythm input will fail improves. That is, the ease of input decreases. In this case, it is difficult for a user who is poor in rhythm input to use the authentication means. In other words, as long as there are individual differences among users, there is no optimum threshold for everyone.

  Therefore, the criterion generation unit 206 of the mobile phone terminal 100 according to the present embodiment generates the threshold T based on the similarity (accuracy) of rhythms that are different for each user. Since the user is authenticated with such a threshold T, a balance between appropriate safety and ease of input can be maintained. Therefore, it is possible to provide an authentication function that provides relatively high security for a user with correct input and provides a relatively easy input to a user with inaccurate input, although safety is relatively low. it can.

  In the above-described processing procedure, when registering the rhythm for authentication, a plurality of inputs are prompted, and the threshold T is set using the similarity calculated from the plurality of keystrokes. In addition, inputting a plurality of times at the time of registration is generally performed also in password setting and the like, and does not increase the burden for registration to the user. That is, in the above-described processing procedure, an appropriate safety is detected for each user by performing a very general registration procedure. This makes it possible to maintain a balance between ease of input and safety.

  In addition, a processing procedure until the threshold T is adjusted according to the transition of the screen displayed on the liquid crystal screen 102 of the mobile phone terminal 100 in the registration phase described above will be described. First, the rhythm acquisition unit 201 displays a rhythm registration screen for prompting keystrokes on the liquid crystal screen 102 as shown in (1) to (3) of FIG. When the rhythm acquisition unit 201 receives a time-series signal indicating keystroke, the rhythm acquisition unit 201 displays a note mark indicating the input rhythm on the liquid crystal screen 102.

  In this way, the rhythm acquisition unit 201 causes the user to key in the rhythm to be registered three times. The rhythm acquisition unit 201 generates rhythm data A, rhythm data B, and rhythm data C from the keystroke, and stores them in the storage unit 202. As the rhythm data used for authentication, the rhythm data C input last is used among the stored rhythm data.

  The similarity detection unit 205 calculates the similarity SAB between the rhythm data A and the rhythm data B, the similarity SBC between the rhythm data B and the rhythm data C, and the similarity SAC between the rhythm data A and the rhythm data C. Then, the similarity detection unit 205 calculates an average value of these similarities and outputs the average value to the determination criterion generation unit 206 as the average similarity.

  Then, the criterion generation unit 206 compares the input average similarity with the three-step required similarity stored in the threshold adjustment table shown in FIG. In other words, if the determination criterion generation unit 206 determines that the input average similarity is “85” or higher, which is the required similarity of safety “high”, the safety is set to “high”. Then, the criterion generation unit 206 adjusts the threshold T to “75”.

  Otherwise, the criterion generation unit 206 sets the safety to “medium” if the input average similarity is “60” or more, which is the required similarity of “medium”. Then, the criterion generation unit 206 adjusts the threshold T to “50”.

  If it is less than this, the criterion generation unit 206 sets safety to “low”. Then, the determination criterion generation unit 206 adjusts the threshold T to “25”.

  Then, the criterion generation unit 206 displays the setting result on the liquid crystal screen 102 as shown in (4) of FIG.

  In the present embodiment, the number of rhythms input to the user at the time of registration is not limited to three, but may be any other number. Therefore, a case where a rhythm is input twice will be described as a modification.

  In this modification, the user inputs the rhythm twice when prompted by the mobile phone terminal 100. Thereby, the mobile phone terminal 100 generates two pieces of rhythm data. Then, the similarity between the generated rhythm data is calculated.

  Then, the threshold T serving as a reference for authentication is adjusted based on the calculated similarity. This adjustment method may be the same as in the above-described embodiment, or the calculated similarity itself may be used as the threshold value T. Thereby, the threshold value T is set according to the accuracy of the rhythm input by the user.

  Returning to the present embodiment, the authentication phase of the mobile phone terminal 100 will be described. The authentication phase is a phase in which authentication is performed when the user wants to use the mobile phone terminal 100.

  As shown in FIG. 9, first, the rhythm acquisition unit 201 acquires a rhythm by pressing the button 101 of the user's mobile phone terminal 100, and generates rhythm data (step S901). The rhythm acquisition unit 201 stores the generated rhythm data in the storage unit 202 as history data.

  Next, the similarity detection unit 205 inputs one of the latest history data (rhythm data) stored in the storage unit 202 and the initial data registered in the storage unit 202 (the third input in the registration phase). And the degree of similarity is detected (calculated) (step S902). The accuracy calculation method uses the above-described method, and the description thereof is omitted.

  Then, the user authentication unit 204 determines whether or not the detected similarity is greater than or equal to the threshold value T (authentication determination criterion) adjusted by the determination criterion generation unit 206 (step S903). If it is determined that the calculated similarity is lower than the threshold value T (step S903: No), the process is terminated as a result of authentication failure.

  If the user authentication unit 204 determines that the calculated accuracy is higher than the threshold value T (step S903: Yes), the user authentication unit 204 determines that the authentication is successful and performs login processing (step S904).

  Next, the similarity detection unit 205 calculates the similarity of one of the history data with respect to one of the latest five history data among the history data stored in the storage unit 202. The average value of the calculated similarities is calculated as the average similarity (step S905).

  Then, the determination criterion generation unit 206 determines whether or not the calculated average similarity is a value greater than or equal to a certain value (step S906). If the value does not reach a certain value (step S906: No), no particular processing is performed. The value above a certain value is a required similarity higher than the required similarity associated with the currently set threshold in the threshold adjustment table.

  In addition, when the determination criterion generation unit 206 determines that the calculated average similarity is equal to or greater than the predetermined necessary similarity (step S906: Yes), the determination criterion generation unit 206 sets a threshold corresponding to the predetermined necessary similarity. T is generated, and the threshold T stored in the authentication reference threshold storage unit 207 is rewritten with the generated new threshold T (step S907). As a result, from the next authentication, authentication is performed using the rewritten new threshold value.

  For example, if the average similarity when registering the threshold value T used so far is “60” and the average similarity calculated this time is “75” or more, the determination criterion generation unit 206 determines the safety Is changed from “medium” to “high”. Then, the criterion generation unit 206 adjusts the threshold T to “75”.

  As illustrated in FIG. 10, the determination criterion generation unit 206 displays on the liquid crystal screen 102 that the safety has been changed. As a result, the user is notified that the safety has been changed.

  Further, by performing the above-described processing procedure, when the rhythm for authentication is input in the authentication phase, the similarity of the rhythm data input from the user can be obtained from the history data stored in the storage unit 202. Detect and change safety. The user is requested only for input for normal authentication, and the burden of input for changing the threshold value T is not increased at all.

  As described above, the threshold T is changed to a higher value when the user's rhythm input skill is improved and the accuracy is improved even though the user's input burden is not increased at all. That is, the mobile phone terminal 100 according to the present embodiment can provide higher safety in accordance with the improvement of the user's rhythm input proficiency.

  Also, in the authentication phase, even if the threshold value T cannot be adjusted to a high value due to the accuracy of the input history data, that is, even when the authentication strength cannot be increased, it is possible to specify an increase in safety (authentication strength) according to a request from the user .

  In the example shown in FIG. 11, it is assumed that the user whose safety is “medium” in the mobile phone terminal 100 separately designates that the safety is set to “high” from the menu. In this case, the change receiving unit 203 receives the designation as a change in safety. And when the change reception part 203 receives the effect to change, it requests | requires that the rhythm acquisition part 201 acquires the rhythm input from a user.

  In this case, the rhythm acquisition unit 201 prompts rhythm input for determining accuracy three times, and calculates an average similarity from these three similarities. Then, when the calculated average similarity is equal to or higher than a predetermined necessary similarity (for example, threshold value 85), the safety is set to “high” and the threshold value T is adjusted to “75”.

  In this way, it is possible to adjust the balance between safety and ease of input in accordance with a request from the user. When changing the safety setting in this way, for example, initial data registered by the user (rhythm data), history data stored at the time of authentication (rhythm data), newly input to confirm accuracy According to the rhythm data, it is possible to determine the safety, that is, the validity of the threshold value T serving as a reference for authentication determination. By performing such processing, it is possible to achieve both ease of input and safety as in the above-described authentication phase.

  In addition, according to the mobile phone terminal 100 according to the above-described embodiment, it varies depending on the suitability of inputting the user's rhythm, the user's proficiency in inputting the rhythm, and the ease of keying the rhythm registered for authentication. Based on the accuracy of the rhythm input, it is possible to adjust the balance between safety at the time of authentication and ease of input. As a result, the mobile phone terminal 100 has strong safety when accurate input by the user is possible, and decreases in safety when there are many variations of user input, but certain ease of input. It will have.

(Modification)
Moreover, it is not limited to each embodiment mentioned above, The various deformation | transformation which is illustrated below is possible.

  In the above-described embodiment, the rhythm is input at the time of registration for authentication, at the time of authentication, and at the time of changing safety. However, the present embodiment is not limited to inputting rhythm data only in these cases.

  By the way, the act of inputting rhythmically and accurately may be accompanied by fun similar to playing and games. Therefore, in this modification, it is assumed that the mobile phone terminal provides a game that also serves as rhythm input practice. The mobile phone terminal according to this modified example determines accuracy and user proficiency from rhythm data input through a game. Thus, it is also useful to adjust the balance between safety and ease of input via the game.

  Further, by providing a rhythmical and accurate input game, the threshold T used at the time of authentication can be improved by improving the user's proficiency level, thereby improving safety.

  In the above-described embodiment, the case where the rhythm is the timing when the button is pressed has been described. For this reason, the time during which the button was pressed is not included in the rhythm data, but this is not a limitation. As a modification, it is conceivable to use not only the timing sequence when the button is pressed but also the data format including the timing when the button is released as the data format of the rhythm data.

  And the similarity detection part concerning this modification detects the similarity according to such a data format, Therefore The information of the length of time the button was pressed can also be utilized as rhythm data. As a result, the amount of information to be compared increases, so that even minute differences can be detected, so that the security in authentication is improved. In addition, since the user needs to accurately input the registered rhythm data for the time the button is pressed, the input difficulty level is improved. However, the determination reference generation unit of the mobile phone terminal according to the present modification can be adjusted to an authentication determination reference (corresponding to the threshold value T in the above-described embodiment) suitable for the input accuracy of the user.

  Further, in the above-described embodiment, the similarity detection unit 205 according to the mobile phone terminal 100 detects the similarity using the similarity calculation formula that does not depend on the tempo. That is, in the above-described embodiment, it is determined that the rhythm is the same if the ratio of the keystroke intervals is equal, whether the key is pressed slowly or quickly. However, the method is not limited to such a similarity detection method, and a method of detecting the similarity including the keystroke speed (pace) itself may be used. Therefore, a modified example using such a method will be described.

The similarity detection unit of the mobile phone terminal according to such a modified example is different from the similarity detection unit 205 according to the above-described embodiment in place of the DAB divergence calculation formula shown in Formula (3) below. DAB is calculated using the equation (5) shown in FIG.
DAB = Σ | (rAi−rBi) | (5)
Since other processes are the same as those in the first embodiment, description thereof is omitted.

  In this modification, the amount of rhythm data is increased by using the equation (5) instead of the equation (3), and it becomes necessary to input the tempo accurately at the time of authentication. Although safety is reduced, safety can be improved. However, even in such a modification, the determination criterion generation unit can set the authentication determination criterion for each user, so that the balance between ease of input and safety can be maintained.

  In addition, the above-described embodiment and modification are not limited to the user's authentication operation such as a rhythm when the button is pressed, and can be applied as long as authentication is performed by the user's authentication operation. To do. As this user authentication operation, for example, a signature input by the user (hand authentication operation when writing a signature), a gesture performed by the user, or the like can be considered. Even when authentication is performed by these authentication operations, it is possible to adjust to an authentication determination standard suitable for the user authentication operation. Moreover, if these authentication operations are repeated many times, the proficiency level is improved, and if the accuracy of these authentication operations is improved, the authentication criteria can be raised. Thereby, safety can be improved.

  Note that the authentication program executed by the mobile phone terminal of the present embodiment is provided by being incorporated in advance in a ROM or the like.

  The authentication program executed in the mobile phone terminal according to the above-described embodiment and modification is a file in an installable format or an executable format, and is a CD-ROM, a flexible disk (FD), a CD-R, a DVD (Digital Versatile Disk). ) Or the like may be recorded and provided on a computer-readable recording medium.

  Further, the authentication program executed by the mobile phone terminal according to the embodiment and the modification described above is configured to be provided by being stored on a computer connected to a network such as the Internet and downloaded via the network. Also good. Further, the authentication program executed by the mobile phone terminal of the above-described embodiment and modification may be configured to be provided or distributed via a network such as the Internet.

  The authentication program executed by the mobile phone terminal according to the above-described embodiment and modification has a module configuration including the above-described units. As actual hardware, a CPU (processor) reads the authentication program from the ROM. By executing, the above-described units are loaded on the main storage device of the mobile phone terminal, and the above-described units are generated on the main storage device.

  The present invention is not limited to the above-described embodiments, and various changes and modifications can be made without departing from the scope of the present invention.

  As described above, the authentication apparatus, method, and program according to the present invention are useful as a technique for adjusting a determination criterion for performing authentication in accordance with the accuracy of the user authentication operation when the user is authenticated by the authentication operation. It is.

It is the schematic which shows the mobile telephone terminal concerning 1st Embodiment. It is a block diagram which shows the function structure of a mobile telephone terminal. It is explanatory drawing which showed the production | generation of rhythm data from the time-sequential signal of the keystroke by the press of the user's mobile telephone terminal. It is the figure which showed the data structure of the rhythm data stored in the memory | storage part of a mobile telephone terminal. It is a flowchart which shows the process sequence at the time of registering the rhythm data which a mobile telephone terminal uses for authentication. FIG. 4 is an explanatory diagram showing generation of rhythm data from time-series signals of keystrokes by pressing a button on a user's mobile phone terminal after generation of rhythm data shown in FIG. 3. It is the figure which showed the table structure of the threshold value adjustment table which the determination criterion production | generation part of a mobile telephone terminal has. It is the figure which showed the screen transition of the liquid crystal screen of a mobile telephone terminal until it registers rhythm data. It is a flowchart which shows the process sequence which a mobile telephone terminal performs when a user authenticates. It is the figure which showed the example of a screen displayed when a mobile telephone terminal changes safety | security. It is the figure which showed the screen transition of the liquid crystal screen of a mobile telephone terminal when a user changes safety | security.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Mobile phone terminal 101 Button 102 Liquid crystal screen 201 Rhythm acquisition part 202 Storage part 203 Change reception part 204 User authentication part 205 Similarity detection part 206 Judgment reference generation part 207 Authentication reference threshold value storage part

Claims (10)

An authentication operation acquisition unit for acquiring at least two user authentication operations;
A storage unit that stores at least one authentication operation information indicating the acquired authentication operation of the acquired user as registration information;
A similarity detection unit for detecting a similarity between the acquired two or more authentication operations;
In accordance with the detected similarity, a determination reference generation unit that generates an authentication determination reference when authenticating with the registration information in a user authentication operation;
A determination criterion storage for storing the generated authentication determination criterion;
An authentication device comprising: A storage unit for storing authentication operation information indicating an authentication operation performed in advance by a user;
A criterion storage unit for storing an authentication criterion for authentication in the authentication operation, generated from the mutual similarity of two or more authentication operations performed in advance by the user;
An authentication action acquisition unit for acquiring a user's authentication action;
A similarity detection unit that detects mutual similarity between the acquired authentication operation and the authentication operation indicated by the authentication operation information stored in the storage unit;
A user authentication unit that performs an acceptance determination on user authentication when the detected similarity exceeds the authentication determination criterion stored in the determination criterion storage unit;
The authentication apparatus according to claim 1, further comprising: A criterion generation unit that generates an authentication criterion according to the detected similarity,
A rewriting unit for rewriting the authentication criterion stored in the criterion storage unit with the generated new authentication criterion;
The authentication apparatus according to claim 2, further comprising: A change accepting unit that accepts a change in the authentication criteria from the user,
The authentication operation obtaining unit obtains a user's authentication operation when the change is received;
The authentication device according to claim 3. The authentication operation acquisition unit acquires rhythm data indicating a rhythm by a user authentication operation;
The authentication device according to claim 1, wherein: The authentication operation acquisition unit acquires a user's authentication operation according to a time series,
The authentication device according to any one of claims 1 to 5. An authentication operation acquisition step of acquiring at least two user authentication operations;
A storage step of storing at least one or more authentication operation information indicating the authentication operation of the acquired user as registration information in a storage unit;
A similarity detection step of detecting a mutual similarity of the acquired at least two or more authentication operations;
A determination criterion generation step for generating an authentication determination criterion when performing authentication with the registration information in a user authentication operation according to the detected similarity,
A criterion storage step for storing the generated authentication criterion in a criterion storage unit;
An authentication method characterized by comprising: An authentication operation acquisition step for acquiring a user authentication operation;
A similarity detection step of detecting a mutual similarity with an authentication operation previously performed by a user indicated by the authentication operation information stored in the storage unit;
When the detected similarity exceeds the authentication criterion generated from the mutual similarity of two or more authentication operations performed in advance by the user, stored in the criterion storage unit, the user authentication A user authentication step that performs acceptance determination for
The authentication method according to claim 1, further comprising: A program that allows a computer to function as a means for authenticating a user,
An authentication operation acquisition step of acquiring at least two user authentication operations;
A storage step of storing at least one or more authentication operation information indicating the authentication operation of the acquired user as registration information in a storage unit;
A similarity detection step of detecting a mutual similarity of the acquired at least two or more authentication operations;
A determination criterion generation step for generating an authentication determination criterion when performing authentication with the registration information in a user authentication operation according to the detected similarity,
A criterion storage step for storing the generated authentication criterion in a criterion storage unit;
A system authentication program for causing a computer to function as: A program that allows a computer to function as a means for authenticating a user,
An authentication operation acquisition step for acquiring a user authentication operation;
A similarity detection step of detecting a mutual similarity with an authentication operation previously performed by a user indicated by the authentication operation information stored in the storage unit;
When the detected similarity exceeds the authentication criterion generated from the mutual similarity of two or more authentication operations performed in advance by the user, stored in the criterion storage unit, the user authentication A user authentication step that performs acceptance determination for
A system authentication program for causing a computer to function as:

Images