JP2008165741A - Authentication device, authentication method, authentication program and computer-readable recording medium storing the same - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent third parties from stealing passwords while keeping the passwords easy for users to memorize by looking at how users move their fingers and arms, and also prevent the third parties from misusing the passwords illicitly used by the third parties even if the third parties figure out the passwords through memos or the Internet. <P>SOLUTION: An authentication device 1 includes: a display input device 3 that obtains numerical values of a plurality of numeric keys, which numerical values are entered simultaneously via the numeric keys; a calculating section 9 that determines an input password by calculating in accordance with a predetermined calculation method, the plurality of numerical values entered into the display input device 3; and a password verifying section 10 that verifies the input password determined by the calculating section 9 against a predetermined verification password. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an authentication device, an authentication method, an authentication program, and a computer-readable record storing the same, which prevent a password from being stolen by a third party and prevent the password from being illegally used by a third party. It relates to the medium.

  For example, in an automatic teller machine (ATM) of a financial institution or an opening / closing device for an entrance door to a management area, it is generally necessary to input information such as a password for authentication. The passwords for these devices are composed of about four digits, using numbers from “0” to “9” so that the user can easily remember the password, giving priority to user convenience. ing.

  However, a password consisting of about 4 digits is easy for the user to remember, but if the user is stealing the operation of entering the password, the password can be easily given to the third party. There is a risk of being stolen.

  Therefore, conventionally, techniques for preventing a password from being stolen by a third party from the movement of a finger or an arm when the user inputs the password are disclosed in Patent Documents 1 to 4. The inventions described in Patent Document 1 and Patent Document 2 use a password composed of about four digits as in the past, but it is prevented from being stolen by a third party by changing the input screen. Technology. The inventions described in Patent Document 3 and Patent Document 4 are techniques for preventing a third party from being stolen by using an image or the like other than a number as a password. Below, the technique of patent documents 1-4 is demonstrated concretely.

  Patent Document 1 discloses a method for easily inputting confidential information by a simple operation without incurring an increase in operational burden on the user, and for avoiding the risk of leakage of confidential information due to third-party operation analysis. An information input device is disclosed. The information input device is configured to randomly determine and display the display position of the personal identification number input operation screen and / or the display position of each key each time a personal identification number is key-inputted. .

  Also, in Patent Document 2, in the password input using the input operation screen such as numeric keys arranged vertically and horizontally, the password is detected by others from the movement of the user's finger or arm while minimizing the decrease in operability. A personal identification number input device is disclosed for eliminating this. The personal identification number input device includes a display device that displays a plurality of keys arranged vertically and horizontally, a key operation detection unit that detects a selection operation of any one of the keys, and a plurality of keys on a screen of the display device. A key display control unit that controls the display position of the key, and the key display control unit displays all or some of the display positions of the plurality of keys in the column direction each time the key operation detection unit detects one key selection operation. Or it is the structure which moves to a line direction.

  Patent Document 3 discloses an electronic information management system for increasing the number of combinations of image parameters by designating a plurality of specific parts for a plurality of images and making it difficult for a third party to steal. Yes. When using a password based on an image instruction, the electronic information management system makes it easier to remember and steal, so when a user name is entered, at least one image and mesh are displayed. If the image password is generated according to the specified part and the specified order, the image password is correct, and there is an image to be displayed next (transition image), the registered transition information is acquired, and then the screen is returned to the image mesh display. When there is no transition image, the registered encrypted information is decrypted into encrypted information, and the encrypted information is output.

Further, in Patent Document 4, since the movement of the finger of the input is concealed when the user inputs the password, it is difficult for a third party to guess the password from the input state. Since the personal identification number is stored as a sense of the user's hand, a personal identification number input device for making it difficult for a third party to guess the personal identification number has been disclosed. In the password input device, the button for inputting the password is not described with letters, symbols, or alphabets corresponding to the password, the buttons are arranged freely, and the finger It is the structure provided with the concealment case which covers a motion.
JP 2000-20468 A (publication date: January 21, 2000) JP 2003-196006 A (publication date: July 11, 2003) JP 11-345206 A (publication date: December 14, 1999) JP 2001-344058 A (publication date: December 14, 2001) JP 2004-318819 A (publication date: November 11, 2004)

  As described above, the techniques disclosed in Patent Documents 1 and 2 change the key arrangement so that the password is estimated by a third party from the movement of the finger or arm when the user inputs the password. It is the structure which prevents. However, changing the key arrangement requires the user to search for the target key position each time, which impairs convenience for the user. Also, if the key layout change is simple with a certain degree of regularity, the password may be estimated by a third party.

  In addition, the technique disclosed in Patent Document 3 is configured to increase the number of combinations of image parameters by specifying the position of an image, thereby making it difficult for a third party to steal a password. In some cases, since the image has characteristics, it is easily analyzed which position of the image is pressed by a third party.

  Further, in the technique disclosed in Patent Document 4, it is possible to prevent a password from being stolen by providing a concealment case, but it is difficult to remember a password with numerical values and alphabets. Has been sacrificed.

  In addition, in the techniques disclosed in Patent Documents 1 to 4, even if the password can be prevented from being stolen by a third party, if the password is leaked by memo writing or the Internet, Unless the leaked password is invalidated, the password may be illegally used by a third party. Furthermore, it is difficult to immediately notice that a password has been leaked to a third party, and it is likely that the password will be invalidated and delayed.

  The present invention has been made in view of the above problems, and its purpose is to prevent a password from being stolen by a third party from the movement of a user's finger or arm while retaining the nature of a password that is easy for a user to remember. An authentication device, authentication method, and authentication program that can prevent unauthorized use of a password by a third party even if the password is known to a third party from memos or the Internet Another object of the present invention is to provide a computer-readable recording medium on which this is recorded.

  In order to solve the above problems, an authentication device of the present invention includes an input unit that acquires values of a plurality of keys that are simultaneously input via a plurality of keys, and a plurality of values acquired by the input unit. A calculation means for calculating according to a predetermined calculation method and determining an input password; and a verification means for verifying an input password determined by the calculation means and a verification password set in advance. It is said.

  The calculation method is to determine how to calculate the input value simultaneously input by the user and calculate the input password. For example, “addition”, “subtraction”, “integration”, “division”, etc. It is. The “input password” is a value obtained by calculating a numerical value that is input simultaneously according to a predetermined calculation method. This calculation method may be set in advance, or may be designated by the user or the authentication device for each authentication.

  According to the above configuration, the user inputs a plurality of keys at the same time, and calculates an input password by calculating a numerical value input at the same time according to a predetermined calculation method. The input password is preset with the input password. The verification password is being verified. That is, when a user inputs a password, the password itself is conventionally input one digit at a time, but in the present invention, a plurality of numerical values different from the password are simultaneously input at a time.

  Therefore, since the key that the user inputs at the same time is not the input password itself, even if the third party steals the user's input operation, it is possible to prevent the third party from stealing the password. it can. In addition, when a user tries to estimate the input value by an action such as a third party stealing the movement of the user's finger or arm by specifying multiple keys at the same time, specify which key is pressed It becomes difficult to do. As a result, it is possible to prevent the input value from being easily stolen by a third party.

  In addition, even if the password itself is known to a third party from notes, the Internet, etc., if the calculation method for calculating the password is not known to the third party, the third party will be able to derive the password. Since it is desired to input an appropriate numerical value, unauthorized use of a password by a third party can be prevented easily.

  In addition, although the number of keys input by the user is large, the password to be stored by the user may be a simple password that is easy to remember a numerical value as in the conventional case, which is convenient without burdening the user.

  Further, the calculating means may determine at least one of a plurality of numbers constituting the input password from a plurality of values input simultaneously.

  According to said structure, at least 1 of the several numbers which comprise an input password can be determined by calculating in accordance with a predetermined calculation method using the several value input simultaneously.

  Furthermore, the authentication device of the present invention further comprises user identification information acquisition means for acquiring user identification information for identifying a user, wherein the collating means is associated with the user identification information acquired by the user identification information acquisition means. The collation password stored in advance may be read from the storage unit, and the collation password and the input password may be collated.

  In the above configuration, in order to further include user identification information acquisition means for acquiring user identification information, the user identification information and various pieces of information are associated with each other and stored in the storage unit, whereby each of the authentication devices of the present invention is stored. The means can use information corresponding to each user. That is, by storing the user identification information and the preset verification password in association with each other in the storage unit, the verification unit can verify the verification corresponding to the user identification information when verifying the input password and the verification password. The password can be acquired from the storage unit. Since the verification password is stored in association with the user identification information, it can be set for each user.

  Further, the input means may acquire the numerical values of the plurality of numeric keys input simultaneously via the plurality of numeric keys.

  According to said structure, the numerical value matched with the number key is acquired by an input means by pressing down a number key. Therefore, it is possible to present to the user which numerical value is input by pressing which numerical key.

  Furthermore, in the authentication device of the present invention, the calculation unit reads the calculation method stored in advance in association with the user identification information acquired by the user identification information acquisition unit from the storage unit, and according to the calculation method, You may determine an input password by calculating using the numerical value acquired by the said input means.

  With the above configuration, by further storing the user identification information and a predetermined calculation method in association with each other in advance in the storage unit, the calculation unit uses the user identification information when calculating the numerical value acquired by the input unit. The corresponding calculation method can be acquired. Since the calculation method is stored in association with the user identification information, it can be set for each user. As a result, the calculation method for calculating the input password is more difficult for a third party to know, so even if the password itself is known to a third party, the password can be easily illegalized by a third party. It can be prevented from being used.

  Further, the authentication device of the present invention comprises an input number determination means for comparing the number of keys simultaneously input to the input means with a predetermined number of simultaneous inputs, and determining whether the number of both coincides, If the number of both matches, the calculation means may determine the input password.

  In the above configuration, the input determination unit further causes the calculation unit to determine the input password when it is determined that the predetermined number of simultaneous inputs and the number (number) of keys simultaneously input match. If the numbers do not match, the input password is not determined.

  Therefore, even if the password is known to a third party from notes or the Internet, if the third party does not know not only the calculation method for calculating the password but also the number of simultaneous key inputs, The password cannot be determined. Therefore, even if the password itself is known to a third party, it is possible to prevent unauthorized use of the password by a third party.

  Furthermore, in the authentication device of the present invention, the input number determination means reads out the simultaneous input number stored in advance in association with the user identification information acquired by the user identification information acquisition means from the storage unit, and performs the simultaneous input The number may be compared with the number of keys simultaneously input to the input means.

  With the above configuration, by further storing the user identification information and a predetermined number of simultaneous inputs in advance in the storage unit, the input number determination means can detect the number of simultaneous inputs and the number of keys simultaneously input to the input means. When comparing the numbers, the number of simultaneous inputs corresponding to the user identification information can be acquired. Since the number of simultaneous inputs is stored in association with the user identification information, it can be set for each user. This makes it difficult for third parties to know the number of keys that can be entered at the same time. Even if the password itself is known to a third party, the third party can easily misuse the password. Can be prevented.

  Furthermore, the authentication apparatus of the present invention may include an input instruction means for instructing at least one of a plurality of keys simultaneously input to the user.

  In order for the user to input a plurality of keys at the same time and to determine an input password from the input values according to a predetermined calculation method, the user must enter numerical values to be simultaneously input in order to cause the authentication device to calculate the numerical value of the input password. Must be remembered or decided on the spot.

  Thus, with the above-described configuration of the present invention, the user instructs the user at least one of a plurality of keys that should be input simultaneously, so that the user can take into account the indicated numerical value and calculation method. You can enter the value just by considering the remaining numbers. Therefore, it is possible to save the user from having to consider which key and which key should be pressed, and the user can easily input a plurality of keys simultaneously.

  The authentication method of the present invention uses a plurality of keys simultaneously input via a plurality of keys to obtain a predetermined calculation method using a plurality of values obtained in the input step. Therefore, it includes a calculation step of calculating and determining an input password, and a verification step of verifying the input password determined in the calculation step and a verification password set in advance.

  According to the above method, the user inputs a plurality of keys at the same time, and calculates an input password by calculating the simultaneously input numerical values according to a predetermined calculation method, and the input password is preset with the input password. The verification password is being verified. That is, when a user inputs a password, the password itself is conventionally input one digit at a time, but in the present invention, a plurality of numerical values different from the password are simultaneously input at a time.

  Therefore, since the key that the user inputs at the same time is not the input password itself, even if the third party steals the user's input operation, it is possible to prevent the third party from stealing the password. it can. In addition, even if the password itself is known to a third party from notes, the Internet, etc., if the calculation method for calculating the password is not known to the third party, the third party will be able to derive the password. Since it is desired to input an appropriate numerical value, unauthorized use of a password by a third party can be prevented easily.

  In addition, when a user tries to estimate the input value by an action such as a third party stealing the movement of the user's finger or arm by specifying multiple keys at the same time, specify which key is pressed It becomes difficult to do. As a result, it is possible to prevent the input value from being easily stolen by a third party.

  In addition, although the number of keys input by the user is large, the password to be stored by the user may be a simple password that is easy to remember a numerical value as in the conventional case, which is convenient without burdening the user.

  The authentication device may be realized by a computer. In this case, an authentication program for an authentication device that realizes the authentication device by a computer by causing the computer to operate as each of the means, and recording the same Computer-readable recording media are also within the scope of the present invention.

  As described above, the authentication device of the present invention uses an input unit that acquires values of a plurality of keys that are simultaneously input via a plurality of keys, and a plurality of values that are acquired by the input unit. The calculation unit is configured to calculate according to a predetermined calculation method and determine an input password, and a verification unit that verifies the input password determined by the calculation unit and a preset verification password.

  Further, the authentication method of the present invention uses an input process for acquiring values of a plurality of keys input simultaneously via a plurality of keys, and a predetermined calculation using a plurality of values acquired in the input process. The method includes a calculation step of calculating according to the method and determining an input password, and a verification step of verifying the input password determined in the calculation step and a preset verification password.

  Therefore, while retaining the nature of a password that is easy for a user to remember, it prevents the password from being stolen by a third party from the movement of the user's fingers and arms, and the password is known to the third party from notes and the Internet. Even in the case where the password has been lost, unauthorized use of the password by a third party can be prevented.

  An embodiment of the present invention will be described below with reference to FIGS.

  FIG. 1 is a block diagram showing a schematic configuration of an authentication apparatus 1 according to an embodiment of the present invention. First, the overall configuration of the authentication device 1 will be described.

  As shown in FIG. 1, the authentication device 1 includes a user ID acquisition unit (user identification information acquisition unit) 2, a display device (input unit) 3, an information processing unit 4, and a post-authentication processing unit 11. Yes. Further, a user information DB (database) (storage unit) 5 storing a user information table is provided outside the authentication device 1 and is connected to the information processing unit 4 via a network.

  The authentication device 1 is mounted on a device that requires input of a password or the like for authentication, such as an ATM, a PC, or a mobile phone shown in FIG.

  The user ID acquisition unit 2 is for acquiring a user ID for identifying the user, and may be configured such that the user directly inputs the user ID, or an IC card or the like in which the user ID is stored. A user ID may be read from an IC card or the like by being mounted on a reading device (not shown).

  The display input device 3 displays an operation instruction to the user, an information processing status, an error message when an error occurs in input information, and the like. The display input device 3 is provided with a touch panel or the like, and is used to acquire the numerical values of a plurality of arbitrary numeric keys input simultaneously by the user.

  Note that the key for the user to input a plurality of values simultaneously is not necessarily a numeric key, and may be another key. In that case, a specific key and a certain value are associated with each other in advance, and the user needs to know in advance which value is to be input by pressing which key. In order to save the user's trouble, the key is preferably a numeric key.

  In the present embodiment, a touch panel using a cathode ray tube (CRT), a liquid crystal display (LCD) or the like is preferably used as the display input device 3. In the touch panel using a liquid crystal display, a touch panel that can detect a plurality of pressed points at the same time by using an optical sensor provided in the liquid crystal display is preferably used. Such a touch panel is specifically disclosed in Japanese Patent Application Laid-Open No. 2004-318819.

  In the present embodiment, the display input device 3 displays an information input screen as shown in FIG. 3 when the user inputs information for determining an input password. The information input screen has a configuration in which numeric keys “0” to “9”, a “correction” key, and a “decision” key are arranged in four rows and three columns, and the user can easily select any number. Thus, the numerical keys are arranged from the top in ascending order. In addition, a display box for displaying the number of numeric keys input by the user is arranged above the keys. Note that the key combination, key arrangement, and the like are not limited to this, and keys having other roles such as a “return” key and a “clear” key may be added as necessary.

  Note that the display input device 3 is not limited to the touch panel described above, and an information input unit (for example, a PC, a mobile phone, etc.) for acquiring numerical values of a plurality of arbitrary numeric keys simultaneously input by the user (for example, A keyboard or the like) and a display unit (for example, a display or the like) for displaying various information may be provided separately, or the display unit may not be provided. That is, the display input device 3 may be configured to be able to acquire at least the numerical values of a plurality of numeric keys input simultaneously.

  The user information DB 5 is for storing various types of user information. As shown in FIG. 4, the “user ID”, “verification password”, “calculation method”, and “number of simultaneous inputs” are as follows. An associated user information table is stored. FIG. 4 is a diagram showing a user information table stored in the user information DB 5 of the authentication device 1. In the present embodiment, the user information DB 5 has a configuration provided outside the authentication device 1, but the present invention is not limited to this, and a configuration provided inside the authentication device 1 may be used.

  Here, the “user ID” is a code for identifying the user. The “collation password” is a combination of numbers set in advance. The “calculation method” is a method for determining how to calculate the input value simultaneously input by the user and calculating the input password. For example, “addition”, “subtraction”, “integration”, “division” Etc. The “number of simultaneous inputs” is the number of numeric keys that the user inputs at the same time, and may be two or more. The “input password” is a value obtained by calculating a numerical value input simultaneously according to a calculation method corresponding to the user ID.

  More specifically, the input password is an arrangement of numbers formed by arranging a plurality of numbers.

  The information processing unit 4 includes a user information acquisition unit 6 and an authentication unit 7, calculates an input password from a numerical value acquired by the display input device 3 based on the user ID acquired by the user ID acquisition unit 2, This is for verifying the input password and the verification password.

  The user information acquisition unit 6 is connected to the user information DB 5 via a network, acquires the user ID from the user ID acquisition unit 2, and corresponds to the user ID from the user information table stored in the user information DB 5. This is for acquiring the number of simultaneous inputs and the calculation method. Furthermore, the user information acquisition unit 6 acquires the number of simultaneously input numeric keys and the simultaneously input numerical values acquired by the display input device 3, and the total number of user inputs, the number of simultaneous inputs, Compare the set number of inputs based on the verification password. The set input number indicates the number of numerical values to be input by the user, which is calculated from the number of numbers constituting the verification password and the number of simultaneous inputs.

  The authentication unit 7 includes an input number determination unit (input determination unit) 8, a calculation unit (calculation unit) 9, and a password verification unit (verification unit) 10. The authentication unit 7 determines whether or not the number of numeric keys input at the same time matches the number of simultaneous inputs corresponding to the user ID. If they match, the authentication unit 7 determines the input password and verifies the input password and the verification password. Is for. If the input password matches the verification password after the verification, the authentication unit 7 causes the post-authentication processing unit 11 to perform various processes.

  Specifically, the input number determination unit 8 acquires the number of numeric keys and the number of simultaneous inputs simultaneously input from the user information acquisition unit 6, and the number of the simultaneously input number keys matches the number of simultaneous inputs. It is for judging whether or not.

  When the input number determination unit 8 determines that the number of numerical keys input simultaneously and the number of simultaneous inputs match, the calculation unit 9 determines the numerical value and calculation method simultaneously input from the user information acquisition unit 6. The input password is determined by acquiring and calculating the simultaneously input numerical values according to the calculation method.

  More specifically, the calculation unit 9 determines at least one of a plurality of numbers constituting the input password from a set of a plurality of numerical values input simultaneously via the display device 3.

  The password verification unit 10 is for verifying the input password determined by the calculation unit 9 and the verification password stored in the user information DB 5. The password verification unit 10 is connected to the user information DB 5 via a network. When the user ID is acquired from the user information acquisition unit 6, the password verification unit 10 acquires a verification password corresponding to the user ID from the user information DB 5. And the password collation part 10 acquires an input password from the calculation part 9, and collates this input password and the collation password acquired from user information DB5.

  The post-authentication processing unit 11 is for performing various processes after the password verification unit 10 determines that the input password matches the verification password. For example, when the authentication device 1 of the present embodiment is mounted on an ATM, processing such as cash withdrawal is performed, and when the authentication device 1 is mounted on an opening / closing device for an entrance door to the management area, the entrance to the management area is performed. Process to open the door.

  Here, with reference to FIG. 5, a description will be given of a method in which the calculation unit 9 determines the input password based on the simultaneous input number and the calculation method from the numerical values input simultaneously. FIG. 5 is a diagram for explaining a simultaneous input method on the information input screen displayed on the display input device 3 of the authentication device 1. Here, a case will be described in which the calculation method corresponding to the user ID of the user operating the authentication device 1 is added, the number of simultaneous inputs is set to 2, and the first digit of the verification password is set to “0”.

  When the user inputs a numerical value for determining the first digit of the input password, as shown in FIG. 5, the user inputs “4” and “6” numeric keys on the information input screen displayed on the display input device 3. When is simultaneously pressed, the calculation unit 9 calculates “4 + 6” by addition, which is a preset calculation method. Although the calculation result is 10, in the present embodiment, when the number of digits is 2, the value of the last digit is adopted as the output value, and as a result, the first digit of the input password is “0”. " In this way, an input password having a predetermined number of digits is determined.

  Also, if the calculation method is subtraction, the number of simultaneous inputs is “2”, and “4” and “6” are input simultaneously, “4” having a small numerical value is subtracted from “6” having a large numerical value, and the calculation result “2” is adopted as the output value. If the calculation method is integration, the number of simultaneous inputs is “2”, and “4” and “6” are input simultaneously, “4”, which is the last digit of the calculation result “24”, is adopted as the output value. Is done. In addition, when the calculation method is division, the number of simultaneous inputs is “2”, and “4” and “6” are input at the same time, the large numerical value “6” is divided by the small numerical value “4”, and the calculation result Is “1”, the remainder is “2”, and the remainder “2” is adopted as the output value.

  In the present embodiment, the output value obtained by the calculation method uses the last digit of the calculation result as the output value, but the output value is not limited to this. For example, when the calculation result is a two-digit number, the number of the upper digits may be adopted as the output value, or the two-digit number is adopted as the output value as it is, so that the password can be input once. May be entered in two digits.

  Next, in the authentication device 1 of the present embodiment, a processing procedure from when the user ID acquisition unit 2 acquires the user ID to when the password verification unit 10 verifies the input password and the verification password is shown in FIGS. This will be described with reference to FIG. FIG. 6 is a flowchart illustrating a processing procedure of the authentication device 1 according to the present embodiment. In the following description, the processing procedure when the user with the user ID “0001” operates the authentication device 1 shown in FIG. 4 will be described.

  As illustrated in FIG. 6, in the authentication device 1, when a user attaches an IC card to the user ID acquisition unit 2, the user ID acquisition unit 2 reads the user ID from the IC card, and the user information acquisition unit 6 receives the user ID. Is output (S1).

  Then, the user information acquisition unit 6 acquires the calculation method and the simultaneous input number corresponding to the user ID acquired from the user ID acquisition unit 2 from the user information table stored in the user information DB 5 (S2). Here, since the user ID is “0001”, the calculation method is added, and the number of simultaneous inputs is two.

  Then, after acquiring the calculation method and the number of simultaneous inputs, the user information acquisition unit 6 displays an information input screen on the display input device 3 (S3), and waits until the user inputs the information input screen (S4). .

  And if a user inputs, the user information acquisition part 6 will acquire the number of the numerical keys simultaneously input which the display input device 3 acquired, and the numerical value input simultaneously, and will compare the number of user inputs with the number of setting inputs. (S5). For example, when the user ID is “0001”, the set input number is “8” because the simultaneous input number is “2” and the verification password is “1234”, which is four digits. If the user input number does not match the set input number (NO in S5), the process returns to S4.

  The user information acquisition unit 6 is a numerical value for calculating the number of digits of the input password when the user inputs a numerical value for calculating one digit of the input password, that is, every time the user inputs the numerical value simultaneously. May be displayed on the display / input device 3.

  When the number of user inputs matches the number of set inputs (YES in S5), the user information acquisition unit 6 determines the number of number keys that are simultaneously input, the number that is simultaneously input, the number of simultaneous inputs, and the calculation method. Output to the authentication unit 7. And the authentication part 7 determines an input password based on these information, and collates this input password and the collation password memorize | stored in user information DB5 (S6). When the authentication unit 7 determines that the input password and the verification password do not match (NO in S6), the authentication unit 7 transmits authentication failure information to the display input device 3, displays an error message, and displays the information input screen again. Display (S7).

  Here, the authentication procedure of the input password and the verification password in S6 and S7 of the above-described processing procedure will be specifically described with reference to FIG. 1 and FIG. FIG. 7 is a flowchart showing an authentication procedure of the authentication device 1 of the present embodiment.

  When the number of user inputs matches the number of set inputs (YES in S5 of FIG. 6), the input number determination unit 8 of the authentication unit 7 determines the number of numeric keys simultaneously input from the user information acquisition unit 6 and The number of inputs is acquired, and the number of the numerical keys that are simultaneously input and the number of simultaneous inputs are compared to determine whether the numbers match (S8). If the numbers do not match (NO in S8), the input number determination unit 8 transmits authentication failure information to the display input device 3 to display an error message. Here, the error message displayed on the display input device 3 may be content indicating that the number of simultaneous inputs is incorrect or content indicating authentication failure.

  If the two numbers match (YES in S8), the input number determination unit 8 outputs the information to the calculation unit 9. When the calculation unit 9 receives the information in which the number of both coincides from the input number determination unit 8, the calculation unit 9 acquires the numerical value and the calculation method simultaneously input from the user information acquisition unit 6, and calculates the simultaneously input numerical value. The input password is determined by calculating according to the calculation method (S9).

  Then, the calculation unit 9 outputs the determined input password to the password verification unit 10. The password verification unit 10 acquires a user ID from the user information acquisition unit 6 and acquires a verification password corresponding to the user ID from the user information DB 5 via the network. The password verification unit 10 verifies the input password acquired from the calculation unit 9 and the verification password (S10).

  After that, if the password verification unit 10 determines that the input password and the verification password match as a result of the verification in S10 (YES in S6 of FIG. 6), the information is output to the post-authentication processing unit 11. Further, as described above, when the password verification unit 10 determines that the output value and the verification password do not match (NO in S6), the password verification unit 10 transmits authentication failure information to the display input device 3. Then, an error message is displayed (S7 in FIG. 6).

  In the present embodiment, as described above, the number of user inputs is compared with the number of set inputs in S5, and the number of number keys simultaneously input in S8 is compared with the number of simultaneous inputs. The order of the processing in S8 may be reversed. That is, the configuration may be such that the number of numeric keys simultaneously input in S5 is compared with the number of simultaneous inputs, and the number of user inputs and the set input number are compared in S8.

  More specifically, in S5, the user information acquisition unit 6 compares the number of numeric keys input simultaneously with the number of simultaneous inputs, and determines whether the numbers match. If the number of both coincides (YES in S5), in S8, the input number determination unit 8 of the authentication unit 7 indicates the number of numeric keys and the number of simultaneous inputs simultaneously input from the user information acquisition unit 6. Acquire and compare the number of user inputs with the number of set inputs. When the input number determination unit 8 determines that the user input number and the set input number match (YES in S8), the process proceeds to S9 and determines that the user input number and the set input number do not match In the case (NO in S8), the process returns to S4.

  If the user information acquisition unit 6 determines that the number of numeric keys input at the same time does not match the number of simultaneous inputs (NO in S5), after the user inputs all the numerical values, the user information acquisition unit 6 transmits information of authentication failure to the display input device 3 to display an error message. As described above, after the user inputs all the numerical values, the error message is displayed on the display input device 3, thereby preventing the simultaneous input number from being estimated by a third party. Here, the error message displayed on the display input device 3 may be content indicating that the number of simultaneous inputs is incorrect or content indicating authentication failure.

  The collation password corresponding to the user ID “0001” is “1234”. In order to match the input password and the collation password, a numerical value that is simultaneously input is realized by, for example, as shown in FIG. can do. Here, when the user ID is “0001”, it is assumed that the calculation method is set to “addition” and the number of simultaneous inputs is “2” as shown in the user information table of FIG.

  Therefore, as shown in FIG. 8, the input value 1 “4” and the input value 2 “7” are simultaneously input in the first digit input, and the input value 1 “4” and the input value are input in the second digit input. 2 “8” is input at the same time, input value 1 “6” and input value 2 “7” are input simultaneously at the third digit input, and input value 1 “0” and input value are input at the fourth digit input. 2 Input “4” at the same time. As a result, the input value 1 and the input value 2 of each digit are added, and the lower first digit value calculated is used as the input password, whereby the input password is determined to be “1234”. Needless to say, the method of determining the input password as “1234” is not limited to this.

  In the present embodiment, the user sets the calculation method and the number of simultaneous inputs in advance and stores them in the user information DB 5 in association with the user ID. However, the present invention is not limited to this. That is, only the collation password is set in advance, only the user ID and the collation password are associated and stored in the user information DB 5, and the user information acquisition unit 6 acquires the user ID from the user ID acquisition unit 2. As shown in FIG. 9, the user information acquisition unit 6 may be configured to instruct the user on the calculation method and the number of simultaneous inputs on the information input screen of the display input device 3.

  In this case, since the user is required to perform calculation for deriving the password after being instructed by the user information acquisition unit 6 about the calculation method and the number of simultaneous inputs, the calculation formula and the calculation result are placed near the display input device 3. It is desirable to improve user convenience, such as displaying a list of

  In this embodiment, a verification password is set for each user. However, the present invention is not limited to this, and a configuration in which all users use the same verification password may be used. In this case, the user ID acquisition unit 2 may not be provided, and the user information DB 5 only needs to store a table associated with the calculation method and the number of simultaneous inputs. The verification password may be set in the password verification unit 10 in advance.

  As described above, the authentication device 1 according to the present embodiment is acquired by the display input device 3 that acquires the numerical values of the plurality of numeric keys that are simultaneously input via the plurality of numeric keys, and the display input device 3. A calculation unit 9 that calculates a plurality of numerical values according to a predetermined calculation method and determines an input password, and a password verification unit that compares the input password determined by the calculation unit 9 with a preset verification password 10.

  In the authentication device 1 according to the present embodiment, the user simultaneously inputs a plurality of numeric keys, calculates the simultaneously input numerical values according to a predetermined calculation method, determines an input password, The password is verified against a preset verification password. That is, when a user inputs a password, the password itself is conventionally input one digit at a time, but in the present invention, a plurality of numerical values different from the password are simultaneously input at a time.

  Therefore, since the number key that the user inputs simultaneously is not the input password itself, even if the movement of the user's finger or arm is seen by a third party, the password can be prevented from being stolen by a third party. it can. Also, which number key is pressed when the user tries to estimate the input value by an action such as a third party stealing the movement of the user's finger or arm by simultaneously inputting multiple number keys It becomes difficult to specify. As a result, it is possible to prevent the input value from being easily stolen by a third party.

  In addition, even if the password itself is known to a third party from notes, the Internet, etc., if the calculation method for calculating the password is not known to the third party, the third party will be able to derive the password. Since it is desired to input an appropriate numerical value, unauthorized use of a password by a third party can be prevented easily.

  In addition, although the number of numeric keys input by the user is large, the password to be stored by the user may be a simple password that is easy to remember numerical values as in the conventional case, which is convenient without burdening the user. .

  As described above, the authentication device 1 of the present embodiment is characterized in that the user simultaneously inputs a plurality of numeric keys and determines an input password from the input value according to a predetermined calculation method. In order to cause the authentication device 1 to calculate the numerical value of the input password, it is necessary to memorize the numerical value to be simultaneously input or to determine it on the spot.

  Accordingly, the authentication device 1 instructs the information processing unit 4 to input an input instruction unit in order to instruct at least one of a plurality of numeric keys that are simultaneously input to the user on the information input screen displayed on the display input device 3. (Not shown) may be provided. As a method for instructing the user to enter numeric keys simultaneously, the numeric key may be blinked, or the color may be changed or the numeric key may be lit. Furthermore, in order to instruct a user to enter a numeric key simultaneously, a configuration may be used in which a text instruction is given at a portion other than the numeric key. In other words, any method may be used as a method for the numerical input key to be input simultaneously to the user by the input instruction unit as long as the numerical key instruction to be input is transmitted to the user.

  FIG. 10 is a diagram illustrating a configuration in which the input instruction unit blinks one numeric key on the information input screen displayed on the display input device 3 of the authentication device 1. In FIG. 10, in the information input screen displayed on the display input device 3, the input instruction unit blinks the numeric key “4”. For example, when the number of simultaneous inputs is 2 and the calculation method is addition, and the user wants to input 0 as the input password, the user calculates by the numeric key “4” blinking by the input instruction unit and addition. It is only necessary to simultaneously press the numeric key “6” that results in 0.

  The input instruction unit may be configured to blink a plurality of numeric keys as well as the single numeric key as described above. FIG. 11 is a diagram illustrating a configuration in which the input instruction unit blinks a plurality of numeric keys on the information input screen displayed on the display input device 3 of the authentication device 1.

  In FIG. 11, on the information input screen displayed on the display input device 3, the input instruction unit blinks the numeric keys “2” and “4”. For example, when the number of simultaneous inputs is “2”, the calculation method is “addition”, and the user wants to input “0” as the input password, the user presses the numeric key “4” blinking in the input instruction section. "Or" 2 "is selected, and numbers that become 0 by addition may be simultaneously pressed.

  As described above, the authentication device 1 includes the above-described input instruction unit, and the user instructs the user to specify a numerical value instructed by the input instruction unit instructing at least one of a plurality of numeric keys to be input simultaneously. And considering the calculation method, it is possible to input only by considering the remaining numerical values. Therefore, it is possible to save the user from having to consider which numeric key and which numeric key to press, and the user can easily input a plurality of numeric keys simultaneously.

  The calculation method or the number of simultaneous inputs may be configured such that the user can select on the information input screen displayed on the display input device 3. FIG. 12 is a diagram illustrating a configuration in which a calculation method can be selected on the information input screen displayed on the display input device 3 of the authentication device 1. As shown in FIG. 12, when the calculation method can be selected, the calculation method can be changed every time the input password is simultaneously input to calculate one digit of the input password. Moreover, the structure which enables it to select only the number of simultaneous inputs may be sufficient, and the structure which can select both the calculation method and the number of simultaneous inputs may be sufficient.

  In addition, when the user does not desire a method as secure as the authentication method of the present embodiment, the authentication method in the authentication apparatus 1 of the present embodiment and the conventional method can be used so that the password can be input using the conventional authentication method. The authentication method may be switched on the information input screen of the display input device 3.

  When the user selects a conventional authentication method, the user information acquisition unit 6 acquires the user ID from the user ID acquisition unit 2 and outputs the user ID to the password verification unit 10. And the password verification part 10 should just be set as the structure which acquires a verification password from user information DB5, acquires the input password which the user input using the display input device 3, and collates this input password and a verification password .

  Finally, each block of the authentication device 1, in particular, the user information acquisition unit 6, the input number determination unit 8, and the calculation unit 9 may be configured by hardware logic, or by software using a CPU as follows. It may be realized.

  That is, the authentication device 1 includes a CPU (central processing unit) that executes instructions of a control program that implements each function, a ROM (read only memory) that stores the program, a RAM (random access memory) that expands the program, A storage device (recording medium) such as a memory for storing the program and various data is provided. An object of the present invention is to provide a recording medium in which a program code (execution format program, intermediate code program, source program) of a control program of the authentication device 1 which is software that realizes the above-described functions is recorded so as to be readable by a computer. This can also be achieved by supplying the authentication apparatus 1 and reading and executing the program code recorded on the recording medium by the computer (or CPU or MPU).

  Examples of the recording medium include tapes such as magnetic tapes and cassette tapes, magnetic disks such as floppy (registered trademark) disks / hard disks, and disks including optical disks such as CD-ROM / MO / MD / DVD / CD-R. Card system such as IC card, IC card (including memory card) / optical card, or semiconductor memory system such as mask ROM / EPROM / EEPROM / flash ROM.

  The authentication device 1 may be configured to be connectable to a communication network, and the program code may be supplied via the communication network. The communication network is not particularly limited. For example, the Internet, intranet, extranet, LAN, ISDN, VAN, CATV communication network, virtual private network, telephone line network, mobile communication network, satellite communication. A net or the like is available. Also, the transmission medium constituting the communication network is not particularly limited. For example, even in the case of wired such as IEEE 1394, USB, power line carrier, cable TV line, telephone line, ADSL line, etc., infrared rays such as IrDA and remote control, Bluetooth ( (Registered trademark), 802.11 wireless, HDR, mobile phone network, satellite line, terrestrial digital network, and the like can also be used. The present invention can also be realized in the form of a computer data signal embedded in a carrier wave in which the program code is embodied by electronic transmission.

  The present invention is not limited to the above-described embodiments, and various modifications can be made within the scope of the claims. That is, embodiments obtained by combining technical means appropriately changed within the scope of the claims are also included in the technical scope of the present invention.

  The authentication device of the present invention is suitably mounted on a device that requires password input for authentication of ATM, PC, mobile phone, and the like.

It is a block diagram which shows schematic structure of the authentication apparatus which concerns on one Embodiment of this invention. It is a figure which shows schematic structure of ATM with which the said authentication apparatus is applied. It is a figure which shows the information input screen displayed in the display apparatus of the said authentication apparatus. It is a figure which shows the user information table memorize | stored in user information DB of the said authentication apparatus. It is a figure for demonstrating the simultaneous input method in the information input screen displayed on the display apparatus of the said authentication apparatus. It is a flowchart which shows the process sequence in the said authentication apparatus. It is a flowchart which shows the authentication procedure in the said process procedure. It is a figure which shows the relationship between the input value and output value which were input simultaneously in the said authentication apparatus. It is a figure which shows the information input screen displayed in the display apparatus of the said authentication apparatus. It is a figure which shows the structure which the input instruction | indication part blinks one number key on the information input screen displayed on the display apparatus of the said authentication apparatus. It is a figure which shows the structure which the input instruction | indication part blinks the several number key on the information input screen displayed on the display apparatus of the said authentication apparatus. It is a figure which shows the structure which can select a calculation method in the information input screen displayed on the display apparatus of the said authentication apparatus.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Authentication apparatus 2 User ID acquisition part (user identification information acquisition means)
3. Display device (input means)
4 Information processing section 5 User information DB (storage section)
6 User information acquisition unit (user information acquisition means)
7 Authentication unit 8 Input number determination unit (input number determination means)
9 Calculation part (calculation means)
10 Password verification part (verification means)
11 Post-authentication processing section

Claims (11)

Input means for acquiring values of a plurality of keys input simultaneously via a plurality of keys;
Using a plurality of values acquired by the input means, calculating according to a predetermined calculation method, and calculating means for determining an input password;
An authentication apparatus comprising: a collation unit that collates an input password determined by the calculation unit and a collation password set in advance.   The authentication device according to claim 1, wherein the calculating unit determines at least one of a plurality of numbers constituting the input password from a plurality of values input simultaneously. Comprising user identification information acquisition means for acquiring user identification information for identifying a user;
The verification unit reads the verification password stored in advance in association with the user identification information acquired by the user identification information acquisition unit, and verifies the verification password and the input password. The authentication device according to claim 1 or 2.   The authentication device according to any one of claims 1 to 3, wherein the input unit acquires numerical values of a plurality of number keys that are simultaneously input via a plurality of number keys.   The calculation unit reads the calculation method stored in advance in association with the user identification information acquired by the user identification information acquisition unit from the storage unit, and calculates the numerical value acquired by the input unit according to the calculation method. The authentication apparatus according to claim 3, wherein the input password is determined by calculation using the authentication password. Comparing the number of keys simultaneously input to the input means with a predetermined number of simultaneous inputs, it is provided with an input number determination means for determining whether the number of both coincides,
The authentication apparatus according to claim 3 or 5, wherein when the number of the two coincides, the calculation means determines an input password.   The number-of-inputs determination unit reads the number of simultaneous inputs stored in advance in association with the user identification information acquired by the user identification information acquisition unit from the storage unit, and is simultaneously input to the number of simultaneous inputs and the input unit. The authentication apparatus according to claim 6, wherein the number of keys is compared with the number of keys.   The authentication apparatus according to claim 1, further comprising an input instruction unit that instructs at least one of a plurality of keys that are simultaneously input to a user. An input process for acquiring values of a plurality of keys input simultaneously through a plurality of keys,
Using a plurality of values acquired in the input step, calculating according to a predetermined calculation method, and determining an input password,
An authentication method, comprising: a collation step of collating an input password determined in the calculation step with a preset collation password.   The authentication program for functioning a computer as said each means of the authentication apparatus of any one of Claims 1-8.   The computer-readable recording medium which recorded the authentication program of Claim 10.

Images