JP2008257701A - Authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a method and server for making it difficult for a malicious third person to construct an authentication screen using image data. <P>SOLUTION: A server receives the registration request data of a password from a user, and transmits a plurality of image data as candidate image data to a terminal. According as the user selects an image, the server stores the selected image data by associating the image data with data to specify the user with the password as registration image data, and excludes the selected image data from the candidate image data. Then, when receiving authentication request data from the user with the data to specify the user and the password, the server transmits the registration image data stored so as to be associated with the data to specify the user to the terminal with the plurality of image data, and according as the user selects the image data, when the selected image data are stored so as to be associated with the data to specify the user as the registration image data, the server completes authentication. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an authentication system. More specifically, the present invention relates to an image authentication system.

  Conventionally, on the Internet, online banking services such as transfer and deposit are provided by financial institutions. In addition, payment by credit card is performed at an online shop or the like. In such electronic transactions on the Internet, it is necessary to authenticate whether or not the user is a registered person in advance. In order to confirm the authentication, means such as login to a web page is provided. For example, in a website such as a financial institution or an online shop, a user ID is issued to a user and a password is registered. Then, the user sends a user ID and password data to the website and requests authentication. The website verifies the user ID and password, authenticates the matched user, and logs in to the web page.

  This can prevent the user's electronic transactions and information from being misused by other users. However, there is a phishing site, a website for a malicious third party to imitate the original website and deceive the user. Such a phishing site collects text, images, and the like of the original site and is created with a design similar to the original site. Therefore, the user cannot easily distinguish the phishing site. Then, on a login screen of a phishing site that the user is not aware of, a malicious third party can obtain the information by allowing the user to input a password.

In such a situation, according to the technique described in Patent Document 1, authentication by image is performed in addition to authentication by password. In the image authentication, image image data registered in advance by the user and image images belonging to a different category from the image image data are displayed on the login screen. The user can select an image registered by the user from these candidates and perform authentication based on the image.
JP 2006-163825 A

  However, even with the technique described in Patent Document 1, a malicious third party can collect the image itself to be displayed on the login screen and construct a phishing site, thus preventing such a phishing site. I can't. Thus, there is a possibility that the same image as the image registered by the user on the original site may be displayed on the authentication screen using the image of the phishing site, and such a technique for protecting the user from the phishing site is disclosed. Not.

  Accordingly, an object of the present invention is to provide a method and a server that make it more difficult for a malicious third party to construct an authentication screen using image data.

  More specifically, the present invention provides the following.

(1) A method in which a server (server 10) connectable to a terminal (terminal 20) via a communication network (communication network 30) authenticates a user of the terminal,
A candidate image transmission step of transmitting a predetermined number of different image data as candidate image data to the terminal in response to receiving password registration request data from the user accepted by the terminal;
In response to receiving data indicating that specific image data has been selected from the candidate image data received from the user received by the terminal, the selected specific image data as registered image data, An image storing step for storing the password data together with data for identifying the user (user ID data);
Thereafter, excluding the selected specific image data from the candidate image data transmitted in response to reception of password registration request data from the user received by the terminal;
The registered image stored in association with the received data specifying the user in response to receiving the authentication request data received from the user together with the data specifying the user and the password data received by the terminal An authentication image transmission step of transmitting data to the terminal as authentication image data together with a predetermined number of different image data;
In response to receiving data indicating selection of specific image data from the authentication image data received by the terminal from the user, the selected specific image data is used as the registered image data. An authentication step of completing authentication of the user when stored in association with data to be identified.

According to such a configuration of the present invention, the server receives a predetermined number of different pieces of image data in response to receiving password registration request data from the user received by the terminal. Send it to the terminal as candidate image data,
In response to receiving data indicating that specific image data has been selected from the candidate image data received from the user received by the terminal, the selected specific image data as registered image data, Along with password data, it is stored in association with data (user ID data) for identifying the user,
Thereafter, the selected specific image data is excluded from the candidate image data transmitted in response to reception of the password registration request data received from the user received by the terminal,
The registered image stored in association with the received data specifying the user in response to receiving the authentication request data received from the user together with the data specifying the user and the password data received by the terminal Transmitting data to the terminal as authentication image data together with a predetermined number of different image data,
In response to receiving data indicating selection of specific image data from the authentication image data received by the terminal from the user, the selected specific image data is used as the registered image data. If it is stored in association with the data to be identified, the user authentication is completed.

  Accordingly, the server can cause the user to select specific image data from among a plurality of candidate image data in response to receiving password registration request data from the user. Further, specific image data selected by the user, password data, and data for specifying the user (user ID data) can be stored in association with each other. Then, the specific image data selected by the user can be excluded from the candidate image data to be transmitted thereafter.

  As a result, the server can make the registered image data stored for each user unique to each other, and thereafter can eliminate the opportunity to be transmitted as candidate image data. Therefore, when a malicious third party accesses the original site and attempts to collect image data, it can be difficult to successfully collect the registered image data stored for each user. In this way, on the authentication screen of a phishing site created by a malicious third party, “authentic” registered image data that is likely to be deceived and selected by each user is displayed on the terminal of the user. Can be difficult.

(2) The method according to (1),
In the candidate image transmission step, the server transmits the candidate image data including blank image data to the terminal,
In the image storing step, the selected blank image data is received as the registered image data in response to receiving data indicating that blank image data has been selected from the user. A method of storing the password data together with the data specifying the user.

  According to such a configuration of the present invention, the server transmits the candidate image data including blank image data to the terminal in the candidate image transmission step, and receives the candidate image data from the terminal in the image storage step. , In response to receiving data indicating that blank image data has been selected from the user, the selected blank image data as the registered image data, together with the password data, data specifying the user; Store it in association.

  Thus, the server can transmit blank image data to the terminal through the candidate image transmission step. In the image storing step, the user selects blank image data, and the selected blank image data, the password data, and data for specifying the user can be stored in association with each other.

  As a result, the server can cause the user to select both blank image data as registered image data.

  In this way, by increasing the types of image data that can be selected for authentication using image data, it is possible to make the authentication screen generation of a phishing site by a malicious third party more troublesome, and phishing. The site can be suppressed.

(3) The method according to (1) or (2),
In response to receiving data indicating that the server is not one of the candidate images received from the terminal in the image storing step, the server indicates that it is not one of the received candidate images. A method of storing data to be shown in association with data specifying the user together with the password data as the registered image data instead of the specific image data.

  According to such a configuration of the present invention, in response to receiving data from the user indicating that the server is not one of the candidate images in the image storage step, Data indicating that it is not any of the received candidate images is stored as the registered image data in place of the specific image data in association with the data specifying the user together with the password data.

  Thus, the server can transmit an option that is not any of the candidate image data to the terminal in the candidate image transmission step. In the image storing step, data indicating selection that is not any of the candidate image data can be stored in association with the password data and data specifying the user in accordance with the user's selection.

  As a result, each user can select an authentication method that corrects that it is not one of the authentication images. As described above, by increasing the number of image authentication methods, it is possible to make the generation of a phishing site authentication screen by a malicious third party more troublesome and to suppress the phishing site.

(4) The method according to any one of (1) to (3),
The server further includes a step of supplementing a plurality of images that are candidates for the image data to be transmitted to the terminal in the candidate image transmission step.

  According to such a configuration of the present invention, the server supplements a plurality of images that are candidates for the image data to be transmitted to the terminal in the candidate image transmission step.

  By this, the server can prevent the candidate image data from being reduced after being excluded by becoming the registered image data by periodically supplementing the images that are candidates for the image data. .

  As a result, the server can automatically cause the user to select registered image data from the new candidate image data. In this way, by updating the candidate image data, it is possible to make the authentication screen generation of a phishing site by a malicious third party more troublesome and to further suppress the phishing site. it can.

(5) The method according to any one of (1) to (4),
In the authentication image transmission step, the server transmits the authentication image data so that the terminal displays the authentication image data over a plurality of screens.

  According to such a configuration of the present invention, in the authentication image transmission step, the server transmits the authentication image data so that the terminal displays the authentication image data over a plurality of screens.

  Accordingly, the server can cause the user to select specific image data selected by the user from the candidate image data on the screen displayed by the terminal over a plurality of screens.

  Accordingly, the server displays images across a plurality of screens when the user selects image data, thereby avoiding restrictions on the screen size and selecting from a large number of candidate images. Can be accepted. By suppressing the probability of the registered image with respect to the displayed candidate image in this way, it is possible to make it difficult for a malicious third party to specify the image data selected by the user.

(6) The method according to any one of (1) to (5),
The server periodically replaces images that are candidates for authentication image data to be transmitted in the authentication image transmission step.

  According to such a configuration of the present invention, the server periodically replaces images that are candidates for authentication image data to be transmitted in the authentication image transmission step.

  As a result, the server can periodically change the images that are candidates for the authentication image data to different images.

  As a result, it is difficult for a malicious third party to estimate registered image data by making the authentication image data new as well as the registered image data in which a new one is always registered. can do.

(7) The method according to any one of (1) to (6),
The server registers the image data provided by the designated user in response to receiving data indicating that the image data provided by the user is designated as the registered image data in the image storing step. A method of storing image data in association with data specifying the user together with the password data.

  According to such a configuration of the present invention, the server is designated in response to receiving data indicating that image data provided by the user is designated as the registered image data in the image storing step. The image data provided by the user is stored as the registered image data in association with the data specifying the user together with the password data.

  Accordingly, the server can store an image provided by the user as registered image data of the user. The server can associate the registered image data of the user, the password, and data specifying the user.

  As a result, the server not only allows the user to select candidate image data, but also can use image data provided by the user for image authentication.

  Therefore, using image data provided by the user for image authentication makes it difficult to create an authentication screen for a phishing site by a malicious third party using only candidate image data that can be collected when selecting registered image data. be able to. In addition, by making the image data provided by the user himself / herself that can be easily stored in the memory as registered image data, the user can easily select from the candidate image data on the authentication screen.

(8) The method according to any one of (1) to (7),
The server is selected in response to receiving data indicating that a plurality of specific image data has been selected from the candidate image data received from the terminal and received from the terminal in the image storing step. A method of storing the plurality of specific image data as registered image data in association with the data specifying the user together with the password data.

  According to such a configuration of the present invention, the server receives data received from the terminal and indicating that a plurality of specific image data has been selected from the candidate image data from the user in the image storage step. In response to reception of the password, the selected plurality of specific image data are stored as registered image data in association with the data specifying the user together with the password data.

  Thus, the server can store a plurality of candidate image data as registered image data. The server can store the plurality of registered image data in association with the password of the user and data specifying the user.

  As a result, the server can use a plurality of registered image data for image authentication.

  Therefore, even if a malicious third party uses registered image data specified by the user on the authentication screen of the phishing site, it is necessary to display a plurality of registered image data. This makes it difficult to create an authentication screen for a phishing site by a malicious third party.

(9) The method according to (8),
In response to receiving, from the user, data indicating that the plurality of specific image data has been selected from the candidate image data in a specific order received from the terminal in the image storing step. And storing the selected plurality of specific image data together with the data indicating the specific order as the registered image data in association with the data specifying the user together with the password data.

  According to such a configuration of the present invention, the server selects the specific plurality of image data in the specific order from the candidate image data received from the terminal and received from the terminal in the image storing step. In response to receiving the data indicating that the user has been performed, the selected plurality of specific image data are specified as the registered image data together with the data indicating the specific order, and the user is specified along with the password data. Store in association with data.

  Thus, the server can store a plurality of candidate image data as registered image data. Furthermore, the server can store the order of selecting a plurality of registered image data. The server can store the plurality of registered image data and data indicating the order of selecting the registered image data in association with the user password and the data specifying the user.

  As a result, the server can use the order in which the user selects a plurality of registered image data for image authentication.

  Therefore, it is more difficult for a malicious third party to obtain data indicating the order of selecting a plurality of registered image data from the authentication screen of the original site. Creating an authentication screen for phishing sites can be made difficult.

(10) The method according to any one of (1) to (9),
In the candidate image transmission step, different characters are determined in association with each of the plurality of image data included in the candidate image data, and data indicating the determined characters is transmitted in association with the candidate image data. ,
A method of receiving input of the character determined in the candidate image transmission step as data indicating that specific image data has been selected in the image storage step.

  According to such a configuration of the present invention, the server determines different characters in association with each of the plurality of image data included in the candidate image data in the candidate image transmission step, and determines the determined Data indicating characters is transmitted in association with the candidate image data, and the character input determined in the candidate image transmission step is received as data indicating that specific image data has been selected in the image storage step.

  Accordingly, the server determines different characters in association with each of the plurality of image data, so that the selected image data can be specified by receiving the input of the determined characters.

(11) The method according to (10),
The method in which the data to be transmitted in the candidate image transmission step is image data representing the determined character.

  According to such a configuration of the present invention, the server transmits image data representing the determined character in the candidate image transmission step.

  Accordingly, the server expresses the determined character as image data, so that it is difficult for a malicious third party to read the determined character.

(12) The method according to (10) or (11),
The method of transmitting data in the candidate image transmitting step is data for displaying the determined character superimposed on the candidate image.

  According to such a configuration of the present invention, in the candidate image transmission step, the server transmits data for displaying the determined character superimposed on the candidate image.

  Accordingly, the server superimposes the image data indicating the determined character on the candidate image data, so that it is difficult to automatically determine the candidate image and the character. As a result, the possibility of being read by a malicious third party can be reduced.

(13) The method according to any one of (1) to (12),
In the authentication image transmission step, different characters are determined in association with each of the plurality of image data included in the authentication image data, and data indicating the determined characters is transmitted in association with the authentication image data. ,
A method of receiving an input of a character determined in the authentication image transmission step as data indicating selection of specific image data in the authentication step.

  According to such a configuration of the present invention, in the authentication image transmission step, the server determines different characters in association with each of a plurality of image data included in the authentication image data, and determines Data indicating characters is transmitted in association with the authentication image data. In the authentication step, the character input determined in the authentication image transmission step is received as data indicating selection of specific image data.

  Accordingly, the server determines different characters in association with each of the plurality of image data, so that the selected image data can be specified by receiving the input of the determined characters.

(14) The method according to (13),
The method in which the data to be transmitted in the authentication image transmitting step is image data representing the determined character.

  According to such a configuration of the present invention, the server transmits image data representing the determined character in the authentication image transmission step.

  Accordingly, the server expresses the determined character as image data, so that it is difficult for a malicious third party to read the determined character.

(15) The method according to (13) or (14),
A method of transmitting data in the authentication image transmitting step and data for displaying the determined character superimposed on the authentication image.

  According to such a configuration of the present invention, in the authentication image transmission step, the server transmits data for displaying the determined character superimposed on the authentication image.

  Accordingly, the server superimposes the image data indicating the determined character on the authentication image data, so that it is difficult to automatically determine the authentication image and the character. As a result, the possibility of being read by a malicious third party can be reduced.

(16) A server (server 10) that can be connected to a terminal (terminal 20) via a communication network (communication network 30) and authenticates a user of the terminal,
A candidate image transmission step of transmitting a predetermined number of different image data as candidate image data to the terminal in response to receiving password registration request data from the user accepted by the terminal;
In response to receiving data indicating that specific image data has been selected from the candidate image data received from the user received by the terminal, the selected specific image data as registered image data, An image storing step for storing the password data together with data for identifying the user (user ID data);
Thereafter, excluding the selected specific image data from the candidate image data transmitted in response to reception of password registration request data from the user received by the terminal;
The registered image stored in association with the received data specifying the user in response to receiving the authentication request data received from the user together with the data specifying the user and the password data received by the terminal An authentication image transmission step of transmitting data to the terminal as authentication image data together with a predetermined number of different image data;
In response to receiving data indicating selection of specific image data from the authentication image data received by the terminal from the user, the selected specific image data is used as the registered image data. An authentication step of completing authentication of the user when stored in association with data to be specified.

  According to such a configuration of the present invention, the server has the same operation as (1).

  According to the present invention, the server can cause the user to select specific image data from among a plurality of candidate image data in response to receiving password registration request data from the user. Further, specific image data selected by the user, password data, and data for specifying the user (user ID data) can be stored in association with each other. Then, the specific image data selected by the user can be excluded from the candidate image data to be transmitted thereafter. As a result, the server can make the registered image data stored for each user unique to each other, and thereafter can eliminate the opportunity to be transmitted as candidate image data. Therefore, when a malicious third party accesses the original site and attempts to collect image data, it can be difficult to successfully collect registered image data stored for other users. In this way, on the authentication screen of a phishing site created by a malicious third party, “authentic” registered image data that is likely to be deceived and selected by another user is displayed on the terminal of the user. Can be difficult.

<First Embodiment>
Hereinafter, an example of the best embodiment of the present invention will be described with reference to the drawings.

FIG. 1 is a diagram showing an overall configuration of a system 1 according to an example of a preferred embodiment of the present invention. FIG. 2 is a diagram illustrating the configuration of the server 10 and the terminal 20 according to an example of the preferred embodiment of the present invention. FIG. 3 is a functional block diagram showing processing by the server 10 and the terminal 20 according to an example of the preferred embodiment of the present invention. FIG. 4 is a sequence diagram of user registration processing according to an example of the preferred embodiment of the present invention. FIG. 5 is a diagram showing a user registration screen according to an example of the preferred embodiment of the present invention. FIG. 6 is a diagram showing a user password registration image DB according to an example of the preferred embodiment of the present invention. FIG. 7 is a diagram showing a candidate image DB according to an example of a preferred embodiment of the present invention. FIG. 8 is a sequence diagram of user authentication processing according to an example of the preferred embodiment of the present invention. FIG. 9 is a diagram showing a user authentication screen according to an example of the preferred embodiment of the present invention. FIG. 10 is a diagram showing an overview of user authentication processing according to an example of the preferred embodiment of the present invention. FIG. 11 is a diagram showing an outline of image authentication using a plurality of screens according to an example of the preferred embodiment of the present invention. FIG. 12 is a diagram showing data exchange of the authentication image DB according to an example of the preferred embodiment of the present invention. FIG. 13 is a diagram showing an outline of image authentication using an image provided by a user according to an example of a preferred embodiment of the present invention. FIG. 14 is a diagram showing an outline of image authentication using an order of selecting a plurality of images according to an example of the preferred embodiment of the present invention.
[System overall configuration]

  FIG. 1 is a diagram showing an overall configuration of a system 1 according to an example of a preferred embodiment of the present invention.

The server 10 can be connected to the terminal 20 via the communication network 30. The communication network 30 is not limited to a wired network, but a wireless network such as a mobile phone that is partially realized via a base station, a wireless LAN that is realized via an access point, etc. It may be realized by various communication networks as long as it matches the technical idea of the above.
[Hardware Configuration of Server 10]

  FIG. 2 is a diagram illustrating an example of a hardware configuration of the server 10 according to an example of the preferred embodiment of the present invention described in FIG. The server 10 includes a CPU (Central Processing Unit) 110 (a plurality of CPUs such as the CPU 120 may be added in a multiprocessor configuration), a bus line 105, a communication I / F 140, a main memory 150, a BIOS A basic input output system) 160, a USB port 190, an I / O controller 170, an input device 181 such as a keyboard and mouse 180, and a display device 122.

  The BIOS 160 stores a boot program executed by the control device 101 when the server 10 is started, a program depending on the hardware of the server 10, and the like.

  A storage device 102 such as a tape drive 172, a hard disk 174, an optical disk drive 176, or a semiconductor memory 178 can be connected to the I / O controller 170.

  The hard disk 174 constituting the storage device 102 stores various programs for the server 10 to function as a server and programs for executing the functions of the present invention, and various databases can be configured as necessary.

  As the optical disk drive 176, for example, a DVD-ROM drive, a CD-ROM drive, a DVD-RAM drive, or a CD-RAM drive can be used. In this case, the optical disk 177 corresponding to each drive is used. A program or data may be read from the optical disk 177 by the optical disk drive 176 and provided to the main memory 150 or the hard disk 174 via the I / O controller 170. Similarly, the tape medium 171 corresponding to the tape drive 172 can be used mainly for backup.

  The program provided to the server 10 is provided by being stored in a recording medium such as the hard disk 174, the optical disk 177, or a memory card. The program may be installed in the server 10 and executed by being read from the recording medium via the I / O controller 170 or downloaded via the communication I / F 140.

  The aforementioned program may be stored in an internal or external storage medium. Here, in addition to the hard disk 174, the optical disk 177, or the memory card, a magneto-optical recording medium such as an MD and a tape medium can be used as the storage medium constituting the storage device 102. Further, a storage device such as a hard disk 174 or an optical disk library provided in a server system connected to a dedicated communication line or the Internet may be used as a recording medium, and the program may be provided to the server 10 via the communication line.

  Here, the display device 122 displays a screen for accepting data input to the user, or displays a screen of a calculation processing result by the server 10, and is a cathode ray tube display device (CRT), a liquid crystal display device (LCD). ) And the like.

  Here, the input device 181 accepts input by the user, and may be configured by a keyboard, a mouse 180, and the like.

  The communication I / F 140 is a network adapter that enables the server 10 to be connected to a terminal via a dedicated network or a public network. The communication I / F 140 may include a modem, a cable modem, and an Ethernet (registered trademark) adapter.

In the above example, the server 10 has been mainly described. However, the functions described above can also be realized by installing a program in a computer and operating the computer as a server device. Therefore, the functions realized by the server described as an embodiment in the present invention can be realized by executing the above method by the computer, or by introducing the above program to the computer and executing it. It is.
[Hardware configuration of terminal 20]

The terminal 20 may be a communication terminal other than a so-called computer such as a mobile phone 20b, a PDA (Personal Data Assistant) 20c, and a game machine 20d, in addition to a PC (Personal Computer) 20a.
[System functional configuration]

  FIG. 3 is a functional block diagram of the terminal 20 and the server 10 according to an example of the preferred embodiment of the present invention.

  The terminal 20 includes an input unit 21, a transmission / reception unit 22, a control unit 23, and a display unit 24. The input unit 21 includes an input device 181 such as a keyboard and a mouse 180, and has a function of receiving user input. The transmission / reception unit 22 includes a communication I / F 240 and has a function of transmitting data to the server 10 and a function of receiving data from the server 10. Further, the control unit 23 includes a control device 201 including a CPU 210 and has a function of controlling the terminal 20. The display unit 24 includes the display device 222 and has a function of displaying data.

  The server 10 includes a transmission / reception unit 12, a control unit 13, and a storage unit 15. The transmission / reception unit 12 includes a communication I / F 140 and has a function of receiving data from the terminal 20 and a function of transmitting data to the terminal 20. The control unit 13 includes a control device 101 including a CPU 110 and has a function of controlling the server 10. Further, the storage unit 15 includes the storage device 102 including the hard disk 174 and the like, and has a function of storing data.

  The control unit 13 of the server 10 includes a candidate image selection screen generation unit 130, a user registration unit 131, a registered image selection screen generation unit 132, and an authentication unit 133. Candidate image selection screen generation means 130 generates a screen for the user to select an image used for authentication (hereinafter referred to as a registered image). The user registration unit 131 issues an ID to the user, and associates the password input by the user with the registered image to the user ID. Further, the registered image selection screen generation unit 132 generates an image authentication screen. And the authentication means 133 collates the password and registered image which the user input on the authentication screen, and determines whether authentication is possible.

The storage unit 15 of the server 10 includes an authentication image DB 1510, a candidate image DB 1520, and a user password registration image DB 1530. The authentication image DB 1510 stores an image ID associated with image data used as a dummy on the image authentication screen. The candidate image DB 1520 stores an image ID associated with candidate image data that is a candidate for a registered image. Further, the user password registered image DB 1530 stores the user ID, password, and image ID associated with the registered image data. Each DB may store the image data itself instead of the image ID.
[User registration process]

  FIG. 4 is a sequence diagram of user registration processing according to an example of the preferred embodiment of the present invention.

  First, the display unit 24 of the terminal 20 displays a screen that prompts input of a password. For example, as shown in FIG. 5A, the user is prompted to input a password.

  Next, the user inputs a password using the input unit 21 of the terminal 20 (step S101). And the control part 23 of the terminal 20 transmits the password data which the user input via the transmission / reception part 22 to the server 10 (step S102).

  Next, the control unit 13 of the server 10 receives the password data via the transmission / reception unit 12. Then, the user registration unit 131 of the control unit 13 issues a unique ID (user ID) to the user (step S103). Further, the user registration unit 131 associates the user ID with the password and stores them in the user password registration image DB 1530 of the storage unit 15 (step S104). A specific example of the user password registration image DB 1530 will be described with reference to FIG.

  As shown in FIG. 6, the user password registration image DB 1530 has columns of user ID, password, and a plurality of image IDs in a record. First, when the control unit 13 of the server 10 issues a user ID: EEE05 by the user registration unit 131, a record of the user ID: EEE05 is added to the user password registration image DB 1530. Next, the password: xxxx entered by the user is stored in association with the user ID. The image ID will be described later.

  Next, the control unit 13 of the server 10 uses the candidate image selection screen generation unit 130 to randomly extract the necessary number of candidate image data of the image used by the user for authentication from the candidate image DB 1520 of the storage unit 15 ( Step S105). Here, the candidate image DB 1520 stores a plurality of candidate image data, and each candidate image data is stored in association with an image ID (see FIG. 7A).

  Next, the control unit 13 of the server 10 causes the candidate image selection screen generation unit 130 to generate a candidate image selection screen for selecting an image used by the user for authentication (step S106). A specific example of the candidate image selection screen will be described with reference to FIG. As shown in FIG. 5B, several candidate images are arranged on the candidate image selection screen. The candidate images arranged here are the candidate image data extracted in step S105 described above. On the candidate image selection screen, a message prompting the user to select an image used for authentication used only by the user is displayed. Note that any number of images may be arranged, and “not selected” that does not use a specific image for authentication may be displayed. Here, since the number of images to be arranged increases, the number of choices increases. For example, it is possible to reduce the risk of specifying an image by taking time and effort to analyze the image by a malicious third party.

  Next, the control unit 13 of the server 10 transmits the generated candidate image selection screen data to the terminal 20 via the transmission / reception unit 12 (step S107).

  Next, the control unit 23 of the terminal 20 receives the candidate image selection screen data via the transmission / reception unit 22, and displays the candidate image selection screen on the display unit 24 (step S108).

  Next, the user selects an image used for authentication of the user from the images arranged on the candidate image selection screen by using the input unit 21 of the terminal 20 (step S109). One or more images may be selected. Alternatively, “not selected” can be selected (see FIG. 5B).

  Next, the control unit 23 of the terminal 20 transmits data indicating image selection to the server 10 via the transmission / reception unit 22 (step S110).

  Next, the control unit 13 of the server 10 receives data indicating image selection via the transmission / reception unit 12 (step S111). Then, the user registration unit 131 of the control unit 13 registers the selected image as a registered image in the user password registration image DB 1530 of the storage unit 15 based on the data indicating the selection of the image, and associates the user ID with the image ID. Data is stored (step S112). A specific example of the image ID of the user password registration image DB 1530 will be described with reference to FIG.

  In FIG. 6, the password: xxxx and the image ID: D004 of registered image data are associated with the user ID: AAA01 of the first record. This means that the user with the user ID: AAA01 has selected the image with the image ID: D004. The user ID: BBB02 of the next record is associated with a password: xxxx, and image IDs D001 and D003 of registered image data. This means that the user with the user ID: BBB02 has selected the images with the image IDs: D001 and D003. Further, the password: xxxx is associated with the user ID: CCC03 of the next record, and the image ID of the image data is not associated. This means that the user with the user ID: CCC03 has selected “not select” which does not use the candidate image (see FIG. 9).

  Next, the control unit 13 of the server 10 deletes the registered image data from the candidate image DB 1520 (step S113). The registered image data stored in the user password registered image DB 1530 of the storage unit 15 in step S112 described above is also stored in the candidate image DB 1520. Here, if the registered image data is stored in the candidate image DB 1520, it may be extracted again as candidate image data and another user may use the image. Therefore, the registered image data is deleted from the candidate image DB 1520 so that it is not used by another user. A specific example of the candidate image DB 1520 will be described with reference to FIG.

In the candidate image DB 1520 shown in FIG. 7A, each candidate image data is stored in association with an image ID. First, the user having the user ID: AAA01 selects the image data: dog 04 in the candidate image DB 1520 as a registered image for user authentication. Next, the user registration unit 131 stores the image data by associating the image ID: D004 with the user ID: AAA01 of the user password registration image DB 1530. Then, the control unit 13 of the server 10 deletes the image data: dog 04 from the candidate image DB 1520 (b). As a result, as shown in FIG. 7C, the image data: dog 04 has been deleted from the candidate image DB 1520.
[User authentication processing]

    FIG. 8 is a sequence diagram of user authentication processing according to an example of the preferred embodiment of the present invention.

  First, the display unit 24 of the terminal 20 displays a screen that prompts input of a user ID and a password. For example, as shown in the upper diagram of FIG. 9, the user is prompted to input a user ID and a password.

  Next, the user inputs a user ID and a password using the input unit 21 of the terminal 20 (step S201). And the control part 23 of the terminal 20 transmits the user ID and password data which the user input via the transmission / reception part 22 to the server 10 (step S202).

  Next, the control unit 13 of the server 10 receives the user ID and password data via the transmission / reception unit 12 (step S203). Then, the control unit 13 of the server 10 uses the authentication unit 133 to refer to the user password registration image DB 1530 and check whether the user ID and the password match (step S204).

  Here, if the user ID and the password do not match, there is a possibility of unauthorized access, so an error is transmitted to the terminal 20 or the like. If the user ID and the password match, the control unit 13 of the server 10 refers to the user password registered image DB 1530 by the registered image selection screen generation unit 132 and registers the image ID associated with the user ID. Image data is extracted from the user password registration image DB 1530 (step S205).

  Next, the control unit 13 of the server 10 causes the registered image selection screen generation unit 132 to extract, from the authentication image DB 1510, image data of a dummy image to be arranged together with the registered image selected by the user on the image authentication screen. . The required number of image data is randomly extracted from the authentication image DB 1510 (step S206).

  Next, the control unit 13 of the server 10 causes the registered image selection screen generation unit 132 to generate a registered image selection screen for selecting a registered image, that is, an image authentication screen (step S207). Specifically, an example of a registered image selection screen will be described with reference to FIG. As shown in the lower screen diagram of FIG. 9, several images are arranged on the registered image selection screen. The image is registered image data extracted in step S205 described above and dummy image data extracted in step S206 described above. A message prompting the user to select a registered image is displayed on the registered image selection screen. Any number of images may be arranged. Here, since the number of choices increases by increasing the number of images to be arranged, for example, it is possible to reduce the risk by taking troubles such as an image analysis performed by a malicious user.

  Next, in FIG. 8, the control unit 13 of the server 10 transmits the data of the registered image selection screen to the terminal 20 via the transmission / reception unit 12 (step S208).

  Next, the control unit 23 of the terminal 20 receives the data of the registered image selection screen via the transmission / reception unit 22, and displays the registered image selection screen on the display unit 24 (step S209).

  Next, the user selects the registered image of the user from the images arranged on the registered image selection screen using the input unit 21 of the terminal 20 (step S210). Here, a user who does not have a registered image selects “selection completed” without selecting an image (see FIG. 9).

  Next, the control unit 23 of the terminal 20 transmits data indicating image selection to the server 10 via the transmission / reception unit 22 (step S211).

  Next, the control unit 13 of the server 10 receives data indicating image selection via the transmission / reception unit 12 (step S212). Then, the control unit 13 of the server 10 refers to the user password registration image DB 1530 of the storage unit 15 by the authentication unit 133 and collates whether or not the selection results of the images by the user match (step S213). A specific example of collation will be described with reference to FIG.

  First, the user with the user ID: AAA01 selects the image with the image ID: D004 on the registered image selection screen. In this case, in the user password registration image DB 1530 illustrated in FIG. 6, the image ID: D004 is associated with the record of the user ID: AAA01. Therefore, it can authenticate as a user of user ID: AAA01. Further, the user with the user ID: BBB02 selects the images with the image IDs: D001 and D003 on the registered image selection screen. In this case, in the user password registration image DB 1530, image IDs: D001 and D003 are associated with the record of user ID: BBB02. Therefore, it can authenticate as a user of user ID: BBB02. Furthermore, the user with the user ID: CCC03 selects “selection complete” without selecting an image on the registered image selection screen. In this case, in the user password registration image DB 1530, no image ID is associated with the record of the user ID: CCC03. Therefore, it can authenticate as a user of user ID: CCC03.

Next, when the control unit 13 of the server 10 determines by the authentication unit 133 that the selection of the registered image by the user at the terminal 20 does not match the user password registered image DB 1530, there is a possibility of unauthorized access. Therefore, measures such as transmitting an error to the terminal 20 are taken. If the selection of the registered image by the user matches the user password registered image DB 1530, the user is determined to be a regular user (step S214). And the control part 13 of the server 10 alert | reports having authenticated to the terminal 20 via the transmission / reception part 12, and permits login (step S215). Note that the post-authentication process may be login, data transmission may be started, or the like.
[Other points to consider]

  FIG. 10 is a diagram showing an overview of user authentication processing according to an example of the preferred embodiment of the present invention.

  In FIG. 10, on the left side of the figure, a screen transition in the terminal 20 by the user authentication processing of the present invention is shown. The user authentication process is as described above (see FIG. 8). Here, a countermeasure against phishing sites in which the present invention effectively functions will be described with reference to FIG. The right side of FIG. 10 shows a screen transition on the terminal 20 by a phishing site that imitates the original site.

  First, when a user makes a payment using a credit card on the Internet, the website logs in the user. Here, the original site, which is a legitimate Web site, displays a screen ((a) in FIG. 10) on which the user inputs a user ID and a password on the terminal 20 when logging in the user. On the other hand, the phishing site imitating the original site displays a screen ((c) in FIG. 10) on which the user inputs a user ID and a password. In such a situation, it is difficult for the user to determine the distinction between the original site and the phishing site.

  Next, the user inputs the user ID and password, and transmits the user ID and password data. Here, in the case of the original site, the received user ID and password are verified. On the other hand, the phishing site does not check the user ID and password. However, the received user ID and password data may be misused.

  Next, when the collation result of the user ID and the password matches, the original site extracts the registered image data registered by the user for authentication from the user password registered image DB 1530, and displays the image authentication screen (FIG. 10). (B)) is generated. The registered image and the dummy image are arranged on the image authentication screen. On the other hand, the phishing site generates an image authentication screen ((d) in FIG. 10) imitating the original site. However, since the phishing site does not include the user password registration image DB 1530, the registration image registered by the user for authentication cannot be displayed on the image authentication screen.

  In this way, when the user selects a registered image registered for authentication from the image authentication screen, the presence or absence of the registered image is the difference between the original site and the phishing site. In the case of an original site, the user can obtain authentication from the server 10 by selecting a registered image on the image authentication screen. On the other hand, in the case of a phishing site, the user cannot select a registered image on the image authentication screen.

  In the present invention, as shown in FIG. 5B, the candidate image data may be blank image data. Here, the blank image data may be image data or a blank frame. In any case, since the image is different from the candidate image data, the image authentication screen is not a screen in which simple images are arranged (see FIG. 9B). By doing so, the option of image authentication without using candidate image data is increased.

  In the present invention, as shown in FIG. 7, the candidate image data is registered image data used by the user for authentication. Therefore, candidate image data decreases from the candidate image DB 1520. Therefore, a new image is supplemented to the candidate image DB 1520 (see FIG. 7). By doing so, it is possible to suppress a decrease in candidate image data from which the user selects a registered image used for authentication.

  In the present invention, as shown in FIG. 11, an authentication screen that allows the user to select a registered image is displayed over a plurality of screens, and the registration screen is not necessarily displayed on the first image authentication screen, and the next new screen is displayed. It may be displayed and the user may select a registration image for authentication. In this way, by performing authentication on a plurality of screens, it is possible to reduce the risk of a malicious third party collecting registered images for authentication.

  In the present invention, as shown in FIG. 12, the image data in the authentication image DB 1510 may be periodically replaced. By doing so, it is possible to prevent the image data of the authentication image DB 1510 that may be repeatedly used as a dummy image on the image authentication screen from being analyzed as a dummy by a malicious third party. it can.

  In the present invention, as shown in FIG. 13, the candidate image data may be image data provided by the user. In this case, the image used by the user for authentication is image data provided by the user. Then, the user transmits the image data to the server 10. The image ID of the user received by the server 10 is associated with the image ID and stored in the user password registration image DB 1530. Thus, the image provided by the user is used in the image authentication of the user.

  In the present invention, as shown in FIG. 14, when the user uses a plurality of registered image data on the authentication screen for selecting an image, the order of selecting the registered image data may be used for authentication. When the user registers a plurality of image data, the order of selection is used for authentication, whereby the order of selecting the registered images can be stored in the user password registration image DB 1530. For example, in FIG. 14, the image IDs are stored in association with each other in the order of selection from the left column in the plurality of image ID columns of the record. Then, when selecting a registered image for user authentication, the terminal 20 transmits data indicating the selected image and the order of selection to the server 10. Thus, authentication can be performed by checking the order of the image IDs in the user password registration image DB 1530.

<Second Embodiment>
Next, a second embodiment will be described. In the first embodiment, the candidate image selection screen generation unit 130 extracts candidate image data from the candidate image DB 1520. Also, the registered image selection screen generation unit 132 extracts registered image data and dummy image data from the user password registered image DB 1530 and the authentication image DB 1510. On the other hand, in the second embodiment, a character corresponding to the extracted various image data at the time of screen creation is determined, and a character code indicating this character is transmitted to the terminal 20 for display.
[Function configuration]

  FIG. 15 is a functional block diagram of the server 10 according to the second embodiment. In addition to the functional configuration of the first embodiment (FIG. 3), a character code determination unit 134 is further provided.

  The character code determination unit 134 randomly determines different character codes (for example, ASCII codes) such as numerals and alphabets in association with the candidate images in the user registration process or the registered images and dummy images in the user authentication process. To do.

  The user of the terminal 20 selects specific image data by key-inputting characters associated with each image (candidate image, registered image, dummy image) using the keyboard. As a result, selection can be made without using a pointing device such as a mouse, and the possibility that a selected image is specified by a malicious third party can be reduced.

Note that by randomly determining the character code to be associated, the possibility that the selected image can be read by a malicious third party can be further reduced. That is, since the character is determined with a different combination each time, even if the displayed character is read by a third party, the combination cannot be used next time. In addition, since the character code input by the user is not necessarily the same between the selection of the candidate image in the user registration process and the selection of the registration image in the user authentication process, the character code is read even during the user registration process. Even in this case, this character code is not used in the user authentication process.
[User registration process]

  FIG. 16 is a sequence diagram of user registration processing according to the second embodiment. In addition to the user registration process (FIG. 4) in the first embodiment, step S120 is executed.

  In step S120, the character code determination unit 134 determines a character code in association with each candidate image data extracted in step S105. In step S106, the character code is associated with the candidate image data to generate a candidate image selection screen.

  Thereby, in step S108, the corresponding character is displayed in a predetermined font together with the candidate image based on the character code.

In step S109, the terminal 20 receives a selection input of a candidate image from the user, but receives a key input of characters associated with the candidate image as described above. In step S110, a character code indicating this character is transmitted as data indicating that specific image data has been selected.
[User authentication processing]

  FIG. 17 is a sequence diagram of user authentication processing according to the second embodiment. In addition to the user authentication process (FIG. 8) in the first embodiment, step S220 is executed.

  In step S220, the character code determination unit 134 determines a character code in association with each of the registered image extracted in step S205 and the dummy image extracted in step S206. In step S207, the character code is associated with the registered image and the dummy image to generate a registered image selection screen.

  Accordingly, in step S209, the corresponding characters are displayed in a predetermined font together with the registered image and the dummy image based on the character code.

In step S210, as in step S109 described above, key input of characters associated with each selectable image is accepted.
[Screen display example]

  FIG. 18 is a diagram illustrating an example of a candidate image selection screen. Compared to the screen example of the first embodiment (FIG. 13), characters are displayed in association with each of the candidate images, and the user selects the candidate image by keying in the characters. The same display is performed on the registered image selection screen.

  In FIG. 18, the characters are displayed at the end of the image, but the display position and size of the characters are not limited to this. For example, each image (candidate image, registered image, dummy image) may be displayed in an overlapping manner, or may be displayed in a different area from each image. FIG. 19 shows an example in which characters are displayed on the registered image selection screen so as to overlap the image.

<Third Embodiment>
Next, a third embodiment will be described. In the second embodiment, the character code is transmitted to the terminal 20 in association with each image. On the other hand, in the third embodiment, a character corresponding to the extracted various image data is determined at the time of screen creation, and image data representing this character is generated and superimposed.
[Function configuration]

  FIG. 20 is a functional block diagram of the server 10 according to the third embodiment. The character code determination unit 134 in the second embodiment is replaced with a character image generation unit 135.

  The character image generation unit 135 randomly determines different characters such as numbers and alphabets in association with each of the candidate image in the user registration process, or the registered image and the dummy image in the user authentication process. Generate image data to represent.

  Here, the image data representing the character may be character image data of a predetermined font, but is not limited thereto. For example, the image may be generated by deforming the image or selecting from character image data created in advance by deforming the image so that reading by an automatic reading device such as OCR (Optical Character Reader) becomes difficult. Alternatively, color information of corresponding images (candidate images, registered images, dummy images) may be acquired, and character image data may be generated using similar colors. According to these methods, the possibility of being read by a malicious third party can be reduced.

  Candidate image selection screen generation means 130 extracts candidate image data as in the first embodiment. Then, the candidate image selection screen is generated by superimposing the character image data generated by the character image generating unit 135 on the extracted candidate image data.

  Also, the registered image selection screen generation unit 132 extracts registered image data and dummy image data as in the first embodiment. Then, the registered image selection screen is generated by superimposing the character image data generated by the character image generating unit 135 on the extracted registered image data and dummy image data.

As in the second embodiment, the user of the terminal 20 selects specific image data by keying characters associated with each image using the keyboard.
[User registration process]

  FIG. 21 is a sequence diagram of user registration processing according to the third embodiment. Step S120 in the user registration process (FIG. 16) of the second embodiment is replaced with step S130.

  In step S130, the character image generation unit 135 generates character image data in association with each candidate image data extracted in step S105. In step S106, the character image data is superimposed on the candidate image data to generate a candidate image selection screen.

In step S109, the terminal 20 receives a selection input of a candidate image from the user, but receives a key input of characters associated with the candidate image as described above. In step S110, data indicating this character is transmitted as data indicating that specific image data has been selected.
[User authentication processing]

  FIG. 22 is a sequence diagram of user authentication processing according to the third embodiment. Step S220 in the user authentication process (FIG. 17) of the second embodiment is replaced with step S230.

  In step S230, the character image generation unit 135 generates character image data in association with each of the registered image extracted in step S205 and the dummy image extracted in step S206. In step S207, the character image data is superimposed on the registered image and the dummy image to generate a registered image selection screen.

In step S210, as in step S109 described above, key input of characters associated with each selectable image is accepted.
[Screen display example]

  FIG. 23 is a diagram illustrating an example of a candidate image selection screen. Compared with the screen example of the second embodiment (FIG. 18), a character image transformed from a predetermined font is superimposed on each of the candidate images, and the user inputs this character by key input. To select a candidate image.

  FIG. 24 is a diagram illustrating an example of a registered image selection screen. Compared with the screen example of the second embodiment (FIG. 19), a character image modified from a predetermined font is superimposed on each of the registered image and the dummy image, and the user uses the character as a key. A registered image is selected by inputting.

  Here, since the combination of characters displayed is different from the candidate image selection screen (FIG. 23), even if it is read during the user registration process by a malicious third party, it is used during the user authentication process. It will never be done.

  In the above description, the character image data is superimposed on each image (candidate image, registered image, dummy image), but is not limited thereto. For example, as in the example shown in FIG. 25, only character image data may be displayed in a different area from each image selectable on the screen.

  As described above, the character image data is superimposed on each image (candidate image, registered image, dummy image) in the server 10, but the present invention is not limited to this. For example, the display screen on the terminal 20 may be generated by combining in a Web server different from the server 10. Moreover, it is good also as producing | generating a display screen combining in the terminal 20. FIG.

  As mentioned above, although embodiment of this invention was described, this invention is not restricted to embodiment mentioned above. The effects described in the embodiments of the present invention are only the most preferable effects resulting from the present invention, and the effects of the present invention are limited to those described in the embodiments of the present invention. is not.

1 is a diagram illustrating an overall configuration of a system 1 according to an example of a preferred embodiment of the present invention. It is a figure which shows the structure of the server 10 and the terminal 20 which concern on an example of suitable embodiment of this invention. It is a functional block diagram which shows the process by the server 10 and the terminal 20 which concern on an example of suitable embodiment of this invention. It is a sequence diagram of the user registration process which concerns on an example of suitable embodiment of this invention. It is a figure which shows the user registration screen which concerns on an example of suitable embodiment of this invention. It is a figure which shows user password registration image DB which concerns on an example of suitable embodiment of this invention. It is a figure which shows candidate image DB which concerns on an example of suitable embodiment of this invention. It is a sequence diagram of the user authentication process which concerns on an example of suitable embodiment of this invention. It is a figure which shows the user authentication screen which concerns on an example of suitable embodiment of this invention. It is a figure which shows the outline | summary of the user authentication process which concerns on an example of suitable embodiment of this invention. It is a figure which shows the outline | summary of the image authentication using the some screen which concerns on an example of suitable embodiment of this invention. It is a figure which shows data exchange of image DB for authentication which concerns on an example of suitable embodiment of this invention. It is a figure which shows the outline | summary of the image authentication using the image which the user which concerns on an example of suitable embodiment of this invention provides. It is a figure which shows the outline | summary of the image authentication using the order which selects the some image which concerns on an example of suitable embodiment of this invention. It is a functional block diagram of the server 10 which concerns on the 2nd Embodiment of this invention. It is a sequence diagram of the user registration process which concerns on the 2nd Embodiment of this invention. It is a sequence diagram of the user authentication process which concerns on the 2nd Embodiment of this invention. It is a figure which shows the example of the candidate image selection screen which concerns on the 2nd Embodiment of this invention. It is a figure which shows the example of the registration image selection screen which concerns on the 2nd Embodiment of this invention. It is a functional block diagram of the server 10 which concerns on the 3rd Embodiment of this invention. It is a sequence diagram of the user registration process which concerns on the 3rd Embodiment of this invention. It is a sequence diagram of the user authentication process which concerns on the 3rd Embodiment of this invention. It is a figure which shows the example of the candidate image selection screen which concerns on the 3rd Embodiment of this invention. It is a figure which shows the example of the registration image selection screen which concerns on the 3rd Embodiment of this invention. It is a figure which shows the other example of the registration image selection screen which concerns on the 3rd Embodiment of this invention.

Explanation of symbols

1 System 10 Server 20 Terminal 30 Communication Network 1510 Authentication Image DB
1520 Candidate image DB
1530 User password registration image DB

Claims (16)

A server capable of connecting to a terminal via a communication network is a method for authenticating a user of the terminal,
A candidate image transmission step of transmitting a predetermined number of different image data as candidate image data to the terminal in response to receiving password registration request data from the user accepted by the terminal;
In response to receiving data indicating that specific image data has been selected from the candidate image data received from the user received by the terminal, the selected specific image data as registered image data, An image storing step for storing the password data together with the data for specifying the user;
Thereafter, excluding the selected specific image data from the candidate image data transmitted in response to reception of password registration request data from the user received by the terminal;
The registered image stored in association with the received data specifying the user in response to receiving the authentication request data received from the user together with the data specifying the user and the password data received by the terminal An authentication image transmission step of transmitting data to the terminal as authentication image data together with a predetermined number of different image data;
In response to receiving data indicating selection of specific image data from the authentication image data received by the terminal from the user, the selected specific image data is used as the registered image data. An authentication step of completing authentication of the user when stored in association with data to be identified. The method of claim 1, comprising:
In the candidate image transmission step, the server transmits the candidate image data including blank image data to the terminal,
In the image storing step, the selected blank image data is received as the registered image data in response to receiving data indicating that blank image data has been selected from the user. A method of storing the password data together with the data specifying the user. A method according to claim 1 or claim 2, wherein
In response to receiving data indicating that the server is not one of the candidate images received from the terminal in the image storing step, the server indicates that it is not one of the received candidate images. A method of storing data to be shown in association with data specifying the user together with the password data as the registered image data instead of the specific image data. A method according to any of claims 1 to 3, wherein
The server further includes a step of supplementing a plurality of images that are candidates for the image data to be transmitted to the terminal in the candidate image transmission step. A method according to any of claims 1 to 4, comprising
In the authentication image transmission step, the server transmits the authentication image data so that the terminal displays the authentication image data over a plurality of screens. A method according to any of claims 1 to 5, comprising
The server periodically replaces images that are candidates for authentication image data to be transmitted in the authentication image transmission step. A method according to any of claims 1 to 6, comprising
The server registers the image data provided by the designated user in response to receiving data indicating that the image data provided by the user is designated as the registered image data in the image storing step. A method of storing image data in association with data specifying the user together with the password data. A method according to any of claims 1 to 7, comprising
The server is selected in response to receiving data indicating that a plurality of specific image data has been selected from the candidate image data received from the terminal and received from the terminal in the image storing step. A method of storing the plurality of specific image data as registered image data in association with the data specifying the user together with the password data. The method according to claim 8, comprising:
In response to receiving, from the user, data indicating that the plurality of specific image data has been selected from the candidate image data in a specific order received from the terminal in the image storing step. And storing the selected plurality of specific image data together with the data indicating the specific order as the registered image data in association with the data specifying the user together with the password data. A method according to any of claims 1 to 9, comprising
In the candidate image transmission step, different characters are determined in association with each of the plurality of image data included in the candidate image data, and data indicating the determined characters is transmitted in association with the candidate image data. ,
A method of receiving input of the character determined in the candidate image transmission step as data indicating that specific image data has been selected in the image storage step. The method of claim 10, comprising:
The method in which the data to be transmitted in the candidate image transmission step is image data representing the determined character. A method according to claim 10 or claim 11, wherein
The method of transmitting data in the candidate image transmitting step is data for displaying the determined character superimposed on the candidate image. A method according to any of claims 1 to 12, comprising
In the authentication image transmission step, different characters are determined in association with each of the plurality of image data included in the authentication image data, and data indicating the determined characters is transmitted in association with the authentication image data. ,
A method of receiving an input of a character determined in the authentication image transmission step as data indicating selection of specific image data in the authentication step. 14. A method according to claim 13, comprising:
The method in which the data to be transmitted in the authentication image transmitting step is image data representing the determined character. 15. A method according to claim 13 or claim 14, wherein
The data to be transmitted in the authentication image transmitting step is data for displaying the determined character superimposed on the authentication image. A server that can be connected to a terminal via a communication network and authenticates a user of the terminal,
A candidate image transmission step of transmitting a predetermined number of different image data as candidate image data to the terminal in response to receiving password registration request data from the user accepted by the terminal;
In response to receiving data indicating that specific image data has been selected from the candidate image data received from the user received by the terminal, the selected specific image data as registered image data, An image storing step for storing the password data together with the data for specifying the user;
Thereafter, excluding the selected specific image data from the candidate image data transmitted in response to reception of password registration request data from the user received by the terminal;
The registered image stored in association with the received data specifying the user in response to receiving the authentication request data received from the user together with the data specifying the user and the password data received by the terminal An authentication image transmission step of transmitting data to the terminal as authentication image data together with a predetermined number of different image data;
In response to receiving data indicating selection of specific image data from the authentication image data received by the terminal from the user, the selected specific image data is used as the registered image data. An authentication step of completing authentication of the user when stored in association with data to be specified.

Images