JP2011090634A - Authentication device, authentication method and authentication program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a user-friendly authentication device for enhancing security of authentication by reflecting density of exchanges on a community, in a group form wherein the community is formed. <P>SOLUTION: Fig.6(A) shows a correct answer image to be given first to an initial member. Fig.6(B) shows images to be displayed in initial login. Fig.6(C) shows a change of the images displayed in login after one week. The correct answer image is automatically and slightly changed once a week. Fig.6(D) shows, for example, the images to be displayed in login half a year later. The correct answer image is significantly changed from the initial correct answer when logged in half a year later, as shown in the Fig.6 (D), by changing the image each week little by little. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to, for example, an authentication apparatus, an authentication method, and an authentication program for authenticating a user who uses an application, and more particularly to mnemonic authentication.

  As for the authentication apparatus, password authentication using a recording medium and biometric authentication are known.

  Password authentication is simple as an authentication method and is currently widely used. If this method is classified from the viewpoint of cognitive psychology, it is a method to “search” and “reproduce” “semantic memory” which is meaningless symbol memory or memory without experience from the memory storage information of the brain. It can be said that there is.

  However, as already known as a problem with passwords, it is difficult to play back meaningless symbols and meaningless memories without experience when the memory ability of humans, especially the elderly, is reduced. Easy to make mistakes.

  In order to avoid these, it is often performed to convert simple numbers and symbols into semantic memory, such as making the date of birth a password, etc., but examples of using numbers as semantic memory are such as date of birth For ordinary people, it is extremely limited, and it is easy for others to impersonate themselves.

  In order to minimize the damage caused when a password is stolen, it is desirable to change the password for each authentication medium, but it is difficult to recall and recall the password corresponding to the authentication medium. As a result, in the case of theft, all passwords will be stolen.

  In order to cope with this, there is a method using a security token that issues a one-time password which is a password for each time. Thereby, even if the user does not memorize | store a password, it is possible to raise security by using the password displayed on the token. For example, Japanese Laid-Open Patent Publication No. 2003-511766 is available for authentication using tokens. However, this method is inconvenient because each user needs to have a token.

  Biometrics authentication is said to be physiological information that is unique to the person, and has the advantage that it is never forgotten or lost. For example, regarding biometrics authentication, JP-A-2004-157602 can be cited. However, the authentication information cannot be changed for each recording medium because it is the only information of the person. For this reason, when authentication personal information is stolen, all authentication media are damaged, and it is very difficult to create personal information to replace it.

  Further, an input device for reading physiological information is newly required. Furthermore, there is a problem that the input information changes in the input reading environment and a so-called identity rejection rate that does not authenticate the identity of the identity of the identity of the identity of the identity is generated with a certain probability, which may complicate the control.

  In recent years, mnemonic authentication using image information as authentication means has attracted attention as an authentication method different from these. For example, as a mnemonic authentication, Japanese Patent Laid-Open No. 2005-71202 is cited.

  Since the mnemonic authentication is authentication using image storage possessed by a person, the mnemonic authentication is easy to remember, difficult to forget, and difficult to guess by others, and authentication control is easy.

Special table 2003-511766 gazette JP 2004-157602 A JP-A-2005-71202

  On the other hand, in recent years, the group form of a type in which a community is formed in a fluid manner on the net like SNS (Social Network Service) has been increasing. For example, mixi and the like can be mentioned.

  In the case of a group form in which a community is formed, the members are fluid.

  Therefore, even a person who has previously registered as a member of the group may no longer use it. If there is no withdrawal application, there is a possibility that people who have been registered before will be counted as members even if they are not using it.

  When a password for authentication is issued to each person as in the case of personal authentication, it is possible to join the community at any time, even if the member is clearly sparse in the community. If it is leaked to another person, it is possible for the other person to impersonate and participate in the community.

  Therefore, it is desirable for the manager of the group to allow access only to members who are particularly closely exchanged in the same community, and there is a demand to exclude members who are obviously poorly exchanged.

  Since members who communicate closely change with time, it is possible to change authentication settings such as passwords frequently, but it is necessary to make troublesome change operations for authentication or to remember passwords Therefore, there is a possibility of hindering easy exchange between members, and there is a problem in usability. In addition, there is a problem that the administrator cannot strictly grasp whether the exchange is dense or sparse.

  The present invention has been made to solve the above-described problems. As an example, in a group form of a type in which a community is formed, the security of authentication is reflected reflecting the density of communication on the community. It is an object to provide an authentication device, an authentication method, and an authentication program that are easy to use.

  An authentication apparatus according to an aspect of the present invention includes: a display unit; and a storage unit that stores a key object assigned to each user group to be authenticated among a plurality of visually identifiable objects prepared in advance. A plurality of objects are presented on the display means, and the selection of the object by at least one user of the user group to be authenticated is accepted, and the selected object and the key object registered in association with the user group; Authentication means for performing authentication based on coincidence / non-coincidence, timing detection means for detecting timing for changing the key object, and storage means for use in the next authentication based on the detection result of the timing detection means Changing means for changing the key object stored in the.

  Preferably, the timing detection unit detects the timing to change as time passes.

  Preferably, the timing detection unit detects a change timing based on the access information.

  Preferably, the changing unit adjusts the change parameter of the key object according to the data change amount of the user according to the predetermined application.

  In particular, the change parameter is set within a predetermined range based on the amount of change between the key object before the change and the key object after the change.

  An authentication method according to an aspect of the present invention includes a storage unit that stores a key object assigned to each user group to be authenticated from a plurality of visually identifiable objects prepared in advance, and a display unit A step of presenting a plurality of objects, a step of accepting selection of an object by at least one user of a user group to be authenticated, and a key object registered in association with the selected object and the user group When the authentication step based on the match / mismatch, the step of detecting the timing of changing the key object, and the timing of changing the key object are detected, they are stored in the storage means used for the next authentication. And changing the key object.

  An authentication program according to an aspect of the present invention includes a display unit and a storage unit that stores a key object assigned to each user group to be authenticated among a plurality of visually identifiable objects prepared in advance. A step of presenting a plurality of objects on the display means to a computer of the provided authentication device; a step of accepting selection of an object by at least one user of the user group to be authenticated; and the selected object and the user group Authentication is performed on the basis of matching / non-coincidence with a key object registered in association with each other, detecting a timing for changing the key object, and detecting the timing for changing the key object, the next authentication Stored in the storage means used And a step of changing the key object, to execute the process.

  An authentication apparatus according to the present invention includes a timing detection means for detecting a timing for changing a key object, and a key object stored in a storage means used for the next authentication based on a detection result by the timing detection means. And changing means for changing. Therefore, since the key object is changed by the changing means, it is possible to enhance authentication security by reflecting the density of communication on the community in the group form of the type in which the community is formed.

It is a figure explaining the information processing system according to Embodiment 1 of the present invention. It is a figure explaining the schematic block diagram of the user terminal 40 according to Embodiment 1 of this invention. It is a figure explaining the flow of a process in case the user terminal 40 according to Embodiment 1 of this invention uses the application management server 10. FIG. It is a figure explaining the authentication process in the authentication server. It is a figure explaining the authentication screen according to Embodiment 1 of this invention. It is a figure explaining the change of the correct image in the authentication screen according to Embodiment 1 of this invention. It is a figure explaining the functional block of the authentication server 20 according to Embodiment 1 of this invention. It is a figure explaining the detail of the authentication screen data transmission process according to Embodiment 1 of this invention. It is a figure explaining the change of the parameter for correct images. It is a figure explaining the parameter for correct images which is an accompanying parameter of a correct image. It is a figure explaining the functional block of the authentication server according to Embodiment 2 of this invention. It is a figure explaining the flow of a process in case the user terminal 40 according to Embodiment 2 of this invention uses the application management server 10. FIG. It is a figure explaining the correct image information update process according to Embodiment 2 of this invention. It is a figure explaining the correct image information update condition determination process according to Embodiment 2 of this invention. It is a figure explaining change amount P according to accumulation data size. It is a figure explaining an example of the change process of a correct image. It is a figure explaining another authentication screen.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

(Embodiment 1)
An information processing system according to the first embodiment of the present invention will be described using FIG.

  Referring to FIG. 1, here, a case where user terminals (for example, personal computers (hereinafter also simply referred to as PCs)) 40 and 50 and a network 5 are connected is shown. In addition, a case where an application management server 10 that manages applications that can be used by the user terminal and an authentication server 20 are connected to the network 5 is shown. In this example, a case where a PC is mainly used as a user terminal will be described as an example. However, the present invention is not limited to a PC, and a portable terminal such as a PDA (Personal Digital Assistant) connected to the network 5 wirelessly or by wire. It may be a vessel.

  It is assumed that the user terminals 40 and 50, the application management server 10, and the authentication server 20 are connected so as to be able to exchange data with each other via the network 5.

  As an example, in the first embodiment of the present invention, processing when the application management server 10 is accessed from the user terminal 40 will be described.

  Here, a configuration in which two PCs are connected to the network 5 as user terminals is described, but the number is not particularly limited.

  The application management server 10 includes a control unit 11, a RAM (Random Access Memory) 13, a ROM (Read Only Memory) 14, an HDD (Hard Disk Drive) 15, a communication interface 16, and an internal bus 17 that connects the units. Including.

  The control unit 11 is mainly composed of a CPU (Central Processing Unit). In this example, as an example, the control unit 11 includes functions of a service providing unit 12 and a service availability determination unit 18. The service providing unit 12 has a function of providing a predetermined service based on an application to the user terminals 40 and 50 by reading an application program stored in the ROM 14 or the HDD 15 by the CPU. The predetermined service referred to in the present embodiment is a service that forms a kind of community on the net as an example, and exchanges information between users (members) belonging to the community.

  The service availability determination unit 18 determines whether to provide a service to the user terminal that has made an access request. That is, it is determined whether or not the member belongs to the community. If the member is a member, the provision of the service is permitted. The RAM 13 is used as a work memory for the control unit 11. The communication interface 16 is an interface connected to the external network 5, and exchange of data is executed via the communication interface.

  The authentication server 20 connects a control unit 21, a RAM (Random Access Memory) 26, a ROM (Read Only Memory) 27, an HDD (Hard Disk Drive) 28, an input device 29, a communication interface 30, and each unit. And an internal bus 31. The control unit 21 is mainly composed of a CPU (Central Processing Unit). In this example, as an example, the control unit 21 includes functions of an authentication screen generation unit 22, a user registration unit 23, a correct answer information update unit 24, and an authentication determination unit 25. Each of these functions is realized by the CPU reading a program stored in the ROM 14 or the HDD 15. Each function will be described later. The RAM 26 is used as a work memory for the control unit 21. The communication interface 30 is an interface connected to the external network 5, and exchange of data is executed via the communication interface. The input device 29 is configured with a mouse or a keyboard.

  A schematic block diagram of user terminal 40 according to the first embodiment of the present invention will be described using FIG. The same applies to the user terminal 50.

  Referring to FIG. 2, user terminal 40 according to the first embodiment of the present invention includes CPU 41, RAM (Random Access Memory) 42, ROM (Read Only Memory) 43, HDD (Hard Disk Drive) 44, It includes an internal bus 45 for connecting each part, a mouse 46, a keyboard 47, a display 48, and a communication interface 49.

  The CPU 41 of the user terminal 40 acquires data transmitted from the application management server 10 or the authentication server 20 via a communication interface 49 connected to the network 5. Then, the data is output to the display 48. The display 48 displays an application screen based on the data. Further, the user can input data to the input area of the application screen via the mouse 46 or the keyboard 47, and the input data is input to the application management server 10 or the authentication via the communication interface 49. It can be transmitted to the server 20 or the like.

  The flow of processing when user terminal 40 according to Embodiment 1 of the present invention uses application management server 10 will be described using FIG.

  Referring to FIG. 3, it is first determined whether or not there is an access request (step S2). Step S2 is maintained until there is an access request. Specifically, the service availability determination unit 18 of the application management server 10 determines whether an access request from the user terminal 40 has been received via the communication interface 16. For example, when a URL (Uniform Resource Locator) of the application management server 10 is specified via the Internet browser of the user terminal 40, an access request is transmitted from the user terminal 40 to the application management server 10.

  If there is an access request (YES in step S2), the service availability determination unit 18 of the control unit 11 transmits an authentication execution instruction to the authentication server 20 (step S4).

  Next, the authentication server 20 executes an authentication process in response to the authentication execution instruction (step S6).

The authentication process in the authentication server 20 will be described with reference to FIG.
Referring to FIG. 4, first, control unit 21 of authentication server 20 determines whether an authentication execution instruction has been received (step S20).

  If an authentication execution instruction is received (YES in step S20), authentication screen data is then transmitted (step S20). Specifically, the authentication screen generation unit 22 outputs, to the user terminal 40, authentication screen data for displaying an authentication screen for determining whether or not the access is from a user who has been registered for the access request. To do.

  Accordingly, the user terminal 40 displays an authentication screen based on the authentication screen data transmitted from the application management server 10 on the display 48.

An authentication screen according to the first embodiment of the present invention will be described using FIG.
Referring to FIG. 5A, an authentication screen 100 is shown as an example.

  The authentication screen 100 shows a screen for selecting a password image from among a plurality of image objects. The user can select and input one of a plurality of image objects. Here, the image object 102 is a correct image (password image).

  Here, a new user registration button 103 is provided, and a user who wants to newly join the community can execute user registration processing by designating the button 103.

  Specifically, user registration processing is executed by the user registration unit 23 in the authentication server 20. By executing the user registration process according to a predetermined method, the user is registered as a community member, and the correct image (password image) is notified to the user. Authentication is executed using the authentication information that is the correct image (password image), and various services in the community can be used when the authentication is successful.

  In this example, it is assumed that one correct image (password image) is distributed to the community. In this example, it is assumed that the image object 102 shown in FIG. 5A is first distributed to the initial member as a correct image (password image). As will be described later, the correct image (password image) automatically changes in this example.

  In this example, the case where the user registration process is executed as one of the means for notifying the correct image (password image) to the members of the community has been described. However, the present invention is not limited to this, and the correct answer is obtained using other means. An image (password image) may be notified.

Referring to FIG. 5B, here, authentication screen 100 # is shown.
Compared to FIG. 5A, in this example, a case where an input field 104 for further inputting a user ID is provided is shown. The same applies to the password image. In addition, the said user ID can be issued in said user registration process as an example.

  It is possible to execute authentication based on authentication information including the issued user ID and a correct image (password image).

  Referring to FIG. 4 again, authentication server 20 next determines whether or not authentication information transmitted from user terminal 40 has been received (step S24). Specifically, authentication information is transmitted from the user terminal 40 to the authentication server 20 by inputting (selecting) data on the authentication screen via the mouse 46 or the keyboard 47 on the user terminal 40. In this example, as an example, it is assumed that the input selected position (coordinates) is transmitted as authentication information on the authentication screen 100 in FIG.

  If it is determined that the authentication information from the user terminal 40 has been received via the communication interface 16 (YES in step S4), authentication is executed (step S26). Specifically, the authentication determination unit 25 of the authentication server 20 determines whether or not the image selected as the password image described above is a correct image.

  And the authentication determination part 25 transmits the authentication process result of whether it is a correct image to the application management server 10 (step S28).

Then, the process ends (return).
Referring to FIG. 3 again, next, the application management server 10 receives the authentication processing result transmitted from the authentication server 20 (step S8). Specifically, the service availability determination unit 18 receives the authentication processing result transmitted from the authentication server 20 via the communication interface 16.

  Next, the service availability determination unit 18 of the application management server 10 determines whether the authentication is successful based on the authentication processing result (step S10). If the authentication is not successful, the process ends (end).

  On the other hand, if the application management server 10 determines that the authentication is successful based on the authentication processing result (YES in step S10), the application management server 10 next constructs a session and transmits the top page screen data of the application. (Step S12). Specifically, the service availability determination unit 18 grants service permission in the service providing unit 12 of the user terminal 40, and the service providing unit 12 displays the top page screen data for displaying the top page screen of the application as the user terminal 40. Output to.

  Then, the user terminal 40 displays a top page screen based on the top page screen data on the display 48.

  And the service provision part 12 performs the application process according to the operation instruction from the user terminal 40 (step S14).

  Next, the service providing unit 12 determines whether or not there is a logout request from the user terminal 40 (step S16). Although not shown, for example, it is assumed that a logout request is transmitted from the user terminal 40 to the application management server 10 by specifying a logout button provided on the screen in accordance with an instruction from the user.

  In step S16, the process returns to step S14 to continue application processing until there is a logout request.

  On the other hand, if there is a logout request in step S16 (YES in step S16), the service providing unit 12 disconnects the session and transmits logout page screen data (step S18). Specifically, service permission in the service providing unit 12 of the user terminal 40 is stopped, and logout page screen data for displaying a logout page screen of the application is output to the user terminal 40.

  Then, the display 48 of the user terminal 40 displays a logout page. Then, the process ends (END).

  Next, changes in the correct image on the authentication screen according to the first embodiment of the present invention will be described using FIG.

In this example, the case of changing in time series is shown.
FIG. 6A shows a correct image that is initially notified to the initial member. That is, it is registered as a member of the community and notified to the user as a correct image (password image) by the user registration process.

FIG. 6B shows image options displayed at the first login.
Specifically, one correct image and three incorrect images are displayed. In this example, the case where there are three incorrect answer images is described. However, the number is not particularly limited to this number, and any number may be used as long as it is at least one. Further, as described later, it is assumed that three incorrect images are randomly selected from the template information.

  FIG. 6C shows changes in image options displayed at the time of login after one week.

  As shown in FIG. 6C, the correct image is automatically changed little by little after one week, that is, every week. Note that the three incorrect images are selected at random.

  FIG. 6D shows, for example, image options displayed at the time of login after six months.

  As shown in FIG. 6D, the correct answer image after half a year changes little by little every week, and as a result, the correct answer image displayed at the first login changes significantly. In this example, the past correct image is shown as one of the incorrect images as an example.

  A functional block of authentication server 20 according to the first embodiment of the present invention will be described using FIG.

  Referring to FIG. 7, HDD 28 stores template information composed of a plurality of image objects, and correct image parameters used to change the correct image.

  The correct answer information update unit 24 determines the timing for updating the correct image parameters. In this example, as an example, it is assumed that the update timing is based on one week. As an example, it is assumed that the determination is based on 0:00 on every Monday. For example, the update flag is set to ON at 0:00 on every Monday.

  When logging in, the correct information update unit 24 executes an update process if the update flag is on. On the other hand, if the update flag is off, the update process is not executed.

  If the update flag is on, the correct information update unit 24 adjusts the correct image parameter to change the correct image parameter stored in the HDD 28.

  The authentication screen generator 22 generates an authentication screen based on one correct image and at least one incorrect image based on the template information and correct image parameters stored in the HDD 28.

  An image ID is assigned to each of the correct image and the incorrect image. Then, the identification information of the correct answer flag or the incorrect answer flag used for authentication determination is added in association with the image ID.

  The authentication determination unit 27 identifies the selected image arranged at the position according to the selected position (coordinates) that is a user input. Then, if there is a correct flag associated with the image ID of the selected image object for the identified selected image object, it is determined that the authentication is OK. On the other hand, if there is an incorrect answer flag associated with the image ID of the identified selected image object, it is determined as authentication NG.

  Then, the authentication processing result is transmitted to the application management server 10 according to the correct answer flag or the incorrect answer flag.

  Details of the authentication screen data transmission processing according to the first embodiment of the present invention will be described using FIG.

  Referring to FIG. 8, it is first determined whether or not the update flag is on (step S30). Specifically, the correct answer information update unit 24 determines whether or not the update flag is on, and when it is on (YES in step S30), updates the correct image parameter (step S34). Specifically, the correct answer information updating unit 24 adjusts the correct answer parameters and stores them in the HDD 28. Adjustment of the correct image parameter will be described later.

  Next, the correct information update unit 24 sets the update flag to off (step S35).

  Next, authentication screen data is generated (step S36). Specifically, the authentication screen generation unit 22 generates an authentication screen based on one correct image and at least one incorrect image based on the template information and the correct image parameter as described above.

  Then, the updated authentication screen data is output (step S38). Specifically, the authentication screen generation unit 22 transmits the updated authentication screen data to the user terminal 40 via the communication interface 30. Thereby, the above-described authentication screen is displayed on the user terminal 40.

  On the other hand, if the update flag is OFF in step S30 (NO in step S30), the previous authentication screen data is transmitted (step S32). Specifically, the authentication screen generation unit 22 transmits the authentication screen data generated last time to the user terminal 40 via the communication interface 30.

Then, the process ends (return).
For example, in the above example, when the update flag is turned on at 0:00 on every Monday, for example, when logging in after 0:00 on every Monday, that is, when the application management server 10 is first accessed Since the update flag is on, updated authentication screen data is generated, and the updated authentication screen is displayed on the user terminal. When accessed thereafter, the authentication screen is not updated because the update flag is off. Then, when logging in after 0:00 on the next Monday, that is, when accessing for the first time, the updated authentication screen is displayed again on the user terminal.

The change in the correct image parameter will be described with reference to FIG.
Referring to FIG. 9, first, a correct image P0 is generated by adding an accompanying parameter T0 from reference data (template information).

  Then, the correct image P1 is generated by adding the accompanying parameter T1 obtained by adding ΔT to the accompanying parameter T0.

Similarly, the associated parameter is updated to generate the correct image P2.
By this processing, the value of the accompanying parameter changes little by little, and the correct answer image changes.

  The correct image parameter, which is an accompanying parameter of the correct image, will be described with reference to FIG.

  Referring to FIG. 10, in this example, correct image parameters Pa, Pb, Pc, and Pd are shown. The correct image parameter Pa is the right movement amount [pixel] of the left-eye object image.

The correct image parameter Pb is the left movement amount [pixel] of the right-eye object image.
The correct image parameter Pc is the ratio information [%] of the beard object image in the beard area.

The correct image parameter Pd is the lightness reduction amount of the beard area.
The correct image changes based on the correct image parameter.

Specifically, the left eye and the right eye move based on the correct image parameters Pa and Pb.
Further, based on the correct image parameter Pc, the area of the beard object image of the original correct image is set.

Specifically, the beard region is set by the following equation as an example.
Beard area = skin color pixel × (Pc / 100) + beard object pixel × (1-Pc / 100)
Accordingly, if the value of the correct image parameter Pc is large, the proportion of skin color pixels increases, while the proportion of mustache object pixels decreases. Conversely, if the value of the correct image parameter Pc is small, the proportion of skin color pixels decreases and the proportion of mustache object pixels increases.

  That is, the ratio of the mustache object pixel in the beard area changes according to the value of the correct image parameter Pc.

  Further, the brightness of the mustache object pixel of the original correct image is set based on the correct image parameter Pd.

  Specifically, the brightness of the mustache object pixel of the original correct image is set by the following equation as an example.

Lightness of mustache object pixel = initial brightness value of mustache object pixel−Pd
That is, the brightness of the mustache object pixel changes according to the value of the correct image parameter Pd.

  In this example, the correct image is changed by updating ΔP for each correct image parameter Pa, Pb, Pc, Pd. Note that ΔP is set to an empirically appropriate value for each correct image parameter.

  It is also possible to set an upper limit on the values of the correct image parameters Pa and Pb so that the left eye and the right eye do not overlap. Further, the correct image parameter Pc or the like can be changed cyclically, for example, when it reaches 100%, it returns to 0%. The same applies to the other parameters.

  It is generally known that humans are insensitive to subtle changes because they remember information in the overall image and characteristic parts. In other words, a person can determine that they are the same image if they change a little.

  Therefore, even if the image is changed little by little after one week, the user can determine that the same correct image is obtained.

  In the method of selecting and authenticating the correct image from multiple images, the correct image can be authenticated by a person who continues to access frequently by presenting the correct image gradually changing each time it is accessed. However, a person who has not accessed for a long time cannot authenticate because the correct image is completely different from the previous one.

  With this authentication, it is possible to improve the security of authentication, reflecting the density of communication on the community.

  As described above, the correct image changes little by little when accessed, and if the memory is ambiguous, there is a possibility that the correct image cannot be properly selected when logging in next time, so the user clearly stores the correct image. In order to assist the user, the correct image when logging in this time may be displayed after authentication to assist the user in storing the correct image. In addition, it is not restricted to the fixed period after authentication, For example, when logging out, the said correct image may be displayed and the time to memorize | store may be made as short as possible.

  Further, in order to make it easy to memorize the display method, it is possible to make it blink, to display it as an event, or to make various ideas.

  In the above description, the case where the correct image is changed by changing the correct image parameter has been described. However, the present invention is not limited to this method, and the correct image can be changed using another method. is there.

  For example, it is possible to change the position and size of the image object using the correct image parameter. Alternatively, after executing the discrete cosine transform (DCT transform) process on the correct image, the DCT change amount may be added and the inverse discrete cosine transform (IDCT transform) process may be performed to change the correct image. It is also possible to change the correct image by executing known image processing such as filtering processing and luminance conversion processing on the correct image.

  In addition, when a document image composed of text data is used as a correct image, it is possible to automatically generate a document using Markov chain or the like to change a part of the document image. is there.

(Embodiment 2)
In the first embodiment, for example, the case where the correct image parameter is changed based on the passage of time as the update timing of the correct image has been described. However, for example, the access information of the user, not the passage of time, for example, It is also possible to change the correct image parameter based on the data change amount.

  Specifically, in this example, as an example, the user can use the service providing unit 12 to upload data and the like, and a method for changing the correct image parameter based on the data amount in this case Will be described.

  A functional block of the authentication server according to the second embodiment of the present invention will be described using FIG.

  Referring to FIG. 11, the difference from the functional block of FIG. 7 is that correct information update unit 24 is changed to correct information update unit 24 #. Since the other points are the same, detailed description thereof will not be repeated.

  The correct answer information updating unit 24 # in this example determines the timing for updating the correct image parameter. In this example, as an example, the update timing is updated according to the amount of data when the user uploads data, for example.

  Then, the correct information update unit 24 # analyzes the change of the correct image, adjusts the correct image parameter based on the analysis result, and changes the correct image parameter stored in the HDD 28.

  The authentication screen generator 22 generates an authentication screen based on one correct image and at least one incorrect image based on the template information and correct image parameters stored in the HDD 28.

  Using FIG. 12, the flow of processing when user terminal 40 according to the second embodiment of the present invention uses application management server 10 will be described.

  Referring to FIG. 12, the difference from FIG. 3 is that the uploaded data size is transmitted after step S18 (step S29). Specifically, the service providing unit 12 transmits to the authentication server 20 the total data size corrected or added by the user from the current login to the logout.

  Then, correct image information update processing (step S30) is executed. Since the other points are the same, detailed description thereof will not be repeated.

  Since the authentication process described in FIG. 4 and the authentication screen data transmission process described in FIG. 8 are the same as those described in the first embodiment, detailed description thereof will not be repeated.

  The correct image information update process according to the second embodiment of the present invention will be described using FIG. Specifically, the process in the correct information update unit 24 will be described.

  Referring to FIG. 13, first, correct image information update condition determination processing is executed (step S31).

  The correct image information update condition determination process according to the second embodiment of the present invention will be described using FIG.

  Referring to FIG. 14, first, the data size that has been corrected or added between the current login and logout received by the authentication server 20 is added to the accumulated data size (step S50). Here, the cumulative data size indicates the amount of data when the user uploads data using the service providing unit 12 starting from the time of the first correct image or starting from the updated correct image. .

  Next, it is determined whether or not the accumulated data size is larger than the threshold value Tz (step S51).

  If it is determined in step S51 that the accumulated data size is larger than the threshold value Tz (YES in step S51), the correct image information update condition is set to clear (step S52).

Then, the accumulated data size is set to 0 (step S54).
Next, the update flag is turned on (step S55). Then, the process ends (return).

  On the other hand, when it is determined that the accumulated data size is equal to or smaller than the threshold Tz (NO in step S51), the correct image information update condition is set to NG (step S56).

In this case, the update flag is not turned on.
Then, the process ends (return).

  That is, as the correct image information update condition determination process, it is determined that the update condition of the correct image information is satisfied when the accumulated data size is larger than the threshold value Tz. On the other hand, when the accumulated data size is equal to or smaller than the threshold Tz, the data size modified or added this time is added to the previous accumulated data size to set a new accumulated data size.

For example, a method for setting the threshold Tz will be described.
For example, let us consider a case where the update of the correct image is set to such a change amount that the original image cannot be associated if the correct image is changed 20 times. It is assumed that the average size of data handled by the application management server 10 is 1 Mbyte, and an average of 10 data is uploaded every day. Then, consider a case where data that has not been uploaded to the user for five weeks is treated as new. An average of 10 data is uploaded every day at 1 Mbyte. That is, 10 Mbytes of data is uploaded every day. The data of 10 × 7 × 5 = 350 Mbyte is treated as new.

  In this case, it is possible to set the threshold Tz = 1M × 10 × 7 days × 5 weeks / 20 times = 17.5 MByte. Each time the data of the threshold Tz (= 17.5 MByte) is updated, the correct image is updated once, and when this is repeated 20 times, new data of 350 MByte is updated. This corresponds to an increase of 350 data of 1 Mbyte. If the data is updated every day, it takes 5 weeks.

  With this method, it is possible to change the correct image parameter based on the user's data change amount, here, the uploaded data amount. That is, the correct image parameter is changed based on the amount of uploaded data, and the correct image is updated. Therefore, it is possible to improve security for newly uploaded data, that is, new information.

  Although the case where the correct image is updated based on the amount of uploaded data has been described here, the present invention is not limited to this. For example, the correct image may be updated with the content of access to specific data. It is also possible to update the correct image according to the same period or the number of people accessing the same data group. Alternatively, it is possible to control the update of the correct image based on the access time, access source, access time, and the like.

  Moreover, although the case where security was improved about new information was demonstrated, it is also possible to control so that a correct image may be updated so that security may be improved about the data uploaded at the specific time, for example.

The change amount P according to the accumulated data size will be described with reference to FIG.
Referring to FIG. 15, when the data size is less than 100 [Kbytes], the change amount P = 1.0. When the data size is 100 [Kbytes] or more and less than 500, the change amount P = 2.0. When the data size is 500 [Kbytes] or more and less than 1000, the change amount P = 3.0. When the data size is 1000 [Kbytes] or more and less than 5000, the change amount P = 4.0. When the data size is 5000 or more, the change amount P = 5.0.

  Referring again to FIG. 13, it is next determined whether or not the correct image information update condition is satisfied (step S32).

  If it is determined in step S32 that the correct image information update condition is satisfied (YES in step S32), a change amount (change parameter) is then determined (step S34). Specifically, the change amount P corresponding to the accumulated data size is determined according to the table described in FIG.

  Then, a correct image is provisionally generated based on the change amount (change parameter) (step S36).

  Next, an image change amount is calculated (step S38). The image change amount will be described later.

  Next, it is determined which condition is satisfied for the image change amount in relation to the threshold value (step S40).

  In step S40, when the image change amount is less than the threshold value Tb in relation to the threshold value, the process proceeds to step S42.

On the other hand, if the image change amount is not less than the threshold value Ta and less than Tb, the process proceeds to step S46.
On the other hand, if the image change amount is equal to or greater than the threshold value Ta, the process proceeds to step S44.

  Specifically, if the image change amount is less than the threshold value Tb in step S42, the change amount is set to change amount + ΔP, and the process returns to step S36 again to provisionally generate a correct image and perform similar processing. repeat.

  If the image change amount is greater than or equal to the threshold value Ta in step S44, the change amount is set to change amount−ΔP, and the process returns to step S36 again to provisionally generate a correct image and repeat the same processing. .

  That is, when the image change amount is less than the threshold value Tb or greater than or equal to the threshold value Ta, the change amount is adjusted so that the change amount is adjusted to be greater than or equal to the threshold value Tb and less than Ta. If the image change amount is equal to or greater than the threshold value Tb and less than Ta, the provisionally generated correct image is confirmed to be updated (step S46). Then, the process ends (return). That is, the change amount is stored as a correct image parameter. Then, the process ends (return).

An example of the correct image changing process will be described with reference to FIG.
Referring to FIG. 16A, here, a target object to be changed is shown. As an example, a car object will be described here.

  In this example, a case will be described in which the size of the target object to be changed is reduced by P [%] and moved to the left by 10 P [%].

  Referring to FIG. 16B, here, the image change amounts before and after the change are conceptually shown. That is, a case is shown in which a difference image before and after the change is created and the total amount of the pixel values is used as the change amount.

Referring to FIG. 16C, here, a case where the change amount (change amount) is small is shown.
Here, the change amount (change amount) is small and the security effect is too small, so that the correct amount image is generated by correcting the change amount to the threshold value Tb or a value approximate to the threshold value Tb.

Referring to FIG. 16D, here, a case where the change amount (change amount) is large is shown.
Here, the change amount (change amount) is large, and it becomes impossible to determine the correct image. Therefore, the correct amount image is generated by correcting the change amount to the threshold value Ta or a value approximate to the threshold value Ta.

  It is possible to set so that the amount of change is appropriately adjusted by the correction process and the image is updated with a proper change.

  In this example, the difference image before and after the change is created and the total amount of pixel values is used as the change amount. However, the method is not limited to this method, and is generally used for matching, recognition, and prediction. You may make it judge whether an image is a moderate change using the similarity scale between the images used.

  In the above description, the change amount has been described with respect to the case where the correct image is changed using a preset value. However, the change amount may be adjusted by the user himself / herself.

  In this example, the change amount and the image change amount are described as different from each other. However, for example, it is possible to omit the process of calculating the image change amount by using the same parameter. .

  In the above-described authentication screen, the case where the correct image itself or the incorrect image itself is displayed on the authentication screen has been described. However, display in another form may be executed.

Another authentication screen will be described with reference to FIG.
Referring to FIG. 17A, here, a correct image to be notified to the initial member first is shown.

  Referring to FIG. 17B, here, a case where an image obtained by combining a correct image or an incorrect image and another image is displayed as an authentication screen is shown.

  That is, various combinations are possible, and the security effect can be further enhanced.

  In this example, the case where one correct image is included in the authentication screen has been described, but a plurality of correct images may be displayed. For example, a plurality of correct images can be used properly depending on the degree of closeness. For example, a correct image of a user with low intimacy and a correct image of a user with high closeness can be used. And, correct images of users with low familiarity are set to increase the update degree and update frequency, and correct images of users with high closeness are set to decrease the update degree and update frequency, Two correct images may be displayed on the authentication screen.

  In the present example, the configuration in which the application management server 10 and the authentication server 20 are provided separately has been described, but a configuration in which these are included in one is also possible.

  In addition, it is also possible to provide a program that causes a computer to function for each unit that controls the above-described apparatus, and executes control as described in the above flow. Such a program is stored in a computer-readable recording medium such as a flexible disk attached to the computer, a CD-ROM (Compact Disk-Read Only Memory), a ROM (Read Only Memory), a RAM (Random Access Memory), and a memory card. And can be provided as a program product. Alternatively, the program can be provided by being recorded on a recording medium such as a hard disk built in the computer. A program can also be provided by downloading via a network.

  The program may be a program module that is provided as part of an operating system (OS) of a computer and that calls necessary modules in a predetermined arrangement at a predetermined timing to execute processing. In that case, the program itself does not include the module, and the process is executed in cooperation with the OS. A program that does not include such a module can also be included in the program according to the present invention.

  The program according to the present invention may be provided by being incorporated in a part of another program. Even in this case, the program itself does not include the module included in the other program, and the process is executed in cooperation with the other program. Such a program incorporated in another program can also be included in the program according to the present invention.

  The provided program product is installed in a program storage unit such as a hard disk and executed. The program product includes the program itself and a recording medium on which the program is recorded.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is shown not by the above description of the embodiments but by the scope of claims, and is intended to include all modifications within the meaning and scope equivalent to the scope of claims.

  10 application management server, 11, 21 control unit, 12 service providing unit, 13, 26, 42 RAM, 14, 27, 43 ROM, 15, 28, 44 HDD, 16, 30, 49 communication interface, 17, 31, 45 Internal bus, 18 service availability determination unit, 20 authentication server, 22 authentication screen generation unit, 23 user registration unit, 24 correct answer information update unit, 25 authentication determination unit, 29 input device, 40, 50 user terminal, 41 CPU, 46 mouse 47 keyboards, 48 displays.

Claims (7)

Display means;
Storage means for storing a key object assigned to each user group to be authenticated from a plurality of visually identifiable objects prepared in advance;
The key that is registered in association with the selected object and the user group while accepting selection of the object by at least one user of the user group to be authenticated by presenting the plurality of objects on the display means An authentication means for performing authentication based on match / mismatch with the object;
Timing detection means for detecting the timing of changing the key object;
An authentication apparatus comprising: a changing unit that changes a key object stored in the storage unit used in the next authentication based on a detection result by the timing detection unit.   The authentication device according to claim 1, wherein the timing detection unit detects a timing to change over time.   The authentication device according to claim 1, wherein the timing detection unit detects a change timing based on access information.   The authentication device according to claim 1, wherein the changing unit adjusts a change parameter of the key object according to a data change amount of a user according to a predetermined application.   The authentication apparatus according to claim 4, wherein the change parameter is set within a predetermined range based on a change amount between the key object before the change and the key object after the change. A storage means for storing a key object assigned for each user group to be authenticated from a plurality of visually identifiable objects prepared in advance,
Presenting a plurality of the objects on a display means;
Accepting an object selection by at least one user of the user group to be authenticated;
Authenticating based on a match / mismatch between the selected object and the key object registered in association with the user group;
Detecting the timing of changing the key object;
And a step of changing the key object stored in the storage means used in the next authentication when the timing for changing the key object is detected. In a computer of an authentication apparatus provided with a storage means for storing a display object and a key object assigned to each user group to be authenticated from a plurality of visually identifiable objects prepared in advance,
Presenting a plurality of the objects on the display means;
Accepting an object selection by at least one user of the user group to be authenticated;
Authenticating based on a match / mismatch between the selected object and the key object registered in association with the user group;
Detecting the timing of changing the key object;
An authentication program for executing a process, comprising: a step of changing a key object stored in the storage means used in the next authentication when a timing for changing the key object is detected.