JP2011227762A - User authentication device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a user authentication device and method which are not affected by the leakage, stealing, or forgetfulness of security information such as a password.SOLUTION: A user authentication device is provided with: a character input part for accepting character input for authenticating a user; a question sentence generation part for generating a question sentence to the user; a display part for displaying the question sentence generated by the question sentence generation part; an input process determination reference storage part for storing a determination reference relating to the character input process of the user; and an input process determination part for comparing a character input process for inputting a character for authentication in the character input part from the user with the input process determination reference stored by the input process determination reference storage part, and for determining whether or not an authorized user has performed character input.

Description

  The present invention relates to an information security system, and more particularly to a user authentication device and an authentication method when logging into a mobile terminal or a personal computer.

  As a user authentication method in a conventional information security system, for example, as shown in FIG. 5, there is a lock function mounted on a mobile phone or the like. When using this lock function, a user using a mobile phone inputs lock / release information composed of alphanumeric characters in advance, and the mobile phone records the lock / release information. In order to ensure security, the user of the mobile phone inputs the lock / release information to the mobile phone (52 in FIG. 5), so that the entered lock / release information matches the previously recorded lock / release information. In the case (51 in FIG. 5), the mobile phone is locked or unlocked. If they do not match (53 in FIG. 5), the mobile phone is not locked or unlocked. Some mobile phone lock / release means is equipped with a remote lock / release function using wireless communication.

For example, when a user uses a personal computer or the like and uses an Internet bank or free mail existing on the Internet, the user authentication means for ensuring security includes those shown in FIGS. can give.
FIG. 6 shows a user authentication method using a user ID and a password that authenticates the input user as a correct user when the user ID and password input by the user match the user ID and password registered in advance.
In FIG. 7, random arrangement string characters are input to a password card 71 distributed in advance, and values corresponding to (1) and (2) displayed on the login screen 72 (in the example of FIG. 7, b, It is a user authentication method using a password card that authenticates the input user as a correct user by inputting c).

FIG. 8 shows a user authentication method using a one-time password that authenticates the entered user as a correct user by inputting the password 82 generated in real time by the password generator on the login screen 81.
FIG. 9 registers answers to a plurality of questions in advance, and authenticates the input user as the correct user by inputting the registered correct answer to the question displayed on the login screen 91. This is a user authentication method based on questions and answers.
There is also a user authentication method that strengthens user authentication by combining any of the user authentication methods shown in FIGS.

  In the following Patent Document 1, a vector for each side of a polygon created from a plurality of click positions with a mouse is calculated, compared with a vector registered as a password from a relative ratio, and a password at the time of password registration is calculated. A password authentication method for determining whether a polygon and a polygon at the time of password input are relatively equal is described.

JP 2003-91506 A

  However, the user authentication method using the alphanumeric fixed lock / release information of the mobile phone in FIG. 5 and the user authentication method in FIGS. 6 and 9 are security information such as a password, and theft of a memo in which the security information is described, There is a risk of security information leaking or forgetting due to random attacks. Further, the user authentication method of FIGS. 7 and 8 has a problem that it cannot be used if the password card or the one-time password generator is lost.

  The present invention has been made to solve such a conventional problem, and provides a user authentication apparatus and method for preventing the security information such as a password from being leaked, stolen, or forgotten. Objective.

The present invention provides a user authentication apparatus and method depending on the characteristics of individual users. The typical configuration of the present invention is as follows. That is,
A character input unit that accepts a character input for authenticating the user;
A question sentence generation unit for generating a question sentence for the user;
A display unit for displaying the question sentence generated by the question sentence generation unit;
An input process determination criterion storage unit that stores determination criteria related to the user's character input process;
The character input process in which the authentication character is input from the user by the character input unit is compared with the input process determination criterion stored in the input process determination criterion storage unit to determine whether the correct user has input the character. And an input process determination unit.

  Since the user authentication device according to the present invention recognizes the character input characteristics of each user, it is possible to prevent a user's password from being seen and misused by other users and improve security. It becomes. Further, since there is no need to remember a fixed password as in the prior art, it is possible to prevent inconvenience caused by the user forgetting the password.

It is a figure which shows the structural example of the user authentication apparatus in the Example of this invention. It is a figure which shows the flow of the user authentication process in the Example of this invention. It is a figure which shows the process of the question sentence production | generation part in the Example of this invention. It is a figure which shows the character conversion database in the Example of this invention. It is a figure which shows the user authentication by the lock / release information used with the mobile telephone in a prior art. It is a figure which shows the user authentication by the fixed password currently used by the internet etc. in a prior art. It is a figure which shows the user authentication by the password card in a prior art. It is a figure which shows the user authentication by the one time password in a prior art. It is a figure which shows the user authentication by the question response in a prior art.

A user authentication apparatus as an example of an embodiment of the present invention will be described with reference to FIG. FIG. 1 is a diagram illustrating a configuration example of a user authentication device 1 according to an embodiment of the present invention. In FIG. 1, the user authentication device 1 includes a control unit 10, a display unit 21, a character input unit 22, and a storage unit 23. The control unit 10 is a functional unit for performing user authentication. The main control unit 11, a question sentence generation unit 12, a character conversion unit 13, an input speed measurement unit 14, a character conversion determination unit 15, an input speed determination unit, which will be described later. 16. As a hardware configuration, the control unit 10 includes a CPU (Central Processing Unit) and a memory that stores an operation program and the like of the control unit 10, and the CPU operates according to the operation program.
The character input unit 22 includes a keyboard, a touch panel, and the like, and is a man-machine interface that inputs authentication character data and the like for authenticating a user. The display unit 21 is composed of a liquid crystal screen or the like, displays characters and the like input from the character input unit 22, and displays a question sentence and the like generated by the question sentence generation unit 12. The storage unit 23 is a basic question sentence and keyword data used in the question sentence generation unit 12, a character conversion database (described later in FIG. 4) used in the character conversion determination unit 15, and an input used in the input speed determination unit 16. Stores speed data and the like.

  The question sentence generation unit 12 generates a question sentence for the user, such as a hint for identifying and authenticating the user, and a question content as a determination material. The character conversion unit 13 converts character data (alphabet, numbers, kanji, pictographs, etc.) input by the user in the character input unit 22 into characters, words, etc. as character data for user authentication based on user instructions. To do. The input speed measurement unit 14 measures a character input speed when the user inputs authentication character data from the character input unit 22. When the character data input by the user in the character input unit 22 is converted into characters, words, or the like as user authentication character data, the character conversion determination unit 15 inputs the correct user based on the conversion mode. Determine whether or not. The input speed determination unit 16 determines whether or not a correct user has input based on the character input speed measured by the input speed measurement unit 14. The character conversion determination unit 15 and the input speed determination unit 16 constitute an input process determination unit 17. The input process determination unit 17 determines whether or not a correct user has input based on a process in which character data is input by the character input unit 22. The main control unit 11 performs overall control of the question sentence generation unit 12, the character conversion unit 13, the input speed measurement unit 14, the character conversion determination unit 15, and the input speed determination unit 16.

  In order to describe the user authentication apparatus of the present embodiment, the processing sequence is shown in FIG. 2 as an example of a user authentication method when using an Internet bank or free mail existing on the Internet. FIG. 2 is a diagram showing the flow of user authentication processing in the embodiment of the present invention.

  As a previous stage of explanation, the storage unit 23 stores in advance a question sentence database 31 (see FIG. 3) in which a plurality of random basic question sentences (question items) used in the question sentence generation unit 12 are stored. A keyword database 32 (see FIG. 3) that stores a plurality of keywords, a character conversion database that stores a plurality of character conversion modes frequently used by users who use the user conversion device 15 and the character input speed of the user authentication device 40 (see FIG. 4) and the like are stored. The character conversion database 40 of this example constitutes an input process determination criterion storage unit in which determination criteria regarding a user's character input process are stored.

In FIG. 2, the user opens a user authentication screen (step S1).
When the user authentication screen is opened, the main control unit 11 checks whether or not the number of retries for the user authentication process is within the limit value (step S2). If the number of retries is not within the limit value (No in step S2), an authentication NG display indicating that user authentication cannot be performed is displayed on the display unit 21 (step S16), and the user authentication process is terminated (step S17).
When the number of retries is within the limit value (Yes in step S2), the process proceeds to question sentence generation, and the main control unit 11 instructs the question sentence generation unit 12 to generate a question sentence. The question sentence generation unit 12 randomly selects a basic question sentence and a keyword recorded in advance in the storage unit 23 and generates a question sentence (step S3). The question sentence generated by the question sentence generation unit 12 is displayed as a question sentence (question item) on the user authentication screen (step S4).

  When the user inputs an answer to the question from the character input unit 22, the main control unit 11 reads the input characters and stores them in the storage unit 23 together with the key input order, and the character conversion unit 13. However, the input character is converted based on the user's instruction (step S5). For example, “difficult” is converted to “difficult”. At this time, the input speed measurement unit 14 measures the speed at which the user inputs a key and the time until the character input is completed, and stores it in the storage unit 23.

Next, the input speed determination unit 16 compares the user's key input speed stored in the storage unit 23 with the user's character input speed stored in the storage unit 23 in advance, and within a predetermined difference range. If so, it is determined that the user who entered the character is the correct user (step S6).
The character conversion determination unit 15 compares the character conversion mode of the character converted in step S5 with the character conversion mode of the user stored in advance in the storage unit 23. It is determined that the user who entered the character is a correct user (step S7).

In the character conversion determination process in step S7, if the character conversion mode of the user who input the character does not match the character conversion mode stored in advance in the storage unit 23 (No in step S8), the result is sent to the user. In order to notify, the main control unit 11 displays that the user authentication has failed on the display unit 21 (step S15), and returns to step S2.
Further, in the input speed determination process in step S6, the character input speed calculated by the input speed measuring unit 16, that is, the key input speed of the user who input the character, and the key input speed stored in the storage unit 23 in advance. If they do not match (No in step S9), the main control unit 11 displays that the user authentication has failed on the display unit 21 (step S15) and notifies the user of the result, and returns to step S2. .

  In the character conversion determination process in step S7, the character conversion mode of the user who entered the character matches the character conversion mode stored in the storage unit 23 in advance (Yes in step S8), and the input in step S6. In the speed determination process, if the key input speed of the user who entered the character matches the key input speed stored in advance in the storage unit 23 (Yes in step S9), an authentication OK display indicating that the user authentication is successful. Is displayed on the display unit 21 (step S10), and the user authentication process is completed (step S11).

  In this embodiment, as described above, when user authentication fails in the character conversion determination process (step S7) and the input speed determination process (step S6), a new question sentence generation (step S3) is performed, Has been able to retry. As for the number of retries of the user, for example, it is preferable to perform the process of permitting retry until the number of times per day.

  Further, although not described in the description of FIG. 2, the question sentence may be changed and the sequence of FIG. 2 (steps S2 to S9) may be repeated a plurality of times.

  The above-described example of FIG. 2 can also be used for user authentication used for setting / releasing the lock of a wireless communication terminal including a display unit and a character input unit such as a mobile phone as well as the Internet.

The question sentence generation part 12 demonstrated in FIG. 1 and FIG. 2 is demonstrated in detail using FIG. FIG. 3 is a diagram showing processing of the question sentence generation unit 12 in the embodiment of the present invention.
As shown in FIG. 3, a plurality of basic question sentences and a plurality of keywords inserted as keywords in the basic question sentence are registered in the storage unit 23 in advance, and stored as a question sentence database 31 and a keyword database 32, respectively. Yes.
When a request for generating a question sentence is received from the main control unit 11, the question sentence generation unit 12 randomly selects an arbitrary basic question sentence and a keyword from the question sentence database 31 and the keyword database 32 stored in the storage unit 23, respectively. To generate a random question sentence, and notify the main controller 11 of the generated question sentence. The main control unit 11 displays the question sentence notified from the question sentence generation unit 12 on the display unit 21.

  The basic question sentences shown here are elements such as daily conversations and questions. In the example of FIG. 3, a basic question sentence “What is today's XX?” Is stored in the question sentence database 31 as No1. The keyword is a dictionary function originally possessed by a device such as a personal computer or an information display terminal such as a mobile phone according to the present invention, or a sentence such as letters, numbers, kanji and pictograms frequently used by a user. Or a destination or e-mail address with which an e-mail is exchanged. In the example of FIG. 3, keywords “weather” and “difficult” are stored in the keyword database 32 as No1. For example, the keyword “weather” is inserted into the basic question sentence “What is today's yesterday?” To generate a question sentence “What is the weather today?” (33 in FIG. 3).

  Next, the character conversion determination unit 15 described in FIGS. 1 and 2 will be described in detail with reference to FIG. FIG. 4 is a diagram showing the character conversion database 40 stored in the storage unit 23 in the embodiment of the present invention. In the character conversion database 40, a user's character input speed, alphanumeric characters, kanji characters, pictograms, user habits, and the like frequently used by the user are stored as a database. In FIG. 4, a candidate character 41 represents a state after a character input by the user is converted. Frequency (1) 42, frequency (2) 43, and frequency (3) 44 are user input states before character conversion. Frequency (1) 42, frequency (2) 43, frequency (3) 44 In turn, the frequency of input is high. For example, in FIG. 4, for “No. 1” of “No. 1”, the frequency of input by this user is the highest in “Difficult” in frequency (1), the next “Difficult” in frequency (2), and “Is it difficult”? The frequency (3) in which the character estimation is used by inputting until is the third frequency.

  Also, for the prompt sound “tsu” of No. 2, the frequency that this user inputs is “xtu” of the frequency (1) is the highest, and the method of converting the “tsu” of the frequency (2) to “tsu” is the next. The frequency (3) of inputting “ltu” is the third frequency.

For example, it is assumed that the main control unit 11 displays “Please input“ difficult ”” as a question sentence and instructs the user. The user inputs “difficult” using the character input unit 22. The main control unit 11 reads a character input by the user, and the character conversion unit 13 converts the input character “difficult” into “difficult” based on the user's instruction.
The character conversion determination unit 15 collates the input character “difficult” with the character conversion database 40 stored in the storage unit 23 and determines whether the input user is correct based on a predetermined determination criterion. To do. Here, the predetermined criterion may be, for example, a case where the input character matches the frequency (1) in FIG. 4 or a case where the input character matches the frequency (1) or the frequency (2). .
The character conversion determination unit 15 returns authentication OK to the main control unit 11 when determining that the input user is correct, and returns authentication NG to the main control unit 11 when determining that the input user is not correct.

  As described above, the habit of the user stored in the storage unit 23 here is, for example, when the user inputs the word “difficult”, the user inputs “mutsutsukashishii”. If you want to convert to Kanji, enter "Mu / Zu / Ka / Shi / I" and convert to Kanji, or type "Mu / Zu / Ka / Shi / I" and perform Kanji conversion In order to correct the character, or when inputting the sound “tsu”, whether to input “xtu”, “ltu” or “tu” in the Roman alphabet input, enter “tu”, and the character conversion unit 13 This is a feature at the time of input by the user, such as whether to search for and input “tsu” from candidate characters.

  The character conversion determination unit 15 monitors user characteristics such as characters and correction methods that the user normally uses, and automatically monitors the user characteristics as a database for authenticating the user to the character conversion database 40. It is preferable to accumulate it automatically.

  Since the present invention is a user authentication device that does not use a fixed password (answer) for a question and recognizes features such as a user's character input speed and a user's character input method, It is possible to prevent snooping and misuse and to improve security. Further, since authentication is performed using elements specific to individuals such as answers to question sentences, character input speeds, and character conversion methods, security is further improved. Further, since there is no need to remember a fixed password as in the prior art, it is possible to prevent inconvenience caused by the user forgetting the password.

Note that the present invention is understood not only as a system for executing the processing according to the present invention, but also as an apparatus and method, a program for realizing such a method and system, and a recording medium for recording the program. can do.
Further, the present invention may be configured such that the CPU performs control by executing a control program stored in a memory, or may be configured as a hardware circuit.

  10..Control unit, 11..Main control unit, 12..Question sentence generation unit, 13..Character conversion unit, 14 .... Input speed measurement unit, 15 .... Character conversion determination unit, 16 .... Input speed determination , 17... Input process judgment unit, 21... Display unit, 22 .. Character input unit, 23 .. Storage unit, 31 .. Question sentence database, 32 .. Keyword database, 40.

Claims (1)

A character input unit that accepts a character input for authenticating the user;
A question sentence generation unit for generating a question sentence for the user;
A display unit for displaying the question sentence generated by the question sentence generation unit;
An input process determination criterion storage unit that stores determination criteria related to the user's character input process;
The character input process in which the authentication character is input from the user by the character input unit is compared with the input process determination criterion stored in the input process determination criterion storage unit to determine whether the correct user has input the character. And an input process determination unit.

Images