JP2011253433A - Authentication device, registration method for position information and position information registration program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To much more easily register position information in matrix authentication even in case of using a terminal whose function is low.SOLUTION: This authentication device 3 for performing matrix authentication is provided with: a generation means 31 for generating character strings which are not overlapped with each other; a matrix generation means 32 for generating a matrix for registration by arranging the respective characters of the generated character string like a matrix, and for transmitting it to a terminal 1; a position specification means 33 for receiving the character string from the terminal 1, and for specifying a position where each of the received characters is arranged on the matrix for registration; and a registration means 34 for storing each of the specified positions in association with a user in an authentication storage means 36.

Description

  The present invention relates to a matrix authentication technique, and more particularly to a technique for registering location information for matrix authentication.

  There is a one-time password as an authentication technique for authenticating whether or not the accessing user is a regular user. As one method of this one-time password, Patent Document 1 describes matrix authentication using a matrix in which numbers are set at random and inputting a number at a position stored in advance as a password.

JP 2002-366517 A

  In matrix authentication, it is necessary to register position information in the matrix in advance before performing the authentication. However, registration of position information has the following problems.

  That is, when a number string is displayed on the registration screen of position information, there are only 10 numbers from 0 to 9. Therefore, when the number of cells (frames) in the matrix is 10 or more, the same number is repeatedly used. It will be. Then, even if the user specifies a number to specify the position on the registration screen, the position cannot be specified because the number is displayed in a plurality of cells.

  As a method for solving this problem, a method is conceivable in which a matrix in which the order of numbers is changed is generated many times and an input operation for allowing the user to specify the position is repeatedly performed until the position intended by the user can be specified. However, this method requires the user to perform an input operation many times, and thus the load on the user is high and complicated.

  In addition, although it is conceivable that the number set on the registration screen is two digits, for example, a screen with a limited screen size such as a portable terminal may not be displayed.

  In addition, a method of specifying a position using a cursor is also conceivable. However, when using a low-function terminal such as a mobile terminal, it is necessary to install an application for specifying the position and storing it in the order in the mobile terminal. There is a user installation operation.

  The present invention has been made in view of the above circumstances, and an object of the present invention is an authentication that makes it easier to register location information in matrix authentication even when a low-function terminal is used. An apparatus, a registration method of position information, and a position information registration program are provided.

  In order to achieve the above object, the present invention provides an authentication apparatus for performing matrix authentication, wherein generating means for generating non-overlapping character strings, and each character of the character string generated by the generating means are arranged in a matrix. Generating a registration matrix and transmitting it to the terminal; receiving a character string from the terminal; and specifying a position of the received character on the registration matrix for each received character A position specifying unit; and a registering unit that stores each position specified by the position specifying unit in an authentication storage unit in association with a user who uses the terminal.

Further, the present invention is a registration method of location information in matrix authentication performed by a computer, wherein the computer generates a character string that does not overlap each other;
Each character of the character string generated in the generating step is arranged in a matrix form, a registration matrix is generated, and the matrix generating step for transmitting to the terminal, the character string is received from the terminal, and for each received character, A position specifying step for specifying a position where the character is arranged on the registration matrix, and a registration for storing each position specified in the position specifying step in association with a user who uses the terminal in the authentication storage unit And step.

  The present invention is also a location information registration program in matrix authentication executed by a computer, wherein the computer generates a character string that does not overlap each other, and each character of the character string generated in the generation step is a matrix. A matrix generation step of generating a registration matrix and transmitting it to the terminal, receiving a character string from the terminal, and for each received character, the position where the character is placed on the registration matrix And a registration step of storing each position specified in the position specifying step in association with a user who uses the terminal in an authentication storage unit.

  According to the present invention, there is provided an authentication apparatus, a position information registration method, and a position information registration program that can more easily perform registration of position information in matrix authentication even when a low-function terminal is used. Can be provided.

1 is an overall configuration diagram of an authentication system according to an embodiment of the present invention. It is explanatory drawing for demonstrating the process which produces | generates the random character string which does not overlap. It is a sequence diagram which shows a registration process. It is a figure which shows an example of the matrix screen at the time of registration, and a confirmation screen. It is a figure which shows an example of an authentication database. It is a figure which shows an example of the matrix screen for authentication at the time of authentication. It is an example of the matrix for position specification.

  Hereinafter, embodiments of the present invention will be described.

  FIG. 1 is an overall configuration diagram of an authentication system according to an embodiment of the present invention.

  The authentication system of this embodiment includes a terminal 1, an authentication server 3 (authentication device), and a content server 5. The terminal 1 and the authentication server 3 are connected by a network 8 such as the Internet, and the authentication server 3 and the content server 5 are connected by a network 9 such as a dedicated line.

  The terminal 1 is a terminal used by a user (user) of the authentication system, and for example, a PC (Personal Computer) or a mobile terminal (a mobile phone, a smartphone, PDA: Personal Digital Assistants, etc.) can be used.

  The authentication server 3 is an authentication device that performs matrix authentication. In matrix authentication, a matrix (table / matrix) in which different numbers and characters are randomly arranged in a grid pattern each time is used. When a user remembers a predetermined position in the matrix and performs authentication, he / she selects and enters numbers and characters set in his / her position in the matrix and uses this as a password. .

  The illustrated authentication server 3 includes a character string generation unit 31, a matrix generation unit 32, a position specifying unit 33, a registration unit 34, an authentication unit 35, and an authentication DB (database) 36.

  The character string generation unit 31 generates character strings that do not overlap each other. The matrix generation unit 32 arranges each character of the character string generated by the character string generation unit 31 in a matrix (a grid pattern), generates a registration matrix, and transmits the registration matrix to the terminal 1. The position specifying unit 33 receives a character string from the terminal 1 and specifies the position of each character of the received character string arranged on the registration matrix. The registration unit 34 registers and stores the position information specified by the position specifying unit 33 in the authentication DB 36 in association with the user ID (user information) of the user who uses the terminal 1.

  The authentication unit 35 performs matrix authentication using the authentication information stored in the authentication DB 36. The authentication DB 36 stores authentication information necessary for authentication.

  The content server 5 holds a plurality of contents in a content database (not shown), and transmits and provides the requested content to the requesting terminal 1 in response to a request from the terminal 1. The terminal 1 can access the content server 5 after successful matrix authentication with the authentication server 3.

  As the authentication server 3 and the terminal 1 described above, for example, a computer system including at least a CPU, a memory, and a storage device such as an HDD can be used. In this computer system, each function of each device is realized by the CPU executing a predetermined program loaded on the memory. For example, the functions of the authentication server 3 and the terminal 1 are executed by the CPU of the authentication server 3 in the case of the program for the authentication server 3, and the CPU of the terminal 1 in the case of the program for the terminal 1, respectively. Realized.

  FIG. 2 is an explanatory diagram for explaining an example of a process for generating a random character string that does not overlap. In the illustrated example, 16 character strings are generated.

  In the present embodiment, an English character (alphabet) character string of a 1-byte code character is described below as an example, but the present invention is not limited to this, and a 2-byte code character may be used. Moreover, characters other than English letters may be used.

  First, the character string generation unit 31 acquires a non-overlapping character string (ticket character string) 201 stored in a storage unit (not shown) such as a memory (see FIG. 2: (0)).

  Then, the character string generation unit 31 generates one random number (random value) in the range of 1 to 16, and the character positioned in the random number column of the character string 201 that is not duplicated and the final column (16 columns) The character string 202 is generated by replacing the character positioned at (see FIG. 2: (1)). In the illustrated example, “5” is acquired as a random number, and “e” in 5 columns and “p” in 16 columns are interchanged.

  Next, the character string generation unit 31 generates one random number in the range of 1 to 15 with one narrowed range, and the character located in the random number column of the non-overlapping character string 201 and the last column The character string 203 is generated by exchanging the character located in the column obtained by subtracting one (see FIG. 2: (2)). In the illustrated example, “7” is acquired as a random number, and “g” in 7 columns and “o” in 15 columns are interchanged.

  Next, the character string generation unit 31 generates one random number in the range of 1 to 14 that is further narrowed by one, and the character positioned in the random number sequence of the non-overlapping character string 201 and the final column The character string 204 is generated by exchanging the character located in the column obtained by subtracting two from (see FIG. 2: (3)). In the example shown in the figure, “1” is acquired as a random number, and “a” in one column and “n” in 14 columns are interchanged.

  The process described above is repeated as many times as the length of the character string to generate a random character string that does not overlap. The character string generator 31 generates one random number within a predetermined range by a predetermined pseudo-random number generation algorithm.

  In addition to the method shown in FIG. 2, a random character string that does not overlap is generated by first generating a random character string and then generating a non-overlapping random character string by removing the duplicate character. Also good.

  Next, position information registration processing according to the present embodiment will be described.

  FIG. 3 is a sequence diagram showing processing of this embodiment. First, the registration unit 34 of the authentication server 3 stores and registers the user ID (user information) of the user who uses the authentication service of the authentication system in the authentication DB 36 (S11).

  And the terminal 1 receives a user's instruction | indication, and transmits the registration request of the positional information for performing matrix authentication to the authentication server 3 (S12). The registration request includes the user ID input to the terminal 1 by the user and the model information of the terminal 1 (for example, information indicating the type and model of a terminal such as a portable terminal or a PC).

  When receiving a registration request from the terminal 1 via the network 8, the character string generation unit 31 generates a random character string that does not overlap, for example, as described with reference to FIG. S13). The length (number of characters) of the character string to be generated is the number of cells in the registration matrix. For example, in the case of a matrix having a size of 4 rows × 12 columns, a character string of 48 characters is generated.

  Then, the matrix generation unit 32 sets (pastes) the character string generated in S13 in each cell of the matrix having a predetermined size, and generates a registration matrix. Then, the matrix generation unit 32 generates a matrix screen including the generated registration matrix, stores it in a storage unit such as a memory, and transmits it to the terminal 1 that transmitted the registration request in S12 (S15).

  FIG. 4A shows an example of a matrix screen. The illustrated matrix screen registration matrix 40 is a matrix having a size of 4 rows × 12 columns. Lower 2 alphabetic characters are set in the upper 2 rows (2 rows × 12 columns) 41 and the lower 2 rows ( In (2 rows × 12 columns) 42, uppercase alphabetic characters are set.

  In this case, in S13, the character string generation unit 31 generates 24 lowercase character random character strings that do not overlap, and 24 uppercase character random character strings that do not overlap. Then, in S14, the matrix generation unit 32 pastes a random character string having no lowercase letter duplication in the upper two rows 41 of the registration matrix, and puts a random character string having no uppercase letter duplication in the lower two rows 42 of the registration matrix. paste.

  Further, as shown in FIG. 4A, a predetermined number of figures 43 may be arranged at predetermined locations in the registration matrix 40. The graphic 43 is input support information for making it easy for the user to recognize the position of each cell in the registration matrix 40. In this case, the matrix generation unit 32 reads out these graphics 43 stored in a storage unit such as a memory in S14 and sets them in a predetermined location of the registration matrix 40.

  In addition, the matrix generation unit 32 uses the model information included in the registration request received in S12 to display a matrix screen (Web page) in a markup language (HTML, CHTML, HDML, etc.) in a format corresponding to the model of the terminal 1. ) Is generated.

  Then, the matrix generation unit 32 transmits the matrix screen generated in S14 to the requesting terminal 1 (S15).

  The terminal 1 receives the matrix screen and displays the matrix screen on the display using a browser or the like (S16). The user determines at least one desired position on the displayed registration matrix, and inputs the characters displayed at the positions determined in the desired order in the input field 44. In the illustrated example, the user has determined the uppermost four characters 45. In the illustrated example, four positions are set in the input field 44, but the number is not limited to four.

  The terminal 1 accepts a character string in which the user has entered characters in a desired position in the input field 44 in a desired order (S17), and when a transmission instruction (pressing the “GO!” Button) is input, the input field 44 Is sent to the authentication server 3 (S18).

  The user may input a desired pin code in the input field 44 together with a character string indicating the position of the registration matrix. The pin coat is a character (for example, a number) different from the character set in the registration matrix, and can be an arbitrary number (number of digits) of characters.

  The input position for inputting the pin code into the input field 44 may be before or after the character string indicating the position of the registration matrix, or between the character strings. For example, if the pin code is “123” and the desired position is “bfjk”, the user can set the position and pin code in the desired order, such as “123bfjk”, “bfjk123”, “b1f2j3k”, “bf123jk”, etc. Can be specified.

  In addition to the numbers, the pin code may use a 2-byte code character. Japanese characters (for example, hiragana, kanji, etc.) can be used for the 2-byte code characters, so that it is possible to use words that have a high affinity for Japanese users as pin codes, making it easy to remember. .

  The position specifying unit 33 of the authentication server 3 specifies, for each character of the character string received from the terminal 1, which position (cell) of the registration matrix generated in S14 is located (S19). In the example shown in FIG. 4A, the position of the first “e” is the position (1, 5) in the first row and the fifth column from the right, and the position of the second “f” is The first row from the top and the sixth column from the right (1, 6). The third “g” position is the first row from the top and the seventh column from the right (1, 7). Yes, the position of the fourth “h” is specified as the position (1, 8) in the first row from the top and the eighth column from the right.

  And the position specific | specification part 33 produces | generates the confirmation screen which shows the position and order on the matrix for registration designated with the character string transmitted from the terminal 1 (S20), and transmits to the terminal 1 (S21).

  FIG. 4B is a diagram illustrating an example of a confirmation screen. In the confirmation screen shown in the figure, the designated order is displayed at the position designated by the user.

  The terminal 1 displays the received confirmation screen on the display and accepts a user registration instruction (S22). The user looks at the confirmation screen, confirms whether the position and order of the character string input in S17, and inputs a registration instruction (pressing the “GO!” Button). Thereby, the terminal 1 transmits a registration instruction to the authentication server 3 (S23).

  Upon receiving the registration instruction, the registration unit 34 of the authentication server 3 registers the position information indicating the position of the registration matrix specified in S19 in the authentication DB 36 in association with the user ID of the registration request received in S12. For example, coordinate information represented by (row, column) can be used as the position information.

  When a pin code is input together with the character string in S18, the position information indicating the position of the registration matrix specified in S19 and the pin code are set in the order of the character string transmitted in S18 and the user ID. The information is registered in the authentication DB 36 in association with each other. Since the pin code is a different type of character from the character set in the registration matrix, it is possible to discriminate between the position information and the pin code at the time of authentication.

  FIG. 5 is a diagram illustrating an example of the authentication DB 36. As shown in the figure, a user ID, position information, and a pin code are stored in association with each other. In the illustrated example, “3” and “5” of the user 2 are part of the pin code.

  As described above, after registering the position information in the authentication DB 36, the user accesses the content server 5. Specifically, the terminal 1 transmits an access request to the content server 5 to the authentication server 3, and the authentication unit 35 of the authentication server 3 performs matrix authentication. The authentication unit 35 generates an authentication matrix and transmits it to the terminal 1, and receives a numeric string (or character string) as a password from the terminal 1. FIG. 6 is a diagram illustrating an example of an authentication matrix.

  Then, when the authentication unit 35 matches the numeric string identified from the location information of the user (user ID) of the terminal 1 and the authentication matrix stored in the authentication DB 36 with the numeric string received from the terminal 1. Authenticate as a legitimate user. When the pin code is also received from the terminal 1, the authentication of the pin code is performed using the authentication DB 36. When the authentication is successful, the authentication unit 35 transmits the access request to the content server 5 transmitted by the terminal 1 to the content server 5, and the content server 5 transmits predetermined content to the terminal 1.

  In the present embodiment described above, a random character string that does not overlap is generated, and a registration matrix in which the character string is arranged in a matrix is generated. Thereby, in this embodiment, even if it is a case where a low function terminal is used, the registration of the positional information in matrix authentication can be performed more easily. That is, position information can be input from a terminal with limited input means, such as a mobile phone, without much difficulty.

  Further, in the present embodiment, the registration matrix only needs to be generated once for a single user, so that the load on the authentication server 3 is reduced as compared with the case where the registration matrix is generated a plurality of times. In addition, since the number of times of transmission / reception of information between the terminal 1 and the authentication server 3 can be minimized, the network load can be reduced, and further, the influence of network disconnection due to radio wave defects in a wireless environment or the like can be reduced. it can.

  In the present embodiment, since a registration request from the terminal 1 is received and a registration screen is generated for each user, higher security is ensured than when a common registration matrix is used for each user. Can do.

  In this embodiment, a pin code can be input together with a character string indicating the position of the registration matrix. As a result, at the time of password authentication, two types of authentication can be performed: matrix authentication using matrix position information and authentication using a pin code, so that stronger and higher security can be ensured. it can.

  In addition, by using a different type of character for the pin code than the character used in the registration matrix, the authentication server 3 can determine whether it is a character string indicating the position of the registration matrix or a pin code. Can input a character string indicating the position of the registration matrix and a pin code with a single input. As a result, the convenience of the user is improved and the network load can be reduced because the number of times of communication between the terminal 1 and the authentication server 3 is reduced.

  In the present embodiment, for example, as shown in the registration matrix shown in FIG. 4A, a line for displaying lowercase letters and a line for displaying uppercase letters are separated to reduce user input errors. In addition, user convenience can be improved. For example, similar uppercase and lowercase alphabetic characters such as c, k, o, p, s, u, v, w, x, and z can be presented to the user.

  In addition, this invention is not limited to the said embodiment, Many deformation | transformation are possible within the range of the summary. For example, when the terminal 1 is a PC or the like, by using a rich application (for example, Java (registered trademark)), by moving the cursor without inputting characters indicating the position of the registration matrix, It is good also as inputting a position.

  In the above embodiment, coordinate information represented by (row, column) is used as an example of position information. However, the position information is not limited to this. For example, a matrix for position identification made up of alphabetic characters (lowercase letters and uppercase letters) as shown in FIG. 7 is stored in advance in a storage unit (not shown), and instead of coordinate information (rows, columns) It is good also as specifying the alphabetic character of the location to do as position information, and registering it in authentication DB36 matched with user ID. Specifically, when “bfjk” is input in the input field 44 of FIG. 4A, “efgh” is specified as position information with reference to the position specifying matrix of FIG. 7 and registered in the authentication DB 36. Is done.

1 Terminal 3 Authentication Server 31 Character String Generation Unit 32 Matrix Generation Unit 33 Location Identification Unit 34 Registration Unit 34
35 Authentication unit 35
36 Authentication database 5 Content server 8, 9 Network

Claims (7)

An authentication device that performs matrix authentication,
Generating means for generating non-overlapping character strings;
Matrix generating means for arranging each character of the character string generated by the generating means in a matrix, generating a registration matrix, and transmitting it to the terminal;
A position specifying means for receiving a character string from the terminal and specifying the position where the character is arranged on the registration matrix for each received character;
An authentication device comprising: registration means for storing each position specified by the position specifying means in association with a user who uses the terminal and storing the position in an authentication storage means. The authentication device according to claim 1,
The registration unit registers the pin code transmitted together with the character string from the terminal in the authentication storage unit. The authentication device according to claim 1 or 2,
The generating means generates a first character string of lowercase letters and a second character string of uppercase letters,
The matrix generating means generates the registration matrix by dividing a line on which the first character string before and a line on which the second character string are arranged. A registration method of location information in matrix authentication performed by a computer,
The computer
A generation step for generating non-overlapping character strings;
A matrix generation step of arranging each character of the character string generated in the generation step in a matrix, generating a registration matrix, and transmitting the matrix to the terminal;
Receiving a character string from the terminal, and for each received character, a position specifying step for specifying a position where the character is arranged on the registration matrix;
A registration step of storing each location specified in the location specification step in association with a user who uses the terminal and storing the location in an authentication storage unit. A location information registration method according to claim 4, wherein:
The registration step registers the pin code transmitted from the terminal together with the character string in the authentication storage unit. The position information registration method according to claim 4 or 5, wherein:
The generating step generates a first character string of lowercase alphabetic characters and a second character string of uppercase alphabetic characters;
In the matrix generation step, the registration matrix is generated by dividing the line where the first character string is placed and the line where the second character string is placed before the registration of the position information. Method. A location information registration program in matrix authentication executed by a computer,
In the computer,
Generation step for generating non-overlapping strings,
A matrix generation step of arranging each character of the character string generated in the generation step in a matrix form, generating a registration matrix, and transmitting it to the terminal;
Receiving a character string from the terminal, and for each received character, a position specifying step for specifying a position where the character is arranged on the registration matrix; and
A registration step of storing each position specified in the position specifying step in an authentication storage unit in association with a user using the terminal;
Location information registration program for executing

Images