JP2012068779A - Authentication device, authentication method and authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technique improving security of authentication with little increase of data communication volume between an authentication server and a user device for user authentication.SOLUTION: In an authentication server 10, an authentication information storage unit 11 has character strings and modifying attributes which correspond to user's identification information registered in authentication information. An option generating unit 13 generates a plurality of options which the character strings corresponding to the user's identification information and other character strings have its display modes converted by the plurality of different modifying attributes. An option information transmitting unit 14 transmits information of the plurality of generated options to a user device 20. A selection information receiving unit 15 receives a selection result of options from the user device 20. An authentication unit 16 determines that authentication in the user device 20 is successful if the selection result of options agrees with an option generated by the character strings and the modifying attributes which correspond to the user's identification information that is registered in the authentication information.

Description

  The present invention relates to an authentication device, an authentication method, and an authentication system that perform user authentication.

  User authentication is performed in various situations in daily life, such as the use of Internet services, access to internal databases, the use of ATMs (Automated teller machines), and the use of credit card authentication terminals.

  As an example of a system that performs user authentication, there is a system that performs authentication using a password consisting of a character string. For example, in a system using an ATM such as a bank, the user can input a 4-digit password as a password, and verify the correspondence between the card information inserted in the ATM and the input password. Authenticate In addition, for example, when a user uses a service on the Internet, the user inputs a user ID (IDentifier) and a password, and the correspondence between the input user ID and the password is verified. There is a system that performs authentication.

  A technology that allows authentication by displaying a plurality of images on the screen of the device used by the user and selecting the image that the user has registered in advance from among those images is known. ing.

“Memory certification” adopted for private bank entrance management (@IT), http://d.hatena.ne.jp/LucaLuca/20070815/p1

  In an authentication system using a password consisting of character strings, users tend to register character strings that are easy to remember as passwords. In particular, elderly people are worried about memorizing complicated passwords and complicated device operations, so they set passwords that are easy to remember, such as birthday / phone numbers and numbers with fewer digits. Passwords such as birthdays / phone numbers are easily guessed by others, and numbers with a small number of digits are easy for others to remember because of a single peep. Therefore, there is a high possibility that they will be damaged by impersonation by others.

  In the authentication method using only fixed character data information, there are various hacking methods such as peeping at user operation and keylogger hacking at user device even if the data is encrypted and communicated with the authentication server side. , Authentication character data may be leaked.

  With the above-described authentication technique that allows the user to select an image, authentication can be simplified without using a character string password. The user performs authentication by touching nostalgic photographs and designs such as family, pets, and the scenery of his hometown from multiple images displayed in a matrix on the authentication screen. There are a huge number of combinations of dummy images and correct images, so the security is high, and users do not need to remember passwords or passwords.

  However, in the authentication technology that allows the user to select an image, a plurality of image data including correct image data and incorrect image data must be transmitted from the authentication server to the user's device at the time of authentication. . Since the amount of data to be transmitted increases, it is suitable for authentication by connecting to an authentication server from a PC (Personal Computer) or the like, but a portable terminal with a narrow communication band and charging according to the amount of data communication It is not suitable for certification.

  One aspect of the disclosed technology is to solve the above problems and provide technology to improve the security of authentication without substantially increasing the amount of data communication between the authentication server and user device. The purpose is to do.

  The disclosed authentication device receives an authentication request from an authentication information storage unit that stores authentication information in which a character string and a modification attribute that specifies a display mode of the character string are associated with the user identification information, and the user device Based on the authentication information stored in the authentication request receiving unit and the authentication information storage unit, the character string corresponding to the user identification information included in the authentication request corresponds to the user identification information included in the authentication request. The correct choice converted to the display mode specified by the decoration attribute and the character string corresponding to the user identification information included in the authentication request are those other than the modification attribute corresponding to the user identification information included in the authentication request. An option generation unit that generates a plurality of options including an incorrect answer option that is converted into a display mode specified by a decoration attribute, an option information transmission unit that transmits information on the plurality of options to a user device, and a user Select from equipment Comprising a selection information receiving unit for receiving information limb selection result, if the selection result is an option correct, and determining authentication unit shall authenticate the user device has been successful.

  With the disclosed technology, it is possible to improve the security of authentication without substantially increasing the amount of data communication between the authentication server and the user device.

It is a figure which shows the structural example of the authentication system by this Embodiment 1. FIG. It is a figure which shows the hardware structural example of the authentication server by this Embodiment. It is a figure which shows the example of the authentication information by this Embodiment 1. FIG. It is a figure which shows the example of the choice screen by this Embodiment 1. FIG. It is a figure explaining the example of the authentication procedure by the authentication system of this Embodiment 1. FIG. It is an authentication process flowchart by the authentication server of this Embodiment 1. FIG. It is an authentication process flowchart by the user apparatus of this Embodiment 1. FIG. It is a figure which shows the structural example of the authentication system by this Embodiment 2. FIG. It is a figure which shows the example of the question table by this Embodiment 2, and a question ID table. It is a figure which shows the example of the modification table by this Embodiment 2, and a modification ID table. It is a figure which shows the example of the choice screen by this Embodiment 2. FIG. It is an authentication process flowchart by the authentication system of this Embodiment 2. FIG. It is an authentication process flowchart by the authentication system of this Embodiment 2. FIG. It is a modification attribute learning process flowchart by the learning part of this Embodiment 2. FIG.

  Hereinafter, the present embodiment will be described with reference to the drawings.

[Embodiment 1]
FIG. 1 is a diagram illustrating a configuration example of an authentication system according to the first embodiment.

  The authentication system shown in FIG. 1 includes an authentication server 10 and a user device 20. In the authentication system shown in FIG. 1, the authentication server 10 is an authentication device that verifies the identity of the user. The user device 20 is a device operated by a user who is authenticated. The authentication server 10 and the user device 20 are connected via a network 30 such as the Internet or a dedicated line.

  For example, in a bank system, the user device 20 is a device such as an ATM operated by a user who desires to use a service provided by the bank. The authentication server 10 is a device that authenticates the user at the entrance when accessing the bank system from a user device 20 such as an ATM operated by the user.

  The authentication server 10 includes an authentication information storage unit 11, an authentication request reception unit 12, an option generation unit 13, an option information transmission unit 14, a selection information reception unit 15, an authentication unit 16, and an authentication result transmission unit 17.

  The authentication information storage unit 11 is a storage unit that stores authentication information and is accessible by a computer. The authentication information is information in which a character string is associated with a decoration attribute that specifies a display mode of the character string, to the user identification information.

  The authentication request receiving unit 12 receives the authentication request transmitted from the user device 20. The received authentication request includes identification information of the user to be authenticated.

  The option generation unit 13 generates a plurality of options to be presented to the user in the user device 20 based on the authentication information stored in the authentication information storage unit 11. At this time, the option generation unit 13 converts the character string corresponding to the user identification information included in the authentication request into a display mode specified by the modification attribute corresponding to the user identification information included in the authentication request. Generate correct answer options. In addition, the option generation unit 13 displays the character string corresponding to the user identification information included in the authentication request in a display mode indicated by a modification attribute other than the modification attribute corresponding to the user identification information included in the authentication request. Generate incorrect answer options to be converted.

  It should be noted that a character string option other than the character string corresponding to the user identification information included in the authentication request is an incorrect answer option regardless of the modifier attribute.

  The option information transmission unit 14 transmits the option information to the user device 20. The option information includes information on a plurality of generated options.

  The selection information receiving unit 15 receives selection information from the user device 20. The selection information includes information on selection results of options in the user device 20, that is, information on options selected by the user.

  When the selection result of the option in the user device 20 is the correct answer option, the authentication unit 16 determines that the authentication of the user device 20, that is, the user who operates the user device 20 has been successfully authenticated. .

  For example, the authentication unit 16 refers to the authentication information stored in the authentication information storage unit 11, and the option selected in the user device 20 is the correct answer option based on the character string corresponding to the user identification information and the modification attribute. Check if it is. If the option selected in the user device 20 is the correct answer option, it is determined that the authentication of the user device 20, that is, the user authentication is successful. If the option selected in the user device 20 is an incorrect answer option, it is determined that authentication of the user device 20, that is, user authentication has failed.

  The authentication result transmission unit 17 transmits the authentication result to the user device 20.

  The user device 20 includes an authentication request transmission unit 21, an option information reception unit 22, an option screen output unit 23, a selection reception unit 24, a selection information transmission unit 25, an authentication result reception unit 26, and an authentication result output unit 27.

  Further, the user device 20 includes a display device 28 and an input device 29. For example, when the user device 20 is a PC, the display is the display device 28 and the keyboard / mouse is the input device 29. Further, when the user device 20 is a mobile phone terminal, a key / button or the like becomes the input device 29. Further, when the user device 20 is an ATM such as a bank, the touch panel becomes the display device 28 and the input device 29.

  The authentication request transmission unit 21 transmits an authentication request to the authentication server 10. The authentication request to be transmitted includes identification information of the user to be authenticated.

  The option information receiving unit 22 receives option information from the authentication server 10. The option information includes information on a plurality of options generated by the authentication server 10.

  The option screen output unit 23 displays a screen that presents a plurality of options included in the option information on the display device 28.

  The selection receiving unit 24 receives an input for selecting an option by the user. The user uses the input device 29 to select one option displayed on the screen of the display device 28.

  The selection information transmission unit 25 transmits selection information to the authentication server 10. The selection information includes a selection result of options by the user.

  The authentication result receiving unit 26 receives the authentication result from the authentication server 10.

  The authentication result output unit 27 displays the authentication result on the display device 28.

  FIG. 2 is a diagram illustrating a hardware configuration example of the authentication server according to the present embodiment.

  An authentication server 10 according to the present embodiment shown in FIG. 1 includes a CPU (Central Processing Unit) 2, a memory 3 as a main memory 3, a storage device 4, such as an HDD (Hard Disk Drive) 4, an input device 5, an output device 6, and a communication. This is realized by a computer 1 including the device 7.

  The authentication server 10 and each functional unit included in the authentication server 10 illustrated in FIG. 1 can be realized by hardware such as the CPU 2 and the memory 3 included in the computer 1 and a software program. A program that can be executed by the computer 1 is stored in the storage device 4, read into the memory 3 at the time of execution, and executed by the CPU 2.

  The computer 1 can also read a program directly from a portable recording medium and execute processing according to the program. The computer 1 can also sequentially execute processing according to the received program every time the program is transferred from the server computer. Further, this program can be recorded on a recording medium readable by the computer 1.

  In the present embodiment, it is assumed that the computer that implements the user device 20 also has the same hardware as the computer 1 shown in FIG. At this time, the display device 28 of the user device 20 corresponds to the output device 6 of the computer 1, and the input device 29 of the user device 20 corresponds to the input device 5 of the computer 1.

  FIG. 3 is a diagram showing an example of authentication information according to the first embodiment.

  The authentication information 19a illustrated in FIG. 3A and the authentication information 19b illustrated in FIG. 3B are examples of authentication information stored in the authentication information storage unit 11, respectively.

  In the authentication information 19a shown in FIG. 3A, the user ID is user identification information, and a unique value is assigned to each user. As shown in FIG. 3A, in the authentication information 19a, a character string and a decoration attribute are associated with each user's user ID.

  As described above, the decoration attribute is information that specifies the display mode of the character string. In the present embodiment, converting the display mode of a character string in accordance with the designation of a decoration attribute is called modification. Various modification patterns are conceivable as modification of the character string presented to the user on the screen of the display device 28 of the user apparatus 20.

  Examples of modification patterns are listed below.

・ Modification that specifies the color of the character string ・ Modification that specifies the background color of the character string ・ Modification that specifies the font of the character string ・ Modification that specifies the decoration of the character string (BOLD, Italic, white, shaded, underlined) , Blinking, etc.)
・ Modifications that specify vertical / horizontal writing of character strings ・ Modifications that specify hiragana, katakana, kanji, roman characters, etc. of character strings ・ Modifications that specify full-width / half-width, etc. of character strings Modifications that specify whether or not • Modifications that specify the shape of the frame surrounding the character string (solid line frame, broken line frame, thin line frame, thick line frame, double line frame, square frame, round frame, etc.)
・ Modifications that specify the display position within the frame of the character string (center, right justification, left justification, top side, bottom side, right side, left side, etc.)
・ Modifications that specify the inclination of the character string (upward, leftward, etc.)
・ Modifications that specify uppercase / lowercase letters / uppercase letters only at the beginning of character strings ・ Modifications that specify the language of character strings (Japanese, English, German, etc.)
・ Modification that specifies the dialect of the character string (Tohoku dialect, Tosa dialect, Kagoshima dialect, etc.)
-Modifier that specifies whether to add a punctuation mark at the end of the character string-Modifier that specifies whether the last long note of the katakana character string is omitted (computer, user, etc.)
-Modifications that specify characters to be displayed together with character strings In addition to the examples given here, various patterns of modification are performed on the character strings on the screen that are output to the display device 28 of the user device 20. It is possible.

  It is also possible to modify a character string by combining a plurality of modifications. For example, the character string “apple” can be modified with the modification attribute “character color red” + “katakana”.

  The user registers in advance a combination of a character string that is correct and a modification attribute. For example, there is a method in which a user accesses the authentication server 10 from the user device 20 and registers a character string and a decoration attribute in association with the user ID of the user. In addition, the user writes the character string and the decoration attribute on the registration application form and mails it to the administrator of the authentication server 10, and the administrator sends the user to the authentication server 10 according to the application form received from the user. There is also a method of registering a character string and a decoration attribute in association with the user ID.

  At the time of authentication, the option generated by applying the modification indicated by the modification attribute registered in association with the user ID to the character string registered in association with the user ID is the user's ID. This is the correct answer option. All alternatives generated by combinations of other character strings and modifier attributes are incorrect choices.

  For example, when the authentication information 19a shown in FIG. 3A is stored in the authentication information storage unit 11, for the user with the user ID “u001”, the character string “apple” is converted with the decoration attribute “katakana”. The option generated in this way becomes the correct answer option. That is, on the screen displayed on the display device 28 of the user device 20, the option in which the character string “apple” is displayed as “apple” in katakana is the correct answer option for the user with the user ID “u001”. Other options such as “apple”, “apple”, and “mandarin orange” are incorrect answer options.

  As shown in the authentication information 19b in FIG. 3B, it is possible to change the decoration attribute corresponding to the identification information of the user according to the schedule such as the day of the week, the date, and the time.

  In the authentication information 19b shown in FIG. 3B, the modification attribute corresponding to the user ID of each user is changed for each day of the week. For example, for a user with the user ID “u001”, the “apple” in katakana is the correct answer option on Monday, the “apple” in hiragana is the correct option on Tuesday, and the Chinese character “apple” is the correct option on Wednesday.

  Since the rule for changing the modification attribute according to such a schedule is a rule that only the user himself / herself knows, it is difficult for others to easily know and the security of user authentication becomes higher.

  Note that the modification rule for the modification attribute is not limited to the modification rule according to the schedule, and other rules that can be known by other predetermined users, such as changing the modification attribute according to the installation location of the user device 20, for example. It may be.

  FIG. 4 is a diagram illustrating an example of an option screen according to the first embodiment.

  The option screen 200a shown in FIG. 4A and the option screen 200b shown in FIG. 4B are examples of screens output to the display device 28 by the option screen output unit 23 of the user device 20, respectively. The user is authenticated by selecting one option from a plurality of options presented on the option screen.

  In the option screen 200a shown in FIG. 4A, the character strings of “apple”, “grape”, and “mandarin” are converted by the modified attributes of “Hiragana”, “Katakana”, and “Kanji”, respectively. Options are presented. The user selects an option in which the registered character string and the decoration attribute are combined from a plurality of options presented on the option screen 200a.

  In addition, in the option screen 200b shown in FIG. 4B, the character strings “apple”, “grape”, and “mandarin orange” are modified with the modified attributes of “Gothic”, “Mincho”, and “POP”, respectively. Choices generated by conversion are presented. The user selects an option in which the registered character string and the decoration attribute are combined from a plurality of options presented on the option screen 200b.

  For example, in the option screen 200a shown in FIG. 4A, the correct character string registered by the user is “apple”. At the time of registration, the user associates the image of his own apple and determines the decoration attribute. Qualifying attributes that are easy to imagine for each user, for example, “apple” is written in katakana in an apple box sent every year from the parents' home, and the kanji “apple” is used in the title of a favorite song. If registered, the user can easily store the registered decoration attributes.

  FIG. 5 is a diagram illustrating an example of an authentication procedure by the authentication system according to the first embodiment.

  Here, it is assumed that the authentication information storage unit 11 of the authentication server 10 stores the authentication information 19a shown in FIG. Further, it is assumed that the identification information of the user who is authenticated using the user device 20, that is, the user ID is “u001”.

  When the user operates the user device 20 to start authentication, the authentication request transmission unit 21 of the user device 20 transmits an authentication request including information on the user ID “u001” to the authentication server 10.

  In the authentication server 10, the authentication request receiving unit 12 receives an authentication request including information on the user ID “u001” from the user device 20. The option generation unit 13 refers to the authentication information 19a stored in the authentication information storage unit 11 with the user ID “u001” included in the authentication request, and the character string “apple” corresponding to the user ID “u001” and the modification attribute “ Acquire “Katakana”. The option generation unit 13 generates a correct option combining the acquired character string “apple” and the modifier attribute “katakana”.

  The option generation unit 13 acquires a modification attribute other than the modification attribute “katakana” corresponding to the user ID “u001” included in the authentication request. Although not shown in the figure, it is assumed that the list information of the decoration attributes is stored in the storage unit of the authentication server 10. Here, it is assumed that the option generation unit 13 selects and acquires the “Hiragana” and “Kanji” modifier attributes from the modifier attribute list. The option generation unit 13 combines the character string “apple” corresponding to the user ID “u001” with the modification attributes “Hiragana” and “Kanji” other than the modification attributes corresponding to the user ID “u001”. Is generated.

  The option generation unit 13 acquires a character string other than the character string “apple” corresponding to the user ID “u001” included in the authentication request. Although not shown in the figure, it is assumed that character string list information and the like are stored in the storage unit of the authentication server 10. Here, it is assumed that the option generation unit 13 selects and acquires the character strings “grape” and “mandarin orange” from the list of modifier attributes. The option generation unit 13 combines the character strings “grape” and “mandarin” other than the character string corresponding to the user ID “u001” and the already acquired modifier attributes “katakana”, “hiragana”, and “kanji”. Generate incorrect answer choices.

  The option information transmitting unit 14 transmits option information including information on the plurality of generated options to the user device 20.

  Here, the information on the plurality of options included in the option information may simply be information indicating a combination of a character string and a modifier attribute, or may be information on a character string whose display mode has already been converted by the modifier attribute. May be. To give a specific example, the option with the character string “apple” and the modification attribute “Katakana” included in the selection information may be information that simply indicates a combination of the character string “Apple” and the modification attribute “Katakana”. Alternatively, it may be information on the option “apple” obtained by converting the character string “apple” with the modifier attribute “katakana”.

  For example, there may be a case in which an option screen for presenting options is generated by the authentication server 10 such as authentication of an Internet service, and information on the generated option screen is transmitted to the user device 20. In this case, the option generation unit 13 generates an option in which the display mode of the character string is converted by the modification attribute, the authentication server 10 generates an option screen on which the generated option is arranged, and the option information transmission unit 14 The generated option screen information is transmitted to the user device 20 as option information.

  For example, the user device 20 may generate an option screen based on the option information received from the authentication server 10. At this time, the information on the plurality of options included in the option information transmitted from the authentication server 10 may simply be information indicating a combination of a character string and a decoration attribute. Based on the information indicating the combination of the character string and the modification attribute, the user device 20 generates an option in which the display mode of the character string is converted by the modification attribute, and generates an option screen on which the generated option is arranged. In this case, the option generation unit 13 generates information indicating the combination of the character string and the modification attribute, and the option information transmission unit 14 generates the option information including information indicating the combination of the generated character string and the modification attribute. It transmits to the user apparatus 20.

  In the user device 20, the option information receiving unit 22 receives option information including information on a plurality of options from the authentication server 10. The option screen output unit 23 outputs an option screen on which a plurality of options are presented to the display device 28 based on the received option information. Here, the option screen displayed on the display device 28 may be a screen generated by the authentication server 10 or a screen generated by the user device 20 as described above. Here, an option screen 200 a shown in FIG. 4A is displayed on the display device 28 of the user device 20. In the option screen 200a shown in FIG. 4A, for the user with the user ID “u001”, only the “apple” of katakana is the correct answer option, and the other options are incorrect answer options.

  The user operates the input device 29 to select one option from the options presented on the option screen 200a. The selection receiving unit 24 receives an operation for selecting an option on the option screen 200a by the user. The selection information transmission unit 25 transmits selection information including the selection result of the option by the user to the authentication server 10. The selection information includes the user ID “u001” of the user.

  In the authentication server 10, the selection information receiving unit 15 receives selection information including a selection result of options from the user device 20. When the selection result of the option included in the received selection information is the correct answer option, the authentication unit 16 determines that authentication of the user device 20, that is, authentication of the user who operates the user device 20 has been successful. To do.

  For example, the authentication unit 16 refers to the authentication information 19a stored in the authentication information storage unit 11 with the user ID “u001” of the user included in the received selection information, and reads the character string “corresponding to the user ID“ u001 ”. Get “Apple” and modifier “Katakana”. The authentication unit 16 collates the information on the selection result included in the selection information, that is, the character string and the modification attribute of the selected option with the character string and the modification attribute acquired from the authentication information 19a.

  For example, it is assumed that the option selected by the user on the option screen 200a shown in FIG. At this time, the selection information sent from the user device 20 to the authentication server 10 includes information on the choice “apple” based on the character string “apple” and the decoration attribute “katakana” as the choice selection result. The authentication unit 16 compares the character string “apple” and the modification attribute “katakana” included in the selection information with the character string “apple” acquired from the authentication information 19a and the modification attribute “katakana”, and the two match. Therefore, it is determined that the selection result of the option included in the selection information is the correct answer option. Since the selection result of the option included in the selection information is the correct answer option, the authentication unit 16 determines that the authentication of the user device 20, that is, the authentication of the user who operates the user device 20 has succeeded.

  Also, for example, it is assumed that the option selected by the user on the option screen 200a shown in FIG. At this time, the selection information sent from the user device 20 to the authentication server 10 includes information on the option “apple” by the character string “apple” and the decoration attribute “kanji” as the selection result of the option. The authentication unit 16 compares the character string “apple” and the modification attribute “kanji” included in the selection information with the character string “apple” and the modification attribute “katakana” acquired from the authentication information 19a, and the modification attribute matches. Therefore, it is determined that the selection result of the option included in the selection information is an incorrect answer option. Since the selection result of the option included in the selection information is an incorrect answer option, the authentication unit 16 determines that authentication of the user device 20, that is, authentication of the user who operates the user device 20 has failed.

  The authentication result transmission unit 17 transmits the authentication result, that is, the authentication result determined by the authentication unit 16 to the user device 20.

  In the user device 20, the authentication result receiving unit 26 receives the authentication result from the authentication server 10. The authentication result output unit 27 outputs the authentication result on the screen of the display device 28.

  Thereafter, if the authentication result is successful, the service by the system on the authentication server 10 side for the user using the user device 20 is started. If the authentication result is unsuccessful, the service by the system on the authentication server 10 side for the user using the user device 20 is interrupted.

  FIG. 6 is an authentication processing flowchart by the authentication server according to the first embodiment.

  In the authentication server 10, the authentication request receiving unit 12 receives an authentication request from the user device 20 (step S10).

  The option generation unit 13 generates a plurality of options by combining the character string and the modifier attribute (step S11). At this time, the option generation unit 13 includes the character string corresponding to the user identification information included in the received authentication request and the received authentication request based on the authentication information stored in the authentication information storage unit 11. A correct answer option is generated based on the modification attribute corresponding to the identification information of the user. The option generation unit 13 also uses the character string corresponding to the user identification information included in the received authentication request based on the authentication information stored in the authentication information storage unit 11 and the use included in the received authentication request. An incorrect answer option is generated with a modification attribute other than the modification attribute corresponding to the identification information of the user.

  The option information transmission unit 14 transmits option information including information on a plurality of options to the user device 20 (step S12).

  The selection information receiving unit 15 receives selection information including information on selection results of options from the user device 20 (step S13).

  The authentication unit 16 determines authentication based on a selection result of options included in the selection information. Specifically, the authentication unit 16 matches the character string of the selected option included in the selection information with the character string corresponding to the user identification information in the authentication information stored in the authentication information storage unit 11. Is determined (step S14). Further, the authentication unit 16 determines whether the modification attribute of the selected option included in the selection information matches the modification attribute corresponding to the user identification information in the authentication information stored in the authentication information storage unit 11. (Step S15).

  If the character strings match and the modifier attributes match (YES in step S14 and YES in step S15), the authentication unit 16 succeeds in authenticating the user device 20, that is, authenticating the user who operates the user device 20. It is determined that it has been performed (step S16). If the character strings do not match or the modifier attributes do not match (NO in step S14 or NO in step S15), the authentication unit 16 authenticates the user device 20, that is, authenticates the user who operates the user device 20. Is determined to have failed (step S17).

  The authentication result transmission unit 17 transmits the authentication result to the user device 20 (step S18).

  FIG. 7 is an authentication processing flowchart by the user apparatus according to the first embodiment.

  In the user device 20, the authentication request transmission unit 21 transmits an authentication request including user identification information to the authentication server 10 (step S20).

  The option information receiving unit 22 receives option information including information on a plurality of options from the authentication server 10 (step S21). The option screen output unit 23 outputs an option screen that presents a plurality of options included in the option information to the display device 28 (step S22).

  The selection receiving unit 24 receives selection of options from a plurality of options presented on the option screen by the user (step S23). The selection information transmission unit 25 transmits selection information including the selection result of the option by the user to the authentication server 10 (step S24).

  The authentication result receiving unit 26 receives the authentication result from the authentication server 10 (step S25). The authentication result output unit 27 outputs the authentication result to the screen of the display device 28 (step S26).

  As described above, in the authentication according to the present embodiment, the data exchanged between the authentication server 10 and the user device 20 for the authentication is mainly the character string and the decoration attribute data. Without increasing the security effect. The time required for user authentication does not increase significantly.

  In addition, users do not need to remember complicated passwords to enhance security, but only learn the modification rules for the strings they want to use. Since the user's operation is also a simple operation for selecting an option, it is easy to understand even for those who are not good at complicated operations.

  Further, since the decoration attribute can be encoded or periodically changed only by the authentication server 10, even if it is leaked, it becomes information whose meaning is unknown to a third party. Therefore, the security effect is increased.

  Conventionally, in order to obtain a high security effect, use of a token of a one-time password device and introduction of biometric authentication have been performed. However, since token terminals and biometric authentication terminals have problems in terms of hardware costs, it is difficult to immediately introduce these technologies in all systems. In the authentication according to the present embodiment, it is possible to enhance security at low cost without introducing dedicated hardware.

[Embodiment 2]
In the second embodiment, authentication is performed by repeating “question for user => answer by user” in an interactive manner. In the second embodiment, in the modification attribute registration stage, the user does not have a correct modification attribute in particular and presents a character string with various modifications to the correct character string to be selected by the user. Let The authentication server 10 memorizes and learns the modification attribute of the choice of the correct character string selected by the user in the modification attribute registration stage, and after satisfying a predetermined condition, the modification attribute with a predetermined frequency is used as the correct modification attribute. Register in association with user identification information.

  FIG. 8 is a diagram illustrating a configuration example of an authentication system according to the second embodiment.

  The authentication system shown in FIG. 8 includes an authentication server 100 and a user device 20. The authentication server 100 and the user device 20 are connected via the network 30. The user device 20 and the network 30 are the same as those in the authentication system shown in FIG.

  The authentication server 100 includes an authentication information storage unit 110, an authentication request reception unit 120, an option generation unit 130, an option information transmission unit 140, a selection information reception unit 150, an authentication unit 160, an authentication result transmission unit 170, and a character string dictionary 180. . As for the authentication request receiving unit 120, option information transmitting unit 140, selection information receiving unit 150, and authentication result transmitting unit 170, the authentication request receiving unit 12, option information transmitting unit 14, and selection information receiving in the authentication server 10 shown in FIG. The same as the unit 15 and the authentication result transmission unit 17.

  The authentication information storage unit 110 of the authentication server 100 includes a question table 111, a question ID table 112, a modification table 113, and a modification ID table 114 as authentication information.

  In the question table 111, the correspondence between the identification information of the user and the character string that is the answer to the question is recorded for each type of question. In the question ID table, information such as a phrase to be presented to the user and a field to which an answer to the question belongs is recorded for each question.

  In the modification table 113, the correspondence between the user identification information and the modification attribute is recorded. In addition, at the stage of registering the correspondence between the identification information of the user and the modification attribute through learning, the modification table 113 stores the selection result of the modification attribute by the user. In the modification ID table 114, an API (Application Programming Interface) for converting the display mode of the character string is recorded for each modification attribute.

  The option generation unit 130 generates correct answer options and incorrect answer options in the same manner as the option generation part 13 of the authentication server 10 shown in FIG. However, option generation by the option generation unit 130 is different between the registration stage of the modified attribute corresponding to the user authentication information and the operation stage after registering the modified attribute corresponding to the user authentication information.

  In the operation stage after registration of the modifier attribute corresponding to the user authentication information, as in the first embodiment, the option generation unit 130 uses the character string corresponding to the user identification information as the user identification information. A correct answer option that is converted into a display mode specified by the modification attribute corresponding to is generated. In addition, the option generation unit 130 generates an incorrect answer option in which a character string corresponding to the user identification information is converted into a display mode specified by a modification attribute other than the modification attribute corresponding to the user identification information. . Further, the option generation unit 130 generates an incorrect answer option in which a character string other than the character string corresponding to the identification information of the user is modified by any one of the modification attributes.

  At the registration stage of the modification attribute corresponding to the user authentication information, the correct modification attribute is not yet determined, so even if the modification attribute is different, the character string is a character string corresponding to the user authentication information. , All are correct choices. The option generation unit 130 generates a plurality of correct answer options having different decoration attributes using a character string corresponding to the user authentication information. In addition, the option generation unit 130 generates a plurality of incorrect answer options having different decoration attributes using a character string other than the character string corresponding to the user authentication information.

  Similar to the option generation unit 13 of the authentication server 10 illustrated in FIG. 1, the authentication unit 160 determines whether authentication has succeeded or failed based on the selection result of the options included in the selection information received from the user device 20. Do. However, as in the case of the option generation unit 130, the authentication determination by the authentication unit 160 is performed after the registration stage of the modification attribute corresponding to the user authentication information and the registration of the modification attribute corresponding to the user authentication information. It differs depending on the operation stage.

  In the operation stage after registering the decoration attribute corresponding to the user authentication information, as in the first embodiment, the authentication unit 160 uses the selection result option included in the selection information from the user device 20 as the use result. If the correct answer option is based on the character string corresponding to the identification information of the user and the modifier attribute, the authentication is determined to be successful.

  At the registration stage of the modification attribute corresponding to the user authentication information, the correct modification attribute is not yet determined, so even if the modification attribute is different, the character string is a character string corresponding to the user authentication information. , All are correct choices. If the selection result option included in the selection information from the user device 20 is a correct answer option using a character string corresponding to the user identification information, the authentication unit 160 determines that the authentication is successful regardless of the modification attribute. .

  In addition, at the registration stage of the modification attribute corresponding to the user authentication information, the modification attribute information of the option selected by the user is accumulated. The authentication unit 160 includes a learning unit 161. The learning unit 161 performs a process of determining a modification attribute corresponding to the identification information of the user by learning.

  In the modification attribute registration stage corresponding to the user authentication information, the learning unit 161 records and accumulates the modification attribute information of selection options included in the selection information from the user device 20. In the second embodiment, the learning unit 161 records and accumulates information on the selected modification attribute in the modification table 113 stored in the authentication information storage unit 110.

  The learning unit 161 completes learning when a predetermined condition is satisfied, and determines a modification attribute with a predetermined frequency as a modification attribute corresponding to the identification information of the user based on the information accumulated in the modification table 113. ,sign up. The predetermined condition for judging the completion of learning is, for example, that the selection results for 30 times by the user are accumulated, that the number of selections of a certain modification attribute is 5 or more times more than the average number of selections of all modification attributes, etc. .

  The character string dictionary 180 is a dictionary in which various character strings are stored. The character string dictionary 180 in the authentication server 100 can be searched with attribute information indicating the character string type, and the character string belonging to the specified attribute can be extracted from the character string dictionary 180. For example, when the character string dictionary 180 is searched with the attribute “vegetable”, character strings related to various “vegetables” such as “carrot”, “daikon”, “hakusai”, etc. are extracted from the character string dictionary 180. be able to.

  FIG. 9 is a diagram illustrating an example of a question table and a question ID table according to the second embodiment.

  FIG. 9A shows an example of the question table 111 stored in the authentication information storage unit 110. In the question table 111 shown in FIG. 9A, a character string corresponding to each user's identification information and each question is recorded.

  In the question table 111 shown in FIG. 9A, the user ID is user identification information, similar to the authentication information shown in FIG. The password is a password registered for each user identification information. However, the password of the second embodiment is not a complicated one that enhances security, but may be one that is easy for a user to remember.

  In the question table 111 shown in FIG. 9A, the question ID is identification information indicating the type of question. As shown in FIG. 9A, in the question table 111, a character string corresponding to the identification information of the user is recorded for each question ID indicating the type of question. The character string corresponding to the question ID is an answer to the question indicated by the question ID. In the question table 111 shown in FIG. 9A, N combinations of question IDs and question strings # 1 to #N are registered for each user identification information.

  The information in the question table 111 shown in FIG. 9A is information registered in advance by the user, like the authentication information shown in FIG. The registration method by the user is the same as that described for the authentication information shown in FIG. 3, for example.

  FIG. 9B shows an example of the question ID table 112 stored in the authentication information storage unit 110. In the question ID table 112 shown in FIG. 9B, information of question phrases and answer attributes for each question ID, that is, for each question, is recorded.

  In the question ID table 112 shown in FIG. 9B, the question phrase indicates the phrase of the question presented to the user on the option screen output to the display device 28 of the user device 20. The user reads the question phrase presented on the option screen output to the display device 28 of the user device 20, and selects the option that he / she has correct from the plurality of options presented as the answer on the option screen. .

  In the question ID table 112 shown in FIG. 9B, the answer attribute indicates an attribute of a character string that becomes an answer to the question. When generating an option in which the character string is incorrect, the option generation unit 130 searches the character string dictionary 180 with the answer attribute, and acquires an incorrect answer character string according to the content of the question.

  FIG. 10 is a diagram showing an example of the modification table and the modification ID table according to the second embodiment.

  FIG. 10A shows an example of the modification table 113 stored in the authentication information storage unit 110. The modification table 113 shown in FIG. 10A records modification attribute information for each piece of user identification information. However, as described above, in the second embodiment, the modification table 113 is used in the registration stage of the modification attribute corresponding to the user authentication information and the operation after registration of the modification attribute corresponding to the user authentication information. It differs depending on the stage.

  In the modification table 113 shown in FIG. 10A, the learned flag is information indicating whether or not the learning for registering the modification attribute corresponding to the user ID indicating the user identification information has been completed. In the modification table 113 shown in FIG. 10A, when the learned flag is “0”, the learning status is not yet completed, that is, the modification attribute corresponding to the user authentication information is registered. Indicates that it is a stage. In the modification table 113 shown in FIG. 10A, when the learned flag is “1”, the modification attribute registration corresponding to the stage where the learning status is completed, that is, the authentication information of the user. It shows that it is a later operation stage.

  In the modification table 113 shown in FIG. 10A, the modification ID is identification information of a modification attribute. As shown in FIG. 10A, in the modification table 113, a learning counter is prepared for each modification ID indicating a modification attribute. In the modification table 113 shown in FIG. 10A, for each user identification information, a combination of a modification ID and a learning counter is registered for M pieces of modification attributes # 1 to #M.

  When the learned flag is “0”, the result of the modification attribute by the user is reflected in the learning counter. That is, when the learned flag corresponding to the user ID of the user is “0”, the learning counter corresponding to the modification ID indicating the modification attribute of the option selected by the user is counted up.

  When the learned flag is “1”, the modification attribute selected by the user at a predetermined frequency becomes the modification attribute corresponding to the identification information of the user. The modification attribute selected by the user at a predetermined frequency is, for example, the modification attribute indicated by the modification ID having the largest learning counter value. When the learned flag corresponding to the user ID of the user is “1”, for example, the modification attribute of the option selected by the user and the modification attribute indicated by the modification ID having the maximum learning counter value Is verified. The modification attribute selected by the user at a predetermined frequency may be a modification attribute indicated by a modification ID whose learning counter has a value greater than or equal to a predetermined value.

  FIG. 10B shows an example of the modification ID table 114 stored in the authentication information storage unit 110. In the modification ID table 114 shown in FIG. 10B, a modification API for converting the display mode of the character string according to the modification ID, that is, according to the modification attribute is recorded.

  In the option screen output to the display device 28 of the user device 20, the option presented to the user is a character string whose display mode is converted with a modification API corresponding to the modification attribute. Similarly to the first embodiment described above, the display mode of the character string may be converted by the modification API in the authentication server 100 and then sent to the user apparatus 20, or the correspondence between the character string and the modification API may be determined by the user apparatus 20 The display mode of the character string may be converted by the modification API in the user device 20.

  FIG. 11 is a diagram illustrating an example of an option screen according to the second embodiment.

  An option screen 200c shown in FIG. 11A and an option screen 200d shown in FIG. 11B are examples of screens output to the display device 28 by the option screen output unit 23 of the user device 20, respectively. As shown in the example of FIG. 11, on the option screen presented to the user, about 4 to 8 options are arranged so that the user can quickly distinguish the answer options for the question. ing.

  The user is authenticated by selecting one option corresponding to the question from a plurality of options presented on the option screen. At the registration stage of the modifier attribute corresponding to the user authentication information, only the character string of the choice is subject to authentication, and the modifier attribute of the choice is subject to learning. In addition, in the operation stage after registration of the modification attribute corresponding to the user authentication information, a combination of the character string of the choice and the modification attribute is the object of authentication.

  In the option screen 200c shown in FIG. 11 (A), for the question phrase “What is your favorite fruit?”, The character strings of “strawberry”, “apple”, and “grape” are changed to “Hiragana” and “Katakana”, respectively. Choices generated by conversion with modifier attributes are presented in a random layout.

  In the option screen 200d shown in FIG. 11B, the character strings “Yamamoto”, “Yamada”, and “Yamaguchi” for the question phrase “Mother's maiden name?” Are “Hiragana” and “Kanji”, respectively. Choices generated by conversion with modifier attributes are presented in a random layout.

  In the authentication according to the second embodiment, such various questions and selection of answer options for the questions are repeated a predetermined number of times.

  At the registration stage of the decoration attribute corresponding to the user authentication information, the user selects one of the character string options registered according to the question from the plurality of options presented on the option screen 200c and the option screen 200d. . At this time, the user should keep in mind to select the same modification attribute option as much as possible.

  In the operation stage after registering the decoration attribute corresponding to the authentication information of the user, the user selects from a plurality of choices presented on the choice screen 200c or the choice screen 200d and the character string registered according to the question and the usual one. In this way, an option that is combined with the modifier attribute that was kept in mind is selected.

  12 and 13 are flowcharts of authentication processing by the authentication system of the second embodiment.

  12 and 13, the left side of the thick dotted line shows the processing flow of the user device 20, and the right side of the thick dotted line shows the processing flow of the authentication server 100.

  When user authentication is started, the authentication request transmitting unit 21 of the user device 20 transmits an authentication request including a user ID and a password, which are user identification information, to the authentication server 100 (step S200). .

  The authentication request receiving unit 120 of the authentication server 100 receives an authentication request including a user ID and a password, which are user identification information, from the user terminal 20 (step S100).

  The option generation unit 130 identifies the user by referring to the question table 111 and confirming that the combination of the user ID and password of the user included in the authentication request is valid (step S101). This process is a conventional simple authentication process. Although not shown, if the combination of the user ID and password is not valid, an authentication failure is returned to the user device 20.

  The option generation unit 130 refers to the question table 111 and selects one question corresponding to the user ID of the user (step S102). At this time, the option generation unit 130 acquires a question phrase corresponding to the question ID of the selected question from the question ID table 112.

  The option generation unit 130 determines a character string that is the basis of the option (step S103). At this time, the option generation unit 130 acquires, from the question table 111, a character string registered as an answer to the selected question corresponding to the user ID of the user as a correct character string. In addition, the option generation unit 130 acquires an answer attribute corresponding to the question ID of the selected question from the question ID table 112. The option generation unit 130 searches the character string dictionary 180 with the acquired answer attribute, and acquires a predetermined number of dummy character strings.

  For example, it is assumed that the user ID of the user is “0001” and the question selected in the question table 111 shown in FIG. 9A is the question # 1. At this time, the option generation unit 130 acquires the character string “Strawberry” of question # 1 corresponding to the user ID “0001” as the correct character string in the question table 111 shown in FIG. 9A. Further, the option generation unit 130 corresponds to the question ID “q007” of the question ID 1 and the question ID 1 of the question table 111 shown in FIG. 9A from the question ID table 112 shown in FIG. 9B. Get response attribute "fruit". The option generation unit 130 searches the character string dictionary 180 with the answer attribute “fruit”, and acquires a predetermined number (two in this case) of dummy character strings “apple” and “grape”.

  The option generation unit 130 determines a modification attribute that modifies the character string (step S104). At this time, the option generation unit 130 checks whether or not the learned flag corresponding to the user ID of the user is “1” in the modification table 113. If the learned flag is “1”, the option generation unit 130 corresponds to the user ID of the user from the modification table 113 and includes a predetermined number of modification attributes including the modification attribute selected by the user at a predetermined frequency. To get. If the learned flag is “0”, the option generation unit 130 randomly acquires a predetermined number of modifier attributes corresponding to the user ID of the user from the modifier table 113.

  For example, assume that the user ID of the user is “0001” and the modification attribute having a learning counter of 5 or more in the modification table 113 shown in FIG. 10A is only the modification attribute of the modification attribute # 1. If the learned flag is “1”, the option generation unit 130 displays a predetermined number of modifier attributes including the modifier attribute # 1 corresponding to the user ID “0001” in the modifier table 113 shown in FIG. get. If the learned flag is “0”, the option generation unit 130 randomly acquires a predetermined number of modifier attributes corresponding to the user ID “0001” in the modifier table 113 shown in FIG.

  The option generation unit 130 combines each acquired character string and the acquired modifier attribute, and generates a plurality of options for converting the character string in the display mode specified by the modifier attribute (step S105). The option generation unit 130 refers to the modification ID table 114 using the modification ID of each acquired modification attribute, and acquires a modification API corresponding to each modification ID. The option generation unit 130 generates a plurality of options by combining the acquired modifier APIs with the acquired character strings. The process of converting with the modified API that actually combines the display mode of the character string may be performed by the authentication server 100 or the user device 20.

  For example, it is assumed that the option generation unit 130 acquires the modification attribute # 1 and the modification attribute # 2 corresponding to the user ID “0001” from the modification table 113 illustrated in FIG. The option generation unit 130 refers to the modification ID table 114 with the modification ID “deco002” of the modification attribute # 1 and the modification ID “deco001” of the modification attribute # 2, and modifies the “Hiragana” modification API and “Katakana” respectively. Get API. The option generation unit 130 generates six options by combining the acquired character strings “strawberry”, “apple”, and “grape” with the acquired “Hiragana” and “Katakana” modifier APIs.

  The option information transmitting unit 140 transmits option information including information on the generated plurality of options to the user device 20 (step S106). The option information includes information such as a question ID and a question phrase in addition to information on a plurality of options.

  In the user device 20, the option information receiving unit 22 receives option information including information on a plurality of options from the authentication server 100 (step S201).

  The option screen output unit 23 outputs an option screen that presents a plurality of options to the display device 28 (step S202). For example, the option screen output unit 23 randomly arranges six options combining the character strings “strawberry”, “apple”, “grape”, and the decoration attributes “Hiragana”, “Katakana”. The option screen 200c shown in A) is displayed on the display device 28.

  The user operates the input device 29 of the user device 20 to select one option presented on the option screen. The selection receiving unit 24 receives an operation for selecting an option by the user (step S203). The selection information transmission unit 25 transmits the selection information including the selection result of the option by the user to the authentication server 100 (Step S204).

  In the authentication server 100, the selection information receiving unit 150 receives selection information including information on selection results of options by the user (step S107). The information on the option selected by the user included as the selection result in the selection information includes the character string and modifier attribute of the option. The selection information also includes information such as the user ID and question ID of the user.

  The authentication unit 160 collates the character string of the selection result included in the selection information with the character string extracted from the question table 111 by a combination of the user ID of the user and the question ID included in the selection information (step S108). The character string extracted from the question table 111 by the combination of the user ID of the user and the question ID included in the selection information is a correct character string registered in advance. The authentication unit 160 determines whether or not both character strings match as a result of the collation (step S109).

  If the character strings do not match (NO in step S109), the authentication unit 160 determines that the authentication of the user device 20, that is, the authentication of the user who operates the user device 20 has failed (step S110). The authentication result transmission unit 170 transmits an authentication failure authentication result to the user device 20 (step S117).

  If the character strings match (YES in step S109), the authentication unit 160 refers to the learned flag in the modification table 113 with the user ID of the user included in the selection information, and determines whether or not it has been learned. (Step S111).

  If the learned flag is “0” and not learned (NO in step S111), the learning unit 161 performs a modification attribute learning process (step S112). Details of the modification attribute learning process will be described later. After the end of the modification attribute learning process, the authentication unit 160 proceeds to the process of step S115.

  If the learned flag is “1” and learning has been completed (YES in step S111), the authentication unit 160 includes the character string of the modification attribute included in the selection information and the user user included in the selection information. It collates with the modification attribute of the predetermined frequency extracted from the modification table 113 by ID (step S113). Here, for example, a modification attribute having a learning counter value of 5 or more is set as a modification attribute having a predetermined frequency. As a result of the collation, the authentication unit 160 determines whether or not both modifier attributes match (step S114).

  If the decoration attributes do not match (NO in step S114), the authentication unit 160 determines that the authentication of the user device 20, that is, the authentication of the user who operates the user device 20 has failed (step S110). The authentication result transmission unit 170 transmits an authentication failure authentication result to the user device 20 (step S117).

  If the modifier attributes match (YES in step S114), authentication unit 160 determines whether a predetermined number of questions have been completed (step S115). For example, when authentication is performed based on selection results of user options for five questions, the predetermined number is five.

  If the predetermined number of questions has not been completed (NO in step S115), the authentication server 100 returns to the process in step S102 and proceeds to the next question process.

  If the predetermined number of questions have been completed (YES in step S115), the authentication server 100 determines that the authentication of the user device 20, that is, the authentication of the user who operates the user device 20 has succeeded (step S116). ). The authentication result transmission unit 170 transmits the authentication result of the authentication success to the user device 20 (step S117).

  In the user device 20, the authentication result receiving unit 26 receives the authentication result from the authentication server 100 (step S205). The authentication result output unit 27 outputs the authentication result to the screen of the display device 28 (step S206).

  FIG. 14 is a flowchart of modification attribute learning processing by the learning unit according to the second embodiment.

  The flowchart shown in FIG. 14 is an example of the modified attribute learning process performed by the learning unit 161 when the learned flag is “0” and not learned in the determination in step S111 of the flowchart shown in FIG. It is. Here, it is assumed that the predetermined condition for determining the completion of learning is “the number of selections of a certain modification attribute is five or more times larger than the average number of selections of all modification attributes”.

  In the modification table 113, the learning unit 161 counts up the learning counter of the modification attribute of the selection result included in the selection information corresponding to the user ID of the user included in the selection information (step S120). The learning unit 161 calculates the average value of the learning counters of all the modified attributes corresponding to the user ID of the user included in the selection information (step S121). The learning unit 161 determines whether the modification attribute learning counter of the selection result included in the selection information is equal to or greater than the calculated average value of all the modification attribute learning counters + 5 (step S122).

  If the learning counter of the corresponding modification attribute is equal to or greater than the average value of all the learning counters +5 (YES in step S122), the learning unit 161 sets the learned flag corresponding to the user ID of the corresponding user to indicate “learned”. 1 ″ is set (step S123).

  Note that ON / OFF of learning, that is, setting / canceling of a learned flag may be controlled by a user operating the user device 20 by access from the user device 20. Further, clearing of the learning result, that is, clearing of the learning counter may be controlled by the user operating the user device 20 by access from the user device 20.

  As described above, in the registration of the modified attribute corresponding to the identification information of the user in the second embodiment, the user is repeatedly selected from various modified attribute options, and the modified attribute selection result is learned. . Among the repeated selections of choices, the modifier attribute frequently selected by the user is registered as the correct modifier attribute. In the process of repeatedly selecting the same modification attribute option, the user can easily store the modification attribute that is finally correct.

  Although the present embodiment has been described above, the present invention can naturally be modified in various ways within the scope of the gist thereof.

10,100 Authentication server 11,110 Authentication information storage unit 111 Question table 112 Question ID table 113 Modification table 114 Modification ID table 12,120 Authentication request reception unit 13,130 Option generation unit 14,140 Option information transmission unit 15,150 selection Information receiving unit 16, 160 Authentication unit 161 Learning unit 17, 170 Authentication result transmission unit 180 Character string dictionary 20 User device 21 Authentication request transmission unit 22 Choice information reception unit 23 Choice screen output unit 24 Selection reception unit 25 Selection information transmission unit 26 Authentication Result Receiving Unit 27 Authentication Result Output Unit 28 Display Device 29 Input Device 30 Network

Claims (5)

An authentication information storage unit for storing authentication information in which a character string and a decoration attribute that specifies a display mode of the character string are associated with the user identification information;
An authentication request receiver for receiving an authentication request from a user device;
Based on the authentication information stored in the authentication information storage unit, a character string corresponding to the user identification information included in the authentication request is a modification attribute corresponding to the user identification information included in the authentication request. The correct choice converted to the specified display mode and the character string corresponding to the user identification information included in the authentication request are other than the decoration attributes corresponding to the user identification information included in the authentication request. An option generation unit for generating a plurality of options including an incorrect answer option converted into a display mode specified by an attribute;
An option information transmitting unit for transmitting the information of the plurality of options to the user device;
A selection information receiving unit for receiving information on selection results of options from the user device;
An authentication device, comprising: an authentication unit that determines that the authentication of the user device is successful when the selection result is the correct answer option. In the authentication information stored in the authentication information storage unit, the modifier attribute corresponding to the user identification information is changed according to the day of the week, date or time, or other predetermined rules known to the user. The authentication device according to claim 1, wherein: In the authentication information stored in the authentication information storage unit, the modification attribute corresponding to the identification information of the user is selected by the user at a predetermined frequency when registering the modification attribute that causes the user to repeatedly select the modification attribute. The authentication apparatus according to claim 1, wherein the authentication attribute is a modified attribute. A computer authentication method,
The computer including a storage unit that stores authentication information in which a character string and a decoration attribute that specifies a display mode of the character string are associated with the user identification information,
Receiving an authentication request from a user device;
Based on the authentication information stored in the storage unit, a character string corresponding to the user identification information included in the authentication request is designated by a modification attribute corresponding to the user identification information included in the authentication request. The correct choice converted to the display mode and the character string corresponding to the user identification information included in the authentication request are the modification attributes other than the modification attribute corresponding to the user identification information included in the authentication request. Generating a plurality of options including incorrect answer options that are converted to a specified display mode;
Transmitting the information of the plurality of options to the user device;
Receiving information on selection results from the user device;
And a step of determining that the authentication of the user device is successful when the selection result is the correct answer option. An authentication information storage unit for storing authentication information in which a character string and a decoration attribute that specifies a display mode of the character string are associated with the user identification information;
An authentication request receiver for receiving an authentication request from a user device;
Based on the authentication information stored in the authentication information storage unit, a character string corresponding to the user identification information included in the authentication request is a modification attribute corresponding to the user identification information included in the authentication request. The correct choice converted to the specified display mode and the character string corresponding to the user identification information included in the authentication request are other than the decoration attributes corresponding to the user identification information included in the authentication request. An option generation unit for generating a plurality of options including an incorrect answer option converted into a display mode specified by an attribute;
An option information transmitting unit for transmitting information on the plurality of options to the user device;
A selection information receiving unit for receiving information on selection results of options from the user device;
An authentication device comprising: an authentication unit that determines that authentication of the user device is successful when the selection result is the correct answer option;
An authentication request transmission unit for transmitting an authentication request including user identification information to the authentication device;
An option information receiving unit for receiving information on the plurality of options from the authentication device;
An option screen output unit for outputting a screen presenting options included in the information of the plurality of options;
A selection reception unit for receiving selection of options;
An authentication system comprising: a user device including a selection information transmission unit that transmits information on selection results of options to the authentication device.

Images