JP2015049608A - Information processing device, authentication method, and authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To realize proper security enhancement for authentication.SOLUTION: An information processing device comprises: a setting unit which sets one or more pieces of authentication image data, one or more registration points on the authentication image data, and an authentication area smaller than the screen area; and an authentication unit which performs authentication by controlling the registration point of the authentication image data set by the setting unit to move inside the authentication area.

Description

  The present application relates to an information processing apparatus, an authentication method, and an authentication program.

  In an electronic device or the like having a touch panel such as a smartphone or a tablet terminal, authentication by a touch operation on the touch panel is performed. For example, there is a password authentication method in which authentication is performed by inputting a preset password by touching a software keyboard displayed on the screen. There is also a pattern authentication method in which authentication is performed by tracing the screen with a finger or the like so as to pass nine marks arranged in a grid pattern on the screen in a preset order.

  Note that the above-described electronic device is often used in the state where there is another person nearby, such as in a train or public place, and security information may be leaked by being peeped by another person during security authentication. Therefore, an authentication method aimed at improving security has been studied (see, for example, Patent Document 1).

JP 2012-248155 A

  However, in the conventional method described above, since the touch operation input from the touch panel is used as authentication information as it is, if the content displayed on the screen is peeped by another person or the touch operation on the touch panel is peeped, There is a high risk of leakage of authentication information. Therefore, in the conventional method, appropriate security enhancement at the time of authentication is not realized.

  In one aspect, the present invention is directed to appropriate security enhancement during authentication.

  An information processing apparatus according to an aspect includes a setting unit configured to set one or a plurality of authentication image data, at least one registration point on the authentication image data, and an authentication area smaller than a screen size, and the setting unit And an authentication unit that performs authentication by moving the registration point of the authentication image data set in step 2 so as to be included in the authentication area.

  Appropriate security enhancement at the time of authentication can be realized.

It is a figure which shows an example of a function structure of the information processing apparatus in this embodiment. It is a figure which shows an example of the hardware constitutions of information processing apparatus. It is a figure which shows an example of authentication data. It is a flowchart which shows an example of an authentication process. It is a figure which shows an example of a setting screen. It is a figure which shows the example of a setting of an authentication window pattern. It is a figure which shows the example of a setting of the image data for authentication. It is a figure for demonstrating the setting content of a registration point. It is a figure for demonstrating the detailed setting content. It is a figure for demonstrating an example of a process of a coordinate transformation part. It is a figure for demonstrating the specific example of coordinate transformation. It is a figure which shows 1st Example of an authentication process. It is a figure which shows 2nd Example of an authentication process. It is a figure which shows 3rd Example of an authentication process. It is a figure which shows 4th Example of an authentication process. It is a figure which shows 5th Example of an authentication process.

  Hereinafter, embodiments will be described in detail with reference to the accompanying drawings.

<Functional Configuration Example of Information Processing Device in Present Embodiment>
FIG. 1 is a diagram illustrating an example of a functional configuration of the information processing apparatus according to the present embodiment. In the example of FIG. 1, the information processing apparatus 10 includes a setting unit 11, a touch position acquisition unit 12, a screen control unit 13, a coordinate conversion unit 14, an authentication unit 15, an output unit 16, and a storage unit 17. Have The storage unit 17 includes, for example, authentication image data 21, authentication window definition data 22, authentication data 23, driver software 24, an operating system 25, and an application 26.

  The setting unit 11 masks the authentication image data 21 to be displayed on the screen at the time of authentication, the registration points on the authentication image data 21, and the screen display area, and displays only a part of the authentication image data 21. The authentication window definition data 22 and the like are set, and the set various information is stored in the authentication data 23. The setting content is not limited to this. For example, the setting unit 11 may set whether or not to perform authentication processing in the present embodiment (valid or invalid) and store the set authentication setting information in the authentication data 23. Various settings by the setting unit 11 described above are preferably performed by a user or the like before the authentication process.

  The touch position acquisition unit 12 acquires a touch operation position on a screen such as a touch panel using a user's finger or a touch pen operated by the user. For example, the touch position acquisition unit 12 acquires a touch position (coordinates) on the screen with a touch pen or the like that performs a touch operation.

  The touch position acquisition unit 12 not only performs operations such as taps and double taps, but also moves information about touch positions such as flicks and swipes, and operation details using a plurality of fingers such as pinch-in and pinch-out. Can be acquired. In addition, the touch position acquisition unit 12 may count the number of touches in a predetermined time. Information acquired by the touch position acquisition unit 12 is output to the screen control unit 13 and the coordinate conversion unit 14.

  The screen control unit 13 outputs, for example, an authentication window (authentication area) specified by authentication data randomly selected by the information processing apparatus 10 from the authentication window definition data 22 previously defined in the storage unit 17. To display. The screen control unit 13 also authenticates the authentication image data 21 specified by the authentication data 23 selected at random by the information processing apparatus 10 from the one or more authentication image data 21 registered in the storage unit 17. Is displayed on the output unit 16. At this time, the screen control unit 13 performs control (mask control) so that, for example, a part of the image of the authentication image data 21 is displayed only in the authentication window. In addition, the screen control unit 13 displays a part selected at random from the authentication image data 21 in the authentication window on the initial screen at the time of authentication.

  Further, the screen control unit 13 moves the authentication image data 21 based on the touch position (X, Y) of the user, the movement of the touch position, or the like. At this time, the screen control unit 13 performs control (mask control) so that a part is displayed only in the authentication window even during the movement of the authentication image data 21. In addition, the screen control unit 13 generates a screen for performing various settings for performing authentication processing in the present embodiment and a screen corresponding to the authentication result, and reads authentication data from the storage unit 17 as necessary. The generated screen or the like is displayed by the output unit 16.

  The coordinate conversion unit 14 converts the position of the authentication window based on the registration point of the authentication image data 21 given from the authentication data 23 according to the touch coordinates obtained by the touch position acquisition unit 12. The coordinate conversion unit 14 outputs the converted coordinates to the authentication unit 15.

  The authentication unit 15 compares the position of the authentication window and the size of the authentication window coordinate-converted by the coordinate conversion unit 14 with the registration point, and whether the registration point is included in the authentication window (whether it is displayed on the screen). ). For example, the authentication unit 15 outputs the authentication result to the output unit 16 assuming that the authentication is successful when the registration points are continuously included in the authentication window for a predetermined time. Each process in the authentication unit 15 may be performed using the application 26 or the like.

  The output unit 16 is a display unit that displays the authentication image data 21, an authentication window, and the like, displays a screen for setting registration points, and displays an authentication result. The touch position acquisition unit 12 and the output unit 16 described above may be configured as an integrated touch panel, for example.

  The storage unit 17 stores various data used at the time of authentication in the present embodiment. The authentication image data 21 is one or a plurality of authentication image data used at the time of authentication. The authentication image data 21 may be, for example, an image taken by a user personally or an image downloaded via the Internet or the like. The authentication window definition data 22 is data defining an authentication window for hiding (masking) the screen display area and displaying only a part of the authentication image data 21. The authentication data 23 includes identification information such as the name of the authentication image data 21 used for authentication and coordinate data of at least one registration point set on the authentication image data 21. Information such as the authentication image data 21, registration points, and authentication window definition data 22 described above is selected by the setting unit 11 and stored in the storage unit 17 as authentication data 23.

  The driver software 24 is, for example, an application programming interface (API) for making each function of the information processing apparatus 10 available from the operating system 25 or the like.

  The operating system 25 acquires the coordinate data such as a touch panel from the touch position acquisition unit 12 using the API of the driver software 24 and outputs the coordinate data to the application 26 or the like, or outputs the contents processed by the application 26 to the output unit 16. To output to. Examples of the operating system 25 include, but are not limited to, Windows (registered trademark), Android (registered trademark), Unix (registered trademark), MacOS (registered trademark), and the like.

  The application 26 has various applications such as an authentication application. The information processing apparatus 10 can execute various processes using the application 26 or the like.

  The information processing device 10 is, for example, an electronic device such as a smartphone, a tablet terminal, a notebook personal computer (PC), a mobile phone equipped with a touch panel, a game device, or a music playback device, but is not limited thereto. .

<Hardware Configuration Example of Information Processing Apparatus 10>
FIG. 2 is a diagram illustrating an example of a hardware configuration of the information processing apparatus. In the example of FIG. 2, the information processing apparatus 10 includes a microphone (hereinafter referred to as a microphone) 31, a speaker 32, a display unit 34, an operation unit 33, a power unit 35, a wireless unit 36, and a short-range communication unit. 37, an auxiliary storage device 38, a main storage device 39, a central processing unit (CPU) 40, and a drive device 41, which are connected to each other via a system bus B.

  The microphone 31 inputs a voice uttered by the user and other sounds. The speaker 32 outputs the other party's voice or sounds such as ringtones. The microphone 31 and the speaker 32 are used, for example, when talking to a call partner using a call function or the like. Further, the speaker 32 may notify the user by outputting the authentication start and the authentication result in the present embodiment with a predetermined sound (voice) or the like. Therefore, the speaker 32 corresponds to an example of the output unit 16 described above, for example.

  The operation unit 33 is an operation button, a touch panel, or the like. The operation buttons are, for example, a power button, a volume adjustment button, and other operation buttons. The touch panel is configured as a touch panel display in which a display and a touch panel are superimposed. In addition, as a touch panel, for example, a resistive film method, a capacitance method, an optical method, an electromagnetic induction method, or the like can be used. For example, if there is a sampling rate and resolution that can perform touch input to a software keyboard, It doesn't matter. The operation unit 33 corresponds to the touch position acquisition unit 12 described above, for example.

  The display unit 34 is a display such as a Liquid Crystal Display (LCD) or an organic Electro Luminescence (EL). The display unit 34 may be a touch panel display having a display and a touch panel, for example. The display unit 34 corresponds to an example of the output unit 16 described above, for example.

  The power unit 35 supplies power to each component of the information processing apparatus 10. The power unit 35 is an internal power source such as a battery, but is not limited thereto. The power unit 35 can also detect the amount of power constantly or at predetermined time intervals and monitor the remaining amount of power.

  The radio unit 36 is a communication data transmission / reception unit that receives a radio signal (communication data) from a base station using, for example, an antenna or transmits a radio signal to the base station via an antenna.

  The short-range communication unit 37 performs short-range communication with other information processing apparatuses and external devices using a communication method such as infrared communication or Bluetooth (registered trademark). The wireless unit 36 and the short-range communication unit 37 described above are communication interfaces that enable data transmission / reception with other information processing devices, external devices, and the like.

  The auxiliary storage device 38 is a storage unit such as a hard disk drive (HDD) or a solid state drive (SSD). The auxiliary storage device 38 stores various programs and the like and inputs / outputs data as necessary.

  The main storage device 39 stores an execution program read from the auxiliary storage device 38 in response to an instruction from the CPU 40, and stores various information obtained during program execution. The main storage device 39 is, for example, a read only memory (ROM) or a random access memory (RAM), but is not limited thereto. The auxiliary storage device 38 and the main storage device 39 correspond to the storage unit 17 described above, for example.

  The CPU 40 controls processing of the entire computer, such as various operations and data input / output with each hardware component, based on a control program such as the operating system 25 and an execution program stored in the main storage device 39. Thus, each process in the screen display is realized. Various information necessary during the execution of the program may be acquired from the auxiliary storage device 38 and the execution result or the like may be stored.

  The drive device 41 can detachably set the recording medium 42, for example, and can read various information recorded on the set recording medium 42 and write predetermined information on the recording medium 42. The drive device 41 is, for example, a medium loading slot or the like, but is not limited to this.

  The recording medium 42 is a computer-readable recording medium that stores an execution program and the like as described above. The recording medium 42 may be a semiconductor memory such as a flash memory, for example. Further, the recording medium 42 may be a portable recording medium such as a Universal Serial Bus (USB) memory, but is not limited thereto.

  In this embodiment, by installing an execution program (for example, an authentication program) in the hardware configuration of the computer main body described above, the hardware resource and software cooperate to realize display processing and the like in this embodiment. be able to. Further, the authentication program corresponding to the above-described display processing may be in a resident state on the apparatus, for example, or may be activated by an activation instruction.

  As one aspect, the information processing apparatus 10 described above is mounted using, for example, a device on which a touch panel display integrated with a display device is mounted, and software that operates on the device. The software part may be realized by hardware that performs an equivalent function.

<Example of authentication data 23>
Next, an example of the authentication data described above will be described with reference to the drawings. FIG. 3 is a diagram illustrating an example of authentication data. 3A shows an example of authentication setting information, and FIG. 3B shows an example of detailed setting information.

  The items of the authentication setting information shown in FIG. 3A include, for example, “authentication setting” and “value”, but are not limited thereto. As shown in FIG. 3A, the setting unit 11 can set whether or not to perform authentication processing in this embodiment (valid or invalid). In the present embodiment, the authentication setting shown in FIG. 3A may not be performed. For example, when the authentication setting is not performed, the authentication process is always performed when the user uses the authentication setting.

  The items of detailed setting information shown in FIG. 3B include, for example, “authentication data identification”, “data content”, “value”, and the like, but are not limited thereto.

  “Authentication data identification” is information for identifying an authentication data pattern. “Data content” is the data content set for each “authentication data identification”. For example, as shown in FIG. 3B, the “data content” includes “authentication image data identification information”, “authentication window type”, “authentication window area”, “registration point (X)”, “registration point ( Y) ”,“ minimum enlargement ratio at the time of authentication ”,“ image inclination ”, and“ parallel movement of image ”, but are not limited thereto. The “value” for each data content described above is set by the user or the like from the setting unit 11 as shown in FIG.

  In this embodiment, one authentication data is randomly selected from one or a plurality of authentication data as shown in FIG. 3B, and the authentication process is executed based on the contents specified by the selected authentication data. Is done.

<Example of authentication process>
Next, an example of authentication processing in the information processing apparatus 10 will be described using a flowchart. FIG. 4 is a flowchart illustrating an example of the authentication process. It is assumed that various settings are made by the setting unit 11 before the authentication process shown in the example of FIG.

  In the example of FIG. 4, when the information processing apparatus 10 receives an operation such as a touch panel or an operation button, the information processing apparatus 10 determines whether it is necessary to perform authentication based on the authentication setting information stored in the authentication data 23 ( S01). When it is necessary to perform authentication (YES in S01), the screen control unit 13 randomly selects one authentication data from one or more stored authentication data 23 (S02), and the selected authentication The authentication window definition data 22 designated by the data is read (S03), and the authentication window defined by the read authentication window definition data 22 is displayed on the screen (S04).

  Next, the screen control unit 13 reads the authentication image data 21 designated by the selected authentication data (S05), and displays the read authentication image data 21 on the screen (S06).

  The screen control unit 13 described above may perform the processes of S03 and S04 and the processes of S05 and S06 in the reverse order. By the processing of S06, the screen of the output unit 16 is in a state where a part of the authentication image data 21 is displayed only in the authentication window (in the authentication area).

  Next, the screen control unit 13 moves the authentication image data 21 based on the movement of the touch position acquired by the touch position acquisition unit 12 (S07). In the process of S07, the screen control unit 13 performs control (mask control) so that a part is displayed only within the authentication window even during the movement of the authentication image data 21.

  Next, the authentication unit 15 performs authentication based on the positional relationship between the coordinates of the registration point set in the moved authentication image data 21 and the authentication window (S08). In the processing of S08, the authentication unit 15 performs authentication based on the coordinates of the authentication window converted by the coordinate conversion unit 14 based on the movement amount of the authentication image data obtained from the screen control unit 13 and the registration points. I do.

  For example, the authentication unit 15 can determine whether the authentication has succeeded (authentication OK) or has failed (authentication NG) depending on whether or not the registration point is included in the authentication window (included). However, the present invention is not limited to this. For example, the authentication unit 15 determines that the authentication is OK when the registration point is displayed in the authentication window after a predetermined time (for example, 10 seconds, 1 minute, etc.) has elapsed since the start of the movement of the authentication image data. If the registration point cannot be displayed, it may be determined as authentication NG.

  The authentication unit 15 determines whether or not the authentication is OK (S09). If the authentication is OK (YES in S09), for example, the read authentication window and authentication image data are deleted (S10). Subsequent operations on the information processing apparatus 10 are enabled. If the authentication is not OK (NO in S09), the authentication unit 15 displays an error message indicating that the authentication has failed (S11), and ends the process. In the process of S11, the authentication unit 15 may notify a message for performing the authentication operation again, or may perform a process of locking the information processing apparatus 10 so that the subsequent operation cannot be performed.

  In addition, the information processing apparatus 10 does not need to perform authentication in the process of S01 (NO in S01), or has already been authenticated or does not have time to authenticate (for example, a call from another person) The process is terminated as it is.

<Specific Example of Setting Contents by Setting Unit 11>
Next, a specific example of setting contents by the setting unit 11 described above will be described. FIG. 5 is a diagram illustrating an example of the setting screen. In the example of FIG. 5, various setting buttons 52-1 to 52-5 are displayed on the setting screen 51 of the information processing apparatus 10.

  In the setting screen 51 shown in the example of FIG. 5, a setting button 52-1 is an authentication window button for selecting a pattern such as the shape and number of authentication areas (authentication windows). The setting button 52-2 is an authentication image button for selecting an authentication image and registering coordinates on the selected image. The setting button 52-3 is a detailed setting button for enabling a function of enlarging or rotating an image at the time of authentication. The setting button 52-4 is a completion button for reflecting the changed setting. When the completion button is pressed, information set so far is stored in the storage unit 17. The setting button 52-5 is a cancel button for discarding the set or changed content. Note that the types of buttons and layout for the setting screen are not limited to the example of FIG.

<Setting example of authentication window pattern>
FIG. 6 is a diagram illustrating an example of setting an authentication window pattern. FIG. 6A shows an example of authentication window patterns that can be selected in advance, and FIG. 6B shows an example of an authentication window selected by the user.

  The example of FIG. 6A is a screen displayed when the authentication window button (setting button 52-1) in FIG. 5 described above is selected. On the setting screen 51 shown in FIG. 5, one or a plurality of patterns of the shape and number of each authentication window as shown in FIG. 6A are displayed. In the example of FIG. 6A, an example of 12 patterns is displayed, but the present invention is not limited to this. The user selects one of the displayed patterns.

  For example, in this embodiment, when a rectangle having a single authentication window (column A shown in FIG. 6 (A)) is selected, the screen automatically returns to the original screen (FIG. 5), and the selection result is authenticated. Although displayed on the right side of the window button, the present invention is not limited to this.

  In addition, when a plurality of patterns (column B and column C shown in FIG. 6A) are selected as the authentication window, as shown in FIG. 6B, which window (frame) is further selected after the selection. A screen for selecting whether to use for this is displayed. The user touches and selects at least one of the displayed windows. For example, in the present embodiment, when at least one authentication window is selected, the screen automatically returns to the setting screen (FIG. 5), and the selection result is displayed on the right side of the authentication window button. is not.

  For example, in FIG. 6A, a pattern having three round windows in the C row is selected. For example, the user selects at least one of the three windows (areas) 53-1 to 53-3 as an authentication window (authentication area). In the example of FIG. 6B, the window 53-2 is selected as the authentication window. Therefore, in the authentication process, authentication is performed by moving the authentication image data 21 so that the set registration point on the authentication image data is displayed in the selected window 53-2.

  In the example of FIG. 6, the shape, size, position, etc. of the window are not limited to this. For example, the pattern may include a plurality of windows having different shapes. Each of the plurality of windows may have a different size.

<Setting example of authentication image data>
Next, an example of setting authentication image data using the authentication image button (setting button 52-2) will be described with reference to the drawings. FIG. 7 is a diagram illustrating a setting example of authentication image data. The example of FIG. 7 is an example of a screen displayed when the authentication image button (setting button 52-2) of FIG. 5 described above is selected. When the authentication image button shown in FIG. 5 is selected, a list of one or a plurality of usable image data stored in the storage unit 17 of the information processing apparatus 10 is displayed. The user selects at least one of the image lists as shown in FIG. 7 by a touch operation or the like.

  When the user selects one image from the image list illustrated in FIG. 7, the setting unit 11 causes the user to set a registration point. Here, FIG. 8 is a diagram for explaining the setting contents of the registration points.

  When the authentication image data 21 is selected by the user from the plurality of authentication image data 21 shown in FIG. 7 described above, the entire image of the selected image data is reduced and displayed on the screen of the information processing apparatus 10. (For example, FIG. 8A). In this state, since the image is difficult to see small, the user may not be able to properly register the authentication coordinates.

  Therefore, as shown in FIG. 8A, a predetermined message is displayed so that the user enlarges the image. An example of the message is, for example, “Please enlarge the part you want to register until the window used for authentication is displayed”, but is not limited to this.

  Here, for example, when the image size after enlargement is equal to or larger than the image size registered in advance by a detailed setting button (setting button 52-3) described later, the image size selected by the authentication window button Is displayed on the screen (for example, FIG. 8B).

  The user moves the image so that a part of the image to be registered enters the authentication window 61 while repeating the enlargement and movement of the image by touching the screen (for example, FIGS. 8B to 8D). ). The screen control unit 13 performs the above-described enlargement and movement on the authentication image data 21 based on the user's touch position obtained by the touch position acquisition unit 12.

  Next, after the user puts a part to be registered in the authentication window 61 and then, for example, presses and holds an appropriate part of the touch panel for a predetermined time (for example, about 2 seconds), the setting unit 11 Are registered as authentication coordinates (registered points) (for example, FIG. 8E).

  At this time, the setting unit 11 stores the coordinates of one point in the center of the image area included in the authentication window 61 as the authentication data 23 in the storage unit 17.

  Further, the setting unit 11 may store the image enlargement rate at the time of registration in the authentication data 23 when “image enlargement” is enabled in the detailed setting described later. Further, the setting unit 11 may store the inclination of the image at the time of registration in the authentication data 23 when “rotate image” is enabled in the detailed setting described later.

  In addition, the setting unit 11 displays a screen for inquiring the user as to whether or not other coordinates are set as registration points for the authentication image data 21 (for example, FIG. 8F), and the other coordinates are also displayed. In the case of registration, registration points can be continuously set (for example, FIG. 8G to FIG. 8J). Moreover, the setting part 11 completes a registration process, when not registering another coordinate (for example, FIG.8 (K), FIG.8 (L)).

  In this way, one or a plurality of authentication image data can be set, and one or a plurality of registration points can be set for each authentication image data. During authentication, authentication image data randomly selected from the set authentication image data can be displayed on the screen for authentication processing.

<Example of detailed settings>
Next, a detailed setting example using the detailed setting button (setting button 52-3) will be described with reference to the drawings. FIG. 9 is a diagram for explaining the detailed setting contents. FIG. 9A shows a detailed setting screen 71, and FIG. 9B shows details of a user's finger touch operation.

  The example of FIG. 9 shows an example of a screen displayed when the detailed setting button (setting button 52-3) shown in FIG. 5 is selected.

  The detailed setting screen 71 includes a setting area 72-1 for “image size at the time of authentication”, a setting area 72-2 for “enlarge image”, a setting area 72-3 for “rotate image”, and an “image” However, the present invention is not limited to this.

  Options such as “Large / Medium / Small” are set in advance for the “image size at the time of authentication”, and the authentication image data 21 displayed at the time of authentication is compared with the screen size of the information processing apparatus 10. Select whether to display about twice as large. Each multiple can be set to, for example, large (5 times), medium (3 times), small (1.5 times), etc., but is not limited thereto.

  For example, in the present embodiment, the authentication image data 21 is set to be larger than the screen size of the information processing apparatus 10. By making it larger than the screen size, the user can perform more operations for moving the registration point within the authentication window. Further, even if another person (third party) sees a part of the authentication image data 21 displayed in the authentication window, the contents can be made difficult to understand. Therefore, resistance to peeping by others can be improved. Note that the image size at the time of authentication in the present embodiment is not limited to this, and may be the same size as the screen size or smaller than the screen size.

  In the example of FIG. 9A, if the check area of the “image enlargement” setting area 72-2 is checked, an operation for enlarging the authentication image during the authentication operation becomes possible. The minimum enlargement ratio can be set as the authentication condition. Therefore, for example, it is possible to set the authentication condition to enlarge the authentication image data by 8 times or more. Thereby, since the user needs to further perform an operation for enlarging the image beyond the minimum enlargement ratio set as the authentication condition, it is possible to improve resistance to peeping of the authentication image by another person.

  In the example of FIG. 9A, when the check area of the “image rotation” setting area 72-3 is checked, the authentication image can be rotated during the authentication operation, and the inclination of the image is authenticated. It can be set as a condition. Therefore, for example, rotation of the authentication image data 90 degrees to the left can be set as an authentication condition. Thereby, since the user further needs an operation for rotating the image set as the authentication condition, it is possible to improve resistance to peeping of the operation of another person.

  In the example of FIG. 9A, when the check area of the setting area 72-4 for “parallel rotation of image” is checked, detection of the rotation component of the touch operation at the time of authentication is enabled. Thus, for example, as shown in FIG. 9B, when the image is moved at the time of authentication, if the user flicks at the end of the flick operation, the bounce direction is detected as a curvilinear operation, and the image is displayed. It can be moved in a curved line without changing the vertical and horizontal directions.

  Thus, for example, the moving direction of the image can be changed by a slight heel (for example, a jumping operation) of the flick operation with the user's finger 73 as shown in FIG. 9B. Therefore, even if it seems that the finger 73 is linearly moved from others, the authentication image data 21 can be moved in a curved line by enabling the parallel rotation of the image. Thereby, the tolerance with respect to peeping of another person's operation can be improved more.

  If there is no check in the check areas of the above-mentioned setting areas of “image enlargement”, “image rotation”, and “image parallel rotation”, the function without check is invalidated so that it is not included in the authentication condition. To.

  Each setting information described above can be set for each authentication data pattern (authentication data identification), for example, and the set information is stored as the authentication data 23 as shown in FIG. The authentication data 23 stored in the storage unit 17 can be changed or deleted partially (for example, for each authentication data pattern) or all. In the present embodiment, for example, a screen for performing authentication setting as shown in FIG. 3A described above may be displayed and set by the user or the like.

<Example of processing of coordinate conversion unit 14>
Next, an example of the process of the coordinate conversion unit 14 described above will be described with reference to the drawings. FIG. 10 is a diagram for explaining an example of processing of the coordinate conversion unit. FIG. 11 is a diagram for explaining a specific example of coordinate transformation. FIG. 11A shows an operation example at the time of authentication, and FIG. 11B shows an example of coordinate conversion.

  Authentication image data 21 shown in FIG. 11A and arbitrary registration point coordinates (Xb, Yb) on the authentication image data 21 are set in advance by the user and stored as authentication data 23 in the storage unit 17. The registration point on the image data 21 is a coordinate expressed in the coordinate system of the display unit 34. The registration point coordinates (Xb, Yb) may be based on the position of a predetermined corner such as a touch panel, but is not limited to this. When the coordinate data input by the touch operation on the touch panel or the like is acquired by the touch position acquisition unit 12, the touch coordinates are input to the screen control unit 13 and the coordinate conversion unit 14.

  Based on the position (Xc, Yc) and size (ΔXc, ΔYc) of the authentication window 61 set by the authentication window definition data 22 defined in advance, the screen control unit 13 displays the screen shown in FIG. As shown, an authentication window 61 is displayed on the screen. The position (Xc, Yc) of the authentication window 61 may be based on the position of a predetermined corner such as a touch panel, but is not limited to this.

  Further, the screen control unit 13 moves the authentication image data 21 as shown in FIG. 11A according to the touch coordinates continuously obtained from the touch position acquisition unit 12. For example, when the coordinate conversion unit 14 acquires the touch coordinates (X, Y) (S21), the coordinate conversion unit 14 calculates the movement amount (ΔX, ΔY) from the previous touch coordinates (for example, a predetermined time before) (S22). . Next, the coordinate conversion unit 14 calculates the position (Xc ′, Yc ′) of the authentication window 61 with reference to the registration point coordinates (Xb, Yb) as shown in FIG. Is converted into a coordinate system based on (S23). In the process of S23, the coordinate conversion unit 14 performs calculations such as “Xc ′ = Xc−Xb + ΔX, Yc ′ = Yc−Yb + ΔY”, but is not limited thereto. Next, the coordinate conversion part 14 outputs the result converted by the process of S23 to the authentication part 15 (S24).

  In the authentication unit 15, for example, the position (Xc, Yc) of the authentication window 61, the size of the authentication window 61 (ΔXc, ΔYc), and the registration point coordinates (Xb, Yb), which are coordinate-converted by the above-described processing, By comparison, it is determined whether or not the registration point coordinates are included in the authentication window 61. The authentication unit 15 outputs an authentication result as successful authentication (authentication OK) when there are registration points in the authentication window 61 continuously for a predetermined time (for example, about 3 seconds) or longer.

  The processing of the authentication unit 15 is not limited to this. For example, whether or not the registration point coordinates are in the authentication window 61 when the authentication button is displayed on the image and the authentication button is pressed. You may authenticate by. Moreover, the authentication part 15 may perform the process of making it authenticate again, when authentication fails (in the case of authentication NG).

In the present embodiment, the touch operation for authentication is not a predetermined operation such as the number of times and the direction, but may be a random operation. Further, the data used at the time of authentication is not generated from the touch operation pattern, and the authentication data and the touch panel operation are completely separated. Therefore, for example, even if someone looks into the touch panel operation,
Authentication information is never grasped. Further, in this embodiment, it is not necessary to combine with other security techniques such as password entry and peeping prevention techniques (peep prevention filter or the like), and it is possible to prevent others from peeping.

<Specific example of authentication processing>
Next, a specific example of the authentication process will be described with reference to the drawings. In the present embodiment, the authentication image data 21 registered in advance is an image that is well known by the user of the information processing apparatus 10, and a characteristic point on the image is used as a registration point according to the user's preference. Can be set. The authentication window (authentication area) is large enough to be visually recognized by the user, but small enough for a remote person to visually recognize it. Although only a part of the authentication image data 21 is displayed in the authentication window, since the user knows what kind of image the authentication image data is, the image of the image displayed in the authentication window is displayed. It is possible to grasp which part of the image by looking at a part.

  Further, since the user has set the registration points in advance, the authentication image data 21 is moved by a touch operation on the screen (for example, a swipe operation or a flick operation), and registration on the image set in advance is performed. Put the point in the authentication window. Further, when a predetermined time elapses after a registration point is placed in the authentication window, or when a predetermined portion on the screen is touched (long-pressed) for a predetermined time or longer, authentication is OK and the information processing apparatus 10 is unlocked. .

  In the present embodiment, the authentication image data displayed in the authentication window may be changed randomly at every authentication. In the present embodiment, a plurality of authentication windows may be provided. Further, in this embodiment, not only the authentication image data 21 is moved, but also more detailed coordinates can be used for authentication by enlarging the image according to the operation of the touch panel. In the present embodiment, the authentication image data 21 is rotated or moved in parallel along a curve in accordance with the touch operation on the screen, thereby making it possible to make the authentication operation more difficult for others to understand. Appropriate security enhancement against peeping of operations can be realized. The contents described above will be described below as examples.

<First embodiment>
FIG. 12 is a diagram showing a first embodiment of the authentication process. The first embodiment shown in FIG. 12 shows an embodiment in which “enlargement of image” is set to be effective in the “detail setting” described above. In the first embodiment, a registration point ((ii) in FIG. 12A) of the authentication image data 21 shown in FIG.

  FIG. 12B is an initial screen of the authentication screen displayed on the screen (touch panel) of the information processing apparatus 10. When the authentication screen is activated, for example, a part of an image randomly selected from the authentication image data 21 ( (I) of FIG. 12A is displayed in the authentication window 81.

  The user touches the screen (touch panel) and moves the image so that the registration point (portion (ii)) of the authentication image data 21 is included in the authentication window 81 (displayed in the authentication window). (FIG. 12C). At this time, the user enlarges the image so as to be the same as or higher than that in advance by, for example, a pinch-out operation (for example, an operation to increase the interval between the two fingers while touching with two fingers). And may be moved (FIG. 12D). Enlarging the image makes it difficult for others to recognize the content of the image, and improves resistance to peeping by others. In the first embodiment, the registered part is moved to enter the authentication window 81, and authentication is executed by pressing and holding an appropriate part of the touch panel for a few seconds.

  When the authentication unit 15 detects, for example, a long press, the registration point (authentication data 23) is included in the authentication window 81, or the image stored at the same time when the enlargement ratio of the current image registers coordinates. Confirm that it is larger than the enlargement rate, and if both are satisfied, it is determined that the authentication is successful. Note that the authentication unit 15 may determine that the authentication is successful if the registration point is within the authentication window 81.

  In the first embodiment, for example, a reduction button 82 may be provided on the screen as shown in FIG. 12. While the reduction button 82 is pressed, authentication is performed as shown in FIG. The authentication image data 21 in the window 81 may be reduced and displayed. As a result, it is possible to easily grasp which position in the authentication image data 21 the portion displayed in the authentication window 81 is. In the first embodiment, the size of the original authentication image data 21 can be restored by releasing the finger from the reduction button shown in FIG.

<Second embodiment>
FIG. 13 is a diagram illustrating a second embodiment of the authentication process. The second embodiment shown in FIG. 13 shows an embodiment in which “rotation of image” is set to be effective in the “detail setting” described above.

  In the second embodiment, a registration point ((ii) in FIG. 13A) of the authentication image data 21 shown in FIG.

  FIG. 13B is an initial screen of the authentication screen displayed on the screen (touch panel) of the information processing apparatus 10. When the authentication screen is activated, for example, a part of an image randomly selected from the authentication image data 21 ( (I) in FIG. 13A is displayed in the authentication window 81.

  The user touches the screen (touch panel) to move the image so that the registration point (portion (ii)) of the authentication image data 21 is included in the authentication window 81 (FIG. 13C). Thereafter, for example, the user performs an operation of rotating leftward while touching the screen with two fingers, tilting the image in a desired direction, and pressing and holding an appropriate part of the touch panel for about several seconds to execute authentication (FIG. 13). (D)).

  In the second embodiment, when the authentication unit 15 detects a long press, the registration point is in the authentication window 81 and the current image inclination is the inclination of the image set when the coordinates are registered. It is determined that it is within a certain error range. The authentication unit 15 can determine that the authentication is successful when both of the conditions are satisfied. In the second embodiment, when authentication image data 21 is rotated 90 degrees to the left, it is determined that the authentication is successful. However, the present invention is not limited to this.

<Third embodiment>
FIG. 14 is a diagram showing a third embodiment of the authentication process. The third embodiment shown in FIG. 14 shows an embodiment in which “parallel rotation of image” is set to be effective in the “detail setting” described above.

  In the third embodiment, a registration point ((ii) in FIG. 14A) of the authentication image data 21 shown in FIG.

  FIG. 14B is an initial screen of the authentication screen displayed on the screen (touch panel) of the information processing apparatus 10. When the authentication screen is activated, for example, a part of an image randomly selected from the authentication image data 21 ( (I) of FIG. 14A is displayed in the authentication window 81.

  Here, in the third embodiment, when “parallel rotation of the image” is set to be invalid in the detailed setting described above, when the user performs a flick operation to move the screen, the image moves linearly. To do. Therefore, the part (ii) of the authentication image data 21 is displayed in the authentication window 81 (FIG. 14C).

  On the other hand, when “Rotate image parallel” is enabled in the detailed settings (when checked), the user performs a flick operation to move the screen, and there is a jump at the end of the flick operation The image moves in a curved line according to the direction of the jump. Therefore, the (iii) portion of the authentication image data 21 is displayed in the authentication window 81 (FIG. 14D).

  As described above, in the third embodiment, different images can be moved even with the same operation according to the presence or absence of parallel rotation of the images. Therefore, different authentications can be performed by the same operation according to the set content, and even if the operation content is imitated by another person, authentication can be disabled.

<Fourth embodiment>
FIG. 15 is a diagram illustrating a fourth embodiment of the authentication process. The fourth embodiment shown in FIG. 15 shows an embodiment when a plurality of registration points (authentication data 23) are registered.

  In the fourth embodiment, a plurality of registration points ((ii) to (iv) in FIG. 15A) are set in advance by the setting unit 11 in the authentication image data 21 shown in FIG. Further, at the time of setting by the setting unit 11, authentication conditions are set so that authentication is performed in the order of (ii) → (iii) → (iv). In the fourth embodiment, when the registration points are set as described above, the operation for displaying the registration points in the authentication window 81 in that order is performed to further improve the resistance to peeping of others. be able to.

  FIG. 15B is an initial screen of the authentication screen displayed on the screen (touch panel) of the information processing apparatus 10. When the authentication screen is activated, for example, a part of an image randomly selected from the authentication image data 21 ( (I) of FIG. 15A is displayed in the authentication window 81.

  The user touches the screen (touch panel) and moves the image so that the first registration point (portion (ii)) of the authentication image data 21 is included in the authentication window 81 (FIG. 15C). Then, press and hold an appropriate part of the screen for a few seconds to execute authentication.

  When the authentication application of the authentication unit 15 detects a long press, the authentication is successful if the registration point is included in the authentication window 81, and if an unauthenticated registration point remains, the next input (long press) Wait).

  Next, the user performs the same operation on the remaining registration points ((iii), (iv)) of the authentication image data 21. The authentication unit 15 performs an authentication process at each registration point, and when all the authentications are successful, finally performs the process as authentication OK.

<Fifth embodiment>
FIG. 16 is a diagram showing a fifth embodiment of the authentication process. The fifth embodiment shown in FIG. 16 shows an embodiment in which a plurality of authentication windows are provided in setting the authentication window pattern from the authentication window definition data 22.

  In the example of FIG. 16, three authentication windows 81-1 to 81-3 are set. In the fifth embodiment, when an authentication window pattern is selected, a window and registration points ((ii) in FIG. 16A) used for authentication are set in advance by the setting unit 11.

  FIG. 16B is an initial screen of the authentication screen displayed on the screen (touch panel) of the information processing apparatus 10. When the authentication screen is activated, for example, a part of an image randomly selected from the authentication image data 21 ( (I) of FIG. 16A is displayed in the authentication windows 81-1 to 81-3.

  The user touches the screen (touch panel), moves the image so that the registration point of (ii) of the authentication image data 21 is included in the authentication window 81-2 (FIG. 16C), and thereafter Authenticate by pressing and holding an appropriate part of the screen for a few seconds.

  Upon detecting a long press, the authentication unit 15 determines that the authentication is successful when a registration point is included in the authentication window 81-2 set for authentication among the plurality of authentication windows 81-1 to 81-3. to decide.

  According to the fifth embodiment, since only the user knows which authentication window to use among a plurality of authentication windows, resistance to peeping by others can be improved. In the fifth embodiment, since there are a plurality of authentication windows, the display area of the authentication image data 21 is increased. Therefore, the user can easily grasp which part of the authentication image data 21 is the part displayed in the authentication window.

  Each Example 1-5 mentioned above may combine the one part or all part. For example, the success or failure of authentication may be determined by performing a plurality of authentication processes using a plurality of authentication image data, a plurality of authentication data, and the like.

  According to one aspect of the above-described embodiment, appropriate security enhancement at the time of authentication can be realized. For example, the touch panel operation for performing the authentication has no fixed number of times and directions, and may be random. In addition, since the part displayed on the initial screen for authentication is a part selected at random from the authentication image, the way to move to the registration point is also randomly different. Even if the user looks into the screen, the authentication window is smaller than the screen size, so it is difficult for others (third parties) to see it. In addition, the data used at the time of authentication is not generated from the touch operation pattern, and the authentication data and the touch panel operation are completely separated. It will not be revealed. In addition, this embodiment does not need to be combined with other security techniques or peeping prevention techniques (peep prevention filters or the like), and can prevent peeping of touch panel operations by itself.

  Each embodiment has been described in detail above. However, the present invention is not limited to the specific embodiment, and various modifications and changes other than the above-described modification are possible within the scope described in the claims. .

In addition, the following additional remarks are disclosed regarding the above Example.
(Appendix 1)
A setting unit for setting one or a plurality of authentication image data, at least one registration point on the authentication image data, and an authentication area smaller than the screen size;
An information processing apparatus comprising: an authentication unit that performs authentication by moving the registration point of the authentication image data set by the setting unit so as to be included in the authentication area.
(Appendix 2)
Screen control for making the authentication image data larger than the screen size, displaying the authentication area on the authentication image data, and displaying a part of the authentication image data from within the authentication area The information processing apparatus according to appendix 1, wherein the information processing apparatus includes a section.
(Appendix 3)
A coordinate conversion unit that converts the position of the authentication area with respect to the registration point according to touch coordinates on the user's screen;
The information according to appendix 1 or 2, wherein the authentication unit determines whether authentication is successful by comparing the coordinates obtained by the coordinate conversion unit and the position of the registration point. Processing equipment.
(Appendix 4)
The setting unit
One of the additional notes 1 to 3, wherein when there are a plurality of authentication areas, the authentication area is set by moving the registration point among the plurality of authentication areas. The information processing apparatus described in 1.
(Appendix 5)
The authentication unit
When a plurality of registration points in the authentication image data are set by the setting unit, authentication is performed by moving each registration point to the authentication area in the order in which a plurality of registration points are set. 5. The information processing apparatus according to any one of supplementary notes 1 to 4.
(Appendix 6)
The setting unit
At least one of an image size at the time of authentication of the authentication image data, presence / absence of enlargement of the authentication image data, presence / absence of rotation of the authentication image data, and presence / absence of parallel rotation of the authentication image data. The information processing apparatus according to any one of appendices 1 to 5, wherein the information processing apparatus is set.
(Appendix 7)
Information processing device
Setting one or a plurality of authentication image data, at least one registration point on the authentication image data, and an authentication area smaller than the screen size;
An authentication method, wherein authentication is performed by moving the registration point of the set image data for authentication so as to be included in the authentication area.
(Appendix 8)
Setting one or a plurality of authentication image data, at least one registration point on the authentication image data, and an authentication area smaller than the screen size;
An authentication program for causing a computer to execute a process of performing authentication by moving the set registration point of the authentication image data so as to be included in the authentication area.

DESCRIPTION OF SYMBOLS 10 Information processing apparatus 11 Setting part 12 Touch position acquisition part 13 Screen control part 14 Coordinate conversion part 15 Authentication part 16 Output part 17 Storage part 21 Authentication image data 22 Authentication window definition data 23 Authentication data 24 Driver software 25 Operating system 26 Application 31 Microphone 32 Speaker 33 Operation unit 34 Display unit 35 Power unit 36 Wireless unit 37 Short-range communication unit 38 Auxiliary storage device 39 Main storage device 40 CPU
41 Drive Device 42 Recording Medium 51 Setting Screen 52 Setting Button 53 Window 61, 81 Authentication Window 71 Detailed Setting Screen 72 Setting Area 73 Finger 82 Reduction Button

Claims (7)

A setting unit for setting one or a plurality of authentication image data, at least one registration point on the authentication image data, and an authentication area smaller than the screen size;
An information processing apparatus comprising: an authentication unit that performs authentication by moving the registration point of the authentication image data set by the setting unit so as to be included in the authentication area.   Screen control for making the authentication image data larger than the screen size, displaying the authentication area on the authentication image data, and displaying a part of the authentication image data from within the authentication area The information processing apparatus according to claim 1, further comprising a unit. A coordinate conversion unit that converts the position of the authentication area with respect to the registration point according to touch coordinates on the user's screen;
3. The authentication unit according to claim 1, wherein the authentication unit determines whether or not the authentication is successful by comparing the coordinates obtained by the coordinate conversion unit and the position of the registration point. Information processing device. The setting unit
4. The method according to claim 1, wherein, when there are a plurality of authentication areas, the authentication area is set by moving the registration point to the authentication area among the plurality of authentication areas. 5. The information processing apparatus according to item. The authentication unit
When a plurality of registration points in the authentication image data are set by the setting unit, authentication is performed by moving each registration point to the authentication area in the order in which a plurality of registration points are set. The information processing apparatus according to any one of claims 1 to 4. Information processing device
Setting one or a plurality of authentication image data, at least one registration point on the authentication image data, and an authentication area smaller than the screen size;
An authentication method, wherein authentication is performed by moving the registration point of the set image data for authentication so as to be included in the authentication area. Setting one or a plurality of authentication image data, at least one registration point on the authentication image data, and an authentication area smaller than the screen size;
An authentication program for causing a computer to execute a process of performing authentication by moving the set registration point of the authentication image data so as to be included in the authentication area.