JP2015075789A - Authenticating program, authenticating method, authenticating apparatus, and authenticating system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enhance the convenience of password inputting in password authentication.SOLUTION: An authentication apparatus comprises an output unit that outputs at least one correct partial character string out of a plurality of correct partial character strings generated by so splitting an authentication character string stored into a first storage unit into a plurality as to include at least one character consecutively to be stored into a second storage unit and a plurality of false partial character strings matching the correct partial character string or strings as a plurality of input candidate character strings; and an authenticating unit that gives authentication, when an authenticating instruction based on an input authentication character string containing one input candidate character string out of a plurality of input candidate character strings is inputted, according to whether or not the input authentication character string and the authentication character string to be stored into the first storage unit are identical or not.

Description

  The present invention relates to an authentication program, an authentication method, an authentication device, and an authentication system for password authentication.

  Mobile terminals such as mobile phone terminals, smartphones, music players, and game devices often have limited character input means. For example, these portable terminals are rarely equipped with a keyboard or the like that is highly convenient for character input. In this case, direction keys, numeric keys, side buttons, etc. that are not convenient for character input are used for character input. It is done. Therefore, the character input operation on the mobile terminal is complicated.

JP 2002-7349 A JP 2007-334768 A

  However, even a portable terminal that does not have an input means with high convenience for character input may be required to input a password at the time of authentication, for example, in payment for shopping on the Internet. Was troublesome.

  An object of one aspect of the present invention is to provide an authentication program, an authentication method, an authentication device, and an authentication system that can improve the convenience of password input in password authentication.

One aspect is
On the computer,
A plurality of correct partial character strings stored in the second storage unit, generated by dividing the authentication character string stored in the first storage unit into a plurality of pieces so as to include at least one continuous character. And outputting at least one correct partial character string and a plurality of false partial character strings corresponding to the correct partial character string as a plurality of input candidate character strings,
When an authentication instruction using an input authentication character string including one input candidate character string among the plurality of input candidate character strings is input, the input authentication character string and the first storage unit are stored. Authenticate depending on whether the authentication string matches,
This is an authentication program.

  One of the other aspects is an authentication apparatus that performs processing of the authentication program, and an authentication method in which a computer executes processing of the authentication program. In addition, another aspect may include a computer-readable recording medium that records the above-described authentication program.

  The convenience of password entry in password authentication can be improved.

It is a figure which shows an example of a structure of the authentication system which concerns on 1st Embodiment, and an example of the process sequence in an authentication system. It is a figure which shows an example of the hardware constitutions of an authentication server. It is a figure which shows an example of the functional block of the authentication server which concerns on 1st Embodiment. It is a figure which shows an example of the information stored in a dictionary database. It is an example of the flowchart of the password registration process in an authentication server. It is an example of the flowchart of the password authentication process in an authentication server. It is a figure which shows an example of the hardware constitutions of a portable terminal. It is a figure which shows an example of the password input screen of the portable terminal in a password authentication process. It is a figure which shows an example of a structure of the authentication system which concerns on 2nd Embodiment, and an example of the process sequence in an authentication system. It is a figure which shows an example of the information stored in the dictionary database which concerns on 2nd Embodiment. It is an example of the flowchart of the password authentication process of the authentication server which concerns on 2nd Embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. The configuration of the following embodiment is an exemplification, and the present invention is not limited to the configuration of the embodiment.

<First Embodiment>
FIG. 1 is a diagram illustrating an example of a configuration of an authentication system according to the first embodiment and an example of a processing sequence in the authentication system. The authentication system according to the first embodiment includes an authentication server 1 and a mobile terminal 2. In FIG. 1, one authentication server 1 and one mobile terminal 2 are shown, but actually, a plurality of mobile terminals 2 are included. The authentication server 1 may be a single device or a plurality of devices that perform distributed processing.

  In the authentication system according to the first embodiment, the authentication server 1 transmits a plurality of input candidates for a partial character string to be input next to the password to the mobile terminal 2 during password authentication. A password is input by selecting a correct partial character string from the partial character strings of the plurality of input candidates. Thereby, the character input operation for password input can be replaced with the selection operation, and the complexity of password input at the time of password authentication can be reduced. In addition, since the input candidates transmitted to the mobile terminal 2 include a plurality of dummy character strings as well as the correct partial character strings, it is difficult to identify the correct password even if it is seen by others. it can.

  OP1 to OP3 are password registration processes, which are one of the preparation processes for password authentication. In OP1, the mobile terminal 2 transmits a password to be registered in the authentication server 1.

  In OP2, the authentication server 1 receives the password from the portable terminal 2 and registers the password. At this time, the authentication server 1 divides the password into a plurality of partial character strings, generates dummy character strings for the partial character strings other than the first partial character string, and registers them together with the correct partial character string. In OP3, the authentication server 1 transmits registration completion to the mobile terminal 2.

  OP4 to OP14 are password authentication processes. In OP4, a predetermined operation is performed by the user on the portable terminal 2, and the password authentication process is started. The predetermined operation is, for example, an operation for transition to the authentication screen such as selecting a link to the authentication screen of the mobile terminal 2 or a transition button. In response to the predetermined operation, the portable terminal 2 accesses, for example, the URL of the authentication screen of the authentication server 1 and transmits an authentication request to the authentication server 1. The authentication server 1 transmits an authentication screen to the mobile terminal 2, and the mobile terminal 2 displays the authentication screen.

  In OP5, the portable terminal 2 receives the input of the first character string A from the user, and transmits the first character string A to the authentication server 1. In OP <b> 6, the authentication server 1 transmits an input candidate for a partial character string of a password following the first character string A received from the mobile terminal 2 to the mobile terminal 2. This input candidate includes a correct partial character string and a plurality of dummy character strings.

  In OP7, a plurality of password input candidate character strings following the first character string A received from the authentication server 1 are displayed on the screen of the portable terminal 2, and one character string B is selected from the input candidates by the user. Selected. In OP <b> 8, the mobile terminal 2 transmits the selected character string B to the authentication server 1.

  In OP <b> 9, the authentication server 1 transmits the input candidate for the partial character string of the password following the character string B received from the mobile terminal 2 to the mobile terminal 2. Thereafter, the processes of OP7 to OP9 are repeated until the last partial character string of the password is input.

  In OP10, the mobile terminal 2 transmits a character string corresponding to the final partial character string of the password selected by the user to the authentication server 1. In OP <b> 11, the authentication server 1 transmits a password input candidate following the character string received from the mobile terminal 2 to the mobile terminal 2.

  In OP12, the portable terminal 2 transmits the input completion of the password input from the user to the authentication server. In OP12, input candidates following the last partial character string of the password received from the authentication server 1 are displayed on the screen of the mobile terminal 2. However, input candidates subsequent to the last partial character string of the password are not included because there is no correct partial character string, and include a plurality of dummy character strings. This makes it difficult to specify the end point of the password.

  In OP <b> 13, the authentication server 1 performs authentication by comparing the password received in order from the mobile terminal 2 with the registered password. If the received password matches the registered password, authentication is successful. If the received password does not match the registered password, authentication fails. In OP <b> 14, the authentication server 1 transmits an authentication result to the mobile terminal 2.

The processing of OP1 to OP14 is, for example, HTTP (Hypertext Transfer Protocol) or H
This is performed by TTPS (HTTP Secure) communication. In the portable terminal 2, for example, a program for performing password registration or authentication processing is activated by performing a predetermined operation on the browser screen. Information such as the address of the authentication server 1 is included in the program, so that the mobile terminal 2 can acquire the address of the authentication server 1 and the like.

  Although omitted in the description of the processing of OP1 to OP14 described above, it is assumed that the user is identified by processing such as login in FIG. 1 before these processing.

<Configuration of authentication server>
FIG. 2 is a diagram illustrating an example of a hardware configuration of the authentication server 1. The authentication server 1 is a general-purpose computer such as a dedicated computer or a personal computer. The authentication server 1 includes a processor 101, a main storage device 102, an input device 103, an output device 104, an auxiliary storage device 105, a portable recording medium drive device 106, and a network interface 107. These are connected to each other by a bus 109.

  The input device 103 is, for example, a pointing device such as a keyboard and a mouse. Data input from the input device 103 is output to the processor 101.

  The portable recording medium driving device 106 reads out programs and various data recorded on the portable recording medium 110 and outputs them to the processor 101. The portable recording medium 110 is, for example, an SD card, a miniSD card, a microSD card, a USB (Universal Serial Bus) flash memory, a CD (Compact Disc), a DVD (Digital Versatile Disc), a Blu-ray (registered trademark) Disc, or A recording medium such as a flash memory card.

  The network interface 107 is an interface for inputting / outputting information to / from the network. The network interface 107 includes an interface connected to a wired network and an interface connected to a wireless network. The network interface 107 is, for example, a NIC (Network Interface Card), a wireless LAN (Local Area Network) card, or the like. Data received by the network interface 107 is output to the processor 101.

  The auxiliary storage device 105 stores various programs and data used by the processor 101 when executing each program. The auxiliary storage device 105 is a non-volatile memory such as an EPROM (Erasable Programmable ROM) or a hard disk drive. The auxiliary storage device 105 holds, for example, an operating system (OS), an authentication program, and various other application programs.

  The main storage device 102 provides the processor 101 with a storage area and a work area for loading a program stored in the auxiliary storage device 105, and is used as a buffer. The main storage device 102 is a semiconductor memory such as a ROM (Read Only Memory) and a RAM (Random Access Memory).

The processor 101 is, for example, a CPU (Central Processing Unit). The processor 101 executes various processes by loading the OS and various application programs held in the auxiliary storage device 105 or the portable recording medium 110 into the main storage device 102 and executing them. The number of processors 101 is not limited to one, and a plurality of processors 101 may be provided.

  The output device 104 outputs the processing result of the processor 101. The output device 104 includes an audio output device such as a display, a printer, and a speaker, for example.

  For example, in the authentication server 1, the processor 101 loads an authentication program held in the auxiliary storage device 105 to the main storage device 102 and executes it. The authentication server 1 performs user authentication of the portable terminal 2 through execution of the authentication program. Note that the hardware configuration of the authentication server 1 is an example, and is not limited to the above, and components can be omitted, replaced, or added as appropriate according to the embodiment. The authentication program may be recorded on the portable recording medium 110, for example.

  FIG. 3 is a diagram illustrating an example of functional blocks of the authentication server 1 according to the first embodiment. The authentication server 1 includes a reception unit 11, a character string creation unit 12, a registration unit 13, an authentication unit 14, a transmission unit 15, an authentication database (DB) 16, and a dictionary database (DB) 17 as functional blocks. These functional blocks are processes performed by the processor 101 executing an authentication program stored in the auxiliary storage device 105, for example.

  The reception unit 11 and the transmission unit 15 are data reception and transmission interfaces with the mobile terminal 2, respectively. For example, in the case of password registration processing, the reception unit 11 outputs the received password to the character string creation unit 12. For example, in the case of password authentication processing, the reception unit 11 outputs the received data to the authentication unit 14.

  When the password is input from the receiving unit 11 in the password registration process, the character string creating unit 12 divides the password into a plurality of partial character strings, and creates a dummy character string corresponding to each partial character string. The character string creation unit 12 outputs the received password, a plurality of partial character strings, and the created dummy character string to the registration unit 13. Detailed processing of the character string creating unit 12 will be described later.

  The registration unit 13 stores the password input from the character string creation unit 12 in the authentication DB 16. Further, the registration unit 13 stores a plurality of partial character strings and dummy character strings created by the character string creation unit 12 in the dictionary DB 17.

  The authentication unit 14 performs password authentication processing. When the authentication unit 14 receives the input of the first partial character string of the password from the portable terminal 2, the subsequent partial character string of the password and the dummy character string corresponding to the partial character string are set as the next input candidates. It transmits to the portable terminal 2 through the transmission unit 15. Next, when receiving the character string selected from the input candidates by the portable terminal 2, the authentication unit 14 converts the next partial character string of the password and the dummy character string corresponding to the partial character string to the portable terminal. 2 to send. The authentication unit 14 repeats such processing until input completion is received from the mobile terminal 2. The authentication unit 14 is an example of an “output unit”.

  The authentication unit 14 buffers the partial character strings input from the mobile terminal 2 in the order of input. When the input is received from the mobile terminal 2, the authentication unit 14 compares the buffered character string with the password stored in the authentication DB 16. Authenticate. The buffered character string is referred to as an input password, and the password stored in the authentication DB 16 is referred to as a registered password.

  If the input password matches the registered password, the authentication unit 14 determines success of authentication. If the input password does not match the registered password, the authentication unit 14 determines authentication failure. The authentication result is transmitted to the mobile terminal 2 through the transmission unit 15. The authentication unit 14 is an example of an “authentication unit”.

  The authentication DB 16 and the dictionary DB 17 are created in the storage area of the main storage device 102 or the auxiliary storage device 105, for example. The authentication DB 16 stores a password registered by the user. In the authentication DB 16, the password may be stored in association with the user identification information, for example. The user identification information is, for example, a user ID, a telephone number, an e-mail address, an individual identification number of the mobile terminal 2, and the like. The authentication DB 16 is an example of a “first storage unit”. The dictionary DB 17 is an example of a “second storage unit”.

  FIG. 4 is a diagram illustrating an example of information stored in the dictionary database 17. The dictionary DB 17 stores a plurality of partial character strings created by dividing passwords and dummy character strings corresponding to the partial character strings.

  For example, when the password is divided into three partial character strings a, b, and c, the character string creation unit 12 corresponds to the partial character strings subsequent to the partial character strings a, b, and c. Create a dummy string to be used. In FIG. 4, the dummy character strings are represented as b′1 to b′n, c′1 to c′n, and d′ 1 to d′ n. n is a positive integer. In the first embodiment, since the first character string a of the password is input by the user by inputting characters, a dummy character string corresponding to the first character string a is not created. In order to prevent the end point of the password from being specified, although there is no correct partial character string subsequent to the last partial character string c of the password, dummy character strings d′ 1 to d ′ subsequent to the partial character string c are present. n is created.

The number of divisions of one password is not limited to a predetermined number. For example, the number of password divisions may be determined according to the number of characters included in the password. However, in the first embodiment,
The password is divided into at least two partial character strings. Further, the number of characters included in one partial character string is not limited to a predetermined number. For example, in the first embodiment, since the first character string of the password is input by the user's character input, the smaller the number of characters included in the first character string of the password, the less the user's character input burden. it can.

  Further, the number of dummy character strings created for one partial character string is not limited to a predetermined number. A plurality of dummy character strings can make it difficult to specify a correct partial character string. However, if there are too many dummy character strings, the operability is lowered. For example, the number of dummy character strings created for one partial character string is 5 to 8. Further, the number of characters included in the partial character string and the number of characters included in the corresponding dummy character string may be the same or different, and are not limited to any one.

  In the dictionary DB 17, a partial character string and a subsequent partial character string of a password or a dummy character string corresponding to the subsequent partial character string are stored in association with each other. For example, the first partial character string a and the subsequent partial character string b, the first partial character string a and the dummy character string b'1,. . . , The leading partial character string a and the dummy character string b'n of the subsequent partial character string b are stored in association with each other. Hereinafter, the partial character string of the password is also referred to as a correct partial character string.

  The example shown in FIG. 4 is an example of information stored in the dictionary DB 17 for one user. The dictionary DB 17 stores information as shown in FIG. 4 for the number of users. The information stored in the dictionary DB 17 may be identified by user identification information, for example.

<Process flow>
FIG. 5 is an example of a flowchart of password registration processing in the authentication server 1. The flowchart shown in FIG. 5 is started when, for example, the authentication server 1 (reception unit 11) receives a password registration request from the mobile terminal 2. For the password registration request, for example, the user performs a password registration start operation such as selecting the “password registration” menu from the browser on the mobile terminal 2, and the mobile terminal 2 accesses the URL of the password registration screen of the authentication server 1. Is transmitted from the portable terminal 2.

  In OP <b> 21, the receiving unit 11 receives a password from the mobile terminal 2. The receiving unit 11 outputs the password to the character string creating unit 12. Next, the process proceeds to OP22.

  In OP22, the character string creating unit 12 divides the password into a plurality of partial character strings. In OP23, the character string creating unit 12 creates a dummy character string of a partial character string subsequent to each partial character string. The character string creation unit 12 outputs a password, a partial character string of the created password, and a dummy character string to the registration unit 13. Next, the process proceeds to OP24.

  In OP24, the registration unit 13 outputs the password to the authentication DB 16. Further, the registration unit 13 stores the partial character string and dummy character string of the password created by the character string creation unit 12 in the dictionary DB 17 (see FIG. 4). Next, the process proceeds to OP25.

  In OP <b> 25, the registration unit 13 transmits password registration completion to the mobile terminal 2 through the transmission unit 15. Thereafter, the process shown in FIG. 5 ends.

FIG. 6 is an example of a flowchart of password authentication processing in the authentication server 1. The flowchart illustrated in FIG. 6 is started, for example, when the authentication server 1 (reception unit 11) receives an authentication request from the mobile terminal 2. The authentication request is performed by, for example, the user performing a password authentication start operation such as a transition to the password authentication screen of the browser on the mobile terminal 2, and the mobile terminal 2 accessing the URL of the authentication screen of the authentication server 1 to It is transmitted from the terminal 2.

  In OP31, the receiving unit 11 receives the first character string A of the password. The receiving unit 11 outputs the first partial character string A to the authentication unit 14. Next, the process proceeds to OP32.

  In OP32, the authentication unit 14 writes the first partial character string A to the input password X in the buffer. Further, the authentication unit 14 holds the partial character string x = first partial character string A. Next, the process proceeds to OP33.

  In OP33, the authentication unit 14 reads the correct partial character string y subsequent to the partial character string x and the dummy character strings y′1 to y′n from the dictionary DB 17, and transmits them to the portable terminal 2 as the next input candidates. To do. For example, if the first partial character string A input by the user is incorrect and there is no information matching the partial character string x in the dictionary DB 17, the authentication unit 14 determines that the authentication has failed and the processing shown in FIG. End.

  On the display screen of the portable terminal 2, the correct partial character string y and the dummy character strings y′1 to y′n, which are input candidates, are displayed in random order, and the user can select a character string from these. Select one. In this case, the selected character string Y is transmitted from the portable terminal 2 to the authentication server 1. Or when the input of a password is complete | finished, a user selects the input completion button displayed on the portable terminal 2, for example. In this case, the input completion is transmitted from the portable terminal 2 to the authentication server 1. Next, the process proceeds to OP34.

  When the receiving unit 11 receives an input completion from the mobile terminal 2 (OP34: YES), the process proceeds to OP40. In OP40, the authentication unit 14 stores in the authentication DB 16 whether or not the input password X stored in the buffer matches the registration password P in the authentication DB 16, or a registration password that matches the input password. Authentication is performed by determining whether or not the user is present. The authentication unit 14 transmits the authentication result to the mobile terminal 2. Thereafter, the process shown in FIG. 6 ends.

  If the receiving unit 11 does not receive the input completion from the portable terminal 2 (OP34: NO), the process proceeds to OP35. In OP35, the receiving unit 11 receives the character string Y selected by the user from the portable terminal 2. The receiving unit 11 outputs the character string Y to the authentication unit 14. Next, the process proceeds to OP36.

  In OP36, the authentication unit 14 adds and holds the character string Y at the end of the input password X in the buffer. Next, the process proceeds to OP37.

  In OP37, the authentication unit 14 compares the character string Y with the correct partial character string y and determines whether or not they match. If the character string Y matches the correct partial character string y (OP37: YES), the process proceeds to OP39. In OP39, the authentication unit 14 holds the partial character string x = character string Y. Next, the processing returns to OP33, and the processing of OP33 to OP39 is executed for the newly set partial character string x.

If the character string Y and the correct partial character string y do not match (OP37: NO), the process proceeds to OP38. In OP <b> 38, the authentication unit 14 creates dummy character strings z ′ <b> 1 to z′n following the character string Y and transmits them to the mobile terminal 2. As a result, even when a dummy character string is selected from among the input candidates by the user, a dummy character string as the next input candidate of the selected dummy character string is displayed on the screen of the mobile terminal 2, and the correct password Can be difficult to identify. Next, the process returns to OP34, and the processes of OP34 to OP38 are executed. In this case, when input completion is received from the portable terminal 2 (OP34: YES), authentication by the authentication unit 14 fails.

  Note that the processing in OP37 may be replaced with processing for determining whether or not an input candidate (correct answer partial character string or dummy character string) following the character string Y exists in the dictionary DB 17.

<Configuration of mobile terminal>
FIG. 7 is a diagram illustrating an example of a hardware configuration of the mobile terminal 2. The mobile terminal 2 is, for example, a smartphone, a tablet terminal, a mobile phone terminal, a mobile game machine, or the like. The portable terminal 2 includes a CPU 201, a storage unit 202, a touch panel 203, a display 204, a wireless unit 205, an audio input / output unit 206, a speaker 207, a microphone 208, and an antenna 210.

  The storage unit 202 includes a ROM 202A and a RAM 202B. The RAM 202B includes both volatile and nonvolatile ones. The ROM 202A or the non-volatile RAM 202B stores a client authentication program. The client authentication program is a program for operating the mobile terminal 2 as an authentication client. In addition, programs such as an OS and applications are also stored in the ROM 202B or the nonvolatile RAM 202A.

  The touch panel 203 is one of position input devices, and is arranged on the surface of the display 204, and inputs the coordinates of the touch position of the finger corresponding to the screen of the display 204. For example, the touch panel 203 may be any one of a capacitance method, a resistance film method, a surface acoustic wave method, an infrared method, an electromagnetic induction method, and the like.

  The display 204 is, for example, a liquid crystal display (LCD). The display 204 displays screen data according to a signal input from the CPU 201.

  The wireless unit 205 is connected to the antenna 210, converts a wireless signal received through the antenna 210 into an electrical signal and outputs the electrical signal to the CPU 201, or converts an electrical signal input from the CPU 201 into a wireless signal and transmits the antenna. Or send it through 210. The wireless unit 205 is, for example, any one or a plurality of electronic circuits of a third generation mobile communication system, a second generation mobile communication system, and LTE (Long Term Evolution).

  The audio input / output unit 206 is connected to a speaker 207 as an audio output device and a microphone 208 as an audio input device. The audio input / output unit 206 converts an audio signal input from the microphone 208 into an electric signal and outputs the electric signal to the CPU 201, or converts an electric signal input from the CPU 201 into an audio signal and outputs the audio signal to the speaker 207. To do.

  Note that the hardware configuration of the mobile terminal 2 is not limited to that shown in FIG. 7, and changes such as addition, replacement, and deletion can be made as appropriate. For example, the mobile terminal 2 may include an infrared communication unit, an IC card communication unit, and the like in addition to the configuration shown in FIG. Further, the mobile terminal 2 may be provided with operation buttons for direction instruction and character input in addition to or instead of the touch panel 203.

The client authentication program is activated by another application or by a user instruction. When the CPU 201 executes the client authentication program, the mobile terminal 2 performs password registration and password authentication processing.

  The password registration process in the portable terminal 2 is as follows. The portable terminal 2 transmits a password registration request to the authentication server 1, and then transmits the password input by the user to the authentication server 1. The password registration request may be transmitted together with the password input from the user. When the password is registered in the authentication server 1, the authentication server 1 transmits registration completion. When the registration completion is received from the authentication server 1, the portable terminal 2 ends the password registration process.

  The password authentication process in the portable terminal 2 is as follows. The portable terminal 2 transmits an authentication request to the authentication server 1, receives an authentication screen from the authentication server 1, and displays it on the display 204. Next, the mobile terminal 2 transmits the first partial character string input from the user through the authentication screen to the authentication server 1.

  Next, the mobile terminal 2 receives a plurality of character strings from the authentication server 1 and displays the plurality of character strings on the display 204. At this time, the portable terminal 2 also displays an operation button for inputting completion of input. When one character string is selected from the plurality of character strings displayed on the display by the user, the portable terminal 2 transmits the selected character string to the authentication server 1. Thereafter, the mobile terminal 2 repeatedly executes a process of receiving a plurality of character strings from the authentication server 1 and transmitting the selected character string to the authentication server 1 until an input completion is input from the user.

  For example, when an input completion is input from the user by selecting an input completion button displayed on the display 204, the mobile terminal 2 transmits the input completion to the authentication server 1. When the portable terminal 2 receives the authentication result from the authentication server 1, the portable terminal 2 notifies the predetermined application of the authentication result and ends the password authentication process.

  FIG. 8 is a diagram illustrating an example of a password input screen of the mobile terminal 2 in the password authentication process. The password input screen is one of authentication screens, and includes an input password display area 200 and an input password candidate display area 300.

  The input password display area 200 is an area where a password input by the user is displayed. However, for security protection, the input password character string is converted into a predetermined symbol and displayed. The input completion button B1 is an operation button for inputting completion of password input. In the example shown in FIG. 8, the input completion button B1 is arranged in the input password display area 200, but the arrangement place of the input completion button B1 is not limited to a predetermined position.

  The input password candidate display area 300 is an area where input candidates for a partial character string of a password to be input next are displayed. The correct partial character string and the dummy character string received from the authentication server 1 as input candidates are displayed in the input password candidate display area 300. In the input password candidate display area 300, the correct partial character string and the dummy character string are arranged in a random order without depending on, for example, the selection frequency. The cancel button B2 is a button for canceling the selection of the partial character string of the password input immediately before.

In the example shown in FIG. 8, the partial character string of the first three characters of the password and the subsequent partial character string of the two characters have already been input, and the third partial character string from the beginning is input from the input candidate character string. The password entry screen when selected is shown. In the example shown in FIG. 8, the mobile terminal 2 is provided with an input button B3 capable of direction indication, and a password is input by operating the input button B3. In the example shown in FIG. 8, the character string on which the cursor is positioned is displayed with its color reversed.

  The password input screen as shown in FIG. 8 is acquired, for example, when the mobile terminal 2 accesses the URL of the password input screen of the authentication server 1 and receives it from the authentication server 1. Further, accessing the URL of the password input screen is an example of an operation for making an authentication request to the authentication server 1.

<Operational effects of the first embodiment>
In the first embodiment, when the user of the portable terminal 2 performs password authentication, if a character is input for the first partial character string of the password, a plurality of candidates for the subsequent partial character string of the password are displayed on the portable terminal 2. 104. The user selects a correct partial character string from a plurality of displayed partial character string candidates and inputs a password. Therefore, according to the first embodiment, in the password authentication, the user of the portable terminal 2 performs character input for the first partial character string of the password, and for other partial character strings from among the candidates. Since it becomes possible to input by selecting, it is possible to reduce the complexity of character input in password authentication.

  In addition to the correct partial character string, multiple dummy character strings are displayed as input candidates for the password partial character string, so that even if someone looks into the password input screen, the correct password is specified. It can be difficult. In addition, the correct partial character string and the plurality of dummy character strings as input candidates for the partial character string of the password are arranged randomly on the screen of the mobile terminal 2 without depending on the selection frequency, for example. The correct password can be made difficult to specify.

  Even when a dummy character string is selected from among the input candidates by the user of the mobile terminal 2, the authentication server 1 generates a dummy character string as the next input candidate and transmits the dummy character string to the mobile terminal 2. The next input candidate is displayed on the second screen. That is, even when the user selects the partial character string of the password incorrectly, the next input candidate is displayed on the screen of the mobile terminal 2 as when the correct partial character string is selected. As a result, even when the user selects a dummy character string, it is difficult for another person to specify whether the selected character string is a correct partial character string or a dummy character string, and it is more difficult to specify a password. can do.

  Even after the last partial character string of the password is input, the authentication server 1 transmits the dummy character string to the portable terminal 2 as the next input candidate even though the subsequent partial character string of the password does not exist. To do. Thus, even after the last partial character string of the password is input, the input candidate character string is displayed on the screen of the portable terminal 2, and it is difficult to specify the end point of the password.

Second Embodiment
In the first embodiment, the first partial character string of the password is input by a character input operation by the user. In the second embodiment, the authentication server 1 presents a plurality of input candidates to the portable terminal 2 and allows a password to be input by a selection operation from the input candidates, without requiring a user to input characters for the first character string of the password. To do. In addition, about 2nd Embodiment, description of the part which is common in 1st Embodiment is abbreviate | omitted.

  FIG. 9 is a diagram illustrating an example of a configuration of an authentication system according to the second embodiment and an example of a processing sequence in the authentication system. The configuration of the authentication system according to the second embodiment is the same as that of the authentication system according to the first embodiment.

OP51 to OP53 are password registration processes. The processing of OP51 to OP53 is as follows:
1 differs from OP1 to OP3 in that terminal identification information is transmitted from the mobile terminal 2 and registered in the authentication server 1 in addition to the password to be registered. In OP52, the authentication server 1 creates a dummy character string corresponding to the first partial character string of the password, and registers the correct partial character string, the dummy character string, and the terminal identification information. The terminal identification information is associated with a leading character string and a dummy character string corresponding to the leading character string.

  OP54 to OP64 are password authentication processes. In OP <b> 54, a predetermined operation is performed on the mobile terminal 2, and the mobile terminal 2 accesses the URL of the authentication screen of the authentication server 1 and transmits an authentication request to the authentication server 1.

  In OP55, the mobile terminal 2 transmits terminal identification information to the authentication server 1. The terminal identification information is not input from the user, but is acquired by, for example, reading the terminal identification information held in the ROM 202A or the RAM 202B. As the terminal identification information, for example, an instruction is incorporated into the client authentication program so that the terminal identification information is transmitted when accessing the URL of the authentication screen of the authentication server 1, or the terminal is included in a part of the URL of the authentication screen. It is transmitted by the mobile terminal 2 by creating a bookmark including identification information.

  In OP56, the authentication server 1 transmits the leading partial character string and the dummy character string associated with the terminal identification information received from the portable terminal 2 to the portable terminal 2 as input candidates.

  In OP57, the first partial character string and the dummy character string received from the authentication server 1 are displayed as input candidates on the portable terminal 2, and one character string A is selected from the input candidates by the user. In OP58, the mobile terminal 2 transmits the selected character string A to the authentication server 1.

  In OP <b> 59, the authentication server 1 transmits to the portable terminal 2 input candidates for the partial character string of the password following the character string A received from the portable terminal 2. Thereafter, the processing of OP57 to OP59 is repeated until the last partial character string of the password is input. Further, the processing after OP60 is the same as that in the first embodiment.

  In the second embodiment, the authentication server 1 registers the first character string of the password, the dummy character string corresponding to the first character string, and the terminal identification number in association with each other. Accordingly, the user of the portable terminal 2 can also input the first character string of the password by a selection operation from the input candidates received from the authentication server 1 without inputting characters.

  In the second embodiment, the hardware configuration and functional configuration of the authentication server 1 and the mobile terminal 2 are the same as those in the first embodiment.

  FIG. 10 is a diagram illustrating an example of information stored in the dictionary database 17 according to the second embodiment. In the second embodiment, in addition to the information stored in the first embodiment, the dictionary DB 17 includes a leading partial character string (“a” in the figure) and a dummy character string corresponding to the leading partial character string (in the figure). The association between each of “a′1 to a′n”) and the terminal identification information (denoted as “ID” in the drawing) of the mobile terminal 2 is stored.

  The terminal identification information is information for identifying the terminal. As the terminal identification information, for example, user identification information such as an individual identification number of a mobile phone terminal, a telephone number, an e-mail address, and a user ID is used.

FIG. 11 is an example of a flowchart of password authentication processing of the authentication server 1 according to the second embodiment. The flowchart illustrated in FIG. 11 is started, for example, when the authentication server 1 (reception unit 11) receives an authentication request from the mobile terminal 2.

  In OP71, the receiving unit 11 receives terminal identification information from the portable terminal 2. Next, the process proceeds to OP72.

  In OP72, the authentication unit 14 reads from the dictionary DB 17 the first partial character string of the password associated with the terminal identification number of the portable terminal 2 and the dummy character string corresponding to the first partial character string. Send to. On the display of the portable terminal 2, the first character string of the password and a dummy character string corresponding to the first character string are displayed, and one character string A is selected by the user. Next, the process proceeds to OP73.

  In OP73, the receiving unit 11 receives the character string A from the portable terminal 2. The receiving unit 11 outputs the character string A to the authentication unit 14. Next, the process proceeds to OP74.

  In OP74, the authentication unit 14 writes the character string A to the input password X in the buffer. Further, the authentication unit 14 holds the partial character string x = character string A.

  Next, the process proceeds to OP37 in FIG. 6, and it is determined whether or not the character string A matches the first partial character string. Thereafter, the processing proceeds in the same manner as in the first embodiment according to the flowchart shown in FIG.

<Effects of Second Embodiment>
In the second embodiment, the terminal identification information is registered in the dictionary DB 17 in association with the head partial character string of the password and the dummy character string corresponding to the head partial character string. Send terminal identification information. As a result, the authentication server 1 can provide the portable terminal 2 with the dummy character string for the first character string of the password, and the user of the portable terminal 2 can perform password authentication without performing character input in password authentication. Can do. In addition, even when the portable terminal 2 does not have character input means such as a music player, password authentication can be performed if an input device (such as an operation button) that can be selected is provided. .

<Others>
In the first embodiment and the second embodiment, the mobile terminal 2 has been described as an example of the client terminal. However, the authentication client terminal is not limited to the mobile terminal 2, and may be, for example, a stationary PC or a game device. There may be.

  In the first embodiment and the second embodiment, the server client type authentication system, that is, the authentication server 1 and the portable terminal 2 has been described. However, the present invention is not limited to this, and the first embodiment or the second embodiment is performed with one device. Processing of an authentication system of a form may be performed. For example, the authentication DB 16 and the dictionary DB 17 are created in the RAM 202B or the auxiliary storage device 202C of the mobile terminal 2, and the CPU 201 of the mobile terminal 2 performs the process of the mobile terminal 2 described in the first embodiment and the second embodiment. In addition, by performing the processing of the authentication server 1, the processing of the authentication system of the first or second embodiment can be realized by the mobile terminal 2 alone. When the processing of the authentication server 1 and the mobile terminal 2 of the first or second embodiment is executed by the mobile terminal 2 alone, the mobile terminal 2 is an example of an “authentication device”.

In the first embodiment and the second embodiment, the authentication server 1 buffers and holds the partial character string transmitted from the mobile terminal 2, and when input completion is input from the mobile terminal 2, a plurality of buffered characters are stored. Authentication was performed using the partial character string as the input password. Instead, authentication server 1
Rather, the mobile terminal 2 buffers the partial character string selected by the user, and when the input completion is input by the user, the buffered partial character string may be transmitted to the authentication server 1 as the input password. Good. In this case, the authentication server 1 performs authentication using the input password received from the mobile terminal 2.

  In the first embodiment and the second embodiment, the input candidate character string including the dummy character string is provided from the authentication server 1 to the portable terminal 2 for at least all the partial character strings after the first partial character string of the password. Not limited. For example, the input candidate character string including the dummy character string may be provided to the mobile terminal 2 from the authentication server 1 for a part of the partial character strings of the password. For example, an input candidate character string including a dummy character string may be provided for the second partial character string from the beginning of the password, and the subsequent partial character strings may be input by character input by the user.

  Moreover, in 1st Embodiment and 2nd Embodiment, although the authentication server 1 hold | maintains the dummy character string corresponding to a correct answer partial character string beforehand in dictionary DB17, it is not restricted to this. For example, the authentication server 1 does not hold the dummy character string corresponding to the correct partial character string in the dictionary DB 17, and generates a dummy character string each time the input candidate character string is provided to the mobile terminal 2. Also good.

  In the first embodiment and the second embodiment, in the password registration process, a password is input from the mobile terminal 2 and the input password is registered. For example, the password registration process may be performed by the administrator of the authentication system inputting the password determined at the time of contracting a predetermined service to the authentication server 1 and registering it in the authentication DB 16.

  The authentication program may be recorded on a computer-readable recording medium. As an example of a computer-readable recording medium, information such as data and programs can be temporarily stored by electrical, magnetic, optical, mechanical, or chemical action and read from a computer or the like. A recording medium may be mentioned.

DESCRIPTION OF SYMBOLS 1 Authentication server 2 Portable terminal 11 Reception part 12 Character string preparation part 13 Registration part 14 Authentication part 15 Transmission part 16 Authentication database 17 Dictionary database

Claims (7)

On the computer,
A plurality of correct partial character strings stored in the second storage unit, generated by dividing the authentication character string stored in the first storage unit into a plurality of pieces so as to include at least one continuous character. And outputting at least one correct partial character string and a plurality of false partial character strings corresponding to the correct partial character string as a plurality of input candidate character strings,
When an authentication instruction using an input authentication character string including one input candidate character string among the plurality of input candidate character strings is input, the input authentication character string and the first storage unit are stored. Authenticate depending on whether the authentication string matches,
Authentication program for. When the character string of the one input candidate is the correct partial character string, the correct partial character string subsequent to the correct partial character string stored in the second storage unit, and the subsequent correct partial character A false partial character string corresponding to the column, and when the character string of the one input candidate is a false partial character string, a plurality of character strings are output as the next input candidate.
The authentication program according to claim 1. When the input of the correct partial character string at the end of the authentication character string is received, a plurality of character strings are output as input candidates next to the correct partial character string at the end of the authentication character string.
The authentication program according to claim 1 or 2. When the first character of the at least one correct partial character string is in an input order, the character strings of the plurality of input candidates are output.
The authentication program as described in any one of Claim 1 to 3. Computer
A plurality of correct partial character strings stored in the second storage unit, generated by dividing the authentication character string stored in the first storage unit into a plurality of pieces so as to include at least one continuous character. Outputting at least one correct partial character string and a plurality of false partial character strings corresponding to the correct partial character string as a plurality of input candidate character strings;
When an authentication instruction using an input authentication character string including one input candidate character string among the plurality of input candidate character strings is input, the input authentication character string and the first storage unit are stored. Authenticate depending on whether the authentication string matches,
Authentication method. A plurality of correct partial character strings stored in the second storage unit, generated by dividing the authentication character string stored in the first storage unit into a plurality of pieces so as to include at least one continuous character. An output unit that outputs at least one correct partial character string and a plurality of false partial character strings corresponding to the correct partial character string as a plurality of input candidate character strings;
When an authentication instruction using an input authentication character string including one input candidate character string among the plurality of input candidate character strings is input, the input authentication character string and the first storage unit are stored. An authentication unit that performs authentication depending on whether or not the authentication character string matches,
An authentication device comprising: An authentication system including an authentication server and an authentication client terminal,
The authentication server
A plurality of correct partial character strings stored in the second storage unit, generated by dividing the authentication character string stored in the first storage unit into a plurality of pieces so as to include at least one continuous character. An output unit that outputs at least one correct partial character string and a plurality of false partial character strings corresponding to the correct partial character string as a plurality of input candidate character strings;
When an authentication instruction using an input authentication character string including one input candidate character string among the plurality of input candidate character strings is input, the input authentication character string and the first storage unit are stored. An authentication unit that performs authentication depending on whether or not the authentication character string matches,
An authentication system comprising:

Images