JP2017142614A - Information processing apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing apparatus which can enhance security level without reducing convenience.SOLUTION: A notebook PC 10 includes a first authentication unit 20, a storage unit 13, a timer unit 18, a feature quantity extraction unit 31, and a collation unit 32. The storage unit 13 stores in advance an authentication template including feature quantity of a fingerprint of a user and feature quantity of typing interval. The first authentication unit 20 collates feature quantity of a fingerprint read by a fingerprint reader 17 with the authentication template, for personal authentication. When the authentication is successful, the user is permitted to log in. After log-in, when the user operates a keyboard, the timer unit 18 measures time interval of key input, to be stored in the storage unit 13 as typing interval. The feature quantity extraction unit 31 analyzes the stored typing interval, to extract feature quantity. The collation unit 32 collates the extracted feature quantity with the authentication template, to identify the user.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an information processing apparatus.

Information processing apparatuses such as personal computers, notebook PCs, tablet personal computers, smartphones, PDAs (Personal Digital Assistance), and electronic book viewing terminals have a user authentication function to prevent unauthorized access by third parties. ing. Examples of main authentication methods include authentication by password and biometric authentication using biometric features such as fingerprints.
In addition, in the information processing apparatus, after user authentication is once performed, when a key operation or the like is not performed by the user for a certain period or longer, a screen saver is displayed or a transition to a suspended state is performed. The data displayed on the screen is not viewed by a third party. When returning from the screen saver or the like, user authentication using a password or the like is requested again.

JP 2012-150625 A

  By the way, the waiting time until the above-described screen saver is activated and the waiting time until the screen saver is changed to the suspend state can be freely set by the user. When convenience is emphasized, the waiting time may be set longer, but the longer the waiting time, the lower the security level. For example, when the user leaves the seat while the login state is maintained, the longer the waiting time is set, the higher the risk of being used by a third party. On the other hand, when safety is emphasized and the waiting time is set to be short, input of a password or the like is frequently requested, which imposes a heavy burden on the user and impairs convenience.

  The present invention has been made in view of such circumstances, and an object of the present invention is to provide an information processing apparatus capable of increasing the security level without impairing convenience.

  The present invention provides an information processing apparatus including first authentication means and second authentication means for performing user authentication using user behavior data at the time of typing.

  According to the present invention, in addition to user authentication by the first authentication means, user authentication by the second authentication means different from the first authentication means is also performed, so that the security level can be improved. Further, the second authentication means acquires user behavior data at the time of typing and performs user authentication based on the acquired behavior data, so without requiring the user to input special data for user authentication, User authentication can be performed.

  According to the present invention, there is an effect that the security level can be increased without impairing convenience.

It is the figure which showed schematic structure of the information processing apparatus which concerns on 1st Embodiment of this invention. It is the flowchart which showed the procedure of the user authentication performed by the information processing apparatus which concerns on 1st Embodiment of this invention. It is the figure which showed schematic structure of the information processing apparatus which concerns on 2nd Embodiment of this invention. It is the figure which showed schematic structure of the information processing apparatus which concerns on 3rd Embodiment of this invention.

  Hereinafter, an information processing apparatus according to each embodiment of the present invention will be described with reference to the drawings. As an example of the information processing apparatus, a personal computer, a notebook PC, a tablet personal computer, a smartphone, a PDA (Personal Digital Assistance), an electronic book browsing terminal, and the like can be cited. In this embodiment, a notebook PC is used as the information processing apparatus. The case will be described.

[First Embodiment]
FIG. 1 is a diagram showing a schematic configuration of a notebook PC 10 according to the first embodiment of the present invention. As shown in FIG. 1, the notebook PC 10 includes a control unit 11, a main memory 12, a storage unit 13, an input unit 14, a display unit 15, a communication unit 16, a fingerprint reader 17, a time measuring unit 18, and the like. It is electrically connected via a bus.

  The main memory 12 is composed of a writable memory such as a cache memory or a RAM (Random Access Memory), and is used as a work area for reading the execution program of the control unit 11 and writing processing data by the execution program. The

  The storage unit 13 is, for example, a ROM (Read Only Memory), a HDD (Hard Disk Drive), a flash memory, or the like. For example, a notebook PC 10 such as Windows (registered trademark), iOS (registered trademark), Android (registered trademark), or the like. An OS for performing overall control, various drivers for operating hardware of peripheral devices, applications directed to specific tasks, various data and files, and the like are stored.

The input unit 14 is a user interface for a user to perform an input operation. For example, a keyboard composed of various keys, and a pointing stick for moving a cursor on the screen and selecting various menus. And mouse. The keyboard may be a physical keyboard, or a software keyboard in which various keys are displayed on a touch panel or the like.
The display unit 15 is a liquid crystal display device, for example, and performs display according to the control of the control unit 11.

The fingerprint reader 17 is used for first user authentication described later, reads the user's fingerprint, and outputs the read fingerprint information to the control unit 11.
The timer 18 is used for second user authentication described later. For example, when the keyboard is operated by the user, the timer 18 measures the time interval of each key input, and stores this time in the storage unit 13 as a typing interval. To do.

The control unit 11 is, for example, a CPU (Central Processing Unit), a microprocessor, a DSP, and the like, and implements various processes by comprehensively controlling the operation of the notebook PC 10. Specifically, the control unit 11 controls the entire notebook PC 10 by an OS (Operating System) stored in the storage unit 13 connected via the bus and executes various programs stored in the storage unit 13. By doing so, various processes are realized.
Further, the control unit 11 develops the first authentication program, the second authentication program, and the like stored in the storage unit 13 in the main memory 12 and executes them as the first authentication unit 20 and the second authentication unit 30. Function.

  The first authentication unit 20 collates the feature quantity of the fingerprint read by the fingerprint reader 17 with the feature quantity of the user's own fingerprint registered in the storage unit 13 in advance, and performs identity authentication. Since the processing related to fingerprint authentication is a known technique, details are omitted.

  The second authentication unit 30 repeatedly performs user authentication based on user behavior data at the time of typing input. In the present embodiment, the behavior data is data related to the user's typing speed. Specifically, the second authentication unit 30 analyzes the typing interval data stored in the storage unit 13 and extracts a feature amount, and the feature amount extracted by the feature amount extraction unit 31. And an authentication template that is a feature quantity of the user himself / herself registered in the storage unit 13 in advance, and a verification unit 32 that determines whether or not the user is the user.

Next, a processing procedure related to user authentication of the notebook PC 10 according to the present embodiment will be described with reference to FIG. FIG. 2 is a flowchart showing a user authentication procedure executed by the notebook PC 10 according to the present embodiment.
As shown in FIG. 2, fingerprint authentication is performed by the fingerprint reader 17 and the first authentication unit 20 at the time of login (step SA1). As a result, if it is determined that the user is not the person (“NO” in step SA2), the login is rejected (step SA3). If the user is determined to be the person (“YES” in step SA2), the login is not performed. Allowed (step SA4).

  When the login is permitted and the user inputs a key from the keyboard, the timing interval is counted by the timing unit 18 and stored in the storage unit 13 (step SA5). Subsequently, it is determined whether or not a predetermined period has elapsed since the start of user key input or the previous authentication (step SA6). When the predetermined period has elapsed ("YES" in step SA6), the feature amount extraction unit The feature amount is extracted by 31 (step SA7). For example, the feature quantity extraction unit 31 reads the data of the typing interval stored in the storage unit 13, creates a graph in which the absolute time is plotted on the horizontal axis and the time interval is plotted on the vertical axis, and this is subjected to frequency analysis. , Extract feature quantity.

The collation unit 32 collates the feature amount extracted by the feature amount extraction unit 31 with an authentication template that is a user feature amount registered in advance in the storage unit 13 and determines whether or not the user is the person (step) SA8). As a result, when it is determined that the user is the person (“YES” in step SA8), the process returns to step SA5. Thus, user authentication is performed again after a predetermined period of time has elapsed since the current authentication. Here, the verification unit 32 may delete the typing interval stored in the storage unit 13 every time authentication is completed. Thereby, it is possible to avoid that the memory is compressed by the typing interval.
On the other hand, if it is determined in step SA8 that the user is not the person, the process returns to step SA1 and the user is required to authenticate with a fingerprint.

  As described above, according to the notebook PC 10 according to the present embodiment, the first authentication unit 20 that performs fingerprint authentication, the second authentication unit 30 that performs user authentication based on the typing interval that is the behavior data of the user at the time of typing, Even after the first authentication unit 20 performs authentication, the second authentication unit 30 repeatedly performs authentication. As a result, when the user stands in the logged-in state and the typing is performed using the notebook PC by a third party, it is determined that the third party is based on the characteristic amount of the typing interval. It becomes possible. Accordingly, it is possible to improve the security level as compared with the information processing apparatus having user authentication only by the first authentication unit 20.

  Furthermore, since the second authentication unit 30 performs user authentication from a typing interval at the time of user typing, the user does not need to perform any special input or work for authentication. Therefore, the troublesomeness for authentication can be eliminated. As described above, according to the notebook PC 10 according to the present embodiment, it is possible to increase the security level without impairing convenience by performing user authentication using behavioral characteristics (癖) at the time of user typing. It becomes.

  In the present embodiment, the feature amount extraction unit 31 has described the case of extracting feature amounts at regular time intervals, but the timing of extracting feature amounts is not limited to the above example. For example, the feature amount may be extracted when the data amount of the typing interval stored in the storage unit 13 exceeds a predetermined amount.

Moreover, in this embodiment, although the case where the 1st authentication part 20 performed user authentication using a fingerprint was illustrated, the 1st authentication part 20 is not limited to this example, For example, other biometrics authentication, for example, iris authentication, Known authentication methods such as vein authentication and retina authentication can be used as appropriate. Further, instead of such biometric authentication, password authentication can be applied.
Further, when key input by the user is requested at the time of authentication by the first authentication unit 20 as in the case of authentication by password, the second authentication unit 30 sets the typing interval of the key input input at the time of the first authentication. User authentication may be performed using. Thus, by performing authentication by the second authentication unit 30 simultaneously with the authentication by the first authentication unit 20, the security level can be further improved.

In this embodiment, a typing interval is adopted as user behavior data at the time of typing, and user authentication is performed using the typing interval. However, characteristics other than the typing interval may be used as user behavior data. Good. For example, the strength of typing, the palm position during typing, the posture of the user during typing, and the like may be used.
These features can also capture the user's habits when typing, and by performing user authentication using at least one of these features, the security level can be increased without increasing the user's burden on user authentication. It becomes possible to raise.

[Second Embodiment]
In the first embodiment described above, the case where the second authentication unit performs user authentication using the typing interval (typing speed) has been described. However, in the present embodiment, the second authentication unit uses the strength of typing. Authenticate. The information processing apparatus according to the second embodiment of the present invention will be described below with reference to FIG.

  FIG. 3 is a diagram showing a schematic configuration of a notebook PC 10a according to the second embodiment of the present invention. As shown in FIG. 3, the notebook PC 10 a includes a pressure sensor 40 that is provided below each key of the physical keyboard and detects a key pressing level. The pressing data acquired by the pressure sensor 40 is stored in the storage unit 13. Similar to the above embodiment, the feature amount extraction unit 31a extracts the feature amount from the press data, and the extracted feature amount and the authentication template that is the principal feature amount stored in advance in the storage unit 13a are obtained. Verification is performed by the verification unit 32a and user authentication is performed.

  Similar to the typing interval, the strength of typing varies from user to user. Therefore, it is possible to determine whether or not the person himself / herself based on the pressing level of typing. An acceleration sensor may be used in place of the pressure sensor 40 as a sensor for detecting the strength of typing. In this case, an acceleration sensor is provided on the keyboard, an impact at the time of typing is detected by the acceleration sensor, a feature value is extracted from the detection value of the acceleration sensor, and user authentication is performed using this feature value.

[Third Embodiment]
Although the case where the second user authentication is performed using the typing interval or the like has been described in the above embodiment, in the present embodiment, the second user authentication is repeatedly performed using the feature amount related to the palm position at the time of typing. The information processing apparatus according to the third embodiment of the present invention will be described below with reference to FIG.

FIG. 4 is a diagram showing a schematic configuration of a notebook PC 10b according to the third embodiment of the present invention. The notebook PC 10b according to the present embodiment includes an imaging unit 41 for detecting the palm position. The video data acquired by the imaging unit 41 is stored in the storage unit 13b. Similar to the above embodiment, the feature amount extraction unit 31b extracts the feature amount from the video data, and the extracted feature amount and the authentication template that is the principal feature amount stored in advance in the storage unit 13b are obtained. Collation is performed by the collation unit 32b, and second user authentication is performed.
Examples of the feature amount in this case include, for example, the center-of-gravity positions of the left and right palms at the home position, the amount of movement of the center-of-gravity position of the palm at the time of typing, and the arrangement of fingers on the keyboard.

[Fourth Embodiment]
Next, an information processing apparatus according to the fourth embodiment of the present invention will be described. The notebook PC 10c according to the present embodiment repeatedly performs the second user authentication using the feature amount related to the posture at the time of typing. The information processing apparatus according to the fourth embodiment of the present invention will be described below.

The notebook PC according to the present embodiment has the same configuration as the notebook PC according to the third embodiment described above. That is, the notebook PC according to the present embodiment includes the imaging unit 41 as a means for acquiring data related to the user's posture. And the feature-value regarding a user's attitude | position is extracted from the video data acquired by the imaging part 41. FIG. Examples of the feature amount include a distance between the screen and the head or a relative positional relationship (for example, an angle) between the two, a time when the user looks at the screen during typing, and a time when the keyboard is seen. For example, time ratio.
As described above, since an individual's behavioral characteristics (癖) also appear in the posture at the time of typing, it is possible to determine whether or not the person is the person based on such information.
Note that when the distance between the image and the head is used as the feature amount related to the user's posture, an infrared sensor or the like can be used instead of the imaging unit.

  As mentioned above, although demonstrated using each embodiment of this invention, the technical scope of this invention is not limited to the range as described in the said embodiment. Various changes or improvements can be added to the above-described embodiment without departing from the gist of the invention, and embodiments to which the changes or improvements are added are also included in the technical scope of the present invention. Furthermore, the aspect which combined each embodiment suitably is also contained in the technical scope of this invention.

  For example, in each embodiment, the case where the second authentication unit performs user authentication using any of the typing interval (typing speed), the strength of typing, the palm position at the time of typing, and the posture at the time of typing has been described. The second authentication unit may combine any two or more of the above-described various feature amounts and perform user authentication in a multifaceted manner. Further, user authentication may be performed using a feature amount other than the above, for example, a mistyping tendency.

Moreover, although the case where the authentication template was previously registered in the memory | storage part 13 was described, an authentication template may be updated whenever authentication by a 1st authentication part is performed. For example, after the authentication by the first authentication unit 20, the feature amount first extracted by the feature amount extraction units 31, 31a, and 31b may be stored in the storage unit 13 as an authentication template.
The user's behavior during typing varies depending on the mood and environment at that time. Therefore, after the authentication by the first authentication unit 20, the feature amount extracted first by the feature amount extraction unit 31 is registered as an authentication template, so that the accuracy of user authentication can be improved.

  Further, in each of the above-described embodiments, the feature quantity extraction units 31, 31a, and 31b extract feature quantities using all the data stored in the storage unit 13, but instead, for example, It is also possible to extract data when a specific key is input, and extract feature values using the data at that time. For example, words that are frequently input (for example, “to the”, “meeting”, “thank you”, etc.) are registered in advance, and feature quantities are obtained using only data when these words are input. It is good also as extracting and performing 2nd user authentication based on the extracted feature-value. In this way, by limiting the words for performing the second user authentication, it is possible to expect an improvement in the accuracy of the second user authentication. In this case, the behavior data (for example, typing interval) of the user and the key when the data is input are stored in the storage unit 13 in association with each other.

  Further, in each of the above-described embodiments, the second user authentication is performed using the behavioral characteristics of the user at the time of typing. However, information that the user holds and uses the terminal like a smartphone In the processing device, for example, user authentication may be performed based on how the terminal is held. In this case, for example, a pressure sensor may be provided on the outer peripheral portion of the information processing apparatus, a position where a large pressure is detected compared to other locations may be acquired as a feature value, and user authentication may be performed using this feature value. .

10, 10a, 10b Notebook PC (information processing device)
11, 11a, 11b Control unit 12 Main memory 13, 13a, 13b Storage unit 14 Input unit 15 Display unit 16 Communication unit 17 Fingerprint reader 18 Timekeeping unit 20 First authentication unit 30, 30a, 30b Second authentication unit 31, 31a, 31b Feature amount extraction unit 32, 32a, 32b Verification unit 40 Pressure sensor 41 Imaging unit

A first aspect of the present invention includes first authentication means and second authentication means for performing user authentication using user behavior data at the time of typing , wherein the second authentication means includes an acceleration sensor provided on a keyboard. And feature amount extraction means for extracting feature amounts from the behavior data acquired by the acceleration sensor; and feature verification means for matching the feature amounts extracted by the feature amount extraction means with a pre-registered authentication template; is an information processing apparatus that Ru equipped with.
The second aspect of the present invention includes a first authentication means and a second authentication means for performing user authentication using user behavior data at the time of typing, wherein the second authentication means includes a user posture at the time of typing or Image capturing means for acquiring behavior data related to palm position, feature amount extracting means for extracting feature amounts from the behavior data acquired by the image capturing means, feature amounts extracted by the feature amount extracting means, and registered in advance The information processing apparatus includes a verification unit that compares the authentication template.

Claims (9)

A first authentication means;
An information processing apparatus comprising: second authentication means for performing user authentication using user behavior data at the time of typing.   The information processing apparatus according to claim 1, wherein the second authentication unit performs user authentication using at least one of a typing speed, a typing strength, a palm position during typing, and a user posture during typing. The second authentication means includes
Time measuring means for acquiring a time interval of key input as the behavior data;
Feature quantity extraction means for extracting feature quantities from the behavior data acquired by the time measuring means;
The information processing apparatus according to claim 1, further comprising a collating unit that collates the feature amount extracted by the feature amount extracting unit with a pre-registered authentication template. The second authentication means includes a pressure sensor that acquires the typing strength as the behavior data;
Feature amount extraction means for extracting feature amounts from the behavior data acquired by the pressure sensor;
The information processing apparatus according to claim 1, further comprising a collating unit that collates the feature amount extracted by the feature amount extracting unit with a pre-registered authentication template. The second authentication means includes
An acceleration sensor provided on the keyboard;
Feature amount extraction means for extracting a feature amount from the behavior data acquired by the acceleration sensor;
The information processing apparatus according to claim 1, further comprising a collating unit that collates the feature amount extracted by the feature amount extracting unit with a pre-registered authentication template. The second authentication means includes
Imaging means for acquiring behavior data relating to the posture of the user at the time of typing;
Feature quantity extraction means for extracting feature quantities from the behavior data acquired by the imaging means;
The information processing apparatus according to claim 1, further comprising a collating unit that collates the feature amount extracted by the feature amount extracting unit with a pre-registered authentication template.   The information processing apparatus according to claim 3, wherein the feature amount extraction unit extracts a feature amount using the behavior data when a specific word or phrase registered in advance is input. .   The information processing apparatus according to any one of claims 1 to 7, wherein the second authentication unit requests the user to be authenticated by the first authentication unit when user authentication fails.   The information processing apparatus according to claim 1, wherein the second authentication unit repeatedly performs user authentication using user behavior data at the time of typing.

Images