JP2937913B2 - Password processing system for information processing equipment - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information processing apparatus in which the use of a password other than a user whose password is set and registered in advance can be prohibited for the purpose of confidentiality. The present invention relates to a password processing device of an information processing device capable of completely restoring a password.

[0002]

2. Description of the Related Art Conventionally, a password processing method of an information processing apparatus capable of completely restoring a true password when a user forgets a password has been proposed. Used for reminders. For example,
In JP-A-6-243099, as shown in FIG.
A technique to record a hint character string that gives the user an impression of memory recovery in advance, and use this hint character string to recover the true password as a clue to remembering the password when the password is forgotten. Is disclosed.

As shown in FIG. 12, Japanese Patent Laid-Open Publication No. Hei 06-52112 discloses that an information processing apparatus independently includes:
From the true password data, the character string arrangement is processed using clock information to create a hint character string that becomes hint information, and by presenting the hint character string, the user can recall the true password and A technique for restoring the information has been disclosed.

[0004]

Problems to be Solved by the Invention
In the password forgetting prevention system described in Japanese Patent No. 243099, as a first problem, it is sometimes possible to remember the true password information from the password hint character string information, but sometimes it is not possible to remember it. .

[0005] The reason is that in the gazette, "My favorite song"
Is used as an example,
This is because the user's taste changes over time, and if the favorite song changes, the content of the true password may not match.

A second problem is that in the above-described conventional password forgetting prevention system, true password information is derived in a one-to-one relationship from password hint character string information. For example, if the character string "My favorite song" is used, a close friend or the like can obtain information on the user's own "My favorite song" in a conversation with the user. Therefore, when a close third party can know the hint information determined by the user, a true password can be easily applied.

A third problem is that the above-mentioned Japanese Patent Application Laid-Open No. 06-5 / 06
In the information processing apparatus described in Japanese Patent Publication No. 2112, password hint character string information is automatically created and registered based on a true password by logical processing on the apparatus side. As a result, as a result of the logical processing of creating the hint password, a character string that does not trigger the created hint password to recall the user's memory may be a password hint character string.

[0008] The reason is that in the gazette, a result obtained by rearranging characters of a true password at random is provided as a hint character string. However, when the number of digits of the password is large, the user is completely different. This is because it may be felt as information, and it may not be easy to remember the true password thereafter.

A fourth problem is disclosed in Japanese Patent Laid-Open No. 06-52112.
In the information processing apparatus described in Japanese Patent Application Laid-Open Publication No. H10-209, password hint character string information is created using true password information. As a result, when the logical process of creating the hint password is decrypted, a third party can know the true password. For example, in the gazette, the logic for creating a hint character string is based on clock information, but if it is known to a third party, all true password information exists on the password hint character string. On the contrary, a third party can create a true password based on the clock information.

[0010]

According to the present invention, as a technical means for achieving the above-mentioned object, a password processing system of an information processing apparatus is constituted as follows.

That is, in an information processing apparatus which can be activated only when it is determined that a true password which has been set and registered in advance is entered, the user who has first registered himself in many items Means for inputting personal information of the user, input means for activating recovery means for restoring the password when the password has been forgotten, and genuine information based on the personal information input in the recovery means. Instead of preparing a hint string to remember the password information, means to create recovery information to restore this true password itself, and recovery from the created recovery information to restore the true password A means to provide the user with information little by little, and finally, completely recover the forgotten true password. And it is configured to be able to.

[0012]

According to the present invention, even if a user who has registered a password forgets the password when trying to use the information processing apparatus, the password recovery information is displayed based on the personal information of the user. Thus, the true password can be restored.

On the other hand, even if a third party attempts to recover the true password based on the password recovery information, the recovery information is personal information that can be known only by the user himself and covers a wide range of items. It is extremely unlikely that the three would be able to grasp all the presented recovery information about the user himself. Therefore, it is virtually impossible to recover a true password.

[0014]

Next, the present invention will be described with reference to the drawings.

FIG. 1 shows a password processing apparatus of an information processing apparatus according to an embodiment of the present invention. The information processing apparatus 1 has a normal configuration including a mechanism necessary for information processing, including a main storage device 11 and an auxiliary storage device 12, and is generally used in this field. I do. A display 2 is connected to the information processing device 1.

The information processing device 1 includes a password registration device 3 for registering an arbitrary password of the user 4, a password input device 5 for inputting a password by the user when using the information processing device 1, and a password input device 5. Password is
A password processing device including a verification device 6 for verifying whether or not the password is the same as an already registered password is connected, and is configured to be activated only when it is determined that a correct password has been input.

Next, the operation of the password processing apparatus of the information processing apparatus shown in FIG. 1 will be described. First, the operation at the time of password registration will be described based on the flowchart shown in FIG.
When the power of the information processing apparatus 1 is turned on and a password registration command is input, first, in step 101, date and time information of the activation date is read out from a built-in clock of the information processing apparatus and registered. And in step 102,
First, the user is required to input personal information over a number of items such as the user's own height, weight, and birthday, which are used as the user profile. Then, the user inputs his / her personal information. Next, when a password setting request is made in step 103, the user enters an arbitrary password here.

FIG. 7 shows an example of personal information and password information data stored in the main storage device or the auxiliary storage device of the information processing apparatus and input in the processing of FIG.
FIG. 7 shows an example in which the date when data is input is first registered, and then the information unit indicating the birthday, height, weight, and family members of the user is input as personal information. It is. In this case, as the personal information to be applied, the more the types, the better the recovery information can be created, but it is not necessary to use all of them.
Here, for the sake of simplicity, only the above four items are set as an example. The password information has eight digits, and indicates that the content is "18625735".

Next, the operation of the password collation processing of FIG. 3 will be described. When the information processing device is started, step 20
In step 1, the user is requested to enter a password. Step 2
At 02, it is checked whether the input password matches the already registered password. If the result of the collation is a match, the process proceeds to step 212, the collation processing ends, and the activation of the information processing apparatus is continued. If the result of the check in step 202 is that they do not match, then in step 203 it is confirmed whether or not password recovery processing is to be performed.

If the cause of the inconsistency is a mere input error by the user, activation of the recovery process is rejected, and step 21 is executed.
In step 4, the process shifts to password input again. On the other hand, if the user has forgotten the password and desires to restore the true password, a recovery process is started, and the process proceeds to step 204. As a method of determining the recovery processing activation, for example, the character of the recovery processing activation request (for example, “?”) May be determined in advance, and the input character may be determined in step 203.

When a recovery process activation is requested in step 203, in step 204, recovery information is created based on a plurality of personal information units of the user. Next, in step 205, initialization of the number of times of providing the recovery information is performed. In step 206, the recovery information unit is presented to the user one by one based on the plurality of pieces of recovery information created in step 204. Next, in step 207, the increment process of the information unit is performed by the number of times the restoration information is provided, and the increment process is counted.

At step 208, the user proceeds to step 2
The user understands the recovery information presented in step 06 and creates and inputs a recovery password by himself. In step 209, it is checked whether the input recovery password matches the registered password. If the result of the comparison is a match, the process proceeds to step 215, and the password input process of step 201 is performed again for reconfirmation.

If there is a mismatch at step 209, the end notification of the plurality of recovery information units created at step 210 is confirmed. In step 211, it is checked whether or not the processing is completed. If the processing is not completed, the processing proceeds to step 216, and in step 206, restoration information is additionally presented. Step 2
Steps 06 to 210 are repeated in step 211 until the recovery information ends. When the recovery information is completed in step 211, the failure of the recovery processing is notified in step 212, the processing is looped as it is, and the apparatus startup is prohibited.

Here, the processing routine of step 204 for creating recovery information based on personal information will be described with reference to FIG. In the processing routine for creating the recovery information based on the personal information, a random number is generated each time the computer is started, and how many digits are used to create and provide the password recovery information, and which data is used from the personal information. Further, what is used for a recovery information creation operation function for associating personal information with true password information is determined, and a plurality of recovery information units are created. FIG. 8 shows an example of the type of a recovery information creation operation function that the recovery information creation processing routine itself has as data based on personal information in advance.

Here, in the flowchart of FIG. 4, a case where a password recovery information unit is simply created every two digits as a result of a random number, and personal information and true password information are added to a recovery information creation operation function. explain. First, in step 301, the number n of digits of the password recovery information to be created is determined to be two digits by a random number. Then step 30
In 2, the addition is determined by a random number to the recovery information creation operation function. Here, adding means adding personal information and true password information. Since addition is determined for the recovery information creation operation function, the addition processing subroutine is loaded in step 303. This subroutine is prepared for each restoration information creation operation function. Next, in step 304, personal information to be used as recovery information is determined by a random number. Specifically, from the input personal information shown in FIG. 6, a start is generated from 000 Ah, a random number is generated, and it is determined whether or not the data of the address is selected. From the determined address,
The information is picked up by two digits of data. If the picked-up information happens to be “0 *” or “FF”, the process starts again from the generation of random numbers. Thus, personal information to be used is finally determined. Here, the determined data is defined as personal story data for convenience.

Next, in step 305, information is first extracted from the last two digits as a part of the password information. The extracted password data is defined as password material data for convenience. Next, in step 306, the personal story data and the password story data are added. This added data is defined as recovery data for convenience.

Next, in step 307, restoration information is registered. FIG. 8 shows a data example of the recovery information stored in the main storage device or the auxiliary storage device of the information processing apparatus.

In the first steps 304 to 307,
Addresses 002Ah to 0034h shown in FIG.
By this time, a series of recovery information is registered. Then step 3
In step 09, it is determined whether the creation process has been completed up to the most significant digit of the password from the number of digits of the password data and the currently extracted password material data. If not completed, the process proceeds to step 304 in step 310, and the next personal information to be used as the recovery information is determined again by using a random number. This step 304 to 308
Are repeatedly performed until the process ends in step 309. Finally, when the process is completed up to the most significant digit of the password in step 309, the process returns to the main routine and ends the processing. At this time, as shown in FIG. 9, up to the fourth restoration data regarding addition is registered as restoration information.

Next, the "presentation of recovery information" process performed in step 206 of FIG. 3 will be described with reference to FIGS. First, in step 401, data of the input personal information and password information shown in FIG. 7 is searched, date information is read out, and this is not recorded. Since the date and time information naturally includes changes over time such as height and weight,
In order to maintain the accuracy of personal information, it is used as additional information to be presented. In step 402, the value of the recovery information digit number n = 2 of the created password is read from the recovery information of FIG. 9 for 3 bytes from the address 002Ah,
Refrain. Here, the reason for reading this information is the information used to determine the number of digits to be searched when performing a match search of the personal information of the personal information of the recovery information to be performed later. Because.

Next, at step 403, address 0 in FIG.
The type code information of the recovery information creation operation function of 02Dh is read, and the type of the recovery information creation operation function is determined. Subsequently, in step 404, the information on the number of times of providing the information indicating the restoration information set in the main routine of FIG. 3 is read. This is data used to determine where the recovery data to be provided exists at the address in FIG.

At step 405, since the type of the recovery information creation operation function is known, a recovery information presentation subroutine for addition processing is loaded. This subroutine is prepared for each recovery information creation operation function. First, step 4
From the provision frequency information read in step 404 at 06,
Search and determine the storage location of recovery information to provide.

Specifically, the data of the recovery information shown in FIG. 9 is scanned from the beginning, and an END identification code, which is an FF, is searched. When an FF is found, the data at the next address is read and read. The determination is made by determining whether the lower-order information of the received data matches the contents of the provision count information. The address information at the time of matching is the storage location.

In step 407, a message is displayed on the digit position of the password material information shown in FIG. Specifically, the subsequent password story information is read from the storage location determined in step 406, a match search with the stored password information shown in FIG. 8 is performed, and the digit position information is identified. . Here, an example of a message display of the restoration data presented first is shown in line 801 of FIG. In step 408, the personal story information is subsequently read, and the personal story data read in step 409 is analyzed as to what the personal information is. In this process, the personal information shown in FIG. 7 is scanned from the address 000Ah, and a search for a match with the personal story data is performed. If there is a match, the data is read back from the matched address, and the reading back process is continued until a code indicating personal information can be read. If the code indicating the personal information can be read out, it is determined from the code information what personal information it is, and what digit and what information it is. In step 410, step 409
Then, based on the result of analyzing what and what kind of information the personal story data is, it is identified and replaced with linguistic information. In step 412, the restoration data is read out, and a message display relating to the restoration data information, the date information, and the identified personal story information is performed. FIG. 10 shows a message display example of the recovery data information, the date information, and the identified personal story information, which are presented first.
Shown on the 02th line. Next, in step 413, a fixed message is displayed.

A display example of a fixed message presented first is shown in line 803 of FIG. In step 414, the subsequent END identification code information is read out, and in step 415
Reads the next information of the END identification code. Step 4
At 16, it is determined whether or not the read code matches a code FFFF indicating the end of data. If they do not match, the provided information still remains, and the notification of the end of the recovery information is cleared in step 417 to notify the main routine. On the other hand, if they match in step 416,
In step 418, a notification of restoration information end is set. Thus, the process returns to the main routine.

In the first processing by the user, the recovery password input in step 207 of FIG. 3 is "?????? 35" whose lower two digits match the true password. If the user remembers another digit, the password recovery ends. However, if the password is not recovered due to forgetting the other digits and all the recovery information is presented, this routine is called four times as in the above description, and the same processing is performed. All the contents of the information provided at that time are shown in lines 801 to 812 in FIG.
Also, the change of the recovery password entered at this time is
From "????? 35" to "???? 5735", further changes to "?? 625735", and finally to "18"
The process ends with the recovery password completely created as 625735 ".

As described above, the recovery information is provided in a dispensing format using various types of personal information, so that even a third party close to the user can know the personal information of the user over many items in this manner. The possibilities are as close to zero as possible,
It is virtually impossible to guess a true password by accident. Further, since the user is all personal information, there is no resistance to creating and inputting the recovery password while understanding the provided message.
Further, if the input is repeated several times, the true password information can be naturally restored without having to remember the true password.

In the above-described embodiment, the personal information input by the user is limited to the four items of the person's birthday, height, weight, and family members. However, other information such as license, insurance card, passport, etc. May be applied as candidates.

In the process of generating a random number and creating recovery information based on personal information, password recovery information is created every two digits, but passwords from two digits to the maximum number of passwords may be prepared simultaneously. . Alternatively, the case where personal information and true password information are added to the recovery information creation operation function has been described, but the recovery information creation operation function is further combined, or a new prime or multiple is prepared to complicate the contents. Thus, the content of the provided recovery information can be further enhanced.

[0039]

As described above, according to the present invention, the recovery information for restoring the true password based on the user's personal information is presented, so that the user can forget the true password. Looking at the displayed recovery information, the true password can be restored and the information processing apparatus can be started.

Further, the recovery information is all content related to the personal information of the user, and furthermore, the provided content changes over many items each time it is started, so that the third party cannot understand the content at all. Therefore, even if a third party looks at the recovery information, it is first impossible to restore the true password, so that the security of the device is ensured.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a password processing device of an information processing device according to an embodiment of the present invention.

FIG. 2 is a flowchart showing a password registration processing operation in the password processing device of the information processing apparatus of FIG. 1;

FIG. 3 is a flowchart showing a password collation processing operation in the password processing device of the information processing apparatus of FIG. 1;

FIG. 4 is a flowchart illustrating an example of a “recovery information creation based on personal information” processing routine;

FIG. 5 is a flowchart illustrating a first half of an example of a “recovery information presentation” processing routine;

FIG. 6 is a flowchart showing the second half of an example of a “recovery information presentation” processing routine;

FIG. 7 is an explanatory diagram showing an example of input personal information and password data.

FIG. 8 is an explanatory diagram showing an example of types of a recovery information creation operation function.

FIG. 9 is an explanatory diagram showing a data example of restoration information.

FIG. 10 is an explanatory diagram showing an example of the content of provided recovery information.

FIG. 11 is a flowchart showing an example of a password verification process disclosed in Japanese Patent Application Laid-Open No. 6-243099.

FIG. 12 is a flowchart showing an example of a password matching process disclosed in Japanese Patent Application Laid-Open No. 6-52112.

[Explanation of symbols]

 REFERENCE SIGNS LIST 1 information processing device 11 main storage device 12 auxiliary storage device 2 display 3 password registration device 4 user 5 password input device 6 verification device

Claims (1)

(57) [Claims] 1. A true password set and registered in advance
Information processing device only when it is identified that
In a password processing device that can activate
-Personal information input means to input personal information, and activate when user forgets password
Password with recovery means to recover the password
Password input means; and the personal information provided and provided in the recovery means.
Used to recover the true password based on the information
Means for creating recovery information composed of a plurality of information units; and recovering a true password by referring to the created recovery information.
The recovery information unit to the user in order.
Means for providingWasPassword processing system for information processing equipmentsmell
hand, Processing for creating the recovery information based on the personal information
The routine generates a random number each time it starts,
How many digits of recovery information should be created and provided, or
From the global information, which data to use,
-Recovery linking personal information with true password information
Determine what to use for the information creation operation function, and
Information processing device configured to create the old information unit
Password processing system .