JP4275080B2 - User authentication method and user authentication system - Google Patents

Description

  The present invention relates to a user authentication method and a user authentication system for realizing the method. The present application is related to the following Japanese patent application. For designated countries where incorporation by reference of documents is permitted, the contents described in the following application are incorporated into the present application by reference and made a part of the description of the present application.

      Japanese Patent Application No. 2002-36056 Filing Date February 13, 2002

  In recent years, various information devices represented by computers have become widespread. In particular, mobile phones equipped with an e-mail function and an Internet connection function are rapidly spreading and become an essential information item for people.

  With the progress of such an information society, security problems such as unauthorized access to the system have become very important. In order to prevent unauthorized access to the system, traditionally, a method of performing user authentication using a pre-registered user ID and password is common, but responds to a request to further enhance the security level. Therefore, various user authentication methods according to the usage environment and purpose have been proposed.

  One of them is user authentication in which terminal devices accessible to the system are restricted. This is based on the premise that the user who owns the terminal device is the person himself / herself. For example, when accessing a certain system from a mobile phone, a more secure user authentication can be performed by further using a solid identification number assigned to the mobile phone.

  User authentication using a random number table is also known. For user authentication using this random number table, a random number table card describing the random number table is issued in advance for each user, and each time user authentication is performed, the system designates a number at an arbitrary position in the random number table and prompts the user. Input. As a result, the input numbers are different every time, and this is effective for “wiretapping”.

  In user authentication in the system, leakage (sapping) of a password used there results in a very serious security problem. Therefore, password management by the user is extremely important, and it is fundamental for the security problem of the system that each user has “responsibility” for his / her actions.

  Generally, a password used for user authentication is required for each system, and the format is various. For this reason, users who use many systems must manage many passwords accordingly, and password management places a certain burden on the users. The user should endeavor to keep passwords in memory, but when managing many passwords, the users often write them down in a notebook or the like. Also, users who feel troublesome to manage passwords set passwords to numbers that are easy to memorize, or set passwords for each system to the same numbers to manage them uniformly.

  However, the user's action for managing such passwords means that the system is exposed to security risks, and as long as the user takes such actions, the conventional simple user authentication by password is essential. There are security issues.

  Even if the user manages the password with great care, for example, the password entered on the terminal device installed in the store can be seen, or the terminal device itself can ”Mechanism was incorporated, and there was also a security problem that the password was leaked to a third party.

  Furthermore, even if the user authentication restricts the mobile phones that can access the system as described above, if the user loses the mobile phone or is stolen and obtained by a third party, it is no longer necessary. There is only a security level equivalent to that of traditional user authentication, and it has been difficult to effectively prevent unauthorized access to the system with this type of user authentication. The same applies to user authentication using a random number table.

  SUMMARY OF THE INVENTION In order to solve these problems, an object of the present invention is to provide a new user authentication method for effectively preventing unauthorized access by a third party to the system and a system for realizing the same.

  It is another object of the present invention to provide such a user authentication method and a system that realizes such user authentication without any extra cost burden by making the best use of the existing system infrastructure.

  Furthermore, an object of the present invention is to provide a user authentication method that is easy to use for all users and a system that realizes the same, which effectively prevents unauthorized access to the system and facilitates password management by the user. The goal is to eliminate essential security problems caused by user behavior.

  Furthermore, an object of the present invention is to provide such a user authentication method and a “password” registration method used in a system that realizes the user authentication method and a user interface that realizes the method.

  In the present invention, a password derivation pattern for each user is registered in the authentication server in advance, and when the user uses the usage target system, the authentication server generates a presentation pattern and presents it to the user. The character string corresponding to the user's own password derivation pattern is input for the pattern, and the authentication server authenticates the input character string based on the presented presentation pattern and the user's own password derivation pattern, A user authentication method and a user authentication system for notifying the usage target system of the authentication result.

  The password derivation pattern indicates a specific element (group) arbitrarily selected by the user from among element groups constituting a certain overall pattern. More specifically, the password derivation pattern is an array pattern or an array rule that indicates how and which element group in the matrix that is the overall pattern is selected. What should be noted here is that the password derivation pattern is not a specific value itself of a specific element in the entire pattern, but merely information on which element has been selected.

  More specifically, the present invention according to the first aspect includes a registration step of registering a password derivation pattern based on a specific element selected from an element group constituting a predetermined pattern, and a user information terminal device. A reception step of receiving the transmitted system identification information assigned to the system to be used, and a predetermined character in each of the elements constituting the predetermined pattern when the system identification information is received from the information terminal device A generation step of generating a presentation pattern assigned to the character, a predetermined screen including the generated presentation pattern on the information terminal device, and a character assigned to a specific element corresponding to the password derivation pattern An input step for prompting the user to input, and the input from the usage target system A determination step of determining whether or not the received character is valid based on the presentation pattern and the password derivation pattern of the user, and notifying the determination result to the usage target system. And a notification step.

  Further, the present invention according to the second aspect includes a step of registering a password derivation pattern based on a specific element selected from an element group constituting a predetermined pattern, and a use transmitted from the user's information terminal device A receiving step for receiving system identification information assigned to the target system, and a presentation in which a predetermined character is assigned to each element group constituting the predetermined pattern when the predetermined identification information is received from the information terminal device Generating a pattern for use, and presenting a predetermined screen including the generated presentation pattern on the information terminal device, and inputting the character assigned to a specific element corresponding to the password derivation pattern. And receiving the character input from the information terminal device, and A user authentication comprising: determining whether or not the received character is valid based on a use pattern and the user password derivation pattern; and notifying the use target system of the determination result Is the method.

  The invention of the above method can be grasped as the invention of the apparatus. In addition, these inventions are also realized as a program that realizes a predetermined function in combination with predetermined hardware when executed by a computer, and a recording medium on which the program is recorded.

  In this specification, the term “means” does not simply mean a physical means, but also includes a case where the functions of the means are realized by software. Further, the function of one means may be realized by two or more physical means, or the functions of two or more means may be realized by one physical means.

  Next, embodiments of the present invention will be described with reference to the drawings. Each of the following embodiments is an example for explaining the present invention, and is not intended to limit the present invention only to these embodiments. The present invention can be implemented in various forms without departing from the gist thereof.

[First Embodiment]
FIG. 1 is a schematic diagram for explaining the overall scheme of the user authentication method according to the present embodiment. As shown in the figure, the usage target system 11 is connected to an authentication server 12 via a communication line. Here, an example is shown in which the usage target system 11 is connected to the authentication server 12 via the Internet. The usage target system 11 is a system that requests user authentication when using a user. The usage target system 11 permits the use of a user who is determined to be valid by a user authentication process described later. As an application example of the usage target system 11, a security room key opening / closing system and a credit card payment terminal device can be cited as typical examples, but it is a site for members on the Internet that is realized as a virtual space. Also good.

  Such a usage target system 11 stores a unique system ID (system identification information) in an internal ROM. Moreover, it is preferable that the usage target system 11 includes a user interface for providing an interactive operation environment to the user. For example, the user interface includes a numeric keypad and a display corresponding to the numeric keypad. The usage target system 11 accepts a “use start” instruction from the user via the user interface, presents the system ID to the user, accepts an input of a password from the user, and presents the result of user authentication. .

  The wireless terminal device 13 is a portable information terminal device having a wireless communication function, and typically corresponds to a mobile phone or a PDA. Here, a mobile phone will be described as an example. The mobile phone 13 can be connected from the packet communication network to various nodes (for example, the authentication server 12) on the Internet via a gateway. The mobile phone 13 is used to provide a user with reference information for deriving a password necessary for user authentication when using the usage target system 11.

  The authentication server 12 authenticates a user who intends to use the usage target system 11 and notifies the usage target system 11 of the authentication result. The authentication server 12 includes an authentication database 14 that manages registration data received in advance from a user and necessary for user authentication. The authentication database 14 manages, as registration data, information related to a user who can use the usage target system 11 and information related to a certain password derivation rule registered by the user. Information related to the password derivation rule will be described later as a password derivation pattern and a conversion rule. The authentication server 12 is equipped with a Web server function in order to receive registration data online from a user.

  The authentication server 12 and the authentication database 14 can be typically realized by a general-purpose computer system. The authentication server 12 is connected so as to be able to communicate with each usage target system 11 via a communication line. In this case, it is preferable that secure communication is ensured. When the usage target system 11 and the authentication server 12 are connected via the Internet as in this embodiment, practically secure communication is ensured by applying a security communication technique such as SSL communication. be able to. Note that these may be connected via a dedicated line instead of via the Internet.

  The personal computer 15 is a terminal device used by a user to register a password derivation pattern in the authentication database 14. The personal computer 15 is configured to be connectable to the Internet and has a Web client function. The user accesses the authentication server 12 using a Web browser in order to register registration data necessary for user authentication in the authentication database 14.

  Note that the mobile phone 13 can be used in place of the personal computer 15 in order for the user to register the password derivation pattern in the authentication database 14. In this embodiment, the main reason why the personal computer 15 is employed is that the personal computer 15 is generally superior in function in terms of user interface to the mobile phone 13. An example of registering a password derivation pattern using the user interface of the mobile phone 13 will be described in another embodiment.

  The password derivation pattern indicates a specific element group that is arbitrarily selected by the user from among the element groups constituting a certain overall pattern. More specifically, it is an array pattern or an array rule indicating how and which element group in the matrix which is the entire pattern is selected. It should be noted that the password derivation pattern does not refer to the specific value itself assigned to a specific element in the overall pattern, but represents information about which element is selected and how it is selected. It is only there.

  FIG. 2 is a diagram for explaining a password derivation pattern. FIG. 2A is a diagram illustrating an example in which a matrix of 4 rows and 12 columns is an overall pattern. In FIG. 2, the selected elements are hatched, and numbers are added in the selected elements in the order of selection. Therefore, the password derivation pattern in this case can be expressed as “(3, 2)-(0, 5)-(3, 7)-(0, 10)” using a matrix expression.

  FIG. 2B is a diagram showing an example in which a 4 × 4 matrix is an overall pattern. The password derivation pattern in this case can be expressed as “(0, 0)-(1, 2)-(2, 1)-(3, 2)” using a matrix expression.

  The password derivation pattern is used for user authentication with respect to the usage target system 11 and should therefore be stored by the user. In that sense, the password derivation pattern can be called a kind of password. The number and arrangement of elements constituting the password derivation pattern are arbitrary, and are set as appropriate according to the security level in user authentication.

When the password is a J-digit number string, the entire pattern is preferably a matrix of K rows and L columns that satisfies the following conditions.

10 ^ J <(K * L) * (K * L-1)... (K * L-J + 1)
... Formula (1)

In the conventional authentication method, when the password is a J-digit number string, there are 10 J power combinations. On the other hand, according to the authentication method of the present embodiment, when the overall pattern is a matrix of K rows and L columns, the combination of password derivation patterns is (K * L) * (K * L-1). L-J + 1). Therefore, by configuring the entire pattern so as to satisfy the above formula (1), the number of combinations can be increased and the security level can be increased compared to the conventional authentication method. In other words, according to the present embodiment, even if the number of digits of the password to be input to the usage target system 11 is the same as that in the conventional authentication method, the configuration of the matrix is changed and the conventional authentication method is changed. Can easily raise the security level.

  Returning to FIG. 1, the flow of processing of the user authentication method according to the present embodiment will be schematically described.

  First, the user uses the personal computer 15 to register in advance the password derivation pattern for the usage target system 11 in the authentication database 14 ((1) in the figure). When the user intends to actually use the usage target system 11, the user operates the user interface of the usage target system 11 to display the system ID in order to obtain the system ID ((2) in the figure).

  Next, the user inputs the system ID into the mobile phone 13 and transmits it to the authentication server 12 ((3) in the figure). Upon receiving this, the authentication server 12 generates a random number table and transmits it to the user's mobile phone 13 as a presentation pattern ((4) in the figure). The user refers to the presentation pattern displayed on the mobile phone 13 and inputs the element value sequence (numerical string) assigned to the password derivation pattern to the usage target system 11 as a password. As a result, the usage target system 11 transmits the password to the authentication server 12 ((5) in the figure).

  When the authentication server 12 receives the password from the usage target system 11, the number string obtained from the password derivation pattern of the registered user and the generated presentation pattern, the password transmitted from the usage target system 11, and Are compared to determine whether they match. The authentication server 12 transmits a notification of authentication success to the usage target system 11 indicated by the system ID when it determines that they match, and a notification of authentication failure otherwise ((6) in the figure). ). When the usage target system 11 receives a notification of successful authentication from the authentication server 12, the usage target system 11 permits the usage to the user.

  As described above, the password to be input by the user is a temporary one that is determined according to a password derivation pattern registered in advance from the generated random number table every time user authentication is performed. Therefore, even if the entered password is leaked to a third party, the password itself does not make any sense in the next user authentication, so that unauthorized access is effectively prevented. In addition, the password derivation pattern to be memorized by the user is not a “specific number” as in the past, but is a “conceptual / graphical” pattern, so it is easy for the user to remember and forget. It is difficult to use and is suitable for password management.

  Next, registration data used for user authentication will be described. In order for a user to use the usage target system 11, the user must acquire a user account (user name) for the usage target system 11 and register a password derivation pattern for the user name before the usage. Don't be. For this reason, the authentication database 14 manages, as registration data, which usage target system 11 gives which user the usage authority, and what password derivation rule is registered by each user who is given the usage authority. is doing.

  In registration of a user account for the usage target system 11, typically, there are a mode in which an administrator of the usage target system 11 receives an application from a user and a mode in which the user himself performs. The form in which the user account is registered can be appropriately adopted according to the operation policy of the usage target system 11, and various existing technologies can be applied as the means for realizing the user account. . In the following, a user account for the usage target system 11 is registered in the authentication database 14 by the administrator, and a password derivation pattern registration procedure by the user will be described.

  FIG. 3 shows an example of a password derivation pattern registration screen displayed on the personal computer 15. Such a registration screen is composed of page data described according to a page description language such as HTML. The user operates the Web browser to access the authentication server 12 to display such a registration screen on the personal computer 15. For example, at the time of registering a user account for the usage target system 11, the administrator sends e-mail content including the URL of the page data constituting such a registration screen to the e-mail address of the user. Such a registration screen is provided to the user by a method in which the user who receives the URL selects a URL in the mail content.

  In the figure, a user name input field 31 is a field for inputting the name (user account) of a user who uses the usage target system 11. Since the user account has already been registered by the administrator, the user account may be configured to be embedded in the user name input field 31 in advance, instead of being input again by the user.

  The group name input field 32 is a field for inputting the name of the group to which the user belongs. However, in this embodiment, for the sake of simplicity, it is not necessary to input a group name.

  The mobile phone number input field 33 is a field for inputting individual identification information for specifying the mobile phone 13 used for user authentication when using the usage target system 11. In this embodiment, the mobile phone number assigned to the mobile phone 13 owned by the user is used as it is. This mobile phone number may also be registered by the administrator and embedded in the mobile phone number input field 33 in advance.

  The overall pattern 34 is configured by button objects as 48 element groups arranged in a matrix of 4 rows and 12 columns. Each element is given a series of numbers 1 to 48 as element names to identify individual elements.

  The position designation input field 35 is a field for designating and inputting one or more specific elements selected from the overall pattern 34 by their element names. In this example, elements “1”, “17”, “33”, and “48” are input. When a plurality of elements are input, each element is separated by a delimiter (for example, a comma). Moreover, the same element may be input. Here, the sequence of input elements is a password derivation pattern. The sequence of elements can include a dummy “*”. When the user inputs a dummy “*”, it is handled as an arbitrary character setting request. This is to prevent the password derivation pattern from being guessed by a third party together with the following conversion law. In other words, the password derivation pattern tends to be a pattern that is easy for the user to remember, and therefore analogy is prevented by inserting meaningless characters between the characters constituting the actual password. For example, in a sequence of 8 elements with the first 4 elements as a dummy, the user can input meaningless numbers for the first 4 digits. When the user inputs only “F” in the position designation input field 35, this is handled as a fixed password setting request. In this case, a predetermined digit number is input in the fixed password input field 37.

  The conversion law input field 36 is used when the user wishes to give a further conversion law to the element value derived from the password derivation pattern when the user actually inputs the password with reference to the presentation pattern. This is a field for entering the law. That is, the result obtained by further applying the conversion rule to the element value derived from the password derivation pattern is the true password to be input. In the conversion rule, for example, four arithmetic operations for element values derived from a password derivation pattern are defined. More specifically, when “+1” is simply entered in the conversion law input field 36, the result obtained by adding 1 to each element value derived from the password derivation pattern is the true password to be entered by the user. It becomes. When an arithmetic expression is input to the conversion law input field 36 so as to correspond to the sequence of elements input to the position specifying input field 35 by separating them with commas such as “+1, +2, +3, +4”. The result obtained by applying the respective arithmetic expressions to the respective element values derived from the password derivation pattern is the true password to be input by the user.

  Note that, depending on the input arithmetic expression, an increase (or decrease) may occur as a result of performing the operation on the element value. In such a case, if it is defined so that the one's place is adopted, the number of digits (the number of characters) of the password can be fixed without changing. In addition, it is possible to define a password having a variable length by defining that an element value is used as it is.

  In such a registration screen, the user may input the elements (element names) directly in order by separating them with a comma using the keyboard, but the same can be done by using a standard graphical user interface. Can be entered. In such a graphical user interface, when the user places a mouse cursor on a desired element and selects (clicks) on the desired element, the element is displayed in a position designation input field 35 separated by a delimiter. The selected elements are preferably displayed visually distinguished on the screen, for example.

  The candidate button 38 is for automatically generating a sequence of elements to be selected. That is, when the user places the mouse cursor on the candidate button 38 and selects it, for example, a sequence of elements registered in advance is randomly input and displayed in the position designation input field 35. When the user sets a password derivation pattern, there is a tendency to select adjacent element buttons, and it is easy to guess, so this is provided as an auxiliary to avoid such a situation.

  When the user inputs necessary information in a predetermined input field and then selects a setting confirmation button 39, the Web browser transmits a registration request including the input information to the authentication server 12. The authentication server 12 provisionally registers the user password derivation pattern as registration data based on the received registration request, and displays a setting confirmation screen on the Web browser.

  The setting confirmation screen is a screen for confirming the password derivation pattern by causing the user to actually input the password according to the password derivation pattern set by the user. FIG. 4 shows an example of a setting confirmation screen displayed on the personal computer 15. However, instead of the personal computer 15, a setting confirmation screen may be displayed on the user's cellular phone 13, and the setting confirmation may be performed from there. In this case, the mobile phone 13 used by the user when using the usage target system 11 can be confirmed together.

  As shown in the figure, on the setting confirmation screen, a presentation pattern 41 generated by the authentication server 12 and assigned with random numbers to each element group of the overall pattern 34 is displayed. The user inputs a number (element value) assigned to an element corresponding to the previously set password derivation pattern in the presentation pattern as a password in the password input field 42. When the user inputs the password in the password input field 42 and then selects the Go button 43, the Web browser transmits a confirmation request including the input password to the authentication server 12. The authentication server 12 determines whether or not the password included in the received confirmation request matches the numeric string derived from the generated presentation pattern and the previously tentatively registered password derivation pattern. The user's password derivation pattern is formally registered as registration data in the authentication database 14.

  The authentication server 12 transmits a predetermined message to the received mobile phone number in order to confirm the mobile phone 13 owned by the user in the password derivation pattern registration procedure using the personal computer 15. It is preferable to request the user to reply to the message.

  FIG. 5 is a diagram illustrating an example of the data structure of the authentication database 14. As shown in the figure, one record in the authentication database 14 includes a system ID field 51, a user account field 52, a user ID field 53, a password derivation pattern field 54, and a conversion law field 55. . In this example, the user “ogawa” is registered as an available user in each of the usage target systems 11 indicated by the system IDs “36578979” and “36578980”. In addition, the mobile phone 13 indicated by the user ID “090xxxx1234” is set as the mobile phone 13 used by the user “ogawa” for user authentication. Furthermore, “1,17,33,48” is set as the password derivation pattern of the user “ogawa” registered in the usage target system 11 indicated by the system ID “36578979”, and “+1” is set as the conversion rule. Is set.

  Next, the details of the processing flow of the user authentication method when using the usage target system 11 will be described. When the user intends to actually use the usage target system 11, the user operates the user interface of the usage target system 11 to display the system ID in order to acquire the system ID. For example, the user interface of the usage target system 11 is provided with a “use start” button. When the user operates the “use start” button, the usage target system 11 accepts the user interface as shown in FIG. A screen is displayed to present the system ID to the user and prompt the user to input the user ID.

  The user operates the mobile phone 13 to specify a URL registered as a so-called bookmark, accesses the authentication server 12, displays a menu screen as shown in FIG. 7, and then selects the authentication procedure start. Then, an authentication procedure start screen as shown in FIG. 8 is displayed. The user inputs a system ID on the authentication procedure start screen and selects an “OK” button. When a fixed system ID is used as in the present embodiment, the system ID that is input may be registered in the mobile phone 13.

  Accordingly, the mobile phone 13 transmits an authentication procedure start message including the system ID as a parameter to the authentication server 12. At this time, the mobile phone 13 transmits a user ID, which is an example of user identification information for identifying the user, to the authentication server 12. The user ID may be information for identifying the user himself / herself, or may be information for identifying a terminal such as a mobile phone owned or used by the user. In the present embodiment, the mobile phone 13 transmits a mobile phone number, which is an example of information for identifying the mobile phone 13, to the authentication server 12 as a user ID. The user ID may be transmitted as a parameter in the authentication procedure start message or may be transmitted at the system level.

  9 and 14 are flowcharts for explaining the flow of processing in the authentication server 12 according to the present embodiment. In the following flowchart, the flow of processing is described sequentially, but this is not particularly concerned. Therefore, as long as there is no contradiction in processing operations and results, the processing order may be changed or parallel processing may be performed.

  As shown in FIG. 9, when receiving the authentication procedure start message transmitted from the mobile phone 13, the authentication server 12 extracts a system ID and a user ID therefrom (STEP 901). Subsequently, the authentication server 12 issues an event ID to wait for a user authentication request from the usage target system 11 indicated by the extracted system ID, and extracts it to a user authentication request waiting table as shown in FIG. A system ID and a user ID are registered, and a process for executing the processing shown in FIG. 14 is started (STEP 902). The user authentication request waiting table is registered in the authentication database 14, for example.

  Next, the authentication server 12 calls a predetermined random number generation function to generate a random number and generate a presentation pattern (STEP 903). If the security pattern is taken into consideration, the presentation pattern is preferably a random number table with different element values each time user authentication is performed, but the element values may be fixed and excluded. Not intended. When generating the presentation pattern, the authentication server 12 registers it in the above-described user authentication request waiting table (STEP 904), and transmits it to the mobile phone 13 together with the user ID (STEP 905). Thereby, the mobile phone 13 displays a random number table presentation screen as shown in FIG.

  When such a random number table display screen is displayed on the mobile phone 13, the user inputs a user ID on the reception screen of the usage target system 11 shown in FIG. FIG. 12 shows a reception screen in which a user ID is input. When the user presses the enter key, the usage target system 11 displays a password input screen as shown in FIG. On the other hand, the user inputs a password derived from a password derivation pattern that has already been registered. For example, it is assumed that the password derivation pattern of the user is a password derivation pattern registered on the password derivation pattern registration screen shown in FIG. In this case, according to the random number table presentation screen shown in FIG. 11, “5910” is derived, and by applying the conversion law “+1” to this, “6021” is derived as the password. When the user inputs the password thus derived and presses the enter key, the usage target system 11 uses the input password (hereinafter referred to as “input password”) together with its own system ID as a user authentication request as an authentication server. 12 to send.

  The password transmitted from the usage target system 11 is subjected to user authentication by the authentication server 12 according to the flowchart shown in FIG. That is, when the authentication server 12 waiting for a user authentication request receives a user authentication request from the usage target system 11 (YES in STEP 1401), the user ID is identified with reference to the user authentication request waiting table shown in FIG. (STEP 1402). Since registration to the user authentication request waiting table requires an authentication procedure start message from the mobile phone 13, a user authentication request from the usage target system 11 not registered here can be excluded as an unauthorized one. . When the authentication server 12 specifies the user ID, the authentication server 12 refers to the authentication database 14 and specifies a password derivation pattern and a conversion rule for the user ID (STEP 1403). Subsequently, the authentication server 12 derives a password (hereinafter referred to as “in-system password”) from the presentation pattern registered in the user authentication request waiting table based on the specified password derivation pattern and conversion rule (STEP 1404). ). Specifically, the authentication server 12 obtains an element value corresponding to the sequence of elements constituting the password derivation pattern for the element group constituting the presentation pattern, and if a conversion law is defined Then, the transformation rule is applied to the element value to derive the in-system password. Next, the authentication server 12 determines whether or not the transmitted input password matches the in-system password (STEP 1405). When the authentication server 12 determines that they match, the authentication server 12 notifies the usage target system 11 indicated by the system ID that the authentication is successful (STEP 1406), but determines that they do not match. In this case, it is notified that authentication has failed (STEP 1407). The usage target system 11 performs processing corresponding to the authentication result notified from the authentication server 12.

  As described above, according to the present embodiment, the following advantages are obtained. That is, a password to be input when the user uses the usage target system 11 is determined according to a password derivation pattern registered in advance from a randomly generated presentation pattern every time user authentication is performed. It is transient. Therefore, even if the password entered by the user is leaked to a third party, the password itself does not make any sense in the next user authentication, so that unauthorized access can be effectively prevented. become. In this case, the user only needs to store the “conceptual / graphical” password derivation pattern as the “password” instead of the “specific number” as in the past. Password management becomes easy.

  In addition, since the user can give a conversion rule to such a password derivation pattern, higher security can be pursued.

  Furthermore, since the authentication server 12 accepts an authentication procedure start message from the user's mobile phone 13 and accepts a user authentication request from the use target system 11 designated there, the authentication server 12 receives a request from the use target system 11 alone. Unauthorized access can be eliminated.

  In the present embodiment, the usage target system 11 is configured to present a reception screen (FIG. 6) on the user interface and prompt the user to input a user ID, but this is not particularly concerned. For example, the usage target system 11 may be configured to acquire list information of users available to the authentication server 12 and present it to the user in a pull-down menu format to prompt input.

  In the present embodiment, the system ID is a system ID (unique system ID) unique to the usage target system 11, but the system ID may be a common system ID common to a plurality of usage target systems 11. . That is, a plurality of usage target systems 11 may have the same system ID. Accordingly, the usage target system 11 can make an authentication request to the authentication server 12 using the common system ID without registering the unique system ID of the usage target system 11 in the authentication database 14 described later. The user authentication system can be easily used.

  When the usage target system 11 requests authentication using the common system ID, the authentication server 12 may provide the usage target system 11 with a service different from the service for the usage target system 11 having the unique system ID. As a result, the authentication server 12 transmits the user's personal information to the usage target system 11 requested to authenticate using the unique system ID, but the usage target system 11 requested to authenticate using the common system ID. On the other hand, it is possible to provide a difference in the service provided between the usage target system 11 that uses the unique system ID and the usage target system 11 that uses the common system ID, such as not transmitting user personal information.

[Second Embodiment]
This embodiment is a modification of the first embodiment, and is characterized in that a password for user authentication is input from the mobile phone 13 instead of the usage target system 11. In this embodiment, an example in which a newly generated usage ID is used every time the usage target system 11 is used instead of a fixed system ID will be described.

  FIG. 15 is a schematic diagram for explaining the overall scheme of the user authentication method according to the present embodiment.

  First, the user uses the personal computer 15 to register in advance the password derivation pattern for the usage target system 11 in the authentication database 14 ((1) in the figure). When the user intends to actually use the usage target system 11, the user operates the user interface of the usage target system 11 to display the usage ID in order to obtain the usage ID ((2) in the figure). For example, the usage target system 11 acquires the operated time information, gives it to a random number generation function, and generates and displays a usage ID at random. At this time, the usage target system 11 transmits the generated usage ID together with its own system ID to the authentication server 12 ((3) in the figure).

  Next, the user inputs the usage ID into the mobile phone 13 and transmits it to the authentication server 12 ((4) in the figure). Upon receiving this, the authentication server 12 specifies the usage target system 11 and generates a random number table, and transmits it to the user's mobile phone 13 as a presentation pattern ((5) in the figure). The user refers to the presentation pattern displayed on the mobile phone 13 and inputs a sequence (numerical string) of element values assigned to his password derivation pattern as a password. As a result, the password is transmitted from the mobile phone 13 to the authentication server 12 ((6) in the figure).

  In response to this, the authentication server 12 compares the number string obtained from the password derivation pattern of the previously registered user and the generated presentation pattern with the number string transmitted from the mobile phone 13, It is determined whether or not they match. The authentication server 12 transmits a notification of authentication success to the specified usage target system 11 when it is determined that they match, and a notification of authentication failure to the specified use target system 11 otherwise ((7) in the figure). When the usage target system 11 receives a notification of successful authentication from the authentication server 12, the usage target system 11 permits access to the user.

  As described above, according to the present embodiment, the same advantages as those of the first embodiment are obtained, and the following advantages are further achieved. That is, since it is not necessary to input a password from the usage target system 11, the user interface of the usage target system 11 can be simplified. In addition, since a new usage ID is generated every time the usage target system 11 is used, even if this usage ID leaks, there is no problem and higher security can be pursued.

[Third Embodiment]
The present embodiment relates to a method for registering a password derivation pattern using the mobile phone 13, and the authentication server 12 presents a password derivation pattern candidate to the mobile phone 13, and from among the presented password derivation pattern candidates. It is characterized by the user selecting.

  FIG. 16 shows an example of a password derivation pattern registration screen displayed on the mobile phone 13. Similar to the above embodiment, for example, when a user account for the usage target system 11 is registered, the authentication server 12 sends mail content including the URL of the page data constituting this registration screen to the user's mobile phone 13. Then, the user who receives the message and selects the URL in the mail content displayed on the mobile phone 13 provides the user's mobile phone 13 with such a registration screen.

  That is, when the authentication server 12 receives a password derivation pattern registration procedure request from the user's mobile phone 13, the authentication server 12 selects one password derivation pattern from among a group of password derivation patterns registered in advance as a registration candidate, Transmit to the telephone 13. As a result, a registration screen including password derivation pattern candidates as shown in FIG. When the user wants to register the password derivation pattern candidate displayed on the registration screen as his / her password derivation pattern, the user selects the “Register” button 161 while he / she wants to refer to another password derivation pattern candidate. The “Next” button 162 is selected. When the user selects the “next” button 162, the authentication server 12 transmits other candidate button candidates to the mobile phone 13, and another password derivation pattern is displayed on the mobile phone 13 as shown in FIG. A registration screen containing candidates appears. When there is a previous password derivation pattern candidate, the user selects the “return” button 163 to refer to it.

  For example, when the user selects the “Register” button 161 on the registration screen shown in FIG. 5B, the mobile phone 13 transmits a registration request to the authentication server 12. Based on the received registration request, the authentication server 12 provisionally registers the user's password derivation pattern as registration data in the authentication database 14 and transmits a setting confirmation screen to the mobile phone 13. FIG. 17 is a diagram showing an example of the setting confirmation screen at this time. On the confirmation screen for this setting, the user inputs a number (element value) assigned to an element corresponding to the previously set password derivation pattern in the password input field 171 and then selects an “OK” button 172. . Thereby, the mobile phone 13 transmits a confirmation request including the input password to the authentication server 12. The authentication server 12 determines whether or not the password included in the received confirmation request matches the numeric string derived from the generated presentation pattern and the previously tentatively registered password derivation pattern. Then, the password derivation pattern of the user is formally registered as registration data in the authentication database 14 and the fact that the registration is completed is transmitted to the mobile phone 13.

  As described above, according to the present embodiment, since a desired password derivation pattern is selected from the password derivation pattern candidates presented from the authentication server 12, the user interface is not sufficient as in the mobile phone 13. However, the password derivation pattern can be registered very easily. Also, avoiding a situation where the user registers a password derivation pattern that is easy to guess, such as when the authentication server 12 presents a password derivation pattern candidate and selects adjacent elements. Will be able to.

[Fourth Embodiment]
The present embodiment relates to a method for registering a password derivation pattern using the mobile phone 13, and by repeatedly inputting an element value corresponding to the password derivation pattern intended by the user with respect to the presented pattern for presentation. The password derivation pattern is specified.

  FIG. 18 is a flowchart for explaining the processing flow of the password derivation pattern registration method according to this embodiment. Such processing can be realized by the respective programs in the client / server model of the mobile phone 13 and the authentication server 12, but in the present embodiment, a predetermined program for realizing such processing is included. This is realized by transmitting page data from the authentication server 12 to the mobile phone 13 and executing it on the mobile phone 13.

  Similar to the above embodiment, for example, when a user account for the usage target system 11 is registered, the authentication server 12 sends mail content including the URL of the page data constituting this registration screen to the user's mobile phone 13. Then, the user who has received this message selects the URL in the mail content displayed on the mobile phone 13. As a result, the authentication server 12 transmits page data including a predetermined program to the mobile phone 13.

  The mobile phone 13 that has received the page data interprets the page data, executes the processing shown in FIG. 18 according to a predetermined program included therein, and displays a registration screen. That is, the mobile phone 13 first generates a presentation pattern by assigning random numbers generated by the random number generation function to all the elements of the whole pattern 34, and registers the password derivation pattern together with other screen elements. Displayed as a screen to prompt the user to input (STEP 1801). The user inputs a number assigned to the element of the password derivation pattern to be registered on the registration screen. When receiving a sequence of elements from the user (STEP 1802), the mobile phone 13 extracts an element having the input element value from the presented presentation patterns as a corresponding element and holds the number (STEP 1803). . Next, the mobile phone 13 determines whether or not the number of extracted corresponding elements is equal to the number of input elements (STEP 1804). If it is determined that they are not equal, the entire pattern 34 is selected in order to narrow down the elements. A presentation pattern is generated by assigning random numbers only to the corresponding elements, and similarly displayed as a registration screen to prompt the user to input (STEP 1805). On the other hand, if it is determined that the number of extracted corresponding elements is equal to the number of input elements, the mobile phone presents a registration confirmation screen and prompts the user to confirm that the elements have been narrowed down (STEP 1806). . For example, when the user selects the “OK” button (STEP 1807 Yes), the mobile phone 13 transmits a registration request to the authentication server 12 to register the sequence of elements as a password derivation pattern (STEP 1806). ), The process ends.

  In this way, the elements of the presentation pattern are narrowed down by repeating the input of the element value corresponding to the password derivation pattern to be registered, and the password derivation pattern intended by the user is specified.

  19 and 20 are screen examples illustrating a password derivation pattern registration method. First, assume that the screen shown in FIG. 19A is displayed on the mobile phone 13. Here, when the user inputs “9873” to the screen 20, the mobile phone 13 generates a new presentation pattern based on the input element sequence. That is, the mobile phone 13 extracts an element whose value is “9”, “8”, or “3” among the elements of the previous presentation pattern as a corresponding element. Since the number is not narrowed down to the number of input elements, the mobile phone 13 generates a new presentation pattern in which random numbers are assigned to the corresponding elements, and displays a registration screen as shown in FIG. .

  On this screen, the user again inputs the numbers assigned to the elements of the password derivation pattern to be registered, and narrows down the corresponding elements. In this case, the number to be input by the user is “6541”. When the corresponding element cannot be narrowed down, the mobile phone 13 generates a new presentation pattern, displays a registration screen as shown in FIG. 19C, and prompts the user for input. Therefore, the user inputs the number “8501” assigned to the element of the password derivation pattern to be registered on this screen.

  As a result of this input, the mobile phone 13 can narrow down the corresponding elements, and therefore presents a registration confirmation screen as shown in FIG. 20 to prompt the user for confirmation (STEP 1806). When the user selects the “OK” button 201 for these five screens, the mobile phone 13 transmits the sequence of elements to the authentication server 12 as a password derivation pattern. On the other hand, when the user selects the “redo” button 202, the mobile phone 13 starts over the password derivation pattern registration process from the beginning.

  As described above, according to the present embodiment, the elements of the presentation pattern can be narrowed down by repeating the presentation of the presentation pattern and the input of the element value corresponding to the password derivation pattern to be registered. Therefore, the password derivation pattern intended by the user can be specified. Therefore, even when the user interface is not sufficient like the mobile phone 13, the password derivation pattern can be registered very easily.

  In addition, according to the present embodiment, the password derivation pattern registration operation is performed in the same procedure as the actual password input operation, so that it can also be used for password input practice, and the password derivation pattern can be quickly and reliably provided to the user. Can be remembered.

  In the present embodiment, since the presentation pattern is randomly generated and the corresponding element intended by the user is narrowed down, three or more narrowing operations may be performed depending on the combination of the generated presentation patterns. It may take. In order to avoid such a situation, a fixed combination of presentation patterns that is always completed by two narrowing operations may be used.

[Fifth Embodiment]
This embodiment is characterized in that temporary identification information for temporarily identifying a user is generated instead of a fixed user ID for user authentication.

  FIG. 21 is a schematic diagram for explaining the overall scheme of the user authentication method according to the present embodiment. First, the user uses the personal computer 15 to register in advance the password derivation pattern for the usage target system 11 in the authentication database 14 ((1) in the figure). When the user intends to actually use the usage target system 11, the user operates the user interface of the usage target system 11 to display the system ID in order to obtain the system ID ((2) in the figure). .

  Next, the user inputs the system ID into the mobile phone 13 and transmits it to the authentication server 12 ((3) in the figure). In response to this, the authentication server 12 generates a random number table (in the present embodiment, matrix-like random information of 4 rows and 4 columns or 4 rows and 12 columns), and transmits this to the user's mobile phone 13 as a presentation pattern. At the same time, temporary identification information associated with the user ID for temporarily identifying the user is generated and transmitted to the user's mobile phone 13 ((4) in the figure). The user refers to the temporary identification information and the presentation pattern displayed on the mobile phone 13, and uses the temporary identification information and the element value assigned to the password derivation pattern as the password for the usage target system 11. Enter a sequence (numeric string). As a result, the usage target system 11 transmits the temporary identification information and the password to the authentication server 12 ((5) in the figure).

  When the authentication server 12 receives the temporary identification information and the password from the usage target system 11, the authentication server 12 identifies the user from the temporary identification information, and the number obtained from the password derivation pattern of the user already registered and the generated presentation pattern The column and the password transmitted from the usage target system 11 are compared to determine whether or not they match. The authentication server 12 notifies the usage target system 11 indicated by the system ID of an authentication success notification and system-specific user identification information to be described later if it is determined that they match, and an authentication failure notification otherwise. Send ((6) in the figure). When the usage target system 11 receives a notification of successful authentication from the authentication server 12 or 20, the usage target system 11 permits the user to use the usage target system 11.

  FIG. 22 is a diagram illustrating an example of the data structure of the authentication database 14. As shown in the figure, one record in the authentication database 14 includes a system ID field 51, a user account field 52, a user ID field 53, a password derivation pattern 25 field 54, and a temporary identification information field 56. And a system-specific user identification information field 57. In this example, the user “ogawa” is registered as an available user in each of the usage target systems 11 indicated by the system IDs “36578979”, “36578980”, and “36578981”. In addition, the mobile phone 13 indicated by the user ID “090xxxx1234” is set as the mobile phone 13 used by the user “ogawa” for user authentication. Further, for example, “1, 17, 33, 48,” is set as the password derivation pattern of the user “ogawa” registered in the usage target system 11 indicated by the system ID “36578979”.

  FIG. 23 is a diagram illustrating an example of a user authentication request waiting table (see the first embodiment). In this embodiment, the user authentication request waiting table includes an event ID field 100, a system ID field 101, a user ID field 102, a presentation pattern field 103, and a temporary identification information field 104.

  24 to 26 are flowcharts for explaining the flow of processing in the authentication server 12 according to the present embodiment. In the following flowchart, the process flow is described sequentially, but the process flow is not particularly limited to this. Accordingly, the processing flow may be configured to change the processing order or perform parallel processing.

  As shown in FIG. 24, when receiving the authentication procedure start message transmitted from the mobile phone 13, the authentication server 12 extracts the system ID and the user ID therefrom (STEP 2000). Subsequently, the authentication server 12 issues an event ID to wait for a user authentication request from the usage target system 11 indicated by the extracted system ID, and extracts it to a user authentication request waiting table as shown in FIG. Register the system ID and user ID.

  Next, the authentication server 12 determines whether or not temporary identification information is necessary when the user uses the usage target system 11 (STEP 2002). The authentication server 12 preferably determines whether to generate temporary identification information based on a request from the user. For example, the authentication server 12 requests information on whether or not the user uses the temporary identification information in the usage target system 13 by notifying the user's mobile phone 13. Then, the authentication server 12 determines whether to generate temporary identification information based on information received from the user via the mobile phone 13.

  Further, the authentication server 12 may register in advance information indicating whether to use temporary identification information for the usage target system 11 used by the user. In this case, the authentication server 12 determines whether to generate temporary identification information based on the information registered in advance, the system ID, and the user ID. Information indicating whether to use temporary identification information may be registered in advance at the time of user registration, for example, or may be registered at any time after user registration.

  When the authentication server 12 determines that the temporary identification information is not necessary for the usage target system 11 (NO in STEP 2002), the authentication server 12 calls a predetermined random number generation function to generate a random number and generate a presentation pattern (STEP 2012). ). When generating the presentation pattern, the authentication server 12 registers it in the above-described user authentication request waiting table (STEP 2014). Subsequently, the authentication server 12 transmits the presentation pattern to the user's mobile phone 13 (STEP 2018).

  If the authentication server 12 determines that the temporary identification information is necessary for the usage target system 11 (Yes in STEP 2002), the authentication server 12 determines whether the temporary identification information has already been registered for the usage target system 11 (STEP 2004). If the authentication server 12 determines that the temporary identification information is not registered (NO in STEP 2004), the authentication server 12 newly generates temporary identification information (STEP 2010). The temporary identification information is desirably information that is generated by a random number function and has little relation to the user ID, for example.

  If the authentication server 12 determines that the temporary identification information has already been registered (Yes in STEP 2004), the authentication server 12 is based on the elapsed time after generation of the temporary identification information, the number of times the temporary identification information is received in the server 12, and the like. It is determined whether or not the temporary identification information is valid (STEP 2006). If the authentication server 12 determines that the temporary identification information is not valid 15 (NO in STEP 2006), the authentication server 12 deletes the temporary identification information (STEP 2008) and newly generates temporary identification information (STEP 2010). Subsequently, the authentication server 12 registers the newly generated temporary identification information in the authentication database 14 and the authentication request waiting table (STEP 2011). In the present embodiment, the authentication server 12 generates “6584” as temporary identification information corresponding to the user ID “090xxxx1234” and registers it in the authentication database 14 and the authentication request waiting table (see FIGS. 22 and 23).

  Next, the authentication server 12 calls a predetermined random number generation function to generate a random number and generate a presentation pattern (STEP 2012). When generating the presentation pattern, the authentication server 12 registers it in the above-described user authentication request waiting table (STEP 2014). Subsequently, the authentication server 12 transmits the temporary identification information and the presentation pattern to the user's mobile phone 13 (STEP 2016). When the temporary identification information and the presentation pattern are transmitted to the mobile phone 13, the authentication server 12 waits for a user authentication request from the usage target system 11.

  In the present embodiment, the authentication server 12 determines the validity of the already registered temporary identification information according to the authentication start message from the user, the elapsed time after the generation of the temporary identification information, and the server of the temporary identification information. However, the authentication server 12 may determine the validity of the temporary identification information separately from the processing flow described with reference to FIG.

  As shown in FIG. 25, when the authentication server 12 waiting for the user authentication request receives the user authentication request from the usage target system 11 (Yes in STEP 2100), the authentication server 12 shown in FIG. 23 is based on the temporary identification information and the system ID. The user ID is specified by referring to the user authentication waiting request table (STEP 2102). After identifying the user ID, the authentication server 12 refers to the authentication database 14 and derives the in-system password from the presentation pattern based on the password derivation pattern for the user ID (STEP 2104). In this case, the authentication server 12 may derive the in-system password from the presentation pattern based on a predetermined conversion law as in the first embodiment.

  Next, the authentication server 12 determines whether or not the transmitted input password matches the in-system password (STEP 2106). If the authentication server 12 determines that they match, the authentication server 12 notifies the usage target system 11 indicated by the system ID that the authentication is successful (STEP 2108), but determines that they do not match. In this case, it is notified that the authentication has failed (STEP 2110). The usage target system 11 performs processing corresponding to the authentication result notified from the authentication server 12.

  In this embodiment, by using temporary identification information instead of the user ID, even if the user ID includes information that can identify the user, such as a mobile phone number, the information Can be configured without leaking to the usage target system 11. Thereby, even when the user uses the usage target system 11 with low reliability and safety, or the usage target system 11 that does not need to specify the user such as a questionnaire or does not want to notify personal information, for example. It is possible to secure anonymity and use it with peace of mind.

  FIG. 26 is a flowchart illustrating a process in which the authentication server 12 transmits the system-specific user identification information to the usage target system 11. When the user inputs temporary identification information to the usage target system 11 and the usage target system 11 permits the usage for the user, the authentication server 12 sends the user ID and the usage target system 11 to the usage target system 11. System-specific user identification information associated with (system ID) is transmitted. In this case, the system-specific user identification information is preferably fixed information for identifying each user for each usage target system 11.

  The authentication server 12 receives a request for system-specific user identification information from the usage target system 11 (STEP 2200). When a request for system-specific user identification information is received from the usage target system 11 (STEP 2200 Yes), the authentication server 12 confirms whether the system-specific user identification information for the usage target system 11 is registered in the authentication database 14. (STEP 2202). If the system-specific user identification information for the usage target system 11 is not registered in the authentication database 14, the authentication server 12 generates system-specific user identification information for the usage target system 11 (STEP 2204). ), It is registered in the authentication database 14 (STEP 2206). In the present embodiment, the authentication server 12 generates “125897” as system-specific user identification information for the usage target system 11 (system ID “36578980”) of the user (user ID “090xxxx1234”) and registers it in the authentication database 14. . Note that “125896” and “12515898” are registered in advance in the authentication database 14 as system-specific user identification information for the system IDs “36578979” and “36578981”, respectively.

  Next, the authentication server 12 transmits system-specific user identification information to the usage target system 11 (STEP 2208). In this case, if the authentication server 12 has user information about the usage target system 11 such as the usage frequency of the user usage target system 11, the authentication server 12 may also transmit the information together. Good. In this embodiment, the authentication server 12 transmits system-specific user identification information to the usage target system 11. Instead, the authentication server 12 uses the temporary identification information as system-specific user identification information as the usage target system 11. May be sent to.

  In the present embodiment, the authentication server 12 provides system-specific user identification information to the usage target system 11, whereby the usage target system 11 can specify a user who uses the usage target system 11. That is, the usage target system 11 can determine the identity of the user even when the user uses the temporary identification information. Thereby, the usage target system 11 can have information such as whether the user is a user who used the usage target system 11 before. In other words, the usage target system 11 can build data on user information in the usage target system 11 based on the user identification information for each system, and can provide services tailored to each user.

  FIG. 27 is a flowchart showing processing for generating system-specific user identification information (S2204 in FIG. 26). First, the authentication server 12 generates a random number conversion table (STEP 2300). The random number conversion table is preferably generated in accordance with characters such as letters and numbers included in the generated system-specific user identification information. For example, when the system-specific user identification information is composed of an M-digit numeric string (M is a natural number), the random number conversion table converts an M-digit numeric string into an M-digit numeric string (random number) different from the numeric string. ) May be a random number table for one-to-one conversion. That is, it is a random number table for converting each of M-digit number strings (10 to the Mth power) into different M-digit number strings (10 to the Mth power). In this embodiment, the system-specific user identification information generated is composed of a 6-digit number string, and a random number table including 1 million conversion patterns each corresponding to one to one is generated. The server 12 preferably uses the same random number table for each user. That is, when the random number table has already been generated, this step may be omitted.

  The system-specific user identification information may be configured by a numeric string having the same number of digits as the user ID, or may be configured by a numeric string having a different number of digits. The random number conversion table is preferably registered in the authentication database 14.

  Next, for each user ID, the authentication server 12 generates an internal identification ID for each user that identifies the user within the authentication server 12. It is preferable that the user-specific internal identification ID is not notified to the user and the usage target system 11. In the present embodiment, the user-specific internal identification ID is a numeric string having the same number of digits as the user ID, but may be a numeric string having a number of digits different from the user ID. The internal identification ID for each user is preferably registered in the authentication database 14.

  Next, the authentication server 12 generates a system conversion table for each usage target system 11 (STEP 2304). The system-specific conversion table is preferably not notified to the user and the usage target system 11. The conversion table for each system is a number conversion table for converting a predetermined number included in a predetermined number string into another number, or a number with a predetermined number and another number in a number string having a predetermined number of digits. Digit position conversion table for changing the number of digits in a digit string by deleting a predetermined digit or inserting a digit into a predetermined digit in a digit string having a predetermined number of digits It may be. In this case, it is desirable to perform conversion so that the conversion results of the digit conversion do not overlap at least in the same usage target system 13. The system-specific conversion table is preferably registered in the authentication database 14.

  Next, the authentication server 12 generates, for each usage target system 11, a system-specific internal identification ID for identifying the usage target system 11 in the authentication server 12 (STEP 2306). It is preferable that the internal identification ID for each system is not notified to the user and the usage target system 11. In this embodiment, the system-specific internal identification ID is a numeric string having the same number of digits as the user ID, but may be a numeric string having a number of digits different from the user ID. The system-specific internal identification ID is preferably registered in the authentication database 14.

  Next, the authentication server 12 adds the internal identification ID for each system to the internal identification ID for each user (STEP 2308). The security level can be increased by adding the internal identification ID generated for each user and the internal identification ID generated for each usage target system 11. The authentication server 12 adds the number in a predetermined digit of the internal identification ID for each user and the number in the predetermined digit of the internal identification ID for each system, so that the number in the predetermined digit is incremented. Processing may be performed so that the number of digits in the digit string after addition does not exceed the number of digits of the internal identification ID for each user and the internal identification ID for each system by deleting the number in the higher digit. Further, the authentication server 12 calculates a numeric string having a number of digits different from the internal identification ID for each user and / or the internal identification ID for each system by adding the internal identification ID for each user and the internal identification ID for each system. Also good. The authentication server 12 may calculate the user-specific internal identification ID and the system-specific identification ID by subtraction, multiplication, division, or other calculation methods.

  Next, the authentication server 12 converts the calculation result in STEP 2308 using the above-described conversion table for each system (STEP 2310). In the present embodiment, the authentication server 12 converts the addition result in STEP 2308 using the digit position conversion table. Then, the authentication server 12 converts the addition result obtained by converting the digit position into a 6-digit number string that is the number of digits of the number string included in the random number conversion table, using the digit number conversion table.

  Next, the authentication server 12 further converts the conversion result in STEP 2310 using the random number conversion table described above (STEP 2312). In the present embodiment, the authentication server 12 converts the conversion result in STEP 2310 into a 6-digit number string (random number) having the same number of digits as the conversion result. By converting using the random number conversion table, it becomes difficult to analyze the conversion result, so that the security level can be further increased.

  Next, the authentication server 12 further converts the conversion result in STEP 2312 using the above-described conversion table for each system (STEP 2314). In the present embodiment, the authentication server 12 obtains system-specific user identification information by converting the conversion result in STEP 2312 using a numeric conversion table. As a result, the security level can be further increased.

  According to the present embodiment, an internal identification ID and a conversion table are prepared for each user and for each usage target system 11, and conversion is performed based on the ID, so that the security level can be increased. In particular, in the present embodiment, since conversion is performed based on a random number conversion table, it is extremely difficult to specify information before conversion from the conversion result. That is, since it is extremely difficult to specify the user's personal information from the conversion result, the security level can be further increased. Moreover, this makes it possible to generate different system-specific user identification information for each usage target system 11. Furthermore, by generating identification information (system-specific user identification information) for each usage target system 11 for a predetermined user, the user is based on information transmitted from the authentication server 12 between the plurality of usage target systems 11. It is possible to prevent sharing of information between the usage target systems 11 such as matching the information.

[Sixth Embodiment]
The present embodiment relates to a method for authenticating a password input from the usage target system 11. Hereinafter, the password authentication method according to the present embodiment will be described by taking as an example a case where the password input to the usage target system 11 matches a digit string including a predetermined number in a predetermined digit of the password in the system. explain.

  FIG. 28 is a flowchart showing a password authentication method. First, when the authentication server 12 receives a password input from the usage target system 11 (STEP 2400: Yes), the authentication server 12 compares the input password with the in-system password (STEP 2402). If the input password matches the in-system password (YES in STEP 2404), the authentication server 12 notifies the usage target system 11 that the authentication has succeeded (STEP 2406).

  If the input password and the in-system password do not match (NO in STEP 2404), the authentication server 12 compares the input password with the in-system password (STEP 2408). In this embodiment, the authentication server 12 compares the number of digits of the input password with the number of digits of the password in the system (STEP 2410). If the number of digits of the input password matches the number of digits of the password in the system (No in STEP 2410), the authentication server 12 notifies the usage target system 11 that the authentication has failed (STEP 2412).

  The input password exemplified in this embodiment is “45871”, and the in-system password is “4587”. That is, the authentication server 12 determines that the input password and the in-system password do not match, and also determines that the number of digits is different.

  When the number of digits of the input password is different from the number of digits of the password in the system (YES in STEP 2410), the authentication server 12 deletes the character included in the designated position that is a predetermined position in the input password. (STEP 2414). In the present embodiment, the predetermined position is the digit “1”, that is, the rightmost digit, and the authentication server 12 determines the number “1” from the digit “1” of the input password “45871”. By deleting, "4587" is obtained. That is, a four-digit password is generated by deleting a predetermined number from the input password having a five-digit number.

  The designated position in the password is preferably registered in the authentication database 14 in advance. The designated position may be determined in association with each usage target system 11. In the present embodiment, the designated position in the password is registered in the authentication database 14 in advance, and the authentication server 12 reads the digit “1” as the designated position from the authentication database 14 and “1” of the input password. Delete the numbers in the digits.

  Next, the authentication server 12 determines whether or not the input password obtained by deleting a predetermined number matches the in-system password (STEP 2416). If it is determined that they do not match (NO in STEP 2416), the authentication server 12 notifies the usage target system 12 that the authentication has failed (STEP 2412).

  When the authentication server 12 determines that the input password obtained by deleting a predetermined number and the in-system password match (Yes in STEP 2416), the authentication server 12 successfully authenticates the usage target system 11. And that a predetermined process is to be performed (STEP 2418). Hereinafter, a method in which the authentication server 12 determines a process to be notified to the usage target system 11 will be described.

  FIG. 29 is a diagram illustrating a function code database in which a process notified to the usage target system 11 is associated with a function code corresponding to the process, which includes a predetermined character. As described above, the authentication server 12 registers in advance the function code to be included in the designated position of the input password and the process to be notified to the usage target system 11 in the authentication database 14 in association with each other. Then, the authentication server 12 extracts processing to be notified to the usage target system 11 from the function code database based on the deleted character included in the designated position of the input password, and notifies the usage target system 11. . A plurality of designated positions may be designated for one password. The function code may be a multi-digit number or a character such as a letter or a pictograph.

  For example, when the deleted character is “0”, the authentication server 12 notifies the usage target system 11 that it is for practice. Then, the utilization target system 11 provides a service for practice to the user. If the deleted character is “2”, the authentication server 12 notifies the usage target system 11 that an emergency has occurred. Then, the usage target system 11 performs processing such as reporting to the police or the like, locking the user ID, the temporary identification information, and the user identification information for each system. Further, when the usage target system 11 is a bank system and the user authenticates the user to make a transfer to a predetermined account, a transfer of zero yen as the transfer amount or an amount designated by the user is made. A dummy screen may be displayed on the screen of the usage target system 11 to make it appear as if it was transferred. Thereby, for example, even when the user is threatened and uses the usage target system 11, the user notifies the authentication server 12 and the usage target system 11 that an emergency has occurred without being noticed by others. be able to.

  If the deleted character is “9”, the authentication server 12 refers to the function code database to determine that the deleted character is a dummy, and the user system 11 performs user authentication. Notify of success. In this case, the authentication server 12 may also notify the usage target system 11 that a dummy is included as a function code.

  In this embodiment, since the password input is “45871” and the in-system password is “4587”, the authentication server 12 extracts the number “1” as the deleted character. Then, the authentication server 12 refers to the function code database included in the authentication database 14 and notifies the usage target system 11 that the authentication has been successful and that it is read-only. The usage target system 11 provides a read-only service to the user. The read-only service is, for example, a service such as a bank account balance inquiry or a bulletin board browsing. As a result, the user can obtain a read-only password, such as a password that can be used only for balance inquiry, which is generated each time user authentication is performed, and it is not known to others that the password is read-only. Using this password, you can request other people to check the balance.

  According to the present embodiment, by including a predetermined character in the password, the user can request the authentication server 12 and / or the usage target system 11 to perform a predetermined process without being known to others. . Further, by including a predetermined character in the password, it is possible to request the authentication server 12 and / or the usage target system 11 to perform a plurality of processes simply by inputting the password. Further, according to the present embodiment, by including a predetermined character in the password, the number of digits of the input password is increased, so that the security level of the password can be further increased.

[Seventh Embodiment]
The present embodiment relates to an authentication method for authenticating a user other than the user by inputting a password from the usage target system 11.

  FIG. 30 is a schematic diagram for explaining the overall scheme of the user authentication method according to the present embodiment. First, the user registers his / her password derivation pattern for the usage target system 11 and personal information necessary for using the usage target system 11 in the authentication database 14 in advance using the personal computer 15 ((1 in the figure)). )). The user acquires the system ID of the usage target system 11 from the confirmer who wants to verify the identity of the user using the usage target system 11 ((2) in the figure). For example, the user acquires the system ID of the confirmer's usage target system 11 through television, radio, magazines, or other information media.

  Next, the user inputs the system ID into the mobile phone 13 and transmits it to the authentication server 12 ((3) in the figure). Upon receiving this, the authentication server 12 generates a random number table and transmits it to the user's mobile phone 13 as a presentation pattern ((4) in the figure). At this time, the authentication server 12 may transmit temporary identification information to the mobile phone 13 of the user. The user refers to the presentation pattern displayed on the mobile phone 13, derives a sequence (password) of element values assigned to his password derivation pattern, and notifies this to the confirmer ((( Five)).

  For example, the user notifies the confirmer of the password by information transmission means such as a telephone or an e-mail. At this time, the user may notify the confirmer together with the temporary identification information. The confirmer inputs the password and / or temporary identification information notified from the user to the usage target system 11. Thereby, the utilization target system 11 transmits the input password and / or temporary identification information to the authentication server 12 ((6) in the figure).

  When the authentication server 12 accepts the password from the usage target system 11, the authentication server 12 obtains the password string transmitted from the usage target system 11 and the numeric string obtained from the password derivation pattern of the user already registered and the generated presentation pattern. A comparison is made to determine whether or not they match. The authentication server 12 transmits an authentication success notification to the usage target system 11 indicated by the system ID when it determines that they match, and an authentication failure notification otherwise ((7) in the figure). ). When the user is successfully authenticated, the confirmer uses the usage target system 11 to receive personal information necessary for the user from the authentication server 12.

  In the present embodiment, the confirmer receives, for example, a telephone shopping company, an accommodation agent who receives a reservation for accommodation, a real estate agent who receives a rental application, an issuer that issues various certificates, a credit company that performs credit and settlement, and a medical consultation. Such as a doctor. The necessary personal information is information about the user such as the user's address, telephone number, credit card number, deposit account, illness record, medical record, career, work place, and the like. The user may restrict personal information disclosed to a confirmer who uses the usage target system 11. For example, when transmitting the system ID from the mobile phone 13 to the authentication server 12, the user inputs a code for restricting the disclosure of personal information to the mobile phone 13 and transmits it to the authentication server 12.

  ADVANTAGE OF THE INVENTION According to this invention, the new user authentication method which prevents the unauthorized access of the third party with respect to a system effectively, and the system which implement | achieves this can be provided.

  Further, according to the present invention, since the existing system infrastructure is utilized to the maximum extent, it is possible to provide a user authentication method and a system for realizing the same without incurring an extra cost burden. .

  Furthermore, according to the present invention, it is possible to provide a user authentication method that is easy to use for all users and a system that realizes the same, while effectively preventing unauthorized access to the system while facilitating password management by the user. Will be able to.

It is the schematic for demonstrating the whole scheme of the user authentication method which concerns on one Embodiment of this invention. It is a figure for demonstrating the password derivation pattern which concerns on one Embodiment of this invention. It is a figure which shows an example of the password derivation pattern registration screen displayed on the personal computer which concerns on one Embodiment of this invention. It is a figure which shows an example of the confirmation screen of the setting displayed on the personal computer which concerns on one Embodiment of this invention. It is a figure which shows an example of the data structure of the authentication database which concerns on one Embodiment of this invention. It is a figure which shows an example of the reception screen displayed on the utilization object system which concerns on one Embodiment of this invention. It is a figure which shows an example of the menu screen displayed on the mobile telephone which concerns on one Embodiment of this invention. It is a figure which shows an example of the authentication procedure start screen displayed on the mobile telephone which concerns on one Embodiment of this invention. It is a flowchart for demonstrating the flow of the process in the authentication server which concerns on one Embodiment of this invention. It is a figure for demonstrating an example of the user authentication request waiting table which concerns on one Embodiment of this invention. It is a figure which shows an example of the random number table presentation screen displayed on the mobile telephone which concerns on embodiment of this invention. It is a figure which shows an example of the reception screen displayed on the utilization object system which concerns on one Embodiment of this invention. It is a figure which shows an example of the password input screen displayed on the utilization object system which concerns on one Embodiment of this invention. It is a flowchart for demonstrating the flow of the process in the authentication server which concerns on one Embodiment of this invention. It is the schematic for demonstrating the whole scheme of the user authentication method which concerns on one Embodiment of this invention. It is a figure which shows an example of the password derivation pattern registration screen displayed on the mobile telephone which concerns on one Embodiment of this invention. It is a figure which shows an example of the confirmation screen of the setting displayed on the mobile telephone which concerns on one Embodiment of this invention. It is a flowchart for demonstrating the flow of a process of the registration method of the password derivation pattern which concerns on one Embodiment of this invention. It is a screen example explaining the registration method of the password derivation pattern which concerns on one Embodiment of this invention. It is a screen example explaining the registration method of the password derivation pattern which concerns on one Embodiment of this invention. It is the schematic for demonstrating the whole scheme of the user authentication method which concerns on this embodiment. It is a figure which shows an example of the data structure of the authentication database. It is a figure which shows an example of a user authentication request waiting table. It is a flowchart for demonstrating the flow of a process in the authentication server 12 which concerns on this embodiment. It is a flowchart for demonstrating the flow of a process in the authentication server 12 which concerns on this embodiment. It is a flowchart for demonstrating the flow of a process in the authentication server 12 which concerns on this embodiment. It is a flowchart which shows the process which produces | generates user identification information classified by system. It is a flowchart which shows the authentication method of a password. It is a figure which shows the function code database which matched the process notified to the utilization object system 11, and the function code which is a character corresponding to the said process. It is the schematic for demonstrating the whole scheme of the user authentication method which concerns on this embodiment.

Claims (2)

A method for registering a password derivation pattern for deriving a password used for user authentication,
A generation step in which the server generates a presentation pattern in which a predetermined character is assigned to each element of a predetermined pattern composed of a plurality of elements;
An input step in which the server presents the generated presentation pattern to the user and prompts the user to input a character assigned to a specific element of the presentation pattern;
A specifying step of repeating the generation step and the input step until the server specifies a password derivation pattern based on the input character;
A registration step in which the server registers the identified password derivation pattern;
A method for registering a password derivation pattern, comprising:   In the generation step, the server generates a presentation pattern in which a predetermined character is newly assigned for an element to which the character input in the input step is assigned among the elements of the generated presentation pattern. The password derivation pattern registration method according to claim 1, wherein:

Images