JP4682320B2 - Authentication device, display input system, authentication instrument, authentication system, authentication method, authentication program, and recording medium - Google Patents

Description

  The present invention relates to an authentication system for authenticating a user, and an authentication device, a display input system, an authentication instrument, an authentication method, an authentication system, an authentication program, and a recording medium used in the authentication system.

  In recent years, with the development of communication networks, it is possible to access various host computers using communication networks. For example, a bank customer can access a host computer managed by the bank and perform various transactions such as deposit account balance inquiry and transfer. In such a transaction, the host computer needs to authenticate whether the user who has requested access is a registered genuine user.

  The most widely used user authentication method is a password authentication method. However, with the password authentication method, password leakage on the communication path, password stealing by a fake server pretending to be the original host server, password stealing by a key input recording program installed on the terminal PC, etc. Not safe. Also, since the types of passwords that can be stored are limited, such as birthdays, it is easy for others to guess.

  Therefore, there are the following techniques to further increase security.

  For example, in Patent Documents 1 to 3, a table in which numbers and pictures are randomly arranged in two dimensions is transmitted from the server, and the user side stores a predetermined position pattern on the table as a secret position pattern. In addition, a system is disclosed that inputs and transmits numbers and pictures corresponding to this position, or those obtained by performing computation on numbers corresponding to this position. As a result, the password input by the user is a so-called one-time password that changes each time according to the table transmitted from the server.

Also, in Patent Document 4, a user has a coordinate detector, a predetermined coordinate pattern is input to the coordinate detector, and the input coordinate pattern is compared with a registered coordinate pattern for authentication. A scheme is disclosed.
JP 10-307799 (released November 17, 1998) JP 2000-172544 (released June 23, 2000) JP 2003-256373 (published September 12, 2003) Japanese Patent Laid-Open No. 11-149454 (released on June 2, 1999)

  However, in the techniques of Patent Documents 1 to 3, when the table and the one-time password are intercepted many times on the communication line, the secret position pattern stored by the user can be easily estimated. For example, it is assumed that a set of information of a random two-dimensional table and a one-time password input thereto is leaked three times. Assume that the first character of the first one-time password is “3”, the first character of the second time is “5”, and the first character of the third time is “7”. Then, the position on the table that gives the first character of the one-time password is “3” in the first table, “5” in the second table, and “7” in the third table. . The expected value of the number of such positions is (1/10) x (1/10) x (1/10) of the number of positions in the entire table, so the table has only 1000 positions or less. In some cases, there is a high possibility of being identified. This is an estimation method that is possible not only for the first character but also for an arbitrary character. Thereby, the secret position pattern which the user has kept secret can be estimated.

  Even if there is no interception of the communication line, if the table sent from the server and the entered one-time password remain in the memory of the terminal on the user side, the secret location can be read by reading this memory. The pattern can be estimated. This is particularly likely to occur when using a terminal device installed in a public place. In addition, even a personal terminal device may have a virus that sends a table displayed on the terminal and an input one-time password to another device. Also, a fake server impersonating a server can obtain the same information as if multiple tables and one-time passwords were intercepted.

  Even with the technique of Patent Document 4, a fake server pretending to be a server can easily steal a coordinate pattern from a user.

  In order to protect the user from the estimation of the secret position pattern by such communication interception, it is conceivable to change the secret position pattern for every predetermined number of authentications. However, in this case, it is necessary to distribute the card in which the new secret position pattern is described to the user again, resulting in an increase in cost.

  The present invention has been made in view of the above-described problems, and an object of the present invention is to provide an authentication device, a display input system, an authentication device, an authentication method, and an authentication device that constitute a low-cost authentication system having high security. To realize a program and a recording medium.

In order to solve the above-described problems, an authentication apparatus according to the present invention is an authentication apparatus including the following (a) to (e) for authenticating a user through a display device and an input device. .
(A) When a plurality of cards having a predetermined shape in which holes or transparent portions are formed at a plurality of positions unique to the user are overlapped at a predetermined relative position, a plurality of holes or transparent matches in all the cards Common position acquisition means for acquiring common position information indicating the position of the part,
(B) Random image display means for displaying on the display device a random image which is an image of a predetermined shape and in which a plurality of different types of unit images are arranged randomly
(C) specific data determining means for determining specific data based on a unit image corresponding to the position indicated by the common position information acquired by the common position acquiring means in the random image;
(D) When the plurality of cards are overlapped at the relative position and superimposed on a random image displayed by the display device, it corresponds to the positions of a plurality of holes or transparent portions that coincide with all the cards. Input data acquisition means for acquiring input data input by a user based on a unit image to be obtained from the input device;
(E) Authentication means for performing authentication based on a collation result between the input data and the specific data.

An authentication method of the present invention recited in claim 14 is an authentication method in an authentication device for authenticating a user via a display device and an input device, and includes the following (a) to (e): This is a featured authentication method.
(A) When a plurality of cards having a predetermined shape in which holes or transparent portions are formed at a plurality of positions unique to the user are overlapped at a predetermined relative position, a plurality of holes or transparent matches in all the cards A common position acquisition step for acquiring common position information indicating the position of the part;
(B) a random image display step of causing the display device to display a random image of a predetermined shape in which different types of unit images are randomly arranged;
(C) a specific data determining step for determining specific data based on a unit image corresponding to the position indicated by the common position information in the random image;
(D) When the plurality of cards are overlapped at the relative position and superimposed on a random image displayed by the display device, it corresponds to the positions of a plurality of holes or transparent portions that coincide with all the cards. An input data acquisition step of acquiring input data input by the user based on the unit image to be acquired from the input device;
(E) An authentication step of performing authentication based on a collation result between the input data and the specific data.

  Here, the common position acquisition means described in (a) of claim 1 may acquire the common position information on the basis of, for example, the storage section storing the positions of the holes or transparent sections of each card and the relative position. Alternatively, the common position information may be acquired from a storage unit that stores the common position information in advance.

  According to the configuration of (a) to (e) of claim 1, the specific data determining means is in the position of the hole or the transparent portion that coincides when all the cards are superimposed at a predetermined relative position in the random image. Specific data is extracted based on the corresponding unit image. Further, the input data acquisition means includes a plurality of holes or transparent portions that coincide with all the cards when superimposed on a random image displayed by the display device in a state where a plurality of cards are superimposed at the relative position. The input data input by the user is acquired based on the unit image corresponding to the position. And it authenticates based on the collation result of input data and specific data.

  The hole or transparent part of the card is formed at a plurality of positions unique to the user. Therefore, only the user who owns the card can input the same input data as the specific data. Thereby, the user can be authenticated.

  Further, when performing authentication, a plurality of cards are overlapped at a predetermined relative position, and authentication is performed using a hole and a transparent portion that match in all the cards. Therefore, by changing the predetermined relative position, it is possible to easily change the positions of the hole and the transparent portion that match in all the cards. That is, the position pattern used for authentication can be easily changed.

  Thereby, even if the random image and the input data are stolen a plurality of times, the position pattern that is the basis of the input data is different, and thus the position of the hole or the transparent portion formed in the card cannot be estimated. Also, even if random images and input data are stolen, and the location pattern candidates for holes and transparent parts that match on all cards can be estimated, the location pattern will change next time, so the thief will use it illegally. Can not do it.

  In this way, the position pattern used for authentication can be easily changed depending on the relative position of each card (that is, the amount of shift of each card) when a plurality of cards are superimposed, and a new card needs to be distributed. Nor. That is, the position pattern used for authentication can be changed inexpensively and easily.

  Further, when the user memorizes the relative position when the cards are overlapped, there is little risk of unauthorized use even if all the cards are stolen.

  When the random image display means displays a random image on the display device, and the display device includes a display unit such as a display, the random image is displayed on the display unit, and the display device is paper or the like. When an image is printed on the medium, a random image is displayed on the medium by the printing process.

  As described above, an inexpensive authentication system having high security can be realized.

Further, the authentication device of the present invention recited in claim 2 is in addition to the configuration of claim 1,
(F) a position information storage unit for storing position information indicating the position of the hole or the transparent part of the card;
(G) relative position generating means for generating the relative position of each card;
(I) Relative position information display means for displaying information indicating the relative position generated by the relative position generation means on a display device;
The common position acquisition unit obtains the common position information based on the position information read from the position information storage unit and the relative position generated by the relative position generation unit.

  According to the configuration of the second aspect, the relative position generating means generates the relative position of each card when a plurality of cards are overlapped. Then, the relative position information display means displays information indicating the relative position on the display device. That is, the relative position information is randomly generated on the authentication device side.

  Therefore, the relative position information is changed for each authentication, and the position of the matching hole or transparent part is changed in all the cards with the change. As a result, even if the random image and the input data are stolen multiple times, the position pattern that is the basis of the input data is different, and therefore the position of the hole or transparent portion formed in the card cannot be estimated.

Furthermore, the authentication device of the present invention recited in claim 3 is in addition to the configuration of claim 1,
(J) a position information storage unit for storing the position of the hole or transparent part of the card;
(K) a relative position information storage unit that stores the relative position of each card in association with user identification information;
The common position acquisition unit obtains the common position information based on the position information read from the position information storage unit and the relative position information read from the relative position information storage unit.

  According to the configuration of claim 3, the user similarly stores the relative position. Therefore, even if all the cards are stolen, the relative position of the cards is not known, so that the risk of unauthorized use is reduced.

Furthermore, the authentication device of the present invention recited in claim 4 has, in addition to the configuration of claim 1,
(L) a position information storage unit for storing the position of the hole or transparent part of the card;
(M) a relative position information storage unit that stores the relative positions of some cards in association with user identification information;
(N) relative position generating means for generating the relative positions of the remaining cards;
(O) Relative position information display means for displaying information indicating the relative position generated by the relative position generation means on a display device;
And the common position acquisition unit is based on the position information read from the position information storage unit, the relative position information read from the relative position information storage unit, and the relative position generated by the relative position generation unit. The common position information is obtained.

  According to the configuration of claim 4, even if all the cards are stolen, the thief does not know the relative positions of some of the cards stored in the relative position information storage unit, so there is little risk of unauthorized use. Become.

  Further, in the authentication device of the present invention recited in claim 5, in addition to the configuration of claim 1, the unit image changes according to characters, pictures, symbols, numbers, colors, and time. It is at least one of the images whose change amount can be identified. According to the configuration of claim 5, the degree of freedom of the unit image is improved.

  Further, in the authentication apparatus of the present invention recited in claim 6, in addition to the configuration of claim 1, the relative position is indicated by a parallel movement amount along a predetermined axis.

  According to the configuration of the sixth aspect, the user can easily superimpose the cards with only the parallel movement amount along the predetermined axis. This improves the convenience for the user.

  Furthermore, in the authentication device of the present invention recited in claim 7, in addition to the configuration of claim 1, the relative position is indicated by a rotation angle centered on a point in the card.

  According to the configuration of the seventh aspect, since the cards are rotated and overlapped, the area where all the cards overlap does not change greatly depending on the rotation angle. For example, if the card is circular, the area where all the cards overlap at any relative position can be made constant. This makes it possible to increase the total number of card overlapping patterns (relative position patterns) without considering the area where all the cards overlap. As a result, the position of the hole or the transparent part of each card is more difficult to be estimated.

Moreover, the display input system of the present invention recited in claim 8 makes a request for authentication to the authentication device according to any one of claims 1 to 7, and includes a display device including the following (a): The display input system includes an input device including the following (b) and (c), and (d) a plurality of cards in which holes or transparent portions are formed at a plurality of positions unique to the user.
(A) Display means for acquiring a random image obtained by randomly arranging different types of unit images from the authentication device, and displaying the acquired random image in a predetermined shape;
(B) When the plurality of cards are overlaid on the random image displayed by the display means in a state where the plurality of cards are overlaid at a predetermined relative position, all the cards correspond to the positions of the matching holes or transparent portions. An input unit in which input data based on a unit image is input by a user;
(C) Input data transmission means for transmitting the input data input to the input unit to the authentication device.

  According to the configuration of (a) to (d) of claim 8, when the user superimposes a plurality of cards on a random image displayed by the display means in a state where the cards are superimposed at a predetermined relative position. In addition, input data based on unit images corresponding to the positions of the matching holes or transparent portions in all cards is input.

  Since the positions of the holes or transparent portions of the plurality of cards are unique to the user, only the user who owns the card can input correct input data. As a result, the user can be authenticated.

  Also, the input data input by the user varies depending on the relative position when a plurality of cards are overlapped. Therefore, by changing the relative position for each authentication, the positions of the matching holes or transparent portions in all the cards used for the authentication can be easily changed for each authentication.

  As a result, even if the random image and the input data are stolen multiple times, the position pattern that is the basis of the input data is different, and therefore the position of the hole or transparent portion formed in the card cannot be estimated. Also, even if random images and input data are stolen, and the location pattern candidates for holes and transparent parts that match on all cards can be estimated, the location pattern will change next time, so the thief will use it illegally. Can not do it.

  As described above, an inexpensive authentication system having high security can be realized.

  Note that the display device and the input device included in the display input system may be formed as one body or as separate bodies.

In addition, an authentication instrument of the present invention recited in claim 9 includes the following (a) to (c) used for user authentication in the display input system according to claim 8 .
(A) A plurality of cards in which holes or transparent portions are formed at a plurality of positions unique to the user. (B) The plurality of cards are held in a stacked state so that the relative position of each card can be changed. The card holding member (c) positioning means for determining the relative position of each of the cards. According to the configuration of (a) to (c) of claim 9, the user can make a hole or transparent that matches all the cards. The position of the part can be easily changed for each authentication. As a result, an authentication system having high security can be realized.

  In addition, if the card is stored inside the card holding member and the card holding member is sealed by an adhesive method such as melting, an unauthorized person must destroy the holder in order to make a copy of the card. It is necessary to take out each authentication card. For this reason, it is possible to know that it has been illegally copied.

  Further, as in the configuration (b) of the ninth aspect, the card holding member holds the card so that the relative position of each card can be changed. Therefore, the relative position set by the user is changed by the influence of gravity due to some impact or tilting. Therefore, even if the authentication device is stolen, the relative position used last time does not leak. As a result, security is improved.

  The positioning means is, for example, a mark such as a protrusion formed on the card, a mark written on the card, or a scale written on the card holding member. In addition, if the card is rectangular, the relative position may be set with reference to the end.

  According to a tenth aspect of the present invention, in addition to the configuration of the ninth aspect, the authentication device of the present invention protrudes from the card holding member except when each card is at a predetermined initial position in the card holding member. It is characterized by that.

  According to the configuration of claim 10, the user returns the card protruding from the card holding member to the initial position after the end of authentication. That is, immediately after the authentication, the information indicating the relative position of each card moved at the time of authentication is deleted. Therefore, even if the authentication instrument is stolen, the relative position used last time does not leak. As a result, security is improved.

  Furthermore, in addition to the configurations of the ninth and tenth aspects, the authentication instrument recited in the eleventh aspect is such that the card is rectangular and the relative position is indicated by a parallel movement amount along a predetermined axis. is there.

  According to the configuration of the eleventh aspect, the user can easily superimpose the cards with only the amount of translation along the predetermined axis. This improves the convenience for the user.

  Further, in the authentication device recited in claim 12, in addition to the configurations of claims 9 and 10, the card is substantially circular, and the relative position is indicated by a rotation angle with respect to a substantially center point in the card. It is.

  According to the configuration of the twelfth aspect, it is possible to increase the number of overlapping patterns (relative position patterns) of cards without considering an area where all cards overlap. As a result, the position of the hole or the transparent part of each card is more difficult to be estimated.

  An authentication system according to a thirteenth aspect of the present invention includes the authentication device according to any one of the first to seventh aspects, and the display input system according to the eighth aspect.

  As a result, it is possible to realize an authentication system that has high security and is inexpensive.

  The authentication device or the display input system may be realized by a computer. In this case, the authentication device or the display input system is realized by a computer by causing the computer to operate as the respective means. An authentication program for a display input system and a computer-readable recording medium on which the authentication program is recorded also fall within the scope of the present invention.

As described above, the authentication device of the present invention is an authentication device including the following (a) to (e) that authenticates a user through a display device and an input device.
(A) When a plurality of cards having a predetermined shape in which holes or transparent portions are formed at a plurality of positions unique to the user are overlapped at a predetermined relative position, a plurality of holes or transparent matches in all the cards Common position acquisition means for acquiring common position information indicating the position of the part (b) Random image display for displaying on the display device a random image, which is an image of a predetermined shape and in which different types of unit images are randomly arranged Means (c) specific data determination means for determining specific data based on a unit image corresponding to the position indicated by the common position information acquired by the common position acquisition means in the random image; (d) the plurality of cards; When overlaid on the random image displayed by the display device in the state of being overlaid at the relative position, it corresponds to the position of a plurality of holes or transparent portions that match in all the cards. The input data entered by the user based on the unit image, authenticating means for performing authentication based on the collation result between the input data acquisition means (e) the input data and the specific data to be acquired from the input device.

  Therefore, an inexpensive authentication system having high security can be realized.

[Embodiment 1]
An embodiment of the present invention will be described with reference to FIGS. 1 to 9 as follows. FIG. 2 is a block diagram showing the overall configuration of the authentication system according to the present embodiment. As illustrated, the authentication system of the present embodiment includes a server device (authentication device) 1 and a terminal device (display device and input device) 2 that can communicate with each other via a communication network N.

  The communication network N is the Internet, intranet, extranet, LAN, ISDN, VAN, CATV communication network, virtual private network, telephone line network, mobile communication network, satellite communication network, etc. But you can.

  The user has registered for use with the server device 1 in advance, and has a plurality of (here, for example, four) perforated cards 4 (4A, 4B, 4C, 4D) unique to the user and a user ID. Is given.

  Each perforated card 4 (4A, 4B, 4C, 4D) is stored in a card holder (card holding member) 5 so as to be movable in the lateral direction so that it can be stacked at a relative position shifted by a predetermined amount. Has been.

FIG. 3 shows a normal state in which four perforated cards 4 are stored in the card holder 5. FIG. 4 is a plan view showing the card holder 5, and FIG.
FIG.

  As shown in FIG. 4, the card holder 5 includes two sheets 51 and 52. The entire area of the back side sheet 51 is transparent, but the front side sheet 52 is transparent only in the transparent area 53 having a predetermined shape. The transparent area 53 has the same shape as a random table (described later) displayed on the terminal device 2.

  Further, the sheet 51 on the back side of the card holder 5 has a positioning scale (positioning means) 54 for determining the relative positional relationship of the perforated cards 4. For example, the positioning scale 54 is a scale in which numbers from “0” to “9” are arranged at equal intervals, as illustrated.

  As shown in FIG. 5, each holed card 4 has holes 41 formed at a plurality of positions unique to the user. In addition, the part in which the hole 41 is not formed is opaque. Further, a hole number for identifying each hole 41 is given to the plurality of holes 41. For example, as shown in the figure, hole numbers “1” to “30” are given in order from the upper left hole 41, and this hole number is a portion adjacent to the corresponding hole 41 (in FIGS. 3 and 5). The lower part of each hole 41).

  Each perforated card 4 has an identification symbol (A, B, C, D) and a positioning projection (positioning means) 42. The perforated card 4A has the identification symbol A, the perforated card 4B has the identification symbol B, the perforated card 4C has the identification symbol C, and the perforated card 4C has the identification symbol D.

  Further, the position coordinates of the holes 41 formed in each holed card 4 are represented by a row number y and a column number x. For example, in FIG. 5, there are the first to eighth rows (y = 1 to 8), the first column to the 24th column (x = 1 to 24). However, when the positioning protrusion 42 is aligned with the left end of the positioning scale 54 (here, “0”, for example), the 10th to 24th rows correspond to the transparent region 53 of the card holder 5 and are used for positioning. When the protrusion 42 is aligned with the right end of the positioning scale 54 (here, “9”, for example), the first to fifteenth rows correspond to the transparent region 53 of the card holder 5.

  As shown in FIG. 3, each perforated card 4 is positioned between the sheets 51 and 52 of the card holder 5 and is supported so as to be movable in the lateral direction. Further, when the perforated card 4 is stored in the card holder 5, the alignment projection 42 of the perforated card 4 comes close to the alignment scale 54. Therefore, the user can adjust the alignment protrusion 42 to an arbitrary number on the alignment scale 54 by moving the perforated card 4 in the horizontal direction.

  The user aligns the positioning projections 42 of the perforated cards 4 with the numbers on the positioning scale 54 corresponding to the perforated cards 4 from A to D transmitted from the server device 1. Thereby, each perforated card | curd 4 can be piled up in the relative position which the server apparatus 1 designates.

  The perforated card 4 has a shape that is larger in the lateral direction than the transparent region 53 of the card holder 5. This is because the perforated card 4 can occupy the entire transparent area 53 even when the perforated cards 4 are shifted in the horizontal direction. That is, all the cards overlap in the transparent region 53 at any relative position.

  For example, in the holed card 4A with the identification number A in FIG. 5, only 19 holes 41 among the holes 41 with the hole numbers “1” to “30” correspond to the transparent region 53 as shown in FIG. ing.

  Further, when the perforated cards 4 are overlapped, the user can see the back direction of the card holder 5 only through the plurality of common holes 6 that coincide with all the perforated cards 4. In FIG. 3, the holes 41 with the hole numbers “5”, “11”, “17”, “23”, and “25” of the holed card 4 </ b> A are the common holes 6.

  Note that the number of overlapping patterns of the four perforated cards 4 is 10,000, which is the fourth power of the number of alignment marks 54. Further, the number of common holes 6 varies depending on the overlapping pattern of the perforated cards 4.

<Configuration of server device>
Next, the configuration of the server device 1 will be described. FIG. 1 is a block diagram illustrating a configuration of the server device 1. As illustrated, the server device 1 includes a communication unit 11, an enlargement ratio storage unit 10, an access request acquisition unit 12, a random table generation unit 13, a relative position information generation unit (relative position generation unit) 14, and a hole pattern storage unit. (Position information storage unit) 15, common hole position extraction unit (common position acquisition unit) 16, specific data string extraction unit (specific data determination unit) 17, transmission processing unit (random image display unit, relative position information display unit) 18 , An answer data string acquisition unit (input data acquisition unit) 19 and an authentication determination unit (authentication unit) 20 are provided.

  The communication unit 11 communicates with the terminal device 2 via the communication network N.

  The enlargement ratio storage unit 10 includes display information indicating the type (for example, 14 inches and 17 inches) and the resolution (for example, 800 × 600 pixels and 1024 × 768 pixels) of the terminal device 2, and the terminal device When a random image is displayed on the display unit 2, the enlargement ratio at which the image including the random image becomes the same size as the card holder 5 is stored in association with each other.

  The access request acquisition unit 12 acquires an access request from the terminal device 2 via the communication unit 11. To the access request, a user ID assigned to each user and display information indicating the type and resolution of the display unit of the terminal device 2 used by the user are added.

  The access request acquisition unit 12 reads an enlargement rate corresponding to the display information added to the access request from the enlargement rate storage unit 10.

  The access request acquisition unit 12 acquires an optimal enlargement rate from the terminal device 2 when receiving an access request to which display information that is not stored in the enlargement rate storage unit 10 is added. Specifically, the access request acquisition unit 12 transmits a sample image having the same shape as the card holder 5 having an enlargement factor of 1 and an enlargement factor setting instruction to the terminal device 2, and the transmitted sample image is sent to the card. Enter the enlargement ratio to be the same size as the holder 5. Then, the access request acquisition unit 12 acquires the enlargement ratio input to the terminal device 2.

  The access request acquisition unit 12 outputs, to the transmission processing unit 18, enlargement rate information indicating the enlargement rate read from the enlargement rate storage unit 10 or the enlargement rate acquired from the terminal device 2.

  The random table generation unit 13 generates a random table of 15 columns and 8 rows in which 26 alphabets are randomly arranged, and outputs the generated random table to the specific data sequence extraction unit 17.

  The relative position information generation unit 14 generates a relative position of each perforated card 4 when the four perforated cards 4 (4A, 4B, 4C, 4D) possessed by the user are overlapped in the card holder 5. Is.

  Specifically, the relative position information generation unit 14 randomly generates numbers on the positioning scale 54 that align the positioning protrusions 42 of the perforated cards 4A, 4B, 4C, and 4D. The relative position information generation unit 14 outputs relative position information indicating the number of the positioning scale 54 generated for each of the perforated cards 4 from A to D to the common hole position extraction unit 16.

  The hole pattern storage unit 15 stores the user ID and the position coordinates of the holes 41 of the four perforated cards 4A, 4B, 4C, and 4D distributed to the user in association with each other. Table 1 is a table showing a storage example of the hole pattern storage unit 15. As shown in Table 1, for example, the hole pattern storage unit 15 includes a user ID “XXX” and position coordinates (4, 1), (12, 1) of the hole 41 of the holed card A (22, 8), position coordinates (1, 1), (4, 1) (23, 8) of the hole 41 of the holed card B, position coordinates (3, 1), (5, 5) of the hole 41 of the holed card C 1)... (22, 8) and the position coordinates (2, 1), (9, 1)... (20, 8) of the hole 41 of the holed card D are stored in association with each other. The first number in parentheses indicates the column number, and the second number indicates the row number.

  The common hole position extraction unit 16 aligns the alignment protrusions 42 of the perforated cards 4 with the positioning scale 54 corresponding to the relative position information generated by the relative position information generation unit 14, so 4, and the position coordinates of the common hole 6 located in the transparent region 53 of the card holder 5 are extracted.

  Specifically, the common hole position extraction unit 16 reads the position coordinates of the holes 41 corresponding to the four holed cards 4 from A to D corresponding to the user ID from the hole pattern storage unit 15.

  Further, the common hole position extraction unit 16 reads out from the hole pattern storage unit 15 based on the numbers (relative position information) of the positioning scale 54 corresponding to each holed card 4 generated by the relative position information generation unit 14. The position coordinates of the hole 41 are adjusted. Specifically, when the number of the positioning scale 54 corresponding to the holed card 4 is p, the common hole position extraction unit 16 sets the column number x of the position coordinates of the hole 41 of the holed card 4 to x + p. The position coordinates of the holes 41 of each perforated card 4 are matched with the position coordinates based on when the alignment protrusion 42 is aligned with the numeral “0” of the alignment scale 54.

  The common hole position extraction unit 16 uses the adjusted position coordinates of the four perforated cards 4 when the perforated cards 4 are overlapped in the card holder 5, and the common hole 6 matches all the perforated cards 4. In addition, it is determined whether or not the number of the common holes 6 located in the transparent region 53 of the card holder 5 is within a predetermined range (for example, 4 or more).

  The adjusted position coordinates are based on the time when the positioning protrusion 42 of the perforated card 4 is set to “0” of the positioning scale 54. As described above, when the positioning protrusion 42 is set to “0” of the positioning scale 54, the 10th to 24th columns correspond to the transparent region 53 of the card holder 5. Therefore, the common hole position extraction unit 20 counts the number of common holes 6 positioned in the transparent region 53 of the card holder 6 in consideration of this correspondence. That is, the common hole position extraction unit 16 counts the number of common holes 6 in which the adjusted column number x + p is in the range of 10 to 24.

  When the number of the common holes 6 is not within the predetermined range, the common hole position extraction unit 16 outputs a relative position information regeneration instruction to the relative position information generation unit 14 and acquires new relative position information.

  On the other hand, when the number of the common holes 6 is within the predetermined range, the common hole position extraction unit 16 extracts the position coordinates of the common hole 6 from the adjusted position coordinates, and uses the extracted adjusted position coordinates of the common hole 6. In addition to outputting to the specific data string extraction unit 17, the relative position information is output to the transmission processing unit 18.

  The specific data string extraction unit 17 sets the alphabet corresponding to the common hole 6 in a predetermined order (here, in the transparent region 53) when the card holder 5 is matched with the image including the random table generated by the random table generation unit 13. Extracting specific data columns arranged in the 1st to 15th columns of the 1st row, the 1st to 15th columns of the 2nd row,..., The 8th row in the order of the 1st to 15th columns) It is. As will be described later, when the card holder 5 is matched with an image including a random table generated by the random table generation unit 13, the transparent area 53 of the card holder 5 and the random table overlap each other.

  Specifically, the data string extraction unit 17 calculates table correspondence coordinates obtained by subtracting 9 from the column number of the adjusted position coordinates of the common hole 6 extracted by the common hole position extraction unit 16. As described above, in the column numbers of the adjusted position coordinates, 10 to 24 columns are coordinates located in the transparent region 53 of the card holder 5. That is, the table corresponding coordinate obtained by subtracting 9 from the column number of the adjusted position coordinate in the common hole 6 matches the column number and the row number in the random table when the random table is aligned with the transparent region 53 of the card holder 5. It will be.

  The specific data string extraction unit 17 extracts a specific data string in which alphabets corresponding to the common holes 6 are arranged in the predetermined order based on the table corresponding coordinates. Further, the specific data string extraction unit 17 outputs specific data string information indicating the extracted specific data string to the authentication determination unit 20 and outputs an image including a random table to the transmission processing unit 18.

  The transmission processing unit 18 transmits the random table image data including information indicating the random table output from the specific data string extraction unit 17 and the relative position information output from the common hole position extraction unit 16 to the communication unit 11 and the communication. The data is transmitted to the terminal device 2 via the network N. Then, the transmission processing unit 18 causes the terminal device 2 to display an image including a random table and relative position information.

  Note that the transmission processing unit 18 performs random table image enlargement / reduction processing according to the enlargement rate obtained from the access request acquisition unit 12, and then transmits random table image data.

  Based on the relative position information displayed on the terminal device 2, the user can recognize which numbering positioning scale 54 the positioning protrusions 42 of each holed card 4 are aligned with.

  Further, an image including the random table and the same size as the card holder 5 is displayed on the display unit of the terminal device 2. When the card holder 5 is overlaid on the image including the random table, the image including the random table is set so that the transparent area 53 of the card holder overlaps the random table.

  The answer data string acquisition unit 19 aligns the card holder 5 with an image having the same shape as the card holder 5 including the random table displayed on the terminal device 2 and arranges the alphabets visible from the common hole 6 in the predetermined order. Is obtained from the terminal device 2 via the communication unit 11 and the communication network N.

  The authentication determination unit 20 collates the response data sequence information acquired by the response data sequence acquisition unit 19 with the specific data sequence information output from the specific data sequence extraction unit 17, and the verification result is “match” It is determined that the authentication is successful.

<Configuration of terminal device>
Next, the configuration of the terminal device 2 will be described. As shown in FIG. 6, the terminal device 2 includes a communication unit (input data transmission unit) 21, a control unit (input data transmission unit, display unit) 22, a display unit (display unit) 23, and an input unit 24. Yes.

  The communication unit 21 communicates with the server device 1 via the communication network N. The display unit 23 is configured by a liquid crystal display, for example. The input unit 24 is configured by, for example, a keyboard, a numeric keypad, or a mouse.

  In response to various instructions received from the server device 1 via the communication network N and the communication unit 21 or various instructions input to the input unit 24, the control unit 22 communicates with the communication unit 21, the display unit 23, and the input. The unit 24 is controlled.

  The control unit 22 causes the display unit 23 to display an input instruction for the user ID and display information indicating the type and resolution of the display unit 23 of the terminal device 2 in accordance with the access request instruction input from the input unit 24. Then, the control unit 22 transmits an access request to which the user ID input to the input unit 24 and the display information added via the communication unit 21 are added to the server device 1.

  Alternatively, the control unit 22 may store display information related to the display unit 23 in advance and add the display information to the access request. This eliminates the need for the user to input display information.

  Further, when receiving an enlargement ratio setting instruction from the server device 1, the control unit 22 displays the image received from the server device 1 on the display unit 23, and the enlargement rate at which the image becomes the same size as the card holder 5. An input instruction is displayed on the display unit 23. Then, the control unit 22 transmits the enlargement ratio input to the input unit 24 to the server device 1.

  Further, the control unit 22 displays an image having the same shape as the card holder 5 including the relative position information and the random table transmitted from the server device 1 on the display unit 23, and inputs an answer data string instruction to the display unit 23. Display.

  Accordingly, the user can superimpose the perforated cards 4 according to the relative position information displayed on the display unit 23. Then, the user overlaps the transparent area 53 of the card holder 5 with the random table by superimposing the card holder 5 on the image including the random table displayed on the display unit 23. Furthermore, the user inputs to the input unit 24 a response data string in which alphabets that are visible from the common hole 6 are arranged in ascending order of the hole numbers in accordance with the input instruction of the response data string.

  The hole numbers are arranged in ascending order from the first to the fifteenth column of the first row in the transparent region 53, from the first to the fifteenth column of the second row, ..., from the first to the fifteenth column of the eighth row. In order of increasing hole numbers, the order of the first row in the transparent region 53 is from the first column to the fifteenth column, the second row from the first column to the fifteenth column,. It matches the order of the 1st to 15th columns.

  The control unit 22 transmits answer data string information indicating the answer data string input to the input unit 24 to the server device 1 via the communication unit 21 and the communication network N.

<About the flow of authentication processing>
Next, the processing flow of the authentication system will be described. FIG. 7 is a flowchart showing a flow of authentication processing according to the present embodiment.

  First, the access request acquisition unit 12 of the server device 1 acquires an access request to which a user ID and display information are added from the terminal device 2 (S1).

  Next, the access request acquisition unit 12 reads the enlargement rate corresponding to the display information acquired from the terminal device 2 from the enlargement rate storage unit 10 and determines the enlargement rate of the random table.

  When the display information acquired from the terminal device 2 is not stored in the enlargement ratio storage unit 10, the access request acquisition unit 12 displays the sample image displayed on the display unit 23 of the terminal device 2 having the same size as the perforated card 4. The enlargement ratio is acquired from the terminal device 2, and the acquired enlargement ratio is determined as the enlargement ratio of the image having the same shape as the card holder 5 including the random table that is displayed on the terminal device 2.

  In this way, the access request acquisition unit 12 determines the enlargement ratio of the image having the same shape as the card holder 5 including the random table displayed on the terminal device 2 (S2).

  Next, the relative position information generation unit 14 randomly generates numbers (relative position information) of the positioning scale 54 corresponding to the four perforated cards 4 from A to D, and uses the generated relative position information as a common hole. The data is output to the position extraction unit 16 (S3).

  Subsequently, the common hole position extraction unit 16 reads the position coordinates of the holes 41 of the four holed cards 4 from A to D corresponding to the user ID from the hole pattern storage unit 15. Then, the common hole position extraction unit 16 adjusts the position coordinates of the holes 41 read from the hole pattern storage unit 15 based on the numbers on the positioning scale 54 generated by the relative position information generation unit 14. Since this adjustment method has been described above, a description thereof will be omitted here.

  Then, the common hole position extraction unit 16 matches the entire holed card 4 when the holed card 4 is overlapped in the card holder 5 based on the adjusted position coordinates, and also transmits the transparent area of the card holder 5. The number of common holes 6 positioned in 53 is counted, and it is determined whether or not the counted number is within a predetermined range (S4).

  When the number of the common holes 6 located in the transparent region 53 is not within the predetermined range (No in S4), the process returns to S3.

  On the other hand, when the number of the common holes 6 positioned in the transparent region 53 is within the predetermined range (Yes in S4), the common hole position extraction unit 16 extracts the adjusted position coordinates of the common holes 6 (S5).

  Next, the random table generating unit 13 generates an 8 × 15 random table in which alphabets are randomly arranged (S6).

  Next, the specific data string extraction unit 17 extracts the alphabet of the position coordinates that match the table corresponding coordinates obtained by subtracting 9 from the column number of the adjusted position coordinates of the common hole 6 extracted by the common hole position extraction unit 16 from the random table. Are arranged in a predetermined order (here, from the first column to the last column in the first row, from the first column to the last column in the second row, ..., from the first column to the last column in the eighth row). A specific data string is extracted (S7).

  Thereafter, the specific data string extraction unit 17 outputs specific data string information indicating the extracted specific data string to the authentication determination unit 20 and also outputs a random table to the transmission processing unit 18.

  Next, the transmission processing unit 18 performs enlargement / reduction processing of an image having the same shape as the card holder 5 including the random table according to the enlargement rate received from the access request acquisition unit 12, and the card including the random table after processing. The image data having the same shape as the holder 5 and the relative position information output from the common hole position extracting unit 16 are transmitted to the terminal device 2 via the communication unit 11 and the communication network N (S8).

  In response to this, the control unit 22 of the terminal device 2 causes the display unit 23 to display an image having the same shape as the card holder 5 including the acquired random table and relative position information. At this time, the control unit 22 also displays an input instruction for the answer data string.

  FIG. 8 is a diagram illustrating a display example of the display unit 23 of the terminal device 2 after the process of S8. 8 is a random table arranged in 8 rows and 15 columns, and the a ′ portion is an image having the same shape as the card holder 5 including the random table. Further, part b in FIG. 8 indicates relative position information, which indicates which number on the alignment scale 54 the alignment protrusion 42 of each perforated card 4 is aligned. Further, part c in FIG. 8 shows an instruction to input an answer data string.

  The user aligns the alignment protrusions 42 of the perforated cards 4 with the numbers on the alignment scale 54 in accordance with the relative position information of part b of FIG. Then, the user overlaps the transparent area 53 with the random table of the a part of FIG. 8 by superimposing the card holder 5 on the image (a 'part of FIG. 8) having the same shape as the card holder 5 including the random table.

  FIG. 9 shows an example when the card holder 5 is superimposed on an image (a ′ portion in FIG. 9) having the same shape as the card holder 5 including the random table displayed on the display unit 23. At this time, the transparent area 53 of the card holder 5 overlaps with the random table.

  In FIG. 9, the answer data string in which alphabets visible from the common hole 6 are arranged in the order of the hole numbers is “bkcwf”. At this time, the user inputs this answer data string “bkcwf” to the input unit 24.

  Thereafter, the control unit 22 transmits answer data string information indicating the input answer data string to the server device 1 via the communication unit 21 and the communication network N. In response to this, the answer data string acquisition unit 19 of the server device 1 acquires the answer data string information (S9).

  Next, the authentication determination unit 20 determines authentication based on the collation result between the response data sequence information acquired by the response data sequence acquisition unit 19 and the specific data sequence information extracted by the specific data sequence extraction unit 17 ( S10). That is, when the collation result is “match”, the authentication is successful, and when the collation result is “mismatch”, the authentication is failed.

  As described above, the specific data string extraction unit 17 arranges the alphabets corresponding to the common holes 6 that match when all the perforated cards 4 are superimposed according to the relative position information in the random table in a predetermined order. To extract. In addition, the answer data acquisition unit 19 displays the random table displayed on the display unit 23 of the terminal device 2 with the card holder 5 in a state where the four perforated cards 4 are overlapped at the relative position indicated by the relative position information. An answer data string input by the user is acquired based on the alphabet that can be seen from the common hole 6 when superimposed on the image having the same shape as the card holder 5 included. And it authenticates based on the collation result with an answer data sequence and a specific data sequence.

  Since the holes 41 of the perforated card 4 are formed at a plurality of positions unique to the user, only the user who owns the perforated card 4 can input the same answer data string as the specific data string. it can. Thereby, the user can be authenticated.

  Further, when performing authentication, a plurality of cards are overlapped at a relative position designated by the server device 1, and authentication is performed using the common hole 6. Therefore, when the server device 1 changes the relative position for each authentication, the position of the common hole 6 is also changed for each authentication. Therefore, even if the random table image and the answer data string are stolen a plurality of times, the position pattern cannot be estimated because the position pattern of the common hole 6 that is the basis of the answer data string is changed. That is, the position of the hole 41 of each holed card 4 cannot be specified.

  As described above, the method of changing the position pattern at the time of authentication according to the present embodiment can be easily performed according to the relative position of each card (that is, the shift amount of each card) when a plurality of cards are overlapped. There is no need to distribute a new card. That is, the position pattern used for authentication can be changed inexpensively and easily.

  As described above, an inexpensive authentication system having high security can be realized.

  In the present embodiment, the access request acquisition unit 12 acquires the enlargement rate from the terminal device 2 when the display information added to the access request is not in the enlargement rate storage unit 10. More preferably, the enlargement rate once acquired by the access request acquisition unit 12 is stored in association with the user ID, and the enlargement rate corresponding to the user ID is transmitted from the second access request. Determine as the magnification. This eliminates the need for the user to input the enlargement ratio every time, improving convenience.

[Embodiment 2]
The following will describe another embodiment of the present invention with reference to FIG. 10 and FIG. For convenience of explanation, members having the same functions as those in the drawings described in the first embodiment are denoted by the same reference numerals and description thereof is omitted.

  In the first embodiment, the server device 1 randomly generates the relative position information of all the perforated cards 4 and displays the generated relative position information on the terminal device 2. In the present embodiment, the server apparatus 1 stores in advance the relative position information of some of the perforated cards 4 for each user ID. In this case, the user also needs to store the relative position information of the partly perforated card 4. Thereby, even if the holed card 4 and the card holder 5 are stolen, it can be prevented from being used illegally.

  In the first embodiment, the number of perforated cards 4 owned by the user is four, but in the present embodiment, the number is eight. That is, the user possesses eight perforated cards 4 each having identification symbols A to H attached thereto. Hereinafter, among the eight perforated cards 4, the perforated card 4 with the identification symbols A to D is referred to as the first half perforated card 4, and the perforated card 4 with the identification symbols E to H is referred to as the second half perforated card 4. To do.

<Configuration of server device>
FIG. 10 is a block diagram showing the configuration of the server apparatus (authentication apparatus) 101 of this embodiment. As illustrated, the server apparatus 101 includes a common hole position extraction unit (common position acquisition means) 116 instead of the common hole position extraction unit 16 as compared with the server apparatus 1, and further stores relative position information. It differs in that it has a portion 114.

  Note that the hole pattern storage unit 15 of the present embodiment stores the position coordinates of the holes 41 of the eight perforated cards 4 with the identification symbols A to H in association with the user ID.

  In addition, the relative position information generation unit 14 of the present embodiment randomly generates only the relative position information (first half relative position information) corresponding to the first half perforated card 4.

  The relative position information storage unit 114 stores in advance, for each user ID, a number on the positioning scale 54 with which the latter half holed card 4 is fitted (second half relative position information). The relative position information storage unit 114 is updated in response to a relative position information change request from the user. The latter relative position information is also stored by the user.

  Table 2 is a table showing an example of storage in the relative position information storage unit 114. As shown in Table 2, the relative position information storage unit 114 includes, for example, the user ID “XXX”, the alignment mark 54 “8” of the holed card 4 with the identification symbol E, and the hole with the identification symbol F. Relative scale 54 “5” for alignment of card 4, alignment scale 54 “3” for perforated card 4 with identification symbol G, and alignment scale 54 “0” for perforated card 4 with identification symbol H The position information is stored in association with each other.

  The common hole position extraction unit 116 creates each hole according to the first half relative position information generated by the relative position information generation unit and the second half relative position information read out from the relative position information storage unit 114 corresponding to the user ID. When the cards 4 are overlapped, the position coordinates of the common hole 6 located in the transparent region 53 are extracted. The extraction method is the same as that in the first embodiment.

  The common hole position extraction unit 116 counts the number of common holes 6 located in the transparent region 53. If the number of common holes 6 is not within the predetermined range, the common hole position extraction unit 116 displays the regeneration instruction as a relative position. It outputs to the information generation part 14, and acquires the new relative position information of the first half.

  On the other hand, when the number of the common holes 6 is within the predetermined range, the common hole position extraction unit 16 extracts the position coordinates of the common hole 6 from the adjusted position coordinates, and uses the extracted adjusted position coordinates of the common hole 6. In addition to outputting to the specific data string extraction unit 17, the relative position information of the first half is output to the transmission processing unit 18.

  Here, only the first half relative position information is output to the transmission processing unit 18 because the second half relative position information is stored by the user, so that the second half relative position information needs to be displayed on the terminal device 2. Because there is no.

<About the flow of authentication processing>
Next, the flow of authentication processing in the present embodiment will be described with reference to the flowchart of FIG.

  First, the access request acquisition unit 12 acquires an access request to which a user ID and display information are added from the terminal device 2 (S21). Next, the access request acquisition unit 12 determines the enlargement rate as in S2 (S22).

  Next, the common hole position extraction unit 116 reads the latter half of the relative position information corresponding to the user ID from the relative position information storage unit 114 (S23).

  Subsequently, the relative position information generation unit 14 randomly generates the first half relative position information (S24).

  Thereafter, the common hole position extracting unit 116 stores the inside of the transparent area 53 when the perforated cards 4 are superposed according to the relative position information of the latter half read in S23 and the relative position information of the former half generated in S24. The number of the common holes 6 located at is counted. Then, the common hole position extraction unit 116 determines whether or not the count number is within a predetermined range (S25).

  When the number of the common holes 6 located in the transparent region 53 is not within the predetermined range (No in S25), the process returns to S24.

  On the other hand, if the number of the common holes 6 located in the transparent region 53 is within the predetermined range (Yes in S25), the same processing as S5 to S7 of the first embodiment is performed (S26 to S28).

  The transmission processing unit 18 transmits the image having the same shape as the card holder 5 including the random table and the relative position information of the first half to the terminal device 2 (S29).

  Thereby, the display unit 23 of the terminal device 2 displays an image having the same shape as the card holder 5 including the random table and the relative position information of the first half. As a result, the user superimposes the perforated cards 4 of the identification symbols E to H according to the stored relative position information of the latter half, and also perforates the cards of the identification symbols A to D according to the displayed relative position information of the first half. 4 can be superimposed.

  The user superimposes the transparent area of the card holder 5 on the random table by aligning the card holder 5 with the image of the same shape as the card holder 5 including the displayed random table in the state of being superimposed in this way. be able to. Then, the user inputs the answer data string based on the alphabet that can be seen from the common hole 6. Thereby, the control unit 22 of the terminal device 2 transmits the answer data string information input to the input unit 24 to the server device 101.

  In response, the answer data string acquisition unit 19 of the server apparatus 101 acquires the answer data string information (S30), and the authentication determination unit 20 performs authentication (S31).

  As described above, according to the present embodiment, as in the first embodiment, the relative position information generation unit 14 randomly generates the first half of the relative position information, so that the position of the common hole 6 changes for each authentication. It becomes. As a result, even if the response data string information of a plurality of times, the random table, and the relative position information of the first half can be intercepted, the position pattern of the common hole 6 that is the basis of the answer data string is different each time, It is very difficult to estimate the position of the hole 41 of the perforated card 4.

  Further, the relative position information in the latter half is stored by the user and is not transmitted from the server apparatus 101. Therefore, even if all the perforated cards 4 are stolen together with the card holder 5, the thief does not know the superposition pattern of the second half perforated card 4 and the total number of the superposition patterns of the second half perforated card 4. Since there are 10,000 ways, there is no illegal use by a thief.

  In this embodiment, eight perforated cards 4 are used, but the number is not limited. For example, even if the user stores the relative position information of the three perforated cards 4 using the six perforated cards 4 and the server apparatus 101 generates the relative position information of the remaining perforated cards 4. Good. That is, even if the user can memorize the card without forgetting and the all-holed card 4 is stolen, the probability of matching with the correct one is low when the relative position is randomly determined (for example, 1/1000). The following information is preferably stored by the user.

[Modification]
In the first and second embodiments, the perforated card 4 in which the hole 41 is formed is used, but a colorless transparent portion may be formed instead of the hole 41. Thereby, the alphabet in a random table can be confirmed through this transparent part.

  In the first and second embodiments, the specific data string extraction unit 17 extracts a specific data string in which alphabets visible from the common hole 6 are arranged in a predetermined order. However, the present invention is not limited to this, and the specific data string extraction unit 17 may arrange alphabets visible from the common holes 6 in a predetermined order and extract a specific data string including the first to fourth alphabets.

  As described above, the number of common holes 6 present in the transparent region 53 is within a predetermined range. When the predetermined range is, for example, four or more, the number of common holes 6 existing in the transparent region 53 may be very large (for example, ten). In this case, if all alphabets are entered, the convenience for the user is lowered and an input error may occur.

  In addition, when the answer data string is intercepted, the number of common holes 6 can be grasped. The number of common holes 6 can be information for estimating the number and position of the holes 41 of each holed card 4. Therefore, by extracting a specific data string composed of the first to fourth alphabets, the number of the common holes 6 is not accurately grasped, and the number and position of the holes 41 of each perforated card 4 are estimated. The probability can be further reduced.

  In the first and second embodiments, a random table in which alphabets are arranged is used. However, unit images arranged in a random table may include numbers, symbols, characters other than alphabets, images, pictures, It may be a color and a combination thereof. The number of unit images is not limited to 26 as in the first and second embodiments, and may be set to a preferable number according to the number of unit images in the random table and the number of holes 41 in the holed card 4. .

  Further, the unit images arranged in the random table may be images that change according to time and whose time change amount can be identified. For example, a unit image in which colors and numbers blink, and the blinking interval or blinking timing can be identified, or a unit image in which the color changes according to time (for example, red to blue).

  Furthermore, when using a random table in which numbers are randomly arranged, the user performs a predetermined operation (for example, all the numbers that can be seen from the common hole 6) on the numbers in the random table that can be seen from the common hole 6 as an answer data string. The result of summing and extracting only the last one digit) may be input. In this case, the specific data string extraction unit 17 of the server apparatuses 1 and 101 may perform the predetermined calculation from the random data numbers corresponding to the positions of the common holes 6 and determine the result as the specific data string.

  Thereby, even if the answer data string is leaked, it is difficult to estimate the position of the hole 41 of the holed card 4 possessed by the user.

  Further, the random table and the perforated card 4 are not limited to a rectangular shape. For example, it may be circular.

  FIG. 12 is a diagram showing an example of a circular holed card (card) 104. As shown in the drawing, a plurality of circular perforated cards 104 are rotatably supported by a card holder 105 at the center point.

  Each holed card 104 is formed with a plurality of holes 141 along the rotation direction. Furthermore, each perforated card 104 is formed with an identification code (A, B, C, D) and an alignment projection 142.

  Further, the card holder 105 is provided with alignment marks 154 at equal intervals at positions close to the alignment protrusion 142 of the holed card 104. By aligning the alignment protrusion 142 of the perforated card 104 with the number on the alignment scale 154, the perforated card 104 can be superimposed at a predetermined phase pair position. In this case, the number on the alignment scale 154 indicates the rotation angle of each perforated card 104. For example, in FIG. 12, the number “6” on the alignment scale 154 indicates a rotation angle of 90 degrees with reference to the number “0”.

  As in the first and second embodiments, when the perforated card 4 has a rectangular shape and the relative position is indicated by the amount of movement in the horizontal direction, the area where all the perforated cards 4 overlap is the perforated card 4. It changes according to the pattern of relative position. Since the region used for authentication is a region where a plurality of perforated cards 4 overlap, it is necessary to determine the relative position within a range in which this region maintains a certain area. Therefore, the number of patterns at the relative position cannot be increased without increasing the size of the holed card 4.

However, when the relative position is indicated by the rotation angle and the perforated card 104 is circular, the area where all the perforated cards 104 overlap is constant at any relative position. Therefore, the number of patterns at the relative position of the perforated card 104 can be increased. For example, in the example shown in FIG. 12, the number of patterns at the relative position is 24 ⁴ = 3317176, which is much larger than the 10,000 patterns in the first and second embodiments.

  Furthermore, another modified example of the holed card and the card holder will be described with reference to FIGS. FIG. 13 is a plan view showing a holed card (card) 204 according to this modification, and FIG. 14 is a plan view showing a card holder (card holding member) 205 according to this modification. FIG. 5B is a diagram showing a state when the holed card 204 is stored in the card holder 205.

  As shown in FIG. 13, the four perforated cards 204 are provided with identification marks A to D, respectively, and are provided with positioning marks (positioning means) 242 and cut portions 243. Each holed card 204 is formed with a hole at a position unique to the user as with the holed cards 4 and 104, but is omitted in FIG. The perforated card 204 is formed of a member that has been processed to become opaque except for the hole on the left side of the line 246, and a transparent part on the right side. Other holes are provided on the positioning mark 242. Even if the card 204 is covered, the positioning mark 242 can be confirmed.

  Further, the right end portions of the holed cards 204 other than the holed card 204 of the identification symbol A are cut out in different shapes. This cut-out shape is such that when the identification symbols A, B, C, and D are overlapped in order, a part of the right end portion of each perforated card 204 does not depend on the shift position of the perforated card 204 above it. It is set to be exposed.

  As shown in FIG. 14, the card holder 205 includes two plate-like members 251 and 252 and a card support member 255. Further, the plate-like member 251 on the back side is transparent, and has ten positioning scales (positioning means) 254 and their numbers. The front plate member 252 is transparent only in a rectangular region similar to the transparent region 53 in FIG. 4 and is opaque in other portions.

  The plate-like member 252 on the front side is narrower at the right end than the plate-like member 251 on the back side. The plate member 251 on the back side has a slightly larger size than the holed card 204.

  Further, the plate-like members 251 and 252 are connected to each other by a method such as melting on all sides except the right side in a state where the left sides are matched. That is, the card holder 205 has a bag shape with an opening on the right side.

  The card support member 255 is inserted through the notch 243 of the holed card 204 inserted between the plate-like members 251 and 252.

  FIG. 15A shows a state in which the four perforated cards 204 are stored up to the left end of the card holder 205. FIG. 15B shows a state in which each holed card 204 is shifted at a predetermined relative position.

  As shown in FIGS. 15 (a) and 15 (b), since the vertical width of the perforated card 204 is substantially the same as the vertical width of the card holder 205, the perforated card 204 cannot move up and down within the card holder 205. ing.

  Further, the card support member 255 of the card holder 205 is penetrated through the cut portions 243 of the perforated cards 204. Thus, the perforated card 204 can be moved in the horizontal direction between the plate-like members 251 and 252 by the width of the cut portion 243.

  Here, the horizontal width of the cut portion 243 is determined so that the positioning mark 242 of the perforated card 204 corresponds to the positioning scale of the card holder 205 when each perforated card 204 is moved laterally between the plate-like members 251 and 252. It is set to match any one of H.254. That is, when the perforated card 204 is retracted to the left end of the card holder 205 and stored, the positioning mark 242 matches the number “0” of the first positioning scale 254 from the left, and the perforated card 204 is inserted into the card support member 255. Is set so that the positioning mark 242 matches the numeral “9” of the tenth positioning scale 254 from the left.

  The perforated card 204 is stored in the card holder 205 in a state in which the identification symbols A, B, C, and D are stacked in this order. Thus, each perforated card 204 has an exposed portion (corresponding to a portion where identification symbols A to D are shown in the figure) that is not hidden by the upper perforated card 204 at its right end. Yes.

  The user uses the exposed portion as a knob, moves each perforated card 204, and positions the positioning mark 242 on the positioning scale 254 designated by the server device 1 (or the positioning scale stored by the user). 254 numbers). Further, as shown in FIGS. 15A and 15B, this exposed portion is shifted in the vertical direction in each holed card 204. Therefore, even if the perforated card 204 is moved in the horizontal direction, a part of the exposed portion of each perforated card 204 is always exposed without being hidden. Thereby, compared with the holed card | curd 4 shown in FIG. 3, operativity improves.

  Here, the horizontal width of each holed card 204 is set to be slightly smaller than the plate-like member 251 on the back side of the card holder 205. Therefore, the perforated card 204 protrudes from the card holder 205 when the positioning mark 242 is located at a position other than the position (initial position) aligned with the numeral “0” of the positioning scale 254 (FIG. 15B). reference). In other words, the overall shape of the card holder 205 and the perforated card 204 is minimized only when it is in the initial position of each perforated card 204.

  Therefore, when the user returns the card holder 205 to the wallet or the like after the end of authentication, the user holds all the perforated cards 204 to the left end of the card holder 205 and stores them. That is, all the perforated cards 204 are returned to a position (initial position) where the positioning mark 242 matches the numeral “0” of the positioning scale 254. As a result, after the authentication is completed, the card holder 205 is returned to the wallet or the like, and at the same time, the numerical information on the positioning scale 254 can be deleted. Therefore, even if all the perforated cards 204 are stolen together with the card holder 205, the relative position used last time does not leak.

  Further, the card support member 255 is bonded to the front plate member 252 and the rear plate member 251. For this reason, it is impossible to take out the perforated card 204 without damaging the perforated card 204 or the card holder 205, and it becomes difficult to copy the perforated card 204. Therefore, security is improved.

  In order to stabilize each perforated card 204 at a desired relative position, it is preferable that the perforated card 204 and the card holder 205 have the following configurations.

  That is, as shown in FIG. 16, each perforated card 204 includes four cutout portions 245. Each perforated card 204 includes ten V-shaped concave portions (positioning means) 244 arranged continuously on the bottom surface of each different cutout portion 245.

  Further, as shown in FIG. 17A, the card holder 205 includes four springs (positioning means) 256 (indicated by arrows in the figure). The spring 256 is provided between the two plate-like members 251 and 252. The two springs 256 each having one end fixed to the upper side apply a downward force to the perforated cards 204 of the identification symbols A and B without bending in the left-right direction. On the other hand, the two springs 256 having one end fixed to the lower side apply an upward force to the perforated card 204 having the identification symbols C and D without bending in the left-right direction. The tip of each spring 256 has a shape that fits into the V-shaped recess 244 of the corresponding perforated card 204. The material of the spring 256 may be metal or plastic.

  Here, the distance between the adjacent V-shaped recesses 244 is set to coincide with the distance between the adjacent positioning scales 254. Furthermore, when the spring 256 fits into the V-shaped concave portion 244 at the right end of the cutout portion 245, the positioning mark 242 matches the number “0” of the positioning scale 254 at the left end, and the spring 256 is V-shaped at the left end of the cutout portion 245. The positioning mark 242 is set so as to match the numeral “9” of the positioning scale 254 at the right end when it is fitted into the concave portion 244.

  17B, the positioning mark 242 of the perforated card 204 with the identification symbol D is aligned with the number “5” of the positioning scale 254, and the positioning marks 242 of the other perforated cards 204 are aligned with the positioning scale 254. A state when the number is set to “0” is shown.

  With the configuration shown in FIGS. 16 and 17, the perforated card 204 is stabilized at the position where the positioning mark 242 matches any number on the positioning scale 254 by the elastic force of the spring 256. As a result, the user can easily perform the positioning operation of each holed card 204.

  As shown in FIG. 17, when the perforated card 204 includes the cutout portion 245 and the card holder 205 includes the spring 256, the perforated card 204 has the positioning mark 242 of the positioning scale 254. It can be moved only within a range that matches the numbers “0” to “9”. Therefore, in this case, the perforated card 204 does not need to include the cut portion 243 shown in FIG.

  In the first and second embodiments, the perforated cards 4 and 104 having the holes 41 and 141 are used, but a colorless transparent portion may be formed instead of the holes. Thereby, it is possible to check characters, numbers, and the like of the random table image through the transparent portion.

  In the first and second embodiments, the terminal device 2 and the server devices 1 and 101 are connected via the communication network N. However, the terminal device 2 and the server devices 1 and 101 are connected to the communication network N. It may be connected without going through. For example, the terminal device 2 and the server devices 1 and 101 may be housed in the same casing, and the terminal device 2 may be configured as a device having a display function and an input function.

  In the first and second embodiments, authentication is performed using one terminal device 2. However, you may authenticate using the two terminal devices 2 (1st and 2nd terminal device 2). For example, an access request is sent from the first terminal device 2 to the server devices 1 and 101. The server apparatuses 1 and 101 store the second terminal apparatus 2 that is the transmission destination of the image including the random table associated with the user ID, and the second terminal apparatus 2 displays the image including the random table. Send to. The user puts the card holder 5 on the image including the random table displayed on the second terminal device 2, and inputs an answer data string indicating the alphabet visible from the common hole 6 to the first terminal device 2. Then, the server devices 1 and 10 perform authentication based on the answer data string acquired from the first terminal device 2. In this case, the first terminal device 2 functions as an input device, and the second terminal device 2 functions as a display device.

  As a result, when performing authentication, two communication lines for an image including a random table and for transmitting a response data string are used. As a result, the risk of intercepting both the random table and the answer data string at the same time is reduced, and security can be improved.

  In the first and second embodiments, the perforated card 4 is stored in the card holder 5. In this case, it is preferable that the perforated card 4 cannot be easily removed from the card holder 5. . For example, there is a case where the perforated card 4 is stored inside the card holder 5 and the card holder 5 is sealed by an adhesive method such as melting. Thus, in order for an unauthorized person to make a copy of the holed card 4, it is necessary to destroy the card holder 5 and take out the holed card 4. Therefore, the user can know that the copy has been made illegally.

  If the perforated card 4 is freely inserted into and removed from the card holder 5, the number of perforated cards 4 that is sufficiently larger than the number of perforated cards 4 stored in the card holder 5 is stored in advance by the user. You may distribute to. And a server apparatus may designate the identification symbol of the perforated card | curd 4 to be used, and those relative positions for every authentication. For example, 100 perforated cards 4 are distributed in advance to the user. Each time authentication is performed, the server device designates identification symbols and relative positions of the four perforated cards 4 stored in the card holder 5. Thereby, the total of the position pattern of the common hole 6 can be increased, and the security with respect to communication interception can be improved.

  In the second embodiment, the relative position information storage unit 114 stores the relative position information of some of the perforated cards 4. However, the present invention is not limited to this, and the relative position information storage unit 114 stores all of the perforated cards 4. Relative position information may be stored. In this case, the user similarly stores the relative position information of all the perforated cards 4.

  That is, the server device in this case superimposes the hole pattern storage unit 15 that stores the position coordinates indicating the position of the hole 41 of the holed card 4 and all the holed cards 4 distributed to the user who performs authentication. And a relative position information storage unit that stores the relative position information in association with the user ID. Then, the common hole position extraction unit 116 reads out the position coordinates of each holed card 4 corresponding to the user ID from the hole pattern storage unit 15 and calculates the relative position information of all the holed cards 4 corresponding to the user ID. You may read out from a relative position information storage part, and may extract the position of the common hole 6 from the read position coordinate and relative position information.

  Alternatively, the server device associates the position information of the common hole 6 with the user ID when all the perforated cards 4 distributed to the authenticating user are overlapped with the relative position information stored by the user. A common hole position storage unit may be provided, and the common hole position extraction unit 116 may read position information of the common hole 6 corresponding to the user ID from the common hole position storage unit.

  As a result, even if all the perforated cards 4 are stolen together with the card holder 5, the thief does not know the overlapping pattern of all the perforated cards 4 and therefore cannot be used illegally. That is, security against theft of the card holder 5 and the holed card 4 can be improved.

  In this case, it is preferable that the user periodically changes the relative position information (shifted position information). For example, the administrator of the server device distributes a document in which relative position information for each predetermined period (or every predetermined number of authentications) is written in advance to the user, and stores the relative position information of all the perforated cards 4. What is necessary is just to update the common hole position memory | storage part which memorize | stores the relative position information storage part to perform or the position information of the common hole 6 for every predetermined period (every predetermined number of times of authentication). Thereby, the position of the common hole 6 used for authentication can be changed cheaply and easily without distributing a new card.

  In addition, the terminal device 2 in the first and second embodiments may include a printer unit (display unit) that outputs an image to a medium such as paper instead of the display unit 22 configured by a display or the like. In this case, the server apparatuses 1 and 101 generate random images associated with the user IDs, and store specific data sequences corresponding to the respective images. The printer unit of the terminal device 2 prints an image including a random image on paper. The user superimposes the card holders 5, 105, and 205 on the respective images of the paper, specifies the type of unit image that satisfies a predetermined condition, and inputs the information to the input unit 24 of the terminal device 2.

  Unlike displays, paper is easy to carry and install. For example, when a user performs authentication at a table seat in a restaurant, a restaurant clerk inputs the user ID into the input unit 24, prints a random image on paper using the printer unit, and the paper To the user's table, the user notifies the corresponding answer data string to the store clerk, and the information is input to the input unit 24 and transmitted to the server apparatus 1/101 for authentication. it can. This eliminates the need to bring devices that are difficult to carry, such as displays and keyboards, to the table. In this case, a unit image that changes with time cannot be used, but it is not necessary to adjust the enlargement ratio of the random image.

  The present invention is not limited to the above-described embodiments, and various modifications are possible within the scope shown in the claims, and embodiments obtained by appropriately combining technical means disclosed in different embodiments. Is also included in the technical scope of the present invention.

  Finally, each block of the server apparatuses 1 and 101 may be configured by hardware logic, or may be realized by software using a CPU as follows.

  That is, the server apparatuses 1 and 101 include a CPU (central processing unit) that executes instructions of a control program that implements each function, a ROM (read only memory) that stores the program, and a RAM (random access memory) that expands the program. ), A storage device (recording medium) such as a memory for storing the program and various data. An object of the present invention is a recording medium in which program codes (execution format program, intermediate code program, source program) of a control program of the server apparatuses 1 and 101 which are software for realizing the functions described above are recorded so as to be readable by a computer. Can also be achieved by reading the program code recorded on the recording medium and executing it by the computer (or CPU or MPU).

  Examples of the recording medium include a tape system such as a magnetic tape and a cassette tape, a magnetic disk such as a floppy (registered trademark) disk / hard disk, and an optical disk such as a CD-ROM / MO / MD / DVD / CD-R. Card system such as IC card, IC card (including memory card) / optical card, or semiconductor memory system such as mask ROM / EPROM / EEPROM / flash ROM.

  Further, the server apparatuses 1 and 101 may be configured to be connectable to a communication network, and the program code may be supplied via the communication network. The communication network is not particularly limited. For example, the Internet, intranet, extranet, LAN, ISDN, VAN, CATV communication network, virtual private network, telephone line network, mobile communication network, satellite communication. A net or the like is available. Further, the transmission medium constituting the communication network is not particularly limited. For example, even in the case of wired such as IEEE 1394, USB, power line carrier, cable TV line, telephone line, ADSL line, etc., infrared rays such as IrDA and remote control, Bluetooth ( (Registered trademark), 802.11 wireless, HDR, mobile phone network, satellite line, terrestrial digital network, and the like can also be used. The present invention can also be realized in the form of a computer data signal embedded in a carrier wave in which the program code is embodied by electronic transmission.

  The present invention can provide high security at a very low cost. Therefore, it can be applied to computer and network security access control systems, particularly authentication systems in client-server network architecture, hardware peer-to-peer architecture, and other architectures.

It is a block diagram which shows the structure of the server apparatus which concerns on Embodiment 1 of this invention. It is a block diagram which shows the whole structure of the authentication system of this invention. It is a top view which shows the state which accommodated the perforated card | curd concerning Embodiment 1 in the card holder. It is a top view which shows the card holder which concerns on Embodiment 1. FIG. FIG. 2 is a plan view showing a holed card according to the first embodiment. It is a block diagram which shows the structure of the terminal device which concerns on Embodiment 1. FIG. 3 is a flowchart showing a flow of processing of the authentication system in the first embodiment. It is a figure which shows the example of a display screen of the random table displayed on the display part of the terminal device. It is a figure which shows a display screen when a card holder is piled up on a random table, and a card holder. It is a block diagram which shows the structure of the server apparatus which concerns on Embodiment 2 of this invention. 10 is a flowchart illustrating a processing flow of the authentication system according to the second embodiment. It is a top view which shows the modification of a perforated card | curd and a card holder. It is a top view which shows the further modification of a perforated card | curd. It is a top view which shows the further modification of a card holder. FIG. 15 is a diagram showing a state when the perforated card shown in FIG. 13 is stored in the card holder shown in FIG. 14, where (a) shows the state when all the perforated cards are in the initial position, and (b) It is a figure which shows a state when a perforated card | curd exists in positions other than an initial position. It is a figure which shows the further modification of the holed card | curd shown in FIG. It is a figure which shows a mode when the perforated card | curd shown in FIG. 16 is accommodated in the card holder, (a) shows a state when all the perforated cards are in an initial position, (b) is one hole. It is a figure which shows a state when an open card exists in positions other than an initial position.

Explanation of symbols

1.101 Server device (authentication device)
2 Terminal device (display device, input device)
4.104.204 Perforated card (card)
5.105.205 Card holder (card holding member)
14 Relative position information generation unit (relative position generation means)
15 Hole pattern storage (position information storage)
16.116 Common hole position extraction unit (Common position acquisition means)
17 Specific data string extraction unit (specific data determination means)
18 Transmission processor (random image display means, relative position information display means)
19 Response data string acquisition unit (input data acquisition means)
20 Authentication determination unit (authentication means)
21 Communication unit (input data transmission means)
22 Control unit (input data transmission means, display means)
23 Display section (display means)
24 Input part 41/141 Hole 42/142/242 Positioning projection (positioning means)
54 ・ 154 ・ 254 Positioning scale (Positioning means)
114 Relative position information storage unit 244 V-shaped recess (positioning means)
256 Spring (positioning means)

Claims (17)

An authentication device comprising the following (a) to (e) for authenticating a user via a display device and an input device.
(A) When a plurality of cards having a predetermined shape in which holes or transparent portions are formed at a plurality of positions unique to the user are overlapped at a predetermined relative position, a plurality of holes or transparent matches in all the cards Common position acquisition means for acquiring common position information indicating the position of the part (b) Random image display for displaying on the display device a random image, which is an image of a predetermined shape and in which different types of unit images are randomly arranged Means (c) specific data determination means for determining specific data based on a unit image corresponding to the position indicated by the common position information acquired by the common position acquisition means in the random image; (d) the plurality of cards; When overlaid on the random image displayed by the display device in the state of being overlaid at the relative position, it corresponds to the position of a plurality of holes or transparent portions that match in all the cards. The input data entered by the user based on the unit image, authenticating means for performing authentication based on the collation result between the input data acquisition means (e) the input data and the specific data to be acquired from the input device (F) Position information storage unit for storing position information indicating the position of the hole or transparent part of the card (g) Relative position generation means for generating the relative position of each card (i) Generated by the relative position generation means And further comprising a relative position information display means for displaying information indicating the relative position on the display device,
The authentication according to claim 1, wherein the common position acquisition unit obtains the common position information based on the position information read from the position information storage unit and the relative position generated by the relative position generation unit. apparatus. (J) a position information storage unit that stores the position of the hole or transparent portion of the card; and (k) a relative position information storage unit that stores the relative position of each card in association with user identification information;
The said common position acquisition means calculates | requires the said common position information based on the positional information read from the said positional information storage part, and the relative positional information read from the said relative positional information storage part. Authentication device. (L) Position information storage unit for storing the position of the hole or transparent part of the card (m) Relative position information storage unit (n) for storing the relative position of some cards in association with user identification information A relative position generating means for generating the relative position of the card (o) further comprising a relative position information display means for displaying on the display device information indicating the relative position generated by the relative position generating means;
The common position acquisition unit obtains the common position information based on the position information read from the position information storage unit, the relative position information read from the relative position information storage unit, and the relative position generated by the relative position generation unit. The authentication apparatus according to claim 1, wherein the authentication apparatus is obtained.   2. The unit image is at least one of images that change according to a character, a picture, a symbol, a number, a color, and a time, and that the amount of time change can be identified. The authentication device described in 1. The authentication apparatus according to claim 1, wherein the relative position is indicated by a parallel movement amount along a predetermined axis.   The authentication apparatus according to claim 1, wherein the relative position is indicated by a rotation angle about a point in the card. A display device including the following (a), an input device including the following (b) and (c), which makes an authentication request to the authentication device according to any one of claims 1 to 7; And a display input system including a plurality of cards having holes or transparent portions formed at a plurality of positions unique to the user.
(A) Display means for acquiring a random image obtained by randomly arranging different types of unit images from the authentication apparatus and displaying the acquired random image in a predetermined shape. (B) Displaying the plurality of cards at a predetermined relative position. When overlaid on the random image displayed by the display means in the superimposed state, input data based on the unit image corresponding to the position of the matching hole or transparent part in all cards is input by the user. (C) Input data transmitting means for transmitting input data input to the input unit to the authentication device The display input system of Claim 8 WHEREIN: The authentication instrument provided with the following (a) to (c) used for a user's authentication.
(A) A plurality of cards in which holes or transparent portions are formed at a plurality of positions unique to the user. (B) The plurality of cards are held in a stacked state so that the relative position of each card can be changed. Card holding member (c) positioning means for determining the relative position of each card   The authentication device according to claim 9, wherein each card protrudes from the card holding member except when the card is in a predetermined initial position of the card holding member. The card is rectangular,
The authentication device according to claim 9 or 10, wherein the relative position is indicated by a translation amount along a predetermined axis. The card is substantially circular,
The authentication device according to claim 9 or 10, wherein the relative position is indicated by a rotation angle with respect to a substantially center point in the card.   An authentication system comprising: the authentication device according to any one of claims 1 to 7; and the display input system according to claim 8. An authentication method in an authentication device for authenticating a user via a display device and an input device, comprising the following (a) to (e):
(A) When a plurality of cards having a predetermined shape in which holes or transparent portions are formed at a plurality of positions unique to the user are overlapped at a predetermined relative position, a plurality of holes or transparent matches in all the cards (B) a random image display step for displaying a random image of a predetermined shape in which a plurality of different types of unit images are randomly arranged on the display device; A specific data determination step for determining specific data based on a unit image corresponding to a position indicated by the common position information in a random image; and (d) the display in a state where the plurality of cards are overlapped at the relative position. When overlaid on a random image displayed by the device, the user uses a unit image corresponding to the position of multiple holes or transparent parts that match on all cards. Authentication step of authenticating the received input data, based on the comparison result of the input data obtaining step (e) and the input data and the specific data to be acquired from the input device   An authentication program for operating the authentication device according to claim 1, wherein the authentication program causes a computer to function as each of the above means.   9. An authentication program for operating the display input system according to claim 8, wherein the computer functions as each of the above means.   The computer-readable recording medium which recorded the authentication program of Claim 15 or 16.

Images