JP4862551B2 - Authentication control program and authentication device - Google Patents

Description

  The present invention relates to an authentication control program and an authentication apparatus that perform authentication control of a user account in a locked state, and in particular, can easily and safely cancel a locked user account and perform authentication using the user account again. The present invention relates to an authentication control program and an authentication apparatus.

  Generally, in a system that handles personal information, transaction information, and the like, an account of a user who is permitted to use is registered in advance, and at the time of use, a user ID and password authentication process for the account is performed. That is, only the authorized user or the person of the information can be accessed, and the information is protected from threats such as impersonation and cracking. In response to such threats, it is often considered that either simple authentication using a user ID or password can be broken by a brute force attack typified by a dictionary attack.

  For this reason, there is usually a lock function (also called “lockout function”) that temporarily disables an account if authentication fails after a certain number of attempts. It prevents unauthorized use from the three parties.

  However, in today's information society, it is not uncommon for individuals to use multiple passwords, and even if they are themselves, authentication may fail after a certain number of attempts. Even users can often fall into a lockout state. In particular, especially when handling highly confidential information, the number of times that authentication can be attempted is set extremely low, and if authentication fails even once, it may be locked immediately. .

  This is an excellent function from the viewpoint of increasing security, but when viewed from a legitimate user, it is not authenticated due to a simple typo or the like, which greatly impairs convenience. In other words, it is desirable that when a legitimate user is locked, it can be easily released.

  Patent Document 1 discloses a technique that enables a locked state to be released without intervention of a third party by satisfying a certain condition when falling into a locked state. is there.

  In the prior art disclosed in this Patent Document 1, when the lock condition of the number of trials to lock out and the release condition are set in advance for the elapsed time from the lockout to the release, Releases the lock after the time has elapsed, and enables user authentication again.

  Further, according to the prior art disclosed in Patent Document 2, a user ID in a locked-out state can be unlocked using another terminal, and user authentication is performed again.

By using this Patent Document 2, the lockout state can be immediately released by itself without intervention of a third party.
JP 2002-220608 A JP 2003-167849 A

  However, in the prior art disclosed in Patent Document 1, since it is necessary to specify in advance a lock condition for lockout and an elapsed time until lockout, it waits for user authentication again. Time will be generated. This means that if the elapsed time is extremely shortened, the meaning of the security technology that the lockout will make will fade, and conversely, if the elapsed time is lengthened, the convenience will be sacrificed. There is.

  In the prior art disclosed in Patent Document 2, the user himself / herself uses a different terminal so that the lockout state can be immediately released. However, the terminal is always used together with a device for performing user authentication. There is a problem in that it is necessary to newly install information for canceling the user ID in the lockout state after confirming the authentication state of the user ID due to the system configuration.

  SUMMARY An advantage of some aspects of the invention is that it provides an authentication control program and an authentication apparatus that can easily perform authentication with high security using information paired with authentication information.

In order to achieve the above object, the invention of the authentication control program according to claim 1 manages the authentication information and the status of whether the authentication information is valid or invalid, and the number of authentication trials reaches a specified number. the release authentication information to disable release to validate the status of the authentication information, and authentication information are managed together in association with one of the state is valid or invalid in the authentication information has become invalid by A first step, a second step of determining whether the information input during user authentication is authentication information or release authentication information, and the information input in the second step is authentication information. is determined to be the state of the in the case where the state of the first of the authentication information managed in the step has become invalid, releasing authentication information managed by the first step to correspond to the authentication information to validate the 3 and steps of the second information the input in step is determined to be released for authentication information, if the state of the first said canceling authentication information managed in step is invalid, the A fourth step of performing error notification including notification that the status of the authentication information managed in the first step is not invalid corresponding to the authentication information for cancellation, and the input in the second step If it is determined that the released information is the release authentication information and the state of the release authentication information managed in the first step is valid, the fifth step of performing the authentication process of the release authentication information If, when the unlocking authentication information by the authentication processing by said fifth step has been authenticated, the determining authentication information corresponding to the cancellation authentication information from the managed association by the first step A step of, executing a seventh step of performing re-authentication process by the sixth authentication information is determined to correspond to the release authentication information by the steps of the computer.

Further, in the invention of claim 2, in the invention of claim 1, when the authentication information is authenticated by the re-authentication process in the seventh step , the state of the release authentication information with respect to the authentication information is changed . And an eighth step of invalidation .

The invention of claim 3 initializes the number of authentication trials of the authentication information in the invention of claim 1 or 2 when the authentication information is authenticated by the re-authentication process in the seventh step. Including doing .

Further, the invention of claim 4, in any one invention of claims 1 to 3, wherein the first step is, upon registration of the authentication information, the release authentication by performing a keyed hash calculation process Information is generated, and the authentication information for cancellation is associated with the authentication information and managed .

Further, in the invention of claim 5, in the invention of claim 1, the first step is associating the authentication information for release for releasing the authentication information for release invalidated with the authentication information for release released. And when the state of the authentication information for cancellation becomes invalid because the number of authentication attempts in the fifth step reaches the specified number, the corresponding authentication information for cancellation becomes invalid. a ninth step of validating the state of releasing the authentication information managed by the first step, a tenth step of performing an authentication process of the active and the cancellation authentication information by the ninth step, the second when said releasing authentication information is authenticated by the re-authentication process by the 10 steps, the association or the cancellation authentication information corresponding to the release authentication information that is on the disabled managed by the first step Further comprising an eleventh step of determining, and a twelfth step of performing a re-authentication process by the eleventh step the for release is determined to correspond to the cancellation authentication information becomes invalid credentials by the.

The invention of the authentication system according to claim 6, became the authentication information manages the one of the states or invalid authentication information is valid, and disabled by authentication attempts reaches a specified number the Authentication information for canceling the invalidation so that the status of the authentication information is valid, management means for managing the status of whether the authentication information is valid or invalid in association with the authentication information, and user authentication Determination means for determining whether the information input at the time is authentication information or release authentication information, and the determination means determines that the input information is authentication information and is managed by the management means When the status of the authentication information becomes invalid, the status update means for validating the status of the authentication information for cancellation managed by the management means corresponding to the authentication information , and the information input by the determination means Authentication information for release When it is determined that there is an invalid authentication information state managed by the management unit, the authentication information state managed by the management unit corresponding to the cancellation authentication information is invalid. A notification means for performing error notification including a notification that there is no information, and the determination means determines that the input information is the release authentication information, and the state of the release authentication information managed by the management means is valid. If the authentication information for cancellation is authenticated by the authentication processing by the authentication means, and the authentication means corresponding to the authentication information for cancellation is the management means be provided determining means for determining from the managed association, a re-authentication means for performing re-authentication processing by the authentication information is determined to correspond to the releasing authentication information by said determining means by .

  According to the present invention, a cancellation account to be paired at the time of user account creation is generated, and the unlocking account can be unlocked by the cancellation account only when the user account is in a locked state. After that, since the user account can be authenticated for the unlocking account, the user himself / herself can easily and safely unlock the user account in the locked state, and the user who has ensured convenience and reliability. There is an effect that authentication can be performed.

  Hereinafter, an embodiment of an authentication control program and an authentication apparatus according to the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is an example of a network configuration diagram of an authentication control system configured by applying an authentication control program and an authentication apparatus according to the present invention.

  In FIG. 1, an authentication control system includes a plurality of client PCs (100-A, 100-B, 100-C) (hereinafter collectively referred to as “client PC 100”), a Web server 200, and an authentication server 300 including a LAN cable. Connected by a network line.

  The client PC 100 is equipped with a Web browser, and accesses a Web application on the Web server 200 by specifying a URL (Uniform Resource Locator). In the Web server 200 on which the Web application specified by the URL is arranged, an authentication request for authentication information such as a user ID, password, and security code is made to the authentication server 300. After user authentication, the Web page corresponding to the specified URL To the web browser.

  The authentication server 300 manages authentication information such as a password and a security code for the user ID, and performs user authentication by comparing whether the authentication information input from the Web browser is the same as the managed authentication information. At the time of user authentication at this time, if the user authentication cannot be performed due to incorrect authentication information being input, the authentication information can be re-input, and the user authentication is performed again with the newly input authentication information.

  In addition, when the number of authentication processing attempts is limited, and authentication cannot be performed even after a certain number of login attempts, the account indicated by the user ID is locked and the use of the account is temporarily stopped.

  Further, the authentication server 300 manages a cancellation account that cancels the locked account and enables user authentication using the account again. This unlocking account is generated at the same time by performing a keyed hash operation when creating a locked account (hereinafter referred to as “normal account” to distinguish it from the unlocking account), and is associated with the normal account. Are managed in pairs.

  The cancellation account is an account with a user ID different from that of the normal account, and the authentication process for the cancellation account is a process performed to release the locked state of the locked normal account, and enables the use of the Web application. This is different from the authentication process. In order to use the Web application, it is necessary to successfully authenticate the normal account released by the release account.

  Further, this unlocking account is valid only when the associated pair of normal accounts is locked, and is an account used when releasing the locked state. That is, the authentication server 300 manages the lock state of the normal account and also manages the state of the release account associated with the normal account. An example of the management state of the normal account and the cancellation account at this time is shown in FIG.

  FIG. 5 is an account management table for managing a normal account and a cancellation account. For each account consisting of [user ID] and [password], [type] for determining the type of account and whether the account can be authenticated [Status] indicating whether or not is set.

  In addition, when “normal” is indicated in this [type], it indicates that the account is a normal account, and by specifying a user ID in [account user ID for cancellation] A release account for releasing the lock state of the normal account is associated with each other.

  For example, for the account shown in FIG. 5 whose [User ID] is “2006001577” and [Password] is “0 @ 341hg”, “Normal” is set in [Type] and “Lock” is set in [Status] Therefore, it can be determined that the account is in a locked state. In addition, since “k0012” is set in [Release Account User ID], it is indicated that the account whose [User ID] is “k0012” is a release account for releasing the lock state of the normal account.

  Incidentally, this [cancellation account user ID] is a hash value generated by performing a hash operation on the user ID of the normal account, and in the above example, a hash value obtained by performing a hash operation on [2006001577] of [user ID]. Becomes “K0012” of [account user ID for release].

  If the hash value itself is not used as the user ID of the account for cancellation, a user ID field for the hash value is newly added to the account management table so that the accounts are indirectly associated with each other via the hash value. You may comprise.

  Similarly, for the account whose [user ID] in the account management table is “k0012” and [password] is “qwqef9873”, “type” is set to “released”, and [status] is set to “valid”. Since it is set, it can be determined that this account is a cancellation account that can release the lock state of the normal account.

  With the table configuration shown in FIG. 5, the locked state of a normal account with [user ID] “2006001577” and [password] “0 @ 341hg” is set to [user ID] “k0012” and [password] “ This indicates that the account can be canceled by a cancellation account “qwqef9873”.

  FIG. 2 shows an authentication module configuration of authentication processing performed by the authentication server 300 at this time, and the authentication processing by this authentication module will be described below.

  The authentication module shown in FIG. 2 includes a control unit 201, a screen generation unit 202, an authentication unit 203, an account type determination unit 204, a lock state determination unit 205, a corresponding account acquisition unit 206, and an authentication information holding unit 207. This module authenticates whether the user has the authority to use the web application on the web server 200 by specifying the URL from the web browser.

  In this authentication module, when a user authentication request is made by a Web application on the Web server in response to a request from a Web browser, the processing starts, and the control unit 201 that receives the authentication request sends an authentication screen to the screen generation unit 202. Request to generate (also called “login screen”). The control unit 201 analyzes the request contents from the Web application, and sends a request according to the analysis result to the screen generation unit 202, the authentication unit 203, the account type determination unit 204, the lock state determination unit 205, the corresponding account acquisition unit 206, This is performed to the authentication data holding unit 207.

  Then, the screen generation unit 202 that has received the authentication screen generation request from the control unit 201 generates an authentication screen to be displayed on the Web browser and displays it on the Web browser. This authentication process is directly performed by the Web browser of the client PC 100 and the authentication server 300, and the Web application can be used by returning the authentication result to the Web application of the Web server 200.

  When the user inputs authentication information such as a user ID, password, and security code on the authentication screen displayed on the Web browser, the control unit 201 of the authentication server 300 that has received the authentication information sends an authentication request for the authentication information to the authentication unit 203. Send to. At the same time, the account type determination unit 204 is requested to determine the type specified for the user ID account.

  The account type determination unit 204 determines the account type of the input user ID based on the determination request. As a result of the determination, if it is determined that the account is a normal account, the control unit 201 requests the lock state determination unit 205 to determine whether the normal account is locked based on the determination result. .

  As a result of the state determination by the lock state determination unit 205, when the normal account is not locked, the authentication unit 203 performs user authentication of the authentication information. If it is determined by the lock state determination unit 205 that the user ID is locked, it indicates that the normal account for the input user ID cannot be used, and the authentication process is terminated. That is, it indicates that the account has not been authenticated even after a certain number of login attempts. Therefore, the user who performs authentication performs an operation of releasing the lock state using the release account.

  On the other hand, as a result of determining the account type by the account type determination unit 204, if it is determined that the account is a cancellation account, the control unit 201 cancels the lock state determination unit 205 based on the determination result. Request to determine whether the account is enabled. If the cancellation account is disabled, processing is performed indicating that the authentication process cannot be performed because the normal account for the cancellation account is not locked or the cancellation account is suspended. finish.

  If the cancellation account is valid, the control unit 201 requests the authentication unit 203 to authenticate the cancellation account, and the authentication process of the cancellation account acquired by the authentication unit 203 that has received the request. I do. If the authentication cannot be performed, the authentication process ends. If the cancellation account can be authenticated, the control unit 201 then requests the corresponding account acquisition unit 206 to acquire a normal account for the cancellation account. The corresponding account acquisition unit 206 acquires a normal account for the cancellation account, and the authentication unit 203 performs the normal account authentication process again.

  The normal account at this time is in a locked state, and by authenticating this normal account, the locked state managed by the authentication information holding unit 207 is released from the control unit 201 and the authenticated release account is changed to invalid. As a result, the locked state of the normal account is released by the release account.

  Incidentally, the account type determination process by the account type determination unit 204 is determined based on the type of user ID held by the authentication information holding unit 207, and the user ID of the account is managed by the authentication information holding unit 207. Judge by type. In the latter case, management tables for managing account user IDs are managed separately according to type. Furthermore, the state determination of whether or not the account is locked by the lock state determination unit 205 is determined based on the state of the account managed by the authentication information holding unit 207.

  The authentication unit 203 performs the above-described normal account or cancellation account authentication processing. The authentication unit 203 performs authentication by comparing whether the password of the account indicated by the user ID is the same as the password managed by the authentication information holding unit 207. Authentication is performed when it is determined that the passwords are the same, and a notification to that effect is sent to the Web application via the control unit 201. Thereby, a web page by a web application can be displayed on the web browser.

  If the password for the account of the user ID cannot be authenticated because it does not match the password managed by the authentication information holding unit 207, the authentication information is obtained on the condition that the number of login attempts is not reached after confirming the number of login attempts. Re-display the authentication screen for re-input on the Web browser. When the number of login attempts exceeds a certain number of permitted times, a message to that effect is sent back to the control unit 201, and the process of changing the account managed by the authentication information holding unit 207 from the control unit 201 to the locked state is performed. .

  With such a module configuration, it is possible to perform a process of making the release account valid by locking the normal account and releasing the lock state of the normal account using the release account.

  3 and 4 are examples of flowcharts showing a detailed flow of authentication processing performed by the authentication control program of the present invention.

  3 and 4, when a processing request is made to a Web application by specifying a URL with a Web browser, an authentication request is made to the authentication server to confirm whether the user has authority to use the Web application. The server generates an authentication screen for authenticating the process requesting user (301). The generated authentication screen is displayed on the Web browser (302). When the user ID and password are input on the authentication screen by the user operation, the type of account for the input user ID is specified (303).

  It is determined whether the type indicated by the account is a “normal account” that is an account used when using the Web application (304). That is, it is determined whether or not the user to be authenticated is a “cancellation account” for canceling the invalid state of the account when the authentication has failed the prescribed number of times or more and the account of the user is invalid.

  Based on the determination result of this determination process, either the normal account authentication process or the cancellation account authentication process is performed.

  First, in the normal account authentication process performed when the account is a normal account (YES in 304), it is determined whether or not the normal account is locked (305). If the result of the determination shows that the account is locked (YES in 305), an error screen (1) indicating that the normal account for the input user ID is locked is displayed (313), or simply because the user cannot be authenticated and logged in Display that it is not possible.

  In the latter case, it is impossible to determine whether the account is locked and cannot be used, or whether the account is permanently prohibited from being used, and locked by a malicious third party (attacker). Security can be ensured if

  If the normal account is not locked (NO in 305), the input user ID and password are authenticated (306). If the normal account for the user ID can be authenticated by the authentication process (YES in 306), the number of login attempts, which is the number of times the authentication process has been performed, is initialized (314), and service provision by the Web application is started.

  If authentication is not possible due to an incorrect password being entered (NO in 306), the number of login attempts is incremented (plus 1). Then, it is determined whether or not the number of login attempts after the increment is equal to or greater than the predetermined number of permitted times (309). If the number of login attempts is less than the permitted number of times (NO in 309), the normal account authentication process is performed again. Therefore, an authentication screen is displayed (302), and the normal account authentication process is repeated.

  On the other hand, if the number of login attempts is equal to or greater than the permitted number (YES in 309), that is, if the normal account cannot be authenticated more than the permitted number of times, a cancellation account for the normal account is acquired (310). After acquiring the release account, the state of the normal account is changed to the locked state (311), and the state of the acquired release account is changed to “valid” (312). With this process, the account for cancellation can be authenticated.

  In this case, in order to cancel a normal account that has been locked due to being unable to authenticate more than the permitted number of times, a cancellation account authentication process is performed.

  Next, in the account authentication processing for cancellation performed when it is determined that the account of the user ID input by the account type determination processing (304) is not a normal account but a cancellation account (NO in 304), Then, it is determined whether the cancellation account for the user ID entered on the authentication screen is “valid” (315).

  If it is not valid (NO in 315), that is, if the user ID of the unlocking account for the normal account that is not locked is input, an error screen (indicating that the normal account is not locked) 2) is displayed (327). At this time, it may be displayed that the user cannot log in because authentication cannot be performed.

  If the cancellation account is valid (YES in 315), the user ID and password of the input cancellation account are authenticated (316). It is determined whether or not authentication is possible (317), and if authentication is not possible (NO in 317), an error screen (3) indicating that the account for unlocking cannot be authenticated is also displayed (328), and the process ends. At this time, it may be displayed that the user cannot log in because authentication cannot be performed.

  If the user ID and password of the cancellation account can be authenticated (YES in 317), an authentication screen is then generated to authenticate the normal account for the cancellation account that has been successfully authenticated (318).

  When the user enters the user ID and password on the generated authentication screen, the user ID of the normal account for the successfully released account is acquired (319), and is the acquired user ID the same as the input user ID? Check (320). It is determined whether the checked user IDs are the same (321), and if it is determined that they are the same (YES in 321), the user ID and password authentication process for the input normal account is performed (322). . Then, it is determined whether or not the authentication process can be performed (323), and if the authentication is not possible (NO in 323) or the checked user IDs are not the same (321), an error screen indicating that the normal account cannot be unlocked is displayed. (329). At this time, it may be displayed that the user cannot log in because authentication cannot be performed.

  On the other hand, if the user ID and password of the normal account can be authenticated (YES in 323), the normal account that has been authenticated is changed to the unlocked state that is unlocked (324). The status of the cancellation account is changed to “invalid” (325). Then, the number of login attempts is initialized (326).

  By such processing, it becomes possible to release the locked state of the normal account using the release account, and it is possible to authenticate with the normal account.

  Example 2 shown below shows an example of multiple locks using a plurality of release accounts. Like normal accounts, when a release account reaches a certain number of times, the release account is locked. , Provide a release account to release the locked release account. That is, an account for releasing the lock state of the account for release, and a nested structure is formed between the accounts.

  FIG. 6 shows the correlation between the accounts at this time.

  FIG. 6 shows an account management table composed of a normal account and a plurality of cancellation accounts. Since the structure is similar to the table structure shown in FIG. 5, the differences from FIG. 5 will be mainly described.

  The account management table shown in FIG. 6 includes, for each account indicated by [user ID] and [password], [type] indicating the type of the account, and [state 1] indicating the lock state of each account. [Status 2] indicating whether authentication by each account is possible is set.

  Further, when a release account for releasing the lock state of each account is set, the user ID indicated by the release account is shown in [Release Account User ID].

  For example, “Normal” is set as the “Type” of the account whose “User ID” is “2006001579”, “Password” is “028 ymli”, and “Lock” is indicated in “Status 1”. Can be determined as a normal account in a locked state. In this account, “75 ju89” is designated as the [account user ID for release], and the lock state can be released by an account having this “75 ju89” as the user ID.

  This account with “75ju89” set in [User ID] has “85y4ko2” set in [Password] and “Release” in [Type], so this account is for release Can be identified as an account.

  Also, since [State 1] is “Locked” and [State 2] is set to “Invalid”, this unlocking account is also in the locked state, and the unlocked state using this unlocking account is released. Is disabled. In this account, “8iq78” is designated as [account user ID for release], and the lock state can be released by an account having this “8iq78” as a user ID. That is, it shows a state where a release account for releasing the lock state of the release account is set.

  This account management table has an account whose [User ID] is [8iq78] and [Password] is [p24apgra], and is canceled because [Release] is set as [Type] of this account It is possible to determine that the account is for use, and since “valid” is set in [state 2], the lock state can be released by authenticating the account for release.

  By authenticating this release account, the [Status 2] of this release account is changed from “valid” to “invalid”, and the user ID of this release account is set to [release account user ID]. In addition, [Status 1] of the account for cancellation indicated by [User ID] is “75ju89” and [Password] is “85y4ko2” is changed from “Locked” to “Unlocked”.

  With such a table configuration, accounts having a nested structure can be managed, and the locked state can be sequentially released.

  Next, the flow of processing for canceling the normal account and logging in to the system is shown in the flowchart of FIG.

  FIG. 7 shows processing when the normal account is locked and the authentication of the unlocking account 1 for canceling the locked normal account also fails, and “cancellation account authentication processing” (316) shown in FIG. This is a modification of the processing flow performed when it is determined that the authentication has failed (NO in 317). That is, the processing is started in a state where the authentication of the cancellation account 1 has once failed.

  First, the number of hierarchies of the release account is “n”, the maximum number of hierarchies is “m”, the number of login attempts is “k”, the initial number is “1”, and the number of login attempts (k) Is set to “1”. Further, as a conditional expression at this time, the number of layers (n) is “n <= m” which is equal to or less than the maximum number of layers (m) (701).

  Then, the number of login attempts is incremented ((k + 1) is substituted for (k)) (702), and a screen for inputting the user ID and password of the release account n for the hierarchy number (n) is displayed and input by the user. Authentication processing of the authentication information is performed (702). It is determined whether or not the authentication process is successful (703). If the authentication is impossible (NO in 703), it is subsequently determined whether or not the number of login attempts (k) of the authentication process is equal to or greater than a predetermined number of times of permission. (705).

  If the number of login attempts is equal to or greater than the predetermined number of times allowed (YES in 705), this indicates that the cancellation account n could not be authenticated, and the hierarchy for transferring to the next level cancellation account authentication processing The number (n) is incremented ((n + 1) is substituted for (n)) (706). It is determined whether the number of hierarchies after the increment (n) is larger than the preset maximum number of hierarchies (m) (707). If the number of hierarchies after the increment (n) is less than the maximum number of hierarchies (m) (in 707) NO), it is determined that authentication can be performed using the cancellation account for the next hierarchy, and the cancellation account n for the number of hierarchies (n) after increment is acquired (708).

  Further, the state of the release account “n−1” (release account n before increment) is changed to “lock state” (709), and the release account (n) (release account “n” after increment) is changed. ) Is changed to “valid” (710), and the number of login attempts (k) for the cancellation account in the next hierarchy is initialized (reset) (711). Then, authentication processing for the next-level cancellation account is performed.

  Next, if authentication is possible by the authentication process (703) of the cancellation account n for the number of hierarchies (n) (YES in 704), it is determined whether the number of hierarchies of the authenticated cancellation account is “1”. (712). When the number of hierarchies of the release account is “1”, it means that the lock state of the normal account can be released and the authentication process of the normal account can be performed. Therefore, when the number of hierarchies of the authenticated cancellation account is “1” (YES in 712), the process returns to the position (C) shown in FIG.

  On the other hand, when the number of hierarchies is not “1” (NO in 712), that is, when the normal account is in a locked state, the number of hierarchies (n) is decremented ((n-1) is decremented to (n)). Substitution) (713), and the account n for cancellation after decrement is authenticated (714). For example, when the three-level release account 3 is authenticated, the number of levels (3) is decremented to the number of levels (2), and the authentication process for the two-level release account 2 is performed.

  The result of authenticating the decrement release account n is determined (715). If the authentication fails (NO in 715), a message indicating that the multiple lock cannot be released is displayed (716), and the process is terminated. If the authentication is successful (YES in 715), the process is repeated from the determination (712) of whether the number of hierarchies of the authenticated cancellation account is “1”.

  That is, if the authentication for the release account is successful once and the authentication process for the higher release account fails even once, the process is terminated without continuing the lock release process. This makes it possible to counter threats such as brute force attacks.

  Next, when the number of login attempts for authentication is equal to or greater than the permitted number (YES in 705) and the number of hierarchies after increment (n) is larger than the maximum number of hierarchies (m) (YES in 707), An error screen indicating that authentication cannot be performed is displayed (716), and the process is terminated.

  By using such a multiple lock, it is possible to perform a stronger and more secure authentication process.

  In the first embodiment and the second embodiment, when the authentication process for the normal account is locked even if the number of login attempts reaches a certain number of login attempts, the release account provided in a pair with the normal account is used. The lock state is released by authenticating, and authentication processing by a normal account is enabled again. In addition to this method, the lock state may be released by providing a password for release instead of releasing the lock state of the normal account by using the account for release.

  In other words, login to the system by a normal account is performed by authenticating the combination of the user name for the normal account and the password for the user name, but it can also be canceled by a dedicated password that unlocks the lock state. is there. The dedicated password is commonly provided for all normal accounts, and may be configured such that a dedicated password is provided for each normal account.

  In order to release the locked state with a dedicated password provided for each normal account, the dedicated password is used instead of the cancellation account provided in a pair with the normal account described in the first and second embodiments. This is a configuration to be set.

  Further, when a dedicated password is set for the normal account, it may be configured to authenticate not only the authentication by the password but also the combination of the user ID for the normal account and the dedicated password. In the first embodiment and the second embodiment, authentication processing is performed with different accounts, that is, different user IDs. When the lock state is released with a dedicated password, the same user ID is combined with a different password. Authenticate.

  With the above processing, in the authentication control system according to this embodiment, an account that is locked after exceeding a certain number of login attempts can be canceled by using a cancellation account that is generated in pair with the account. Also, the login to the system can be performed by authenticating the account that is locked together with the authentication of the account for release.

  This makes it possible to easily release an account that is accidentally locked while ensuring high security.

  The present invention is not limited to the embodiments described above and shown in the drawings, and can be implemented with appropriate modifications within a range not changing the gist thereof.

  The present invention is applicable to an authentication control program and an authentication apparatus that perform authentication processing using a user account in a locked state, and in particular, a user account that has been invalidated by authentication processing more than a specified number of times can be easily and safely It is useful for canceling and performing authentication processing by the user account again.

1 is a network configuration diagram of an authentication control system configured by applying an authentication control program and an authentication apparatus according to the present invention. 2 is a block configuration of an authentication module for authentication processing performed by the authentication server shown in FIG. 1. The flowchart which shows the detailed flow of the authentication process performed by the authentication control program of this invention. The other flowchart which shows the detailed flow of the authentication process performed by the authentication control program of this invention. The figure which shows the account management table which managed the account. The figure which shows the account management table which managed the account which formed the nested structure. The flowchart which shows the flow of the authentication process in multiple lock | rock.

Explanation of symbols

100 client PC
200 Web Server 300 Authentication Server 201 Control Unit 202 Screen Generation Unit 203 Authentication Unit 204 Account Type Determination Unit 205 Lock State Determination Unit 206 Corresponding Account Acquisition Unit 207 Authentication Information Holding Unit

Claims (6)

And authentication information manages the one of the states or invalid authentication information is valid, invalid release to validate the state of the authentication information authentication attempts has become disabled by reaching a specified number A first step of managing, in association with the authentication information , the authentication information for release to be performed and the status of whether the authentication information is valid or invalid ;
A second step of determining whether the information input at the time of user authentication is authentication information or release authentication information;
The information that is the input at the second step is determined to be authentication information, when a state of the authentication information managed by the first step has become invalid, the corresponding to the authentication information a third step of validating the state of releasing the authentication information managed by the first step,
When it is determined that the input information in the second step is release authentication information, and the state of the release authentication information managed in the first step is invalid, the release authentication information is included in the release authentication information. Correspondingly, a fourth step of performing error notification including notification that the status of the authentication information managed in the first step is not invalid;
When it is determined that the input information in the second step is release authentication information, and the state of the release authentication information managed in the first step is valid, the release authentication information A fifth step of performing an authentication process;
If the release authentication information by the authentication processing by said fifth step has been authenticated, a sixth step of determining the authentication information corresponding to the cancellation authentication information from the managed association by the first step,
An authentication control program for causing a computer to execute a seventh step of performing a re-authentication process using the authentication information determined to correspond to the release authentication information in the sixth step. 8. The eighth step according to claim 1, further comprising: when the authentication information is authenticated by the re-authentication process in the seventh step, invalidating the state of the release authentication information with respect to the authentication information. Authentication control program. The authentication control program according to claim 1, further comprising: initializing a number of authentication attempts of the authentication information when the authentication information is authenticated by the re-authentication process according to the seventh step. The first step includes
The registration information is registered by generating the cancellation authentication information by performing a keyed hash calculation process, and managing the authentication information in association with the authentication information. authentication control program according to one. The first step includes
Further manage the release authentication information for releasing the invalidation authentication information in association with the invalidation authentication information,
When the state of the authentication information for cancellation becomes invalid because the number of authentication attempts in the fifth step reaches the specified number, the first step corresponds to the authentication information for cancellation invalidated. A ninth step of validating the status of the authentication information for cancellation managed;
A tenth step of performing authentication processing of the authentication information for release made effective in the ninth step;
When the release authentication information is authenticated by the re-authentication process in the tenth step, the release authentication information corresponding to the invalidated release authentication information is determined from the association managed in the first step. Eleventh steps to:
The authentication control program according to claim 1, further comprising: a twelfth step of performing a re-authentication process using the cancellation authentication information determined to correspond to the cancellation authentication information invalidated in the eleventh step. And authentication information manages the one of the states or invalid authentication information is valid, invalid release to validate the state of the authentication information authentication attempts has become disabled by reaching a specified number Management means for managing in association with the authentication information the authentication information for release to be performed and the status of whether the authentication information is valid or invalid ;
A determination means for determining whether information input at the time of user authentication is authentication information or release authentication information;
The information that is the input determining means is determined to be authentication information, when a state of the authentication information managed by the management means has become invalid, being managed by the management means in correspondence with the authentication information State updating means for validating the state of the authentication information for release,
When the determination unit determines that the input information is cancellation authentication information, and the status of the cancellation authentication information managed by the management unit is invalid, the information corresponding to the cancellation authentication information Notification means for performing error notification including notification that the status of the authentication information managed by the management means is not invalid;
When the determination means determines that the input information is the release authentication information and the state of the release authentication information managed by the management means is valid, the release authentication information is authenticated. Authentication means;
A determination unit that determines authentication information corresponding to the cancellation authentication information from the association managed by the management unit when the cancellation authentication information is authenticated by the authentication process by the authentication unit;
An authentication apparatus comprising: re-authentication means for performing re-authentication processing using authentication information determined to correspond to the release authentication information by the determination means.

Images