JP5142195B2 - Personal authentication method, personal authentication system, personal authentication program for causing a computer to execute the personal authentication method, and a personal authentication program storage medium storing the program - Google Patents

Description

  The present invention relates to a personal authentication method, a personal authentication system, a computer program, a computer program storage medium, and the like. Specifically, a personal authentication method, apparatus, computer program, and computer program storage medium that acquire personal action history information and generate an inquiry question (query) for executing personal authentication based on the history information. About.

  In recent years, opportunities for personal authentication have increased due to the spread of the Internet and the expansion of mobile terminal functions. Many personal authentications using Web services mainly use IDs and passwords using alphanumeric characters. For example, in mobile phones, passwords with a 4-digit number (PIN) are mainly used.

  Recently, like electronic money and credit cards, an increasing number of mobile phones have a function for paying for shopping. With this function, the payment procedure is completed simply by holding the mobile phone over the reader installed in the store.

  Some of the mobile phones are used in vending machines, station ticket gates, and the like.

  Such functions are very convenient and the number of users is increasing. However, there are safety issues. For example, when a mobile phone is dropped, it may be easily used by a third party who picks it up. Therefore, it is considered that such functions will require personal authentication in the future.

  Personal authentication can be broadly divided into three types: possession method, biometrics method, and knowledge storage method.

  In possession-type authentication, an ID card is equivalent. In the authentication with this property, there is a problem that if an ID card is lost, it will be used by a third party.

  In biometrics authentication, authentication using biometric features such as fingerprints and irises is equivalent. In the authentication based on the identity of the person, since the biometric feature is used, there is a problem that it cannot be changed once lost.

  Knowledge-based authentication is equivalent to authentication using alphanumeric passwords or PINs, and is most commonly used today. In this knowledge storage method authentication, there are cases where the user forgets, and when using a PIN that is easily guessed by a third party, there is a problem that the authentication strength is significantly reduced.

  If a password that is difficult to guess is used, a problem that the user forgets the password occurs, and it becomes a burden on the user to memorize the specific password. In addition, when a note is taken on paper, the password may be passed to a third party from the note.

  Image authentication (see Non-Patent Document 1) is a new recall type authentication method for knowledge storage. Image authentication is authentication using an image instead of a character string password. In general, there are many methods in which a user selects a specific image from a plurality of images.

  Advantages of using images are that, for humans, images are more suitable for storage than characters, and that a user can authenticate by identifying and selecting a specific image. In addition, it has excellent operability and can be easily used on mobile terminals such as mobile phones. Also, unlike PIN and character string passwords, images cannot be taken on paper, so the password is transmitted to a third party. There is also an advantage that it is difficult.

  The problem with using images is that the password image is biased according to the user's preference. If there is a bias, it is easier for a third party to guess the image, so the security level of authentication is reduced.

  In addition, riddle authentication (see Non-Patent Document 2), etc., is a new recall type authentication method for other knowledge storage methods. Riddle authentication is authentication that relies on the knowledge and experience of the user to present and answer questions that only known legitimate users know. For example, some web services register questions and answers in advance in order to reissue passwords. In some cases, the presentation and answer of a question are used in a password reissue situation, but it is rarely used in other personal authentication situations.

  The advantage of riddle authentication is that it is not necessary to memorize a new password, and the security of authentication may be improved depending on the question.

  On the other hand, the problem of riddle authentication is that it is difficult to think of excellent questions, and if easy questions are used, the answer is easily guessed and the security level is reduced, and the process of presenting the question and inputting the answer It takes a long time for authentication because it is necessary.

  Further, as a problem common to image authentication and riddle authentication, preparation and setting are required before authentication. Specifically, it is necessary to store in advance in a database information that can be known only by authorized users.

  In addition, as a method of pre-accumulating information that only authorized users can know in order to use for personal authentication, users can purchase information at convenience stores, etc. A method of accumulating in an action history information database has been proposed (see, for example, Patent Document 1).

In the proposed method, although the accumulation of individual behavior history information is feasible, or to produce a how to query from the stored information, generated query is easily recalled correct for the user A query that realizes a question-and-answer type personal authentication process based on personal action history information that can provide a question-answering system that can provide a question-answering system that can maintain a high security level that excludes users other than legitimate users, as well as a convenient interface The generation method and the authentication method have a problem that it is difficult to realize.

JP 2003-99403 A Toshiyuki Masui, Street Corner of Interface (43)-Bright Authentication System, UNIX MAGAZINE, Vol.16, No7, pp.185-189, ASCII, Inc. (2001). D.E.Denning, P.F.MacDoran, Location-Based Authentication: Grounding Cyberspace for Better Security, Computer Fraud and Security, Feb. 1996.

  An object of the present invention is to provide a personal authentication method, a personal authentication system, a personal authentication program, and a personal authentication program storage medium that do not require troublesome settings in advance for payment for goods purchase and personal authentication for Internet access. To do.

  Furthermore, the present invention provides a personal authentication method, a personal authentication system, a personal authentication program, and a personal authentication program storage, in which a user can easily recall a password as a knowledge storage type authentication system in payment for purchase of goods and personal authentication for Internet access. The purpose is to provide a medium.

  Furthermore, the present invention relates to a personal authentication method, a personal authentication system, a personal authentication program, and a personal authentication method for increasing the security strength of authentication by changing a password at every authentication in payment for purchase of goods and personal authentication for Internet access. An object is to provide a personal authentication program storage medium.

Basically, the present invention stores user action history information (hereinafter also referred to as “life log” in the present specification) including user purchase information, station ticket gate information, date and time information, and the like. Or a storage device or a mobile phone carried by the user, the authentication system selects a category such as a purchase by a predetermined method, and asks the user's latest purchase or the name of the route used (hereinafter referred to as the present specification). In some cases, it is also called “query”) and an answer option (hereinafter also referred to as “menu” or “correct answer” and “decoy data” in this specification). If the answer is correct (password), it is possible to obtain a device that authenticates the user as a valid user, and the password at the time of authentication changes each time the life log is updated. Utility has high strength, and is based on the finding that the user is likely authentication technique Recalling the password was obtained. That is, this specification discloses the following invention.
Recording user action history information including at least user purchase information and purchase date and time information in storage means;
Selecting a category from category data stored in the category pool storage unit when the personal authentication system performs personal authentication;
Selecting a question that causes the personal authentication system to select the one corresponding to the user's behavior history from the menu corresponding to the category from questions predetermined in the personal authentication system;
Authenticating the user as a valid user when the answer to the question is correct;
A personal authentication method comprising:

Another aspect of the present invention is a personal authentication method that repeatedly executes query generation and user interaction for a specified number of times of authentication. That is, the method
A personal authentication method comprising:
Recording user action history information including at least user purchase information and purchase date and time information in storage means;
Setting a specified number of authentications, which is the number of times authentication is repeated for different categories;
Only the specified number of authentication times;
(1) The personal authentication system executes a step of selecting a category from category data stored in the category pool storage unit when executing personal authentication.
(2) executing a step of selecting a question for allowing the personal authentication system to select a question corresponding to the user's action history from a menu corresponding to the category from a question predetermined in the personal authentication system;
(3) executing a step of generating a correct answer to the question based on the recorded action history information of the user;
(4) Read the data in the decoy data pool storage unit, and execute a step of generating data other than the correct answer as decoy data among the read data,
(5) executing a step of displaying the question, the correct answer to the question, and the decoy data to the user via a display means;
(6) determining whether the answer from the user is correct for the question;
Is executed repeatedly,
Calculating a correct answer rate by a user based on a result of the determination of the prescribed authentication count, and authenticating the user as a valid user when the correct answer rate is equal to or higher than a preset authentication rate;
A personal authentication method comprising:

Further, according to another aspect of the present invention, in the method of repeatedly executing the query generation and the user interaction, the second and subsequent questions are asked a related matter about the answer to the previous question, or hierarchical questions are asked. Personal authentication method. That is, the method
Reading the question presented to the user immediately before from the query storage unit;
A step of reading the related Questions than-related question storage unit,
A personal authentication system generating a correct answer to the question based on the recorded user action history information;
Means for reading the data of the decoy data pool storage unit and generating data of purchased items other than the correct answer as decoy data among the data;
And displaying said correct answer decoy data for the question and the associated Questions, to the user via the display means,
Determining whether the answer from the user is correct for the question;
A personal authentication method comprising:

Furthermore, another aspect of the present invention is a personal authentication method in which queries and decoy data are previously generated for the specified number of authentications and then the user's question and correct answer determination process is repeated for the specified number of authentications. . That is, the method
Recording user action history information including at least user purchase information and purchase date and time information in storage means;
Setting a specified number of authentications, which is the number of times authentication is repeated for different categories;
Only the specified number of authentication times;
(1) The personal authentication system executes a step of selecting from the menus corresponding to the category a question corresponding to the user's behavior history from questions predetermined in the personal authentication system, and the generated question is Writing to the query storage corresponding to the number of trials of the authentication data storage;
(2) generating a correct answer to the question based on the recorded user action history information and writing the correct answer to the correct storage unit;
(3) inputting the category, reading the data in the decoy data pool storage unit, writing the read data to the authentication data storage unit, the decoy data storage unit;
Is executed repeatedly,
Furthermore, only the specified number of certifications;
(1) executing a process of reading the question corresponding to the number of trials from a query storage unit, reading the correct answer from a correct storage unit, and reading the decoy data from a decoy data storage unit;
(2) displaying the read question, correct answer, and decoy data to the user via a display means;
(3) waiting for an input from the user for the question, and determining whether the answer is correct;
Is executed repeatedly,
Calculating a correct answer rate by a user based on a result of the determination of the prescribed authentication count, and authenticating the user as a valid user when the correct answer rate is equal to or higher than a preset authentication rate;
A personal authentication method comprising:

Yet another aspect of the present invention is a personal authentication method for making related questions and hierarchical questions. That is, the method further comprises:
Reading the question presented to the user in the previous trial from the query storage;
Determining whether the category of the question is a category for which a related question can be generated;
If possible generate a related question, a step of reading the relevant Questions from relevant question storage unit,
A step of generating a correct answer to the question based on the recorded user action history information and writing the correct answer to a correct answer storage unit corresponding to the number of trials;
A decoy data corresponding to the number of trials in the authentication data storage unit is executed by reading the data in the decoy data pool storage unit and executing a step of generating data other than the correct answer as decoy data among the read data. Writing to the storage unit;
A personal authentication method comprising:

Still another aspect of the present invention is a personal authentication method including a process in which purchase within a predetermined time or passage of a station ticket gate is regarded as a simultaneous event. That is, the method
The step of inputting the recorded user action history information and generating a correct answer to the question by the personal authentication system and writing it in the correct answer storage unit;
Read the threshold from the preset simultaneous purchase determination threshold storage unit,
If the latest purchase date and time information and the purchase date and time prior to the information are within the threshold, only one of these purchases is selected as the correct answer and written to the correct answer storage unit;
In addition,
The step of inputting the category and executing the decoy data generation process to write the generated decoy data to the decoy data storage unit;
Excluding purchases that were not selected as correct answers from the purchases so as not to be selected as the decoy data;
A personal authentication method comprising:

Furthermore, another aspect of the present invention is a personal authentication method having a means for determining whether or not the user is a legitimate user by an additional question when the correct answer rate is a certain level or more. That is, the method is
Authenticating the user as a valid user when the accuracy rate is equal to or higher than a preset authentication rate,
When the correct answer rate is equal to or higher than the preset additional question permissible recognition rate, an additional question is presented to the user, it is determined whether the answer to the question is correct, and the user is again determined based on the result of this determination. Calculating the correct answer rate according to the above, and authenticating the user as a valid user if the correct answer rate is equal to or higher than a preset authentication rate;
A personal authentication method comprising:

Furthermore, another aspect of the present invention provides a specific means for selecting a question for asking a menu of an action history corresponding to a category of user action history information, corresponding to the category from questions set in the system in advance. It is a personal authentication method. That is, the method is
The step of selecting a question that allows the personal authentication system to select the one corresponding to the user's action history from the menu corresponding to the category from the questions predetermined in the personal authentication system,
If the category is a purchase, selecting a question asking the user's most recent purchase;
If the category is a route name, selecting a question asking the user's most recent route name;
A personal authentication method comprising:

  According to the present invention, it is possible to provide an authentication device that does not require troublesome settings in advance for payment for goods purchases and personal authentication for Internet access.

  Furthermore, according to the present invention, it is possible to provide an authentication method in which a user can easily recall a password as a knowledge storage type authentication system in payment for purchase of goods and personal authentication for Internet access.

  Furthermore, according to the present invention, it is possible to provide an authentication method that increases the security strength of authentication by changing the password for each authentication in payment for purchasing goods or personal authentication for Internet access.

Furthermore, according to the present invention, it is possible to provide an authentication method that further increases the security strength of authentication by issuing further related questions and hierarchical questions to the answers from the users.
This effect is particularly effective in preventing a reduction in security level when there is a difference in purchases depending on the menu. For example, in the case of drinks, when there are an overwhelming number of examples of purchasing tea, if the difference from selecting another menu is too large, it will be easier for a third party to guess the password. It is also possible. In such a case, it is preferable to continuously execute questions related to the answer from the user, such as “What is the tea maker” and “What is the brand of the tea”.
In the present specification, the question may be referred to as a “related question”. In addition, a storage unit in which these questions are stored in advance may be referred to as a “related question storage unit”.

  Furthermore, according to the present invention, when a user purchases a plurality of items at close dates and times, or when a plurality of tracks or stations are used, an event within a certain threshold is regarded as a “simultaneous event”. , By selecting only one of them as a correct answer and executing a process that does not display other events not selected as correct answers as decoy data, multiple simultaneous events are presented as user authentication options. As a result, it is possible to avoid a situation in which the user has difficulty in answering and to provide an authentication system having a good interface.

  Furthermore, according to the present invention, when the user does not answer all questions correctly, but when the answer is greater than a predetermined accuracy rate, an additional question is presented and the answer to the additional question is included again. By calculating the correct answer rate, it is possible to provide an authentication system capable of determining with high recognition rate whether or not the user who has made a reply at the border of the authentication rate is a legitimate user.

FIG. 1 is a conceptual diagram showing a system configuration example for collecting life log information in the entire personal authentication system of the present embodiment. As shown in FIG. 1, life log information used in the present embodiment is installed in a device 11 such as a personal mobile phone or IC card 12 worn by a user or carried in a convenience store or supermarket. Between a register with an IC card reading function (not shown), a vending machine, an ETC reader (not shown) installed at a toll gate such as a toll road, or a station ticket gate 15 or a bus reader It is a user's action history information acquired by communication. And this action history information (life log information) is memorize | stored in the personal information collection server 18 which is a life log memory | storage part, and is centrally managed.
By using such a system configuration example, it is possible to acquire each individual's action history on a daily basis, and the latest life log is updated based on such information. Based on the latest life log information, question answering type personal authentication can be executed.

  Although FIG. 1 shows a configuration in which life log information is transmitted to a user side device via a supply transmission device, an IC card or mobile phone carried by the user without adopting such a centralized management system. It is also possible to provide a dedicated data area in the telephone (11 or 12) and record and manage life log information (action history information) in the area.

  FIG. 2 is an example of the data structure 20 of the life log storage unit in which life log information is recorded. In this example, for each event, information of date 21, time 22, purchased item category or route name 23, purchased article name or station name 24 is recorded in the database as a tuple.

  FIG. 3 shows another example of the data structure 30 of the life log storage unit in which life log information is recorded. In this example, for each event, in addition to information on date 31, time 32, category of purchased item or route name 34, purchased item name or station name 35, location type 33, product brand name 36, store name 37, product The manufacturer name 38 is added and recorded in the database as a tuple.

  The personal authentication system using the life log information can be realized even with the data structure shown in FIG. 2, but by adding the information shown in FIG. 3, personal authentication using related questions and hierarchical questions can be realized. is there.

  In this embodiment, purchased items and route names are divided into six categories, and nine menus are prepared for each category. There are six categories, for example, drinks, food, sweets, desserts, magazines, and routes.

  There are nine menus corresponding to the category of drinks, for example, coffee, tea, sports drink, carbonated drink, juice, mineral water, beer, shochu, and wine.

FIG. 4 is a conceptual diagram of an authentication procedure for question answering type personal authentication using a life log. The detailed processing of “create and present a query ” (step 420) in the processing of FIG. 4 will be further described in the conceptual diagram of the authentication procedure shown in FIG.
Prior to the authentication process, a prescribed number of authentications is set (step 400), and an initialization process (step 410) such as resetting the counter of the number of trials is executed.
The specified number of times of authentication is the number of times that the creation and presentation of a question, input of an answer to the question, and determination of whether the answer is correct are repeated for different categories while changing the category. It is convenient if the number of times is input and stored from, and the setting can be changed as necessary.
In the processing conceptual diagram shown in FIG. 4, processing (step 430, step 460) of repeating query generation, correct data generation, decoy data generation processing (step 420) and question answering with the user for the specified number of authentications is performed. It is shown.
In this process, the user's action history information (life log information) including at least the purchased item information and purchase date / time information is recorded in storage means (for example, the personal information collection server 18 or the life log storage unit 95). And (not shown),
A step of setting a specified number of times of authentication, which is the number of times authentication is repeated for different categories while changing the category (step 400);
Only the specified number of authentication times;
(1) The personal authentication system executes a step of selecting a category from category data stored in the category pool storage unit when executing personal authentication (steps 710 to 720),
(2) The personal authentication system executes a step of selecting a question asking the user action history information menu corresponding to the category from questions predetermined in the personal authentication system (step 730),
(3) executing a step of generating a correct answer to the question based on the recorded action history information of the user (step 740);
(4) Read data from the decoy data pool storage unit, and execute a step of generating data other than the correct answer as decoy data among the read data (step 750),
(5) executing a step of displaying the question, the correct answer to the question, and the decoy data to the user via a display means (step 760);
(6) a step of determining whether the answer from the user is correct for the question (step 440);
Is repeatedly executed (step 460),
When the correct answer rate by the user is calculated based on the result of the determination of the prescribed authentication count and the correct answer rate is equal to or higher than a preset authentication rate (step 470: YES), the user is a valid user. Authenticating (step 480),
It comprises.

FIG. 5 is a conceptual diagram of an embodiment in which query generation, correct data generation, and decoy data processing are executed prior to a question response with a user. The detailed processing of “create query ” (step 510) in the processing of FIG. 5 will be further described in the conceptual diagram of the authentication procedure shown in FIG.
The processing includes a step of recording user action history information including at least user purchase information and purchase date and time information in a storage means (not shown),
A step of setting a specified number of times of authentication, which is the number of times authentication is repeated for different categories while changing the category (step 500),
Only the specified number of authentication times;
(1) The personal authentication system executes a step of selecting, from the data stored in the storage unit, a question for asking a menu of user behavior history information corresponding to the category from a question predetermined in the personal authentication system ( Steps 610 to 620), writing the generated question into the query storage unit (140) corresponding to the number of trials of the authentication data storage unit (Step 630),
(2) generating a correct answer to the question based on the recorded user action history information (step 640) and writing to the correct answer storage unit 120 (step 650);
(3) Input the category, read data from the decoy data pool storage unit 96, and write the read data to the decoy data storage unit (130a to 130h) illustrated in FIG. Step (step 660),
Is executed repeatedly,
Furthermore, only the specified number of certifications;
(1) A process of reading the question corresponding to the number of trials from the query storage unit (140), reading the correct answer from the correct answer storage unit (120), and reading the decoy data from the decoy data storage units (130a to 130h). Steps to execute (step 530);
(2) displaying the read question, correct answer, and decoy data to the user via a display means (step 530);
(3) Waiting for an answer from the user for the question (step 535), determining whether the answer is correct (step 540),
Is repeatedly executed (step 550),
When the correct answer rate by the user is calculated based on the result of the determination of the specified number of times of authentication and the correct answer rate is equal to or higher than a preset authentication rate (step 555: YES), the user is a valid user. Authenticating (step 560),
It comprises.

FIG. 6 is a conceptual diagram of the processing procedure of “create query ” (step 510) in the processing of FIG.
First, for each category of life log information, at least one or more data pre-settings, setting of the number of decoy decoy data, setting of the number of specified authentication times, and initialization of a counter indicating a query number are executed (step 600). .
Next, a query (question) category is selected at random (step 610). Specifically, category selection may be performed at random. In addition, considering the user's familiarity with the response to the authentication screen, the category display order may be set in the authentication system in advance. In addition, if the process of selecting a query category at random after excluding an event category with a very low probability of occurrence for the user in advance, even if it is a “latest” event, an event that has already passed a considerable number of days Therefore, a good authentication interface can be realized.

Next, a process for excluding the same category as the category for which a query has already been generated is performed (step 620). By this processing, the same question is not presented to the user in one personal authentication, so that there is an advantage that it is possible to prevent a decrease in the security level of authentication.

Next, the category of the query is written into the category storage unit 110 corresponding to the number of trials of the query in the authentication data storage unit 100 (step 630).

Then, reading the data of the life log storage unit to obtain the latest purchases or use route name that matches the category is written to the correct memory unit 120 queries the storage unit corresponding to the query number (step 650).

Next, as many data as the decoy data corresponding to the query number are read from the decoy data pool storage unit 96 that matches the category of the query , and the read data is used as decoy data corresponding to the query number. Write to 130h (step 660).
Next, when a query is generated up to a preset number of prescribed authentications, the query generation process ends (step 670).

Here, if the threshold value is read from the preset simultaneous purchase determination threshold value storage unit 97 and the latest purchase date and time information and the purchase date and time before the information are within the threshold value, only one of these purchased items is purchased. May be selected as a correct answer and a process of writing to the correct answer storage unit 120 may be performed.
At the same time, a process that does not display other events not selected as correct answers as decoy data may be executed.

With this process, when multiple items are purchased at the date and time when the user is in close proximity, when multiple routes or stations are used, events within a certain threshold are considered as “simultaneous events”. By selecting only one as a correct answer and executing a process that does not display other events that were not selected as correct answers as decoy data, multiple simultaneous events are presented as user authentication options. This is advantageous in that it provides an authentication system that has a good interface while avoiding difficulties in answering.
That is, in the step of inputting the recorded user action history information and the personal authentication system generating a correct answer to the question and writing it in the correct answer storage unit 120; Reading the threshold value, and if the latest purchase date and time information and the purchase date and time before the information are within the threshold value, selecting only one of these purchases as a correct answer and writing it in the correct answer storage unit 120, Further, the step of inputting the category and executing the decoy data generation process to write the generated decoy data to the decoy data storage units 130a to 130h; the purchased item that is not selected as the correct answer among the purchased items, And excluding it from being selected as decoy data.

FIG. 7 is a conceptual diagram detailing the processing procedure of “create and present a query ” (step 420) in the processing of FIG.
First, for each category of the life log, at least one or more data pre-setting, setting of the number of specified decoy data, setting of the number of specified authentication times, and initialization of a counter indicating a query number are executed (step 700).
Next, select the category of the query (inquiry) (step 710). Specific selection of categories to may be the be carried out at random. In addition, considering the user's familiarity with the response to the authentication screen, the category display order may be set in the authentication system in advance. In addition, if the process of selecting a query category at random after excluding an event category with a very low probability of occurrence for the user in advance, even if it is a “latest” event, an event that has already passed a considerable number of days Therefore, a good authentication interface can be realized.

Next, a process for excluding the same category as the category for which a query has already been generated is performed (step 720). By this processing, the same question is not presented to the user in one personal authentication, so that there is an advantage that it is possible to prevent a decrease in the security level of authentication.

Next, the category of the selected query is temporarily stored in the register of the CPU 92, the data in the life log storage unit 95 corresponding to the category is read, and the latest purchase or use route name that matches the category is obtained. (Step 740).

  Next, the obtained purchase or use route is obtained as a correct answer (step 740).

Next, data is read from the decoy data pool storage unit 96 corresponding to the query category by the specified number of decoy data, and the read data is generated as decoy data corresponding to the query number (step 750).

  Next, a query corresponding to the obtained category is selected, and the correct answer and the decoy data are combined and presented to the user via a display device (step 760).

  Next, an answer input by the user is obtained (step 770).

In step 740, the threshold value is read from the preset simultaneous purchase determination threshold value storage unit (97), and if the latest purchase date and time information and the purchase date and time before the information are within the threshold value, A process of selecting only one as a correct answer may be performed.
At the same time, in step 750, another event that is not selected as a correct answer may not be generated as decoy data.

  With this process, when multiple items are purchased at the date and time when the user is in close proximity, when multiple routes or stations are used, events within a certain threshold are considered as “simultaneous events”. By selecting only one as the correct answer and executing a process that does not generate other events that were not selected as correct answers as decoy data, the user is presented with multiple simultaneous events as options for user authentication. This is advantageous in that it provides an authentication system that has a good interface while avoiding difficulties in answering.

  FIG. 8 is a conceptual diagram of a screen for life log authentication. On the authentication screen, it is displayed for each category, and the question and options are shown to the user from the authentication system so as to select the previously purchased item from the nine menu options. Four category screens are randomly selected from the six.

  FIG. 9 is a configuration diagram illustrating an example of a hardware configuration of the life log authentication system. The life log authentication hardware 90 includes an input / output I / F 91, a CPU 92, a category pool storage unit 93, a ROM 94, a life log storage unit 95, a decoy data pool storage unit 96, and a simultaneous purchase determination threshold storage unit 97. And a related question storage unit 98 and an authentication data storage unit 100. The life log authentication hardware 90 is mounted on or connected to a computer terminal, vending machine, mobile phone, or the like that performs personal authentication of the user, and receives life log information from the life log server 18 via the input / output I / F 91. Received and stored in the life log storage unit 95.

  The display positions on the screen of options that are correct and decoy data that are incorrect are selected at random.

  The number of menus to be displayed is not limited to nine and may be any number. For example, when the display on the screen of the mobile phone and the answer are input by the dial button of the mobile phone, 9 One or twelve is convenient.

  The total number of categories is not limited to six, but may be any number. However, considering that the authentication strength when question answering to users is performed for randomly selected categories is not reduced, It is convenient to set a number larger than the number of questions (number of trials).

  In the life log authentication with the above configuration, the password at the time of authentication changes every time the life log is updated. In addition, because four categories appear randomly from the six categories, the screen that appears at every authentication changes. The password at the time of authentication is the selection of the latest purchased item or the name of the route used, and is easy to memorize.

  The number of categories that appear at random is not limited to four, but may be any number. However, if the security strength equivalent to the PIN number of the cash card is to be realized, it is equivalent. It is convenient that the number is 4 in terms of the number of combinations.

  Also, as a preferred mode, according to the amount of goods or services to be purchased for personal authentication, if the amount is high, the number of question categories shown to the user is increased, while the amount is low. In this case, if the number of question categories is reduced, it is possible to realize the two advantages of realizing a high security level and providing a simple authentication method depending on the situation. Convenient.

  Next, when the number of trials reaches the specified number of authentications, the personal authentication system of the present embodiment reads the correct number recording unit, and the correct answer rate is equal to or exceeds the initially set specified correct answer rate. Performs an authentication success process with the user as a legitimate user, and executes an authentication failure process if the user is below the specified accuracy rate.

  Note that it may be determined whether the number of correct answers is equal to the specified number of authentications, that is, whether all the questions are correct, and the authentication success process may be executed only when all the questions are correct. In such a case, there is a high possibility that a legitimate user is mistakenly recognized as an unauthorized user, but this is advantageous in terms of increasing the security level of the personal authentication system.

  Further, when the number of trials reaches the specified number of authentications, authentication may be performed by an additional question if the correct answer rate exceeds a certain level.

  That is, when the correct answer number recording unit is read and the correct answer rate is equal to or exceeds the preset correct answer rate, the authentication success process is performed with the user as a legitimate user and the correct answer rate is below the prescribed correct answer rate. If the correct answer rate is equal to or greater than the preset additional question permissible recognition rate, an additional question is presented to the user, it is determined whether the answer to the question is correct, and the correct answer from the user is again displayed. It is good also as authenticating the said user that it is a valid user, when the rate is calculated and the said correct answer rate is more than the preset authentication rate.

In order to investigate the probability of successful authentication, a demonstration experiment was conducted on two subjects. The experimental period is 2 weeks. Table 1 shows the experimental results.
The success rate for user 1 was 91.7%, and the success rate for user 2 was 80%. It was shown that authentication by answering questions is easy for users because the relatively new memory becomes password information.

  The personal authentication method, personal authentication system (apparatus), and program for causing a computer to execute the personal authentication method of the present invention are suitable for fields such as personal authentication for Web services, personal authentication for shopping with electronic money or credit cards, etc. Can be used.

It is a conceptual diagram which shows the system structural example which collects life log information among the whole personal authentication systems of this invention. It is an example of the data structure of the life log memory | storage part by which life log information is recorded. It is another example of the data structure of the life log memory | storage part by which life log information is recorded. It is a conceptual diagram explaining the example of operation | movement of life log authentication. It is a conceptual diagram explaining the example of operation | movement of life log authentication. It is a conceptual diagram explaining the example of operation | movement of the query production | generation used for life log authentication. It is a conceptual diagram explaining the example of operation | movement of the query production | generation used for life log authentication. It is a conceptual diagram of a life log authentication screen. It is a hardware block diagram of a life log authentication system. It is a block diagram of an authentication data storage part among the hardware of a life log authentication system.

DESCRIPTION OF SYMBOLS 10 System 11 which collects life log information Mobile phone 12 Electronic money IC card 13 Wireless terminal or GPS terminal 14 Electronic money network 15 Ticket gate 16 GPS satellite 17 Wireless LAN access point 18 Life log storage unit 20 Data structure of life log storage unit 21 Date 22 Time 23 Category (Purchase category or route name)
24 menu (purchased item name or station name)
30 Other examples of the data structure of the life log storage unit 31 Date 32 Time 33 Location type 34 Category (purchased product category or route name)
35 Menu (Purchased product name or station name)
36 Product Name / Brand 37 Store Name 38 Product Name / Manufacturer Name 90 Life Log Authentication System Hardware Configuration 91 Input / Output Interface 92 CPU
93 Category Pool Storage 94 ROM
95 life log storage unit 96 decoy data pool storage unit 97 simultaneous purchase threshold storage unit 98 related question storage unit 100 authentication data storage unit 110 category storage unit 120 correct answer storage unit 130 decoy data storage units 130a to 130h decoy data storage units 1 to 8
140 Query storage unit

Claims (18)

A personal authentication method comprising:
Recording user action history information including at least user purchase information and purchase date and time information in storage means;
Selecting a category from category data stored in the category pool storage unit when the personal authentication system performs personal authentication;
Selecting a question that causes the personal authentication system to select the one corresponding to the user's behavior history from the menu corresponding to the category from questions predetermined in the personal authentication system;
Authenticating the user as a valid user when the answer to the question is correct;
A personal authentication method comprising: A personal authentication method comprising:
Recording user action history information including at least user purchase information and purchase date and time information in storage means;
Setting a specified number of authentications, which is the number of times authentication is repeated for different categories;
Only the specified number of authentication times;
(1) The personal authentication system executes a step of selecting a category from category data stored in the category pool storage unit when executing personal authentication.
(2) executing a step of selecting a question for allowing the personal authentication system to select a question corresponding to the user's action history from a menu corresponding to the category from a question predetermined in the personal authentication system;
(3) executing a step of generating a correct answer to the question based on the recorded action history information of the user;
(4) Read the data in the decoy data pool storage unit, and execute a step of generating data other than the correct answer as decoy data among the read data,
(5) executing a step of displaying the question, the correct answer to the question, and the decoy data to the user via a display means;
(6) determining whether the answer from the user is correct for the question;
Is executed repeatedly,
Calculating a correct answer rate by a user based on a result of the determination of the prescribed authentication count, and authenticating the user as a valid user when the correct answer rate is equal to or higher than a preset authentication rate;
A personal authentication method comprising: The personal authentication method according to claim 2, further comprising:
Reading the question presented to the user immediately before from the query storage unit;
A step of reading the related Questions than-related question storage unit,
A personal authentication system generating a correct answer to the question based on the recorded user action history information;
Means for reading the data of the decoy data pool storage unit and generating data of purchased items other than the correct answer as decoy data among the data;
And displaying said correct answer decoy data for the question and the associated Questions, to the user via the display means,
Determining whether the answer from the user is correct for the question;
A personal authentication method comprising: A personal authentication method comprising:
Recording user action history information including at least user purchase information and purchase date and time information in storage means;
Setting a specified number of authentications, which is the number of times authentication is repeated for different categories;
Only the specified number of authentication times;
(1) The personal authentication system executes a step of selecting from the menus corresponding to the category a question corresponding to the user's behavior history from questions predetermined in the personal authentication system, and the generated question is Writing to the query storage corresponding to the number of trials of the authentication data storage;
(2) generating a correct answer to the question based on the recorded user action history information and writing the correct answer to the correct storage unit;
(3) inputting the category, reading the data in the decoy data pool storage unit, writing the read data to the authentication data storage unit, the decoy data storage unit;
Is executed repeatedly,
Furthermore, only the specified number of certifications;
(1) executing a process of reading the question corresponding to the number of trials from a query storage unit, reading the correct answer from a correct storage unit, and reading the decoy data from a decoy data storage unit;
(2) displaying the read question, correct answer, and decoy data to the user via a display means;
(3) waiting for an input from the user for the question, and determining whether the answer is correct;
Is executed repeatedly,
Calculating a correct answer rate by a user based on a result of the determination of the prescribed authentication count, and authenticating the user as a valid user when the correct answer rate is equal to or higher than a preset authentication rate;
A personal authentication method comprising: 5. The personal authentication method according to claim 4, further comprising:
Reading the question presented to the user in the previous trial from the query storage;
Determining whether the category of the question is a category for which a related question can be generated;
If possible generate a related question, a step of reading the relevant Questions from relevant question storage unit,
A step of generating a correct answer to the question based on the recorded user action history information and writing the correct answer to a correct answer storage unit corresponding to the number of trials;
A decoy data corresponding to the number of trials in the authentication data storage unit is executed by reading the data in the decoy data pool storage unit and executing a step of generating data other than the correct answer as decoy data among the read data. Writing to the storage unit;
A personal authentication method comprising: A personal authentication method according to any one of claims 2 to 5,
The step of inputting the recorded user action history information and generating a correct answer to the question by the personal authentication system and writing it in the correct answer storage unit;
Read the threshold from the preset simultaneous purchase determination threshold storage unit,
If the latest purchase date and time information and the purchase date and time prior to the information are within the threshold, only one of these purchases is selected as the correct answer and written to the correct answer storage unit;
In addition,
The step of inputting the category and executing the decoy data generation process to write the generated decoy data to the decoy data storage unit;
Excluding purchases that were not selected as correct answers from the purchases so as not to be selected as the decoy data;
A personal authentication method comprising: The personal authentication method according to any one of claims 2 to 6, wherein the method comprises:
Authenticating the user as a valid user when the accuracy rate is equal to or higher than a preset authentication rate,
When the correct answer rate is equal to or higher than the preset additional question permissible recognition rate, an additional question is presented to the user, it is determined whether the answer to the question is correct, and the user is again determined based on the result of this determination. Calculating the correct answer rate according to the above, and authenticating the user as a valid user if the correct answer rate is equal to or higher than a preset authentication rate;
A personal authentication method comprising: The personal authentication method according to claim 1, claim 2, or claim 4,
The step of selecting a question that allows the personal authentication system to select the one corresponding to the user's action history from the menu corresponding to the category from the questions predetermined in the personal authentication system,
If the category is a purchase, selecting a question asking the user's most recent purchase;
If the category is a route name, selecting a question asking the user's most recent route name;
A personal authentication method comprising: A personal authentication system,
Storage means for recording user action history information including at least user purchase information and purchase date and time information in the storage means;
Means for selecting a category from category data stored in the category pool storage unit when the personal authentication system performs personal authentication;
Means for selecting a question that allows the personal authentication system to select one corresponding to the user's action history from a menu corresponding to the category from questions predetermined in the personal authentication system;
Means for authenticating that the user is a legitimate user when the answer to the question is correct;
A personal authentication system. A personal authentication system,
Storage means for storing user action history information including at least user purchase information and purchase date and time information;
A means of setting a specified number of authentications that repeats authentication for different categories;
Only the specified number of authentication times;
(1) personal authentication system, a category select from category data stored in the category pool storage unit when executing the individual authentication,
(2) personal authentication system is selected from a predetermined question personal authentication system questions for selecting the one corresponding to the behavior history of the user from the menu corresponding to the category,
(3) personal authentication system form raw as input action history information of the user the correct answer to the question is the recording,
(4) decoy reads the data of the data pool storage unit, among the data thus read out, the raw form as a decoy data data other than the correct answer,
(5) and said question and said decoy data as correct answer to the question, Displays to the user via the display means,
(6) answer from the user with respect to the question that determines whether the correct,
Is executed repeatedly,
Means for calculating a correct answer rate by a user based on the result of the determination of the prescribed authentication count and authenticating the user as a valid user when the correct answer rate is equal to or higher than a preset authentication rate;
A personal authentication system comprising: The personal authentication system of claim 10, further comprising:
Means for reading the question presented to the user immediately before from the query storage unit;
And means for reading the related Questions than-related question storage unit,
Means for generating a correct answer to the question as input by the recorded user action history information;
Means for reading the data of the decoy data pool storage unit and generating data of purchased items other than the correct answer as decoy data among the data;
And said correct answer decoy data for the question and the associated Questions, and means for displaying to the user via the display means,
Means for determining whether the answer from the user is correct to the question;
A personal authentication system comprising: A personal authentication system,
Storage means for storing user action history information including at least user purchase information and purchase date and time information;
Means for setting a specified number of times of authentication, which is the number of times authentication is repeated for different categories;
Only the specified number of authentication times;
(1) The personal authentication system executes means for selecting a question corresponding to the user's behavior history from a menu corresponding to the category from questions predetermined in the personal authentication system, and the generated question is It writes to the query storage unit corresponding to the number of attempts of authentication data storage unit,
(2) writes to the correct storage unit in which the type the action history information of recorded user personal authentication system corresponds to the number of attempts to generate the correct authentication data storage unit with respect to the question,
(3) inputting the category, decoy reads the data of the data pool storage unit, writing the read data to the decoy data storage unit corresponding to the number of attempts the authentication data storage unit,
Is executed repeatedly,
Furthermore, only the specified number of certifications;
(1) the question corresponding to the number of attempts read from the query storage unit, read from the correct storage unit the correct answer, executes a process of reading from the data storage unit bait the decoy data,
(2) The read question, correct answer, and decoy data are displayed to the user via the display means,
(3) enter the answer from the user with respect to the question, it is determined whether the answer is correct,
Is executed repeatedly,
Means for calculating a correct answer rate by a user based on the result of the determination of the prescribed authentication count and authenticating the user as a valid user when the correct answer rate is equal to or higher than a preset authentication rate;
A personal authentication system comprising: A personal authentication system of claim 12 wherein the system further,
Means for reading from the query storage unit the question presented to the user in the previous trial;
Means for determining whether the category of the question is a category for which a related question can be generated;
If possible generate a related question, and means for reading the relevant Questions from relevant question storage unit,
Means for generating a correct answer to the question using the recorded user action history information as input, and writing the correct answer in a correct answer storage unit corresponding to the number of trials;
Reads data from the decoy data pool storage unit, generates data other than the correct answer as decoy data, and writes the decoy data to the decoy data storage unit corresponding to the number of trials in the authentication data storage unit Means,
A personal authentication system comprising: The personal authentication system according to any one of claims 9 to 13,
Means for inputting the recorded user action history information and generating a correct answer to the question by the personal authentication system and writing it in the correct answer storage unit;
Read the threshold from the preset simultaneous purchase determination threshold storage unit,
If the latest purchase date and time information and the purchase date and time prior to the information are within the threshold, only one of these purchases is selected as the correct answer, and written to the correct answer storage unit;
And further,
The means for inputting the category and executing the decoy data generation process to write the decoy data generated to the decoy data storage unit;
Means for excluding a purchase that was not selected as a correct answer from the purchase so as not to be selected as the decoy data;
A personal authentication system comprising: 15. The personal authentication system according to any one of claims 9 to 14, wherein the system includes:
Means for authenticating the user as a valid user when the accuracy rate is equal to or higher than a preset authentication rate;
When the correct answer rate is equal to or higher than the preset additional question permissible recognition rate, an additional question is presented to the user, it is determined whether the answer to the question is correct, and the user is again determined based on the result of this determination. Means for authenticating the user as a valid user if the correct answer rate is calculated and the correct answer rate is equal to or higher than a preset authentication rate;
A personal authentication system comprising: The personal authentication system according to claim 9, claim 10, or claim 12,
Means for the personal authentication system to select a question for selecting a question corresponding to the user's behavior history from a menu corresponding to the category from questions predetermined in the personal authentication system;
When the category is a purchase, means for selecting a question asking the user's most recent purchase;
If the category is a route name, means for selecting a question asking the user's most recent route name;
A personal authentication system comprising:   A personal authentication program for causing a computer to execute the personal authentication method according to any one of claims 1 to 8.   A personal authentication program storage medium in which a personal authentication program for causing a computer to execute the personal authentication method according to claim 1 is recorded.

Images