JP5392130B2 - Authentication device, authentication method of authentication device, and authentication program - Google Patents

Description

  The present invention relates to, for example, an authentication apparatus, an authentication method, and an authentication program for authenticating a user who uses an application, and more particularly to mnemonic authentication.

  As for the authentication apparatus, password authentication using a recording medium and biometric authentication are known.

  Password authentication is simple as an authentication method and is currently widely used. If this method is classified from the viewpoint of cognitive psychology, it is a method to “search” and “reproduce” “semantic memory” which is meaningless symbol memory or memory without experience from the memory storage information of the brain. It can be said that there is.

  However, as already known as a problem with passwords, it is difficult to play back meaningless symbols and meaningless memories without experience when the memory ability of humans, especially the elderly, is reduced. Easy to make mistakes.

  In order to avoid these, it is often performed to convert simple numbers and symbols into semantic memory, such as making the date of birth a password, etc., but examples of using numbers as semantic memory are such as date of birth For ordinary people, it is extremely limited, and it is easy for others to impersonate themselves.

  In order to minimize the damage caused when a password is stolen, it is desirable to change the password for each authentication medium, but it is difficult to recall and recall the password corresponding to the authentication medium. As a result, in the case of theft, all passwords will be stolen.

  In order to cope with this, there is a method using a security token that issues a one-time password which is a password for each time. Thereby, even if the user does not memorize | store a password, it is possible to raise security by using the password displayed on the token. For example, Japanese Laid-Open Patent Publication No. 2003-511766 is available for authentication using tokens. However, this method is inconvenient because each user needs to have a token.

  Biometrics authentication is said to be physiological information that is unique to the person, and has the advantage that it is never forgotten or lost. For example, regarding biometrics authentication, JP-A-2004-157602 can be cited. However, the authentication information cannot be changed for each recording medium because it is the only information of the person. For this reason, when authentication personal information is stolen, all authentication media are damaged, and it is very difficult to create personal information to replace it.

  Further, an input device for reading physiological information is newly required. Furthermore, there is a problem that the input information changes in the input reading environment and a so-called identity rejection rate that does not authenticate the identity of the identity of the identity of the identity of the identity is generated with a certain probability, which may complicate the control.

  In recent years, mnemonic authentication using image information as authentication means has attracted attention as an authentication method different from these. For example, as a mnemonic authentication, Japanese Patent Laid-Open No. 2005-71202 is cited.

  Since the mnemonic authentication is authentication using image storage possessed by a person, the mnemonic authentication is easy to remember, difficult to forget, and difficult to guess by others, and authentication control is easy.

Special table 2003-511766 gazette JP 2004-157602 A JP-A-2005-71202

  On the other hand, in recent years, the group form of a type in which a community is formed in a fluid manner on the net like SNS (Social Network Service) has been increasing. For example, mixi and the like can be mentioned.

  In the case of a group form in which a community is formed, the members are fluid.

  Therefore, even a person who has previously registered as a member of the group may no longer use it. If there is no withdrawal application, there is a possibility that people who have been registered before will be counted as members even if they are not using it.

  When a password for authentication is issued to each person as in the case of personal authentication, it is possible to join the community at any time, even if the member is clearly sparse in the community. If it is leaked to another person, it is possible for the other person to impersonate and participate in the community.

  Therefore, it is desirable for the manager of the group to allow access only to members who are particularly closely exchanged in the same community, and there is a demand to exclude members who are obviously poorly exchanged.

  Since members who communicate closely change with time, it is possible to change authentication settings such as passwords frequently, but it is necessary to make troublesome change operations for authentication or to remember passwords Therefore, there is a possibility of hindering easy exchange between members, and there is a problem in usability. In addition, there is a problem that the administrator cannot strictly grasp whether the exchange is dense or sparse.

  The present invention has been made to solve the above-described problems. As an example, in a group form of a type in which a community is formed, the security of authentication is reflected reflecting the density of communication on the community. It is an object to provide an authentication device, an authentication method, and an authentication program that are easy to use.

  An authentication apparatus according to an aspect of the present invention includes a storage unit that stores a plurality of visually identifiable images, a selection unit that selects at least two images from images stored in the storage unit, and a selection unit. Correct image generation means for generating a correct image using at least two selected images, and at least some of the plurality of images stored in the storage means in the display means are generated by the correct image generation means. An authenticating means that presents the correct image to be presented, accepts an input of the user's image selection, and authenticates according to the selection / non-selection of the correct image; and a correct image update means to update the correct image as necessary Is provided. The correct image generation means generates an interpolation image of at least two images as a correct image based on an interpolation parameter used when interpolating at least two images. The correct image update means adjusts the interpolation parameter.

  Preferably, the correct image generating means interpolates between the start point and the end point when one image of at least two images is set as the start point and the other image is set as the end point according to the change of the interpolation parameter adjusted by the correct image update means. An interpolated image is generated.

  In particular, the interpolation corresponds to a process in which the feature points of each of at least two images change from one to the other.

  In particular, the feature point corresponds to at least one of a plurality of elements constituting a face in at least two images.

  Preferably, the plurality of images are arranged in descending order of similarity with the initial image corresponding to the first correct image as a reference. Similarity that can calculate the degree of similarity of each other based on the feature points of the previously selected image corresponding to the current correct image and the next candidate image arranged in order of similarity A calculation means is further provided. The selection unit determines whether or not the mutual similarity calculated by the similarity calculating unit is equal to or less than a predetermined threshold, and among the previously selected image and the candidate images arranged in the similarity order, Candidate images whose similarity is equal to or less than a predetermined threshold are selected.

  An authentication method according to an aspect of the present invention is provided with storage means for storing a plurality of visually identifiable images, and selecting at least two images from images stored in the storage means; A step of generating a correct image using at least two images, a step of presenting at least a part of the plurality of images stored in the storage unit on the display unit together with the generated correct image, and a user Receiving an image selection input, authenticating in response to selection / non-selection of the correct image, and updating the correct image. The step of generating a correct image generates an interpolated image of at least two images as a correct image based on an interpolation parameter used when interpolating at least two images. In the step of updating the correct image, the interpolation parameter is adjusted.

  An authentication program according to an aspect of the present invention selects at least two images from images stored in a storage unit in a computer of an authentication apparatus provided with a storage unit that stores a plurality of visually identifiable images. A step of generating a correct image using at least two selected images, and at least a part of the plurality of images stored in the storage unit in the display unit together with the generated correct image A step of presenting, a step of accepting an input of user's image selection, a step of performing authentication in response to selection / non-selection of a correct image, and a step of updating the correct image. The step of generating a correct image generates an interpolated image of at least two images as a correct image based on an interpolation parameter used when interpolating at least two images. The step of updating the correct image causes the process to adjust the interpolation parameter.

  An authentication device, an authentication method, and an authentication program according to an aspect of the present invention select two images and update a correct image. The correct image is generated based on the interpolation parameter for interpolating the two images, and the interpolation parameter is adjusted. Therefore, the correct image is updated as the interpolation parameters change, and it is possible to improve authentication security by reflecting the density of communication on the community in the group form in which the community is formed. is there.

It is a figure explaining the information processing system according to the embodiment of the present invention. It is a schematic block diagram of the application management server 10 and the authentication server 20 according to an embodiment of the present invention. It is a schematic block diagram of the user terminal 40 according to an embodiment of the present invention. It is a functional block diagram of each terminal which comprises the information processing system according to the embodiment of the present invention. It is a figure explaining the initial screen of the authentication process in the authentication server. It is a figure explaining the new community registration screen 310 which registers a new community name. It is a figure explaining the new community registration screen 320 which registers user information. It is a figure explaining the confirmation screen which confirms a correct image. It is a sequence diagram which shows the procedure of registration of the new community according to embodiment of this invention. It is a figure explaining the authentication data table of the authentication data updated (added) by the new community registration process. It is a figure explaining the main flow of provision of the application of the application management server 10 according to embodiment of this invention. It is a figure explaining the main flow of the authentication process according to embodiment of this invention. It is a figure explaining the flow of the new community registration process according to embodiment of this invention. It is a figure explaining the image authentication screen according to embodiment of this invention. It is a figure explaining the confirmation screen when attestation processing is successful. It is a figure explaining the flow of a change of the correct image according to embodiment of this invention. It is a sequence diagram which shows the procedure of the image authentication screen display process according to an embodiment of the present invention. It is a figure explaining the flow of an image authentication screen display process. It is a figure explaining the parameter update process for correct images. It is a figure explaining the relationship between the transition of the interpolation parameter according to Embodiment of this invention, and an interpolation image. It is a figure explaining the new user registration screen 420 which registers a new user. It is a figure explaining the confirmation screen of the correct image at the time of new user registration. It is a sequence diagram which shows the procedure of registration of the new user according to embodiment of this invention. It is a figure explaining the flow of the registration process of the new user according to embodiment of this invention. It is a figure explaining the authentication data table explaining the authentication data registered as a new user. It is another figure explaining the relationship between the transition of the interpolation parameter according to embodiment of this invention, and an interpolation image.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the drawings, the same or corresponding parts are denoted by the same reference numerals and description thereof will not be repeated.

An information processing system according to the embodiment of the present invention will be described with reference to FIG.
Referring to FIG. 1, here, a case where user terminals (for example, personal computers (hereinafter also simply referred to as PCs)) 40 and 50 and a network 5 are connected is shown. In addition, a case where an application management server 10 that manages applications that can be used by the user terminal and an authentication server 20 are connected to the network 5 is shown. In this example, a case where a PC is mainly used as a user terminal will be described as an example. However, the present invention is not limited to a PC, and a portable terminal such as a PDA (Personal Digital Assistant) connected to the network 5 wirelessly or by wire. It may be a vessel.

  It is assumed that the user terminals 40 and 50, the application management server 10, and the authentication server 20 are connected so as to be able to exchange data with each other via the network 5.

  As an example, in the embodiment of the present invention, processing when the application management server 10 is accessed from the user terminal 40 will be described.

  Here, a configuration in which two PCs are connected to the network 5 as user terminals is described, but the number is not particularly limited.

  A schematic block diagram of application management server 10 and authentication server 20 according to the embodiment of the present invention will be described using FIG.

  The application management server 10 includes a control unit 11, a RAM (Random Access Memory) 12, a ROM (Read Only Memory) 13, a HDD (Hard Disk Drive) 14, a communication interface 15, and an internal bus 16 that connects the units. Including.

The control unit 11 is mainly composed of a CPU (Central Processing Unit).
The RAM 12 is used as a work memory for the control unit 11. The communication interface 15 is an interface connected to the external network 5, and exchange of data is executed via the communication interface.

  Similarly, the authentication server 20 includes the same configuration as that of the application management server 10.

  The authentication server 20 executes an authentication process for a user terminal that has made an access request in accordance with an instruction from the application management server 10.

  The authentication server 20 includes a control unit 21, a RAM 22, a ROM 23, an HDD 24, a communication interface 25, and an internal bus 26 that connects the units.

The control unit 21 is mainly composed of a CPU (Central Processing Unit).
The control unit 21 realizes a predetermined function by reading a program stored in the ROM 23 or the HDD 24. Each function will be described later. The RAM 22 is used as a work memory for the control unit 21. The communication interface 25 is an interface connected to the external network 5, and exchange of data is executed via the communication interface.

  A schematic block diagram of user terminal 40 according to the embodiment of the present invention will be described using FIG. The same applies to the user terminal 50.

  Referring to FIG. 3, a user terminal 40 according to an embodiment of the present invention includes a CPU 41, a RAM (Random Access Memory) 42, a ROM (Read Only Memory) 43, an HDD (Hard Disk Drive) 44, and each unit. An internal bus 45, a mouse 46, a keyboard 47, a display 48, and a communication interface 49.

  The CPU 41 of the user terminal 40 acquires data transmitted from the application management server 10 or the authentication server 20 via a communication interface 49 connected to the network 5. Then, the data is output to the display 48. The display 48 displays an application screen based on the data. Further, the user can input data to the input area of the application screen via the mouse 46 or the keyboard 47, and the input data is input to the application management server 10 or the authentication via the communication interface 49. It can be transmitted to the server 20 or the like.

  Using FIG. 4, functional blocks of each terminal constituting the information processing system according to the embodiment of the present invention will be described.

  Referring to FIG. 4, application management server 10 includes a communication unit 105, a service providing unit 106, a service availability determination unit 107, and a data input / output unit 108.

  The communication unit 105 of the application management server 10 is provided by cooperation between the CPU 11 of the application management server and the communication interface 15. Other parts are provided by the CPU 11 of the application management server executing the program in the ROM 13.

  The communication unit 105 is physically and logically connected to the communication unit 202 of the authentication server 20 or the communication interface 49 of the user terminals 40 and 50 via the network 5, and is connected to the communication unit 202 of the authentication server 20 or Data is exchanged with the communication interface 49 of the user terminals 40 and 50.

  The service providing unit 106 has a function of providing a predetermined service based on an application to the user terminals 40 and 50 by the CPU 11 reading an application program stored in the ROM 13 or the HDD 14. The predetermined service referred to in the present embodiment is a service that forms a kind of community on the net as an example, and exchanges information between users (members) belonging to the community.

  The service availability determination unit 107 determines whether or not to provide a service to the user terminals 40 and 50 having an access request. That is, it is determined whether or not the member belongs to the community. If the member is a member, the provision of the service is permitted.

The data input / output unit 108 controls data exchange between the aforementioned parts.
Next, the authentication server 20 will be described.

The authentication server 20 includes a communication unit 202, an authentication screen generation unit 204, a correct information update unit 208, an authentication determination unit 210, a correct information generation unit 212, a similarity calculation unit 214, an image selection unit 216, A communication unit 202 including a data input / output unit 218 and a data storage unit 220 is provided by cooperation between the CPU 21 of the authentication server and the communication interface 25. Other parts are provided when the CPU 21 of the authentication server executes the program of the ROM 23. The data storage unit 220 includes a RAM 42, a ROM 43, and an HDD 44.

The data storage unit 220 stores an image data group 222 and authentication data 224.
The image data group 222 means a collection of image data used for authentication.

  The authentication data 224 is classified for each community, and describes information related to a registrant (user) belonging to the community, information for generating an authentication image for identifying the registrant belonging to the community, and the like. . Details will be described later.

  Data stored in the data storage unit 220 can be accessed from other parts through the data input / output unit 218.

  The communication unit 202 is physically and logically connected to the communication unit 105 of the application management server 10 or the communication interface 49 of the user terminals 40 and 50 via the network 5, and is connected to the communication unit 105 of the application management server 10. Alternatively, data is exchanged with the communication interface 49 of the user terminals 40 and 50.

  The authentication screen generation unit 204 generates data for displaying an image authentication screen for the user to input information in the image authentication process for each user. That is, the authentication screen generation unit 204 presents an image authentication screen on display means such as the display 48 (FIG. 3).

  The correct information update unit 208 determines whether or not the update is necessary. When the correct information update unit 208 determines that the update is necessary, the correct information and the correct information displayed on the input screen for image authentication included in the authentication data 224 The data (parameter, image, etc.) for generating the image is updated. In this example, as an example, it is determined that updating is necessary every week from the date when the correct image is set when the first new community is registered.

  The authentication determination unit 210 determines whether the image information input through the keyboard 47 or the mouse 46 of the user terminal 40 is correct information on the image authentication screen.

  The correct answer information generation unit 212 generates correct answer information based on the data included in the authentication data 224.

  The image selection unit 216 selects, from the image data group 222, data (images) included in the authentication data 224 for generating an image that is correct information displayed on the image authentication input screen. .

  The similarity calculation unit 214 determines whether or not the image selected by the image selection unit 216 is appropriate as data (image) for updating the correct answer information.

The data input / output unit 218 controls data exchange between the aforementioned parts.
Next, as an example, a process flow when the user terminal 40 uses the application management server 10 will be described.

  First, when the user terminal 40 uses the application management server 10, the service availability determination unit 107 of the application management server 10 determines whether an access request from the user terminal 40 has been received via the communication unit 105. . For example, when a URL (Uniform Resource Locator) of the application management server 10 is specified via the Internet browser of the user terminal 40, an access request is transmitted from the user terminal 40 to the application management server 10.

  When there is an access request, the service availability determination unit 18 of the application management server 10 transmits an authentication execution instruction to the authentication server 20, and the authentication server 20 executes an authentication process in response to the authentication execution instruction. .

The initial screen of the authentication process in the authentication server 20 will be described with reference to FIG.
Referring to FIG. 5, when the authentication screen generation unit 204 of the authentication server 20 receives the authentication execution instruction, the authentication processing initial screen 300 (authentication processing initial stage) is displayed on the display 48 of the user terminal 40 via the communication unit 202. Display).

  Here, in the authentication process initial screen 300, an input area 302 for inputting a community name, a button for instructing registration of a new community (also referred to as a new community registration button) 308, and a process for searching for a community name are executed. A search button 304 and an enter button 306 are provided. On this screen, it is possible to execute processing such as data input or selection using the mouse 46 or keyboard 47 of the user terminal 40.

  Here, for example, when a certain character is input in the input area 302 and the search button 304 is pressed, the authentication data 224 in the data storage unit 220 is referred to, and a plurality of community names including the input character are displayed. It shall be listed. If it does not exist, an error is displayed.

  Although not shown, it is assumed that a desired community name can be selected from the list displayed. Then, after selecting a community name from the list displayed, by pressing the enter button 306, an image authentication screen for determining whether the member belongs to the community is displayed as described later.

  Alternatively, if the community name is already known, after entering the community name directly into the input area 302 with the mouse 46 or the keyboard 47 of the user terminal 40, pressing the enter button 306 determines whether the member belongs to the community. An image authentication screen for determining whether or not is displayed.

  On the other hand, when a new community registration button 308 is pressed (selected) with the mouse 46 or the keyboard 47 of the user terminal 40, a process for newly registering a community on the net (also referred to as a new community registration process) is executed. Is possible.

<New community registration process>
In this example, first, a case where a new community is registered will be described.

  A new community registration screen 310 for registering a new community name will be described with reference to FIG.

  Referring to FIG. 6, when a new community registration button 308 is pressed in FIG. 5, a new community registration screen is displayed on display 48.

  In the new community registration screen 310 for inputting a new community name, an input area 312 is provided together with a guidance display of “Enter community name.”

A return button 316 and an enter button 318 are provided.
The user of the user terminal 40 inputs the input area 312 of the new community registration screen 310 displayed on the display 48 using the keyboard 47 or the mouse 46.

  Then, by pressing the enter button 318, the content input in the input area 312 is transmitted to the authentication server 20, and the input content is registered.

  On the other hand, when the return button 316 is pressed, the previous authentication processing initial screen 300 is returned.

  In this example, a case where a character “AAA circle” is input in the input area 312 and the enter button 318 is pressed will be described as an example.

  A new community registration screen 320 for registering user information will be described with reference to FIG.

  Referring to FIG. 7, in the new community registration screen 310, when the enter button 318 is pressed in a state where it is input in the input area 312, a new community registration screen 320 which is a user information registration screen is displayed.

  In order to input user information corresponding to a new community, an input area 322 is provided on the new community registration screen 320 together with a guidance display of “Enter administrator name”. An input area 324 is provided together with a guidance display “Please input E-mail”. Here, the administrator is a user who has newly established a community and generally has authority to manage the community. Instead of being an administrator, the user may simply be a user.

A return button 326 and an enter button 328 are provided.
The user of the user terminal 40 inputs the administrator name and E-mail using the keyboard 47 or the mouse 46 in the input areas 322 and 324 of the new community registration screen 320 for inputting user information displayed on the display 48. To do.

  Then, by pressing the enter button 328, the contents input in the input areas 322 and 324 are transmitted to the authentication server 20, and the input contents are registered.

  On the other hand, when the return button 326 is pressed, the previous new community registration screen 310 is returned.

  In this example, as an example, the case where the characters “Alice” are input in the input area 322 is shown.

  In this example, a case where an E-mail (not shown) is input to the input area 324 and the determination button 328 is pressed will be described.

  By this process, a new community registration process is executed, and a correct image for determining whether a user belonging to the new community is a member belonging to the community is generated and shown.

  In addition, in the above, the case where the new community registration screen 310 for inputting a new community name and the new community registration screen 320 for inputting user information corresponding to the new community were respectively displayed was described. It is also possible to display one registration screen and prompt the input of information.

  A confirmation screen for confirming a correct image (also referred to as a correct image confirmation screen) will be described with reference to FIG.

  Referring to FIG. 8, here, correct image object 332 is shown on correct image confirmation screen 330 together with the expression “AAA circle has been newly registered.” A confirmation button 334 is also provided. By pressing the confirmation button 334, a predetermined service based on the application is provided from the application management server 10. In this state, the only user belonging to the AAA circle is the administrator.

  Then, by selecting the correct image object 332 displayed on the correct image confirmation screen 330 on the subsequent image authentication screens, the authentication process in the community (“AAA circle”) is successful. As will be described later, the correct image displayed on the image authentication screen is automatically updated.

  A sequence diagram showing a procedure for registering a new community according to the embodiment of the present invention will be described using FIG.

  Each step shown in FIG. 9 is executed by the user terminal shown in FIG. 4 and the authentication screen generation unit 204, the data storage unit 220, the authentication determination unit 210, the image selection unit 216, and the similarity calculation unit 214 of the authentication server 20. The

  As a condition for starting this processing, when a URL (Uniform Resource Locator) of the application management server 10 is designated via the Internet browser of the user terminal 40, the access request from the user terminal 40 to the application management server 10 is made. And an authentication execution instruction is transmitted from the application management server 10 to the authentication server 20 in response to the access request.

  In step S <b> 20, the authentication determination unit 210 requests authentication data from the data storage unit 220. In step S22, the data storage unit 220 sends the authentication data stored in itself in response to the request from the authentication determination unit 210.

  In step S24, authentication determination unit 210 next outputs an instruction to display an initial screen.

  In step S <b> 26, the authentication screen generation unit 204 transmits data for displaying the initial screen to the user terminal 40 in accordance with the display instruction for the initial screen.

  The user terminal 40 displays the authentication processing initial screen 300 (FIG. 5) by transmitting data for displaying the authentication processing initial screen from the authentication server 20.

  Then, it is assumed that the user (administrator) inputs (selects) the new community registration button 308 on the authentication processing initial screen 300 shown in FIG. 5 (user operation in step S28). Next, the user terminal 40 transmits a new community registration instruction to the authentication screen generation unit 204 (step S30).

  The authentication screen generation unit 204 transmits data for displaying the new community registration screen of FIG. 6 to the user terminal 40 in accordance with the new community registration instruction. The user terminal 40 displays the new community registration screens 310 and 320 (FIGS. 6 and 7) on the display 48 in accordance with the data for displaying the new community registration screen transmitted from the authentication screen generation unit 204.

  Then, it is assumed that the user (administrator) inputs (selects) the input area 312 on the new community registration screens 310 and 320 shown in FIGS. 6 and 7 (user operation in step S34).

  Next, the user terminal 40 sends new community input (registration) data to the authentication screen generation unit 204 (step S36).

  The authentication screen generation unit 204 notifies the authentication determination unit 210 of the registration data (step S38).

  The authentication determination unit 210 confirms registration of registration data of the notified new community (step S40). Specifically, referring to the authentication data, it is determined whether or not the community name input this time is new. If the community name input by the user is already registered, the authentication screen generation unit 204 is instructed to cancel the new community registration process and display the authentication process initial screen.

  When the community name input by the user is new (that is, not registered), in step S42, the authentication determination unit 210 outputs an image selection instruction to the image selection unit 216 (step S42). In this example, the case where the community name input by the user is new will be described.

  The image selection unit 216 requests an image data group to select an image from the data storage unit 220 in accordance with an image selection instruction from the authentication determination unit 210 (step S44).

  The data storage unit 220 sends the requested image data group to the image selection unit 216 (step S46).

  Then, the image selection unit 216 selects initial image data to be a correct image from the received image data group (step S50). Specifically, initial image data to be first presented to the user is selected from the image data group.

  Then, the image selection unit 216 instructs the similarity calculation unit 214 to calculate the similarity with all the other image data included in the image data group with the selected initial image data as a reference ( Step S51).

  Next, the similarity calculation unit 214 calculates the similarity between the selected initial image data and all other image data (step S52).

  Then, the similarity calculation unit 214 notifies the image selection unit 216 of the calculation result of the similarity between the calculated selected initial image data and all other image data (step S53).

  The image selection unit 216 arranges all other image data in the order of similarity based on the calculation result from the similarity calculation unit 214 (step S54). More specifically, based on the calculation result, all other image data are arranged in order in a direction in which the similarity with the selected initial image data decreases.

  Next, the image selection unit 216 selects image data corresponding to the next order from among all other image data arranged in order (step S55).

  Then, the image selection unit 216 instructs the similarity calculation unit 214 to calculate the similarity between the initial image data and the image data corresponding to the next order (step S56).

  Next, the similarity calculation unit 214 calculates the similarity between the selected initial image data and the image data corresponding to the next order (step S57).

  Then, the similarity calculation unit 214 notifies the image selection unit 216 of the calculation result of the similarity between the calculated selected initial image data and the image data corresponding to the next order (step S58).

  Then, the image selection unit 216 generates the correct image based on the two image data selected based on the calculation result notified from the similarity calculation unit 214 (initial image data and image data corresponding to the next order). It is determined whether or not it is appropriate (step S58).

  Specifically, it is determined whether the similarity between the initial image data and the image data corresponding to the next order is less than a predetermined threshold value. That is, it is determined whether or not the dissimilar relationship is less than a predetermined threshold value. In this example, a case where the image selection unit 216 determines that the image is appropriate is shown.

  On the other hand, if the image selection unit 216 determines that the correct image is not appropriate, the process returns to step S55, and image data corresponding to the next order from among the other image data arranged in order. Select. Then, processing similar to that described above (steps S56 to S59) is executed, and the image selection unit 216 determines whether or not the two selected image data are appropriate.

  The image selection unit 216 selects image data in order from all other image data arranged until it is determined to be appropriate.

  If the image selection unit 216 determines that it is appropriate, the image selection unit 216 notifies the authentication determination unit 210 of the two selected image data (initial image data and image data corresponding to the next order) (step S60). ).

  Regarding the initial image data, the similarity with all other image data is calculated in step S53, and therefore, based on the calculation result, image data having a similarity lower than a predetermined threshold is selected. You may make it do.

  The two image data become correct images on the image authentication screen and are used when the correct image is updated. As will be described later, in the image authentication screen according to the embodiment of the present invention, one of the two image data is the initial correct image. Then, the interpolation image of the two image data is used as an updated correct image. Then, the correct image is further updated, and finally the other of the two image data becomes the final correct image.

  As will be described later, when the final correct image is obtained, the image selection unit 216 selects image data corresponding to the next order from all the other arranged image data.

  The authentication determination unit 210 updates the authentication data in accordance with the two image data notified from the image selection unit 216 (step S62).

  That is, the authentication determination unit 210 newly adds a new community name input by the user this time and two corresponding image data to the authentication data.

  Then, the authentication determination unit 210 stores the updated authentication data in the data storage unit 220 (step S63).

  Then, the authentication determination unit 210 notifies the authentication screen generation unit 204 of one of the two pieces of selected image data, that is, initial image data as correct information (step S64).

  The authentication screen generation unit 204 transmits data for displaying a correct image on the user terminal 40 based on the correct information notified from the authentication determination unit 210. Then, the user terminal 40 displays the correct image on the display 48 based on the data transmitted from the authentication screen generation unit 204. Specifically, the correct image confirmation screen 330 described in FIG. 8 is displayed. That is, on the correct image confirmation screen 330, the user can confirm and use the correct image used in the new community authentication process.

  With this process, it is possible to newly register a community and execute an authentication process for an image authentication screen corresponding to the registered community.

  An authentication data table of authentication data updated (added) by the new community registration process will be described with reference to FIG.

  Referring to FIG. 10, here, a case where “AAA circle” is registered as a community name and registrants “Alice” and E-mail “... . In addition, a case where identification IDs for identifying two selected image data are registered as images X and Y is shown. As an example, the case where the image ID 001 of the image X and the image ID 005 of the image Y are registered is shown here. It is assumed that the image ID is associated with each image data in the image data group 222. Therefore, it is possible to extract image data from the image data group 222 by referring to the image ID.

  Also, here, a column for interpolation parameters is shown. As will be described later, the interpolation parameter is used as a parameter for generating an interpolated image of the image X and the image Y. Here, the case where the interpolation parameter is set to the initial value 0 is shown. Interpolation parameters are used in a manner of transition from image X to image Y. When the interpolation parameter is 0, the image X is a correct image, and when the interpolation parameter is 1, the image Y is a correct image.

  Therefore, in this case, the correct image shows a case where the image data corresponding to the image ID 001 is set as the correct image.

  Although not shown, it is assumed that the date when the correct image is first set is also registered. As an example, it is possible to calculate the elapsed date and time for each week based on the date.

<Provision of application>
With reference to FIG. 11, the main flow of application provision of application management server 10 according to the embodiment of the present invention will be described.

  With reference to FIG. 11, first, the service availability determination unit 107 of the application management server 10 determines whether there is an access request (step S70). Note that step S70 is maintained until there is an access request. Specifically, the service availability determination unit 107 of the application management server 10 refuses whether an access request from the user terminal 40 has been received via the communication unit 105. For example, when a URL (Uniform Resource Locator) of the application management server 10 is specified via the Internet browser of the user terminal 40, an access request is transmitted from the user terminal 40 to the application management server 10.

  If there is an access request (YES in step S70), service availability determination unit 107 transmits an authentication execution instruction to authentication server 20 (step S72).

  Next, the authentication server 20 executes an authentication process in response to the authentication execution instruction (step S74).

  Next, the application management server 10 receives the authentication processing result transmitted from the authentication server 20 (step S76). Specifically, the service availability determination unit 107 receives the authentication processing result transmitted from the authentication server 20 via the communication unit 105.

  Next, the service availability determination unit 107 of the application management server 10 determines whether the authentication is successful based on the authentication processing result (step S78). If the authentication is not successful, the process ends (end).

  On the other hand, if the service availability determination unit 107 determines that the authentication is successful based on the authentication processing result (YES in step S78), the communication connection between the user terminal 40 and the application management server 10 is performed next. (Session) is constructed, and the top page screen data of the application is transmitted (step S80). Specifically, the service availability determination unit 107 grants the service permission in the service providing unit 106 to the user terminal 40, and the service providing unit 106 receives the top page screen data for displaying the top page screen of the application as the user. Output to the terminal 40.

  Then, the user terminal 40 displays a top page screen based on the top page screen data on the display 48.

  And the service provision part 106 performs the application process according to the operation instruction from the user terminal 40 (step S82). Any application process may be used as long as the process is based on the exchange of information between the user terminal 40 and the application management server 10 and the like, and the contents are not particularly limited. For example, users (members) belonging to the community And application processing such as exchanging information.

  Next, the service providing unit 106 determines whether or not there is a logout request from the user terminal 40 (step S84). Although not shown, for example, it is assumed that a logout request is transmitted from the user terminal 40 to the application management server 10 by specifying a logout button provided on the screen in accordance with an instruction from the user.

  In step S84, the process returns to step S82 to continue application processing until there is a logout request.

  On the other hand, if there is a logout request in step S84 (YES in step S84), service providing unit 106 disconnects the session and transmits logout page screen data (step S86). Specifically, service permission in the service providing unit 106 is stopped, and logout page screen data for displaying the logout page screen of the application is output to the user terminal 40.

  Then, the display 48 of the user terminal 40 displays a logout page. Then, the process ends (END).

<Processing flow>
Next, the main flow of the authentication process according to the embodiment of the present invention described above will be described using FIG.

This process is a process executed in the authentication server 20.
Referring to FIG. 12, authentication server 20 determines whether an authentication execution instruction has been received from application management server 10 (step S90). Specifically, the authentication determination unit 210 determines whether an authentication execution instruction has been received from the application management server 10 via the communication unit 202.

  If the authentication determination unit 210 determines that an authentication execution instruction has been received from the application management server 10 (YES in step S90), the authentication determination unit 210 instructs the authentication screen generation unit 204 to authenticate the display 48 of the user terminal 40. A processing initial screen is displayed (step S92).

  Next, the authentication screen generation unit 204 determines whether or not there is a new community registration instruction (step S94). Specifically, the determination is made based on whether or not the new community registration button 308 is pressed on the authentication processing initial screen 300 in FIG.

  In step S94, when there is a new community registration instruction (YES in step S94), the authentication screen generation unit 204 notifies the authentication determination unit 210 and executes a new community registration process (step S96). ). After the new community registration process is completed, the process proceeds to step S106, and the authentication result is notified to the application management server 10. As an example, when the new community registration process is completed, it is notified that the authentication is successful.

  On the other hand, if it is determined in step S94 that there is no new community registration instruction (NO in step S94), the authentication screen generation unit 204 next determines whether there is an instruction for a community name (step S94). S98).

  In step S98, if the authentication screen generation unit 204 determines that there is a community name instruction (YES in step S98), the authentication screen generation unit 204 notifies the authentication determination unit 210 and displays an image authentication screen described later ( Image authentication screen display processing) is executed (step S100). The image authentication screen display process will be described later.

  Then, after the image authentication screen display process, the authentication screen generation unit 204 determines whether or not there is an image selection by the user (step S102).

  If it is determined in step S102 that the user has selected an image, the authentication screen generation unit 204 notifies the authentication determination unit 210 and executes authentication processing (step S104). Then, the process proceeds to step S106.

  In step S <b> 106, the authentication determination unit 210 transmits the authentication result to the application management server 10.

Then, the process ends (return). That is, the process proceeds to step S76 in FIG.
On the other hand, in step S102, if the authentication screen generation unit 204 determines that there has been no image selection by the user, an instruction (new user registration instruction) for executing a process for newly registering a user (also referred to as a new user registration process). It is determined whether or not there is also (step S103). As will be described later, the new user registration process is a process of registering a new member in the registered community when the community has already been registered.

  If it is determined that there is a user new registration instruction (YES in step S103), a new user registration process is executed (step S105).

  On the other hand, when it is determined that there is no new user registration instruction (NO in step S103), the process returns to step S102 and the above process is repeated.

  After the new user registration process, the process proceeds to step S106, and the authentication result is notified to the application management server 10. As an example, when the new user registration process is completed, it is notified that the authentication is successful.

  A flow of new community registration processing according to the embodiment of the present invention will be described using FIG.

  Referring to FIG. 13, when determining that there is a new community registration instruction, the authentication screen generation unit 204 displays a new community registration screen on the display 48 of the user terminal 40 (step S110). Specifically, the authentication screen generation unit 204 causes the display 48 to display the new community registration screens 310 and 320 shown in FIGS.

  Next, the authentication screen generation unit 204 determines whether data has been input on the new community registration screen (step S112). Specifically, it is determined whether or not a new community name has been input and an administrator name, e-mail, etc. have been input on the new community registration screens 310 and 320.

  On the other hand, in step S112, when there is no data input on the new community registration screen (NO in step S112), the state is maintained until data is input.

  If there is data input on the new community registration screen in step S112 (YES in step S112), registration confirmation processing is next executed (step S114). Specifically, the authentication screen generation unit 204 notifies the input registration data to the authentication determination unit 210, and the authentication determination unit 210 refers to the authentication data and the community input this time on the new community registration screen. Check if the name is new.

  The authentication determination unit 210 refers to the authentication data and determines whether or not the new community name included in the input registration data is already registered (already registered) (step S116).

  If it is determined in step S116 that the new community name included in the input registration data has already been registered (YES in step S116), the authentication determination unit 210 returns to step S92 in FIG. Display the initial screen for the first authentication process. Specifically, the authentication determination unit 210 instructs the authentication screen generation unit 204 to display an authentication processing initial screen. That is, when the community name has already been registered, the new community registration process is stopped and the authentication process initial screen is displayed to prompt the user to perform a re-operation.

  On the other hand, if authentication determination unit 210 determines in step S116 that the new community name included in the input registration data is not registered in authentication data (NO in step S116), image selection unit 216. The image selection unit 216 selects initial image data to be a correct image from the image data group stored in the data storage unit 220 (step S117).

  Then, the image selection unit 216 instructs the similarity calculation unit 214 to calculate the similarity with all the other image data included in the image data group with reference to the selected initial image data (step). S118). Various methods can be used to calculate the similarity (for example, “Face Image Recognition Using Multiple Viewpoint Images” (Precision Engineering Society Image Application Technology Technical Committee Research Report vol19, No. 3, pp1- 10, 2004))).

  Next, the image selection unit 118 calculates all other images based on the calculation result of the similarity between the selected initial image data calculated by the similarity calculation unit 214 and all other image data. Data are arranged in order of similarity (step S119). Specifically, based on the calculation results, all other image data are arranged in order in a direction in which the degree of similarity with the selected initial image data is reduced.

  Next, the image selection unit 216 selects image data corresponding to the next order from among all the other image data arranged in order (step S120).

Next, the image selection unit 216 executes image determination of the two selected image data (step S121). Specifically, the similarity between the two selected image data is calculated and determined.
Specifically, it is determined whether or not the calculated similarity between the two selected image data is equal to or less than a predetermined threshold value. That is, it is determined whether or not the dissimilar relationship is less than a predetermined threshold value. When the similarity value is large, it means that the degree of similarity between the two image data is high. When the similarity value is small, it means that the degree of similarity between the two image data is low.

  Here, it is determined whether or not the selected image data having a small similarity value is selected by determining whether or not the value is equal to or less than a predetermined threshold value. In this example, an interpolation image is generated using two image data, and the correct image is changed using the generated interpolation image from one image data to the other image data. Therefore, when the similarity value between one image data and the other image data is high, the change in the correct image is likely to be small. That is, anyone can easily guess the change in the correct image, and the security may be lowered. Therefore, the one having a small degree of similarity between one image data and the other image data is selected.

  Then, the image selection unit 216 determines whether the image determination of the two selected image data is OK (step S122).

  If it is determined in step S122 that the determination is OK (YES in step S122), authentication data is registered (step S123). Specifically, the authentication determination unit 210 updates and stores authentication data in the data storage unit 220.

  Next, the authentication determination unit 210 instructs the authentication screen generation unit 204 to display the correct image on the display 48 of the user terminal 40 (step S124).

  Then, the process ends (return). That is, the process returns to the flow of FIG. 12, and then proceeds to step S106.

  On the other hand, if it is determined in step S122 that the determination is not OK (NO in step S122), the process returns to step S120 again, and the image data corresponding to the next arranged order is selected and image determination is performed. To do. That is, when the selected two pieces of image data have a dissimilar relationship, the determination is OK and the authentication data is registered as described above.

  Referring to FIG. 12 again, in step S94, if there is no new community registration instruction (NO in step S94), authentication screen generation unit 204 determines whether there is an instruction for a community name ( Step S98). Specifically, in the authentication processing initial screen 300 in FIG. 5, determination is made based on whether or not the community name is input in the community name input area 302 and the enter button 306 is pressed.

  If the authentication screen generation unit 204 determines in step S98 that there is an instruction for a community name (YES in step S98), it notifies the authentication determination unit 210 and executes image authentication screen display processing. (Step S96).

  On the other hand, if it is determined in step S98 that there is no community name instruction (NO in step S98), the authentication screen generation unit 204 returns to step S94 and maintains that state until an instruction is given.

Next, the image authentication screen display process will be described.
<Image authentication screen display processing>
The image authentication screen according to the embodiment of the present invention will be described using FIG.

  With reference to FIG. 14A, here, as an example, an example of an image authentication screen 100 of the community name “AAA circle” is shown.

  In the image authentication screen 100 of the community name “AAA circle”, as an example, a screen for selecting a password image from a plurality of image objects is shown.

  The user can select and input one of a plurality of image objects displayed on the image authentication screen 100.

Here, it is assumed that the image object 102 is a correct image (password image).
The authentication server 20 determines whether or not the image object selected by the user is a correct image. If the authentication server 20 determines that the image is a correct image, the authentication server 20 notifies the application management server 10 that the authentication process has been successful. Upon receiving the notification, the application management server 10 permits the user terminal 40 to execute a function of a predetermined service related to the community name “AAA circle”.

  Here, a new user registration button 103 is provided, and a user who wants to newly join the community can execute a new user registration process by designating the button 103. The new user registration process will be described later.

  In this example, it is assumed that one correct image (password image) is distributed to the community. In this example, as an example, it is assumed that the image object 102 is notified as a correct image (password image) by the new user registration process. As will be described later, the correct image (password image) automatically changes in this example.

  In this example, a case where new user registration processing is executed as one of means for notifying a correct image (password image) to a new member who participates in the community will be described. You may make it notify a correct image (password image) using a means.

Referring to FIG. 14B, here, image authentication screen 100 # is shown.
Compared to FIG. 14A, in this example, a case where an input field 104 for further inputting a user ID is provided. The same applies to the password image. The user ID can be issued in the new user registration process as an example.

  An authentication process can be executed based on authentication information including the issued user ID and a correct image (password image).

The confirmation screen when the authentication process is successful will be described with reference to FIG.
Referring to FIG. 15, in the confirmation screen 110, “authentication was successful” is displayed when the authentication process is successful. Along with this, a confirmation button 112 is provided on the confirmation screen 110. By pressing the confirmation button 112, in this example, the authentication processing result is notified from the authentication server 20 to the application management server 10 as an example. Then, as described above, the application management server 10 displays an application top page screen that allows execution of a function of a predetermined service related to the community name “AAA circle”.

  With reference to FIG. 16, the flow of changes in the correct image according to the embodiment of the present invention will be described. In this example, the case where the correct image changes weekly will be described.

  Referring to FIG. 16A, here, a correct image to be notified first is shown. The correct image displayed here is image data corresponding to the image ID 001 corresponding to the image X of the authentication data. Here, the interpolation parameter is 0.

  Referring to FIG. 16B, here, image options displayed at the first login are shown.

  Specifically, one correct image and three incorrect images are displayed. In this example, the case where there are three incorrect answer images is described. However, the number is not particularly limited to this number, and any number may be used as long as it is at least one. As will be described later, the three incorrect images are selected at random from the image data group.

  When the user selects the correct image notified first, the authentication process is successful and the function of a predetermined service can be executed.

  FIG. 16C shows changes in image options displayed at the time of login after one week. As will be described later, the correct image is updated to an interpolated image of the two selected image data. The interpolation image is generated based on the two selected image data and interpolation parameters.

  As shown in FIG. 16C, the correct image automatically changes little by little after one week, that is, every week. Specifically, the value of the interpolation parameter changes. Note that the three incorrect images are selected at random.

  FIG. 16D shows, for example, image options displayed when logging in six months later.

  As shown in FIG. 16D, the correct answer image after six months changes little by little every week, and as a result, the correct answer image displayed at the first login changes to a completely different one. The correct image displayed here is image data corresponding to the image ID 005 corresponding to the image Y of the authentication data. Here, the interpolation parameter is 1. In this example, the past correct image is shown as one of the incorrect images as an example.

  A sequence diagram showing a procedure of image authentication screen display processing according to the embodiment of the present invention will be described using FIG.

  Each step shown in FIG. 17 is executed by the user terminal shown in FIG. 4 and the authentication screen generation unit 204, the data storage unit 220, the authentication determination unit 210, the correct information update unit 208, and the correct information generation unit 212 of the authentication server 20. Is done.

  Referring to FIG. 17, the processing from step S20 to S26 is the same as the processing described in FIG. 9, and therefore detailed description thereof will not be repeated.

  The user terminal 40 displays the authentication processing initial screen 300 (FIG. 5) by transmitting data for displaying the authentication processing initial screen from the authentication server 20.

  Then, in the authentication processing initial screen 300 shown in FIG. 5, it is assumed that the user (administrator) inputs the community name in the community name input area 302 and inputs (selects) the decision button 306 (user operation in step S130). ). Next, the user terminal 40 transmits an authentication request corresponding to the community together with the input community name information to the authentication screen generation unit 204 (step S131).

  The authentication screen generation unit 204 notifies the authentication determination unit 210 of the community name information and the authentication request in accordance with reception of the authentication request corresponding to the community together with the input community name information (step S132).

  The authentication determination unit 210 transmits an authentication parameter and an update confirmation instruction corresponding to the community name included in the authentication data to the correct information update unit 208 according to the community name notified from the authentication screen generation unit 204 (step S134). . Here, the authentication parameter means the image ID of the images X and Y included in the authentication data and the interpolation parameter.

  The correct answer information update unit 208 executes an update determination process as to whether or not an update is necessary based on the notified authentication parameter in accordance with the update confirmation instruction from the authentication determination unit 210 (step S136). In this example, as an example, it is determined that there is an update every week from the date when the correct image was set when the first new community was registered.

  In this example, the case where the correct image is updated every week based on the date will be described. However, the present invention is not limited to this method, and it is naturally possible to update the correct image at another timing.

  Then, the correct answer information updating unit 208 executes an authentication parameter update process based on the determination result (step S138). The authentication parameter update process will be described later.

  Next, the correct information update unit 208 sends the updated authentication parameter to the correct information generation unit 212 (step S140).

  In addition, the correct answer information update unit 208 registers the updated authentication parameter in the data storage unit 220 (step S146).

  The correct answer information generation unit 212 generates correct answer information based on the authentication parameter sent from the correct answer information update unit 208 (step S142).

  Then, the correct answer information generation unit 212 sends the generated correct answer information to the authentication determination unit 210 (step S144).

  The authentication determination unit 210 instructs the authentication screen generation unit 204 to generate an image authentication screen along with the generated correct answer information (step S148). Note that the authentication determination unit 210 assigns an image ID corresponding to the generated correct answer information. Then, an authentication process is executed using the assigned image ID.

  The authentication screen generation unit 204 generates an image authentication screen including correct answer information (step S150). In the image authentication screen, an image ID is assigned to each displayed image.

  Next, the authentication screen generation unit 204 outputs data for displaying the image authentication screen to the user terminal 40. Then, an image authentication screen is displayed on the display 48 of the user terminal 40 (step S152).

Specifically, the image authentication screen 100 described with reference to FIG.
Next, it is assumed that the user (administrator) inputs (selects) the image object 102 from among a plurality of selected objects displayed on the image authentication screen (user operation in step S154).

  A selection instruction is output from the user terminal 40 to the authentication screen generation unit 204 (step S156).

  The authentication screen generation unit 204 sends a selection instruction to the authentication determination unit 210 (step S158). Specifically, the authentication screen generation unit 204 sends an image ID of image data corresponding to an object designated from among a plurality of selected objects to the authentication determination unit 210 as a selection instruction.

  Then, based on the selection instruction received from the authentication screen generation unit 204, the authentication determination unit 210 performs an authentication process on the user terminal 40 to determine whether or not the object selected by the user is a correct image (step S160). .

  For example, it is possible to determine whether or not the correct image has been selected based on whether or not the image ID assigned corresponding to the correct answer information matches the image ID sent from the authentication screen generation unit 204. It is. If they match, it is determined that the correct image has been selected, and if they do not match, it is determined that the correct image has not been selected. That is, it is determined that an incorrect image has been selected.

  And the authentication determination part 210 notifies the authentication result to the authentication screen production | generation part 204 (step S162). Specifically, the authentication determination unit 210 notifies that the authentication is successful when determining that the correct image has been selected. On the other hand, if the correct image has not been selected, a notification that authentication has failed is sent.

  The authentication screen generation unit 204 outputs the authentication result notified from the authentication determination unit 210 to the user terminal 40, and displays the confirmation screen described in FIG. 15 on the display 48 of the user terminal 40 (step S164). Although FIG. 15 shows the case where the authentication is successful, it is also possible to present to the user that the authentication has failed even when the authentication fails.

  Then, as described with reference to FIG. 15, by pressing the confirmation button 112 on the confirmation screen, in this example, the authentication server 20 notifies the application management server 10 of the authentication processing result, for example, authentication success or authentication failure. And

The flow of the image authentication screen display process will be described using FIG.
Referring to FIG. 18, when there is a community name instruction in step S98 of FIG. 12 (YES in step S98), authentication determination unit 210 instructs correct information update unit 208 to execute the update determination process. (Step S170). Specifically, the elapsed date and time from the date when the correct image is set when the first new community is registered is calculated. Then, it is determined that updating is necessary every week.

  If it is determined that the update is necessary, the correct information update unit 208 executes correct image parameter update processing for updating the correct image parameter (step S174). This process will be described later.

  On the other hand, when it is determined that the update is not necessary (NO in step S172), the correct information update unit 208 skips the process of step S174 and proceeds to step S176.

  Then, correct information is generated by the correct information generation unit 212 based on the correct image parameters (step S176). Then, the correct answer information is sent to the authentication determination unit 210.

  Then, the authentication determination unit 210 instructs the authentication screen generation unit 204, and the authentication screen generation unit 204 generates an image authentication screen (step S178).

  Then, the image authentication screen is displayed on the display 48 of the user terminal 40 (step S180).

Then, the process ends (return). That is, the process proceeds to step S102 in FIG.
The correct image parameter update processing will be described with reference to FIG.

  This process is realized by the correct information update unit 208, the image selection unit 216, and the similarity calculation unit 214.

  With reference to FIG. 19, first, the correct answer information update unit 208 determines whether or not the interpolation parameter is 1 or more (step S182). That is, the case where the value is 1 or more by the interpolation parameter update process means that the image data that is correct information is shifted from, for example, image X to image Y.

  If correct answer information updating section 208 determines that the interpolation parameter is 1 or more (YES in step S182), it proceeds to step S184.

  On the other hand, when the interpolation parameter is less than 1 in step S182 (NO in step S182), the process proceeds to step S194 to update the interpolation parameter. Specifically, a predetermined value is added to the current value of the interpolation parameter, and the process proceeds to step S192. That is, when the interpolation parameter is less than 1, the interpolation image changes according to the update of the interpolation parameter.

  Then, the correct information update unit 208 updates the data (step S192). Specifically, the contents of the interpolation parameter of the authentication data are updated.

Then, the process ends (return). That is, the process proceeds to step S176.
The relationship between the interpolation parameter transition and the interpolated image according to the embodiment of the present invention will be described using FIG.

  Referring to FIG. 20A, here, a case where an image X corresponds to an image P and an image Y corresponds to an image Q is shown.

  With reference to FIG. 20B, there is shown a case where the interpolation parameter is incremented by 0.1 each time the correct image is updated.

  By adding the interpolation parameters by 0.1, the first image P (interpolation parameter is 0) → the next image P # (interpolation parameter is 0.1) →... → image Q (interpolation parameter 1 ) Is shown.

That is, the first image P is finally transitioned to the image Q.
The interpolated image shown here is generated by an interpolation process that changes the position and size of the feature points of the image object from the image P to the image Q. For example, in the case of a human image or the like, the characteristic points are characteristic parts such as pupils, nostrils, eyes, corners of the eyes, and mouth edges, which are face parts (elements) constituting the face of the human image. Specifically, an interpolation process is performed in which the face pupil of the person image of the image P is changed to the face pupil of the person image of the image Q in accordance with the interpolation parameter.

  Referring to FIG. 19 again, in step S182, when correct information update unit 208 determines that the interpolation parameter is 1 or more (YES in step S182), it next instructs image selection unit 216. Then, the next image is selected from the image data group (step S184). At that time, as described above, the image data corresponding to the next order of the image data corresponding to the current correct image is selected from the image data arranged in order with reference to the initial image data.

  That is, as described above, when two image data are selected and then transition is made from one image to the other by adjusting the interpolation parameter, the next order of image data is selected.

  Then, the image selection unit 216 sends the other image data and the selected image data that is the next image data of the other image data to the similarity calculation unit 214, and selects the similarity calculation unit 214. The calculation of the similarity between the two image data is instructed (step S186).

  Next, in response to the calculation result of the similarity calculation unit 214, the image selection unit 216 determines whether or not the calculated similarity is equal to or less than a predetermined threshold value (step S188).

  If it is determined in step S188 that the image selection unit 216 is less than the predetermined threshold (YES in step S188), the selected image data is sent to the correct information update unit 208.

  Then, the correct answer information updating unit 208 initializes the interpolation parameter (step S190).

  Then, the correct information update unit 208 updates the data (step S192). Specifically, the contents of the image X, the image Y, and the interpolation parameter of the authentication data are updated.

  That is, for the image X, the image ID of the other image data is registered. On the other hand, for the image Y, the image ID of the selected image data is registered. The interpolation parameter is initialized to 0.

Then, the process ends (return). That is, the process proceeds to step S176.
On the other hand, if it is determined in step S188 that the image selection unit 216 is not less than the predetermined threshold value (NO in step S188), the image selection unit 216 returns to step S184 again, and sequentially uses the initial image data as a reference. The next image is further selected from the arrayed image data. Then, the similarity calculation unit 214 calculates the similarity by the same method as described above, and selects an image whose similarity is equal to or less than a predetermined threshold value.

  As a result of the processing, the image selected by the image selection unit 216 is selected to have a small degree of similarity with the current image. As a result, in the change from the current image to the selected image, the change from the current image to the selected image becomes large, so that security can be improved.

  Further, by selecting the next image data from the image data arranged in the order of similarity, the selected image data or the initially selected image data is not selected, so that the security can be further improved. it can.

With this processing, the correct image parameters are updated.
<New user registration process>
In this example, a case where the user of the user terminal 50 executes additional registration processing as a new user will be described.

A new user registration screen 420 for registering a new user will be described with reference to FIG.
The new user registration screen 420 is displayed when the user new registration button 103 is pressed on the image authentication screen 100 of FIG. In the new user registration screen 402, the user can additionally register members in the community by inputting predetermined information.

  Referring to FIG. 21, an input area 422 is provided on the new user registration screen 420 together with a guidance display “Please enter user name”. An input area 424 is provided together with a guidance display “Please input E-mail”.

In addition, a return button 426 and an enter button 428 are provided.
The user of the user terminal 50 inputs the user name and E-mail in the input areas 422 and 424 of the new user registration screen 420 displayed on the display 48 using the keyboard 47 or the mouse 46.

  Then, by pressing the enter button 428, the contents input in the input areas 422 and 424 are transmitted to the authentication server 20, and the input contents are registered.

  On the other hand, when the return button 426 is pressed, the screen returns to the authentication processing initial screen 300.

  In this example, as an example, the case where the characters “Bob” are input in the input area 422 is shown.

  In this example, a case where an E-mail (not shown) is input to the input area 424 and the determination button 428 is pressed will be described.

  By this process, a new user registration process is executed, a new member in the community is added, and a correct image for determining whether or not the member belongs to the community is notified to the new member.

  A correct image confirmation screen (also referred to as a correct image confirmation screen) at the time of new user registration will be described with reference to FIG.

  Referring to FIG. 22, here, correct image 432 is shown on correct image confirmation screen 430 together with the expression “I joined AAA circle”. A confirmation button 434 is also provided. By pressing the confirmation button 434, a predetermined service based on the application is provided from the application management server 10.

  Then, the new new user selects the correct image displayed on the correct image confirmation screen 430 on the next and subsequent image authentication screens, whereby the authentication process in the community (“AAA circle”) succeeds.

  A sequence diagram showing a procedure for registering a new user according to the embodiment of the present invention will be described using FIG.

  Each step shown in FIG. 23 is executed by the user terminal 50 shown in FIG. 4 and the authentication screen generation unit 204, the data storage unit 220, and the authentication determination unit 210 of the authentication server 20.

  Here, as described above, in step S <b> 20, the authentication determination unit 210 requests authentication data from the data storage unit 220. In step S22, the data storage unit 220 sends the authentication data stored in itself in response to the request from the authentication determination unit 210.

  Further, the processing up to the authentication screen display processing in step S152 is the same as the processing described in FIG. 17, and therefore detailed description thereof is omitted.

  In step S152, the user terminal 50 displays the image authentication screen 100 (FIG. 14) by transmitting data for displaying an image authentication screen for authentication processing from the authentication server 20.

  Then, assume that the user (administrator) inputs (selects) the new user registration button 103 on the image authentication screen 100 shown in FIG. 14 (user operation in step S200). Next, the user terminal 50 transmits a user new registration instruction to the authentication screen generation unit 204 (step S202).

  The authentication screen generation unit 204 transmits data for displaying a new user registration screen to the user terminal 50 in accordance with the user new registration instruction (step S204).

  Then, it is assumed that the user inputs (selects) the input area 412 on the new user registration screen 420 shown in FIG. 21 (user operation in step S206). Next, the user terminal 50 sends new user registration data (step S208).

  The authentication screen generation unit 204 notifies the authentication determination unit 210 of the registration data (step S210).

  The authentication determination unit 210 confirms registration of the registered new user registration data (step S212).

  Specifically, referring to the authentication data, it is determined whether or not the new user name input this time is new. Here, if the user name input by the user has already been registered, the authentication screen generation unit 204 is instructed to cancel the new user registration processing and display the authentication processing initial screen.

  When the user name input by the user is new (that is, not registered), the authentication determination unit 210 updates the authentication data (step S214).

  And the authentication determination part 210 preserve | saves the updated authentication data in the data storage part 220 (step S215).

  Further, the authentication determination unit 210 notifies the authentication screen generation unit 204 of the correct image already sent by the correct information generation unit 212 in step S144 of FIG. 17 (step S216).

  The authentication screen generation unit 204 transmits data for displaying the correct image on the user terminal 50 based on the correct information notified from the authentication determination unit 210 (step S218).

  With this processing, the correct image confirmation screen 430 described in FIG. 22 is displayed on the display 48 of the user terminal 50. As described above, on the correct image confirmation screen 430, the new user can confirm and use the correct image used in the authentication process of the community.

  With reference to FIG. 24, a flow of new user registration processing according to the embodiment of the present invention will be described.

  Referring to FIG. 24, when determining that there is a user new registration instruction, the authentication screen generation unit 204 displays a new user registration screen on the display 48 of the user terminal 50 (step S230). Specifically, the authentication screen generation unit 204 causes the display 48 to display the new user registration screen 420 of FIG.

  Next, the authentication screen generation unit 204 determines whether or not data has been input on the new user registration screen (step S232). Specifically, it is determined whether or not there is a new user name input and an E-mail input on the new user registration screen 420. On the other hand, in step S232, when there is no data input on the new user registration screen (NO in step S232), the state is maintained until data is input.

  If there is data input on the new user registration screen in step S232 (YES in step S232), registration confirmation processing is next executed (step S234). Specifically, the authentication screen generation unit 204 notifies the authentication determination unit 210 of the input registration data, and the authentication determination unit 210 refers to the authentication data and the user input this time on the new user registration screen. Check if the name is new.

  The authentication determination unit 210 determines whether or not the new user name included in the input registration data is already registered (already registered) in the authentication data (step S236).

  If it is determined in step S236 that the new user name included in the input registration data has already been registered (YES in step S236), the authentication determination unit 210 returns to step S92 in FIG. Display the initial screen for the first authentication process. Specifically, the authentication determination unit 210 instructs the authentication screen generation unit 204 to display an authentication processing initial screen. That is, the new user registration process is stopped, and the authentication process initial screen is displayed to prompt the user to re-operate.

  On the other hand, if it is determined in step S236 that the new user name included in the input registration data is not registered (NO in step S236), authentication determination unit 210 registers authentication data (step S238). ). Specifically, the authentication determination unit 210 updates and stores authentication data in the data storage unit 220.

  Next, the authentication determination unit 210 instructs the authentication screen generation unit 204 to display the correct image on the display 48 of the user terminal 50 (step S240). Specifically, the correct image already sent by the correct information generating unit 212 in step S144 of FIG. 17 is displayed.

  Then, the process ends (return). That is, the process returns to the flow of FIG. 12, and then proceeds to step S106.

  An authentication data table that describes authentication data registered as a new user will be described with reference to FIG.

  Referring to FIG. 25, here, a case where “AAA circle” is registered as a community name is shown. Moreover, the case where "Bob" is registered with E-mail "... @ ..." as a new user is shown with the registrant "Alice". In addition, a case where identification IDs for identifying two selected image data are registered as images X and Y is shown. As an example, the case where the image ID 001 of the image X and the image ID 005 of the image Y are registered is shown here. Further, here, the column of the interpolation parameter is shown, and the case where the interpolation parameter is set to 0.5 is shown as an example.

  Similarly, the case where “BBB circle” is registered as the community name is shown. In addition, a case where registrants “Charlie” and “David” are registered together with E-mail “... In addition, a case where identification IDs for identifying two selected image data are registered as images X and Y is shown. As an example, the case where the image ID 007 of the image X and the image ID 008 of the image Y are registered is shown here. Further, here, an interpolation parameter column is shown, and the interpolation parameter is set to 0.3 as an example.

  By executing this processing, it becomes possible to additionally register a user in the community.

  As described above, the authentication process according to the embodiment of the present invention, as an example, automatically changes little by little every week, that is, the correct image every week.

  It is generally known that humans are insensitive to subtle changes because they remember information in the overall image and characteristic parts. In other words, a person can determine that they are the same image if they change a little.

  Therefore, even if the image is changed little by little after one week, the user can determine that the same correct image is obtained.

  In the method of selecting and authenticating the correct image from multiple images, the correct image can be authenticated if it is a person who continues to access frequently by presenting the correct image little by little. Those who do not access for a long time cannot authenticate because the correct image will be completely different from the previous one.

  With this authentication, it is possible to improve the security of authentication, reflecting the density of communication on the community.

  As described above, the correct image changes little by little when accessed, and if the memory is ambiguous, there is a possibility that the correct image cannot be properly selected when logging in next time, so the user clearly stores the correct image. In order to assist the user, the correct image when logging in this time may be displayed after authentication to assist the user in storing the correct image. In addition, it is not restricted to the fixed period after authentication, For example, when logging out, the said correct image may be displayed and the time to memorize | store may be made as short as possible.

  Further, in order to make it easy to memorize the display method, it is possible to make it blink, to display it as an event, or to make various ideas.

  In the above description, the case where the correct image is changed by changing the interpolation parameter has been described. However, the correct image can be further changed using another method.

  Alternatively, after executing the discrete cosine transform (DCT transform) process on the correct image, the DCT change amount may be added and the inverse discrete cosine transform (IDCT transform) process may be performed to change the correct image. It is also possible to change the correct image by executing known image processing such as filtering processing and luminance conversion processing on the correct image.

  Further, in this example, the case where a human image is used to generate an interpolated image of a human image has been described. However, the present invention is not limited to a human image, and other images such as photographs as shown in FIG. It is also possible to generate an interpolated image such as a graphic (graph etc.) as shown in FIG. 26B (flower image etc.).

  In the above embodiment, for example, the case where the correct image parameter is changed based on the passage of time as the update timing of the correct image has been described. However, for example, the user access information is not the passage of time. For example, the correct image parameter can be changed based on the data change amount.

  In this example, the case where one correct image is included in the authentication screen has been described, but a plurality of correct images may be displayed. For example, a plurality of correct images can be used properly depending on the degree of closeness. For example, a correct image of a user with low intimacy and a correct image of a user with high closeness can be used. And, correct images of users with low familiarity are set to increase the update degree and update frequency, and correct images of users with high closeness are set to decrease the update degree and update frequency, Two correct images may be displayed on the authentication screen.

  In the above embodiment, when two image data are selected by the image selection unit 216, the image data is arranged in order from the image data group arranged in order of similarity with the initial image data selected first as a reference. Although the case where image data that is a candidate for the next correct information is selected has been described, another selection method may be adopted. For example, two pieces of image data P and Q are randomly selected from the image data group as image data that is candidates for correct information, and the calculated similarity between the two selected pieces of image data is below a predetermined threshold value. If it is less than a predetermined threshold value, the selected image data is set as correct answer information. In this case, it is assumed that the image data P transitions to the image data Q. Then, image data R is selected at random from the image data group as image data to be candidates for the next correct answer information. Then, the similarity between the image data R and the two image data P and Q is calculated to determine whether or not a predetermined condition is satisfied. If the predetermined condition is satisfied, the image data R is set as the next correct answer information. The predetermined condition is that the similarity between the image data P and the image data R is smaller than the similarity between the image data P and the image data Q, and smaller than the similarity between the image data Q and the image data R. Condition.

  In the present example, the configuration in which the application management server 10 and the authentication server 20 are provided separately has been described, but a configuration in which these are included in one is also possible.

  In addition, it is also possible to provide a program that causes a computer to function for each unit that controls the above-described apparatus, and executes control as described in the above flow. Such a program is stored in a computer-readable recording medium such as a flexible disk attached to the computer, a CD-ROM (Compact Disk-Read Only Memory), a ROM (Read Only Memory), a RAM (Random Access Memory), and a memory card. And can be provided as a program product. Alternatively, the program can be provided by being recorded on a recording medium such as a hard disk built in the computer. A program can also be provided by downloading via a network.

  The program may be a program module that is provided as part of an operating system (OS) of a computer and that calls necessary modules in a predetermined arrangement at a predetermined timing to execute processing. In that case, the program itself does not include the module, and the process is executed in cooperation with the OS. A program that does not include such a module can also be included in the program according to the present invention.

  The program according to the present invention may be provided by being incorporated in a part of another program. Even in this case, the program itself does not include the module included in the other program, and the process is executed in cooperation with the other program. Such a program incorporated in another program can also be included in the program according to the present invention.

  The provided program product is installed in a program storage unit such as a hard disk and executed. The program product includes the program itself and a recording medium on which the program is recorded.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is shown not by the above description of the embodiments but by the scope of claims, and is intended to include all modifications within the meaning and scope equivalent to the scope of claims.

  10 Application management server, 11, 21, 41 CPU, 12, 22, 42 RAM, 13, 23, 43 ROM, 14, 24, 44 HDD, 15, 25, 49 Communication interface, 16, 26, 45 Internal bus, 20 Authentication server, 40, 50 user terminal, 46 mouse, 47 keyboard, 48 display.

Claims (7)

Storage means for storing a plurality of visually identifiable images;
Selecting means for selecting at least two images from the images stored in the storage means;
Correct image generation means for generating a correct image using the at least two images selected by the selection means;
The display means presents at least a part of the plurality of images stored in the storage means together with the correct image generated by the correct image generation means, and accepts an input of the user's image selection Authentication means for performing authentication in response to selection / non-selection of the correct image;
Correct image update means for updating the correct image as necessary,
The correct image generation means generates an interpolated image of the at least two images as the correct image based on an interpolation parameter used when interpolating the at least two images.
The correct image updating means adjusts the interpolation parameter.   The correct image generation means determines a distance between a start point and an end point when one image of the at least two images is a start point and the other image is an end point according to a change in the interpolation parameter adjusted by the correct image update means. The authentication apparatus according to claim 1, wherein an interpolation image to be interpolated is generated.   The authentication apparatus according to claim 2, wherein the interpolation corresponds to a process in which a feature point of each of the at least two images changes from one to the other.   The authentication device according to claim 3, wherein the feature point corresponds to at least one of a plurality of elements constituting a face in the at least two images. The plurality of images are arranged in order of decreasing similarity, based on the initial image corresponding to the first correct image,
Similarity capable of calculating the degree of similarity of each other based on the feature points of each of the previously selected image corresponding to the current correct image and the next candidate image arranged in order of similarity A degree calculating means,
The selection means includes
Determining whether or not the similarities calculated by the similarity calculating means are below a predetermined threshold;
5. The candidate image is selected according to any one of claims 1 to 4, wherein a candidate image whose similarity is equal to or less than a predetermined threshold value is selected from the previously selected image and the candidate images arranged in the order of similarity. Authentication device. An authentication method of an authentication device provided with storage means for storing a plurality of visually identifiable images ,
The authentication device
Selecting at least two images from images stored in the storage means;
Generating a correct image using the selected at least two images;
Presenting at least a part of the plurality of images stored in the storage unit together with the generated correct image on a display unit;
Receiving a user image selection input;
Authenticating in response to selection / non-selection of the correct image;
Updating the correct image,
The step of generating the correct image generates an interpolated image of the at least two images as the correct image based on an interpolation parameter used when interpolating the at least two images.
The step of updating the correct image is an authentication method of an authentication device , wherein the interpolation parameter is adjusted. In the computer of the authentication device provided with storage means for storing a plurality of visually identifiable images,
Selecting at least two images from images stored in the storage means;
Generating a correct image using the selected at least two images;
Presenting at least a part of the plurality of images stored in the storage unit together with the generated correct image on a display unit;
Receiving a user image selection input;
Authenticating in response to selection / non-selection of the correct image;
Updating the correct image,
The step of generating the correct image generates an interpolated image of the at least two images as the correct image based on an interpolation parameter used when interpolating the at least two images.
The step of updating the correct image is an authentication program for adjusting the interpolation parameter and executing a process.

Images