JP5673942B2 - Authentication information input device, method and program for portable terminal - Google Patents

Description

  The present invention relates to an authentication information input device, method, and program for a user to input authentication information to a mobile terminal.

  In mobile terminals such as mobile phones and smartphones, important information including personal information such as phone books, photos, and mails is recorded. In addition, since mobile terminals have been used in business in recent years, the need for user authentication is increasing.

  A method that is widely used for user authentication of portable terminals is a method that uses a password as authentication information. In mobile terminals, it is generally difficult to input characters other than numbers, such as alphabets, and so many passwords are 4-digit numbers. However, this method has a very low password complexity and is vulnerable to brute force attacks.

  Long and complex passwords can avoid this vulnerability. However, this has a problem that it is difficult for humans to memorize, and it is difficult to input especially in the case of a portable terminal.

  Several attempts have been made to solve this inconvenience and to enable authentication easily by a method that does not require special hardware such as a keyboard, an IC card (token), or biometrics.

  For example, Patent Document 1 describes a method of performing authentication based on the characteristics of arm swing behavior.

  Further, Patent Document 2 describes a method of mounting a sensor that detects vibration at a portion that hits a fingertip when a portable terminal is gripped, and authenticating using a characteristic of vibration.

  Further, Patent Document 3 describes a method of detecting an acceleration signal generated by moving and vibrating a wireless device main body and using the detected acceleration signal as a password.

JP 2007-193656 A JP 2008-282084 A Japanese Patent Laid-Open No. 2002-291047

  Password authentication, which is an existing technology, has a problem that passwords with high security strength (complex and long) can be easily forgotten. In particular, in portable terminals such as mobile phones, smartphones, and small game machines, it is difficult to input characters as compared to personal computer (PC) operations, and it is difficult to input passwords with high security strength.

  On the other hand, the methods disclosed in Patent Documents 1 to 3 have problems as described below.

  The method disclosed in Patent Document 1 uses an individual difference (癖) when performing the same operation for authentication. However, it is difficult to detect individual differences in comparison of the same operations, and there is a problem that authentication mistakes such as breakthrough of authentication by another person and inability to authenticate the person are likely to occur.

  The method disclosed in Patent Document 2 requires a sensor that is not normally mounted on a portable terminal. Therefore, there is a problem that it becomes difficult to use with a general portable terminal.

  The method disclosed in Patent Document 3 uses an acceleration signal (or a combination thereof) itself (waveform) as a password. Therefore, it is difficult to quantify (numerize) the acceleration signal (or combination thereof). Further, Patent Document 3 does not specifically describe the password signal match / mismatch determination. For this reason, as in Patent Document 1, it is difficult to determine whether the operations match, and there is a problem that erroneous determination is likely to occur.

  An object of the present invention is to provide an authentication information input device, method, and program capable of obtaining a security strength comparable to that of a password by character input by a simple and intuitive operation using a sensor. is there.

An authentication information input device according to the present invention is an authentication information input device for a user to input authentication information to a mobile terminal, and detects one of a plurality of predetermined authentication operations applied to the mobile terminal. An operation detection unit that outputs a detection operation signal representing each detection operation; an operation identification unit that identifies a plurality of detection operations from the detection operation signal and generates an identification operation signal that represents a plurality of identification operations; Conversion information storage means for storing conversion information for converting a combination of authentication actions into symbols, and password generation for generating a password from a plurality of identification actions represented by identification action signals with reference to the conversion information storage means and means, password rules storage means for registering a password requirements advance, with said password generating means, by referring to the password rules storing means, the generated password path Until we meet over de requirements, and performs correction of the generated password.

An authentication information input method according to the present invention is an authentication information input method for a user to input authentication information to a mobile terminal, and continuously performs one of a plurality of predetermined operations for the user to move the mobile terminal. Detecting the plurality of predetermined actions, and converting information storing means for storing conversion information for converting the combination of the predetermined actions into symbols, Generating a password based on the operation of the above, and generating the password by referring to the password rule storage means in which the password requirement is registered in advance until the generated password satisfies the password requirement. The password is corrected .

  The authentication information input device according to the present invention can obtain a security strength comparable to that of a password by character input by a simple and intuitive operation.

It is a block diagram which shows the structure of the portable terminal to which the authentication information input device which concerns on 1st Example of this invention is applied. It is a flowchart for demonstrating operation | movement of the portable terminal (authentication information input device) shown in FIG. It is a wave form diagram which shows an example of the data acquired by the sensor operation | movement acquisition means used for the portable terminal shown in FIG. It is the schematic which shows an example of the predetermined | prescribed authentication operation | movement added to the mobile telephone shown in FIG. It is a wave form diagram which shows an example of the change of the acceleration added to the mobile telephone shown in FIG. It is a figure which shows an example of the conversion table stored in the operation | movement / symbol conversion ledger used for the mobile telephone shown in FIG. It is a figure which shows an example of the table | surface for demonstrating the other conversion operation | movement performed with the operation | movement / symbol conversion ledger used for the mobile telephone shown in FIG. It is a block diagram which shows the structure of the principal part of the portable terminal with which the authentication information input device which concerns on 2nd Example of this invention is applied. It is a figure which shows an example of the position determined (defined) by the grip direction determination means used with the portable terminal shown in FIG.

  Hereinafter, embodiments of the present invention will be described in detail.

  An authentication information input device according to an embodiment of the present invention includes an input device that can be operated by a user, such as a push button, a key, or a touch panel, an operation acquisition unit that acquires operation information of the input device, a moving speed, an acceleration of the terminal, A sensor capable of measuring rotational speed (angular velocity), rotational acceleration (angular acceleration), etc., an operation acquisition means capable of acquiring operation information of the sensor, and an input start for recognizing input start / end of an authentication operation from a user operation / End recognition means, action identification means for identifying a plurality of actions from the action information of the sensor, password generation means for generating a password from the identified actions, means for correcting the password, and authentication for authentication using the password Means, operation information storage means for recording operation information, and conversion information storage for storing information for converting an operation into a password. And means, a password storage means for storing password information used for authentication.

  The authentication information input device having such a configuration can generate a password from a combination of operations in which the user moves the mobile terminal, and can perform authentication using the generated password.

  A mobile terminal 1 to which an authentication information input apparatus according to a first embodiment of the present invention is applied will be described with reference to FIG. That is, the first embodiment of the present invention uses the portable terminal 1 that operates by program control. The mobile terminal 1 may be, for example, a mobile phone, a smartphone, a small game machine, or the like.

  The mobile terminal 1 includes a data processing device 10, a storage device 11, a push button 12, and an acceleration sensor / gyro sensor 13. The terminal device 1 includes a display (not shown). As an alternative to the push button 12, any input key or touch panel may be used.

  The acceleration sensor / gyro sensor 13 is a sensor that is often installed in mobile phones, smartphones, small game machines, and the like. The data processing device 10 works as a computer.

  The data processing device 10 of the portable terminal 1 includes a button operation acquisition unit 14 for acquiring operation information of the push button 12, a sensor operation acquisition unit 15 for acquiring operation information of the acceleration sensor / gyro sensor 14, and authentication. An application 16, an authentication unit 17, and a terminal operation application 18 are included. The button operation acquisition unit 14, the sensor operation acquisition unit 15, the authentication unit 17, and the terminal operation application 18 can use existing technology installed in a commercially available mobile phone or the like.

  The authentication application 16 includes an input start / end recognition unit 161, an operation generation unit 162, and a password generation unit 163.

  On the storage device 11, areas for storing information about the operation information buffer 111, the operation / symbol conversion ledger 112, the password rule ledger 113, and the password ledger 114 are secured.

  The mobile terminal 1 used in the present embodiment is equipped with an acceleration sensor and a gyro sensor (angular acceleration sensor), and the mobile terminal 1 when the mobile terminal 1 is moved as shown in FIG. It is assumed that acceleration and angular acceleration can be acquired. In this embodiment, as shown in FIG. 3A, the acceleration (X direction movement, Y direction movement, Z direction movement) and angular acceleration (Pitch direction rotation, Roll direction rotation, Yow direction) acquired from the sensor 13 are obtained. (Rotation) 6-axis information is used. In the illustrated example, as shown in FIG. 3A, the X direction is the left-right direction, the Y direction is the up-down direction, and the Z direction is the front-back direction.

  Next, each component which comprises the portable terminal (authentication information input device) 1 shown in FIG. 1 is demonstrated.

  The acceleration sensor / gyro sensor 13 is a sensor that measures a plurality of predetermined authentication operations described later. Note that the plurality of predetermined authentication operations include at least a movement operation and a rotation operation. The acceleration sensor / gyro sensor 13 detects the moving speed, acceleration, rotational speed (angular speed), and rotational acceleration (angular acceleration) of the mobile terminal 1 as a plurality of predetermined authentication operations. The sensor operation acquisition means 15 acquires the operation information measured by the acceleration sensor / gyro sensor 13 and outputs a detection operation signal representing each detection operation. Therefore, the combination of the acceleration sensor / gyro sensor 13 and the sensor operation acquisition means 15 detects one of a plurality of predetermined authentication operations applied to the mobile terminal 1 and generates a detection operation signal representing each detection operation. Acts as an action detecting means (13, 15) for outputting.

  In the present embodiment, as the moving operation, the mobile terminal 1 is translated from the initial position in a predetermined direction of a predetermined axis, and then the mobile terminal 1 is translated in the opposite direction of the predetermined axis to substantially move. "Parallel movement reciprocating operation" to return to the initial position is used. Further, as the turning operation, after the mobile terminal 1 is rotated from the initial position around the predetermined axis in a predetermined direction, the mobile terminal 1 is rotated around the predetermined axis in the opposite direction to substantially return to the initial position. "Rotating (swinging) reciprocating motion" is used.

  The motion generation means 162 continuously identifies and generates a detection operation corresponding to the detection operation signal as an identification operation from the detection operation signal. The operation information buffer 111 stores a plurality of identification operations generated (identified) by the operation generation means, and stores identification operation signals representing a plurality of identification operations. Therefore, the combination of the motion generation unit 162 and the motion information buffer 111 is a motion identification unit (162, 111) that identifies a plurality of detection operations from the detection operation signal and generates identification operation signals representing a plurality of identification operations. work.

  The operation / symbol conversion ledger 112 operates as conversion information storage means for storing conversion information (described later) for converting a predetermined combination of authentication operations into a symbol (character). In the present embodiment, “symbol” is a generic term for English letters, numbers, and general symbols.

  The password generation unit 163 refers to the operation / symbol conversion ledger (conversion information storage unit) 112 and generates a password from a plurality of identification operations represented by the identification operation signal. The password rule register 113 serves as a password rule storage unit in which password requirements to be described later are registered in advance. The password generation unit 163 refers to the password rule register (password rule storage unit) 113 and corrects the generated password until the generated password satisfies the password requirement, as will be described later.

  The password ledger 114 operates as a password storage unit that stores a password used for authentication. The authentication unit 17 verifies whether or not the password generated by the password generation unit 163 matches the password stored in the password ledger (password storage unit) 114.

  The push button 12 is an input device that can be operated by the user. The button operation acquisition unit 14 is an operation acquisition unit that acquires operation information from the push button (input device) 12. Therefore, the combination of the push button (input device) 12 and the button operation acquisition means (operation acquisition means) 14 serves as user operation detection means (12, 14) for detecting user operation information on the mobile terminal 1.

  The input device 12 is not limited to a push button, and may be a key or a touch panel.

  The input start / end recognition unit 161 recognizes the input start / end of the authentication operation from the operation information detected by the user operation detection unit (12, 14), as will be described later.

  The operation identifying unit (162, 111) identifies the plurality of detection operations according to the input start / end of the authentication operation recognized by the input start / end recognition unit 161.

  Next, the operation of the portable terminal 1 according to the first embodiment of the present invention will be described in detail with reference to the flowchart of FIG.

  When the mobile terminal 1 performs a user operation (such as pressing a button or touching a touch panel), the button operation acquisition unit 14 detects the user operation, and input start / end recognition unit for operating information such as which button is pressed. 161 is notified (steps S101, S102, S103).

  When the detected operation is an input start operation (eg, pressing the “#” button), the input start / end recognition unit 161 determines that the operation input has started, and starts the operation input to the operation generation unit 162. To be notified.

When receiving the start of the motion input, the motion generation unit 162 starts acquiring sensor motion information from the sensor motion acquisition unit 15. In the acceleration sensor / gyro sensor 13, what is acquired from the acceleration sensor is acceleration (m / s ² ) for movement in the X direction, Y direction, and Z direction, and a short time interval (eg, 0.1 s). If sampling is performed, data as shown in FIG. 3B is obtained. What is acquired from the gyro sensor is angular acceleration (rad / s ² ) for movement in rotation in the Pitch direction, Roll direction, and Yow direction. When sampling is performed at a short time interval (eg, 0.1 s), Data such as 3 (C) is obtained.

  In this embodiment, one operation used for authentication is defined as the following 12 types.

1) X +: a movement of moving the mobile terminal 1 in the positive direction (right direction) of the X axis and immediately returning it to the original position (moving in the order of arrows A and A in FIG. 4A),
2) X-: Move the mobile terminal 1 in the negative direction (left direction) of the X axis and immediately return it to the original position,
3) Y +: a movement of moving the mobile terminal 1 in the positive direction (upward) of the Y axis and immediately returning it to the original position,
4) Y-: Move the mobile terminal 1 in the negative direction (downward) of the Y-axis and immediately return it to the original position.
5) Z +: movement of the mobile terminal 1 in the positive direction (forward direction) of the Z-axis and immediately returning it to the original position,
6) Z-: movement of the mobile terminal 1 in the negative direction (rearward direction) of the Z-axis and immediately returning it to the original position,
7) Pitch +: Move the mobile device 1 in the Pitch positive direction (clockwise on the X axis) and immediately return it to the original position.
8) Pitch-: A movement in which the mobile terminal 1 is rotated in the negative Pitch direction (counterclockwise in the X axis) and immediately returned to the original position.
9) Roll +: A movement to rotate the mobile terminal 1 in the positive direction of the Roll (clockwise on the Y axis) and immediately return it to the original position.
10) Roll-: The mobile terminal 1 is rotated in the negative direction of the Roll (counterclockwise in the Y-axis) and immediately returned to the original position.
11) Yow +: The movement of rotating the mobile terminal 1 in the Yow forward direction (clockwise in the Z axis) and immediately returning it to the original position (rotating in the order of arrow C and D in FIG. 4B),
12) Yow-: A movement in which the portable terminal 1 is rotated in the Yow negative direction (counterclockwise in the Z axis) and immediately returned to the original position.

  5 (A), (B), and (C) show the X axis (positive direction, negative direction), the Y axis (positive direction, negative direction), and the Z axis (positive direction, negative direction), respectively. The change of acceleration is illustrated.

  In FIG. 5A, A indicates a positive threshold value, -A indicates a negative threshold value, P1 and P2 indicate peak points, and x1 and x2 indicate acceleration values at the peak points P1 and P2, respectively. , T1 and t2 indicate times when peak points P1 and P2 are recorded, respectively. Note that T represents the upper limit of the period recognized as one operation (the time between peak points).

  Next, examples of threshold values will be described.

In the case of the X axis, the Y axis, and the Z axis, the threshold A is 10 (m / s ² ), and the recognition period upper limit T is 0.5 (s).

In the case of the Pitch axis, Roll axis, and Yow axis, the threshold A is 4π (rad / s ² ), and the recognition period upper limit T is 0.5 (s).

  Next, a procedure for detecting one operation will be described by taking X + and X− as examples.

In the sensor operation acquisition means 15, a threshold value A (for example, 10 m / s ² ) is set in advance for the acceleration value. The sensor operation acquisition means 15 detects the movement in the positive direction of the X axis when the threshold value A is exceeded, and detects the movement in the negative direction of the X axis when it falls below the threshold value -A.

  The motion generation means 162 recognizes (identifies) as one motion “X +” when the motion in the X-axis negative direction is detected immediately after detecting the motion in the X-axis positive direction (in the case of the example in FIG. 5A). , X1> A and x2 <−A and (t2−t1) <T are recognized as X +).

  Similarly, the motion generation unit 162 recognizes (identifies) as one motion “X−” when the motion in the positive X-axis direction is detected immediately after the motion in the negative X-axis direction is detected. The authentication operation from Y + to Yow− is also recognized by the same method.

  When performing the authentication operation, a clear (easy to detect) operation should be performed in consideration of which of the above 12 types of operations is applicable. However, if the user performs an operation that simultaneously recognizes (identifies) a plurality of authentication operations (the operation timing (period from t1 to t2) overlaps with the operation timing on another axis), the sensor The motion acquisition unit 15 and the motion generation unit 162 employ an operation having a larger peak value difference (absolute value of (x1−x2)).

  The above is the operation of step S105 for “acquiring sensor operation” and step S106 for “detecting one operation” in the flowchart of FIG.

  When the motion generation unit 162 detects (identifies) one motion by the above method, the motion generation unit 162 writes the detected one motion (eg, X +) in the motion information buffer 111 as an identification motion. If another authentication operation has already been recorded in the operation information buffer 111 as an identification operation, additional writing is performed ("write one operation to the operation information buffer (addition)" in the flowchart of FIG. 2) (step S107).

  Until the input start / end recognizing means 161 detects the end of input (eg, releasing the “#” button), the action generating means 162 “detects the end of input” from step S104 to “write one action to the action information buffer” (Additional writing) "The operation of S107 is repeatedly executed.

  When the end of input is detected (YES in step S104), the password generating unit 163 detects operation information (eg, X +, Y−, Pitch +, X +, Roll−,...) Representing a plurality of identification operations from the operation information buffer 111. ) Is acquired (step S108), and the operation information (a plurality of identification operations) is converted into a password (step S109). At this time, the operation information on the operation information buffer 111 is cleared in preparation for the next authentication process.

  For the conversion, a conversion table stored in the operation / symbol conversion ledger 112 as shown in FIG. 6 is used. In this embodiment, the password generation means 162 has 64 combinations (8 uppercase letters: 26 characters, English characters) from combinations of eight identification operations of X +, X-, Y +, Y-, Z +, Z-, Pitch +, Pitch-. A character (symbol) of lowercase letters: 26 characters, numbers: 10 characters, symbols: 2 characters) is obtained (one character (symbol) is generated from a combination of two identification operations). In this case, since Roll +, Roll−, Yow +, and Yow− are not used, conversion is performed after deleting these from the operation information (identification operation).

  In addition, the password generation unit 162 uses the hash function stored as the operation / symbol conversion ledger 112 without preparing a conversion table corresponding to one-to-one as described above, and the password generation unit 162 can generate a maximum of 12 types of input keys. Characters (symbols) or character strings (symbol strings) of 95 ways (half-width characters that can be used as passwords. Uppercase letters: 26 characters, lowercase letters: 26 characters, numbers: 10 characters, symbols: 32 characters, half-width spaces) May be generated.

For example, as shown in FIG. 7, the operation / symbol conversion ledger 112 uses “X +” to “Yow−” as 12 input keys from 0 to 11, and the hash value (0 to 9024) obtained from 3 digits of the input key is used. And the password generation means 162 can obtain two characters from the hash value. That is, 12 ³ = 1,728, 95 ² = 9,025, and ASCII code table 0x20: “SP” (half-width space) to 0x7e: “~” (tilde) is a character (symbol) (password usable character) (Symbol))

  The above is the operation of step S108 for “obtaining 1 operation × n from the operation information buffer” and step S109 for “converting operation information into a password” in the flowchart of FIG.

  When the password is generated, the password generation unit 163 includes the password requirements used in the authentication unit 17 (the complexity of the password (whether uppercase letters, lowercase letters, symbols are included, etc.), usable characters, and password length. Etc.) is verified (step S110). The password requirement is registered in advance in the password rule register 113. The password generation unit 163 refers to the password rule ledger 113 and corrects the generated password when the generated password does not satisfy the password requirement (step S111). When the rule is met (that is, when the password requirement is satisfied), the password generation unit 163 proceeds to the next process without correcting the generated password.

  Hereinafter, an example of password correction will be described.

The password does not contain a symbol → Appends a symbol to the end,
Non-usable characters (symbols) are used → Replace with usable characters (symbols)
Password is too long → Cut with the maximum length.

  This correction process needs to be the same for password registration and authentication. Therefore, the contents of the password rule register 113 are basically not changed.

  The operations in step S110 for determining whether or not “match with password rule” and “correct password” in step S111 in the flowchart of FIG. 2 have been described above.

  When the password is generated, the authentication unit 17 verifies whether the generated password matches the password registered in advance in the password ledger 114 (step S112). For this authentication process, an existing authentication technique using an ID and a password is used.

  If the passwords match (YES in step S112), other functions of the portable terminal 1 are made available (step S114), and the process ends. If they do not match (NO in step S112), the authentication unit 17 displays an authentication failure message on the display, and further locks the portable terminal 1 for a certain period of time when the authentication fails continuously several times. Processing at the time of authentication failure is performed (step S113), and a user's re-operation is awaited.

  The password registered in advance in the password ledger 114 is generated by the same procedure as in the present embodiment so far and is saved in the password ledger 114.

  The above is the operation of steps S112 to S113 for “authentication process password match” in the flowchart of FIG.

  Next, effects of the first embodiment will be described.

  The first embodiment of the present invention is configured to detect an input operation by translating and rotating the mobile terminal 1 using the sensors 13 that are often mounted on the mobile terminal 1, and is complicated. Authentication can be performed without inputting simple characters. In addition, an authentication information input device, an authentication information input method, and an authentication information input program are provided that have superior characteristics that can be obtained by a simple and intuitive operation that is comparable in security strength to passwords that are input by characters. can do.

  With reference to FIG. 8, a mobile terminal 1A to which an authentication information input apparatus according to a second embodiment of the present invention is applied will be described. In the second embodiment of the present invention, in addition to the first embodiment described above, the terminal device 1A includes an anti-snooping application 21, a display 23 for displaying a screen, display control means 22 for controlling the display, and sending and receiving mail. Including a mail application 24. The mobile terminal 1A may also be a mobile phone, a smartphone, a small game machine, or the like, for example.

  Note that the storage device 11 of the first embodiment is changed to a storage device 11A as described later, and the authentication application 16 of the first embodiment is changed to an authentication application 16A as described later.

  Therefore, the data processing apparatus 10A in the second embodiment includes a button operation acquisition unit 14 (see FIG. 1), a sensor operation acquisition unit 15 (see FIG. 1), an authentication application 16A, an authentication unit 17 (see FIG. 1), and a terminal. The operation application 18 (see FIG. 1), an anti-spying application 21, a display control unit 22, and a mail application 24 are included.

  As will be described later, the authentication application 16A is the same as that shown in FIG. 1 except that the action generation unit 162 is changed to the action generation unit 162A and the input start / end recognition unit 161 is changed to the input start / end recognition unit 161A. It has the same configuration as the authentication application 16 shown in FIG.

  As an alternative to the display 23, a sub-display of a mobile phone may be used, or a means for transmitting some message to the user may be used. The display control means 22 and the mail application 24 use existing technology installed in a commercially available mobile phone or the like.

  The anti-snooping application 21 includes a grip direction determining unit 211, an input reception button determining unit 212, and an anti-snooping countermeasure information notification unit 213.

  On the storage device 11A, in addition to the components of the storage device 11 of the first embodiment described above, a grip direction information storage unit 115 that stores grip direction information, and an input reception button information storage that stores input reception button information Part 116 is secured.

  That is, the storage device 11A includes the grip direction information storage unit 115 and the input reception button information storage in addition to the motion information buffer 111, the motion / symbol conversion ledger 112, the password rule ledger 113, and the password ledger 114 shown in FIG. Part 116.

  Other configurations are the same as those of the first embodiment.

  In the second embodiment, in addition to the first embodiment, since the user's authentication operation can be seen by others, in order to avoid the vulnerability that others imitate the operation and break through the authentication, the following anti-theft means Is added.

-Change the grip direction (in which direction the mobile terminal 1A is gripped for authentication),
-Change the button used to start / end the operation,
・ Add dummy action before and after the action.

Next, changing the grip direction will be described.
As shown in FIG. 9, the grip direction is defined as follows.

-Position 0: normal orientation,
-Position X: Direction rotated from position 0 by 180 ° around the X axis,
-Position Y: Direction rotated from position 0 by 180 ° around the Y axis,
・ Position Z: Direction rotated from position 0 by 180 degrees around the Z axis.

The grip direction is changed periodically (eg, once a day), and the position to be adopted may be determined randomly. Alternatively, use the remainder of the date divided by 4, for example, the grip direction,
・ Day with zero remainder → Position 0
・ Day with remainder 1 → Position X
・ Day with a remainder of 2 → Position Y
・ Day with remainder 3 → Position Z
(December 11 → 11 ÷ 4 = 2 remainder 3 → position Z)
It may be determined that.

  The grip direction determination means 211 determines grip direction information (for example, position X) by the above method, and registers the grip direction information in the grip direction information storage unit 115 of the storage device 11A. In addition, the grip direction determination unit 211 notifies the snooping countermeasure information notification unit 213 of the grip direction information.

  The anti-snooping countermeasure information notification unit 213 displays grip direction information on the display 23 through the display control unit 22. Further, the anti-snooping countermeasure information notifying unit 213 transmits the grip direction information to the mail address designated by the user through the mail application 24.

  Since the user needs to know this grip information in advance, the grip direction information to be used on a certain day is determined by the previous day and notified to the user by the above method. Registration of the grip direction information in the grip direction information storage unit 115 on the storage device 11A is performed on that day.

  For example, when determining the grip direction information to be used on December 11 (0:00 to 23:59), on December 10 (time is arbitrary), display display and mail transmission are performed. At 0:00 on the day, the grip direction information is registered (updated) in the grip direction information storage unit 115 on the storage device 11A.

  The motion generation means 162A is registered in the grip direction information storage unit 115 of the storage device 11A at that time in the process of step S107 in the flowchart of FIG. 2 in which “write one operation to the motion information buffer (append)”. The gripping direction information is referred to, and the identification operation is corrected according to the gripping direction. For example, in the authentication operation performed at position 0 and the authentication operation performed at position X, even if the same authentication operation is performed as the user, the grip direction is different, so the operation direction recognized as the sensor 13 of the mobile terminal 1A changes. Specifically, the motion generation unit 162A performs correction as follows.

Position X: Y + → Y−, Y− → Y +, Z + → Z−, Z− → Z +, Roll + → Roll−, Roll− → Rol ++, Yow + → Yow−, Yow− → Yo +,
(Y, Z, Roll, and Yow are converted in the reverse direction).

Position Y: X + → X−, X− → X +, Z + → Z−, Z− → Z +, Pitch + → Pitch−, Pitch− → Pitch +, Yow + → Yow−, Yow− → Yow +,
(X, Z, Pitch, and Yow are converted in the reverse direction).

Position Z: X + → X−, X− → X +, T + → Y−, Y− → Y +, Pitch + → Pitch−, Pitch− → Pitch +, Roll + → Roll−, Roll− → Roll +,
(X, Y, Pitch, and Roll are converted in the reverse direction).

  As described above, the grip direction determination unit 211 determines the grip direction in which the user performs the authentication operation by gripping the mobile terminal 1A. Then, according to the determined gripping direction, the action identifying means (162A, 111) changes the action directions of the plurality of identifying actions.

  Next, the change of the input start / end button of the authentication operation will be described.

  In the first embodiment described above, the input start / end recognition unit 161 recognizes the input start / end by pressing / releasing the “#” button. On the other hand, in the second embodiment, the button used to recognize the input start / end is periodically changed in the same manner as described above (change in grip direction).

  The buttons to be used may be selected from a numeric keypad or the like when the mobile terminal 1A is a mobile phone, and a button icon on the touch panel may be pressed for a smartphone with a small number of hardware buttons.

  The button determination method is the same as (change in grip direction), and may be determined randomly, or may be determined from the date or the like (for example, the button with the last digit number of the date is used. December) 11th → Number “1” button).

  The input reception button determination means 212 determines input reception button information (for example, the number “1” button) by the above method, and registers the determined input reception button information in the input reception button information storage unit 116 of the storage device 11A. To do. Further, the input reception button determination unit 212 notifies the determined anti-reception button information to the snooping countermeasure information notification unit 213.

  The anti-snooping information notification unit 213 displays the input reception button information on the display 23 through the display control unit 22, and transmits the input reception button information to a mail address designated by the user through the mail application 24.

  The notification timing of the input acceptance button information to the user and the registration timing on the storage device 11A are the same as those described above (changing the grip direction).

  The input start / end recognizing means 161A performs the input acceptance button information storage unit of the storage device 11A at that time in step S103 for "detecting input start" and step S104 for "detecting input end" in the flowchart of FIG. The input acceptance button information registered on 116 is referred to, and input start / end is determined based on the button information.

  As described above, the input reception button determination unit 212 determines a button to be used for the input start / end of the authentication operation. According to the determined button, the action identifying means (162A, 111) identifies a plurality of detected actions.

  Next, addition of a dummy operation will be described.

  The user can prevent the authentication operation from being seen by others by performing the following operation as a dummy before and after inputting the authentication operation.

  Dummy operation: An operation that is performed when the button used to start / end the input is not pressed (or another button is pressed).

  Since it is not known from other people at which timing the authentication operation is started / finished, even if the user's operation other than the button operation is imitated completely, the authentication does not pass.

  Next, the effect of the second embodiment will be described.

  The second embodiment of the present invention is configured to detect an input operation by translating and rotating the mobile terminal 1A using the sensors 13 that are often mounted on the mobile terminal 1A. Authentication can be performed without inputting simple characters. In addition, an authentication information input device, an authentication information input method, and an authentication information input program are provided that have superior characteristics that can be obtained by a simple and intuitive operation that is comparable in security strength to passwords that are input by characters. can do. Furthermore, since the snooping prevention means is provided, it is possible to prevent others from seeing a plurality of predetermined authentication operations.

  While the present invention has been described with reference to the embodiments, the present invention is not limited to the above embodiments. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention. For example, in the above-described embodiment, “reciprocating operation” such as “parallel reciprocating operation” or “rotating (swinging) reciprocating operation” is used as the predetermined authentication operation (moving operation, rotating operation). However, the present invention is not limited to such “reciprocating operation”, and other operations such as “one-way operation” may be adopted.

  A part or all of the above-described embodiment can be described as in the following supplementary notes, but is not limited thereto.

(Appendix 1) An authentication information input device for a user to input authentication information to a mobile terminal,
Operation detecting means for detecting one of a plurality of predetermined authentication operations applied to the portable terminal and outputting a detection operation signal representing each detection operation;
An operation identifying means for identifying a plurality of detection operations from the detection operation signal and generating an identification operation signal representing a plurality of identification operations;
Conversion information storage means for storing conversion information for converting the combination of the predetermined authentication operations into a symbol;
Referring to the conversion information storage means, password generating means for generating a password from the plurality of identification operations represented by the identification operation signal;
An authentication information input device.

(Supplementary note 2) The authentication information input device according to supplementary note 1, wherein the plurality of predetermined authentication operations include at least a movement operation and a rotation operation.

(Supplementary Note 3) The motion detection means includes
A sensor for measuring the plurality of predetermined authentication operations;
Sensor operation acquisition means for acquiring operation information measured by the sensor and outputting the detection operation signal;
The authentication information input device according to appendix 2, including:

(Additional remark 4) The said sensor detects the moving speed, acceleration, rotational speed (angular velocity), and rotational acceleration (angular acceleration) of the said portable terminal as said some predetermined | prescribed authentication operation | movement, The authentication information of Additional remark 3 Input device.

(Additional remark 5) The said action identification means is
Operation generating means for continuously identifying and generating the detection operation corresponding to the detection operation signal as the identification operation from the detection operation signal;
An operation information buffer for storing a plurality of recognition operations generated by the operation generation means and storing the identification operation signals representing the plurality of identification operations;
The authentication information input device according to any one of appendices 1 to 4, further comprising:

(Additional remark 6) The password rule storage means which registered password requirements beforehand is further provided
The authentication according to any one of appendices 1 to 5, wherein the password generation unit refers to the password rule storage unit and corrects the generated password until the generated password satisfies the password requirement. Information input device.

(Appendix 7) Password storage means for storing a password used for authentication;
An authentication means for verifying whether or not the password generated from the password generation means matches the password stored in the password storage means;
The authentication information input device according to any one of appendices 1 to 6, further comprising:

(Appendix 8) User operation detection means for detecting operation information of the user with respect to the portable terminal;
Input start / end recognition means for recognizing the input start / end of the authentication operation from the operation information;
Further comprising
The authentication information according to any one of appendices 1 to 7, wherein the operation identification unit identifies the plurality of detection operations according to the input start / end of the authentication operation recognized by the input start / end recognition unit. Input device.

(Supplementary Note 9) The user operation detection means includes:
An input device operable by the user;
Operation acquisition means for acquiring the operation information from the input device;
The authentication information input device according to appendix 8, wherein

(Supplementary note 10) The authentication information input device according to supplementary note 9, wherein the input device includes at least one selected from a push button, a key, and a touch panel.

(Supplementary note 11) The authentication information input device according to any one of supplementary notes 1 to 10, further comprising a snooping prevention unit that prevents the plurality of predetermined authentication operations from snooping.

(Supplementary Note 12) The snooping prevention means includes a grip direction determination means for determining a grip direction in which the user performs the authentication operation by gripping the mobile terminal,
12. The authentication information input device according to appendix 11, wherein the operation identification unit is caused to change the operation direction of the plurality of identification operations according to the determined grip direction.

(Additional remark 13) The said snooping prevention means is provided with the input reception button determination means which determines the button used for the input start / end of the said authentication operation | movement,
12. The authentication information input device according to appendix 11, wherein the operation identification unit identifies the plurality of detection operations according to the determined button.

(Additional remark 14) It is the authentication information input method for a user to input authentication information to a portable terminal,
Continuously detecting one of a plurality of predetermined operations in which the user moves the mobile terminal;
Identifying the plurality of detected predetermined actions;
Generating a password based on the plurality of identified predetermined operations with reference to conversion information storage means for storing conversion information for converting the combination of the predetermined operations into a symbol;
Authentication information input method including.

(Supplementary Note 15) The authentication information input method according to Supplementary Note 14, wherein the plurality of predetermined operations include at least a movement operation and a rotation operation.

(Additional remark 16) The step which produces | generates the said password refers to the password rule memory | storage means which registered password requirements previously, and corrects the said produced | generated password until the said produced | generated password satisfy | fills the said password requirement, Additional remark 14 Or the authentication information input method of 15.

(Supplementary note 17) The authentication information input method according to any one of supplementary notes 14 to 16, further comprising a step of performing authentication using the generated password.

(Supplementary note 18) The authentication information input method according to supplementary note 17, wherein the step of performing authentication verifies whether or not the generated password matches a password stored in advance in a password storage unit.

(Supplementary note 19) The authentication information input method according to any one of supplementary notes 14 to 18, further comprising a step of preventing the plurality of predetermined operations from being observed.

(Supplementary note 20) An authentication information input program for a user to input authentication information to a mobile terminal that works as a computer,
In the computer,
A procedure for continuously detecting one of a plurality of predetermined operations for moving the mobile terminal by the user;
A procedure for identifying the plurality of detected predetermined actions;
A procedure for generating a password based on the plurality of identified predetermined actions with reference to conversion information storage means for storing conversion information for converting the combination of the predetermined actions into symbols;
Authentication information input program to execute.

(Supplementary note 21) The authentication information input program according to supplementary note 20, wherein the plurality of predetermined operations include at least a movement operation and a rotation operation.

(Additional remark 22) The procedure which produces | generates the said password refers to the password rule memory | storage means which registered password requirements in the said computer beforehand, and corrects the said produced | generated password until the said produced | generated password satisfy | fills the said password requirement. The authentication information input program according to appendix 20 or 21, which is executed.

(Additional remark 23) The authentication information input program as described in any one of additional marks 20 thru | or 22 which makes the said computer further perform the procedure which authenticates using the said produced | generated password.

(Supplementary Note 24) The authentication information input program according to Supplementary Note 23, wherein the authentication is performed by causing the computer to verify whether the generated password matches a password stored in advance in a password storage unit.

(Supplementary note 25) The authentication information input program according to any one of supplementary notes 20 to 24, further causing the computer to further execute a procedure for preventing the plurality of predetermined operations from being observed.

  The present invention can be widely applied to devices and systems that generally require user authentication.

1, 1A ... Mobile terminal (authentication information input device)
10, 10A ... Data processing device (computer)
11, 11A ... Storage device 12 ... Push button (input device)
DESCRIPTION OF SYMBOLS 13 ... Acceleration sensor / gyro sensor 14 ... Button operation acquisition means 15 ... Sensor operation acquisition means 16, 16A ... Authentication application 17 ... Authentication means 18 ... Terminal operation application 21 ... Anti-spying application 22 ... Display control means 23 ... Display 24 ... Mail application 111 ... Operation information buffer 112 ... Action / symbol conversion ledger (conversion information storage means)
113 ・ ・ ・ Password rule ledger (password rule storage means)
114 ・ ・ ・ Password ledger (password storage means)
115 ... grip direction information storage unit 116 ... input reception button information storage unit 161, 161A ... input start / end recognition means 162, 162A ... action generation means 163 ... password generation means 211 ...・ Grasping direction determination means 212 ・ ・ ・ Input reception button determination means 213 ・ ・ ・ Peeping countermeasure information notification means

Claims (10)

An authentication information input device for a user to input authentication information to a mobile terminal,
Operation detecting means for detecting one of a plurality of predetermined authentication operations applied to the portable terminal and outputting a detection operation signal representing each detection operation;
An operation identifying means for identifying a plurality of detection operations from the detection operation signal and generating an identification operation signal representing a plurality of identification operations;
Conversion information storage means for storing conversion information for converting the combination of the predetermined authentication operations into a symbol;
Referring to the conversion information storage means, password generating means for generating a password from the plurality of identification operations represented by the identification operation signal;
A password rule storage means pre-registered with password requirements;
The password generation unit refers to the password rule storage unit, and corrects the generated password until the generated password satisfies the password requirement . Password storage means for storing a password used for authentication;
An authentication means for verifying whether or not the password generated from the password generation means matches the password stored in the password storage means;
The authentication information input device according to claim 1, further comprising: User operation detection means for detecting operation information of the user with respect to the portable terminal;
Input start / end recognition means for recognizing the input start / end of the authentication operation from the operation information;
Further comprising
The authentication information input device according to claim 1, wherein the operation identification unit identifies the plurality of detection operations in accordance with the input start / end of the authentication operation recognized by the input start / end recognition unit.   The authentication information input device according to claim 1, further comprising a snooping prevention unit that prevents the plurality of predetermined authentication operations from snooping. An authentication information input method for a user to input authentication information to a mobile terminal,
Continuously detecting one of a plurality of predetermined operations in which the user moves the mobile terminal;
Identifying the plurality of detected predetermined actions;
Generating a password based on the plurality of identified predetermined operations with reference to conversion information storage means for storing conversion information for converting the combination of the predetermined operations into a symbol;
Including
The authentication information input method , wherein the step of generating the password refers to a password rule storage unit in which password requirements are registered in advance and corrects the generated password until the generated password satisfies the password requirement . The authentication information input method according to claim 5, further comprising a step of performing authentication using the generated password.   The authentication information input method according to claim 5, further comprising a step of preventing the plurality of predetermined operations from being seen. An authentication information input program for a user to input authentication information to a mobile terminal that works as a computer,
In the computer,
A procedure for continuously detecting one of a plurality of predetermined operations for moving the mobile terminal by the user;
A procedure for identifying the plurality of detected predetermined actions;
A procedure for generating a password based on the plurality of identified predetermined actions with reference to conversion information storage means for storing conversion information for converting the combination of the predetermined actions into symbols;
Was executed,
The procedure for generating the password is to allow the computer to modify the generated password until the generated password satisfies the password requirement with reference to a password rule storage means in which password requirements are registered in advance. Information input program. The authentication information input program according to claim 8, further causing the computer to execute a procedure for performing authentication using the generated password.   The authentication information input program according to claim 8 or 9, further causing the computer to further execute a procedure for preventing the plurality of predetermined operations from being stolen.

Images