JP5705169B2 - INPUT INFORMATION AUTHENTICATION DEVICE, SERVER DEVICE, INPUT INFORMATION AUTHENTICATION SYSTEM, AND DEVICE PROGRAM - Google Patents

Description

  The present invention, for example, receives input of authentication information such as a personal identification number, collates the input contents with previously registered authentication information, and performs an input information authentication device for performing authentication that is a determination as to whether or not they match. The present invention relates to a server device, an input information authentication system, and a device program.

  As a technique to prevent the authentication information from being stolen when inputting, narrowing the viewing angle of the display screen or displaying the input number with "*" mark etc. to indicate only the number of input digits Has been done.

  In addition, as a PIN code input device that allows a user to input a PIN code using a numeric keypad from a terminal such as a financial automatic machine (ATM), an input numeric keypad screen and a fake input numeric keypad screen are displayed. In some cases, the password is prevented from being stolen even when the movement of the input hand is seen by being inserted (see, for example, Patent Document 1).

Japanese Patent No. 2985888

  However, the above-described conventional technology for preventing snooping such as Patent Document 1 assumes that a third party is located at some distance away, such as a financial automatic machine (ATM), for example. It wasn't even taken into account even when it was seen from a distance by a third party. That is, information indicating whether the user wants to input a dummy number or a password is presented on a fake input numeric keypad. For this reason, for example, when the input screen itself is viewed as well as the movement of the input user's hand, such as over the shoulder of the input user or a hidden camera, which input is dummy There is a risk that the password will be identified and the password will be known.

  The present invention has been made in view of such a situation, and even when a hand and an input screen are viewed from a third party during an input operation for authentication, the input content that is matched with the authentication information It is an object of the present invention to provide an input information authentication device, a server device, an input information authentication system, and a program for the device that can make analogy difficult.

In order to achieve such an object, an input information authentication apparatus according to the present invention includes:
An input information authentication device for performing authentication for determining whether information corresponding to an operated key of an input unit having a plurality of keys matches authentication information stored in advance,
Authentication auxiliary information used to indicate information corresponding to the number of operations in a predetermined number of key operations to the input means for performing authentication as authentication information is previously stored as key top information and key locations. Remembered,
Change the arrangement pattern of key top information assigned to multiple keys each time a key operation for authentication is performed,
Information corresponding to the key of the input means operated when the key top information of the authentication auxiliary information is displayed at the key position of the authentication auxiliary information is used for authentication, and the key top information of the authentication auxiliary information is used for the authentication. The information corresponding to the key of the input means operated when the auxiliary information key is not displayed at the location of the key is not used for authentication.

Moreover, the server device according to the present invention provides:
A server device used by being connected to an input information authentication device by wire, wireless, or a combination thereof,
The input information authentication device
An input means having a plurality of keys;
Display means;
Display control means for performing display control on the display means,
Server device
Performing authentication, which is a determination as to whether or not the information corresponding to the operated key of the input means matches the authentication information stored in advance,
Authentication auxiliary information used to indicate information corresponding to the number of operations in a predetermined number of key operations to the input means for performing authentication as authentication information is previously stored as key top information and key locations. Storage means for storing;
A pattern generating means for generating an arrangement pattern of key top information assigned to a plurality of keys for the number of times of key input for authentication, and
The display control means changes the arrangement pattern of key top information assigned to a plurality of keys every time a key operation for authentication is performed based on the arrangement pattern for the number of times of key input generated by the pattern generation means. ,
The server device uses the information corresponding to the key of the input means operated when the key top information of the authentication auxiliary information is displayed at the key location of the authentication auxiliary information for authentication, and the key top information of the authentication auxiliary information The information corresponding to the key of the input means operated when the information is not displayed at the key location of the authentication auxiliary information is not used for authentication.

Moreover, the input information authentication system according to the present invention includes:
An input information authentication system configured by connecting an input information authentication device and a server device by wire, wireless, or a combination thereof,
The input information authentication device
An input means having a plurality of keys;
Display means;
Display control means for performing display control on the display means,
Server device
Performing authentication, which is a determination as to whether or not the information corresponding to the operated key of the input means matches the authentication information stored in advance,
Authentication auxiliary information used to indicate information corresponding to the number of operations in a predetermined number of key operations to the input means for performing authentication as authentication information is previously stored as key top information and key locations. Storage means for storing;
A pattern generating means for generating an arrangement pattern of key top information assigned to a plurality of keys for the number of times of key input for authentication, and
The display control means changes the arrangement pattern of key top information assigned to a plurality of keys every time a key operation for authentication is performed based on the arrangement pattern for the number of times of key input generated by the pattern generation means. ,
The server device uses the information corresponding to the key of the input means operated when the key top information of the authentication auxiliary information is displayed at the key location of the authentication auxiliary information for authentication, and the key top information of the authentication auxiliary information The information corresponding to the key of the input means operated when the information is not displayed at the key location of the authentication auxiliary information is not used for authentication.

Moreover, the program of the input information authentication device according to the present invention is:
A program of an input information authenticating device for performing authentication, which is a judgment that information corresponding to an operated key of an input means having a plurality of keys is compared with previously stored authentication information,
Authentication auxiliary information used to indicate information corresponding to the number of operations in a predetermined number of key operations to the input means for performing authentication is input as key top information and key location Stored in advance in the information authentication device,
On the computer,
A procedure for changing an arrangement pattern of key top information assigned to a plurality of keys each time a key operation for authentication is performed;
Information corresponding to the key of the input means operated when the key top information of the authentication auxiliary information is displayed at the key position of the authentication auxiliary information is used for authentication, and the key top information of the authentication auxiliary information is used for the authentication. And a procedure for preventing the information corresponding to the key of the input means operated when not being displayed at the location of the key of the auxiliary information from being used for authentication.

  As described above, according to the present invention, even when a hand and an input screen are viewed by a third party during an input operation for authentication, it is difficult to guess the input content that is collated with the authentication information. be able to.

It is a block diagram which shows the structural example of the input information authentication apparatus 100 as the 1st Embodiment of this invention. It is a figure which shows the touch keyboard example as 1st Embodiment, and the example of the input code string used as authentication OK. It is a flowchart which shows the operation example of the input information authentication apparatus 100 as 1st Embodiment. It is a figure which shows the other example of a registration input method in 1st Embodiment. It is a block diagram which shows the structural example of the input information authentication system as 2nd Embodiment. It is a flowchart which shows the operation example of the input information authentication system as 2nd Embodiment. It is a block diagram which shows the structural example of the input information authentication apparatus 100 as 3rd Embodiment. It is a flowchart which shows the operation example at the time of passcode registration in 3rd Embodiment. It is a figure which shows an example which decomposes | disassembles an extraction pattern for every digit and hashes. It is a flowchart which shows the operation example of the input information authentication apparatus 100 as 3rd Embodiment. It is a flowchart which shows the operation example of the input information authentication apparatus 100 as 4th Embodiment.

  Next, an embodiment to which an input information authentication apparatus, a server apparatus, an input information authentication system, and an apparatus program according to the present invention are applied will be described in detail with reference to the drawings.

First, an outline common to the embodiments of the present invention will be described.
In the embodiment of the present invention, key top information and key locations are registered in advance as key keys (authentication auxiliary information), and the arrangement pattern (display pattern) of the key top information on the displayed touch keyboard is changed every time a key input operation is performed. Change. Thus, whether the key input by the user is for inputting an input passcode or a dummy input depending on whether or not key top information registered in advance as a key key is displayed at the location of the key registered in advance. Is determined.

  As described above, in the embodiment of the present invention, it is not determined whether the input is a dummy input or the authentication information depending on the character input of which character, so which input is a dummy. It is possible to prevent a third party who does not know the key top information of the key and the key location from being identified. For this reason, even if it is a case where the hand and display screen at the time of input are seen from the third party, it can be difficult to guess authentication information.

[First Embodiment]
Next, a first embodiment of the present invention will be described.
In each embodiment described below, an example in which a numeric passcode is used as authentication information will be described.

  As shown in FIG. 1, an input information authentication apparatus 100 as a first embodiment includes a display input unit 110 such as a touch panel display, a display input control unit 120, a display pattern generation unit 121, and an input passcode extraction unit. 122, a registration unit 123, a verification unit 130 that performs verification on an input passcode that has been input, and a storage unit 140 that stores a registered registration passcode and the like.

  The display input unit 110 displays a plurality of keys as a touch keyboard on the screen, detects a touch position on the front screen, and determines which of the displayed keys is input based on the position information of the touch position. Is determined.

  The display input control unit 120 performs display control of input keys displayed on the display input unit 110 and control to receive an operation input to the display input unit 110 as an input signal.

  The display pattern generation unit 121 generates a display pattern, which is an arrangement pattern of each key on the touch keyboard displayed on the display input unit 110, for each operation order number in a predetermined number of key input operations for authentication. In the present embodiment, an example will be described in which this display pattern is generated by assigning key top information of “1” to “9” to a 3 × 3 matrix arrangement.

  The input passcode extraction unit 122 extracts an input passcode from which the dummy input is deleted from an input code string obtained by a predetermined number of key input operations for authentication.

  The registration unit 123 receives a registration input of the registration passcode that is the authentication information and the key top information of the key and the key location information that is the authentication auxiliary information from the user, and stores the registration in the storage unit 140. As will be described later, the key key uses the input content of the specified number of key input operations for authentication as the target of verification with the registered passcode, and verifies the input content of the number of operations. It is for showing whether it is regarded as a dummy code that is not adopted for the target.

  The collation unit 130 collates the input passcode extracted by the input passcode extraction unit 122 with the registered passcode stored in the storage unit 140.

FIG. 2 shows an example of transition of the touch keyboard corresponding to the generated display pattern for the number of input characters and an example of an input code string in the case of passcode authentication OK.
In the present embodiment, the display pattern displayed as a touch keyboard for each operation order number in a predetermined number of key input operations for authentication includes three rows of key top information “1” to “9” for numeric input. An example in the case of being configured by assigning to a matrix arrangement of × 3 columns will be described.

  The display pattern of the touch keyboard displayed on the display input unit 110 is generated for a predetermined number of input characters by the display pattern generation unit 121 so that a different display pattern is displayed every time a key input is performed. The input passcode extraction unit 122 performs the key input when the key top information registered in advance as the key key is displayed at the location of the key registered in advance as the key key for the display pattern in each operation order number. Recognized as an input passcode by the user. In addition, the input key in other cases is recognized as a dummy input.

In the example of FIG. 2, the registration passcode registered in advance by the registration unit 123 is “19”, the key top information of the key key is “3”, and the key location is “upper right”.
Here, in the display pattern when the first character is input in the example of FIG. 2A, the key top information of the key location “upper right” registered as the key is “3”. Therefore, the input passcode extraction unit 122 recognizes this first character input as the first digit of the input passcode by the user. As an input for the authentication OK, “1”, which is the first digit of the pass code “19”, is input at the first character input.

As described above, as input rules to be presented to the user, when key top information registered in advance as a key key is displayed at the location of the key registered in advance as a key key, the input content from the touch keyboard is input. It will be recognized as a passcode. Also, if anything other than key top information registered in advance as a key key is displayed at the location of the key registered in advance as a key key, the input content from the touch keyboard is recognized as a dummy and not recognized as an input passcode. I will do it.
Therefore, in order to input a pass code for authentication OK, when the key top information registered in advance as the key key is displayed at the location of the key registered in advance as the key key, the user must Each digit of the registered passcode will be entered in order.

  Further, in the display pattern when the second character is input in the example of FIG. 2A, the key top information of the key location “upper right” registered as the key key is “9”, that is, registered in advance as the key key. Other than key top information. For this reason, the input passcode extraction unit 122 recognizes the input of the second character as a dummy input regardless of which key is input. In the example of FIG. 2, the dummy input is indicated by “*”.

  In the display pattern when the third character is input in the example of FIG. 2A, the key top information of the key location “upper right” registered as the key is “3”. For this reason, the input passcode extraction unit 122 recognizes this third character input as the second digit of the input passcode by the user. As an input for making the authentication OK, “9”, which is the second digit of the pass code “19”, is input in the third character.

  In the display pattern when inputting the fourth to sixth characters in the example of FIG. 2A, the key top information of the key location “upper right” registered as the key key is “2”, “9”, “2”. That is, any operation order number is other than key top information registered in advance as a key key. For this reason, the input passcode extraction unit 122 recognizes the input of the fourth to sixth characters as a dummy input regardless of which key is input. In the example of FIG. 2, the dummy input is indicated by “*”. This completes the passcode input.

Here, generation of display patterns for the number of input characters by the display pattern generation unit 121 in this embodiment is performed after an input operation for authentication is performed with the touch keyboard of the display input unit 110 and authentication is OK. This is performed each time an input screen for starting an input operation for authentication is displayed.
For this reason, after the authentication is successful, the next time an input operation for authentication is started, a touch keyboard with a display pattern different from the previous input is displayed.

FIG. 2B shows another example of combinations of display patterns for the number of input characters.
In the display pattern at the time of inputting the first character and the second character in the example of FIG. 2B, the key top information of the key location “upper right” registered as the key key is “9”, that is, as the key key in advance. Other than the registered key top information. Therefore, the input passcode extraction unit 122 recognizes the input of the first character and the second character as a dummy input regardless of which key is input. In the example of FIG. 2, the dummy input is indicated by “*”.

  In the display pattern when the third character is input in the example of FIG. 2B, the key top information of the key location “upper right” registered as the key is “3”. For this reason, the input passcode extraction unit 122 recognizes this third character input as the first digit of the input passcode by the user. As an input for the authentication OK, “1”, which is the first digit of the pass code “19”, is input in the third character.

  In the display pattern at the time of inputting the fourth character and the fifth character in the example of FIG. 2B, the key top information of the key location “upper right” registered as the key key is “2”, that is, as the key key in advance. Other than the registered key top information. Therefore, the input passcode extraction unit 122 recognizes the input of the fourth character and the fifth character as a dummy input regardless of which key is input. In the example of FIG. 2, the dummy input is indicated by “*”.

  In the display pattern at the time of inputting the sixth character in the example of FIG. 2B, the key top information of the key location “upper right” registered as the key is “3”. For this reason, the input passcode extraction unit 122 recognizes the input of the sixth character as the second digit of the input passcode by the user. As an input for making the authentication OK, “9”, which is the second digit of the pass code “19”, is input in the sixth character. This completes the passcode input.

  Here, for example, when the user is inputting a passcode, it is assumed that a third party has seen the operation of the hand inputting the key and the input screen from a close distance such as over the shoulder of the user. Furthermore, after that, it is assumed that the input information authentication device 100 of this embodiment has been obtained by the third party.

The security for the replay attack in this embodiment will be described with reference to the example of FIG.
For example, the user performs a key input operation for authentication using the display pattern of the touch keyboard that transitions as shown in FIG. 2A, and the keys “1, 4, 9, 2, 5, 8” including the dummy input. It is assumed that authentication is OK by input. After that, when a third party stealing the input operation of the key input hand and the input screen tries to perform a key input operation for authentication, the transition is made for 6 characters as shown in FIG. Assume that combinations of display patterns are generated and displayed in order.

  In this case, when the third party inputs the same six digits “1, 4, 9, 2, 5, 8” as seen earlier, to the input information authentication apparatus 100 of the present embodiment, as described above, In the display pattern at the time of inputting the first character, the second character, the fourth character, and the fifth character in the example of FIG. 2B, the key top information of the key location “upper right” registered as the key key is the key. Other than key top information registered in advance as a key. For this reason, the input passcode extraction unit 122 recognizes the input of the first character, the second character, the fourth character, and the fifth character as a dummy input.

  In the display pattern at the time of inputting the third and sixth characters in the example of FIG. 2B, as described above, the key is registered as the key key at the location “upper right” of the key registered as the key key. The key top information “3” is displayed. Therefore, the input passcode extraction unit 122 recognizes the third character input key “9” and the sixth character input key “8” as the input passcode by the user. For this reason, the input passcode extracted by the input passcode extraction unit 122 is “98”, which does not match the registered passcode “19”, and the authentication result is NG.

  For this reason, even if a third party who has seen the passcode input obtains the input information authenticating apparatus 100 and inputs the same 6 digits as the previous one, it is not possible to authenticate with the input contents seen. . In this way, even when the operation and the input screen of the hand inputting the key are seen, it is possible to realize high security without being informed of the input content to be authenticated.

  In the case of authentication NG, the display pattern is not generated by the display pattern generation unit 121, and the display pattern remains as it is when the pass code is input next time. For this reason, it is impossible to repeat the input operation until a peeped pattern is displayed, and security can be improved.

  Further, every time the authentication becomes NG, the wait time for input may be doubled at the next input. Thus, the wait time is doubled every time the key input operation for authentication becomes authentication NG, so that the security against replay attack attempts and repeated brute force attacks can be improved. Alternatively, the wait time may be increased exponentially every time the authentication is NG.

  As described above, as the display pattern generation unit 121 generates the display patterns for the number of input characters in the example of FIG. 2, the key top information registered as the key key is displayed at the location of the key registered as the key key. It is generated so as to be arranged with a probability of 1 /.

  The number of key inputs for authentication by the user is expressed by the product of the number of digits of the registered passcode and the reciprocal of the placement probability at which the key top information registered as the key key is placed at the registered key location. Is done. For example, in the example of FIG. 2, since the arrangement probability of the key top information registered as the key key being arranged at the registered key location is 1/3 and the number of digits of the registered passcode is 2, the registered pass The product of the number of digits of the code and the reciprocal of the arrangement probability is 2 digits × 3 = 6 digits (for 6 times).

In the display pattern for the number of input characters to be generated, it has been explained that the arrangement probability that the key top information registered as the key key is arranged at the registered key location is predetermined. It is preferable not only for the key top information that has been made, but also for all the key locations on the touch keyboard, the key top information that is placed at that location is placed the same number of times.
In this way, by generating display patterns for the number of input characters so that the key top information placed at each location is placed the same number of times, the key top information placed at each location is placed at that location. Variations in the arrangement probability of arrangement can be eliminated, and it is more difficult for a third party to make an analogy of a key / key.

As a method of generating display patterns for the number of input characters so that the key top information arranged in each place is arranged the same number of times in a specific place, for example, the following method may be used.
First, a basic display pattern such as a display pattern when the user registers a passcode is set. Then, with respect to the basic display pattern, the arrangement of one specific row is made the same, and the other rows are made different. Other rows can be arranged differently by simply rolling them to the right one by one. By generating a display pattern by setting all the rows in this way, all the key top information is arranged at the same place as the basic display pattern once for the number of rows.

  Further, the arrangement of one specific column may be the same with respect to the basic display pattern, and the other columns may be arranged differently. Other rows can be arranged in different arrangements by simply rolling them down one by one. By generating the display pattern by setting all the columns in this way, all the key top information is arranged at the same place as the basic display pattern once for the number of columns.

  Thus, when a display pattern is generated by arranging each row or column in the same arrangement as the basic display pattern, all the key top information is arranged at the same place as the basic display pattern twice for the number of rows + the number of columns. It will be. For example, as shown in FIG. 2, when the touch keyboard is 3 rows × 3 columns, all of the key top information are arranged at the same place as the basic display pattern twice in 6 times.

  Further, the number of rows + the number of columns is not limited to the case of the probability of 2 times. For example, a group of a plurality of keys such as rows and columns is considered, and one key top information includes at least two or more keys. By setting the display patterns to belong to the group and generating the display pattern as described above, all the key top information can be arranged at the same place as the basic display pattern with an arbitrary probability.

  The generation of such a display pattern will be described using the specific examples of FIGS. FIG. 4 shows an example of a display pattern displayed when the user registers a passcode, and the display pattern at the time of registering the passcode is set as a basic display pattern.

In the display pattern of the first character in FIG. 2A described above, the first line has the same arrangement as the basic display pattern in FIG. 4, and the second line and the third line are each rolled to the right one by one. It is generated as an arrangement. That is, “4, 5, 6” is rolled to “6, 4, 5”, and “7, 8, 9” is rolled to “9, 8, 7”, one by one.
In the display pattern of the fourth character in FIG. 2A, the second line is the same arrangement as the basic display pattern in FIG. 4, and the first line and the third line are each rolled to the right one by one. It is generated as an arrangement.
In the display pattern of the sixth character in FIG. 2A, the third line is the same arrangement as the basic display pattern in FIG. 4, and the first line and the second line are both rolled one by one to the right. It is generated as an arrangement.

In the display pattern of the second character in FIG. 2A, the first row is the same arrangement as the basic display pattern in FIG. 4, and the second row and the third row are both rolled down one by one. It is generated as an arrangement.
Further, in the display pattern of the fifth character in FIG. 2A, the second row is the same arrangement as the basic display pattern in FIG. 4, and the first row and the third row are both rolled down one by one. It is generated as an arrangement.
Further, in the display pattern of the sixth character in FIG. 2A, the third column is the same arrangement as the basic display pattern in FIG. 4, and the first column and the second column are both rolled down one by one. It is generated as an arrangement.

Similarly, in the first character of FIG. 2B described above, the first column has the same arrangement with respect to the basic display pattern of FIG. 4, the second character has the same arrangement in the second column, and the third character has the third column. Are generated as the same arrangement.
Further, in the fourth character in FIG. 2B, the third line has the same arrangement with respect to the basic display pattern in FIG. 4, the second character has the same arrangement in the fifth character, and the first line has the same arrangement in the sixth character. Has been generated as

  In addition, in the generation of display patterns for the number of input characters by the display pattern generation unit 121, a display pattern that is different from the combination of display patterns for the number of input characters used when authentication is performed last time at the time when the touch keyboard is displayed. Alternatively, a predetermined number of display pattern combinations corresponding to the number of input characters may be stored in advance. In this case, a combination different from the combination of display patterns corresponding to the number of input characters used when authentication was successful last time is selected at the next authentication.

Here, when the display pattern generation unit 121 generates display patterns for the number of input characters so that the key top information arranged at each location is arranged at the same number of times, for example, as described above, the registration passcode If the number of digits is 2 and the placement probability is 1/3, 2 out of 6 digits of the number of input characters are registered passcodes, so a third party who steals the input content that is an authentication OK can guess The total number of input contents is ₆ C ₂ = 15. For this reason, in the case of the example of FIG. 2 described above, it is preferable that there are 15 or more combinations of display patterns for the number of input characters stored in advance by the display pattern generation unit 121.
By determining the number of combinations of display patterns corresponding to the number of input characters stored in advance, the security strength against the analogy caused by a third party's one-day snooping and the same display pattern as a past one-time snooping are obtained. It is possible to prepare a minimum number of combinations that make the security strength against accidental appearance the same level.

If the registration passcode is 3 digits and the placement probability is 1/3, the number of input characters will be 3 digits x 3 = 9 digits. The total number of input contents that can be obtained is ₉ C ₃ = 84. For this reason, it is preferable that there are 84 or more combinations of display patterns for the number of input characters stored in advance by the display pattern generation unit 121.

  In this way, even if the operation and input screen of the key input hand that becomes the authentication OK is seen by a third party, the total number of input contents that can be inferred by the number of digits and the arrangement probability of the registered passcode. Becomes a large number. For this reason, for example, when the authentication screen is locked for a predetermined number of times, the authentication screen is locked, or when the key input operation for authentication becomes NG once as described above, the weight for input at the next input By configuring the time so that the time is doubled or exponentially increased, it is possible to ensure sufficient security strength that can surely protect against a powerful attack such as inputting a pattern that can be inferred.

  Next, an operation example of the input information authentication apparatus 100 as the first embodiment will be described with reference to the flowchart of FIG. In the operation of the present embodiment described below, it is assumed that registration input is performed in advance and stored in the storage unit 140 by the registration unit 123 with respect to the passcode, key top information of the key and key location.

  First, the display pattern generation unit 121 generates a display pattern for the first character of the touch keyboard displayed on the touch panel display as the display input unit 110 (step S1). Every time one character is input, the display pattern generation unit 121 repeats the operation of generating a display pattern in the next operation order number until a predetermined number of input characters is input (steps S2 and S3).

  In the generation of the display pattern by the display pattern generation unit 121, as described above, the combination used for the input operation for the current authentication is selected from the combinations of the display patterns for the number of input characters stored in advance, and the selected The display pattern of the next operation order number in the combination is displayed on the display input unit 110.

  In this way, the key input is received up to a predetermined number of times, that is, the number of products of the number of digits of the registered passcode and the reciprocal of the arrangement probability where the key top information registered as the key key is arranged at the registered key location. (Step S3; Yes). In the example shown in FIG. 2, since the number of digits of the registered passcode is 2 digits and the arrangement probability is 1/3, the number of key input digits for authentication is 2 digits × 3 = 6 times (6 digits). Become.

  When the key input is performed up to a predetermined number of times of input, the input passcode extraction unit 122, based on the display pattern for the number of input characters generated in step S1, the key top information registered as the key key, and the key location, The dummy code and the input passcode by the user are distinguished, and an extraction pattern for extracting only the input passcode by the user from the 6-digit key input content is generated (step S4).

In the example of the display pattern shown in FIG. 2A described above, this extraction pattern is “first digit, dummy, second digit, dummy, dummy, dummy” of the pass code input by the user for a six-digit key input. It is.
In the example of the display pattern of FIG. 2B described above, the input passcode by the user is “dummy, dummy, 1st digit, dummy, dummy, 2nd digit” for a 6-digit key input.

  When the input passcode extraction unit 122 generates the extraction pattern in this manner, the input passcode “first digit, second digit” of the user is extracted from the contents of the six-digit key input along the extraction pattern (step) S5).

  The collation unit 130 collates the two-digit input passcode extracted by the input passcode extraction unit 122 with the registered passcode registered in the storage unit 140. As a result of this collation, authentication is OK when the two match, and authentication NG is determined otherwise (step S6).

As described above, in the above-described embodiment of the present invention, after authentication OK, when performing an input operation for authentication next time, display patterns for the number of input characters used when authentication OK was performed last time. A combination different from this combination is selected by the display pattern generation unit 121 and used as a combination of display patterns for the number of input characters. For this reason, the display pattern of the touch keyboard displayed at the time of input is also different from the previous input.
Further, the input passcode extraction unit 122 recognizes the key input when the key top information registered in advance as the key key is displayed at the pre-registered key location as the input of the input passcode by the user, Recognize key inputs in other cases as dummy inputs.
For this reason, as described above with reference to FIG. 2, even if the same key input string is input next time the key input is authenticated, the authentication result is NG.

In this way, even if the function substantially works like a one-time password and the registration passcode is the same, the key input content for authentication OK changes every time it is input. Further, there is no feature that the specific input digit corresponds to any digit of the input passcode by the user.
For this reason, sufficiently high security can be ensured as a countermeasure against a case where the input hand movement and the display screen are stolen from a third party. Furthermore, sufficient security strength can be secured against replay attacks such as repeated retries.

  Nevertheless, the user simply inputs the registered registration passcode when the key top information registered in advance as a key key is displayed at the location of the key registered in advance, and makes a dummy input in other cases. It can be operated easily. As described above, the high security as described above can be realized without impairing the convenience of the user.

When the passcode authentication is OK, the display pattern combinations for the number of input characters are regenerated with different patterns when the next passcode is input, and when the authentication is NG, the display pattern is also displayed when the next passcode is input. As it is. For this reason, the probability that the display pattern in each operation order number displayed as a touch keyboard coincides by chance can be made zero, and higher security can be realized.
In addition, since a large number of dummy inputs can be mixed with the registered passcode stored by the user, a high level of security can be realized while keeping the user's memory load small.

In the example of FIG. 2 described above, the case where the registered passcode has two digits has been described. However, the number is not limited to this number, and the security strength can be improved as the number of digits of the registered passcode is increased. Also, the placement probability at which key top information registered as a key key is placed at the location of the registered key is not limited to one third, and the security strength can be improved as the placement probability is lowered. .
In this case, the number of key inputs for authentication is the product of the number of digits of the registered passcode and the reciprocal of the placement probability, so if you increase the number of digits of the registered passcode or lower the placement probability Since the number of dummy inputs also increases, the security strength can be further improved.

  In the example of FIG. 2 described above, it has been described that the touch keyboard has 9 keys of 3 rows × 3 columns. However, if the number of keys constituting the touch keyboard is increased, the security strength can be further improved.

  In particular, when the input information authentication device 100 according to the present embodiment is a touch panel type portable information terminal, it is possible to perform a passcode input operation for authentication in a train or a crowd. There is a possibility that a third party may be able to see the hand and the display screen that are being used from a close distance, such as over the shoulder. As described above, even when the user who is performing the passcode input operation for authentication and the display screen can be seen, it is difficult to analogize the input content that is the authentication OK from the seen information. Therefore, it is possible to provide an input information authentication device with excellent security.

Also, especially for beginners and elderly people, it is conceivable that the speed of key input is very slow even when a passcode is input. Accordingly, when viewed by a third party, hand movements and display screens may be easily stored.
According to the above-described embodiment, even in such a case, sufficiently high security can be ensured as described above.

In the first embodiment described above, when the user registers the key key, the key top information as the key key and the location of the key are separately registered in advance. The locations may be registered simultaneously with one key input.
In this case, for example, as shown in FIG. 4, the key location in the displayed display pattern of the touch keyboard and the key top information at the location are used as the key top information as the key key and the key input once as the key location. At the same time. In the example shown in FIG. 4, when a user registers a two-digit registration passcode “19”, key top key information “3”, and key location “upper right”, the user enters the displayed touch keyboard. On the other hand, registration can be completed by simply inputting “1”, “9”, and “3” in that order.

With the configuration in which registration is performed as in the example of FIG. 4, combinations of key top information as key keys and key locations are limited, but the convenience of registration input by the user can be improved. At the same time, when determining whether or not the key top information registered in advance as a key key is displayed at the location of the key registered in advance, attention is paid to the key having the same arrangement as the display pattern at the time of registration input. This makes it easier to distinguish.
Therefore, it is possible to obtain the same effects as those of the configuration example according to the first embodiment described above while improving the convenience of registration input and passcode input by the user.

[Second Embodiment]
Next, a second embodiment of the present invention will be described.
In the second embodiment, functions such as display pattern generation, passcode storage, and verification in the first embodiment described above are realized using a server device.
Description of the same components as those in the first embodiment described above will be omitted.

  As shown in FIG. 5, the input information authentication system as the second embodiment is configured by connecting an input information authentication device 100 and a server device 200 via a network.

  The input information authentication device 100 includes a communication unit 150 in addition to the display input unit 110 and the display input control unit (display control unit) 120 similar to those in the first embodiment described above.

  The communication unit 150 is connected to the communication unit 250 of the server device 200 via a network by wire, wireless, or a combination thereof, and performs communication with the server device 200.

  The display input control unit 120 controls the display of the input keys displayed on the display input unit 110 and the operation input to the display input unit 110 as an input signal based on the transmission / reception contents of the communication unit 150 with the server device 200. I do.

  The server apparatus 200 includes a communication unit 250, a display pattern generation unit 121, an input passcode extraction unit 122, a registration unit 123, a collation unit 130, and registered registration paths that are the same as those in the first embodiment described above. And a storage unit 140 that stores codes, keys, and the like.

  The communication unit 250 is connected to the communication unit 150 of the input information authentication device 100 via a network by wire, wireless, or a combination thereof, and performs communication with the input information authentication device 100. Through this communication, the server device 200 performs display control of a touch keyboard displayed on the display input unit 110 of the input information authentication device 100 and the like.

  Next, an operation example of the input information authentication system as the second embodiment will be described with reference to the flowchart of FIG. In the operation of the present embodiment described below, a registration passcode used in the input information authentication apparatus 100, key top information as a key key, and key location information are registered in advance under the control of the registration unit 123 of the server apparatus 200. Are registered in the storage unit 140.

  First, the display pattern generation unit 121 of the server device 200 generates combinations of display patterns for the number of input characters on the touch keyboard (step S11). In the generation of the display pattern, display patterns corresponding to the number of input characters are generated by the same method as in the first embodiment described above, and the data is associated with the number of operation orders to be displayed.

  When the display pattern generation unit 221 generates display patterns for the number of input characters, the communication unit 250 transmits display pattern data associated with the number of operation orders to the input information authentication apparatus 100 (step S12).

  Based on the display pattern data for the number of input characters received from the server device 200 by the communication unit 150, the display input control unit 120 of the input information authentication device 100 first displays the touch keyboard with the display pattern for the first character. 110 (step S13).

  Each time one character is input, the display input control unit 120 displays a touch keyboard with a display pattern associated with the next operation order number based on the received display pattern data for the number of input characters. The operation displayed on the screen is repeated until a predetermined number of input characters are input (steps S14 and S15).

  Similar to the first embodiment described above, the number of times of key input is the number of digits of the registered passcode and the reciprocal of the arrangement probability that the key top information registered as the key key is arranged at the registered key location. And the number of products with In the example shown in FIG. 2 described above, the number of digits of the registered passcode is 2 digits and the arrangement probability is 1/3. Therefore, the number of key input digits for authentication is 2 digits × 3 = 6 times (for 6 digits). )

  When the specified number, that is, the number of input characters corresponding to the display pattern received from the server device 200 is input in this way, the communication unit 150 transmits an input code string of the number of input characters to the server device 200 (step S16).

  The input passcode extraction unit 122 of the server apparatus 200 uses the 6-digit key input content based on the display pattern generated in step S11, the key top information registered as the key key, and the key location information, to the user input path. An extraction pattern for extracting only the code is generated (step S17). The method for generating the extraction pattern may be the same as that in the first embodiment described above.

  When the input passcode extraction unit 122 generates the extraction pattern in this manner, the input passcode “first digit, second digit” of the user is extracted from the contents of the six-digit key input along the extraction pattern (step) S18).

  The collation unit 130 collates the two-digit input passcode extracted by the input passcode extraction unit 122 with the registered passcode registered in the storage unit 140. As a result of this collation, authentication is OK when the two match, and authentication NG is determined otherwise (step S19).

  As described above, according to the above-described second embodiment, the same effects as those of the above-described first embodiment can be obtained, and protection is performed with stronger security than the input information authentication device 100 that is a terminal. Since the server apparatus 200 can be used as a passcode storage location, security can be further improved.

  In addition, even if data flowing through the network is wiretapped and the communication content is read in plain text, the input operation by the user is performed in the same manner as in the case where the data was intercepted during the input operation in the first embodiment described above. Only the key code that has been generated flows, and a different key code string is generated each time as described above. For this reason, it acts like a kind of one-time password as in the first embodiment, and can maintain high security.

  In addition, the server apparatus 200 generates a display pattern, and the server apparatus 200 receives an input code string based on the display pattern from the input information authentication apparatus 100 and performs processing, whereby authentication such as challenge and response is performed. The effect is obtained, and the effect of defense against impersonation of the terminal itself (including the impersonation of the program on the terminal) is obtained.

[Third Embodiment]
Next, a third embodiment of the present invention will be described.
In the third embodiment, a registered passcode is encrypted after being encrypted with a one-way function such as a hash function, and the input passcode can be verified by the user in that state.
Description of the same components as those in the first embodiment described above will be omitted.

  As shown in FIG. 7, the input information authentication device 100 as the third embodiment includes a display input unit 110, a display input control unit 120, a display pattern generation unit 121, and the same as those of the first embodiment described above. In addition to the input passcode extraction unit 122 and the storage unit 140, an encryption registration unit 161 that encrypts the registration passcode with a one-way function such as a hash function, and the input passcode is encrypted with the one-way function An encryption verification unit 162 for verification. The storage unit 140 stores the hash value encrypted by the encryption registration unit 161.

An operation of encrypting and storing a passcode when the user registers the passcode in the apparatus in the input information authentication apparatus 100 of the present embodiment will be described with reference to the flowchart of FIG.
The following operation example shows a case where HMAC using a hash function is used as encryption by a one-way function, and a hash code obtained by hashing a numerical value x with HMAC is shown as HMAC (x).

When the passcode to be registered, key top key key information, and key location information are registered and input, the input passcode extraction unit 122 displays all combinations of display patterns for the number of input characters generated by the display pattern generation unit 121. An extraction pattern is generated in advance for (Step S21). This combination of display patterns for the number of input characters is stored in advance so that the key top information arranged at the location of all keys on the touch keyboard is arranged the same number of times at the location as described above. All combination patterns. The number of combination patterns stored in advance in this way may be an arbitrary number of patterns as long as it is a predetermined number of patterns such as 15 or 84 as described above.
The input passcode extraction unit 122 generates an extraction pattern for all combinations of display patterns for the number of input characters stored in advance based on the key top information and key location information of the registered key.

  The encryption registration unit 161 assigns each digit of the registration passcode to the generated extraction pattern, decomposes the extraction pattern for each digit, and performs hashing (step S22) (first encryption unit). The hash codes for the respective digits thus hashed are collected as one group and associated with display pattern combinations corresponding to the corresponding input characters, and stored in the storage unit 140 (step S23).

  FIG. 9 shows an example in which the extracted pattern is decomposed and hashed for each digit. In the example of FIG. 9, the extraction pattern is “1st digit, dummy, 2nd digit, dummy,” for the input passcode by the user with respect to the 6-digit key input as in the example of FIG. A case of “dummy, dummy” and a registered passcode “19” will be described.

  If each digit of the registered passcode is assigned to this extraction pattern and the dummy code is indicated by “*”, it becomes “1, *, 9, *, *, *” as illustrated in FIG. Here, with respect to the two-digit registered passcode, when digits are taken with numbers that are not used in the passcode, and each digit is disassembled, “100000” and “9000” are obtained.

  In this embodiment, since the authentication information is described as a passcode consisting of any one of 1 to 9, the other digits are shown as “0” as numbers not used in the passcode, The digit is used to indicate the digit in the extracted passcode extraction pattern. For example, when the authentication information is a passcode consisting of any number from 0 to 9, it can be realized in the same manner by setting “10” in the numeric string expressed in hexadecimal to other digits.

  Each of “100000” and “9000” obtained by digitizing the passcode numbers separated for each digit by using “0” which is not used for the passcode is hashed by HMAC. HMAC (100000) and HMAC (9000), which are a group of such hashed hash codes, are associated with corresponding display pattern combinations (in the example of FIG. 9, the display pattern combinations shown in FIG. 2A). And stored in the storage unit 140.

  In this way, even if a third party who obtains the input information authentication apparatus 100 tries to analyze the stored information in the storage unit 140, not only the registered passcode is known, but also the extraction pattern It can also be unclear which input digit corresponds to any digit of the input passcode by the user.

  Next, an operation example when the input information authentication apparatus 100 according to the third embodiment receives a passcode input from the user will be described with reference to a flowchart of FIG.

  As operations when receiving a passcode input, the operations in steps S1 to S3 are the same as the operations in steps S1 to S3 in the flowchart of FIG. 3 described above in the first embodiment.

  In this way, as in the first embodiment described above, when the user's key input is received up to the specified number of input characters, the encryption collating unit 162 divides the input code string by the user for each digit as in the passcode registration. Then, “0”, which is not used for the passcode, is digitized and hashed by HMAC (step S31) (second encryption means).

  The encryption collation unit 162 collates the hash code stored in the storage unit 140 in association with the combination of display patterns for the number of input characters generated in step S1 and the hash code hashed in step S31 ( Step S32) (collation means).

  Here, since the input code string includes a dummy code, the number of hash codes from the input code string hashed in step S31 is larger than the number of hash codes associated with the combination of display patterns. For example, if the registered passcode is two digits, there are two hash codes associated with the combination of display patterns, and there are six hash codes from the input code string hashed in step S31.

  Therefore, for each hash code from the input code string hashed in step S31, it is determined whether there is a match among the hash codes associated with the combination of display patterns from the input upper digits. Search for. Then, the hash code associated with the combination of display patterns, that is, whether or not there is a match for all of the hash codes from the registered passcode is checked. OK and passcode authentication OK.

As a specific example, for example, for the combination of display patterns illustrated in FIG. 2A, a key is used with the input code string “1, 4, 9, 2, 5, 8” described above in the first embodiment. When input is performed, the hash code from the input code string hashed in step S31 is:
"HMAC (100,000)"
"HMAC (40000)"
"HMAC (9000)"
"HMAC (200)"
"HMAC (50)"
"HMAC (8)"
It becomes six.

On the other hand, for example, the hash code stored in the storage unit 140 in association with the combination of the display patterns illustrated in FIG.
"HMAC (100,000)"
"HMAC (9000)"
These are two.

  When the two are collated as described above, all of the two hash codes associated with the combination of the display patterns in FIG. 2A match among the six hash codes hashed in step S31. A hash code is detected. For this reason, the collation in step S32 is OK and the passcode authentication is OK.

  As described above, according to the above-described third embodiment, the same effect as in the above-described first embodiment can be obtained, and the registered passcode can be stored after being encrypted with a one-way function such as a hash function. Therefore, even when the input information authentication apparatus 100 is obtained by a third party, it is possible to protect against analysis of stored information in the memory. Nevertheless, even with a passcode input including a dummy code similar to that of the first embodiment described above, the input passcode can be reliably verified. For this reason, higher security can be realized.

  Further, in the collation method of the third embodiment described above, collation can be performed with a much smaller amount of computation than when using an advanced calculation technique in which computation for collation is performed in an encrypted state. Therefore, even a computer having a relatively low processing capability such as a mobile terminal can be easily realized.

[Fourth Embodiment]
Next, a fourth embodiment of the present invention will be described.
In the fourth embodiment, the registered passcode is encrypted with a one-way function such as a hash function and stored in the same manner as in the third embodiment, and the input passcode can be verified by the user in that state. Is. In the third embodiment described above, the registered passcode is hashed for each digit. In this embodiment, a plurality of digits are fixed and hashed. Then, passcode candidates are extracted for all passcode extraction patterns that can exist at the time of collation, and collation is performed.
A description of the same components as those in the third embodiment described above is omitted.

An operation of the input information authentication apparatus 100 according to the present embodiment that is encrypted and stored when a passcode is registered in the apparatus by the user will be described.
In this embodiment, when the user registers a passcode, as described above with reference to FIG. 4, the key top information of the key and the key location can be input with one key input with respect to the displayed display pattern of the touch keyboard. Register at the same time. For this reason, as described above with reference to FIG. 4, the combination of the key top information as the key and the location of the key is fixed.

Thus, when the passcode and the key top information of the key key are registered by the display pattern for registering the passcode, the encryption registration unit 161 generates a number string concatenating the registered passcode and the key top information of the key key. , Hashed and stored in the storage unit 140.
When the registration passcode is “19” and the key top key top information is “3” as in the above example, the encryption registration unit 161 connects the registration pass code and the key top key top information. HMAC (193) hashed “193” is stored in the storage unit 140.

  Next, an operation example when the input information authentication apparatus 100 according to the fourth embodiment receives a passcode input from the user will be described with reference to the flowchart of FIG.

  As operations when receiving a passcode input, the operations in steps S1 to S3 are the same as the operations in steps S1 to S3 in the flowchart of FIG. 3 described above in the first embodiment.

  Thus, as in the first embodiment described above, upon receiving the user's key input up to the specified number of input characters, the encryption verification unit 162 is assumed for each of all possible values as key top information of the key key. A number string in which the key top information of the key key and the input passcode in the case of the key top information of the key key are concatenated in a predetermined order is generated and hashed (step S41) (second encryption means) . The order of concatenation is the same as that of concatenation by the encryption registration unit 161, and in the above example, the order is “input passcode, key top information of key key”.

  As a specific example, the pass code is registered according to the display pattern of FIG. 4, the display pattern of FIG. 2A is displayed at the time of an input operation for authentication, and the user is “1, 4, 9, 2, 5, 8”. Will be described.

In the passcode registration display pattern shown in FIG. 4, possible values for the key top key information are “1” to “9”. Therefore, the encryption verification unit 162 first assumes that the key top information of the key key is “1”. In this case, the location of the key as the key key is the display for registration of the pass code illustrated in FIG. "Upper left" from the pattern. For this reason, the number of operation orders displayed at the key location where the key top information registered as the key key is displayed is the first character and the second character in the combination of the display patterns shown in FIG. It becomes.
For this reason, the number string obtained by concatenating the key top information of the assumed key key and the input passcode “14” in that case in the order of “input passcode, keytop information of the key key” is “141”. The hash value encrypted using the one-way function is HMAC (141).

  Similarly, if the encryption verification unit 162 assumes that the key top information of the key key is “2”, the operation order in which the key top information registered as the key key is displayed at the location of the key registered as the key key The numbers are the first and fifth characters. For this reason, the calculated hash value is HMAC (152).

  Assuming that the encryption collation unit 162 assumes that the key top information of the key key is “3”, the number of operation orders in which the key top information registered as the key key is displayed at the location of the key registered as the key key Is the first and third characters. For this reason, the calculated hash value is HMAC (193).

  Assuming that the encryption collation unit 162 assumes that the key top information of the key key is “4”, the number of operation orders in which the key top information registered as the key key is displayed at the location of the key registered as the key key. Is the second and fourth characters. For this reason, the calculated hash value is HMAC (424).

  Assuming that the encryption collating unit 162 assumes that the key top information of the key key is “5”, the number of operation orders in which the key top information registered as the key key is displayed at the location of the key registered as the key key. Is the fourth and fifth characters. For this reason, the calculated hash value is HMAC (255).

  Assuming that the encryption collation unit 162 assumes that the key top information of the key key is “6”, the number of operation orders in which the key top information registered as the key key is displayed at the location of the key registered as the key key Is the third and fourth characters. For this reason, the calculated hash value is HMAC (926).

  Assuming that the encryption collation unit 162 assumes that the key top information of the key key is “7”, the number of operation orders in which the key top information registered as the key key is displayed at the location of the key registered as the key key Is the second and sixth characters. For this reason, the calculated hash value is HMAC (487).

  Assuming that the encryption collation unit 162 assumes that the key top information of the key key is “8”, the number of operation orders in which the key top information registered as the key key is displayed at the location of the key registered as the key key Is the fifth and sixth characters. For this reason, the calculated hash value is HMAC (588).

  Assuming that the encryption collation unit 162 assumes that the key top information of the key key is “9”, the number of operation orders in which the key top information registered as the key key is displayed at the location of the key registered as the key key Is the third and sixth characters. For this reason, the calculated hash value is HMAC (989).

  Thus, when the hash values are calculated for all possible values as key top information of the key key, the encryption verification unit 162 determines that the calculated hash value is as described above when registering the passcode. Then, collation is performed to determine whether or not the hash value stored in the storage unit 140 is included (step S42) (collation unit). Authentication is OK when a hash value that matches and is included, and authentication NG in other cases.

  In the specific example described above, since the hash value HMAC (193) stored in the storage unit 140 by the passcode registration is included in the calculated nine hash values, the encryption verification unit 162 determines that the authentication is OK. .

  As described above, according to the above-described fourth embodiment, the same effect as that of the above-described third embodiment can be obtained, and the registration passcode is encrypted with a one-way function such as a hash function. Since it has been stored for a long time, it is possible to further protect against the analysis of the stored information in the memory.

[About each embodiment]
Each of the above-described embodiments is a preferred embodiment of the present invention, and the present invention is not limited to this, and various modifications can be made based on the technical idea of the present invention.

  For example, in each of the above-described embodiments, an example in which the pass code has two digits of “19” has been described. However, the number of digits of the pass code is not limited to this number, and may be arbitrarily determined according to the performance of the apparatus. It may be. Naturally, the security can be further increased by increasing the number of digits of the passcode.

Further, in the above-described embodiment, it has been described that a numeric passcode is used as the authentication information. However, the authentication information is not limited to this as long as the authentication information can be expressed as a numeric string. Or a combination thereof.
In this case, for example, in the case of an alphabet, the display input unit 110 displays a touch keyboard using the alphabet as key top information, and handles the alphabets A to Z input as numbers 1 to 26, or a character string by ASCII code. Can be realized in the same manner as in the above-described embodiment by a method such as forming a numerical string. In the case of a stroke, the key top information of the input start key and the key top information of the end key can be handled as a numeric string, and can be realized in the same manner as the above-described embodiment.

  As described above, the authentication information that can be used in the above-described embodiment is a numeric string, a character string, an image string, coordinate information, or the like, as long as it can be expressed as a numeric string by performing a predetermined conversion. A combination of these may be used.

The key top information in the display pattern is not limited to one type of information, and a plurality of pieces of information may be used in combination.
For example, the key top surface of each key itself has a different color in addition to a number so that the key can be defined not only by a number but also by a color, and the display pattern displayed during the input operation for authentication is a number and a color. It is good also as a structure produced | generated as what changed the combination of these. In this case, for example, if there are nine types of key colors, FIG. 2A is considered as a display pattern by numbers of key top information, and FIG. 2B is considered as a display pattern by display color numbers of key top information. 2 (a) (b) can be expressed by one display pattern. In such a configuration, even if the number of key top information in the display pattern is the same, the extraction pattern differs depending on whether the number is registered as the key top information of the key key or the display color number is registered. Even if the input code strings are the same, the input passcodes extracted for collation are different.
According to such a configuration, it is possible to make the key / key more difficult to guess even when a third party sneaks multiple times, and the security strength can be improved.

  In the second embodiment, the key top information of the key, the key location, and the registration passcode are hashed and stored in the server device 200 as in the third and fourth embodiments. Also good. In this case, an input code string obtained by a predetermined number of key input operations for authentication is encrypted by the input information authentication device 100 or the server device 200 in the same manner as in the third and fourth embodiments described above, and the stored hash is stored. By collating with the value, it can be realized similarly.

Further, in each of the above-described embodiments, it has been described that the user inputs a key to the touch keyboard displayed on the touch panel display of the display input unit 110. However, the input unit and the display unit are not limited to the touch keyboard, and are physically It may be a keyboard.
That is, each embodiment mentioned above is not limited to the structure with which an input part and a display part are united, Even if an input part and a display part are a different body or another apparatus, this invention is implement | achieved similarly. Can do.
When the input unit and the display unit are separate, the display pattern of the touch keyboard is displayed on the display unit, and the user performs key input using the keys of the input unit corresponding to the keys displayed on the display unit. Also with such a configuration, the above-described embodiments can be similarly realized, and the same effect can be obtained.

  Moreover, the input information authentication device 100 of each embodiment described above is not limited to a portable information terminal, and can be similarly applied to a stationary device such as a desktop PC.

  In addition, each functional unit of each of the above-described embodiments may have any configuration that realizes the above-described function. For example, one CPU executes a processing procedure of a program recorded on a recording medium. It may be realized by a plurality of function modules.

In addition, by recording the processing procedure for realizing the input information authentication device 100 or the server device 200 as each embodiment described above on a recording medium as a program, the above-described functions according to each embodiment of the present invention can be obtained. A program supplied from a recording medium can be realized by causing a CPU of a computer constituting the system to perform processing.
In this case, the present invention can be applied even when an information group including a program is supplied to the output device from the above recording medium or from an external recording medium via a network.
That is, the program code itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program code and the signal read from the recording medium constitute the present invention. It will be.
As this recording medium, for example, a hard disk, an optical disk, a magneto-optical disk, a floppy (registered trademark) disk, a magnetic tape, a nonvolatile memory card, a ROM, or the like may be used.

  According to the program according to the present invention, each function in each of the above-described embodiments can be realized by a computer controlled by the program.

110 Display input section (display means, input means)
DESCRIPTION OF SYMBOLS 120 Display input control part 121 Display pattern production | generation part 122 Input passcode extraction part 123 Registration part 130 Collation part 140 Storage part 150,250 Communication part 161 Encryption registration part (1st encryption means)
162 Encryption verification unit (second encryption means, verification means)

Claims (18)

An input information authentication device for performing authentication for determining whether information corresponding to an operated key of an input unit having a plurality of keys matches authentication information stored in advance,
Authentication auxiliary information used to indicate information corresponding to what number of operations in a predetermined number of key operations to the input means for performing the authentication should be used as the key information and key top information. Pre-stored as a place,
The arrangement pattern of the key top information assigned to the plurality of keys is changed each time a key operation for authentication is performed,
Information corresponding to the key of the input means operated when the key top information of the authentication auxiliary information is displayed at the key location of the authentication auxiliary information is used for the authentication, and the key top information of the authentication auxiliary information is used. An input information authentication apparatus, wherein information corresponding to a key of the input means operated when information is not displayed at the key location of the authentication auxiliary information is not used for the authentication. Authentication information stored in advance is information that can be expressed as a numeric string.
First encryption means for deciphering the authentication information expressed as a numeric string for each digit and encrypting the authentication information with a one-way function;
A second encryption means for expressing the input information input from the input means as a digit string, decomposing each digit, and encrypting with the one-way function;
2. The input information authentication apparatus according to claim 1, further comprising: a collating unit that collates the encrypted character string by the first encryption unit and the encrypted character string by the second encryption unit. The first encryption means decomposes the authentication information expressed as a number string into numbers for each digit, and a digit in which the decomposed number exists for the number of input characters including dummy inputs. Is digitized with a number not used in the authentication information, and the digitized digit is encrypted with the one-way function,
The second encryption means expresses the input information input from the input means as a numeric string and decomposes it into numbers for each digit, and the decomposed numbers exist in the numeric strings of the input information. 3. The input information authentication apparatus according to claim 2, wherein a digit to be processed is digitized by a number that is not used in the authentication information, and the digitized digit is encrypted by the one-way function. Pattern generating means for generating an arrangement pattern of key top information assigned to the plurality of keys;
The pattern generation means is configured to perform the authentication a predetermined number of times so that the key top information stored as the authentication auxiliary information is arranged at a predetermined probability at a key location stored as the authentication auxiliary information. Generate key top information arrangement pattern in each operation order number in the key input operation of
The first encryption unit includes an encrypted character string encrypted with the one-way function for each combination of key top information arrangement patterns in each operation order number generated by the pattern generation unit. Calculate
The verification unit includes an encrypted character string encrypted by the first encryption unit with respect to a combination of arrangement patterns used for a predetermined number of key input operations for authentication, and the second encryption unit. The input information authentication apparatus according to claim 2 or 3, wherein the encrypted character string is collated. Authentication information stored in advance is information that can be expressed as a numeric string.
First encryption means for encrypting a number string obtained by concatenating the authentication information and the authentication auxiliary information expressed as a number string in a predetermined order with a one-way function;
A second encryption means;
Collating means for collating the encrypted character string by the first encrypting means and the encrypted character string by the second encrypting means,
The second encryption means, for all possible values as the authentication auxiliary information, is the number of operations in which the key top information of the authentication auxiliary information as each value is displayed at the key location of the authentication auxiliary information. The number corresponding to the input information from the input means and the number of the authentication auxiliary information are concatenated in the predetermined order, and the concatenated number string is encrypted with a one-way function. The input information authentication device according to 1. Pattern generating means for generating an arrangement pattern of key top information assigned to the plurality of keys;
The pattern generation means is configured to perform the authentication a predetermined number of times so that the key top information stored as the authentication auxiliary information is arranged at a predetermined probability at a key location stored as the authentication auxiliary information. 6. The input information authentication apparatus according to claim 5, wherein an arrangement pattern of key top information is generated for each operation order number in the key input operation.   The pattern generation means uses the number of operation orders in a predetermined number of key input operations for performing the authentication so that key top information to be arranged is arranged the same number of times for all key locations in the arrangement pattern. 7. The input information authentication apparatus according to claim 4, wherein an arrangement pattern of the key top information is generated. Pattern generating means for generating an arrangement pattern of key top information assigned to the plurality of keys;
The pattern generation means is configured to perform the authentication a predetermined number of times so that the key top information stored as the authentication auxiliary information is arranged at a predetermined probability at a key location stored as the authentication auxiliary information. The input information authentication apparatus according to claim 1, wherein an arrangement pattern of key top information in each operation order number in the key input operation is generated.   The pattern generation means uses the number of operation orders in a predetermined number of key input operations for performing the authentication so that key top information to be arranged is arranged the same number of times for all key locations in the arrangement pattern. 9. The input information authentication apparatus according to claim 8, wherein an arrangement pattern of the key top information is generated. Extraction means for extracting the operation order number in which the key top information of the authentication auxiliary information is displayed at the key location of the authentication auxiliary information based on the arrangement pattern in each operation order number generated by the pattern generation means When,
The authentication information is compared with the information corresponding to the key input with the operation order number extracted by the extracting means and the authentication information with respect to the information corresponding to the key input with the other operation order number. The input information authentication apparatus according to claim 8, further comprising: a collating unit that does not collate with the input information. The input information authentication device is used by being connected to a server device by wire, wireless, or a combination thereof,
The server device includes pattern generation means for generating an arrangement pattern of key top information assigned to the plurality of keys,
The pattern generation means is configured to perform the authentication a predetermined number of times so that the key top information stored as the authentication auxiliary information is arranged at a predetermined probability at a key location stored as the authentication auxiliary information. The input information authentication apparatus according to claim 1, wherein an arrangement pattern of key top information in each operation order number in the key input operation is generated.   The pattern generation means uses the number of operation orders in a predetermined number of key input operations for performing the authentication so that key top information to be arranged is arranged the same number of times for all key locations in the arrangement pattern. The input information authentication device according to claim 11, wherein an arrangement pattern of the key top information is generated. The server device
Extraction means for extracting the operation order number in which the key top information of the authentication auxiliary information is displayed at the key location of the authentication auxiliary information based on the arrangement pattern in each operation order number generated by the pattern generation means When,
The authentication information is compared with the information corresponding to the key input with the operation order number extracted by the extracting means and the authentication information with respect to the information corresponding to the key input with the other operation order number. The input information authenticating device according to claim 11, further comprising: a collating unit that does not collate with the input information. The key top information is a number and a color,
The arrangement pattern of the key top information assigned to the plurality of keys changes in number and color each time a key operation for authentication is performed,
14. The input information authentication apparatus according to claim 1, wherein the authentication auxiliary information is stored in advance as key top information using numbers or colors, and a key location. Wherein the input means is configured to display a plurality of keys on a display screen, detecting a contact position of the said surface shows a screen, determine whether the input to any of the plurality of keys based on the position information of the contact position The input information authentication device according to claim 1, wherein the input information authentication device is a touch panel display. A server device used by being connected to an input information authentication device by wire, wireless, or a combination thereof,
The input information authentication device includes:
An input means having a plurality of keys;
Display means;
Display control means for performing display control on the display means,
The server device
Performing authentication which is a determination as to whether or not the information corresponding to the operated key of the input means matches the authentication information stored in advance,
Authentication auxiliary information used to indicate information corresponding to what number of operations in a predetermined number of key operations to the input means for performing the authentication should be used as the authentication information. Storage means for storing in advance as a place;
Pattern generation means for generating an arrangement pattern of key top information assigned to the plurality of keys, for the number of times of key input for the authentication, and
The display control means, based on the arrangement pattern for the number of key inputs generated by the pattern generation means, changes the arrangement pattern of the key top information assigned to the plurality of keys each time a key operation for authentication is performed. Change to
The server device uses, for the authentication, information corresponding to the key of the input means operated when the key top information of the authentication auxiliary information is displayed at the key location of the authentication auxiliary information. A server device characterized in that information corresponding to a key of the input means operated when key top information of auxiliary information is not displayed at a key location of the authentication auxiliary information is not used for the authentication. An input information authentication system configured by connecting an input information authentication device and a server device by wire, wireless, or a combination thereof,
The input information authentication device includes:
An input means having a plurality of keys;
Display means;
Display control means for performing display control on the display means,
The server device
Performing authentication which is a determination as to whether or not the information corresponding to the operated key of the input means matches the authentication information stored in advance,
Authentication auxiliary information used to indicate information corresponding to what number of operations in a predetermined number of key operations to the input means for performing the authentication should be used as the authentication information. Storage means for storing in advance as a place;
Pattern generation means for generating an arrangement pattern of key top information assigned to the plurality of keys, for the number of times of key input for the authentication, and
The display control means, based on the arrangement pattern for the number of key inputs generated by the pattern generation means, changes the arrangement pattern of the key top information assigned to the plurality of keys each time a key operation for authentication is performed. Change to
The server device uses, for the authentication, information corresponding to the key of the input means operated when the key top information of the authentication auxiliary information is displayed at the key location of the authentication auxiliary information. An input information authentication system, wherein information corresponding to a key of the input means operated when key top information of auxiliary information is not displayed at a key location of the authentication auxiliary information is not used for the authentication. A program of an input information authenticating device for performing authentication, which is a judgment that information corresponding to an operated key of an input means having a plurality of keys is compared with previously stored authentication information,
Authentication auxiliary information used to indicate information corresponding to what number of operations in a predetermined number of key operations to the input means for performing the authentication should be used as the key information and key top information. Pre-stored in the input information authentication device as a place,
On the computer,
A procedure for changing an arrangement pattern of key top information assigned to the plurality of keys each time a key operation for authentication is performed;
Information corresponding to the key of the input means operated when the key top information of the authentication auxiliary information is displayed at the key location of the authentication auxiliary information is used for the authentication, and the key top information of the authentication auxiliary information is used. And a procedure for preventing information corresponding to the key of the input means operated when the information is not displayed at the key location of the authentication auxiliary information from being used for the authentication. Information authentication device program.

Images