JP5713941B2 - INPUT INFORMATION AUTHENTICATION DEVICE, SERVER DEVICE, INPUT INFORMATION AUTHENTICATION SYSTEM, AND DEVICE PROGRAM - Google Patents

Description

  The present invention, for example, receives input of authentication information such as a personal identification number, collates the input contents with previously registered authentication information, and performs an input information authentication device for performing authentication that is a determination as to whether or not they match. The present invention relates to a server device, an input information authentication system, and a device program.

  As a technique to prevent the authentication information from being stolen when inputting, narrowing the viewing angle of the display screen or displaying the input number with "*" mark etc. to indicate only the number of input digits Has been done.

  In addition, as a PIN code input device that allows a user to input a PIN code using a numeric keypad from a terminal such as a financial automatic machine (ATM), an input numeric keypad screen and a fake input numeric keypad screen are displayed. In some cases, the password is prevented from being stolen even when the movement of the input hand is seen by being inserted (see, for example, Patent Document 1).

Japanese Patent No. 2985888

  However, the above-described conventional technology for preventing snooping such as Patent Document 1 assumes that a third party is located at some distance away, such as a financial automatic machine (ATM), for example. It wasn't even taken into account even when it was seen from a distance by a third party. That is, information indicating whether the user wants to input a dummy number or a password is presented on a fake input numeric keypad. For this reason, for example, when the input screen itself is viewed as well as the movement of the input user's hand, such as over the shoulder of the input user or a hidden camera, which input is dummy There is a risk that the password will be identified and the password will be known.

  The present invention has been made in view of such a situation, and even when a hand and an input screen are viewed from a third party at the time of input for authentication, the input content that is collated with the authentication information is displayed. An object of the present invention is to provide an input information authentication device, a server device, an input information authentication system, and a program for the device that can be difficult to guess.

In order to achieve such an object, the input information authenticating device according to the present invention determines whether the information corresponding to the operated key of the input means having a plurality of keys matches the authentication information stored in advance. An input information authentication device for performing certain authentication,
Key top information assigned to a plurality of keys is sequentially displayed in a predetermined display area divided into a plurality of times,
Uses information corresponding to the key of the input means that was operated when the key top information of the key to be operated to perform an input that matches the authentication information is displayed in the display area, and verifies the authentication information. Information corresponding to the key of the input means operated when the key top information of the key to be operated for performing the matching input is not displayed in the display area is not used for authentication ,
Initial pattern generating means for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times;
In order to display the division unit obtained by dividing the initial pattern generated by the initial pattern generation unit into a predetermined number of times in the display area in a plurality of times, the number of input orders in the predetermined number of key inputs for authentication is displayed. And a display pattern generation means for generating a display pattern .

Further, the server device according to the present invention is a server device used by being connected to the input information authentication device by wire, wireless, or a combination thereof,
The input information authentication device
An input means having a plurality of keys;
Display means;
Communication means for transmitting the input content to the input means to the server device,
The key top information assigned to a plurality of keys is divided into a plurality of times and sequentially displayed in a predetermined display area in the display means,
Server device
Perform authentication, which is a judgment that the information corresponding to the input content matches the authentication information stored in advance,
When the input content from the input information authenticating device is received, the key of the input means operated when the key top information of the key to be operated for performing the input that matches the authentication information is displayed in the display area. The corresponding information is used for authentication, and the information corresponding to the key of the input means operated when the key top information of the key to be operated in order to perform an input that matches the authentication information is not displayed in the display area. I will not use it for authentication ,
The server device includes an initial pattern generation means for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times,
In the input information authentication device, a predetermined number of key inputs for authentication are performed so that a division unit obtained by dividing the initial pattern generated by the initial pattern generation unit into a predetermined number is displayed in the display area in a plurality of times. A display pattern generating means for generating a display pattern in each input order number is provided .

The input information authentication system according to the present invention is an input information authentication system configured by connecting an input information authentication device and a server device by wire, wireless, or a combination thereof,
The input information authentication device
An input means having a plurality of keys;
Display means;
Communication means for transmitting the input content to the input means to the server device,
The key top information assigned to a plurality of keys is divided into a plurality of times and sequentially displayed in a predetermined display area in the display means,
Server device
Perform authentication, which is a judgment that the information corresponding to the input content matches the authentication information stored in advance,
When the input content from the input information authenticating device is received, the key of the input means operated when the key top information of the key to be operated for performing the input that matches the authentication information is displayed in the display area. The corresponding information is used for authentication, and the information corresponding to the key of the input means operated when the key top information of the key to be operated in order to perform an input that matches the authentication information is not displayed in the display area. I will not use it for authentication ,
The server device includes an initial pattern generation means for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times,
In the input information authentication device, a predetermined number of key inputs for authentication are performed so that a division unit obtained by dividing the initial pattern generated by the initial pattern generation unit into a predetermined number is displayed in the display area in a plurality of times. A display pattern generating means for generating a display pattern in each input order number is provided .

Further, the program of the input information authentication apparatus according to the present invention is an input for performing authentication, which is a determination that information corresponding to an operated key of an input unit having a plurality of keys is compared with authentication information stored in advance. An information authentication device program,
On the computer,
A procedure for sequentially displaying key top information assigned to a plurality of keys in a predetermined display area divided into a plurality of times,
Uses information corresponding to the key of the input means that was operated when the key top information of the key to be operated to perform an input that matches the authentication information is displayed in the display area, and verifies the authentication information. A procedure for preventing the use of information corresponding to the key of the input means operated when the key top information of the key to be operated to perform a matching input is not displayed in the display area for authentication;
A procedure for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times,
A display pattern is generated with each input order number in a predetermined number of key inputs for authentication so that a division unit obtained by dividing the generated initial pattern into a predetermined number is divided and displayed in the display area a plurality of times. And a procedure is executed.

  As described above, according to the present invention, even when a hand and an input screen are viewed from a third party at the time of input for authentication, it is difficult to analogize input contents that are matched with authentication information. Can do.

It is a block diagram which shows the structural example of the input information authentication apparatus 100 as the 1st Embodiment of this invention. It is a figure which shows the touch keyboard example as 1st Embodiment, and the example of the input code string used as authentication OK. It is a flowchart which shows the operation example of the input information authentication apparatus 100 as 1st Embodiment. It is a figure which shows the example of a touch keyboard as 2nd Embodiment, and the example of the input code string used as authentication OK. It is a block diagram which shows the structural example of the input information authentication system as 3rd Embodiment. It is a flowchart which shows the operation example of the input information authentication system as 3rd Embodiment. It is a block diagram which shows the structural example of the input information authentication apparatus 100 as 4th Embodiment. It is a flowchart which shows the operation example at the time of passcode registration in 4th Embodiment. It is a figure which shows an example which decomposes | disassembles an extraction pattern for every digit and hashes. It is a flowchart which shows the operation example of the input information authentication apparatus 100 as 4th Embodiment.

  Next, an embodiment to which an input information authentication apparatus, a server apparatus, an input information authentication system, and an apparatus program according to the present invention are applied will be described in detail with reference to the drawings.

First, an outline common to the embodiments of the present invention will be described.
In each embodiment of the present invention, all key top information used for display on the touch keyboard is divided into a plurality of times and sequentially displayed in a predetermined display area. Then, when inputting the pass code for authentication OK, the key input when the key to be operated next is displayed in the predetermined display area is set as the input pass code used for authentication, and other key inputs are set. Dummy input not used for authentication.

  As described above, in the embodiment of the present invention, the input code string for making the authentication OK differs depending on the key top information displayed in the predetermined display area. Therefore, it is possible to prevent a third party who does not know the authentication information from identifying what code string should be input. For this reason, even if it is a case where the hand and display screen at the time of input are seen from the third party, it can be difficult to guess authentication information.

[First Embodiment]
Next, a first embodiment of the present invention will be described.
In each embodiment described below, an example in which a numeric passcode is used as authentication information will be described.

  As shown in FIG. 1, an input information authentication apparatus 100 as a first embodiment includes a display input unit 110 such as a touch panel display, a display input control unit 120, an initial pattern generation unit 121, and a pattern circulation unit (display). Pattern generation means) 122, registration unit 123, input passcode extraction unit 124, collation unit 130 for collation with the input passcode that has been input, storage unit 140 that stores the registered registration passcode and the like, It is configured with.

  The display input unit 110 displays a plurality of keys as a touch keyboard on the screen, detects a touch position on the front screen, and determines which of the displayed keys is input based on the position information of the touch position. Is determined.

  The display input control unit 120 performs display control of input keys displayed on the display input unit 110 and control to receive an operation input to the display input unit 110 as an input signal.

  The initial pattern generation unit 121 generates an initial pattern which is array initial information for all key top information used for displaying each key constituting the touch keyboard of the display input unit 110. In the present embodiment, an example will be described in which this initial pattern is generated by assigning key top information of “1” to “9” to a 3 × 3 matrix arrangement.

  The pattern circulation unit 122 divides the initial pattern generated by the initial pattern generation unit 121 into a predetermined number, and generates these division units as touch keyboard patterns (display patterns) that are displayed in each input order number. Then, when receiving a key input for authentication, the display input unit 110 displays the divided units obtained by dividing the initial pattern so as to circulate in a predetermined display order for each key input.

  In the present embodiment, the pattern circulation unit 122 divides the initial pattern of 3 rows × 3 columns generated by the initial pattern generation unit 121 for each row, and three key top information corresponding to one row as the division unit is obtained. Then, it is generated as a touch keyboard pattern to be displayed in each input order number. Then, in order to generate a touch keyboard pattern by dividing the initial pattern into three, three touch keyboard patterns from the first line to the third line are displayed, and the touch keyboard pattern in the next line is displayed every time a key is input. It is made to circulate so that it may be displayed on the display input unit 110.

  The initial pattern is generated by the initial pattern generation unit 121. After the input for authentication is performed by the touch keyboard of the display input unit 110 and the authentication is OK, an input screen for starting the input for authentication next. This is done every time the is displayed.

  In addition, in the initial pattern generation by the initial pattern generation unit 121, the key top information is generated so as to have a pattern different from the previous pattern. For this reason, the arrangement of the key top information in the initial pattern may be randomly generated using a random number, and any one of a predetermined number (for example, 30) of initial patterns other than the previous initial pattern may be selected. Or may be randomly selected using a random number.

  The registration unit 123 receives a registration input of a passcode, which is authentication information in the present embodiment, from the user, and stores it in the storage unit 140.

  The input passcode extraction unit 124 extracts an input passcode from which the dummy input has been deleted from an input code string by a predetermined number of key inputs for authentication.

  The collation unit 130 collates the input passcode extracted by the input passcode extraction unit 124 with the registered passcode stored in the storage unit 140.

FIG. 2 shows an example of transition of the touch keyboard corresponding to the generated initial pattern and an example of an input code string in the case of passcode authentication OK.
In the present embodiment, the initial pattern that is a division source for generating a touch keyboard pattern to be displayed as a touch keyboard assigns the key top information “1” to “9” for numeric input to a matrix arrangement of 3 rows × 3 columns. An example in the case of being configured will be described. In the example of FIG. 2, the registration passcode registered in advance by the registration unit 123 is “19”.

  In the present embodiment, the pattern circulation unit 122 divides the initial pattern of 3 rows × 3 columns generated by the initial pattern generation unit 121 into each row, and three touch keyboards from the first row to the third row, which are division units. The pattern is circulated so that the touch keyboard pattern of the next line is displayed for each key input, and is displayed on the display input unit 110.

  For this reason, as shown in FIG. 2, the pattern circulation unit 122 uses the first line of the initial pattern as a touch keyboard pattern when the first character is input as an input key to be displayed on the display input unit 110. When the second character is input, the second line of the initial pattern is displayed as the touch keyboard pattern, and when the third character is input, the initial pattern is displayed as the touch keyboard pattern. Are circulated to form a touch keyboard pattern, and a touch keyboard pattern for each input order number is generated from the initial pattern. Thus, the second line of the initial pattern is displayed as the touch keyboard pattern when the fifth character is input, and the third line of the initial pattern is displayed when the sixth character is input.

  As an input rule to be presented to the user, when a key to be operated next is displayed on the touch keyboard of the display input unit 110 when a pass code for authentication OK is input, the pass is required unless the key is input. It shall not be authenticated as a code. Further, when the input of the pass code for making the authentication OK is completed, the subsequent key input is a dummy input up to a predetermined digit.

  For this reason, when inputting the pass code for authentication OK, the key input when the key to be operated next is not displayed on the touch keyboard of the display input unit 110 and the pass code for authentication OK are input. The key input after the completion is treated as a dummy input and is not used for verification with the registered passcode in the verification unit 130.

  As an input rule to be presented to the user, it is preferable to input a numeric key that is not used for the registered passcode in the dummy input after the input of the passcode to be authenticated. By doing so, it is possible to further increase the security strength against a replay attack in which the same key input as a third party who has seen the key input is seen.

  In the case of the initial pattern example in FIG. 2A, the touch keyboard pattern “1, 2, 3” displayed when the first character is input includes “1” that is the first digit of the registered passcode. The input passcode extraction unit 124 recognizes this first character input as the first digit of the input passcode by the user. As an input for authentication OK, “1” is input at the first character input.

  The touch keyboard pattern “4, 5, 6” displayed when the second character is input does not include “9” which is the second digit of the registered passcode and the key to be input next. The code extraction unit 124 recognizes this second character input as a dummy input regardless of which key is input. In the example of FIG. 2, the dummy input is indicated by “*”.

  The touch keyboard pattern “7, 8, 9” displayed when the third character is input includes “9”, which is the second digit of the registered passcode and the key to be input next. The extraction unit 124 recognizes this third character input as the second digit of the input passcode by the user. As an input for making the authentication OK, “9” is input as the third character.

  In the 4th to 6th character key input, the input passcode extraction unit 124 has already recognized that all 2 digits of the input passcode have been entered by the user, so any key input can be made. Even if there is a dummy input. This completes the passcode input.

  As described above, in the example illustrated in FIG. 2, the initial pattern is 3 rows × 3 columns, there are three touch keyboard patterns displayed at the time of key input, the first row to the third row, and the registered passcode is 2 Since it is a digit, the number of key input digits for authentication is 2 digits × 3 ways = 6 digits. For this reason, even if the input of the pass code is completed, up to a predetermined number of digits including the dummy code (six digits in the example of FIG. 2) does not shift to the verification of the pass code unless some input is made. For this reason, after the pass code has been input, all inputs up to a predetermined number of digits (6 digits in the example of FIG. 2) including the dummy code are treated as dummy inputs.

  In the case of the initial pattern example of FIG. 2B, the touch keyboard pattern “3, 6, 9” displayed when the first character is input includes “1” that is the first digit of the registered passcode. Therefore, the input passcode extraction unit 124 recognizes the input of the first character as a dummy input regardless of which key is input. In the example of FIG. 2, the dummy input is indicated by “*”.

  The touch keyboard pattern “2, 5, 8” displayed when the second character is input does not include “1”, which is the first digit of the registered passcode and the key to be input next. The code extraction unit 124 recognizes this second character input as a dummy input regardless of which key is input. In the example of FIG. 2, the dummy input is indicated by “*”.

  The touch keyboard pattern “1, 4, 7” displayed when the third character is input includes “1”, which is the first digit of the registered passcode and the key to be input next. The extraction unit 124 recognizes this third character input as the first digit of the input passcode by the user. As an input for making the authentication OK, “1” is input in the third character input.

  When the fourth character is entered, the displayed touch keyboard pattern circulates again to “3, 6, 9”. This touch keyboard pattern “3, 6, 9” is the second digit of the registered passcode and the next "9" which is a key to be input is included. For this reason, the input passcode extraction unit 124 recognizes this fourth character input as the second digit of the input passcode by the user. As an input for making the authentication OK, “9” is input as the fourth character.

  In the 5th and 6th character key inputs, the input passcode extraction unit 124 has already recognized that all 2 digits of the input passcode have been entered by the user. Even if there is a dummy input. This completes the passcode input.

  Here, for example, when the user is inputting a passcode, it is assumed that a third party has seen the operation of the hand inputting the key and the input screen from a close distance such as over the shoulder of the user. Furthermore, after that, it is assumed that the input information authentication device 100 of this embodiment has been obtained by the third party.

  According to the input information authentication device 100 of the present embodiment, even if the third party tries to make the same key input as the sneak look at the input information authentication device 100 of the present embodiment, the initial pattern is different. Therefore, the displayed touch keyboard pattern is also different. For this reason, the same key is not displayed, and the input itself cannot be performed in the first place. Naturally, authentication cannot be performed with an input code string that has been stolen.

The security for the replay attack in this embodiment will be described with reference to the example of FIG.
For example, the user performs key input for authentication with a touch keyboard pattern that transitions as shown in FIG. 2A, and authentication is performed by key input of “1, 4, 9, 2, 5, 8” including dummy input. Suppose it is OK. After this, when a third party who steals the input screen and the operation of the hand inputting the key tries to perform key input for authentication, a touch keyboard pattern is generated by the initial pattern of FIG. 2B. Is displayed.

  In this case, even if the third party tries to input the same key “1, 4, 9, 2, 5, 8” that he / she saw in the input information authentication apparatus 100 of the present embodiment, the first character The touch keyboard pattern “3, 6, 9” displayed at the time of input does not include the input key “1” of the first character, and thus the same input cannot be performed.

  In addition, even if “9” that can be input at the first character is input and “2” is input at the next second character in order to perform the key input in the same order within the range that can be input, the input code string that has been stolen earlier The next “5” in is not included in the next touch keyboard pattern “1, 4, 7” of the third character. For this reason, the same input cannot be made.

  Thus, even if a third party who stole the input screen and the operation of the hand inputting the key tries to perform the key input for authentication, if the initial pattern is different, the displayed touch keyboard pattern is also different. Therefore, the same key input cannot be performed. For this reason, the replay attack itself is impossible, and authentication is NG.

  In this way, even if a third party steals a hand movement and an input screen with a predetermined number of key inputs for authentication OK, the displayed touch keyboard pattern is different. The content cannot be authenticated. Thus, even when the operation of the hand inputting the key and the input screen are seen, it is possible to realize high security without knowing the input content to be authenticated.

  Further, once the key input for authentication becomes NG, the wait time for input may be doubled at the next input. In this way, the wait time is doubled every time the key input for authentication becomes authentication NG, thereby improving the security against replay attack attempts and repeated brute force attacks. Alternatively, the wait time may be increased exponentially every time the authentication is NG.

  Next, an operation example of the input information authentication apparatus 100 as the first embodiment will be described with reference to the flowchart of FIG. In the operation of the present embodiment described below, it is assumed that a registration of a passcode is performed in advance and stored in the storage unit 140 by the registration unit 123 as a registration passcode.

  First, the initial pattern generation unit 121 generates an initial pattern which is array initial information for all key top information used for display on the touch keyboard (step S1).

  The pattern circulation unit 122 divides the generated initial pattern by a predetermined division method, generates a touch keyboard pattern for receiving an input of the first character, and displays the touch keyboard pattern on the display input unit 110 (step S2). In the example of FIG. 2 described above, the first line in the initial pattern of 3 rows × 3 columns is used as the touch keyboard pattern for the first character, and is displayed on the display input unit 110.

  Whenever one character is input in this way (step S3; Yes), the pattern circulation unit 122 generates a touch keyboard pattern with the number of input orders to be input next from the divided units obtained by dividing the initial pattern, and the display input unit. 110 is displayed (step S2). In the example of FIG. 2 described above, the first to third rows in the initial pattern of 3 rows × 3 columns are sequentially set to the touch keyboard pattern, and then the third row is circulated again to become the first row. A touch keyboard pattern with the input order number is displayed on the display input unit 110.

  In this way, key inputs are received up to a predetermined number of inputs, that is, the number of products of the number of digits of the registered passcode and the number of divisions of the touch keyboard pattern obtained by dividing the initial pattern (step S4). In the example shown in FIG. 2, the initial pattern is divided into three to generate a touch keyboard pattern, and the registered passcode is 2 digits, so the number of key inputs for authentication is 2 digits × 3 ways = 6 times ( 6 digits).

  When the key input is performed up to a predetermined number of times of input, the input passcode extraction unit 124 distinguishes the dummy code and the input passcode by the user based on the initial pattern generated in step S1 and the registered passcode, An extraction pattern for extracting only the input passcode by the user from the six-digit key input content is generated (step S5).

In the initial pattern example of FIG. 2A described above, this extraction pattern is “first digit, dummy, second digit, dummy, dummy, dummy” of the input passcode by the user in response to a six-digit key input. It is.
In the example of the initial pattern of FIG. 2B described above, the input passcode “dummy, dummy, 1st digit, 2nd digit, dummy, dummy” by the user with respect to the 6-digit key input.

  When the input passcode extraction unit 124 generates the extraction pattern in this way, the “first digit, second digit” of the input passcode by the user is extracted from the six-digit key input content along the extraction pattern (step) S6).

  The collation unit 130 collates the two-digit input passcode extracted by the input passcode extraction unit 124 with the registered passcode registered in the storage unit 140. As a result of this collation, authentication is OK when the two match, and authentication NG is determined otherwise (step S7).

  As described above, in the above-described embodiment of the present invention, when authentication is input after the authentication is OK, an initial pattern different from the previous initial pattern is generated. The displayed touch keyboard pattern is also different from the previous input. Therefore, as described above with reference to FIG. 2, even if an attempt is made to input the same key next time after the key input that has been authenticated, the same input cannot be performed, and the authentication result is NG.

In this way, even if the function substantially works like a one-time password and the registration passcode is the same, the key input content for authentication OK changes every time it is input. Further, there is no feature that the specific input digit corresponds to any digit of the input passcode by the user.
For this reason, sufficiently high security can be ensured as a countermeasure against a case where the input hand movement and the display screen are stolen from a third party. Furthermore, sufficient security strength can be secured against replay attacks such as repeated retries.

  Nevertheless, the user can easily perform an operation by inputting a key to be operated next for an authentication OK input when the key is displayed on the display screen and performing a dummy input in other cases. can do. As described above, the high security as described above can be realized without impairing the convenience of the user.

In addition, when the passcode authentication is OK, the initial pattern is regenerated as a different pattern when the next passcode is input, and when the authentication is NG, the initial pattern is left as it is when the next passcode is input. For this reason, the probability that the initial pattern which is the division | segmentation origin of the displayed touch keyboard pattern coincides by chance can be made into zero, and still higher security can be realized.
In addition, since a large number of dummy inputs can be mixed with the registered passcode stored by the user, a high level of security can be realized while keeping the user's memory load small.

  In the example of FIG. 2 described above, the case where the registered passcode has two digits has been described. However, the number is not limited to this number, and the security strength can be improved as the number of digits of the registered passcode is increased. In this case, the number of key inputs for authentication is the product of the number of digits of the registered passcode and the number of divisions of the touch keyboard pattern obtained by dividing the initial pattern. The number increases, and the security strength can be further improved.

  In the example of FIG. 2 described above, the initial pattern is described as 9 keys of 3 rows × 3 columns. However, the number of keys constituting the initial pattern that is the division source of the displayed touch keyboard pattern can be increased. Thus, the security strength can be further improved.

  In particular, when the input information authentication device 100 of the present embodiment is a touch panel type portable information terminal, it is conceivable to enter a passcode for authentication in a train or a crowd. May be seen by a third party from a close distance, such as over the shoulder and the display screen. As described above, even when the user who is entering the passcode for authentication and the display screen can be seen, it is difficult to infer the input contents for the authentication OK from the seen information. In addition, it is possible to provide an input information authentication device with excellent security.

Also, especially for beginners and elderly people, it is conceivable that the speed of key input is very slow even when a passcode is input. Accordingly, when viewed by a third party, hand movements and display screens may be easily stored.
According to the above-described embodiment, even in such a case, sufficiently high security can be ensured as described above.

  In the first embodiment described above, it has been described that the pattern circulation unit 122 divides the initial pattern of 3 rows × 3 columns generated by the initial pattern generation unit 121 into each row and displays it in order. The division method is not limited to this division method, and for example, the present invention can be similarly realized even with a configuration in which each column is divided and displayed in order.

[Second Embodiment]
Next, a second embodiment of the present invention will be described.
In the second embodiment, instead of displaying only a part of the initial pattern as a touch keyboard in the first embodiment described above, the entire initial pattern is displayed as a touch keyboard. .
Description of the same components as those in the first embodiment described above will be omitted.

  FIG. 4 shows an example of transition of the touch keyboard according to the present embodiment according to the generated initial pattern and an example of an input code string in the case of passcode authentication OK.

  In the second embodiment, the entire initial pattern generated by the initial pattern generation unit 121 is displayed as a touch keyboard. When receiving a key input for authentication, the pattern circulation unit 122 causes the display input unit 110 to display the matrix arrangement of the touch keyboard in a predetermined display order for each key input.

In the present embodiment, a predetermined display area is registered in advance together with the registration passcode. The keys provided in the predetermined display area are displayed so that each key top information, which is a division unit obtained by dividing the initial pattern into a predetermined number, is shifted in a predetermined order as in the first embodiment described above. The Further, other key top information constituting the initial pattern is displayed on a key provided outside the registered display area.
For this reason, as for the keys in the registered display area, whether or not the key to be operated next is displayed when the pass code for authentication OK is input is the same as in the first embodiment described above. It becomes the discrimination target to discriminate.

  In the example shown in FIG. 4, the display area for determining whether or not the key to be operated next in the input of the registration passcode is displayed is registered as the first row in the 3 × 3 matrix arrangement. Suppose that Further, the case where the registration passcode registered in advance by the registration unit 123 is “19” will be described.

  As shown in FIG. 4, the pattern circulation unit 122 uses the initial pattern as it is as a touch keyboard pattern when inputting the first character as an input key to be displayed on the display input unit 110. Also, when entering the second character, the initial pattern is cycled upward by one line so that the first line is the third line, the second line is the first line, the third line is the second line, etc. Display as a touch keyboard pattern. When inputting the third character and thereafter, the pattern circulation unit 122 circulates one line at a time for each key input, generates a touch keyboard pattern for the next input order number, and sequentially displays it.

  As an input rule to be presented to the user, when a key to be operated next is displayed in the registered display area of the touch keyboard when inputting a pass code for authentication OK, it is necessary to input the key unless the key is input. It shall not be authenticated as a code. Further, when the input of the pass code for making the authentication OK is completed, the subsequent key input is a dummy input up to a predetermined digit.

  Therefore, when inputting the pass code for authentication OK, the key input when the key to be operated next is not displayed in the registered display area of the touch keyboard and the pass code for authentication OK are input. The key input after the completion is treated as a dummy input and is not used for verification with the registered passcode in the verification unit 130.

  As an input rule to be presented to the user, it is preferable to input a numeric key that is not used for the registered passcode in the dummy input after the input of the passcode to be authenticated. By doing so, it is possible to further increase the security strength against a replay attack in which the same key input as a third party who has seen the key input is seen.

  In the case of the initial pattern example of FIG. 4A, “1”, which is the first digit of the registered passcode, is displayed in “1, 2, 3” on the first line in the touch keyboard pattern displayed when the first character is input. Therefore, the input passcode extraction unit 124 recognizes this first character input as the first digit of the input passcode by the user. As an input for authentication OK, “1” is input at the first character input.

  “4, 5, 6” on the first line in the touch keyboard pattern displayed when the second character is input includes “9”, which is the second digit of the registered passcode and the key to be input next. Therefore, the input passcode extraction unit 124 recognizes this second character input as a dummy input regardless of which key is input. In the example of FIG. 4, the dummy input is indicated by “*”.

  “7, 8, 9” on the first line in the touch keyboard pattern displayed when the third character is input includes “9”, which is the second digit of the registered passcode and the key to be input next. Therefore, the input passcode extraction unit 124 recognizes this third character input as the second digit of the input passcode by the user. As an input for making the authentication OK, “9” is input as the third character.

  In the 4th to 6th character key input, the input passcode extraction unit 124 has already recognized that all 2 digits of the input passcode have been entered by the user, so any key input can be made. Even if there is a dummy input. This completes the passcode input.

  As described above, in the example shown in FIG. 4, the initial pattern is 3 rows × 3 columns, and the touch keyboard pattern in the next input order number is circulated one row at a time for each key input. For this reason, there are three touch keyboard patterns in which the matrix of keys is circulated in the row direction, and the registered passcode is 2 digits. Therefore, the number of digits for authentication is 2 digits x 3 ways = 6 digits. It becomes. For this reason, even if the input of the pass code is completed, up to a predetermined number of digits including the dummy code (six digits in the example of FIG. 4) does not shift to the verification of the pass code unless some input is made. For this reason, after the pass code has been input, all inputs up to a predetermined number of digits (6 digits in the example of FIG. 4) including the dummy code are treated as dummy inputs.

  In the case of the initial pattern example of FIG. 4B, “3, 6, 9” on the first line in the touch keyboard pattern displayed when the first character is input is the first digit of the registered passcode “ Since “1” is not included, the input passcode extraction unit 124 recognizes the input of the first character as a dummy input regardless of which key is input. In the example of FIG. 4, the dummy input is indicated by “*”.

  “2, 5, 8” on the first line in the touch keyboard pattern displayed when the second character is input includes “1”, which is the first digit of the registered passcode and the key to be input next. Therefore, the input passcode extraction unit 124 recognizes this second character input as a dummy input regardless of which key is input. In the example of FIG. 4, the dummy input is indicated by “*”.

  “1, 4, 7” on the first line in the touch keyboard pattern displayed when the third character is input includes “1” which is the first digit of the registered passcode and the key to be input next. Therefore, the input passcode extraction unit 124 recognizes this third character input as the first digit of the input passcode by the user. As an input for making the authentication OK, “1” is input in the third character input.

  When the fourth character is input, the first line in the displayed touch keyboard pattern is circulated again to “3, 6, 9”, and the first line “3, 6, 9” in this touch keyboard pattern is registered in “3, 6, 9”. “9”, which is the second digit of the passcode and the key to be input next, is included. For this reason, the input passcode extraction unit 124 recognizes this fourth character input as the second digit of the input passcode by the user. As an input for making the authentication OK, “9” is input as the fourth character.

  In the 5th and 6th character key inputs, the input passcode extraction unit 124 has already recognized that all 2 digits of the input passcode have been entered by the user. Even if there is a dummy input. This completes the passcode input.

  Here, for example, when the user is inputting a passcode, it is assumed that a third party has seen the operation of the hand inputting the key and the input screen from a close distance such as over the shoulder of the user. Furthermore, after that, it is assumed that the input information authentication device 100 of this embodiment has been obtained by the third party.

Such security for the replay attack in this embodiment will be described with reference to the example of FIG.
For example, the user performs key input for authentication with a touch keyboard pattern that transitions as shown in FIG. 4A, and authentication is performed by key input of “1, 8, 9, 5, 3, 6” including dummy input. Suppose it is OK. After that, when a third party who steals the input screen and the operation of the hand inputting the key tries to perform key input for authentication, a touch keyboard pattern is generated by the initial pattern of FIG. 4B. Is displayed.

  In this case, when the third party inputs the same six digits “1, 8, 9, 5, 3, 6” that he / she saw earlier in the input information authentication apparatus 100 of the present embodiment, the first character When the second character is input, the input passcode extraction unit 124 recognizes it as a dummy input as described above. Therefore, in the initial pattern of FIG. 4B, as described above, the third character is recognized as the first digit of the input passcode by the user, and the fourth character is recognized as the second digit of the input passcode.

  Thus, the input passcode extraction unit 124 recognizes that the input passcode by the user is “95”, so it does not match the registered passcode “19”, and the authentication result is NG.

  For this reason, even if a third party who has seen the passcode input obtains the input information authenticating apparatus 100 and inputs the same 6 digits as the previous one, it is not possible to authenticate with the input contents seen. . Thus, even when the operation of the hand inputting the key and the input screen are seen, it is possible to realize high security without knowing the input content to be authenticated.

  Further, once the key input for authentication becomes NG, the wait time for input may be doubled at the next input. In this way, the wait time is doubled every time the key input for authentication becomes authentication NG, thereby improving the security against replay attack attempts and repeated brute force attacks. Alternatively, the wait time may be increased exponentially every time the authentication is NG.

  Next, an operation example of the input information authentication apparatus 100 as the second embodiment will be described with reference to the flowchart of FIG. In the operation of the present embodiment described below, it is assumed that a registration of a passcode is performed in advance and stored in the storage unit 140 by the registration unit 123 as a registration passcode.

  First, the initial pattern generation unit 121 generates an initial pattern which is array initial information for all key top information used for display on the touch keyboard (step S1).

  The pattern circulation unit 122 causes the display input unit 110 to display the arrangement of the key top information as the initial pattern as a touch keyboard pattern for receiving the input of the first character (step S2).

  Whenever one character is input in this way (step S3; Yes), the pattern circulation unit 122 circulates one line at a time to generate a touch keyboard pattern in the next input order number, and sequentially displays it on the display input unit 110. (Step S2).

  Thus, key inputs are received up to a predetermined number of inputs, that is, the number of products of the number of digits of the registered passcode and the number of touch keyboard patterns obtained by circulating the initial pattern (step S4). In the example shown in FIG. 4, since there are three touch keyboard patterns in which the initial pattern is circulated in the row direction and the registered passcode is two digits, the number of key input digits for authentication is two digits × three ways = 6 times (6 digits).

  When the key input is performed up to a predetermined number of times of input, the input passcode extraction unit 124 distinguishes the dummy code and the input passcode by the user based on the initial pattern generated in step S1 and the registered passcode, An extraction pattern for extracting only the input passcode by the user from the six-digit key input content is generated (step S5).

In the initial pattern example of FIG. 4A described above, this extraction pattern is “first digit, dummy, second digit, dummy, dummy, dummy” of the input passcode by the user in response to a six-digit key input. It is.
In the example of the initial pattern in FIG. 4B described above, the input passcode by the user is “dummy, dummy, 1st digit, 2nd digit, dummy, dummy” for a 6-digit key input.

  When the input passcode extraction unit 124 generates the extraction pattern in this way, the “first digit, second digit” of the input passcode by the user is extracted from the six-digit key input content along the extraction pattern (step) S6).

  The collation unit 130 collates the two-digit input passcode extracted by the input passcode extraction unit 124 with the registered passcode registered in the storage unit 140. As a result of this collation, authentication is OK when the two match, and authentication NG is determined otherwise (step S7).

As described above, in the above-described embodiment of the present invention, when authentication is input after the authentication is OK, an initial pattern different from the previous initial pattern is generated. The displayed touch keyboard pattern is also different from the previous input.
Therefore, as described above with reference to FIG. 4, even if the same key input string is input next time the key input is authenticated, the authentication result is NG. In this way, it functions substantially like a one-time password, and even if it is the same registered passcode, the key input content for authentication OK changes every time it is input, so it is input A sufficiently high level of security can be ensured as a countermeasure against a case where the movement of the hand and the display screen are stolen from a third party.

  As described above, according to the second embodiment described above, as a countermeasure against a case where the movement of the input hand and the display screen are stolen from a third party, as in the first embodiment described above. Sufficient security strength can be ensured.

  In the second embodiment described above, the initial pattern of 3 rows × 3 columns generated by the initial pattern generation unit 121 is sequentially circulated one row at a time each time the key is input by the pattern circulation unit 122. Although described as displaying, the present invention is not limited to this method as long as the matrix arrangement of the initial pattern can be circulated and sequentially displayed, and any circulating method may be used. For example, the present invention can be realized in the same manner regardless of whether it is configured to circulate one row at a time and display sequentially or to circulate one column at a time in the right or left direction and display sequentially. it can.

[Third Embodiment]
Next, a third embodiment of the present invention will be described.
In the third embodiment, functions such as initial pattern generation, passcode storage, and collation in the first and second embodiments described above are realized using a server device.
Description of the same components as those in the first and second embodiments described above will be omitted.

  As shown in FIG. 5, the input information authentication system as the third embodiment is configured by connecting an input information authentication device 100 and a server device 200 via a network.

  The input information authentication apparatus 100 includes a communication unit 150 in addition to the display input unit 110, the display input control unit 120, and the pattern circulation unit 122 similar to those in the first and second embodiments described above.

  The communication unit 150 is connected to the communication unit 250 of the server device 200 via a network by wire, wireless, or a combination thereof, and performs communication with the server device 200.

  The display input control unit 120 controls the display of the input keys displayed on the display input unit 110 and the operation input to the display input unit 110 as an input signal based on the transmission / reception contents of the communication unit 150 with the server device 200. I do.

  The server device 200 is registered with a communication unit 250, an initial pattern generation unit 121, a registration unit 123, an input passcode extraction unit 124, and a collation unit 130 similar to those in the first and second embodiments described above. And a storage unit 140 that stores the registered passcode and the like.

  The communication unit 250 is connected to the communication unit 150 of the input information authentication device 100 via a network by wire, wireless, or a combination thereof, and performs communication with the input information authentication device 100. Through this communication, the server apparatus 200 performs display control of an input key displayed on the display input unit 110 of the input information authentication apparatus 100 and the like.

  Next, an operation example of the input information authentication system as the third embodiment will be described with reference to the flowchart of FIG. In the operation of the present embodiment described below, it is assumed that a registration passcode used in the input information authentication device 100 is registered in advance by the control of the registration unit 123 of the server device 200 and registered in the storage unit 140.

  First, the initial pattern generation unit 121 of the server device 200 generates an initial pattern that is array initial information for all key top information used for display on the touch keyboard (step S11). The generation of the initial pattern may be the same as in the first and second embodiments described above.

  When the initial pattern generation unit 121 generates an initial pattern, the communication unit 250 transmits the generated initial pattern and the number of input characters to the input information authentication apparatus 100 (step S12).

  When the touch keyboard is configured as in the first embodiment described above, the number of input characters is the number of products of the number of digits of the registered passcode and the number of divisions of the touch keyboard pattern obtained by dividing the initial pattern. For example, as in the example of FIG. 2 described above, a touch keyboard pattern is generated by dividing the initial pattern into three, and if the registered passcode is 2 digits, the number of key inputs for authentication is 2 digits × 3 ways. = 6 times (6 digits).

  The number of input characters is the number of products of the number of digits of the registered passcode and the number of touch keyboard patterns obtained by circulating the initial pattern when the touch keyboard is configured as in the second embodiment described above. . For example, as in the example of FIG. 4 described above, if there are three touch keyboard patterns in which the initial pattern is circulated in the row direction and the registered passcode is two digits, the number of key input digits for authentication is two digits. X 3 ways = 6 times (6 digits).

  The pattern circulation unit 122 of the input information authentication device 100 generates a touch keyboard pattern based on the initial pattern and the number of input characters received from the server device 200 by the communication unit 150 and displays the same as in the first and second embodiments. It is displayed on the input unit 110 (step S13).

  Whenever one character is input in this way (step S14; Yes), the pattern circulation unit 122 generates a touch keyboard pattern with the input order number to be input next based on the initial pattern and displays it on the display input unit 110. (Step S13). The touch keyboard pattern generation method may be the same as in the first and second embodiments described above.

  When the specified number, that is, the number of input characters received from the server device 200 is input in this way (step S15; Yes), the communication unit 150 transmits the input code string of the number of input characters to the server device 200 (step S16).

  The input passcode extraction unit 124 of the server device 200 generates an extraction pattern for extracting only the input passcode by the user from the six-digit key input content based on the initial pattern generated in step S11 and the registered passcode. Generate (step S17). The method for generating the extraction pattern may be the same as in the first and second embodiments described above.

  When the input passcode extraction unit 124 generates the extraction pattern in this way, the “first digit, second digit” of the input passcode by the user is extracted from the six-digit key input content along the extraction pattern (step) S18).

  The collation unit 130 collates the two-digit input passcode extracted by the input passcode extraction unit 124 with the registered passcode registered in the storage unit 140. As a result of this collation, authentication is OK when the two match, and authentication NG is determined otherwise (step S19).

  As described above, according to the above-described third embodiment, the same effects as those of the above-described first and second embodiments can be obtained, and defense can be performed with stronger security than the input information authentication device 100 that is a terminal. Since the server device 200 that is being used can be used as a passcode storage location, security can be further improved.

  In addition, the server device 200 generates an initial pattern, and the server device 200 receives an input code string based on the initial pattern from the input information authentication device 100 and performs processing, whereby authentication such as challenge and response is performed. The effect is obtained, and the effect of defense against impersonation of the terminal itself (including the impersonation of the program on the terminal) is obtained.

[Fourth Embodiment]
Next, a fourth embodiment of the present invention will be described.
In the fourth embodiment, the registered passcode is encrypted after being encrypted with a one-way function such as a hash function, and the input passcode can be verified by the user in that state.
Description of the same components as those in the first and second embodiments described above will be omitted.

  As shown in FIG. 7, the input information authenticating device 100 as the fourth embodiment includes a display input unit 110, a display input control unit 120, and an initial pattern generation similar to those in the first and second embodiments described above. Unit 121, pattern circulation unit 122, input passcode extraction unit 124, and storage unit 140, an encryption registration unit 161 that encrypts a registration passcode with a one-way function such as a hash function, and an input path And an encryption verification unit 162 that encrypts and verifies the code with a one-way function. The storage unit 140 stores the hash value encrypted by the encryption registration unit 161.

An operation of encrypting and storing a passcode when the user registers the passcode in the apparatus in the input information authentication apparatus 100 of the present embodiment will be described with reference to the flowchart of FIG.
The following operation example shows a case where HMAC using a hash function is used as encryption by a one-way function, and a hash code obtained by hashing a numerical value x with HMAC is shown as HMAC (x).

When the passcode to be registered is input, the input passcode extraction unit 124 generates extraction patterns in advance for all the initial patterns of the touch keyboard (step S21). The initial pattern is randomly generated as described above, i.e., all patterns to be considered from the combination of the number of input keys may be obtained has (input key 2 ^nine long nine), the initial pattern used as the input color These combinations may be determined in advance (for example, 30 patterns) and the determined number may be possible. An extraction pattern corresponding to the registered passcode is generated in advance for all the possible initial patterns.

  The encryption registration unit 161 assigns each digit of the passcode to the generated extraction pattern, decomposes the extraction pattern for each digit, and performs hashing (step S22) (first encryption unit). The hash codes for the respective digits thus hashed are collected as one group, associated with the corresponding initial pattern, and stored in the storage unit 140 (step S23).

  FIG. 9 shows an example in which the extracted pattern is decomposed and hashed for each digit. In the example of FIG. 9, the extraction pattern is “1st digit, dummy of the input passcode by the user with respect to the 6-digit key input as in the example of FIG. 2 (a) and FIG. 4 (a) described above. , 2nd digit, dummy, dummy, dummy ”, and the registered passcode is“ 19 ”.

  If each digit of the registered passcode is assigned to this extraction pattern and the dummy code is indicated by “*”, it becomes “1, *, 9, *, *, *” as illustrated in FIG. Here, with respect to the two-digit registered passcode, when digits are taken with numbers that are not used in the passcode, and each digit is disassembled, “100000” and “9000” are obtained.

  In this embodiment, since the authentication information is described as a passcode consisting of any one of 1 to 9, the other digits are shown as “0” as numbers not used in the passcode, The digit is used to indicate the digit in the extracted passcode extraction pattern. For example, when the authentication information is a passcode consisting of any number from 0 to 9, it can be realized in the same manner by setting “10” in the numeric string expressed in hexadecimal to other digits.

  Each of “100000” and “9000” obtained by digitizing the passcode numbers separated for each digit by using “0” which is not used for the passcode is hashed by HMAC. HMAC (100000) and HMAC (9000) as a group of such hashed hash codes are converted into corresponding initial patterns (in the example of FIG. 9, the initial pattern of FIG. 2 (a) or FIG. 4 (a)). The data are stored in the storage unit 140 in association with each other.

  Here, when the touch keyboard pattern is generated as in the first and second embodiments described above and the registration passcode is “19”, “1” in the first digit of the registration passcode is the input code by the user. There can be either the first, second, third character in the column. That is, if the extracted pattern is shown in a state of being decomposed for each digit, there are three possibilities of “100000”, “10000”, and “1000”.

  Similarly, “9” in the second digit of the pass code may be any of the second to sixth characters of the input code string by the user. That is, when the extracted pattern is shown in a state of being decomposed for each digit, there are five possibilities of “90000”, “9000”, “900”, “90”, “9”.

  For this reason, the values hashed by the encryption registration unit 161 are 3 + 5 = 8, and in step S23 of FIG. 8 described above, any two of these eight hash values are included in each initial pattern as described above. It is associated and stored in the storage unit 140.

  In this way, even if a third party who obtains the input information authentication apparatus 100 tries to analyze the stored information in the storage unit 140, not only the registered passcode is known, but also the extraction pattern It can also be unclear which input digit corresponds to any digit of the input passcode by the user.

  Next, an operation example when the input information authentication apparatus 100 according to the fourth embodiment receives a passcode input from the user will be described with reference to a flowchart of FIG.

  As operations when receiving a passcode input, the operations of steps S1 to S4 are the same as the operations of steps S1 to S4 in the flowchart of FIG. 3 described above in the first and second embodiments.

In this way, the user receives key inputs up to a specified number of input characters.
When the touch keyboard is configured as in the first embodiment described above, the number of input characters is the number of products of the number of digits of the registered passcode and the number of divisions of the touch keyboard pattern obtained by dividing the initial pattern. For example, as in the example of FIG. 2 described above, a touch keyboard pattern is generated by dividing the initial pattern into three, and if the registered passcode is 2 digits, the number of key inputs for authentication is 2 digits × 3 ways. = 6 times (6 digits).

  The number of input characters is the number of products of the number of digits of the registered passcode and the number of touch keyboard patterns obtained by circulating the initial pattern when the touch keyboard is configured as in the second embodiment described above. . For example, as in the example of FIG. 4 described above, if there are three touch keyboard patterns in which the initial pattern is circulated in the row direction and the registered passcode is two digits, the number of key input digits for authentication is two digits. X 3 ways = 6 times (6 digits).

  The encryption verification unit 162 decomposes the input code string by the user for each digit in the same way as when registering the passcode, digitizes it using “0” that is not used for the passcode, and hashs it with HMAC ( Step S31) (second encryption means).

  The encryption collation unit 162 collates the hash code stored in the storage unit 140 in association with the initial pattern generated in step S1 and the hash code hashed in step S31 (step S32).

  Here, since the input code string includes a dummy code, the number of hash codes from the input code string hashed in step S31 is larger than the number of hash codes associated with the initial pattern. For example, if the registered passcode is two digits, there are two hash codes associated with the initial pattern, and there are six hash codes from the input code string hashed in step S31.

  For this reason, for each hash code from the input code string hashed in step S31, a search is made as to whether or not there is a matching hash code associated with the initial pattern from the input upper digits. . Then, the hash code associated with the initial pattern, that is, the hash code from the registered passcode is collated to determine whether there is a match, and if there is a hash code that matches all, the verification is OK. Pass code authentication is OK.

As a specific example, for example, with respect to the initial pattern illustrated in FIG. 2A, key input is performed using the input code string “1, 4, 9, 2, 5, 8” described above in the first embodiment. If performed, the hash code from the input code string hashed in step S31 is
“Md5 (100,000)”
"Md5 (40000)"
"Md5 (9000)"
"Md5 (200)"
"Md5 (50)"
"Md5 (8)"
It becomes six.

On the other hand, for example, the hash code stored in the storage unit 140 in association with the initial pattern illustrated in FIG.
“Md5 (100,000)”
"Md5 (9000)"
These are two.

  When these two are collated as described above, hash codes that match among the two hash codes associated with the initial pattern in FIG. 2A from among the six hash codes hashed in step S31. Is detected. For this reason, the collation in step S32 is OK and the passcode authentication is OK.

Further, for example, when the key input is performed with the input code string “1, 8, 9, 5, 3, 6” described in the second embodiment with respect to the initial pattern illustrated in FIG. The hash code from the input code string hashed in step S31 is
“Md5 (100,000)”
"Md5 (80000)"
"Md5 (9000)"
"Md5 (500)"
"Md5 (30)"
"Md5 (6)"
It becomes six.

In contrast, for example, the hash code stored in the storage unit 140 in association with the initial pattern illustrated in FIG.
“Md5 (100,000)”
"Md5 (9000)"
These are two.

  When these two are collated as described above, hash codes that match among the two hash codes associated with the initial pattern of FIG. 4A from among the six hash codes hashed in step S31. Is detected. For this reason, the collation in step S32 is OK and the passcode authentication is OK.

  As described above, according to the fourth embodiment described above, the same effects as those of the first and second embodiments described above can be obtained, and the registration passcode can be encrypted with a one-way function such as a hash function. Therefore, even when the input information authentication device 100 is obtained by a third party, it is possible to protect against analysis of the stored information in the memory. Nevertheless, even when the pass code input includes the same dummy code as in the first and second embodiments described above, the input pass code can be reliably verified. For this reason, higher security can be realized.

  In addition, in the collation method of the fourth embodiment described above, collation can be performed with a much smaller amount of computation than when using an advanced calculation technique in which computation for collation is performed in an encrypted state. Therefore, even a computer having a relatively low processing capability such as a mobile terminal can be easily realized.

[About each embodiment]
Each of the above-described embodiments is a preferred embodiment of the present invention, and the present invention is not limited to this, and various modifications can be made based on the technical idea of the present invention.

  For example, in each of the above-described embodiments, an example in which the pass code has two digits of “19” has been described. However, the number of digits of the pass code is not limited to this number, and may be arbitrarily determined according to the performance of the apparatus. It may be. Naturally, the security can be further increased by increasing the number of digits of the passcode.

Further, in the above-described embodiment, it has been described that a numeric passcode is used as the authentication information. However, the authentication information is not limited to this as long as the authentication information can be expressed as a numeric string. Or a combination thereof.
In this case, for example, in the case of an alphabet, the display input unit 110 displays a touch keyboard using the alphabet as key top information, and handles the alphabets A to Z input as numbers 1 to 26, or a character string by ASCII code. Can be realized in the same manner as in the above-described embodiment by a method such as forming a numerical string. In the case of a stroke, the key top information of the input start key and the key top information of the end key can be handled as a numeric string, and can be realized in the same manner as the above-described embodiment.

  As described above, the authentication information that can be used in the above-described embodiment is a numeric string, a character string, an image string, coordinate information, or the like, as long as it can be expressed as a numeric string by performing a predetermined conversion. A combination of these may be used.

  In the embodiment described above, the generated initial pattern is circulated to generate a touch keyboard pattern and displayed on the display input unit 110. However, the initial pattern is divided into a plurality of times and a predetermined display area is displayed. As long as they are displayed in a predetermined order, the touch keyboard pattern generation method may be arbitrary.

Further, in each of the above-described embodiments, it has been described that the user inputs a key to the touch keyboard displayed on the touch panel display of the display input unit 110. However, the input unit and the display unit are not limited to the touch keyboard, and are physically It may be a keyboard.
That is, each embodiment mentioned above is not limited to the structure with which an input part and a display part are united, Even if an input part and a display part are a different body or another apparatus, this invention is implement | achieved similarly. Can do.
When the input unit and the display unit are separate, the keys that can be input are displayed on the display unit, and the user performs key input using the keys of the input unit corresponding to the keys displayed on the display unit. Also with such a configuration, the above-described embodiments can be similarly realized, and the same effect can be obtained.

  Moreover, the input information authentication device 100 of each embodiment described above is not limited to a portable information terminal, and can be similarly applied to a stationary device such as a desktop PC.

In addition, by recording the processing procedure for realizing the input information authentication device 100 or the server device 200 as each embodiment described above on a recording medium as a program, the above-described functions according to each embodiment of the present invention can be obtained. A program supplied from a recording medium can be realized by causing a CPU of a computer constituting the system to perform processing.
In this case, the present invention can be applied even when an information group including a program is supplied to the output device from the above recording medium or from an external recording medium via a network.
That is, the program code itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program code and the signal read from the recording medium constitute the present invention. It will be.
As this recording medium, for example, a hard disk, an optical disk, a magneto-optical disk, a floppy (registered trademark) disk, a magnetic tape, a nonvolatile memory card, a ROM, or the like may be used.

  According to the program according to the present invention, each function in each of the above-described embodiments can be realized by a computer controlled by the program.

DESCRIPTION OF SYMBOLS 110 Display input part 120 Display input control part 121 Initial pattern production | generation part 122 Pattern circulation part (display pattern production | generation means)
123 Registration Unit 124 Input Passcode Extraction Unit 130 Verification Unit 140 Storage Unit 150, 250 Communication Unit 161 Encryption Registration Unit 162 Encryption Verification Unit

Claims (13)

An input information authentication device for performing authentication, which is a determination that the information corresponding to the operated key of the input means having a plurality of keys and the authentication information stored in advance match.
Key top information assigned to the plurality of keys is sequentially displayed in a predetermined display area divided into a plurality of times,
Use the information corresponding to the key of the input means operated when the key top information of the key to be operated to perform an input that matches the authentication information is displayed in the display area for the authentication, Do not use information corresponding to the key of the input means operated when the key top information of the key to be operated to perform an input that matches the authentication information is not displayed in the display area for the authentication. age,
Initial pattern generating means for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times;
Each input order number in a predetermined number of key inputs for authentication so that a division unit obtained by dividing the initial pattern generated by the initial pattern generation unit into a predetermined number is displayed in the display area in a plurality of times. An input information authentication apparatus comprising: a display pattern generation unit configured to generate a display pattern . Based on the display pattern in each input order number generated by the display pattern generation means, key top information of a key to be operated to perform an input that matches the authentication information is displayed in the display area. Extracting means for extracting the input order number;
The authentication information is compared with the information corresponding to the key input with the input order number extracted by the extracting means, and the information corresponding to the key input with the other input order number is the same as the authentication information. input information authentication device according to claim 1, characterized in that and a checking means not to perform verification. An input information authentication device for performing authentication, which is a determination that the information corresponding to the operated key of the input means having a plurality of keys and the authentication information stored in advance match.
Key top information assigned to the plurality of keys is sequentially displayed in a predetermined display area divided into a plurality of times,
Use the information corresponding to the key of the input means operated when the key top information of the key to be operated to perform an input that matches the authentication information is displayed in the display area for the authentication, Do not use information corresponding to the key of the input means operated when the key top information of the key to be operated to perform an input that matches the authentication information is not displayed in the display area for the authentication. age,
Authentication information stored in advance is information that can be expressed as a numeric string.
First encryption means for deciphering the authentication information expressed as a numeric string for each digit and encrypting the authentication information with a one-way function;
A second encryption means for expressing the input information input from the input means as a number string, decomposing each digit, and encrypting with the one-way function;
The first input information authentication device you comprising the, and collating means for collating the encrypted text by encrypting a character string and the second encryption means by the encryption means. The first encryption means decomposes the authentication information expressed as a number string into numbers for each digit, and a digit in which the decomposed number exists for the number of input characters including dummy inputs. Is digitized with a number not used in the authentication information, and the digitized digit is encrypted with the one-way function,
The second encryption unit expresses the input information input from the input unit as a numeric string and decomposes it into a number for each digit, and the decomposed number exists in the numeric string of the input information. 4. The input information authentication apparatus according to claim 3 , wherein a digit is digitized by a number that is not used for authentication information, and the digitized digit is encrypted by the one-way function. Initial pattern generating means for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times;
Each input order number in a predetermined number of key inputs for authentication so that a division unit obtained by dividing the initial pattern generated by the initial pattern generation unit into a predetermined number is displayed in the display area in a plurality of times. Display pattern generating means for generating a display pattern at
The first encryption means calculates an encrypted character string encrypted with the one-way function for each initial pattern generated by the initial pattern generation means,
The verification means includes an encrypted character string encrypted by the first encryption means with respect to an initial pattern used for a predetermined number of key inputs for authentication, and encryption by the second encryption means input information authentication device according to claim 3 or 4, wherein the matching of a character string. Claim 1 wherein the plurality of keys of the input means is provided only in the display region, the plurality of keys, wherein said each divided unit is displayed so that a transition to a predetermined order, The input information authentication device according to 2 or 5 . The plurality of keys of the input means are provided inside and outside the display area, and the keys provided in the display area are displayed so that the respective division units transition in a predetermined order, and the initial claim keytop information other than that displayed on the key in the display area of the key-top information is included in the pattern, characterized in that displayed on the key provided outside the display region 1, 2 or 5 The input information authentication device described. An input information authentication device for performing authentication, which is a determination that the information corresponding to the operated key of the input means having a plurality of keys and the authentication information stored in advance match.
Key top information assigned to the plurality of keys is sequentially displayed in a predetermined display area divided into a plurality of times,
Use the information corresponding to the key of the input means operated when the key top information of the key to be operated to perform an input that matches the authentication information is displayed in the display area for the authentication, Do not use information corresponding to the key of the input means operated when the key top information of the key to be operated to perform an input that matches the authentication information is not displayed in the display area for the authentication. age,
The input information authentication device is used by being connected to a server device by wire, wireless, or a combination thereof,
The server device includes an initial pattern generation means for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times,
The input information authentication device is configured to perform a predetermined number of times for authentication so that a division unit obtained by dividing the initial pattern generated by the initial pattern generation unit into a predetermined number is divided and displayed in the display area. input information authentication device you comprising the display pattern generating means for generating a display pattern for each input sequence number at the key input. The server device
Based on the display pattern in each input order number generated by the display pattern generation means, key top information of a key to be operated to perform an input that matches the authentication information is displayed in the display area. Extracting means for extracting the input order number;
The authentication information is compared with the information corresponding to the key input with the input order number extracted by the extracting means, and the information corresponding to the key input with the other input order number is the same as the authentication information. The input information authentication apparatus according to claim 8 , further comprising a verification unit that does not perform verification. Wherein the input means is configured to display a plurality of keys on a display screen, detecting a contact position of the said surface shows a screen, determine whether the input to any of the plurality of keys based on the position information of the contact position input information authentication device according to any one of claims 1 9, characterized in that a touch panel display that. A server device used by being connected to an input information authentication device by wire, wireless, or a combination thereof,
The input information authentication device includes:
An input means having a plurality of keys;
Display means;
Communication means for transmitting the input content to the input means to the server device,
The key top information assigned to the plurality of keys is divided into a plurality of times and sequentially displayed in a predetermined display area in the display means,
The server device
Performing authentication, which is a determination that the information corresponding to the input content matches the authentication information stored in advance, and
When the input content from the input information authentication device is received, the key information that is operated when the key top information of the key to be operated to perform an input that matches the authentication information is displayed in the display area. The information corresponding to the key of the input means is used for the authentication, and the key top information of the key to be operated in order to perform an input that matches the authentication information is not displayed in the display area. The information corresponding to the key of the input means is not used for the authentication ,
The server device includes an initial pattern generation means for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times,
The input information authentication device is configured to perform a predetermined number of times for authentication so that a division unit obtained by dividing the initial pattern generated by the initial pattern generation unit into a predetermined number is divided and displayed in the display area. A server device comprising display pattern generation means for generating a display pattern for each input order number in key input . An input information authentication system configured by connecting an input information authentication device and a server device by wire, wireless, or a combination thereof,
The input information authentication device includes:
An input means having a plurality of keys;
Display means;
Communication means for transmitting the input content to the input means to the server device,
The key top information assigned to the plurality of keys is divided into a plurality of times and sequentially displayed in a predetermined display area in the display means,
The server device
Performing authentication, which is a determination that the information corresponding to the input content matches the authentication information stored in advance, and
When the input content from the input information authentication device is received, the key information that is operated when the key top information of the key to be operated to perform an input that matches the authentication information is displayed in the display area. The information corresponding to the key of the input means is used for the authentication, and the key top information of the key to be operated in order to perform an input that matches the authentication information is not displayed in the display area. The information corresponding to the key of the input means is not used for the authentication ,
The server device includes an initial pattern generation means for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times,
The input information authentication device is configured to perform a predetermined number of times for authentication so that a division unit obtained by dividing the initial pattern generated by the initial pattern generation unit into a predetermined number is divided and displayed in the display area. An input information authentication system comprising display pattern generation means for generating a display pattern for each input order number in key input . A program of an input information authenticating device for performing authentication, which is a judgment that information corresponding to an operated key of an input means having a plurality of keys is compared with previously stored authentication information,
On the computer,
A procedure for sequentially displaying key top information assigned to the plurality of keys in a predetermined display area divided into a plurality of times;
Use the information corresponding to the key of the input means operated when the key top information of the key to be operated to perform an input that matches the authentication information is displayed in the display area for the authentication, Information corresponding to the key of the input means operated when the key top information of the key to be operated for performing the input that matches the authentication information is not displayed in the display area is not used for the authentication. And the procedure to
A procedure for generating an initial pattern of all key top information displayed in the display area divided into a plurality of times;
Generate a display pattern for each number of input orders for a predetermined number of key inputs for authentication so that a division unit obtained by dividing the generated initial pattern into a predetermined number is divided and displayed in the display area a plurality of times. And the steps to
The program of the input information authentication device characterized by performing this.

Images