JP5778107B2 - Authentication information input device, server device, authentication system, and program - Google Patents

Description

  The present invention relates to a technique for performing authentication by comparing authentication information received by a user's input operation with authentication information stored in advance.

  As a technique for authenticating whether or not the user is an authorized user, the user side operates a screen such as a touch panel to input authentication information such as a personal identification number, and collates the input authentication information with preset authentication information. There is a technique for authenticating whether or not the user is a legitimate user. This type of technology is used for, for example, user authentication when using a financial automatic machine (ATM) or the like, and user authentication when releasing a screen lock of a smartphone or a straight PC.

  However, in the above technique, when the user inputs authentication information by operating the touch panel or the like, the authentication information may be stolen by a third party.

  As a method to prevent authentication information from being seen by a third party, for example, the viewing angle of a touch panel or the like for inputting authentication information is narrowed, or the input authentication information is displayed on the screen with “*” mark or the like. There is a method of displaying only the number of input digits.

  Patent Document 1 (Japanese Patent No. 2985888) discloses a technology of a password input device in which a user inputs a password using a numeric keypad from a terminal such as a financial automatic machine (ATM). In the above Patent Document 1, an input numeric keypad screen and a fake input numeric keypad screen are displayed on the display, and information for instructing the user whether to input a dummy number or a password is presented on the fake input numeric keypad screen. In addition, by inserting a dummy number into the personal identification number, the personal identification number is prevented from being stolen by a third party when the personal identification number is input.

  Patent Document 2 (Japanese Patent Application Laid-Open No. 2005-71202) uses system authentication information by a recording medium incorporated in a system-side electronic device and personal authentication information by a user's personal input operation. A technique for mutually authenticating an individual and a system-side electronic device to be accessed is disclosed. In the above Patent Document 2, two sets of authentication data, that is, personal authentication data indicating personal authentication information and server authentication data indicating system authentication information are registered and set, and server-side authentication using server authentication data; User-side authentication using personal authentication data is performed alternately. In addition, image data is used for personal authentication data and server authentication data.

Japanese Patent No. 2985888 JP-A-2005-71202

  However, the technology disclosed in the above-mentioned Patent Document 1 assumes that a third party is located some distance away, such as a financial automatic machine (ATM). It is not taken into account even if measures are taken when seen. For this reason, for example, not only the movement of the user's hand entering the personal identification number but also the screen on which the personal identification number is entered may be seen due to the shoulder of the user entering the personal identification number or a hidden camera. May be identified as to which input is a dummy number, and the personal identification number may be known to a third party.

  In the above-mentioned Patent Document 2, since server-side authentication using server authentication data and user-side authentication using personal authentication data are alternately performed, all authentication information is instantly known to a third party. Can be prevented to some extent. However, it is not possible to prevent authentication information when watched. In addition, it is necessary to perform the authentication operation with the system-side electronic device a plurality of times, which takes time and effort to complete the authentication operation.

  The present invention has been made in view of the above circumstances, and even when a third party sees a screen on which the user's hand or authentication information is input when inputting the authentication information, the analogy of the authentication information is first. An object of the present invention is to provide an authentication information input device, a server device, an authentication system, and a program that are difficult for the three parties.

  In order to achieve this object, the present invention has the following features.

<Authentication information input device>
An authentication information input device according to the present invention includes:
A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions Display means for displaying the display image selected from storage means for storing a plurality of display images including at least a second image that is not
Input means for inputting at least one image selected by a user operation from the display images displayed on the display means as authentication information used when permitting the user authentication;
The user authentication is permitted when the first image included in the display image displayed on the display means is selected by a user operation.

<Server device>
The server device according to the present invention includes:
A server device connected to the authentication information input device,
A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions A transmitting unit that transmits the display image selected from the storage unit that stores a plurality of display images including at least a second image that is not included, to the authentication information input device;
At least one image selected by a user operation from the display images displayed on the display means on the authentication information input device side is used as authentication information to be used when the user authentication is permitted. Receiving means for receiving the authentication information input to the input means on the side,
Authentication means for permitting authentication of the user when the authentication information received by the receiving means is the first image included in the display image transmitted to the authentication information input device by the transmitting means;
It is characterized by having.

<Authentication system>
An authentication system according to the present invention includes:
An authentication system comprising an authentication information input device and a server device,
The server device
A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions A transmitting unit that transmits the display image selected from the storage unit that stores a plurality of display images including at least a second image that is not included, to the authentication information input device;
At least one image selected by a user operation from the display images displayed on the display means on the authentication information input device side is used as authentication information to be used when the user authentication is permitted. Receiving means for receiving the authentication information input to the input means on the side,
Authentication means for permitting authentication of the user when the authentication information received by the receiving means is the first image included in the display image transmitted to the authentication information input device by the transmitting means; Have
The authentication information input device includes:
The display means for displaying the display image received from the server device;
Input means for inputting at least one image selected by a user operation from the display images displayed on the display means as authentication information used when permitting the user authentication;
And transmitting means for transmitting the authentication information input to the input means to the server device.

<Program>
The program according to the present invention is:
A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions A display process for displaying on the display means the display image selected from the storage means for storing a plurality of display images including at least a second image that is not included,
An input process for inputting at least one image selected by a user operation from the display images displayed on the display means to the input means as authentication information used when permitting the user authentication; Run to
The user authentication is permitted when the first image included in the display image displayed on the display means is selected by a user operation.

The program according to the present invention is:
A program to be executed by a computer of a server device connected to an authentication information input device,
A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions A transmission process for transmitting the display image selected from the storage means for storing a plurality of display images including at least a second image that has not been transmitted to the authentication information input device;
At least one image selected by a user operation from the display images displayed on the display means on the authentication information input device side is used as authentication information to be used when the user authentication is permitted. Receiving processing for receiving the authentication information input to the input means on the side;
An authentication process for permitting authentication of the user when the authentication information received by the reception process is the first image included in the display image transmitted to the authentication information input device by the transmission process; Is executed by the computer.

  ADVANTAGE OF THE INVENTION According to this invention, even when a user's hand and the screen where authentication information was input were seen by the third party at the time of input of authentication information, the analogy of authentication information can be made difficult for the third party. .

2 is a diagram illustrating a configuration example of an authentication information input device 100 according to the present embodiment. FIG. 3 is a diagram illustrating a configuration example of a display image 10. FIG. It is a figure for demonstrating the registration icon which belongs to a registered group, and the unregistered icon which belongs to an unregistered group. It is a figure for demonstrating the example which sets an arrangement position to a background image. It is a figure which shows the example of a registration process operation | movement of the display image and authentication information which are used at the time of user authentication. It is a figure which shows the example of a processing operation at the time of user authentication. It is a figure which shows the other processing operation example at the time of user authentication. It is a figure which shows the system configuration example of an authentication system. It is a figure which shows the example of a processing operation at the time of the user authentication of 2nd Embodiment. It is a figure which shows the example of a registration process operation | movement of the display image and authentication information which are used at the time of the user authentication of 3rd Embodiment. It is a figure which shows the example of a processing operation at the time of the user authentication of 3rd Embodiment.

(Outline of Embodiment of Authentication Information Input Device 100 According to the Present Invention)
First, an outline of an authentication information input device 100 according to the present invention will be described with reference to FIGS. 1 and 2. FIG. 1 shows a configuration example of an embodiment of an authentication information input device 100 according to the present invention, and FIG. 2 shows a configuration example of a display image 10.

  The authentication information input device 100 according to the present invention includes at least two or more conditions that can be identified by the user based on the user's own memory (for example, the image displayed on the display image 10 belongs to a predetermined group At least one of the image, the image displayed on the display image 10 being positioned at a predetermined arrangement position of the display image 10, and the image displayed on the display image 10 having a predetermined color). A display image storage unit that stores a plurality of display images 10 that include at least a first image MP that satisfies a condition and does not satisfy at least one condition, and a second image DP that does not satisfy all the conditions The display input unit 110 that displays the display image 10 selected from 133 and the user authentication of at least one image selected by the user operation from the display images 10 displayed on the display input unit 110 are permitted. When A display input unit 110 that is input as authentication information to be used, and when the first image MP included in the display image 10 displayed on the display input unit 110 is selected by a user operation, the user authentication is performed. It is allowed. The first image MP means an erroneous pattern MP in the present embodiment, and the second image DP means a dummy pattern DP in the present embodiment.

  In the authentication information input device 100 according to the present invention, when the image selected by the user operation is the first image MP, the user authentication is permitted, and the first image MP permitting the user authentication is the user himself / herself. At least two or more conditions that can be identified by the user based on the storage (for example, the condition is that the image displayed on the display image 10 belongs to a predetermined group, and the image displayed on the display image 10 Is located at a predetermined arrangement position of the display image 10 and the image displayed on the display image 10 is of a predetermined color), which is a first image MP because it contains conflicting conditions. The analogy of authentication information can be made difficult for a third party.

  When the authentication information input device 100 according to the present invention is a touch panel type portable terminal, it is also conceivable to input the authentication information in a train or a crowd. In this case, when the user is inputting authentication information, the user's hand, a screen on which the authentication information is input, or the like may be seen by a third party from a close range. In addition, it is considered that beginners, elderly people, and the like are very slow in inputting authentication information. In this case, there is a possibility that a screen on which the user's hand movement or authentication information is input is easily seen by a third party and stored.

  However, in the authentication information input device 100 according to the present invention, the first image MP as the authentication information includes conflicting conditions among at least two conditions that can be identified by the user based on the user's own memory. Therefore, it is possible to make the analogy of authentication information difficult for a third party. Hereinafter, embodiments of an authentication information input device 100 according to the present invention will be described in detail with reference to the accompanying drawings.

(First embodiment)
<Configuration example of authentication information input device 100>
First, a configuration example of the authentication information input device 100 of the present embodiment will be described with reference to FIG.

  The authentication information input device 100 of this embodiment includes a display input unit 110, a control unit 120, and a storage unit 130.

  The display input unit 110 is configured with a touch panel or the like, and displays and inputs information. The display input unit 110 of the present embodiment displays the display image 10 shown in FIGS. 2A and 2B that includes the error pattern MP and the dummy pattern DP. Then, when an image pattern is selected by a user operation for the displayed display image 10, information on the selected image pattern is transmitted to the control unit 120 as authentication information.

  The error pattern MP included in the display image 10 is an image pattern necessary as authentication information at the time of user authentication. For this reason, when the wrong pattern MP is selected by a user operation, the user authentication is authentication OK. The dummy pattern DP is an image pattern that is not necessary as authentication information at the time of user authentication. For this reason, when the dummy pattern DP is selected by a user operation, user authentication is authentication NG.

  The control unit 120 performs display control of the display image 10 displayed on the display input unit 110. Further, authentication control of authentication information input by a user operation from the display input unit 110 is performed. The control unit 120 according to this embodiment includes a registration group setting unit 121, an arrangement position setting unit 122, a display image generation unit 123, and an authentication unit 124.

  The registered group setting unit 121 sets a registered icon belonging to the registered group and an unregistered icon belonging to the unregistered group based on the plurality of icons stored in the icon storage unit 132. For example, as shown in FIG. 3, five icons not having a collar are set as registered icons belonging to a registered group. Also, the six icons with collars are set as unregistered icons belonging to the unregistered group.

  Based on the background image stored in the background image storage unit 131, the arrangement position setting unit 122 determines an arrangement position where the registration icon set by the registration group setting unit 121 is arranged and an unarranged position where no registration icon is arranged. Set. For example, as shown in FIG. 4, two pieces of position information A and B at the root of a tree that overlaps a ridge line of a mountain are set as arrangement positions at which registered icons are arranged. Further, other position information is set as an unplaced position where no registered icon is placed.

  The display image generation unit 123 generates the display image 10 shown in FIGS. 2A and 2B displayed on the display input unit 110. The display image 10 includes a registration icon set by the registration group setting unit 121, an unregistered icon, an arrangement position set by the arrangement position setting unit 122, and an unplaced position, and a display image including an error pattern MP and a dummy pattern DP. Generates 10.

  The display image 10 shown in FIG. 2A has an error pattern MP in which an unregistered icon is arranged at the arrangement position. Note that an image pattern in which a registered icon is arranged at an arrangement position and an image pattern in which an unregistered icon is arranged at an unarranged position are dummy patterns DP.

  In the display image 10 shown in FIG. 2A, an image pattern that satisfies one of the two conditions (registered icon and arrangement position) (the arrangement position) and does not satisfy the other condition (registered icon) is incorrect. The pattern is MP. Further, an image pattern that satisfies the two conditions and an image pattern that does not satisfy the two conditions are used as the dummy pattern DP.

  In the display image 10 shown in FIG. 2A, the user authentication is OK by selecting a wrong pattern MP that satisfies one condition (arrangement position) and does not satisfy the other condition (registered icon) by a user operation. Become.

  The display image 10 shown in FIG. 2B has an error pattern MP in which registered icons are arranged at unplaced positions. Note that an image pattern in which a registered icon is arranged at an arrangement position and an image pattern in which an unregistered icon is arranged at an unarranged position are dummy patterns DP.

  In the display image 10 shown in FIG. 2B, an image pattern that satisfies one of the two conditions (registered icon and arrangement position) (registered icon) and does not satisfy the other condition (arrangement position) is incorrect. The pattern is MP. Further, an image pattern that satisfies the two conditions and an image pattern that does not satisfy the two conditions are used as the dummy pattern DP.

  In the display image 10 shown in FIG. 2B, the user authentication is OK by selecting a wrong pattern MP that satisfies one condition (registration icon) and does not satisfy the other condition (arrangement position) by a user operation. Become.

  As shown in FIG. 2, the display image 10 can be configured such that no registered icon or unregistered icon is arranged at the arrangement position, or all the registered icons are not arranged on the display image 10. It is.

  If the registered icons set by the registered group setting unit 121 are set using specific conditions (a background image or a condition that does not exist in an unregistered group) regarding a plurality of icons, the user himself / herself stores all the registered icons. Even if it does not, since a registration icon can be identified, a user's memory burden can be reduced.

  In the case of the display image 10 shown in FIG. 2, the registered icon can be identified only by whether or not a collar exists in the icon. The third party can identify whether a registered icon belonging to a registered group is identified by a collar, by a type such as a dog, cat, or bird, or by whether the icon character is facing left or right. It is not known whether it is identified by the color of the icon, or by the number of characters in the icon.

  The same applies to the arrangement position, and if the arrangement position is set using specific conditions, the arrangement position can be identified without the user having to memorize all the arrangement positions, thereby reducing the burden on the user's memory. be able to.

  In the case of the display image 10 shown in FIG. 2, the arrangement position can be identified only by the condition “the root of the tree overlapping the ridge line of the mountain”. The third party does not know whether the location is the root of the tree that overlaps the ridgeline of the mountain, the mountain on the left side, the lower half of the display image, or a place where nothing is drawn.

  From a third party, it is difficult to specify the wrong pattern MP because the information regarding the arrangement position and the registered icon as in the case of a regular user is not grasped.

  For example, assume that there are 10 placement positions, 30 unplaced positions, 10 types of registered icons belonging to the registered group, and 30 kinds of unregistered icons belonging to the unregistered group.

  In this case, 300 types of error patterns MP (image pattern 1) in which unregistered icons are arranged at the arrangement positions can be generated in combinations of 10 × 30 types.

  Similarly, 300 types of mistake patterns MP (image pattern 2) in which registered icons are arranged at unplaced positions can be generated in combinations of 30 × 10 types.

  For this reason, there are 600 types of error patterns MP in total. That is, the correct answer rate in a random attack is 1/600.

  Even if a legitimate user's input operation is learned over the shoulder, the meaning of the input operation is not understood. That is, it is not known whether the position selected by the user operation is a registered position (image pattern 1) or an unregistered position (image pattern 2). Further, it is not known whether the icon selected by the user operation is a registered icon (image pattern 2) belonging to the registered group or an unregistered icon (image pattern 1) belonging to the unregistered group.

  This is an effect that occurs because the wrong pattern MP selected by the user operation includes conflicting conditions among the conditions (registered icons and arrangement positions) preset by the user.

  In addition, regarding an image pattern not selected by a user operation, it is impossible to identify whether the image pattern is a background image or an icon with a single sneak peek. Of course, the registration icons belonging to the registration position and the registration group cannot be discriminated.

  In addition, even if a few sneak peeks are made, the display image 10 is changed every time, and the image pattern (error pattern MP, dummy pattern DP) included in the display image 10 is changed. It is difficult to make an analogy such as “It is a registered icon belonging to the registered group”. Moreover, in order to make an analogy as described above, it is necessary to perform a sneak peek of a very large number of times. Therefore, it is possible to make it difficult for a third party to analogize authentication information (error pattern MP) used during user authentication.

  When the authentication unit 124 receives an image pattern selected by a user operation from the display image 10 shown in FIG. 2 displayed on the display input unit 110 as authentication information from the display input unit 110, the received authentication information And the authentication information corresponding to the display image 10 displayed on the display input unit 110 are compared, and it is determined whether or not both authentication information matches.

  The storage unit 130 stores various types of information used at the time of user authentication, and includes a background image storage unit 131, an icon storage unit 132, a display image storage unit 133, and an authentication information storage unit 134. Configure.

  The background image storage unit 131 stores a background image. The background image is an image serving as a background such as wallpaper displayed on a display or the like.

  The icon storage unit 132 stores icons. The icon is an image such as a pattern or a symbol displayed on the background image.

  The display image storage unit 133 stores the display image 10 generated by the display image generation unit 123.

  The authentication information storage unit 134 stores authentication information used during user authentication. The authentication information storage unit 134 of the present embodiment stores information on the error pattern MP included in the display image 10 as authentication information. The authentication information is stored in association with the display image 10. For example, when the display image 10 stored in the display image storage unit 133 is stored in association with the display image ID, the authentication information storage unit 134 stores the authentication information and the display image ID in association with each other. .

<Example of processing operation in authentication information input device 100>
Next, an example of the processing operation of the authentication information input device 100 of this embodiment will be described with reference to FIGS. FIG. 5 shows an example of the registration processing operation of the display image 10 and authentication information used during user authentication. FIG. 6 shows an example of processing operation during user authentication.

<Example of registration processing operation of display image and authentication information used for user authentication>
First, an example of registration processing operation of the display image 10 and authentication information used at the time of user authentication will be described with reference to FIG.

  First, the registered group setting unit 121 sets a registered icon belonging to the registered group and an unregistered icon belonging to the unregistered group (step S1).

  Specifically, the registration group setting unit 121 reads a plurality of icons from the icon storage unit 132 and sets the read plurality of icons as registered icons belonging to the registration group, or sets them to an unregistered group that does not belong to the registration group. Set to the unregistered icon to which it belongs.

  Whether to set a registered icon or an unregistered icon is set by a user operation. Therefore, the registration group setting unit 121 displays a plurality of icons read from the icon storage unit 132 on the display input unit 110, and selects a registration icon from the plurality of icons displayed on the display input unit 110 by a user operation. Like that. The registration group setting unit 121 sets an icon selected by a user operation as a registration icon belonging to the registration group. Further, an icon not selected by the user operation is set as an unregistered icon belonging to the unregistered group. However, it is also possible to select and set an unregistered icon belonging to an unregistered group by a user operation.

  Thereby, the registered group setting unit 121 can set a registered icon belonging to the registered group and an unregistered icon belonging to the unregistered group. In this case, one icon does not belong to both the registered group and the unregistered group, and belongs to one group.

  The registration group setting unit 121 sets an icon that satisfies a predetermined condition among the plurality of icons based on the plurality of icons read from the icon storage unit 132 as a registered icon, and does not satisfy the predetermined condition. Can be set as an unregistered icon. For example, when the icon is a character, as shown in FIG. 3, the icon of the character that does not have a collar is set as a registered icon that belongs to the registered group, and the icon of the character that has the collar belongs to the unregistered group. It can also be set as an unregistered icon.

  Next, the arrangement position setting unit 122 sets an arrangement position where the registration icon is arranged on the background image and an unarranged position where the registration icon is not arranged (step S2).

  Specifically, the arrangement position setting unit 122 reads a background image from the background image storage unit 131, and sets an arrangement position for arranging a registered icon on the read background image by a user operation. For this reason, the arrangement position setting unit 122 displays the background image read from the background image storage unit 131 on the display input unit 110, and determines the arrangement position for arranging the registered icon on the background image displayed on the display input unit 110 by the user operation. To select. The arrangement position setting unit 122 sets the position information of the background image selected by the user operation as the arrangement position for arranging the registered icon. Further, the position information of the background image that has not been selected by the user operation is set as an unplaced position where no registered icon is placed. Thereby, it is possible to set an arrangement position where the registration icon is arranged on the background image and an unarranged position where the registration icon is not arranged. However, it is also possible to select and set a non-placement position where no registration icon is placed by a user operation.

  The arrangement position setting unit 122 sets, based on the background image read from the background image storage unit 131, position information that satisfies a predetermined condition in the background image as an arrangement position for arranging the registered icon. It is also possible to set position information that does not satisfy the above condition as an unplaced position where no registered icon is placed. For example, as shown in FIG. 4, when the background image is composed of images such as mountains and trees, the position information A and B of the roots of the trees that overlap the ridgelines of the mountains are set as the arrangement positions for arranging the registered icons. The other position information can also be set as an unplaced position where no registered icon is placed.

  Next, the display image generation unit 123 uses the registered icon set by the registration group setting unit 121, the unregistered icon, the placement position set by the placement position setting unit 122, and the unplaced position, based on the error pattern MP and the dummy pattern DP. Is generated (step S3).

The error pattern MP is an image that satisfies one of the two conditions (registration icon, arrangement position) set by the registration group setting unit 121 and the arrangement position setting unit 122 by a user operation and does not satisfy the other condition. Let the pattern be the wrong pattern MP.
For example, an image pattern in which an unregistered icon is arranged at an arrangement position and an image pattern in which a registered icon is arranged at an unarranged position can be mentioned.

As the dummy pattern DP, an image pattern that does not satisfy any of the two conditions (registered icon, arrangement position) set by the registration group setting unit 121 and the arrangement position setting unit 122 by the user operation is set as the dummy pattern DP.
For example, an image pattern in which an unregistered icon is arranged at an unarranged position can be mentioned.
An image pattern that satisfies both of the two conditions (registered icon and arrangement position) is defined as a dummy pattern DP.
For example, an image pattern in which a registered icon is arranged at the arrangement position can be given.

  The display image generation unit 123 generates a plurality of display images 10 including the above-described error pattern MP and dummy pattern DP, and stores the generated display image 10 in the display image storage unit 133 (step S4). Further, the display image generation unit 123 stores the information of the error pattern MP included in the display image 10 in the authentication information storage unit 124 as authentication information (step S5). In this case, the authentication information is stored in association with the display image 10. For example, it is stored in association with a display image ID for specifying a display image.

  Accordingly, the authentication information input device 100 can generate the display image 10 and authentication information used at the time of user authentication and store them in the display image storage unit 133 and the authentication information storage unit 134.

<Example of processing operation during user authentication>
Next, an example of processing operation during user authentication will be described with reference to FIG.

  First, the authentication unit 124 selects one display image 10 from the plurality of display images 10 stored in the display image storage unit 133 (step A1), and displays the selected display image 10 on the display input unit 110 ( Step A2).

  When the display image 10 is displayed on the display input unit 110, the authentication unit 124 starts accepting input of authentication information (step A3). Further, the authentication unit 124 monitors the authentication information input from the display input unit 110 and determines whether or not to start authentication (step A4).

  The user selects an error pattern MP from the display image 10 displayed on the display input unit 110 based on the user's own memory. Information on the error pattern MP selected by the user operation is input to the display input unit 110 as authentication information used when the user authentication is permitted.

  The authentication unit 122 determines to start authentication when an authentication start button (not shown) separately installed on the authentication information input device 100 is pressed (step A4 / Yes). When the number of wrong patterns MP to be selected is indefinite, it is necessary to do the above, but when the number of wrong patterns MP to be input in advance is determined, a predetermined number of wrong patterns MP are selected. Authentication may be started when input.

  When starting authentication (step A4 / Yes), the authentication unit 124 acquires authentication information corresponding to the display image 10 displayed on the display input unit 110 from the authentication information storage unit 134 (step A5). Next, the authentication unit 124 collates the authentication information received from the display input unit 110 with the authentication information corresponding to the display image 10 acquired from the authentication information storage unit 134 (step A6).

  The authentication unit 124, when both authentication information matches (that is, the authentication information received from the display input unit 110 is information on the error pattern MP included in the display image 10 displayed on the display input unit 110) If (step A7 / Yes), it is determined that the authentication is OK (step A8), and the process is terminated (End). As a result, if it is determined that the authentication is OK, the process starts from step A1 described above. Therefore, at the next user authentication, a new display image 10 is selected from the display image storage unit 133, and the selected new display is displayed. The image 10 is displayed on the display input unit 110. For this reason, even if a third party steals the authentication information during the authentication OK input operation, a new display image 10 is displayed at the next user authentication, so the analogy of the authentication information It can be made difficult for the three parties.

  Further, when the authentication information of both does not match (that is, when the authentication information received from the display input unit 110 is not the information of the error pattern MP included in the display image 10 displayed on the display input unit 110) ( Step A7 / No), it is determined as authentication NG (Step A9). In this case, the same display image 10 is displayed again on the display input unit 110 (step A2). This prevents an attack that repeats authentication NG until the same display image 10 is displayed even if a third party steals the authentication information at the time of authentication authentication input operation. be able to. Even when it is determined as authentication NG, it is also possible to read a new display image 10 from the display image storage unit 133 and display the read display image 10 on the display input unit 110. This is because the wrong pattern MP selected by the user operation includes conflicting conditions among the conditions (registered icons and arrangement positions) preset by the user.

<Operation / Effect of Authentication Information Input Device 100 of this Embodiment>
As described above, the authentication information input device 100 according to the present embodiment satisfies at least one condition among at least two conditions (registered icon, arrangement position) that the user can identify based on the user's own memory, Generating a plurality of display images 10 including an erroneous pattern MP not satisfying at least one condition and a dummy pattern DP not satisfying all conditions or satisfying all conditions The displayed image 10 is stored in the display image storage unit 133. Then, one display image 10 is selected from the display image storage unit 133, and the selected display image 10 is displayed on the display input unit 110.

  Next, an image pattern selected by a user operation from the display images 10 displayed on the display input unit 110 is input to the display input unit 110 as authentication information used when user authentication is permitted. When authentication information is input from the display input unit 110, the input authentication information is compared with authentication information corresponding to the display image 10 displayed on the display input unit 110. If both authentication information matches (that is, if the authentication information input from the display input unit 110 is information on the error pattern MP corresponding to the display image 10 displayed on the display input unit 110), the authentication is OK. Is determined. Further, when the authentication information of both does not match (that is, when the authentication information input from the display input unit 110 is not information of the error pattern MP corresponding to the display image 10 displayed on the display input unit 110), authentication is performed. Judge as NG.

  In the authentication information input device 100 of the present embodiment, the error pattern MP selected by the user operation includes conflicting conditions among the conditions (registered icon, arrangement position) preset by the user, so that the error pattern MP It is possible to make it difficult for a third party to analogize authentication information.

  In the embodiment described above, the plurality of display images 10 generated by the display image generation unit 123 are stored in the display image storage unit 133 (step S5 in FIG. 5), and the display images 10 stored in the display image storage unit 133 are stored. Is displayed on the display input unit 110 (steps A1 and A2 in FIG. 6).

  However, as shown in FIG. 7, it is also possible to display the display image 10 generated by the display image generation unit 123 on the display input unit 110 (step A10). In this case, the authentication unit 124 acquires authentication information (information on the error pattern MP) corresponding to the display image 10 displayed on the display input unit 110 from the display image generation unit 123 (step A11), and the display input unit 110 Thus, the authentication information that has been input from the authentication information and the authentication information corresponding to the display image 10 acquired from the display image generation unit 123 are collated (step A6). Similarly to the processing operation shown in FIG. 6, the processing operation shown in FIG. 7 includes a contradictory condition among the conditions (registered icon, arrangement position) preset by the user by the error pattern MP selected by the user operation. Therefore, it is possible to make it difficult for a third party to guess the authentication information that is the error pattern MP.

(Second Embodiment)
Next, a second embodiment will be described.

  In the first embodiment, the case where user authentication is performed by the authentication information input apparatus 100 shown in FIG. 1 has been described.

  In the second embodiment, a case where user authentication is performed by the authentication information input device 100 and the server device 200 illustrated in FIG. 8 will be described. In the case of the second embodiment, the generation processing of the display image 10 and the authentication processing are performed on the server device 200 side. Hereinafter, the second embodiment will be described with reference to FIGS. 8 and 9. FIG. 8 shows a system configuration example of the present embodiment, and FIG. 9 shows a processing operation example of the present embodiment.

<System configuration example of authentication system>
First, a system configuration example of the authentication system of this embodiment will be described with reference to FIG.

  The authentication system of the present embodiment is configured by connecting an authentication information input device 100 and a server device 200 via a network NW. The network NW can be applied to any communication form regardless of wired or wireless, and the authentication information input apparatus 100 and the server apparatus 200 are connected in any connection form to perform two-way information communication.

  The authentication information input device 100 according to the present embodiment includes a display input unit 110, a control unit 120, and a communication unit 140. The display input unit 110 has the same function as in the first embodiment. The control unit 120 performs display control of the display image 10 displayed on the display input unit 110. The communication unit 140 communicates with the server device 200 in an arbitrary communication form.

  The server device 200 according to the present embodiment includes a control unit 220, a storage unit 230, and a communication unit 240.

  The control unit 220 according to this embodiment includes a registration group setting unit 221, an arrangement position setting unit 222, a display image generation unit 223, and an authentication unit 224. The functions of the registration group setting unit 221, the arrangement position setting unit 222, the display image generation unit 223, and the authentication unit 224 have the same functions as those in the first embodiment. The communication unit 240 communicates with the authentication information input device 100 in an arbitrary communication form. The background image storage unit 231, the icon storage unit 232, the display image storage unit 233, and the authentication information storage unit 234 of the storage unit 230 are the same as those in the first embodiment.

  The server device 200 transmits the display image 10 generated by the display image generation unit 223 to the authentication information input device 100 via the communication unit 240. The authentication information input device 100 displays the display image 10 received via the communication unit 140 on the display input unit 110. In addition, the authentication information input by the user operation from the display input unit 110 is transmitted to the server device 200 via the communication unit 140. The server device 200 uses the authentication information received via the communication unit 240 to perform verification using the authentication unit 224.

<Example of processing operation during user authentication>
Next, an example of processing operation during user authentication will be described with reference to FIG.

  As in the first embodiment, the authentication unit 224 of the server device 200 selects one display image 10 from the plurality of display images 10 stored in the display image storage unit 233, and selects the selected display image 10 as It transmits to the authentication information input device 100 via the communication unit 240 (steps B1 and B2).

  The authentication information input device 100 receives the display image 10 via the communication unit 140, and displays the received display image 10 on the display input unit 110. Also, the authentication information input acceptance is started (step B3). Thereby, the authentication information input device 100 can display the display image 10 including the error pattern MP and the dummy pattern DP on the display input unit 110.

  The user selects an error pattern MP from the display image 10 displayed on the display input unit 110 based on the user's own memory. Information on the error pattern MP selected by the user operation is input to the display input unit 110 as authentication information used when the user authentication is permitted.

  The display input unit 110 determines to start authentication when an authentication start button (not shown) separately installed in the authentication information input device 100 is pressed (step B4 / Yes). When the number of wrong patterns MP to be selected is indefinite, it is necessary to do the above, but when the number of wrong patterns MP to be input in advance is determined, a predetermined number of wrong patterns MP are selected. Authentication may be started when input.

  When starting the authentication (Step B4 / Yes), the display input unit 110 transmits the authentication information input from the display input unit 110 to the server device 200 via the communication unit 140 (Step B5).

  When the server device 200 receives the authentication information via the communication unit 240, the authentication unit 224 displays the authentication information corresponding to the display image 10 displayed on the display input unit 110 on the authentication information input device 100 side as the authentication information. Obtained from the storage unit 234 (step B6). Next, the authentication unit 224 collates the authentication information received from the authentication information input device 100 with the authentication information corresponding to the display image 10 acquired from the authentication information storage unit 234 (step A7).

  The authentication unit 222 determines that the authentication information received from the authentication information input device 100 is included in the display image 10 displayed on the display input unit 110 on the authentication information input device 100 side when both authentication information matches (that is, If the pattern MP information), it is determined that the authentication is OK. Further, when the authentication information of both does not match (that is, the authentication information received from the authentication information input device 100 is the error pattern MP included in the display image 10 displayed on the display input unit 110 on the authentication information input device 100 side). If it is not information), it is determined as authentication NG. The authentication unit 222 transmits the verification result described above to the authentication information input device 100 via the communication unit 240 (step B8).

<Operation and effect of authentication system of this embodiment>
As described above, the server device 200 configuring the authentication system of the present embodiment displays the display image 10 generated on the server device 200 side on the display input unit 110 on the authentication information input device 100 side. The authentication information input device 100 transmits at least one image pattern selected by a user operation from the display images 10 displayed on the display input unit 110 to the server device 200 as authentication information. The server device 200 performs user authentication based on the authentication information received from the authentication information input device 100.

  As a result, the authentication system of the present embodiment can obtain the same effects as those of the first embodiment, and further improve security compared to performing user authentication by the authentication information input device 100 alone as in the first embodiment. Can be made.

  Further, the display image 10 is generated on the server device 200 side, and the generated display image 10 is displayed on the display input unit 110 on the authentication information input device 100 side. Then, the server apparatus 200 receives the image pattern selected by the user operation from the display images 10 displayed on the display input unit 110 as authentication information, and performs user authentication based on the received authentication information. For this reason, since authentication such as challenge and response can be performed, spoofing of the terminal itself (including spoofing of a program on the terminal) can be prevented.

(Third embodiment)
Next, a third embodiment will be described.

  In the third embodiment, as shown in FIG. 10, a plurality of display images 10 are generated and stored in the display image storage unit 133 (step S4), and authentication information (error pattern) corresponding to each display image 10 is displayed. MP information) is hashed with a hash function (one-way function) to calculate a hash value (step S10), and the calculated hash value is stored in the authentication information storage unit 134 for each display image 10 (step S11). .

  The authentication information storage unit 134 stores hashed authentication information (hash value). Therefore, even when information in the authentication information storage unit 134 is analyzed, it is possible to prevent confidential information from being extracted from the authentication information storage unit 134.

  When authentication is started in the present embodiment, as shown in FIG. 11, one display image 10 is selected from a plurality of display images 10 stored in advance in the display image storage unit 133 (step A21). The selected display image 10 is displayed on the display input unit 110 (step A22).

  At the time of collation (step A24 / Yes), the authentication unit 124 refers to the authentication information storage unit 134 and acquires a hash value corresponding to the display image 10 (step A25). Further, the authentication information input from the display input unit 110 is hashed with a hash function (one-way function) to calculate a hash value. Then, the hash value obtained from the authentication information is compared with the hash value corresponding to the display image 10 acquired from the authentication information storage unit 134 (step A26).

  If both hash values match (step A27 / Yes), it is determined that the authentication is OK (step A28). If both hash values do not match (step A27 / No), it is determined as authentication NG (step A29).

<Operation / Effect of Authentication Information Input Device 100 of this Embodiment>
As described above, the authentication information input apparatus 100 according to the present embodiment stores the hash value calculated by hashing the authentication information corresponding to the display image 10 in the authentication information storage unit 134 for each display image 10 in advance. Accordingly, even if a third party who obtains the authentication information input device 100 analyzes the information in the authentication information storage unit 134, it is possible to prevent the identification of authentication information for which authentication is OK. As a result, security can be further improved.

  The above-described embodiment is a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above-described embodiment alone, and various modifications are made without departing from the gist of the present invention. Implementation is possible.

  For example, in each of the above-described embodiments, the error pattern MP satisfies one of the two conditions (registered icon and arrangement position) set by the registration group setting unit 121 and the arrangement position setting unit 122 by a user operation. An image pattern that does not satisfy the other condition is defined as a wrong pattern MP. For example, an image pattern in which an unregistered icon is arranged at an arrangement position and an image pattern in which a registered icon is arranged at an unpositioned position are used as an error pattern MP. The dummy pattern DP is an image pattern that does not satisfy any of the two conditions (registered icon, arrangement position) set by the registration group setting unit 121 and the arrangement position setting unit 122 by a user operation, and two conditions ( A dummy pattern DP is an image pattern that satisfies any of the conditions of registration icon and arrangement position). For example, an image pattern in which an unregistered icon is arranged at an unplaced position or an image pattern in which a registered icon is placed at an arranged position is used as the dummy pattern DP.

  However, in the present invention, the above condition (registered icon, arrangement position) is an example, and satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory. It is also possible to generate the display image 10 using an image pattern that does not satisfy at least one condition as the error pattern MP and an image pattern that does not satisfy all the conditions as a dummy pattern DP. In this case, the dummy pattern DP can also include an image pattern that satisfies all the conditions.

  The condition is that the image pattern has a predetermined color in addition to the registration icon (image pattern belonging to a predetermined group) and the arrangement position (image pattern located at a predetermined arrangement position of the display image) described in the above embodiment. Can also be used as a condition.

  For example, when a registered icon and color are set as two conditions, an image pattern that satisfies one of the two conditions (registered icon and color) and does not satisfy the other is defined as an error pattern MP. An image pattern that does not satisfy the above condition or an image pattern that satisfies all the conditions is defined as a dummy pattern DP. In this case, among the image patterns included in the display image 10, an image pattern that is a registered icon but whose registered icon color does not satisfy the condition color is an erroneous pattern MP. An image pattern which is an unregistered icon but the color of the unregistered icon satisfies the condition color is an incorrect pattern MP. An image pattern which is an unregistered icon and the color of the unregistered icon does not satisfy the condition color is a dummy pattern DP. An image pattern that is a registered icon and for which the color of the registered icon satisfies the condition color is a dummy pattern DP. Thus, it is also possible to use color as a condition.

  That is, the technical idea of the present invention satisfies at least one condition among at least two conditions (registered icon, arrangement position, color) that can be identified by the user based on the user's own memory. An image pattern that does not satisfy one of the conditions is defined as an error pattern MP, and an image pattern that does not satisfy all the conditions or an image pattern that satisfies all the conditions is generated as a dummy pattern DP to generate the display image 10. Is also possible. In this case, information on the error pattern MP is stored in the authentication information storage unit 134 as authentication information.

  In the above-described embodiment, the display input unit 110 that combines the function of displaying the display image 10 and the function of inputting authentication information has been described as an example. However, a function for displaying the display image 10 (display unit) and a function for inputting authentication information (input unit) may be provided separately.

  Further, the control operation in the authentication information input device 100 and the server device 200 of the present embodiment described above can be executed using hardware, software, or a combined configuration of both.

  In the case of executing processing using software, it is possible to install and execute a program in which a processing sequence is recorded in a memory in a computer incorporated in dedicated hardware. Alternatively, the program can be installed and executed on a general-purpose computer capable of executing various processes.

  For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a recording medium. Alternatively, the program can be stored (recorded) temporarily or permanently in a removable recording medium. Such a removable recording medium can be provided as so-called package software. Examples of the removable recording medium include a floppy (registered trademark) disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, and a semiconductor memory.

  The program is installed in the computer from the removable recording medium as described above. In addition, it is wirelessly transferred from the download site to the computer. In addition, it is transferred to the computer via a network by wire.

  Further, the authentication information input device 100 and the server device 200 in the present embodiment are not only executed in time series according to the processing operation described in the above embodiment, but also the processing capability of the device that executes the processing, or necessary. It is also possible to construct to execute in parallel or individually.

100 Authentication Information Input Device 110 Display Input Unit (Display Unit, Input Unit)
DESCRIPTION OF SYMBOLS 120 Control part 121 Registration group setting part 122 Arrangement position setting part 123 Display image generation part 124 Authentication part (authentication means)
130 Storage Unit 131 Background Image Storage Unit 132 Icon Storage Unit 133 Display Image Storage Unit (Storage Unit)
134 Authentication information storage unit (authentication information storage means)
140 Communication unit (transmission means)
200 Server device 220 Control unit 221 Registration group setting unit 222 Arrangement position setting unit 223 Display image generation unit 224 Authentication unit (authentication unit)
230 Storage Unit 231 Background Image Storage Unit 232 Icon Storage Unit 233 Display Image Storage Unit (Storage Unit)
234 Authentication information storage unit (authentication information storage means)
240 Communication unit (transmission means, reception means)
NW network

Claims (9)

A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions Storage means for storing a plurality of display images including at least a second image that has not been performed ;
Display means for displaying the display image selected from the storage means ;
Input means for the information of at least one image selected by a user operation, and inputs the authentication information to be used to allow the authentication of the user from the displayed the display image on the display means,
And authentication means for permitting authentication of the user when the authentication information input by the input means is information on the first image included in the display image displayed on the display means. An authentication information input device. Authentication information storage means for storing the information of the first image included in the display image stored in the storage means in association with the display image as authentication information ;
The authentication means includes
The authentication information input by the input means and the authentication information associated with the display image displayed on the display means stored in the authentication information storage means are collated, and both the authentication information There If they match, allows authentication of the user, authentication information input device according to claim 1, wherein a. The authentication information storage means includes
Storing the authentication information obtained by hashing the authentication information in association with the display image;
The authentication means includes
The authentication information obtained by hashing the authentication information input by the input unit; and the hashed authentication information associated with the display image displayed on the display unit stored in the authentication information storage unit; The authentication information input device according to claim 2, wherein authentication of the user is permitted when the hashed authentication information matches. A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions Display means for displaying the display image selected and transmitted by the server device from storage means for storing a plurality of display images including at least a second image that is not included,
Input means for the information of at least one image selected by a user operation, and inputs the authentication information to be used to allow the authentication of the user from the displayed the display image on the display means,
Transmission means for transmitting the authentication information input by the input means to the server device,
When the information on the first image included in the display image displayed on the display means is transmitted as the authentication information to the server apparatus by the transmitting means, the user authentication is permitted on the server apparatus side. that, the authentication information input device, characterized in that. At least two or more of the conditions are
The first image is an image belonging to a predetermined group;
The first image is located at a predetermined arrangement position of the display image;
The first image is of a predetermined color;
The authentication information input device according to claim 1, wherein the authentication information input device is an authentication information input device. A server device connected to the authentication information input device,
A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions A transmitting unit that transmits the display image selected from the storage unit that stores a plurality of display images including at least a second image that is not included, to the authentication information input device;
The information of at least one image selected by a user operation from among the authentication information input device side of the display means displayed the display image, the authentication information as the authentication information to be used to allow the authentication of the user Receiving means for receiving the authentication information input to the input means on the input device side;
Authentication means for permitting authentication of the user when the authentication information received by the receiving means is information of the first image included in the display image transmitted to the authentication information input device by the transmitting means. When,
The server apparatus characterized by having. An authentication system comprising an authentication information input device and a server device,
The server device
A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions A transmitting unit that transmits the display image selected from the storage unit that stores a plurality of display images including at least a second image that is not included, to the authentication information input device;
The information of at least one image selected by a user operation from among the authentication information input device side of the display means displayed the display image, the authentication information as the authentication information to be used to allow the authentication of the user Receiving means for receiving the authentication information input to the input means on the input device side;
Authentication means for permitting authentication of the user when the authentication information received by the receiving means is information of the first image included in the display image transmitted to the authentication information input device by the transmitting means. And having
The authentication information input device includes:
The display means for displaying the display image received from the server device;
Input means for the information of at least one image selected by a user operation, and inputs the authentication information to be used to allow the authentication of the user from the displayed the display image on the display means,
An authentication system comprising: a transmission unit configured to transmit the authentication information input to the input unit to the server device. A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions A display process for displaying on the display means the display image selected from the storage means for storing a plurality of display images including at least a second image that is not included,
The information of at least one image selected by a user operation from the displayed the display image on the display means, an input process of inputting to the input means as authentication information to be used to allow the authentication of the user,
An authentication process for permitting the authentication of the user when the authentication information input by the input process is information of the first image included in the display image displayed on the display means; A program characterized by being executed. A program to be executed by a computer of a server device connected to an authentication information input device,
A first image that satisfies at least one condition among at least two conditions that can be identified by the user based on the user's own memory, and that satisfies all the conditions A transmission process for transmitting the display image selected from the storage means for storing a plurality of display images including at least a second image that has not been transmitted to the authentication information input device;
The information of at least one image selected by a user operation from among the authentication information input device side of the display means displayed the display image, the authentication information as the authentication information to be used to allow the authentication of the user A receiving process for receiving the authentication information input to the input means on the input device side;
Authentication processing for permitting authentication of the user when the authentication information received by the reception processing is information of the first image included in the display image transmitted to the authentication information input device by the transmission processing And causing the computer to execute the program.

Images