JP5782409B2 - Authentication information input device, server device, authentication system, and program - Google Patents

Description

  The present invention relates to a technique for performing authentication using image data that can be identified by a user based on the user's own memory.

  As a technology for authenticating whether or not the user is a legitimate user, the user side operates a screen such as a touch panel to input authentication information such as a personal identification number, and the input authentication information and authentication information set in advance on the system side, There is a technique for verifying whether the user is a legitimate user by checking. However, in this case, when the user inputs the authentication information by operating the touch panel or the like, the authentication information may be stolen by a third party.

  As a method to prevent authentication information from being seen by a third party, for example, the viewing angle of a touch panel or the like for inputting authentication information is narrowed, or the input authentication information is displayed on the screen with “*” mark or the like. There is a method of displaying only the number of input digits.

  Patent Document 1 (Japanese Patent No. 2985888) discloses a technology of a password input device in which a user inputs a password using a numeric keypad from a terminal such as a financial automatic machine (ATM). In the above Patent Document 1, an input numeric keypad screen and a fake input numeric keypad screen are displayed on the display, and information for instructing the user whether to input a dummy number or a password is presented on the fake input numeric keypad screen. In addition, by inserting a dummy number into the personal identification number, the personal identification number is prevented from being stolen by a third party when the personal identification number is input.

  Patent Document 2 (Japanese Patent Application Laid-Open No. 2005-71202) uses system authentication information by a recording medium incorporated in a system-side electronic device and personal authentication information by a user's personal input operation. A technique for mutually authenticating an individual and a system-side electronic device to be accessed is disclosed. In the above Patent Document 2, two sets of authentication data, that is, personal authentication data indicating personal authentication information and server authentication data indicating system authentication information are registered and set, and server-side authentication using server authentication data; User-side authentication using personal authentication data is performed alternately. In addition, image data is used for personal authentication data and server authentication data.

Japanese Patent No. 2985888 JP-A-2005-71202

  However, the technology disclosed in the above-mentioned Patent Document 1 assumes that a third party is located some distance away, such as a financial automatic machine (ATM). It is not taken into account even if measures are taken when seen. For this reason, for example, not only the movement of the user's hand entering the personal identification number but also the screen on which the personal identification number is entered may be seen due to the shoulder of the user entering the personal identification number or a hidden camera. May be identified as to which input is a dummy number, and the personal identification number may be known to a third party.

  In the above-mentioned Patent Document 2, since server-side authentication using server authentication data and user-side authentication using personal authentication data are alternately performed, all authentication information is instantly known to a third party. It can be prevented to some extent. However, it is not possible to prevent authentication information when watched. In addition, it is necessary to perform the authentication operation with the system-side electronic device a plurality of times, which takes time and effort to complete the authentication operation.

  The present invention has been made in view of the above circumstances, and it is difficult to analogize authentication information even when a third party sees the screen on which the user's hand or authentication information is input when inputting authentication information. An object of the present invention is to provide an authentication information input device, a server device, an authentication system, and a program that can be used.

  In order to achieve this object, the present invention has the following features.

<Authentication information input device>
An authentication information input device according to the present invention includes:
Based on the user's own memory, the user can identify the authentication image group including at least one authentication image data necessary for permitting the authentication of the user, and a clue for determining whether the authentication image data is the authentication image data A display that displays a display pattern that includes at least one or more selected image data from a key image group including at least one key image data and a dummy image group including at least one image data. Means,
Input means for inputting, as authentication information used when permitting authentication of the user, a plurality of pieces of image data sequentially selected by a user operation from image data constituting the display pattern displayed on the display means; Have
The authentication of the user is permitted based on the relative positional relationship in the input order of the key image data belonging to the key image group and the authentication image data belonging to the authentication image group, which are input by the input means. It is characterized by that.

<Server device>
The server device according to the present invention includes:
A server device connected to the authentication information input device,
Based on the user's own memory, the user can identify the authentication image group including at least one authentication image data necessary for permitting the authentication of the user, and a clue for determining whether the authentication image data is the authentication image data The authentication information includes a display pattern that includes at least one image data selected from at least one key image group including at least one key image data and a dummy image group including at least one image data. Transmitting means for transmitting to the input device;
Authentication information used when permitting the user's authentication of a plurality of image data sequentially selected by the user operation from the image data constituting the display pattern displayed on the display means on the authentication information input device side Receiving means for receiving the authentication information input to the input means on the authentication information input device side,
The authentication information received by the receiving unit is configured such that the key image data belonging to the key image group and the authentication image data belonging to the authentication image group have a relative positional relationship in a predetermined input order. An authentication means for authorizing the user, and
It is characterized by having.

<Authentication system>
An authentication system according to the present invention includes:
An authentication system comprising an authentication information input device and a server device,
The server device
Based on the user's own memory, the user can identify the authentication image group including at least one authentication image data necessary for permitting the authentication of the user, and a clue for determining whether the authentication image data is the authentication image data The authentication information includes a display pattern that includes at least one image data selected from at least one key image group including at least one key image data and a dummy image group including at least one image data. Transmitting means for transmitting to the input device;
Authentication information used when permitting the user's authentication of a plurality of image data sequentially selected by the user operation from the image data constituting the display pattern displayed on the display means on the authentication information input device side Receiving means for receiving the authentication information input to the input means on the authentication information input device side,
The authentication information received by the receiving unit is configured such that the key image data belonging to the key image group and the authentication image data belonging to the authentication image group have a relative positional relationship in a predetermined input order. An authentication means for permitting authentication of the user,
The authentication information input device includes:
The display means for displaying the display pattern received from the server device;
Input means for inputting, as authentication information used when permitting authentication of the user, a plurality of pieces of image data sequentially selected by a user operation from image data constituting the display pattern displayed on the display means; ,
Transmitting means for transmitting the authentication information input to the input means to the server device.

<Program>
The program according to the present invention is:
Based on the user's own memory, the user can identify the authentication image group including at least one authentication image data necessary for permitting the authentication of the user, and a clue for determining whether the authentication image data is the authentication image data A display pattern comprising at least one image data selected from at least one key image group including at least one key image data and a dummy image group including at least one image data. Display processing to display,
A plurality of pieces of image data selected in sequence by a user operation from the image data constituting the display pattern displayed on the display unit are input to the input unit as authentication information used when the user authentication is permitted. Input processing is executed by a computer,
The authentication of the user is permitted based on the relative positional relationship in the input order of the key image data belonging to the key image group and the authentication image data belonging to the authentication image group, which are input by the input means. It is characterized by that.

The program according to the present invention is:
A program to be executed by a computer of a server device connected to an authentication information input device,
Based on the user's own memory, the user can identify the authentication image group including at least one authentication image data necessary for permitting the authentication of the user, and a clue for determining whether the authentication image data is the authentication image data The authentication information includes a display pattern that includes at least one image data selected from at least one key image group including at least one key image data and a dummy image group including at least one image data. A transmission process to be transmitted to the input device;
Authentication information used when permitting the user's authentication of a plurality of image data sequentially selected by the user operation from the image data constituting the display pattern displayed on the display means on the authentication information input device side Receiving processing for receiving the authentication information input to the input means on the authentication information input device side,
The authentication information received by the receiving process is configured such that the key image data belonging to the key image group and the authentication image data belonging to the authentication image group have a relative positional relationship in a predetermined input order. An authentication process for permitting authentication of the user,
Is executed by a computer.

  ADVANTAGE OF THE INVENTION According to this invention, even when a user's hand and the screen where authentication information was input were seen by the third party at the time of input of authentication information, the analogy of authentication information can be made difficult.

2 is a diagram illustrating a configuration example of an authentication information input device 100 according to the present embodiment. FIG. 3 is a diagram illustrating a configuration example of a display pattern 10. FIG. 6 is a diagram illustrating an example of a registration process operation of a display pattern 10. It is a 1st figure which shows the example of a processing operation at the time of the user authentication of 1st Embodiment. It is a 1st figure for demonstrating the specific example at the time of user authentication. It is a 2nd figure for demonstrating the specific example at the time of user authentication. It is a 2nd figure which shows the example of a processing operation at the time of the user authentication of 1st Embodiment. It is a figure which shows the example of a processing operation at the time of the user authentication of 2nd Embodiment. It is a figure which shows the system configuration example of an authentication system. It is the 1st figure showing the example of processing operation at the time of user authentication of a 3rd embodiment. It is a 2nd figure which shows the example of a processing operation at the time of the user authentication of 3rd Embodiment.

(Outline of Embodiment of Authentication Information Input Device 100 According to the Present Invention)
First, an outline of an authentication information input device 100 according to the present invention will be described with reference to FIGS. 1 and 2.

  An authentication information input device 100 according to the present invention includes an authentication image group that includes at least one authentication image data that is identifiable by the user based on the user's own memory and that is necessary when the user authentication is permitted, At least one or more pieces of image data selected from at least one key image group including at least one key image data and a dummy image group including at least one image data serving as a clue to determine whether the image data is authentication image data or not. A display unit (corresponding to the display input unit 110) that displays the display pattern 10 that is configured to be included, and a plurality of images that are sequentially selected by user operation from the image data that configures the display pattern 10 displayed on the display unit 110 An input unit (corresponding to the display input unit 110) for inputting data as authentication information used when permitting user authentication. The authentication of the user is permitted based on the relative positional relationship of the input order of the key image data belonging to the key image group and the authentication image data belonging to the authentication image group input in step S2.

  The authentication information input device 100 according to the present invention is input from the relative positional relationship of the input order of the key image data belonging to the key image group and the authentication image data belonging to the authentication image group input by the input unit 110, Since user authentication is permitted, it is possible to make analogy of authentication information difficult even when a third party sees the user's hand and the screen on which the authentication information is input when the authentication information is input.

  Further, a plurality of pieces of image data sequentially selected by the user operation from the image data constituting the display pattern 10 displayed on the display unit 110 are input to the input unit 110 as authentication information used when permitting user authentication. Based on the authentication information input to the input unit 110, the key image data belonging to the key image group and the authentication image data belonging to the authentication image group are input from the relative positional relationship in the input order. Since it is determined whether or not the authentication is permitted, the authentication can be performed efficiently. Further, the user can store the image data belonging to the key image group and the authentication image group stored by the user in a relative positional relationship in a predetermined input order, for example, in the order of key image data and authentication image data. Note that it is necessary to input continuously, otherwise, it is only necessary to input dummy image data, so that the user can perform authentication with a simple operation.

  Further, the authentication information input device 100 according to the present invention, when the user authentication is permitted, the key image data and the authentication image data different from the display pattern 10 displayed on the display unit 110 at the next user authentication. Because the display pattern 10 including the combination of and is displayed, even if a third party sees the screen on which the user's hand or authentication information was entered when entering the authentication information, the same input as the previous time may be made In addition, the analogy of authentication information can be made difficult.

  When the authentication information input device 100 according to the present invention is a touch panel type portable terminal, it is also conceivable to input the authentication information in a train or a crowd. In this case, when the user is inputting authentication information, the user's hand, a screen on which the authentication information is input, or the like may be seen by a third party from a close range. In addition, it is considered that beginners, elderly people, and the like are very slow in inputting authentication information. In this case, there is a possibility that a screen on which the user's hand movement or authentication information is input is easily seen by a third party and stored. However, when the user authentication is permitted, the authentication information input device 100 according to the present invention displays the display pattern 10 in which the combination of the key image data and the authentication image data is different at the next user authentication. Even if a third party sees the screen on which the user's hand or authentication information is input, the same input as the previous time cannot be made, and the analogy of the authentication information can be made difficult. However, since the user can identify the image data belonging to the key image group and the authentication image group based on the user's own storage, the image data belonging to the key image group and the authentication image group can be input in a predetermined input order. Can be input to the input unit 110 in the relative positional relationship, and user authentication can be performed. Hereinafter, embodiments of an authentication information input device 100 according to the present invention will be described in detail with reference to the accompanying drawings.

(First embodiment)
<Configuration example of authentication information input device 100>
First, a configuration example of the authentication information input device 100 of the present embodiment will be described with reference to FIG.

  The authentication information input device 100 of this embodiment includes a display input unit 110, a control unit 120, and a storage unit 130.

  The display input unit 110 is configured with a touch panel or the like, and displays and inputs information. The display input unit 110 according to the present embodiment displays the display pattern 10 shown in FIG. 2 composed of a plurality of image data. Then, when a user operation is performed on the image data constituting the displayed display pattern 10, the position of the image data where the user operation is performed is detected, and the display is performed based on the detected position information. It is determined which image data is selected by the user operation from the image data constituting the pattern 10.

  The display pattern 10 shown in FIG. 2 includes image data (key image data) (one) associated with the key image group, image data (authentication image data) (one) associated with the authentication image group, Image data (dummy image data) (14 pieces), and a total of 16 pieces of image data.

  In this embodiment, the authentication information used when permitting user authentication is composed of six pieces of image data, image data belonging to the key image group (key image data), and image data belonging to the authentication image group (authentication). Is set in the authentication information input device 100 on condition that the user authentication is permitted. Therefore, based on the user's own memory, the user can select image data (key image data) belonging to the key image group from among the 16 pieces of image data constituting the display pattern 10 shown in FIG. A total of six pieces of image data so that the image data (authentication image data) belonging to the image data are sequentially input in a predetermined relative order in the order of input, for example, in the order of key image data and authentication image data. The selected six pieces of image data are input to the display input unit 110 as authentication information. As a result, user authentication is permitted.

  The authentication information input device 100 according to the present embodiment displays the display pattern displayed on the display input unit 110 at the next user authentication when user authentication is permitted based on the authentication information input to the display input unit 110. A display pattern 10 different from 10 is displayed on the display input unit 110. If the user authentication is not permitted, the same display pattern 10 displayed on the display input unit 110 is displayed on the display input unit 110 at the next user authentication.

  The control unit 120 performs display control of the display pattern 10 displayed on the display input unit 110. Further, authentication control of authentication information input by a user operation from the display input unit 110 is performed. The control unit 120 of the present embodiment includes a pattern control unit 121 and an authentication unit 122.

  The pattern control unit 121 generates the display pattern 10 shown in FIG. 2 and stores the generated display pattern 10 in the pattern table 135. Further, the display pattern 10 stored in the pattern table 135 is displayed on the display input unit 110.

  When the authentication unit 122 receives from the display input unit 110 authentication information configured by image data selected by a user operation from the image data configuring the display pattern 10 shown in FIG. Then, the hash value of the image data constituting the accepted authentication information is calculated. Based on the calculated hash value, the authentication unit 122 refers to the key image group stored in the key image group table 132 and the authentication image group stored in the authentication image group table 133, and performs display input. The authentication information received from the unit 110 includes image data (key image data) belonging to the key image group and image data (authentication image data) belonging to the authentication image group in a relative positional relationship in a predetermined input order. It is determined whether or not it is configured. The authentication unit 122 determines that the authentication information has a relative positional relationship between image data (key image data) belonging to the key image group and image data (authentication image data) belonging to the authentication image group in a predetermined input order. If it is, allow user authentication.

  The storage unit 130 stores an image table 131 that stores image data, and a key image group that includes key image data that serves as a clue to determine whether the image data is authentication image data that is required when user authentication is permitted. Key image group table 132 for authentication, authentication image group table 133 for storing authentication image groups composed of authentication image data necessary for permitting user authentication, and user selection required for permitting user authentication A dummy image group table 134 for storing dummy image groups composed of dummy image data that are not included, and a pattern table 135 for storing display patterns 10.

  The image table 131 stores image data constituting the display pattern 10. The image data is stored in association with the image ID.

  The key image group table 132 stores a key image group that manages key image data serving as a clue to determine whether or not the authentication image data is necessary for permitting user authentication. The key image group is a group composed of image data that can be identified by the user based on the user's own storage, and manages the group ID and the image ID in association with each other as shown in FIG. The group ID is information for identifying the key image group, and the image ID is information for identifying the key image data. The image ID is preferably a hash value (hash (image ID)) obtained by hashing the image ID with a hash function (one-way function). As the key image group, for example, a group of image data related to one's acquaintance is registered in the key image group table 132. In this case, for example, the photograph data of Mr. A, Mr. B, Mr. S, Mr. T, Mr. C, Mr. U and the like are registered in the key image group table 132 as a group of image data related to his / her acquaintance.

  The authentication image group table 133 stores authentication image groups that manage authentication image data that needs to be selected by the user when permitting user authentication. Similar to the above-described key image group, the authentication image group is a group composed of image data that can be identified by the user based on the user's own storage. As shown in FIG. Manage in association. The group ID is information for identifying the authentication image group, and the image ID is information for identifying the authentication image data. The image ID is preferably a hash value (hash (image ID)) obtained by hashing the image ID with a hash function (one-way function). As the authentication image group, for example, a group of image data related to the child is registered in the authentication image group table 133. In this case, for example, the photo data of the eldest son 1, the eldest son 2, the eldest daughter, and the second daughter are registered in the authentication image group table 133 as a group of image data related to their children.

  The dummy image group table 134 stores dummy image groups that manage dummy image data that does not require selection by the user when permitting user authentication. The dummy image group is managed in association with a group ID and an image ID. The group ID is information for identifying a dummy image group. The image ID is preferably a hash value (hash (image ID)) obtained by hashing the image ID.

  In the present embodiment, it is preferable to hash and store the image ID stored in each group table. By hashing the image ID stored in each group table, it is easy to search which group the image data having a specific image ID belongs to (having a group ID). It becomes difficult to search for image data belonging to the authentication image group (searching for an image ID from a group ID), and security for analysis of each group table can be improved.

  The pattern table 135 stores the display pattern 10 to be displayed on the display input unit 110. A predetermined number or more of display patterns 10 are generated and registered in the pattern table 135 and stored.

  The authentication information input apparatus 100 according to the present embodiment includes image data (key image data) that forms a key image group, image data (authentication image data) that forms an authentication image group, and image data ( Dummy image data) is registered and managed in the storage unit 130 for each group. However, the image data constituting each group can be constituted by arbitrary image data as long as it is possible to identify the group to which each image data belongs based on the user's own storage. Is possible. It should be noted that the content of the image data constituting each group (for example, each group such as the above-mentioned acquaintances, own children, etc.) can be easily determined by the user himself / herself. It is preferable to be able to identify.

<Example of registration pattern operation for display pattern 10>
First, an example of the registration processing operation of the display pattern 10 will be described with reference to FIG.

  The user registers image data that can be identified by the user in the image table 131 based on the user's own memory (step S1). In this case, the pattern control unit 121 preferably allocates a random image ID to the image data, and stores the image data and the image ID in association with each other in the image table 131. This is because assigning sequential image IDs in the order of registration of image data increases the probability that image data with consecutive image IDs belong to the same group. For this reason, by assigning random image IDs to image data, it is possible to reduce the probability that image data of consecutive image IDs belong to the same group.

  Next, the user performs an operation of registering the image data registered in the image table 131 in the key image group table 132. Specifically, a plurality of image data is selected as key image data. By this operation, the pattern control unit 121 associates the group ID with the hash value (hash (image ID)) obtained by hashing the image ID with a hash function (one-way function) in the key image group table 132. Register (step S2).

  Next, the user performs an operation of registering the image data registered in the image table 131 in the authentication image group table 133. Specifically, a plurality of image data are selected as authentication image data. By this operation, the pattern control unit 121 associates the group ID with the hash value (hash (image ID)) obtained by hashing the image ID with a hash function (one-way function) in the authentication image group table 133. Register (step S3).

  Next, the pattern control unit 121 is similar to the key image data and authentication image data based on the key image data registered in the key image group table 132 and the authentication image data registered in the authentication image group table 133. Image data is acquired from the Web, and the acquired image data is registered in the dummy image group table 134 as dummy image data (step S4). The dummy image data can also be registered in the dummy image group table 134 by a user operation.

  Next, the pattern control unit 121 randomly selects one key image ID from among a plurality of key image data selected by the user as key image data. Also, one authentication image ID is randomly selected from a plurality of authentication image data selected by the user as authentication image data. Further, the remaining image IDs necessary for configuring the display pattern 10 are randomly selected from the dummy image data. The pattern control unit 121 randomly determines the display position of the selected image ID, and generates the display pattern 10 in which image data corresponding to the image ID is set at the determined display position. This is performed a predetermined number of times to generate a plurality of display patterns 10 and register them in the pattern table 135 (step S5).

  After the above process is completed, the temporary image ID table that records the image ID selected by the user as the key image data or authentication image data is discarded, and the image ID hashed in the key image group table 132 or the authentication image group table 133 (Hash (image ID)) is managed.

<Example of processing operation during user authentication>
Next, an example of processing operation during user authentication will be described with reference to FIG.

  First, the pattern control unit 121 refers to the pattern table 135, selects one display pattern 10 from the pattern table 135 (step S11), and displays the selected display pattern 10 on the display input unit 110 (step S11). S12). Thereby, one image data (key image data) (one) belonging to the key image group, one image data (authentication image data) (one) belonging to the authentication image group, and a dummy image group. The display pattern 10 shown in FIG. 2 constituted by the remaining number of pieces of image data (dummy image data) (14 pieces) necessary for constituting the display pattern 10 can be displayed on the display input unit 110.

  When the display pattern 10 is displayed on the display input unit 110, the authentication unit 122 starts receiving authentication information (step S13). Further, the authentication unit 122 monitors authentication information input from the display input unit 110 and determines whether or not to start authentication (step S14).

  The user sequentially selects image data from the image data constituting the display pattern 10 displayed on the display input unit 110 based on the user's own memory. The image data sequentially selected by the user operation is input to the display input unit 110 as authentication information used when the user authentication is permitted.

  The authentication unit 122 determines that the authentication is to be started when the input of image data having a predetermined number of authentication image digits (six in this embodiment) is received from the display input unit 110 by a user operation, or authentication is performed. When an authentication start button (not shown) separately installed in the information input device 100 is pressed, it is determined that authentication is started.

  When starting authentication (step S14 / Yes), the authentication unit 122 hashes the image ID corresponding to the image data constituting the authentication information received from the display input unit 110 with a hash function (one-way function). To calculate a hash value (step S15).

  Next, the authentication unit 122 refers to the key image group table 132 based on the calculated hash value, and image data (key image data) belonging to the key image group is included in the image data constituting the authentication information. It is verified whether or not there is (step S16).

  Since the key image group manages a group ID and a hash value (hash (image ID)) obtained by hashing the image ID with a hash function in association with each other, the authentication unit 122 manages the image constituting the authentication information. Based on the hash value of the data, it is verified whether there is image data (key image data) belonging to the key image group.

  If the authentication unit 122 determines that the key image data is included in the image data constituting the authentication information (step S17 / Yes), the authentication unit 122 refers to the authentication image group table 133 and determines the key image data constituting the authentication information. It is checked whether the next image data is image data belonging to the authentication image group (authentication image data) (step S18).

  The authentication image group manages the group ID and the hash value (hash (image ID)) obtained by hashing the image ID with a hash function in association with each other, and therefore the authentication unit 122 is a key constituting authentication information. Based on the hash value of the next image data of the image data, it is verified whether or not the image data is image data (authentication image data) belonging to the authentication image group.

  If the image data next to the key image data constituting the authentication information is authentication image data (step S18 / Yes), the authentication unit 122 determines that the authentication is OK (step S19), and ends the processing (End ). As a result, if it is determined that the authentication is OK, the process starts from step S1 described above. Therefore, at the next user authentication, a new display pattern 10 is selected from the pattern table 135, and the selected new display pattern 10 is selected. Is displayed on the display input unit 110. For this reason, even if a third party steals authentication information during authentication OK authentication information input operation, the new display pattern 10 is displayed at the next user authentication, making it difficult to guess the authentication information. Can be. This is because the authentication information is configured to include dummy image data, and it is not clear which of the image data is the key image data and which is the authentication image data, and the display pattern 10 is different. This is because the same authentication information cannot be input.

  If it is determined in step S17 that there is no key image data in the image data constituting the authentication information (step S17 / No), it is determined as authentication NG (step S20). In the process of step S18, if the next image data of the key image data constituting the authentication information is not authentication image data (step S18 / No), it is determined as authentication NG (step S20). In this case, the same display pattern 10 is displayed again on the display input unit 110 (step S12). This prevents an attack that repeats authentication NG until the same display pattern 10 is displayed even if a third party steals the authentication information during authentication OK input operation. be able to.

<Specific example>
Next, a specific example of user authentication will be described with reference to FIGS.

  First, based on the image data registered in the image table 131, the user selects the image data (image ID) constituting the key image group (acquaintance group) as shown in FIG. Register to 132. In the acquaintance group, register the image IDs of “Mr. A, B, S, T, C, U”. Further, based on the image data registered in the image table 131, as shown in FIG. 5A, the image data (image ID) constituting the authentication image group (child group) is registered in the authentication image group table 133. To do. In the children group, register the image IDs of “eldest son 1, eldest son 2, eldest daughter, second daughter”. Further, as shown in FIG. 5A, the image data (image ID) constituting the dummy image group is registered in the dummy image group table 134.

  Next, the pattern control unit 121 selects one image ID belonging to the key image group (one). In FIG. 5B, the image ID “Mr. A” is selected.

  Also, one image ID belonging to the authentication image group is selected (one). In FIG. 5B, the image ID of “eldest son 2” is selected.

  Further, the remaining image IDs necessary for configuring the display pattern 10 are arbitrarily selected from the dummy image group (14).

  Next, the display position of the selected image ID is arbitrarily determined, image data corresponding to the image ID is set at the determined display position, and the display pattern 10 is generated. Thereby, the display pattern 10 shown in FIG. 5B can be generated. The pattern control unit 121 registers the generated display pattern 10 in the pattern table 135 and stores it.

  Next, the pattern control unit 121 selects one display pattern 10 from the pattern table 135 and displays the selected display pattern 10 on the display input unit 110. Thereby, the display pattern 10 shown in FIG. 6A can be displayed on the display input unit 110.

  Based on the user's own memory, the user determines that the image data of “Mr. A” belongs to the “key image group” from the image data constituting the display pattern 10 displayed on the display input unit 110. be able to. Further, it can be determined that the image data of “eldest son 2” belongs to “authentication image group”. For this reason, the user has a relative positional relationship of image data (key image data) belonging to the key image group and image data (authentication image data) belonging to the authentication image group in a predetermined input order, for example, A total of 6 pieces of image data can be selected so that the key image data and authentication image data are sequentially input, and the selected 6 pieces of image data can be input to the display input unit 110 as authentication information. For example, as shown in FIG. 6A, the user continuously selects the image data of “Mr. A, eldest son 2” based on the user's own memory, and selects a dummy image, for a total of six items. Image data can be input to the display input unit 110 as authentication information. FIG. 6A shows a state in which “dummy, dummy, Mr. A, eldest son 2, dummy, dummy” image data are continuously selected and input to the display input unit 110 as authentication information.

  The authentication unit 122 calculates a hash value of each image data constituting the authentication information input from the display input unit 110. The hash value of each image data is obtained by hashing the image ID with a hash function (one-way function). The authentication unit 122 refers to the key image group based on the calculated hash value, and determines whether there is image data (key image data) belonging to the key image group in the image data constituting the authentication information. Match. In this case, since there is image data of “Mr. A” in the image data constituting the authentication information, it is determined that there is key image data, and the authentication unit 122 refers to the authentication image group and forms the authentication information. It is verified whether the image data next to the key image data is image data (authentication image data) belonging to the authentication image group. In this case, since the image data next to the key image data “Mr. A” constituting the authentication information is the image data of “eldest son 2”, it is determined as authentication image data, and authentication is determined as OK. Then, at the next user authentication, the new display pattern 10 shown in FIG. 6B is selected from the pattern table 135, and the selected new display pattern 10 is displayed on the display input unit 110. For this reason, even if a third party steals the authentication information during the input operation of the authentication OK authentication information (dummy, dummy, Mr. A, eldest son, dummy, dummy), FIG. 6 ( Since the new display pattern 10 shown in b) is displayed, the analogy of the authentication information can be made difficult.

  For example, the display pattern 10 shown in FIG. 6B is composed of 16 pieces of image data, and the probability of authentication OK with a random attack is 1 / 16P2 = 1/240. Note that the probability when the number of display patterns 10 is 25 is further reduced to 1 / 25P2 = 1/600.

  Further, even if it is attempted to grasp the authentication information of the authentication OK by looking at the display pattern 10, the display pattern 10 includes the key image data belonging to the key image group constituting the authentication OK authentication information and the authentication image belonging to the authentication image group. Only part of the data is displayed. In the present embodiment, for example, only two image data are displayed out of a total of ten image data of key image data and authentication image data shown in FIG. For this reason, it is difficult to infer the authentication information indicating that the authentication is OK by looking at the display pattern 10. Note that by increasing the number of image data in each group or increasing the number of groups, it is possible to make the analogy of authentication information for authentication OK more difficult.

  Further, it is assumed that a third party selects “dummy, dummy, dummy, dummy, dummy, dummy” image data in a state where the display pattern 10 shown in FIG. 6B is displayed on the display input unit 110. However, the authentication information corresponding to the display pattern 10 shown in FIG. 6B is on condition that the image data set of “Mr. S, eldest daughter” is included, and the authentication input from the display input unit 110 Since the key image data and the authentication image data are not continuously present in the image data constituting the information, it is determined as authentication NG. In this case, at the next user authentication, the same display pattern 10 as that in FIG. 6B is displayed on the display input unit 110, so that when the authentication OK authentication information input operation is performed, a third party receives authentication information (dummy, dummy, Even if he / she sniffs Mr. A, eldest son, dummy, dummy), it can prevent an attack that repeats authentication NG until the same display pattern 10 as shown in FIG. 6A is displayed. it can.

<Operation / Effect of Authentication Information Input Device 100 of this Embodiment>
As described above, the authentication information input device 100 according to the present embodiment is capable of identifying the user based on the user's own memory and including at least one authentication image data necessary for permitting the user's authentication. One or more selected from an image group, a key image group including at least one key image data serving as a clue to determine whether the image data is authentication image data, and a dummy image group including at least one image data A display pattern 10 including at least image data is generated, and the generated display pattern 10 is registered in the pattern table 135 and stored. Next, one display pattern 10 is selected from the pattern table 135, and the selected display pattern 10 is displayed on the display input unit 110. Thereby, the display pattern 10 composed of the authentication image data, the key image data, and the dummy image data can be displayed on the display input unit 110.

  Next, a plurality of pieces of image data selected in sequence by a user operation from the image data constituting the display pattern 10 displayed on the display input unit 110 are displayed and input as authentication information used when permitting user authentication. Input to part 110. When authentication information is input from the display input unit 110, a hash value of each image data constituting the input authentication information is calculated. Next, based on the calculated hash value, the key image group table 132 is referenced to check whether there is image data (key image data) belonging to the key image group in the image data constituting the authentication information. To do. When there is key image data in the image data constituting the authentication information, the authentication image group table 133 is further referred to, and the image data next to the key image data constituting the authentication information is an image belonging to the authentication image group. It is verified whether the data (authentication image data) or not. If the image data next to the key image data constituting the authentication information is authentication image data, the key image data and the authentication image data are continuously present in the image data constituting the authentication information. It is determined as OK, and a new display pattern 10 is displayed on the display input unit 110 at the next user authentication. If the key image data and the authentication image data do not exist continuously in the image data constituting the authentication information, it is determined as authentication NG, and the same display pattern 10 is displayed at the next user authentication. Display on 110.

  When the authentication is OK, the authentication information input device 100 of the present embodiment displays a new display pattern 10. Therefore, when the authentication information is input, the user's hand and the screen on which the authentication information is input can be seen by a third party. Even if it has been, it is possible to make the analogy of authentication information difficult.

  Further, the authentication information input device 100 according to the present embodiment displays a display pattern 10 composed of key image data and authentication image data constituting authentication information and dummy image data not constituting authentication information on the display input unit 110. Then, a plurality of image data selected in sequence by the user operation from the image data constituting the display pattern 10 displayed on the display input unit 110 is displayed and input as authentication information used when the user authentication is permitted. Since the user authentication is input to the unit 110, the user can efficiently perform the authentication with a simple operation.

  In the processing operation shown in FIG. 4 described above, when authentication is started (step S14 / Yes), the image ID corresponding to each image data constituting the authentication information received from the display input unit 110 is hashed. Thus, the hash value is calculated (step S15), and the matching process is performed based on the calculated hash value (step S16).

  However, as shown in FIG. 7, one image data is selected from the image data constituting the display pattern 10 displayed on the display input unit 110 by the user operation, and the selected image data is displayed on the display input unit. It is also possible to calculate a hash value by hashing an image ID corresponding to the input image data every time input from 110, and to perform a collation process based on the calculated hash value.

  Specifically, after starting to accept authentication information (step S33), it is monitored whether or not image data is input (step S34). If image data is input (step S34 / Yes) ) Hashing the image ID corresponding to the input image data to calculate a hash value, and based on the calculated hash value, the input image data belongs to the key image group (key image data) It is determined whether or not (step S35).

  If the input image data is not key image data (step S35 / No), the input image data is the key image data until the number of image data input by the user operation reaches the number of authentication image digits. It is determined whether or not there is a key image data even if the number of input image data reaches the number of authentication image digits (step S42 / Yes) (step S42 / No, S34, S35 / No). ), Authentication NG is determined (step S43).

  If it is determined that the input image data is the key image data before the number of image data input by the user operation reaches the number of authentication image digits (step S35 / Yes), the next image data It is determined whether or not there is an input (step S36). If the next image data is input (step S36 / Yes), the hash value is calculated by hashing the image ID corresponding to the input image data. Then, based on the calculated hash value, it is determined whether or not the input image data is image data (authentication image data) belonging to the authentication image group (step S37).

  If the input image data is authentication image data (step S37 / Yes), it is determined that authentication is OK (step S38). If it is not authentication image data (step S37 / No), it is determined as authentication NG (step S39). Thereafter, the collation process for the input image data is skipped until the number of image data input by the user operation reaches the number of authentication image digits (six) (steps S40 and S41). If the number of authentication image digits (6) is reached (step S40 / Yes), it is determined whether the authentication result is authentication OK (step S44). If the authentication result is OK (step S44 / Yes), The process ends (End), and in the case of authentication NG (step S44 / No), the same display pattern 10 is displayed on the display input unit 110 (step S32). In this way, it is possible to perform a collation process each time one piece of image data is input from the display input unit 110.

(Second Embodiment)
Next, a second embodiment will be described.

  In the first embodiment, when the number of image data belonging to the key image group, the authentication image group, and the dummy image group used when generating the display pattern 10 is small, the image IDs of all the image data are hashed. By calculating a hash value and referring to the key image group or the authentication image group based on the calculated hash value, it is possible to quickly analyze which image data belongs to which group. Can be done. For example, when the total number of image data belonging to each group is 500, it is possible to analyze which image data belongs to which group by performing 500 hash calculations.

  For this reason, in this embodiment, a hash value is calculated by hashing a value obtained by performing an arithmetic operation on an image ID of a combination of two sets of image data belonging to the key image group and image data belonging to the authentication image group. The calculated hash value is stored in a hash table (not shown) of the storage unit 130, and user authentication is performed based on the hash value stored in the hash table. Also, instead of generating a continuous ID string for all combinations of key image IDs and authentication image IDs, a continuous ID string of combinations of key image IDs and authentication image IDs for a specific display pattern 10 is generated and the hash is generated. A value may be calculated and stored in association with the display pattern 10. By doing so, the storage capacity and the amount of calculation at the time of collation can be made efficient.

  The operation for calculating the image ID may be, for example, a product of value-th prime numbers (2, 3, 5, 7, 11, 13, 17, 19, 23, 29,...) Of the image ID. For example, if the image ID = 5 (prime number 11) and the image ID = 10 (prime number 29), the product is 11 * 29 = 319. Similarly, the same effect can be obtained by making the image ID a prime number. Further, the image ID calculation operation can also be applied to a character string concatenation of image IDs. For example, if image ID = 5 and image ID = 10, the cost is 5 $ 10.

  When performing user authentication, as shown in FIG. 8, when authentication is started (step S54 / Yes), two consecutive images are based on the image data constituting the authentication information that has been accepted. A hash value of the data set is calculated (step S55), and based on the calculated hash value, a hash table is referenced, and a hash value that matches the calculated hash value of the two sets of image data is stored in the hash table. It is checked whether or not there is (step S56). Specifically, the first selected image ID, the second selected image ID, the second selected image ID, the third selected image ID, and the third selected image ID. A hash value of a value obtained by performing an arithmetic operation in the same manner as described above for a continuous image ID such as the fourth selected image ID is calculated, a hash table is searched based on the calculated hash value, and a matching hash value Check whether or not exists.

  If there is a matching hash value (step S57 / Yes), it is determined that the authentication is OK (step S58), and the process ends (End). If there is no matching hash value (step S57 / No), it is determined as authentication NG (step S59), and the same display pattern 10 is displayed on the display input unit 110 (step S52).

  This makes it difficult to easily analyze which group each image data belongs to. For example, the combination of image data belonging to the key image group shown in FIG. 5A and image data belonging to the authentication image group is key image group (6) × authentication image group (4) = 24. The hash values of the 24 combinations are stored in the hash table. In this case, in order for a third party to analyze the authentication information, if there are many dummy images and 500 pieces of image data are registered, 500P2 = 249500 hash calculations are required. As a result, it is difficult to easily analyze which group each image data belongs to.

(Third embodiment)
Next, a third embodiment will be described.

  In the first and second embodiments, the case where user authentication is performed by the authentication information input device 100 shown in FIG. 1 alone has been described.

  In the third embodiment, a case where user authentication is performed by the authentication information input device 100 and the server device 200 illustrated in FIG. 9 will be described. In the case of the third embodiment, the registration processing of the display pattern 10 and the authentication processing are performed on the server device 200 side. Hereinafter, the third embodiment will be described with reference to FIGS. 9 and 10.

<System configuration example of authentication system>
First, a system configuration example of the authentication system of this embodiment will be described with reference to FIG.

  The authentication system of the present embodiment is configured by connecting an authentication information input device 100 and a server device 200 via a network NW. The network NW can be applied to any communication form regardless of wired or wireless, and the authentication information input apparatus 100 and the server apparatus 200 are connected in any connection form to perform two-way information communication.

  The authentication information input device 100 according to the present embodiment includes a display input unit 110, a control unit 120, and a communication unit 140. The display input unit 110 has the same function as in the first embodiment. The control unit 120 performs display control of the display pattern 10 displayed on the display input unit 110. The communication unit 140 communicates with the server device 200 in an arbitrary communication form.

  The server device 200 according to the present embodiment includes a control unit 220, a storage unit 230, and a communication unit 240. The control unit 220 is connected to the authentication information input device 100 via the communication unit 240 and performs display control of the display pattern 10 displayed on the display input unit 110 on the authentication information input device 100 side. Further, authentication control of authentication information input by a user operation from the display input unit 110 is performed. The control unit 220 according to this embodiment includes a pattern control unit 221 and an authentication unit 222. The functions of the pattern control unit 221 and the authentication unit 222 have the same functions as those in the first embodiment. The communication unit 240 communicates with the authentication information input device 100 in an arbitrary communication form. The image table 231, key image group table 232, authentication image group table 233, dummy image group table 234, and pattern table 235 stored in the storage unit 230 are the same as those in the first embodiment.

<Example of processing operation during user authentication>
Next, an example of processing operation during user authentication will be described with reference to FIG.

  Similar to the first embodiment, the pattern control unit 221 of the server device 200 selects one display pattern 10 from the pattern table 235 and transmits the selected display pattern 10 to the authentication information input device via the communication unit 240. It transmits to 100 (step A1, A2).

  The authentication information input device 100 receives the display pattern 10 via the communication unit 140 and displays the received display pattern 10 on the display input unit 110. Also, the authentication information input acceptance is started (step A3). Thereby, the authentication information input device 100 can display the display pattern 10 composed of the key image data, the authentication image data, and the dummy image data on the display input unit 110.

  The user sequentially selects image data from the image data constituting the display pattern 10 displayed on the display input unit 110 based on the user's own memory. A plurality of pieces of image data selected in sequence by a user operation are input to the display input unit 110 as authentication information used when user authentication is permitted.

  The display input unit 110 starts authentication when receiving input of image data of a predetermined number of authentication image digits (six in this embodiment) from the display input unit 110 by a user operation (step A4 / Yes). Further, when an authentication start button (not shown) separately installed in the authentication information input device 100 is pressed, authentication is started (step A4 / Yes).

  When starting the authentication (step A4 / Yes), the display input unit 110 calculates a hash value of each image data constituting the authentication information received from the display input unit 110 (step A5). Then, the hash value of each image data constituting the authentication information is transmitted to the server device 200 via the communication unit 140 (step A6).

  When the server device 200 receives the hash value of each image data constituting the authentication information via the communication unit 240, the authentication unit 222 stores the hash value in the key image group table 232 based on the received hash value. The key image group is referred to, and it is checked whether or not there is image data (key image data) belonging to the key image group in the image data constituting the authentication information (step A7).

  If the authentication unit 222 determines that there is key image data in the image data constituting the authentication information (step A8 / Yes), the authentication unit 222 refers to the authentication image group stored in the authentication image group table 233, It is verified whether or not the image data next to the key image data constituting the authentication information is image data (authentication image data) belonging to the authentication image group (step A9).

  If the image data next to the key image data constituting the authentication information is authentication image data (step A9 / Yes), the authentication unit 222 determines that the authentication is OK (step A10), and passes through the communication unit 240. The authentication result is transmitted to the authentication information input device 100 (step A12). If it is not authentication image data (step A9 / No), it is determined as authentication NG (step A11), and the authentication result is transmitted to the authentication information input device 100 via the communication unit 240 (step A12).

<Operation and effect of authentication system of this embodiment>
As described above, the server device 200 configuring the authentication system of the present embodiment displays the display pattern 10 stored in the pattern table 235 on the server device 200 side on the display input unit 110 on the authentication information input device 100 side. The authentication information input device 100 transmits image data selected by a user operation from the display pattern 10 displayed on the display input unit 110 to the server device 200 as authentication information. The server device 200 performs user authentication based on the authentication information received from the authentication information input device 100.

  As a result, the authentication system of the present embodiment can obtain the same effects as those of the first embodiment, and further improve security compared to performing user authentication by the authentication information input device 100 alone as in the first embodiment. Can be made.

  Further, the display pattern 10 is selected from the pattern table 235 on the server device 200 side, and the selected display pattern 10 is displayed on the display input unit 110 on the authentication information input device 100 side. Then, the server apparatus 200 receives the image data selected by the user operation from the display pattern 10 displayed on the display input unit 110 as authentication information, and performs user authentication based on the received authentication information. For this reason, since authentication such as challenge and response can be performed, spoofing of the terminal itself (including spoofing of a program on the terminal) can be prevented.

  Note that the processing operation example at the time of user authentication shown in FIG. 10 described above is a case where the server device 200 and the authentication information input device 100 perform the processing operation example at the time of user authentication of the first embodiment shown in FIG. did. However, it is also possible for the server device 200 and the authentication information input device 100 to perform the processing operation example at the time of user authentication of the second embodiment shown in FIG.

  In this case, as shown in FIG. 11, the authentication information input device 100 side calculates a hash value of a set of two consecutive image data based on each image data constituting the authentication information that has received the input ( In step A25), the calculated hash value of the set of two image data is transmitted to the server device 200 side (step A26).

  The server device 200 refers to the hash table and checks whether or not there is a hash value in the hash table that matches the hash value of the set of two image data received from the authentication information input device 100 (step A27). If there is a matching hash value (step A28 / Yes), the server device 200 determines that the authentication is OK (step A29), and transmits the authentication result to the authentication information input device 100 (step A31). If there is no matching hash value (step A28), it is determined as authentication NG (step A30), and the authentication result is transmitted to the authentication information input device 100 (step A31).

  The above-described embodiment is a preferred embodiment of the present invention, and the scope of the present invention is not limited to the above-described embodiment alone, and various modifications are made without departing from the gist of the present invention. Implementation is possible.

  For example, in the above-described embodiment, as shown in FIG. 2, the display pattern 10 includes image data (key image data) (one piece) associated with a key image group and image data ( The authentication image data) (one) and the other image data (dummy image data) (14) are composed of a total of 16 image data. However, the display pattern 10 is an example, and can be configured by an arbitrary number of image data. However, the display pattern 10 is a key that is identifiable by the user based on the user's own memory and that is used as a key for determining whether or not the authentication image data is necessary when permitting user authentication. And at least image data.

  In the above-described embodiment, the display input unit 110 that combines the function of displaying the display pattern 10 and the function of inputting the image data constituting the authentication information has been described as an example. However, a function (display unit) for displaying the display pattern 10 and a function (input unit) for inputting image data constituting the authentication information can be provided separately.

  Further, the control operation in the authentication information input device 100 and the server device 200 of the present embodiment described above can be executed using hardware, software, or a combined configuration of both.

  In the case of executing processing using software, it is possible to install and execute a program in which a processing sequence is recorded in a memory in a computer incorporated in dedicated hardware. Alternatively, the program can be installed and executed on a general-purpose computer capable of executing various processes.

  For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a recording medium. Alternatively, the program can be stored (recorded) temporarily or permanently in a removable recording medium. Such a removable recording medium can be provided as so-called package software. Examples of the removable recording medium include a floppy (registered trademark) disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, and a semiconductor memory.

  The program is installed in the computer from the removable recording medium as described above. In addition, it is wirelessly transferred from the download site to the computer. In addition, it is transferred to the computer via a network by wire.

  Further, the authentication information input device 100 and the server device 200 in the present embodiment are not only executed in time series according to the processing operation described in the above embodiment, but also the processing capability of the device that executes the processing, or necessary. It is also possible to construct to execute in parallel or individually.

100 Authentication Information Input Device 110 Display Input Unit (Display Unit, Input Unit)
120, 220 Control unit 121, 221 Pattern control unit 122, 222 Authentication unit (authentication means)
130, 230 Storage unit (fourth storage means)
131, 231 Image table 132, 232 Key image group table (first storage means)
133, 233 Authentication image group table (second storage means)
134, 234 Dummy image group table (third storage means)
135, 235 Pattern table 140, 240 Communication unit 200 Server device NW network

Claims (7)

An image ID assigned to the authentication image data belonging to an authentication image group that is identifiable by the user based on the user's own memory and includes at least one authentication image data necessary for permitting authentication of the user; A predetermined ID based on the combination of the image ID and the image ID assigned to the key image data belonging to the key image group including at least one key image data which is a clue to determine whether the image data is the authentication image data. Storage means for storing a hash value obtained by hashing a value obtained by the operation;
It said authentication image group, and the key image group, a display means for displaying the display patterns forming the dummy image group from the image data selected each one or at least comprise including at least one image data,
Input means for inputting, as authentication information used when permitting authentication of the user, a plurality of pieces of image data sequentially selected by a user operation from image data constituting the display pattern displayed on the display means; ,
Obtained by a predetermined calculation based on the image ID assigned to each image data constituted by the relative positional relationship of the predetermined input order among the image data constituting the authentication information inputted by the input means. A hash value obtained by hashing the calculated value, and an authentication unit that permits authentication of the user when a hash value that matches the calculated hash value is stored in the storage unit. A featured authentication information input device. The display means includes
When authentication of the user is permitted, a display pattern including a combination of the key image data and the authentication image data different from the display pattern displayed on the display means is displayed.
The authentication information input device according to claim 1, wherein when the user authentication is not permitted, the same display pattern as the display pattern displayed on the display means is displayed. The authentication image data belonging to the authentication image group and the key image data belonging to the key image group are image data designated in advance by the user based on the user's own storage. 3. The authentication information input device according to 1 or 2. A server device connected to the authentication information input device,
An image ID assigned to the authentication image data belonging to an authentication image group that is identifiable by the user based on the user's own memory and includes at least one authentication image data necessary for permitting authentication of the user; A predetermined ID based on the combination of the image ID and the image ID assigned to the key image data belonging to the key image group including at least one key image data which is a clue to determine whether the image data is the authentication image data. Storage means for storing a hash value obtained by hashing a value obtained by the operation;
Said authentication image group, and the key image group, and a dummy image group including at least one image data from the display pattern contains at least constituting the image data selected each 1 or more in the authentication information input device A transmission means for transmitting;
A relative positional relationship in a predetermined input order among a plurality of image data selected in sequence by a user operation from among image data constituting the display pattern displayed on the display means on the authentication information input device side. Receiving means for receiving a hash value obtained by hashing a value obtained by a predetermined calculation based on an image ID assigned to each image data constituting ;
An authentication unit that permits authentication of the user when a hash value that matches the hash value received by the receiving unit is stored in the storage unit ;
The server apparatus characterized by having. An authentication system comprising an authentication information input device and a server device,
The server device
An image ID assigned to the authentication image data belonging to an authentication image group that is identifiable by the user based on the user's own memory and includes at least one authentication image data necessary for permitting authentication of the user; A predetermined ID based on the combination of the image ID and the image ID assigned to the key image data belonging to the key image group including at least one key image data which is a clue to determine whether the image data is the authentication image data. Storage means for storing a hash value obtained by hashing a value obtained by the operation;
Said authentication image group, and the key image group, and a dummy image group including at least one image data from the display pattern contains at least constituting the image data selected each 1 or more in the authentication information input device A transmission means for transmitting;
A relative positional relationship in a predetermined input order among a plurality of image data selected in sequence by a user operation from among image data constituting the display pattern displayed on the display means on the authentication information input device side. Receiving means for receiving a hash value obtained by hashing a value obtained by a predetermined calculation based on an image ID assigned to each image data constituting ;
An authentication unit that permits authentication of the user when a hash value that matches the hash value received by the receiving unit is stored in the storage unit ;
The authentication information input device includes:
The display means for displaying the display pattern received from the server device;
Each image data constituted by a relative positional relationship in a predetermined input order among a plurality of image data sequentially selected by a user operation from image data constituting the display pattern displayed on the display means. An authentication system , comprising: a transmission unit that transmits a hash value obtained by hashing a value obtained by a predetermined calculation based on an assigned image ID to the server device. An image ID assigned to the authentication image data belonging to an authentication image group that is identifiable by the user based on the user's own memory and includes at least one authentication image data necessary for permitting authentication of the user; A predetermined ID based on the combination of the image ID and the image ID assigned to the key image data belonging to the key image group including at least one key image data which is a clue to determine whether the image data is the authentication image data. A storage process for storing a hash value obtained by hashing a value obtained by the operation in a storage unit;
It said authentication image group, and the key image group, a display to be displayed on the display means a display pattern constituting at least comprise a dummy image group from the image data selected each 1 or more, including at least one image data Processing,
A plurality of pieces of image data selected in sequence by a user operation from the image data constituting the display pattern displayed on the display unit are input to the input unit as authentication information used when the user authentication is permitted. Input processing ,
Obtained by a predetermined calculation based on the image ID assigned to each image data constituted by a relative positional relationship in a predetermined input order among the image data constituting the authentication information inputted to the input means. A hash value obtained by hashing the calculated value is calculated, and when a hash value that matches the calculated hash value is stored in the storage unit, an authentication process for permitting the user authentication is executed on the computer. A program characterized by letting An image ID assigned to the authentication image data belonging to an authentication image group that is identifiable by the user based on the user's own memory and includes at least one authentication image data necessary for permitting authentication of the user; A predetermined ID based on the combination of the image ID and the image ID assigned to the key image data belonging to the key image group including at least one key image data which is a clue to determine whether the image data is the authentication image data. A storage process for storing a hash value obtained by hashing a value obtained by the operation in a storage unit;
A display pattern including at least one image data selected from the authentication image group, the key image group, and a dummy image group including at least one image data is transmitted to the authentication information input device . Send processing to
A relative positional relationship in a predetermined input order among a plurality of image data selected in sequence by a user operation from among image data constituting the display pattern displayed on the display means on the authentication information input device side. A receiving process for receiving a hash value obtained by hashing a value obtained by a predetermined calculation based on an image ID assigned to each image data to be configured;
An authentication process that permits authentication of the user when a hash value that matches the hash value received by the reception process is stored in the storage unit;
A program characterized by causing a computer to execute.

Images