JP6458587B2 - Authentication method, authentication program, and authentication device - Google Patents

Description

  The present invention relates to an authentication method, an authentication program, and an authentication device.

  User authentication for authenticating whether or not the user has a legitimate authority is used in situations where various services are used. As an example of such user authentication, there is authentication using a password given to the user. Another example is biometric authentication using biometric information such as fingerprints, irises and veins.

JP 2007-172308 A JP 2012-216128 A JP 2009-163482 A

  However, in the above technique, as described below, the safety related to user authentication may be lowered.

  For example, when authenticating with a password, a character string for confirmation is used as the password, but the password may be obtained illegally by a third party who attempts a brute force attack. May not be suppressed. In addition, when using a one-time password with a limited number of uses, the same can be said as when using a fixed password. This is because a one-time password is issued via e-mail or SNS (Social Networking Service), and it may be difficult to suppress theft and misuse on the transmission path.

  In the case of biometric authentication, biometric information may be input in a state in which the biometric features of the user are unclear due to injury or disease. In this case, even if the biometric information of the person is input, biometric information whose biometric features are not similar to the biometric information at the time of registration is input, which contributes to an increase in the rejection rate.

  In one aspect, an object of the present invention is to provide an authentication method, an authentication program, and an authentication device that can improve the safety related to user authentication.

  In an authentication method according to one aspect, in a method for authenticating a user of a terminal having a display screen, visual information of one of characters, symbols, or figures and a display position of the visual information on the display screen are stored for each user. The visual information corresponding to the user of the terminal is displayed at the display position on the display screen corresponding to the user of the terminal, and the visual information is displayed at the display position. The computer executes processing for acquiring time-series information on the position of the object moving on the display screen and processing for authenticating the user based on the acquired time-series information on the position.

  Safety related to user authentication can be improved.

FIG. 1 is a diagram illustrating a configuration example of an authentication system according to the first embodiment. FIG. 2 is a block diagram illustrating a functional configuration of the authentication server according to the first embodiment. FIG. 3 is a diagram illustrating an example of a method for inputting registration authentication information. FIG. 4 is a diagram illustrating an example of the division result. FIG. 5 is a diagram illustrating an example of authentication information. FIG. 6 is a diagram illustrating an example of an input authentication information input method. FIG. 7 is a flowchart of the registration process according to the first embodiment. FIG. 8 is a flowchart illustrating the procedure of the authentication process according to the first embodiment. FIG. 9 is a diagram illustrating an application example of a route. FIG. 10 is a diagram illustrating an application example of the tracking method. FIG. 11A is a diagram illustrating a movement example of the marking of the key figure. FIG. 11B is a diagram illustrating an example of a traveling direction and a section after transition. FIG. 12 is a diagram illustrating another example of the division result. FIG. 13 is a diagram illustrating another example of the division result. FIG. 14 is a diagram illustrating a hardware configuration example of a computer that executes the authentication program according to the first and second embodiments.

  Hereinafter, an authentication method, an authentication program, and an authentication apparatus according to the present application will be described with reference to the accompanying drawings. Note that this embodiment does not limit the disclosed technology. Each embodiment can be appropriately combined within a range in which processing contents are not contradictory.

[System configuration]
FIG. 1 is a diagram illustrating a configuration example of an authentication system according to the first embodiment. The authentication system 1 shown in FIG. 1 provides an authentication service that performs user authentication that is performed when various services are provided.

  As part of the authentication service, the authentication system 1 performs user authentication by an approach different from authentication using a password or authentication using biometric information. For example, the authentication system 1 uses, as authentication information, a path drawn by a locus of position information of handwritten input on a screen on which an image designated by a service subscriber who subscribes to a service provided by the service provider is displayed. The “handwriting input” here includes not only the case of tracing the screen of the touch panel with a finger or a touch pen, but also the case of using a pointing device or the like.

  By using such authentication information, the sense of the person who registers the authentication information can be used as a drawing key. Therefore, it is possible to reduce the possibility that authentication information is illegally obtained by a third party by a brute force attack rather than a password defined by a character code. In addition, it is possible to suppress variations in the quality of authentication information input by the same person due to injury or illness. Therefore, the safety regarding user authentication can be improved.

  As shown in FIG. 1, the authentication system 1 accommodates an authentication server 10, a service subscriber terminal 30, and a service provider terminal 50. Here, as an example, one service subscriber terminal 30 and one service provider terminal 50 are illustrated, but a plurality of service subscriber terminals 30 and service provider terminals 50 may be accommodated. .

  The authentication server 10 and the service subscriber terminal 30 are connected to each other via a predetermined network 7 so that they can communicate with each other. As an example of such a network 7, an arbitrary communication network can be adopted regardless of whether it is wired or wireless, including a public line such as the Internet and a local line network such as a LAN (Local Area Network). Further, the authentication server 10 and the service provider terminal 50 are connected to each other via a communication network such as a dedicated line or a VPN (Virtual Private Network).

  Here, in FIG. 1, as an example, ATM (Automatic Teller Machine), such as a so-called automatic teller machine or automatic ticketing machine, the service provider terminal 50 serves as a service subscriber's window and serves as a service subscriber. The case where user authentication is performed in the scene where a service is provided is illustrated. This application scene is merely an example, and the application scene is not limited to this. For example, the authentication system 1 can be applied to a scene where user authentication is performed when the service provider terminal 50 provides a service via a public line, such as a Web service.

  Under the application scene of such user authentication, the authentication server 10 can accept the authentication information as follows as an example. For example, the case where the authentication information input at the service subscriber terminal 30 is registered in the authentication server 10 while the authentication information to be collated with the registered authentication information is input at the service provider terminal 50 is illustrated. Hereinafter, the authentication information registered in advance for verification with the authentication information input at the time of user authentication is referred to as “registered authentication information”, and the authentication information input at the time of user authentication is referred to as “input authentication information”. May be described.

  The service subscriber terminal 30 is a terminal device used by the service subscriber.

  As an embodiment, the service subscriber terminal 30 may employ a tablet-type information processing terminal, a so-called tablet terminal. This is just one aspect. For example, the service subscriber terminal 30 may be a mobile communication terminal typified by a smartphone, a mobile phone, a PHS (Personal Handyphone System), or a laptop personal computer. it can. In addition, the service subscriber terminal 30 is not limited to a portable terminal device such as a tablet terminal or a mobile communication terminal, and may be implemented as a fixed terminal such as a personal computer.

  The service provider terminal 50 is a terminal device used by the service provider to provide services.

  As an embodiment, the service provider terminal 50 can employ any device according to the form of service provided by the service provider. For example, the service provider terminal 50 can employ an ATM or an automatic ticketing machine, or can employ a Web server or the like.

  The authentication server 10 is a server device that provides the above authentication service. The entity that provides the “authentication service” here may be the same provider as the service provider that provides the service subscriber, or may be a different provider.

  As one embodiment, the authentication server 10 can be implemented by installing an authentication program that provides the above authentication service as package software or online software on a desired computer. For example, the authentication server 10 may be implemented as a Web server that provides the above authentication service, or may be implemented as a cloud that provides the above authentication service by outsourcing. 1 illustrates the case where the authentication server 10 and the service provider terminal 50 are individually provided, the authentication server 10 and the service provider terminal 50 may be integrated.

[Configuration of Authentication Server 10]
FIG. 2 is a block diagram illustrating a functional configuration of the authentication server 10 according to the first embodiment. As illustrated in FIG. 2, the authentication server 10 includes a communication I / F (interface) unit 11, a storage unit 13, and a control unit 15. The authentication server 10 may include various functional units included in a known computer other than the functional units illustrated in FIG. 2, for example, functional units such as various input devices and audio output devices.

  The communication I / F unit 11 is an interface that performs communication control with other devices such as the service subscriber terminal 30 and the service provider terminal 50.

  As an embodiment, the communication I / F unit 11 can employ a network interface card such as a LAN card. For example, the communication I / F unit 11 receives registration authentication information such as an image and a drawing key used for user authentication from the service subscriber terminal 30, or transmits a registration result of the registration authentication information to the service subscriber terminal 30. To do. Further, the communication I / F unit 11 receives input authentication information such as an image and a drawing key used for user authentication from the service provider terminal 50, and, as a result of user authentication, for example, OK or NG is transmitted to the service provider terminal 50. Or send.

  The storage unit 13 is a storage device that stores data used for various programs such as the above-described authentication program including an OS (Operating System) executed by the control unit 15.

  As an embodiment, the storage unit 13 is implemented as a main storage device in the authentication server 10. For example, various semiconductor memory elements such as a RAM (Random Access Memory) and a flash memory can be employed for the storage unit 13. The storage unit 13 can also be implemented as an auxiliary storage device. In this case, an HDD (Hard Disk Drive), an optical disk, an SSD (Solid State Drive), or the like can be employed.

  The storage unit 13 stores authentication information 13 a as an example of data used for a program executed by the control unit 15. In addition to the authentication information 13a, other electronic data such as a user authentication log can also be stored. Here, the description of the authentication information 13a will be described later at the stage where the processing unit in which the authentication information 13a is registered is described.

  The control unit 15 has an internal memory for storing various programs and control data, and executes various processes using these.

  As an embodiment, the control unit 15 is implemented as a central processing unit, a so-called CPU (Central Processing Unit). Note that the control unit 15 is not necessarily implemented as a central processing unit, and may be implemented as an MPU (Micro Processing Unit). The control unit 15 can also be realized by a hard wired logic such as an application specific integrated circuit (ASIC) or a field programmable gate array (FPGA).

  The control unit 15 virtually implements the following processing unit by executing various programs. For example, as shown in FIG. 2, the control unit 15 includes a first receiving unit 16a, a dividing unit 16b, a first tracking unit 16c, a registration unit 16d, a second receiving unit 17e, and a visual information display unit 17f. An acquisition unit 17g, a second tracking unit 17h, and an authentication unit 17j. In FIG. 2, “16” is added to the code of the processing unit that performs processing when the authentication information is registered, and “17” is the code of the processing unit that performs processing when performing user authentication. Is attached.

  The first receiving unit 16a is a processing unit that receives a registration request for authentication information.

  As an embodiment, the first receiving unit 16a can receive a registration request for authentication information via a browser installed in the service subscriber terminal 30 or an application program for authentication. For example, the first accepting unit 16a creates a new account for using the service provided by the service provider or changes the contents of the registered account in conjunction with the processing related to the procedure of authentication information. Accept registration request. When the authentication information registration request is received in this manner, the first receiving unit 16a receives a selection of an image used for user authentication. For example, an image used for user authentication can be selected from thumbnails displaying a list of images stored in the service subscriber terminal 30. In addition, the first receiving unit 16a receives the drawing of visual information at an arbitrary position on the image selected from the thumbnails displayed on the service subscriber terminal 30 by handwriting input. In this way, visual information received by handwriting input can be drawn in any size and any shape as long as the size and shape fits in the image. For example, the visual information may be characters, symbols, or figures.

  The dividing unit 16b is a processing unit that divides an image into a plurality of sections.

  As one embodiment, the dividing unit 16b divides the image into a plurality of sections by labeling the visual information after the visual information is drawn on the image used for user authentication. Here, the dividing unit 16b uses the following conditions when dividing the image. As an example of such a condition, the boundary line for dividing the image is set in a range that does not overlap the visual information, and the ratio of the area of the visual information drawn on the image and the section including the visual information approaches 1: 1. For example, a boundary line can be set. For example, the dividing unit 16b cuts out a sequence of pixels connected by a locus of position information drawn by handwriting input as visual information one by one. In addition, the dividing unit 16b sets a line segment that separates each piece of visual information and passes through a place where no visual information exists in each of the horizontal and vertical directions of the image. After the image is divided in this way, the dividing unit 16b assigns a section number for identifying the section to each section. For example, the dividing unit 16b increases the ascending order in the order of the section including the upper left vertex of the image, the section existing in the right direction therefrom, and the section closest to the section including the upper left vertex of the image if there is no right section. No. number is assigned.

  The first tracking unit 16c is a processing unit that tracks position information input by handwriting. Here, as an example, a case where the above drawing key is set by one-stroke writing by handwriting input is illustrated.

  As an embodiment, the first tracking unit 16c waits for the start of handwriting input regarding a route when the image is divided by the dividing unit 16b. When the handwriting input is started, the first tracking unit 16c determines whether the start position of the handwriting input overlaps with any of the visual information drawn on the image. At this time, if the start position of handwriting input does not overlap with any visual information, the first tracking unit 16c causes the service subscriber terminal 30 to display a message prompting to start handwriting input on any visual information. . On the other hand, when the start position of the handwriting input overlaps with any visual information, the first tracking unit 16c sets the visual information that overlaps the start position of the handwriting input among the visual information drawn on the image as the key figure.

  After the key figure is set in this way, the first tracking unit 16c tracks, as position information, the coordinate position where handwritten input is accepted on the screen on which the image and visual information are displayed on the service subscriber terminal 30. And whenever the 1st tracking part 16c acquires the positional information on handwritten input from the service subscriber terminal 30, it identifies the division to which the said positional information belongs. In addition, each time the first tracking unit 16c transitions to another section different from the section to which the position information acquired immediately before the position information acquired from the service subscriber terminal 30 belongs, The partition number corresponding to the partition number is stored in the work area of the internal memory (not shown) in tandem with the partition number corresponding to the partition before the transition. As a result, in the internal memory, the section number corresponding to the section where the key figure exists is used as the starting point, and the order in which the locus of the position information by handwriting input passes through the section on the image, in other words, the order in which the section numbers continue is managed as the route. Is done. Thereafter, the first tracking unit 16c tracks the position information of the handwritten input until the handwritten input is completed. Here, the case where the route is set by the position information of the handwritten input is exemplified, but the route may be set by another method. For example, although details will be described later, the order in which the key figure moves through the sections can be set as a route.

  FIG. 3 is a diagram illustrating an example of a method for inputting registration authentication information. FIG. 4 is a diagram illustrating an example of the division result. For example, when receiving a registration request for authentication information from the service subscriber terminal 30, the first reception unit 16a uses the list of images stored in the service subscriber terminal 30 as thumbnails as shown in FIG. Display on 30 touch panels. Accordingly, the first receiving unit 16a receives a selection of an image used for user authentication, in the illustrated example, the image 34 (S1). When the image 34 is selected in this way, the first receiving unit 16a receives the drawing of visual information in a state where the image 34 is displayed on the service subscriber terminal 30 in the full screen or a size corresponding to the full screen (S2). . As a result, the figure “Δ” and the figure “N” are drawn on the image 34.

  Thereafter, upon receiving an operation to finish drawing the visual information, for example, a touch operation such as a double tap, the dividing unit 16b divides the image into a plurality of sections by labeling the visual information (S3). As shown in FIG. 4, the image 34 is divided into four sections C1 to C4 by the horizontal boundary line and the vertical boundary line. As shown in FIG. 4, in the coordinate system in which the lower left vertex of the image 34 is the origin, the horizontal direction is the X axis, and the vertical direction is the Y axis, the positions and sizes of the sections C1 to C4 are as follows. Can be defined. For example, in the case of the section C1, the section C1 is defined by the coordinates of the lower left vertex (0, 50) and the coordinates of the upper right vertex (50, 100). In the case of the section C2, the section C2 is defined by the coordinates of the lower left vertex (50, 50) and the coordinates of the upper right vertex (100, 100). In the case of the section C3, the section C3 is defined by the coordinates of the lower left vertex (0, 0) and the coordinates of the upper right vertex (50, 50). Further, in the case of the section C4, the section C4 is defined by the coordinates of the lower left vertex (50, 0) and the coordinates of the upper right vertex (100, 50). Thereafter, the section numbers for identifying each section are assigned to the four sections C1 to C4. For example, the section number “1” is assigned to the section C1 including the upper left vertex of the image 34, and the section number “2” is assigned to the section C2 existing in the right direction therefrom. Further, since there is no section on the right side of the section C2, the section number “3” is assigned to the section C3 having the shortest distance from the section C1 next to the section C2, and the section is farther from the section C1 than the section C3. Section number “4” is assigned to C4. Here, the case where the section is defined by the coordinates of the lower left vertex and the coordinates of the upper right vertex is illustrated, but the section may be defined by other methods. For example, a partition can be defined by the coordinates of any vertex forming the partition and the width and height of the partition.

  After the image 34 is thus divided into the sections C1 to C4, the first tracking unit 16c waits for the start of handwriting input (S4). In the example shown in FIG. 3, the handwriting input start position overlaps with the position where the graphic “Δ” exists, so the graphic “Δ” of the graphic “Δ” and the graphic “N” is set as the key graphic. Thereafter, the first tracking unit 16c tracks, as a route, the order in which the locus of the position information by handwriting input passes through the sections on the image (S5). For example, in the example shown in FIG. 3, the locus of position information by handwriting input is the order of section number “2”, section number “1”, section number “3”, section number “4”, section number “2”. Pass by. In this case, the route is set as “2 → 1 → 3 → 4 → 2”.

  In this example, the key figure is set depending on whether or not the handwriting input start position overlaps with the figure. However, the figure in the section corresponding to the handwriting input start position may be set as the key figure. it can. In this case, the key figure can be set without necessarily aiming at the start position of the handwriting input on the figure drawn by the line drawing, so that it is possible to reduce the effort for aiming the touch operation on the line of the figure.

  The registration unit 16d is a processing unit that registers authentication information.

  As one embodiment, when the tracking of the handwritten input position information by the first tracking unit 16c is completed, the registration unit 16d uses the authentication information associated with the image, the visual information, the section, the key figure, and the route as the authentication information 13a. Register in the storage unit 13.

  FIG. 5 is a diagram illustrating an example of the authentication information 13a. FIG. 5 shows extracted authentication information registered by the setting method shown in FIG. As shown in FIG. 5, the authentication information 13a includes items such as terminal information, image file name, longitude, latitude, storage date, section 1 to section N, visual information 1 to visual information N, key figure, and route. It is.

  The “terminal information” here refers to information about the service subscriber terminal 30 in which the authentication information is registered, and further includes items such as a model, a serial number, and a carrier name, for example. The “image file name” indicates the file name of an image used for user authentication. In the example of FIG. 5, the case where the image file name is managed as the authentication information and the image file is stored in another storage area is illustrated. However, as will be described later, the image file itself may be stored in a binary format or the like. it can. Further, “longitude” and “latitude” shown in FIG. 5 indicate the longitude and latitude relating to the position where the image is captured. For example, GPS (Global Positioning System) reception mounted on the service subscriber terminal 30 at the time of capturing the image is received. The data measured by the machine is registered. 5 indicates the date and time when the image is stored in the memory of the service subscriber terminal 30. “Section 1” to “Section N” are items that define the sections into which the image is divided by the dividing unit 16b. For example, coordinates regarding the lower left vertex and the upper right vertex of each section are registered. The subscripts of “partition 1” to “partition N” correspond to the partition number, and the value of the field of the partition number that does not exist as a result of the division is blank or NULL. “Visual information 1” to “visual information N” refer to visual information drawn on an image. For example, a partial image of a section including visual information drawn on the service subscriber terminal 30 in the entire image. Is registered. The subscripts of these “visual information 1” to “visual information N” also correspond to the section numbers, and the value of the section number field in which visual information is not drawn is blank or NULL. In addition, although the case where the partial image of visual information was memorize | stored was illustrated here, it is good also as memorize | stores visual information itself. For example, the locus of handwritten input position information, that is, time-series data of position information can be stored in the storage unit 13.

  In the example of the record shown in FIG. 5, the model of the service subscriber terminal 30 that has registered the authentication information is “FJ03”, the serial number of the service subscriber terminal 30 is “F201501”, and the service subscriber This means that the carrier to which the user of the terminal 30 has a communication contract is “carrier A”. Furthermore, in the example of the record shown in FIG. 5, when performing user authentication regarding the service subscriber terminal 30 with the production number “F201501”, the image with the image file name “ID00001” is used and the image is captured. It means that the position is 130 degrees 44 minutes 30 seconds east longitude and 32 degrees 47 minutes 23 seconds north latitude, and the storage date and time of the image is 12:34:56 on January 1, 2013. Further, in the example of the record shown in FIG. 5, it means that the coordinates of the lower left vertex of the section 1 are (0, 50) and the coordinates of the upper right vertex are (50, 100). Further, in the example of the record shown in FIG. 5, it means that the coordinates of the lower left vertex of the section 2 are (50, 50) and the coordinates of the upper right vertex are (100, 100). Although not shown in the example of FIG. 5, according to the example shown in FIG. 3, the coordinates of the lower left vertex and the upper right vertex are set in the fields of the partition 3 and the partition 4, and the remaining partition 5 To the partition N, the value is blank or NULL. Further, in the example of the record shown in FIG. 5, this means that the figure “Δ” is registered as visual information in the section of the section number “2”. Although not shown in the example of FIG. 5, according to the example shown in FIG. 3, the graphic “N” is registered as visual information in the section of the section number “3”, and other visuals are displayed. In the fields of information 1 and visual information 4 to visual information N, the value is blank or NULL. Further, in the example of the record shown in FIG. 5, it means that the visual information existing in the section with the section number “2” is set in the key figure. Furthermore, in the example of the record shown in FIG. 5, a route passing through the sections in the order of section number “2”, section number “1”, section number “3”, section number “4”, and section number “2”. Means that it is set.

  In addition, although the case where the path | route which passes 5 divisions was set was illustrated in FIG. 5, the number of the divisions contained in a path | route is not limited to five. That is, the route may include an arbitrary number of partitions, and may include an arbitrary number of partitions having the same partition number. For example, a lower limit value can be set for the number of partitions set as a route, and a route whose number of partitions is less than the lower limit value is not set, and a route can be reset until the number of partitions is equal to or greater than the lower limit value. . By setting the lower limit value for the number of sections included in the route in this way, it is possible to suppress the setting of an excessively simple route, thereby improving the confidentiality of the route.

  The second receiving unit 17e is a processing unit that receives an authentication request.

  As an embodiment, the second reception unit 17 e is notified of an authentication request from the service provider terminal 50 when a predetermined operation is performed on the service provider terminal 50. For example, when an operation for bringing the service subscriber terminal close to the service provider terminal 50 is received, the service subscriber terminal and the service provider terminal 50 are connected by short-range wireless communication. For example, connection can be made by BLE (Bluetooth (registered trademark) Low Energy), NFC (Near Field Communication), or the like. In conjunction with this, an authentication request is notified from the service provider terminal 50 to the authentication server 10. After receiving the authentication request in this way, data is exchanged between the authentication server 10 and the service subscriber terminal 30 via the service provider terminal 50 until the user authentication is completed. Here, the case where the authentication information is input on the service subscriber terminal 30 is illustrated, but the authentication information may be input on the service provider terminal 50.

  When the authentication request is received in this way, the second reception unit 17e receives selection of an image used for user authentication. For example, the second reception unit 17e receives selection of an image used for user authentication in the same manner as the first reception unit 16a. For example, an image used for user authentication can be selected from thumbnails displaying a list of images stored in the service subscriber terminal 30.

  The visual information display unit 17 f is a processing unit that displays visual information on the service subscriber terminal 30.

  As one embodiment, the visual information display unit 17 f acquires an image file of the image from the service subscriber terminal 30 when the second reception unit 17 e receives an image selection. Subsequently, the visual information display unit 17 f reads a record that matches the image file name of the previously acquired image from the authentication information 13 a stored in the storage unit 13. In addition, the visual information display unit 17 f displays the meta information of the image file acquired from the service subscriber terminal 30 and the meta information regarding the image file included in the record of the authentication information 13 a read from the storage unit 13. A comparison is made to determine whether or not they match. For example, the visual information display unit 17f compares at least one item among longitude, latitude, and storage date / time. At this time, the visual information display unit 17f refers to the definition information of the section included in the record of the authentication information 13a read from the storage unit 13 when the meta information of both the image files matches, thereby visual information For each, the section corresponding to the visual information is specified as the display position of the partial image including the visual information. Then, the visual information display unit 17f joins the service by superimposing a partial image of the section including the visual information on the image for which selection of the image has been received by the second reception unit 17e according to the previously specified display position. Display on the operator terminal 30.

  The acquisition unit 17g is a processing unit that acquires position information for handwritten input.

  As one embodiment, when the visual information is displayed on the image by the visual information display unit 17f, the acquisition unit 17g waits for the start of handwriting input regarding the route. When the handwriting input is started, the acquiring unit 17g refers to the definition data of the section included in the record of the authentication information 13a read from the storage unit 13, and the section to which the start position of the handwritten input belongs. The partition number is registered in the work area of the internal memory. Thereafter, the acquisition unit 17g continuously executes the process of acquiring the position information of the handwritten input from the service subscriber terminal 30 until the handwritten input is completed.

  The second tracking unit 17h is a processing unit that tracks the position information of handwritten input in the same manner as the first tracking unit 16c.

  As one embodiment, the second tracking unit 17h allows handwriting input to be performed on a screen on which images and visual information are displayed on the service subscriber terminal 30 after the section number of the section to which the start position of handwriting input belongs is registered. The process of tracking the received coordinate position as position information is started. That is, the second tracking unit 17h identifies the section to which the position information belongs each time handwritten input position information is newly acquired by the acquisition unit 17g. In addition, the second tracking unit 17h changes the position information acquired from the service subscriber terminal 30 each time the transition is made to another section different from the section to which the position information acquired immediately before belongs. The partition number corresponding to the partition number is stored in the work area of the internal memory (not shown) in tandem with the partition number corresponding to the partition before the transition. Thereby, in the internal memory, the order in which the locus of the position information by handwriting input passes through the sections on the image is managed as a route. Thereafter, the second tracking unit 17h tracks the position information of the handwritten input until the handwritten input is completed.

  The authentication unit 17j is a processing unit that performs user authentication.

  As one embodiment, when the tracking of the position information of the handwritten input by the second tracking unit 17 h is completed, the authentication unit 17 j is read from the storage order of the section numbers stored in the internal memory, that is, the path, and the storage unit 13. It is determined whether or not the route included in the record of the authentication information 13a matches. Here, if the two routes match, the user who performed handwriting input of the route via the service provider terminal 50 is a user who has been given an account by the service provider, for example, a user who has registered authentication information, or It can be regarded as a related party. In this case, the authentication unit 17j determines that the result of the user authentication is OK and notifies the service provider terminal 50 of the authentication success. As a result, the service provider terminal 50 can start processing corresponding to the service. On the other hand, if the two routes are different, there is a high possibility that the user who performed handwriting input of the route via the service provider terminal 50 is a third party other than the user who has been given an account by the service provider. Therefore, the authentication unit 17j determines that the result of the user authentication is NG, and notifies the service provider terminal 50 of the authentication failure. As a result, the service provider terminal 50 can stop the processing corresponding to the service. In this case, the authentication unit 17j can limit the number of retries for user authentication using the same image from the viewpoint of suppressing damage caused by the brute force attack.

  FIG. 6 is a diagram illustrating an example of an input authentication information input method. For example, when an authentication request is received, the second receiving unit 17e displays a list of images stored in the service subscriber terminal 30 as thumbnails on the touch panel of the service subscriber terminal 30, as shown in FIG. Accordingly, the second reception unit 17e receives a selection of an image used for user authentication, in the illustrated example, the image 34 (S11).

  When the image 34 is selected in this way, the visual information display unit 17 f acquires the image file of the image 34 from the service subscriber terminal 30, and among the authentication information 13 a stored in the storage unit 13, the service subscriber terminal 30. The record that matches the image file name of the image 34 acquired from the above is read. At this time, if the image file name of the image 34 is “ID00001”, the authentication information record shown in FIG. 5 is read out. Subsequently, the visual information display unit 17f specifies a section corresponding to the visual information as the display position of the partial image including the visual information for each visual information of the graphic “Δ” and the graphic “N”. For example, in the case of the figure “Δ”, the figure “Δ” belongs to the section of the section number “2”. In this case, the partial image including the graphic “Δ” is created by associating the lower left vertex of the partial image including the graphic “Δ” with the coordinates (50, 50) of the lower left vertex of the block of the block number “2”. Is set to the position of the section C2 on the image 34 shown in FIG. Although the field of the figure “N” is omitted in FIG. 5, similarly, the coordinates of the lower left vertex of the partial image including the figure “N” and the lower left vertex of the section of the section number “3” ( 0, 0), the display position of the partial image including the graphic “N” is set to the position of the section C3 on the image 34 shown in FIG.

  As a result, as shown in S <b> 12 of FIG. 6, visual information of the graphic “Δ” and the graphic “N” is displayed on the service subscriber terminal 30 so as to overlap the image 34. Thereafter, when the start of handwriting input is accepted (S13), the second tracking unit 17h tracks the order in which the locus of the position information by handwriting input passes through the sections on the image as a route (S14). For example, in the example shown in FIG. 6, the locus of position information by handwriting input is the order of section number “2”, section number “1”, section number “3”, section number “4”, and section number “2”. Pass by. In this case, the path of the input authentication information is set as “2 → 1 → 3 → 4 → 2”. When such a route is acquired as the input authentication information, it matches the route “2 → 1 → 3 → 4 → 2” of the registration authentication information included in the authentication information record shown in FIG. The result is determined to be OK.

  In this way, in this embodiment, instead of the authentication information patterned according to the standard like the character code of the password, a path whose start point, end point, and relay point are unknown to the third party is used as the authentication information. The confidentiality of authentication information is increased. In addition, it is possible to suppress variations in the quality of authentication information input by the same person due to injury or illness. Therefore, the safety regarding user authentication can be improved.

  In addition, in this embodiment, visual information including a key figure drawn at the time of registration when inputting user authentication is displayed on an image used for user authentication. For this reason, even if the user does not strictly remember the handwritten input of the route, the handwritten input can be started aiming at the key figure, so that the handwritten input can be assisted at the start of inputting the route.

  Furthermore, in this embodiment, authentication information is registered or input by handwritten input on a screen such as a touch panel as compared to password authentication using an operation device such as a numeric keypad or biometric authentication using an image sensor. Or For this reason, in this embodiment, authentication information can be input by means having a higher affinity with the user's sensibility than existing authentication methods.

[Process flow]
Next, a processing flow of the authentication server 10 according to the present embodiment will be described. Here, after (1) registration processing executed by the authentication server 10 is described, (2) authentication processing will be described.

(1) Registration Processing FIG. 7 is a flowchart illustrating a registration processing procedure according to the first embodiment. This process is started when an authentication information registration request is received from the service subscriber terminal 30. As shown in FIG. 7, when receiving a registration request for authentication information from the service subscriber terminal 30 (step S101), the first receiving unit 16a receives selection of an image used for user authentication (step S102).

  In addition, the first receiving unit 16a receives the drawing of visual information at any location on the image selected in Step S102 by handwriting input (Step S103). Then, the dividing unit 16b divides the image into a plurality of sections by labeling the visual information drawn in step S103 (step S104). Subsequently, the dividing unit 16b assigns a section number for identifying the section to each section obtained by the division in step S104 (step S105).

  Thereafter, the first tracking unit 16c waits for the start of handwriting input relating to the route (step S106). When the handwriting input is started (Yes in step S107), the first tracking unit 16c determines whether the start position of the handwriting input overlaps with any of the visual information drawn on the image. Is determined (step S108). When handwriting input is not started (No at Step S107), the process returns to Step S106 and waits for the start of handwriting input regarding the route.

  At this time, when the start position of handwriting input does not overlap with any visual information (step S108 No), the first tracking unit 16c sends a message prompting to start handwriting input on any visual information to the service subscriber terminal. 30, and the process returns to step S106.

  On the other hand, when the start position of handwriting input overlaps with any visual information (step S108 Yes), the first tracking unit 16c uses the visual information that overlaps the start position of handwriting input among the visual information drawn on the image as a key figure. And the section to which the key figure belongs is set as the starting point of the route (step S109).

  Thereafter, the first tracking unit 16c obtains handwritten input position information from the service subscriber terminal 30 (step S110). In addition, the first tracking unit 16c determines whether or not the position information acquired in step S110 transitions to another section different from the section to which the position information acquired one time before belongs (step S110). S111).

  When the transition is made to another partition (step S111 Yes), the first tracking unit 16c adds the partition number corresponding to the partition after the transition to the work area of the internal memory along with the partition number corresponding to the partition before the transition. (Step S112). On the other hand, when it does not transition to another section (step S111 No), the above step S112 is skipped and the process proceeds to step S113. Thereafter, the processes from step S110 to step S112 are repeatedly performed until the handwriting input is completed (No in step S113).

  After that, when the handwriting input is completed (Yes at Step S113), the registration unit 16d displays the image selected at Step S102, the visual information drawn at Step S103, the section obtained by the division at Step S104, and Steps S109 to S109. The record of the authentication information in which the key figure and the path obtained by the handwritten input regarding the path in step S113 are associated is registered in the storage unit 13 as the authentication information 13a (step S114).

  Finally, the registration unit 16d performs data other than the image selected in step S102, that is, the visual information drawn in step S103, the section obtained by the division in step S104, and the handwriting related to the route in steps S109 to S113. The service subscriber terminal 30 is made to delete the key figure and path | route obtained by input (step S115), and a process is complete | finished.

(2) Authentication Process FIG. 8 is a flowchart illustrating the procedure of the authentication process according to the first embodiment. This process is started when an authentication request is received from the service provider terminal 50. As shown in FIG. 8, when an authentication request is received from the service provider terminal 50 (step S301), the second receiving unit 17e receives selection of an image used for user authentication (step S302).

  Subsequently, the visual information display unit 17f reads a record that matches the image file name of the image selected in step S302 from the authentication information 13a stored in the storage unit 13 (step S303).

  In addition, the visual information display unit 17f visually determines according to the display position of the section to which each piece of visual information specified by referring to the definition information of the section included in the record of the authentication information 13a read in step S303 belongs. The partial image including the information is displayed on the service subscriber terminal 30 so as to be superimposed on the image selected in step S302 (step S304).

  Thereafter, the acquisition unit 17g waits for the start of handwriting input regarding the route (step S305). When the handwriting input is started (Yes at Step S306), the acquisition unit 17g refers to the definition data of the section included in the record of the authentication information 13a read at Step S303, and the start position of the handwriting input is The partition number of the partition to which it belongs is registered in the work area of the internal memory as the starting point of the route (step S307).

  When the handwritten input position information is newly acquired from the service subscriber terminal 30 (step S308), the second tracking unit 17h acquires the previous section to which the position information acquired in step S308 belongs. It is determined whether or not a transition is made to another section different from the section to which the position information belongs (step S309).

  At this time, when transitioning to another partition (step S309 Yes), the second tracking unit 17h links the partition number corresponding to the partition after the transition to the partition number corresponding to the partition before the transition to the work area of the internal memory. It adds (step S310). On the other hand, when it does not transition to another section (step S309 No), the above step S310 is skipped and the process proceeds to step S311. Thereafter, the processes from step S308 to step S310 are repeatedly executed until the handwriting input is completed (No in step S311).

  After that, the authentication unit 17j determines whether or not the passage order of the partition numbers stored in the internal memory, that is, the route, and the route included in the record of the authentication information 13a read in step S303 match. (Step S312).

  Here, if the two routes match (Yes in step S313), the user who entered the route by handwriting via the service provider terminal 50 registers the user to whom the account is given by the service provider, for example, authentication information. Can be regarded as a related user or a related party. In this case, the authentication unit 17j determines that the result of user authentication is OK, notifies the service provider terminal 50 of successful authentication (step S314), and ends the process.

  On the other hand, if the two routes are different (No in step S313), there is a possibility that the user who performed handwriting input of the route via the service provider terminal 50 is a third party other than the user who has been given an account by the service provider. Rise. Therefore, the authentication unit 17j determines that the result of the user authentication is NG, notifies the service provider terminal 50 of the authentication failure (step S315), and ends the process.

[One aspect of effect]
As described above, the authentication server 10 according to the present embodiment is positioned via the handwritten input received on the screen on which visual information such as characters, symbols, or graphics is displayed superimposed on the image specified by the service subscriber. A route determined by the locus of information is used as authentication information. In this way, instead of authentication information patterned according to the standard like the character code of the password, a path whose start point, end point, and relay point are unknown to the third party is used for authentication information. Increases nature. In addition, it is possible to suppress variations in the quality of authentication information input by the same person due to injury or illness. Therefore, according to the authentication server 10 which concerns on a present Example, the safety regarding user authentication can be improved.

  Although the embodiments related to the disclosed apparatus have been described above, the present invention may be implemented in various different forms other than the above-described embodiments. Therefore, another embodiment included in the present invention will be described below.

[Application example of route]
In the first embodiment, the case where the passage order of the partition numbers is used as the route is exemplified. However, the route may be defined using a route other than the passage order of the partition numbers. For example, the authentication server 10 can also use the passage order of visual information as a route. FIG. 9 is a diagram illustrating an application example of a route. FIG. 9 illustrates a case where three pieces of visual information of the figure “Δ”, the figure “N”, and the figure “◯” are drawn on the image. Under such visual information drawing, when the locus of position information of handwritten input is as shown in FIG. 9, the order of passage of visual information is in the order of graphic “Δ”, graphic “N”, graphic “◯”. Become. By comparing the passage order of such visual information between the time of registration and the time of entry, it is possible to determine the match of the route as in the first embodiment, and obtain the same effect as in the first embodiment. Can do.

[Move key figure (1)]
In the first embodiment, the case where the path is specified by tracking the position information of the handwritten input is exemplified. However, the path may be specified by tracking the movement of the key figure overlapping the start position of the handwritten input. it can.

  FIG. 10 is a diagram illustrating an application example of the tracking method. The upper part of FIG. 10 shows a situation in which the handwritten input start position overlaps with the key figure “Δ” of the section number “2” and the section of the section number “2” is highlighted. Under such circumstances, the authentication server 10 moves the indication of the key figure “Δ” according to the locus of the position information of handwritten input.

  Here, in the first embodiment, the authentication server 10 only needs to track one point on the handwritten input image. However, in the example illustrated in FIG. 10, it is not always necessary to track one point. Absent. For this reason, the authentication server 10 sets an area of an arbitrary shape including the key figure “Δ”, in the illustrated example, a rectangle 40 as shown in the lower part of FIG. Then, the authentication server 10 specifies the coordinates of the uppermost point T, the coordinates of the rightmost point R, the coordinates of the leftmost point L, and the coordinates of the lowermost point B from the rectangle 40. For example, in the lower example of FIG. 10, the coordinates of the uppermost point T after movement are specified as (55, 95), the coordinates of the rightmost point R are specified as (70, 60), The coordinates of the leftmost point L are specified as (45, 60). In the lower part of FIG. 10, since the Y coordinate of the rightmost point R and the leftmost point L have the same value, the coordinate of the lowermost point B is set to (any, 60).

  In addition, the authentication server 10 determines that for each end point included in the rectangle of the key figure moved according to the position information acquired from the service subscriber terminal 30, the section to which the coordinates of the end point belong is the end point one hour before that point. It is determined whether or not a transition is made to another section that is different from the section to which the coordinate of belongs. Then, when any one of the end points makes a transition to another section, the authentication server 10 additionally registers the section after the transition in the internal memory. Thereby, even when the sign of the key figure is moved, the route can be specified. Thus, when the sign of the key figure is moved according to the locus of the position information of the handwritten input, the position of the handwritten input recognized by the authentication server 10 can be presented to the user by the sign of the key figure.

[Move key figure (2)]
As shown in FIG. 10, when the key figure marking is moved on the image, a plurality of end points may transition to another section different from the section one hour before. Even in such a case, erroneous recognition of the passing order of the sections can be reduced.

  FIG. 11A is a diagram illustrating a movement example of the marking of the key figure. FIG. 11B is a diagram illustrating an example of a traveling direction and a section after transition. FIG. 11A shows a case where the coordinates of the leftmost point L and the coordinates of the lowermost point B transition to another section. In this way, when the plurality of end points transition to another section different from the section one hour before, the authentication server 10 determines the coordinates of the uppermost point T, the coordinates of the rightmost point R, and the leftmost point L. The coordinates and the coordinates of the lowermost point B are connected by a line segment, and the intersection of the diagonal lines is set as the midpoint of the key figure. Then, the authentication server 10 uses the above midpoint as a reference, for example, a movement angle of “0 degree”, and divides it at a predetermined angle, for example, 45 degrees, as shown in FIGS. In addition, the authentication server 10 determines the traveling direction represented by the line segment connecting the position information acquired from the service subscriber terminal 30 and the position information acquired a predetermined number of times, for example, one time before the position information. An angle, that is, an angle in the direction of traveling from the previous time to the current time is obtained, and the post-transition section is specified depending on which of the above ranges (A) to (D) the angle θ of the traveling direction corresponds to . That is, when the angle θ in the traveling direction falls within the range (A), the authentication server 10 determines the section into which the leftmost point L enters as the section after the transition. When the angle θ in the traveling direction falls within the range (b), the section where the uppermost point T enters is determined as the section after the transition. If the angle θ in the traveling direction falls within the range (c), the section where the rightmost point R enters is determined as the section after the transition. If the angle θ in the traveling direction falls within the range (d), the section where the lowermost point B enters is determined as the section after the transition. As a result, erroneous recognition of the passing order of the sections can be reduced.

[Division pattern]
In the first embodiment, the case where the route is specified from the section in which the image is divided into four equal parts is illustrated. However, the route is not limited to the example of the equal division, and the route can be similarly specified even when the image is not equally divided. . 12 and 13 are diagrams illustrating another example of the division result. The upper part of FIG. 12 shows four sections C1 to C4 in which an image is divided by a figure with a balloon framed. Of these, the figure included in the section C2 is a key figure. ing. Under such circumstances, when the locus of position information of handwritten input is as shown in the lower part of FIG. 12, the route can be specified as “2 → 1 → 2 → 4 → 3”. 13 shows four sections C1 to C4 in which an image is divided by three substantially circular figures and one substantially elliptic figure, and is included in the section C4. The case where the figure is a key figure is shown. Under such circumstances, when the locus of the position information of handwritten input is as shown in the lower part of FIG. 13, the route can be specified as “4 → 3 → 4 → 1 → 2”.

[Authentication information storage format]
In the first embodiment, the case where the authentication information is stored in the storage unit 13 in a table format has been exemplified. However, the authentication information stored in the storage unit 13 can be stored in an arbitrary format. For example, the authentication server 10 binarizes the image data selected by the service subscriber terminal 30 to convert it into a hexadecimal character string, and gives a registration order to the character string converted into the hexadecimal number. Then, the authentication server 10 assigns the number of strokes of the graphic in the image data to the above character string, and further indicates the start position (coordinate information) and the drawn direction (vector information) of the drawn graphic. The position information and date and time when the image data is created are assigned to the image data, and the position information is further assigned to the character string. These processes are performed for the registered image data, and a file name is given to the head of the created character string and registered in the database.

[Distribution and integration]
In addition, each component of each illustrated apparatus does not necessarily have to be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. For example, the visual information display unit 17f, the acquisition unit 17g, the second tracking unit 17h, or the authentication unit 17j may be connected as an external device of the authentication server 10 via a network. Further, the functions of the authentication server 10 described above are realized by having different devices each having the visual information display unit 17f, the acquisition unit 17g, the second tracking unit 17h, or the authentication unit 17j and connected to each other through a network. You may do it.

[Authentication Program]
The various processes described in the above embodiments can be realized by executing a prepared program on a computer such as a personal computer or a workstation. In the following, an example of a computer that executes an authentication program having the same function as that of the above-described embodiment will be described with reference to FIG.

  FIG. 14 is a diagram illustrating a hardware configuration example of a computer that executes the authentication program according to the first and second embodiments. As illustrated in FIG. 14, the computer 100 includes an operation unit 110a, a speaker 110b, a camera 110c, a display 120, and a communication unit 130. Further, the computer 100 includes a CPU 150, a ROM 160, an HDD 170, and a RAM 180. These units 110 to 180 are connected via a bus 140.

  As shown in FIG. 14, the HDD 170 stores an authentication program 170a that exhibits the same functions as the visual information display unit 17f, the acquisition unit 17g, the second tracking unit 17h, and the authentication unit 17j described in the first embodiment. Is done. This authentication program 170a may be integrated or separated as in the components of the visual information display unit 17f, the acquisition unit 17g, the second tracking unit 17h, and the authentication unit 17j shown in FIG. That is, the HDD 170 does not necessarily have to store all the data shown in the first embodiment, and data used for processing may be stored in the HDD 170.

  Under such an environment, the CPU 150 reads the authentication program 170 a from the HDD 170 and expands it in the RAM 180. As a result, the authentication program 170a functions as an authentication process 180a as shown in FIG. The authentication process 180a expands various data read from the HDD 170 in an area allocated to the authentication process 180a in the storage area of the RAM 180, and executes various processes using the expanded various data. For example, the processes shown in FIGS. 7 to 8 are included as an example of the processes executed by the authentication process 180a. Note that the CPU 150 does not necessarily operate all the processing units described in the first embodiment, and the processing unit corresponding to the process to be executed may be virtually realized.

  Note that the authentication program 170a is not necessarily stored in the HDD 170 or the ROM 160 from the beginning. For example, each program is stored in a “portable physical medium” such as a flexible disk inserted into the computer 100, so-called FD, CD-ROM, DVD disk, magneto-optical disk, or IC card. Then, the computer 100 may acquire and execute each program from these portable physical media. In addition, each program is stored in another computer or server device connected to the computer 100 via a public line, the Internet, a LAN, a WAN, etc., and the computer 100 acquires and executes each program from these. It may be.

DESCRIPTION OF SYMBOLS 1 Authentication system 10 Authentication server 11 Communication I / F part 13 Memory | storage part 13a Authentication information 15 Control part 16a 1st reception part 16b Division | segmentation part 16c 1st tracking part 16d Registration part 17e 2nd reception part 17f Visual information display part 17g Acquisition part 17h Second tracking unit 17j Authentication unit 30 Service subscriber terminal 50 Service provider terminal

Claims (4)

In a method for authenticating a user of a terminal having a display screen,
The visual information of any of characters, symbols or figures drawn by a user operation , the display position of the visual information on the display screen, and the visual information on the display screen are separated, and the visual information is The visual information corresponding to the user of the terminal is obtained by referring to a storage unit that stores, for each user , the passage order of the sections divided by the boundary line set so as to pass through a non-existing location. Processing to display at the display position on the display screen corresponding to the user;
Processing for acquiring time-series information of the position of an object moving on the display screen in which the visual information is displayed at the display position;
An authentication method in which a process of authenticating the user is executed by a computer based on an order in which the trajectory of the time-series information of the position of the object passes through a section divided by the boundary line of the display screen . The computer is
Processing to move and display the visual information whose position overlaps with the object according to the time-series information of the acquired position of the object;
Further performing a time-series tracking of the movement of the visual information whose position overlaps with the object,
2. The authentication process according to claim 1, wherein the authentication process authenticates the user based on an order in which a trajectory of the visual information tracked in time series passes through a section divided by the boundary line. Authentication method. In a user authentication program for a terminal having a display screen,
The visual information of any of characters, symbols or figures drawn by a user operation , the display position of the visual information on the display screen, and the visual information on the display screen are separated, and the visual information is The visual information corresponding to the user of the terminal is obtained by referring to a storage unit that stores, for each user , the passage order of the sections divided by the boundary line set so as to pass through a non-existing location. Processing to display at the display position on the display screen corresponding to the user;
Processing for acquiring time-series information of the position of an object moving on the display screen in which the visual information is displayed at the display position;
An authentication program for causing a computer to execute a process of authenticating the user based on an order in which a trajectory of time-series information of the position of the object passes through a section divided by the boundary line of the display screen . In a terminal user authentication device having a display screen,
The visual information of any of characters, symbols or figures drawn by a user operation , the display position of the visual information on the display screen, and the visual information on the display screen are separated, and the visual information is The visual information corresponding to the user of the terminal is obtained by referring to a storage unit that stores, for each user , the passage order of the sections divided by the boundary line set so as to pass through a non-existing location. A visual information display unit to be displayed at the display position on the display screen corresponding to a user;
An acquisition unit for acquiring time-series information of the position of an object moving on the display screen on which the visual information is displayed at the display position;
An authentication apparatus comprising: an authentication unit that authenticates the user based on an order in which a trajectory of the time-series information of the position of the object passes through a section divided by the boundary line of the display screen .

Images