JPH04195656A - Password management system - Google Patents

Abstract

PURPOSE:To set a safe password by detecting identification information where a corresponding password is not registered from a registration means and displaying the result. CONSTITUTION:A computer system which is equipped with the registration means 101 for registering a password corresponding to user identification information and certifies the utilization qualification of the user when the registered password is inputted refers to the registration means 101 by a detecting means 111 and automatically detects the identification information where the corresponding password is not registered among pieces of registered identification information. Then a 1st display means 121 makes a display indicating that the corresponding user does not register the password. Consequently, the user who does not register the password is urged to register the password.

Description

[Detailed description of the invention] [Table of contents] Overview Industrial field of application Conventional technology Problems to be solved by the invention Means for solving the problems (Fig. 1) Working examples (Figs. 2 to 7) ) Effects of the invention [Summary] Regarding the password management method of a computer system that verifies user qualifications using passwords, it is possible to set a safe password for an unspecified number of users without increasing the burden on the operator. The system is equipped with a registration means for registering a password in accordance with the user's identification information, and in response to the input of the registered password, the computer system recognizes the user's usage qualifications and responds from the registration means. The present invention is configured to include a detection means for detecting identification information for which no password is registered, and a first display means for displaying a detection result by the detection means.

In addition, the system is equipped with a registration means for registering a password corresponding to the user's identification information, and in response to input of the registered password, a password candidate corresponding to the user is registered in the computer system that recognizes the user's usage qualifications. The device includes a testing device that tests the security of each password based on the results of comparing passwords registered in the device, and a second display device that displays the test results of the testing device.

[Industrial Application Field] The present invention relates to a password management method for a computer system that verifies user qualifications using a password.

In recent years, with the rapid spread of computers, an unspecified number of users have come to use computer systems. As a method for confirming usage qualifications for an unspecified number of users, a method is usually used in which passwords are verified and if they match, access to the computer system is permitted.

However, general users have little interest in protecting confidential information, so if the setting of passwords is left to the users, they may not set a password or set a simple password such as their name or birthday. there's a possibility that.

For this reason, there is a need for a password management method that not only increases users' awareness of security protection, but also confirms whether a password has been set and the security of the password in computer systems.

[Conventional technology]

In a computer system, the password set by the user is the user's identification information (user ID).
) will be registered in the password file. Also,
When a user attempts to log in to a computer system, the qualification verification unit of the computer system checks the password entered along with the identification information and the password corresponding to the identification information in the password file, and if they match, It is structured to recognize usage qualifications.

Conventionally, a person in charge of operating a computer system reads the contents of the above-mentioned password file using a predetermined command, and then looks at a list showing the correspondence between user identification information and passwords displayed on the display. , it checked whether each user had set a password.

In addition, an operations person may use a management command or the like to search for identification information for which a password has not been set in the password file and discover the corresponding user.

[Problem to be solved by the invention]

By the way, in the conventional method described above, management of passwords is left to the person in charge of operations. However, as described above, the task of looking at the list of users and checking whether a password has been set is complicated. In addition, in computer systems used by an unspecified number of users,
Since new users are often registered and user qualifications change, and the number of users is constantly changing, it is necessary to check frequently. Furthermore, it was necessary to instruct users who had not yet set a password how to set one, which placed a heavy burden on the operations staff.

On the other hand, if the users of the computer system are limited, the burden on the operator as described above can be reduced, but the effects of introducing the computer system cannot be obtained.

Furthermore, when displaying the password file using the above-mentioned predetermined command, the individual's password is encrypted. This is to improve the security of the system by not revealing the password even to the operator. However, for this reason, the conventional method described above only checks whether a password has been set, and cannot confirm the security of the set password.

It is also necessary to educate users about the protection of confidential information in computer systems and instruct them to set passwords that are highly secure and difficult to break.

An object of the present invention is to provide a password management method that prompts an unspecified number of users to set highly secure passwords without increasing the burden on the person in charge of operations.

[Means to solve the problem]

FIG. 1 is a block diagram of the principle of the present invention.

In FIG. 1(a), the invention of claim 1 provides a registration means 101 for registering a password in correspondence with user identification information.
A computer system that recognizes a user's usage qualifications in response to input of a registered password, and is configured to include the following means.

The detection means 111 detects identification information for which a corresponding password is not registered from the registration means 101.

The first display means 121 displays the detection result by the detection means 111.

In FIG. 1(b), the invention of claim 2 provides a registration means 101 for registering a password in correspondence with user identification information.
A computer system that recognizes a user's usage qualifications according to the input of a registered password, and is configured to include the following means.

The verification means 131 tests the security of the password based on the result of comparing the password candidate corresponding to the user with the password registered in the registration means 101.

The second display means 141 displays the test result by the test means 131.

[Function] In the invention of claim 1, the detecting means 111 refers to the registering means 101 and automatically detects the registered identification information for which the corresponding password is not registered. Since the first display means 121 displays that the corresponding user has not registered a password, the user who has not registered a password can be prompted to register a password.

In the second aspect of the invention, the verification means 131 compares the password candidate corresponding to the user with the password registered in the registration means 101.

Here, if the above-mentioned password candidate matches the registered password, this indicates that the corresponding password can be easily discovered by a third party, that is, unauthorized use by a third party cannot be ruled out. The verification means 131 is
Such a password may be considered a password with low security.

In response, the second display means 141 displays that the security of the password of the corresponding user is low, so users who have registered passwords with low security are prompted to change their passwords. can be encouraged.

〔Example〕

Hereinafter, embodiments of the present invention will be described in detail based on the drawings.

FIG. 2, FIG. 6, and FIG. 7 show the configuration of an embodiment of a computer system to which the password management method of the present invention is applied.

Here, the correspondence between FIG. 1 and the embodiment will be explained.

The registration means 101 corresponds to the password file 211.

The detection means 111 corresponds to the succession section 221 and the determination section 222.

The first display means 121 includes a password management table 241
, message creation section 252 and CRT display 253
corresponds to

The verification means 131 corresponds to a personal information file 231, a password creation section 232, a verification section 233, and a verification control section 234.

The second display means 141 includes a password management table 241
, message creation section 252 and CRT display 25
This corresponds to 3.

Assuming that the above-mentioned correspondence exists, the configuration and operation of the embodiment will be described below.

In FIG. 2, a password file 211 and a search unit 2
12 and the comparison section 213 constitute a usage permission section 210.

As shown in FIG. 3, the password file 211 includes
User identification information fTANAKAJ, IrYAMA
MOTOJ, rsArroJ, rM[J
RATJ kJ[sL,”'C, password rs30.
03.09. , ff1cHIROUJ, r
1357J.

rjIRoJ are registered, and the search unit 212
From this password file 211, the keyboard 2
The configuration is such that the password corresponding to the identification information input through 01 is searched.

Further, the password searched by the search unit 212 is input to the comparison unit 213 and compared with the password input via the keyboard 201. Usage permission section 21
0 is configured to determine whether or not to permit the user to log in, depending on the comparison result by the comparison unit 213.

In addition, in FIG. 2, the password file 2 mentioned above is
11, and a determination unit 222 that determines whether or not the information read out by the serialization unit 221 includes a password. It constitutes Means III,
It is configured to detect users who have not set a password.

The above-mentioned successive section 221 uses the keyboard 201 to
The configuration is such that the read operation is started when the operator inputs a detection instruction.

For example, the reading unit 221 reads user identification information rsU.
If the information corresponding to Z[JKIJ is read, the determination unit 222 described above determines that a password has not been set. In this way, a user who has not set a password is detected, and identification information of the corresponding user is output.

On the other hand, when determining that a password has been set, the determination unit 222 described above inputs the corresponding identification information to the verification means 131. In response to this number, a password verification operation is performed by the verification means 131 comprised of a personal information file 231, a password generation section 232, a verification section 233, and a verification control section 234.

Here, the personal information file 231 mentioned above contains the user's name and date of birth, as shown in FIG.

Personal information such as telephone numbers is stored in correspondence with identification information.

The test control unit 234 instructs the password creation unit 232 to create a test password by specifying the identification information input by the determination unit 222 described above.

In response to this, the password creation unit 232 sequentially reads personal information corresponding to the specified identification information from the personal information file 231 described above, creates a test password based on this personal information, and sends it to the verification unit. 233.

At this time, the above-mentioned verification control unit 234 specifies the input identification information and instructs the verification unit 233 to verify the password.

In response to this, the verification unit 233 checks the password file 2.
11, a password registered corresponding to the specified identification information is obtained, and this password is compared with each of the test passwords sequentially created by the password creation section 232.

For example, the verification control unit 234 uses the identification information “TANA
When KA J is designated, the password creation unit 232 creates the password for the test, 2. W-F r ICHROUj,
r 1234j.

rs30.03.09 J is created sequentially, and matching unit 2
33. In this case, the password creation section 23
2, test password rs30.03.09
When J is output, the matching unit 233 determines that the password and the verification password match.

As described above, when the verification unit 233 determines that the password and the test password match, the test control unit 234 determines that the corresponding password cannot be excluded from unauthorized use by a third party. However, it is sufficient to determine that the security of this password is low.

In this way, the verification means 131 verifies the password, and the identification information rTANAKAJ, rYA
MAMOTOJ, Ir5AITO] registered password fs30.03.09p,
Since both trTAKAOJ and r1357j match the above-mentioned verification password, the security of these passwords is considered to be low. On the other hand, identification information rl'
Since the password corresponding to 1URATAJ does not match the verification password created by the password creation unit 232, the security of this password' is considered to be high.

The test result by this test means 131 and the detection result by the above-mentioned detection means 111 are the password management table 2.
41 corresponding to the identification information.

As shown in FIG. 5, this password management table 241 is composed of an identification information section, a setting flag indicating whether a password has been set, and a safety flag indicating whether the set password is highly secure. There is. For example, when the determination unit 222 of the above-mentioned detection means [1] determines that a password has not been set, it sets a logic "1" to the setting flag of the corresponding identification information, and if a password has been set, It is sufficient to set the logic "0". Additionally, when the verification control unit 234 determines that the security of the password is low, it sets a logical "l" in the safety flag corresponding to the identification information, and when it determines that the security of the password is high. It is sufficient to set a logic "0" to the flag.

Based on this password management table 241, a message prompting the user to set a password is displayed by the display means 121 consisting of an explanation information storage section 251, a message creation section 252, and a CRT display (CRT) 253.

Here, the explanatory information storage unit 251 may store, as know-how for password setting, information indicating that passwords based on personal information are easy to break, examples of passwords that are difficult to break, and information on how to create them. .

The operation of creating display information by the message creating section 252 described above will be described below.

The usage permission unit 210 described above determines the usage qualification of the user *t
XL and when permission is given to use, the user's identification information is input to the message creation section 252 of the display means 121.

In response to this, the message creation unit 252 first determines if the logic ``1'' is set in the setting flag that refers to the setting flag and safety flag corresponding to the corresponding identification information in the password management table 241 described above. Then, the message creation unit 252 creates display information by adding the contents of the explanation information storage unit 252 described above to the message prompting for setting a password.Furthermore, if the safety flag is set to logic “1”, , the message creation unit 252 is
Display information is created by adding the contents of the explanation information storage section 252 described above to a message prompting a password change.

Further, the message creation unit 252 manually inputs the created display information to the CRT display 253, and accordingly displays the created display information on the CRT display 253.
The RT display 253 displays the above-mentioned message and know-how regarding password setting.

For example, the setting flag corresponding to the identification information "FSUZUKI" is set to logic 'B', so if a login by a user with this identification information is permitted,
A message prompting the user to set a password is displayed on the CRT display 253 along with know-how regarding password setting.

Also, m-specific information 1rTANAKAJ, lrYAM
Since the safety flags corresponding to AMOTOJ and rsAITOJ are set to logic "°1", if a login by a user with these identification information is permitted, the CRT display 253 will prompt the user to change the password. A message is displayed along with the know-how regarding the settings of the bather F.

In this way, users who have not set a password or users who have set a simple password are detected, and a message is displayed when the corresponding user logs in to prompt the user to set a password. and encourage change.

As a result, even in computer systems used by an unspecified number of users, it is possible to increase the security of each user's password without increasing the burden on the operation staff, so that passwords can be protected by third parties. It won't be discovered. Therefore, it is possible to protect confidential information by eliminating unauthorized use by persons who are not qualified to use it.

In addition, by displaying know-how for setting highly secure passwords along with messages prompting users to set and change passwords, the system provides users with know-how on setting passwords and increases user interest in protecting confidential information. can be increased.

Further, as shown in FIG. 6, the computer system includes a timer 611 that outputs a detection instruction at predetermined time intervals. However, the configuration may be such that a user who has not set a password is detected at a predetermined time interval.

In this case, the security of passwords already registered in the password file 211 is tested at predetermined time intervals.

In this way, users who have not set a password or users who have set a simple password can be detected at predetermined time intervals and prompted to set or change a password. As a result, it is possible to constantly grasp the setting status of users' passwords that change over time, and to effectively manage the passwords of an unspecified number of users.

In addition, a counter corresponding to each piece of identification information is provided in the password management table 241, and the number of times the setting flag and the safety flag are set to logic "1" by the determination section 222 and the verification control section 234 described above is counted. The message may be changed depending on the count value of the counter.

In this case, as shown in FIG.
The message storage section 254 includes a message storage section 254 that stores several types of messages for prompting password setting and change, and the message creation section 252 selects a valid message from the message storage section 254 according to the count value of the counter described above. And it is sufficient. Here, the message storage section 254 contains a message that politely urges the user to set or change a password, or a message that urges the user to set or change a password in a more stern tone, as well as a message that reads, ``If you do not set or change your password, your qualifications will be deleted.'' All you have to do is store your ultimatum.

As a result, if a user is having trouble setting a password, it is possible to prompt the user to set a password using a more stern message, thereby impressing on the user the importance of setting a password, and to inform the user of the information in the computer system. Users can be enlightened regarding safety.

〔Effect of the invention〕

As described above, according to the present invention, users who have not registered a password and users who have registered an easy password are detected, and a message to that effect is displayed, thereby making it easier for the person in charge of operating the computer system. Since it is possible to prompt an unspecified number of users to register and change their passwords without increasing the burden, it is possible to increase the security of each user's password and prevent those who are not qualified to use the service. It is possible to prevent unauthorized use of information and protect confidential information. It can also be expected to make users more aware of the importance of setting secure passwords in protecting confidential information.

[Brief explanation of the drawing]

FIG. 1 is a block diagram of the principle of the present invention; FIGS. 2, 6, and 7 are configuration diagrams of a computer system using the password management method of the present invention; FIG. 3 is a diagram showing the configuration of a password file; FIG. 4 is a diagram showing the structure of the personal information file, and FIG. 5 is a diagram showing the structure of the password management table. In the figure, 10] is a registration means, 111 is a detection means, 121 is a first display means, 131 is a verification means, 141 is a second display means, 201 is a keyboard, 210 is a usage permission section, 211 is a password file, 212 is a Search section, 213 is a comparison section, 221 is a continuation section, 222 is a judgment section, 231 is a personal information file, 232 is a password creation section, 233 is a verification section, 234 is a verification control section, 241 is a password management table, 251 is an explanation 252 is a message creation unit; 253 is a CRT display (CRT); 254 is a message storage unit; 611 is a timer. Figure 1: A block diagram of the principle of the present invention. Figure 1: Embodiment of a computer system using the password management method of the present invention. Figure 2: The configuration of a password file. Figure 3: The configuration of a personal information file. Figure 4: Password management FIG. 5 shows the configuration of the table. FIG. 6 is a configuration diagram of an embodiment of a computer system using the password management method of the present invention. FIG. 7 is a configuration diagram of an embodiment of a computer system using the password management method of the present invention.

Claims (2)

[Claims] (1) In a computer system comprising a registration means (101) for registering a password in correspondence with the user's identification information, and recognizing the usage qualification of the user according to the input of the registered password, the registration means (101) ) detecting means (111) for detecting identification information for which a corresponding password is not registered; and a first detecting means (111) for displaying the detection result by the detecting means (111).
1. A password management method comprising: a display means (121). (2) A computer system that is equipped with a registration means (101) for registering a password corresponding to the user's identification information, and that recognizes the user's usage qualifications according to the input of the registered password, corresponding to the user. password candidate and the registration means (
Testing means (13) that tests the security of the password based on the results of comparing it with the password registered in
1), and a second display device for displaying the test results obtained by the test means (131).
1. A password management method comprising: a display means (141).