KR20200000776A - Gesture user authentication method and computer program using Touch and Sliding - Google Patents

Abstract

Disclosed is a user authentication method in which a password is set and input using touch and sliding gestures. According to the present invention, the user authentication method relates to a security technology of a device that uses the rhythmical sense and intuitive elements of a combination of touch and sliding to make it easy and fun for users to use and uses user gestures that exclude visual information as authentication information to completely block hacking and keylogging due to exposure by using user gestures that exclude visual information as authentication information. The user authentication method may comprise the steps of: setting a password input screen; setting a password input area; setting a touch password; and generating user authentication information using these pieces of information.

Description

Gesture user authentication method and computer program using Touch and Sliding}

The present invention relates to a user authentication method, and more particularly, to a method and a computer program for performing a user authentication process by setting and inputting a password using a touch and a sliding gesture.

The use of numbers and letters as passwords is not only difficult for users to remember passwords, but also vulnerable to hacking such as ambient exposure, and the use of numbers or letters is difficult. Started. However, due to speculative hacking caused by pattern marks on liquid crystals and security vulnerabilities due to ambient exposure, they are not widely used in financial and fintech.

Graphical User Authentication (GUA) systems using photographs and pictures have been studied as new security technologies, but they have not been activated due to the development of technology that is highly secure and easy to use.

The main reason why the graphic password is difficult to implement using a photo image is that the composition of the photo image itself is implemented by connecting to a smooth connection surface without a clear boundary line, rather than a clear line. This is because you cannot specify exactly (point or pixel).

As can be seen in Figure 1, more than 3 million pixels are usually used to represent a single general photographic image. In this picture, it is difficult to implement because after selecting a specific point out of 3 million, the point cannot be reselected correctly.

As an alternative to this, a method using a grid system for dividing a section constantly in a picture, selecting a section and setting a password has been proposed (FIG. 2, a). However, this method reveals inconveniences and limitations in use such as the point to be selected in the photograph is located 22 on the dividing line or the number of selection points 21 is placed in one divided area.

In order to overcome this problem, the method of setting a touch point as a password has a maximum number of areas that a user can set as a point of interest (POI) in the picture. It is a weak point, and the problem of not properly setting the point of interest due to overlapping touch areas according to the picture is not completely solved (23).

In particular, since the point of interest that appears in the picture can be predicted almost identically, there is a problem that it is vulnerable to a guessing attack and has low security. When researching and developing a photo password, it was predicted that security would be greatly improved compared to a numeric password (password) that only uses 10 digits because the number of selection points was as large as the number of pixels. The study found that the point was very limited, which could lead to easy guessing attacks.

In fact, user authentication using pictures installed in Windows 10 (authentication using a text password before Windows 8) also easily predicted the selection point on the picture selected as the password screen, and the selection point (point of interest) on the picture is as diverse as expected. It is vulnerable to guessing attacks because it is small, and in particular, it does not overcome the weakness of revealing the password as it is.

Accordingly, in general, the authentication method using a graphic was used only as a method of arranging a plurality of pictures, characters, icons, etc. and selecting one or several of them (Fig. 3, a) as in the case of Facebook. However, this method also has a problem of being vulnerable to environmental exposure and speculative attacks.

Recently, the Drag & Drop method, which is strong in exposure and key logging, which has developed this grid method, has been adopted for unlocking a mobile phone or authenticating a user of FinTech (FIG. 3, b).

The recent release of the 'Unlocked BlackBerry' using the 'drag and drop' method is to select a specific image listed in the grid and drag it to match a specific position (31), which is cumbersome and difficult to use. It is also difficult to use on a small screen and inconvenient to use immediately, which is also receiving the user's appearance.

All of these passwords, to date, are touched by numbers, letters, sliding patterns, or graphic-based touch locations to compare and verify the authenticity of a preset setting, all of which are visually exposed to the surroundings. Common to being vulnerable

On the other hand, the emergence of wearable devices such as smart watches and smart bands that measure, store and utilize personal health information and activity information in real time, and the Internet of Things (IoT) that make smart home and connected car technologies a reality Therefore, the importance of unlocking and user authentication of a portable terminal, which serves as a device for controlling, adjusting, and controlling the information, is increasing.

In addition, unlike previous passwords for desktop PCs that were used only in a certain space, user authentication in portable devices is often used anywhere, anytime, without any restrictions. Reinforcement will become more important.

Accordingly, methods to prevent exposure and hacking are being added one by one, such as increasing the number of passwords, using a mixed number of characters, inputting a transmitted authentication number, and shuffling of virtual keyboard numbers. However, "better convenience and less security, less convenience and more security" is the logical logic of the security system, which allows providers or cryptographers to pass on inconveniences to users without any worries or research efforts. , Users without choices have no choice but to use it.

Therefore, biometric authentication, which has the advantages of convenience in password input and ambient exposure, has been spotlighted on mobile, but it is only one of the personal damages that cannot be replaced because it is the only one leaked. It can be misused for secondary crimes such as counterfeiting and identity laundering, resulting in greater social confusion and damage.In fact, millions of fingerprints can be leaked by hacking from public institutions in the United States, which can be a serious social problem. This turned out to be reality.

In summary, all current passwords are used by using numbers, letters, patterns, and graphic images that can be perceived by the eye. Not only that, it also uses image information such as fingerprint patterns and iris pattern. Therefore, it is inferred that this can be collected, duplicated, modified, and reused by hacking, and hacking by silicone fake fingerprints and printed disposable contact lenses has already been successful.

In other words, biometric authentication, which is believed to be an advanced technology, is also used as a fine object that is difficult to collect or verify visual information, and the principle of judging user authentication by authenticity of visual information is the same.

Therefore, there is no need to worry about hacking by exposure, if there is no visual information beforehand so that it can not be judged by the human eye as well as by the optical machine. However, a password using intangible information that is free from exposure because it is not visible, there are no objects, and it cannot be confirmed visually or optically has not been developed or used yet.

The present invention is to solve the above problems of the prior art, there is no visual information that can be duplicated or collected, pre-hacking by exposure by user authentication using a gesture that is an object that cannot be collected after use It aims to provide a new user authentication method that is strong in exposure security and convenient to use by blocking source.

In addition, the present invention is to provide a new user authentication method that can satisfy both the security of the password and the convenience of the user by using a combination of touch and sliding gestures that do not have a shape and difficult to guess motion as the user authentication information. The purpose.

In addition, the present invention uses a combination of musical rhythmic elements that are naturally generated when using a combination of touch and sliding, and design, constituent elements, and emotional elements of the graphic image, the password of the hard and hard feeling is fun, It aims to enhance the user satisfaction and terminal usability while increasing the security by personalizing the terminal.

In order to achieve the above object, a gesture user authentication method using touch and sliding according to an embodiment of the present invention, the image setting step of setting the image selected by the user as a password input screen; An input area setting step of setting an area selected by the user as a password input area on an image set as a password input screen; A touch password setting step of setting a type of touch and / or sliding, an input frequency, and a touch order received from the user in the password input area; And generating an authentication information for the user by combining the password input screen, the password input area, and the input touch password.

The setting of the touch password may include recognizing a touch and / or sliding input by the user and distinguishing and determining the touch and the sliding. When touch and / or sliding are input by the user, the touch and the sliding are determined based on the size of the vector consisting of the start point and the end point, and the direction of the vector is discarded.

The setting of the touch password may further include combining the input order of the touch and / or sliding input by the user and the number of times of each input.

The user authentication method may further include displaying a plurality of password setting areas on an image of a password input screen when an image is set by the user on the password input screen, and touching or sliding one of the password setting areas. And determining the designated area as a password input area.

The user authentication method may further include setting a dummy image (dummy image) requiring random sliding at a random position after inputting a touch password on the image set as the password input screen.

In accordance with another aspect of the present invention, there is provided a touch password user authentication method comprising: an image checking step of determining whether an image selected by a user is an image set as a password input screen from among a plurality of images displayed on a user terminal; A password input area checking step of determining whether the input touch password is input in a preset password input area when the selected image is a password input screen and the user inputs a touch password on the selected image; A touch password checking step of determining whether the number, order, and combination of the touch passwords are the same as a preset touch password when the touch password is input in a preset password input area; If the touch password is the same as the preset touch password may include an authentication processing step of determining that the user authentication is successful.

In the user authentication method, if the input of the touch password on the password input screen set in the user authentication information is not completed while the plurality of images displayed on the user terminal are all selected, the touch password input is prohibited and only the image browsing password is available. The method may further include providing a lock screen.

The user authentication method may further include unlocking the password input to be resumed when an image corresponding to a preset password unlocking screen is selected and a password unlocking method is input to a preset input area on the corresponding image. .

According to the present invention, since user authentication is performed using an element that does not appear externally, it is possible to provide a user authentication method that completely blocks hacking by exposure, which is a fundamental problem of the security system of the portable terminal.

In addition, according to the present invention, there is no inconvenience of having to focus on an input screen or an authentication screen keyboard during user authentication, find one by one, and accurately touch the input position to input user authentication information. If the input screen can be entered roughly anywhere in the touch password, it is an advantage that can be authenticated immediately and intuitively without looking at the screen if the environment or eyesight that can not focus on the screen, such as driving.

In addition, according to the present invention, the second security is additionally set by allowing a specific area of the input screen to be selected when the touch password is input, and thus the security is further improved. Hacking can be prevented.

In addition, according to the present invention, the third security is set so that it is more difficult for a third party to predict which image has a password set by using a dummy image, but since all these security devices can be used immediately and intuitively, high security Despite the sex, there is an advantage that does not interfere with the convenience of the user.

In addition, according to the present invention, the user can enter the password intuitively without having to memorize and replay the password, so that the user can use the password without any educational gap, nationality, or knowledge gap between children, senior citizens, and foreign residents. When using a picture or graphic image, the first screen is used when entering a mobile phone, so the decoration effect is excellent, and it can be used as a promotional or advertising medium.

1 is an example of a photographic image enlarged to view a structure of pixels constituting the photographic image.
2 is a diagram for describing a method of setting a password by selecting a specific area of a photo image according to the related art.
3 is a view for explaining a method for processing password authentication by image selection according to the prior art.
4 is a flowchart illustrating a method of setting a touch password by a gesture user authentication method according to an embodiment of the present invention.
5 illustrates a screen for setting a password input area using a touch password according to an embodiment of the present invention.
FIG. 6 is a diagram for describing a method of determining a touch and a sliding gesture used in a touch password according to an embodiment of the present invention.
7 illustrates examples of a touch password made up of a combination of touch and / or sliding gestures in accordance with one embodiment of the present invention.
8 and 9 illustrate screens for setting a touch password using an image according to an embodiment of the present invention.
10 is a flowchart illustrating a method of inputting a touch password by a gesture user authentication method according to an embodiment of the present invention.
11 illustrates a screen for inputting a touch password in a terminal device according to an embodiment of the present invention.
12 illustrates a screen when a user authentication using a touch password fails.
13 is a view for explaining a dummy image according to an embodiment of the present invention.

Terms used herein will be briefly described and the present invention will be described in detail.

The terms used in the present invention have been selected as widely used general terms as possible in consideration of the functions in the present invention, but this may vary according to the intention or precedent of the person skilled in the art, the emergence of new technologies and the like. In addition, in certain cases, there is also a term arbitrarily selected by the applicant, in which case the meaning will be described in detail in the description of the invention. Therefore, the terms used in the present invention should be defined based on the meanings of the terms and the contents throughout the present invention, rather than the names of the simple terms.

When any part of the specification is to "include" any component, this means that it may further include other components, except to exclude other components unless otherwise stated. In addition, the terms "... means", "... unit", "module", etc. described in the specification mean a unit for processing at least one function or operation, which may be implemented in hardware or software, or hardware and software. It can be implemented as a combination of.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.

The gesture user authentication method using touch and sliding according to the present invention may be performed by a computing system having a processor, a memory, and an input / output device.

For example, the present invention can be applied to a user authentication procedure required for logging in or releasing a lock screen for use of a user terminal such as a smartphone, smart watch, tablet PC, laptop computer, desktop, etc., that is, password setting and password input processing. have.

In addition, the present invention can be applied to a user authentication procedure for accessing a server through a user terminal in a system in which a user terminal and a server interwork with each other through a network.

In this case, the network may be a wired or wireless communication network of various types such as an internet network, an intranet, a mobile communication network, and the like.

In particular, a remote terminal connected through a network communicates with a user authentication system and enters a password. A smartphone, a tablet PC, a notebook computer, a personal computer, a smart TV, a game machine, and a wired / wireless communication are physically separated from the user authentication system. This may be a digital door lock of the front door, an ATM connected to the network, an automated financial teller machine and a kiosk, and an automated document issuer.

In addition, the remote terminal may be an IoT (Internet of Things) product such as a home appliance, a gas boiler, a power switch, or a speaker such as a smart refrigerator capable of wired or wireless communication.

Alternatively, the remote terminal is connected to a wireless communication network and is an IoT controller that controls various IoT products by a short range wireless communication method such as Bluetooth or Zigbee, or a smart home, a connected car system, or a robot. Or a wearable product such as a smart watch or a smart band.

In addition, the present invention may be in the form of a mobile device such as a smartphone or a tablet computer interoperating with various IoT products.

In addition, if the above definition is satisfied, there is no restriction on the type of hardware.

4 is a flowchart illustrating a method of setting a touch password by a gesture user authentication method according to an embodiment of the present invention.

According to the present invention, a user may select one of the images stored in the terminal as a password input screen, and set a password input area and a touch password corresponding thereto for the selected image.

Referring to FIG. 4, the image selected by the user is set as the password input screen in the image setting step S40.

The user may retrieve images from the photo library of the terminal device and display them on the screen, and use one of these images as the password input screen. In addition to the password input screen, a plurality of other images may be called and displayed together, so that a third party cannot distinguish which of these images is used as the password input screen. Thus, for third parties, the photo browsing screen only acts as a photo album for browsing the photos.

As another example, the image used for the password input screen may be unused according to the user's selection. In this case, the first screen of the terminal start will be used as the input screen of the touch password (FIG. 5 (C)).

When the user does not select a specific image as described above, a password input area and a touch password may be set on this layer by using a transparent layer instead of the image. The user sets a password for this layer, but since the transparent layer does not have a visual sense of presence and the current desktop or initial screen is transparent, the user can set a password for the current desktop. To be recognized.

This is because the user's taste is taken into consideration, and some users may not prefer the image decoration of the first screen of the terminal. That is, the user can use the touch password directly from the familiar current screen without having to change the first screen of the user's mobile phone, which is already configured, to another image.

In the password input area setting step S42, the area selected by the user on the image set as the password input screen is set as the password input area.

Although this password input area can use the entire screen as one input area, it provides a division of the password input screen into a plurality of blocks, allows the user to select one block, and inputs a touch password within this area. You can make it more secure.

In this case, the block selection method does not require any further action by the user for selecting the area, and the password input area is automatically set by simply inputting the touch password in the block area (location) where the user wants to input the touch password.

Referring to the example of FIG. 5A, since the touch password is set in the upper block area A among the areas divided into two blocks, the lower area B is excluded from the touch password input area. Therefore, when the touch password is input in the lower area (55), the password input fails, and only the photo browsing function is operated. In other words, the upper block area A of the password input screen is automatically set as the touch password input area at the moment of touching the upper block to set the touch password.

In FIG. 5 (b), it can be seen that the password input screen is divided into four areas, and the block of the A area is selected by the user.

At this time, the division of the image is the same size, it is not necessary to divide into a rectangular or square area. That is, the shape of the divided region may be irregular in addition to the rectangle, the circle, and the polygon, and the size and number may be different. In particular, an AI or other similar region selection algorithm may be used to automatically select and segment a touch password input location region selected by a user into a predetermined image region.

For example, if an eye is selected in the portrait, it may be divided into an area corresponding to the eye. In this case, it can be expected that the shapes of the areas corresponding to the eyes will be different from each other, and the user must enter a touch password within the range of the eye areas on the image. In this case, the size of the touch password input area may be enlarged and reduced by the user, but when the area range is small, the touch and / or sliding input may be inconvenient and the probability of occurrence of an input error may increase.

As another example, when the user selects the desired images 51 and 57 as the password input screen, a layer in which the image is divided into N areas is displayed and displayed on the screen. However, in the example of FIG. It can be seen that the first start screen 58 of the terminal having no selected image is divided. This is a device for users who do not want to decorate the terminal, as mentioned at the beginning. That is, 1) image or 2) dummy image use, 3) input area selection improves security and decoration effect, but how 1), 2), 3) method affects the basic technology and use of this touch password. It's not crazy.

Meanwhile, when a user touches one area, the corresponding area is set as a password input position and information about the area is stored, and touch and / or sliding by the user is set as a touch password and stored.

The block area shown in FIG. 5 is a device for assisting in setting the touch password input area and is displayed on the screen only when the area is set, and is not displayed on the screen when the touch password setting is completed.

In the touch password setting step S44, a touch password is input to the password input area from the user.

When the password input area is selected by the block division method, the user may set the touch path by inputting a touch and / or sliding password starting from the block selected by the user. When the touch password is input later, the touch password input in an area other than the selected block area is failed. However, when the start point of the sliding starts in the input area and the end point ends outside the input area, it is determined that the input is successful.

In the authentication information generation step S46, authentication information for the corresponding user is generated by combining information on the set password input screen, the password input area and the touch password.

The user authentication information may store information about one password input screen, a password input area corresponding to the password, and a touch password. In this case, if a plurality of image screens are set on the password input screen, the user may set a password by selecting a password input screen among the plurality of images and then inputting a touch password in the password input area.

On the other hand, since a large number of images may be stored in the user terminal, it may be inconvenient to use a password through a screen listing all the images. Therefore, after the user selects one password input screen, the user authentication screen may be configured by selecting a predetermined number of images other than the image corresponding to the password input screen.

For example, a user may select one image as a password input screen, and then arbitrarily select five different images (dummy images), and place a total of six images on the lock screen of the user terminal. At this time, one image selected as the password input screen will be inserted at an arbitrary position among the five images.

The order of the N images used here may be dynamically changed and re-arranged according to the user's intention or every use, and the user may enter a password while rotating the six images. This dummy image can be used or unused according to the user's choice.

This is a device that allows the user to set the configuration of the lock screen of the terminal as desired, and extends the decoration function in addition to enhancing the security of the terminal. That is, by configuring a lock screen, which is the first screen when the terminal enters, with a favorite photo in addition to the image corresponding to the password input screen, it can also serve as a photo album function that can be enjoyed even in the locked state.

For example, you can place seven photos of your favorite idol group like a photo album on your mobile phone's home screen, and set and use a touch password on one of them. In case of user authentication, you must select a password setting picture among these seven pictures and enter the password here.

In the example of FIG. 6, the characteristics of the operation classification for determining the type of gesture using the pattern analysis of the touch password will be described in more detail. The coordinate value 61 of the point touched by the user for sliding and the touch state after the sliding operation are described. The vector is obtained using the coordinate values of the released point 62. That is, a vector is obtained using the coordinate values of the sliding start point and the coordinate values of the sliding end point.

The coordinate value of the sliding start point and the coordinate value of the sliding end point may be the coordinates of the two-dimensional coordinate system, respectively, from the coordinate value of the sliding start point to the coordinate value of the sliding start point based on the x-axis and the y-axis. The length of (B)-that is, the size of the vector can be found.

In this case, the direction 63 of the vector is ignored, and the touch and the sliding input are distinguished and determined based on the magnitudes of the vectors A and B.

In general, when sliding, depending on the habit and the environment, the sliding is to the left or right, or up and down direction, long or short, where the difference between the long and short sliding is distinguished, but the direction of sliding, that is, the touch point together with the touch point Ignoring the angle (C) starting from, the determination of sliding or touch acts as a determining factor of the touch password. Therefore, the password input area information in which the touch password is started together with the password input screen information and the touch password are stored in the user authentication information.

Meanwhile, a process of requesting user authentication by inputting a touch password will be described in detail.

6 illustrates a method for determining a touch input and a sliding input of a touch password according to an embodiment of the present invention.

The user may touch and / or slide the password input area. If there is a touch and / or sliding input, the coordinate 61 of the position where the user's touch is started and the coordinate 62 of the end position are obtained. The vector is obtained using the coordinates of the position where the touch is started and the coordinates of the position where the touch is terminated. Then, when the size of the vector is less than the first threshold value, the vector is determined as a touch input.

Here, since the coordinates of the end point are for determining the touch input and the sliding input by the size of the vector, if the start point is started in the password input area, even if the end point coordinates are outside the input area, it does not affect the user authentication result.

Thereafter, as described above, the touch input and the sliding input are determined, and the number and order of the respective inputs are combined, and the previously stored user authentication information is compared.

That is, the user authentication information may include password input area information and a combination of touch and sliding.

7 illustrates a touch password consisting of a combination of a touch and / or sliding input and a number of times according to an embodiment of the present invention.

In the combination of touch and sliding, user authentication information may be configured by a combination of one or more sliding inputs and one or more simple touch inputs as illustrated in FIG. 7.

In addition, the present invention may be implemented to perform user authentication using a combination of one or more sliding inputs and / or one or more touch inputs.

For example, in the password input area A of the image 80, the user authentication information a may be configured by two short touches and one long slide to the right. At this time, the touch password authentication information is generated by a combination of 'touch twice + slide once' (touch-> touch-> sliding) (Fig. 7, D).

Referring to Figure 7, the complementary description, even if the combination of "touch twice + sliding once" according to the sequence of touch and sliding, 1) touch-> touch-> sliding (D), 2) sliding-> touch -> Touch (A), 3) Touch-> Sliding-> Since the combination of three different configurations occurs, touch (2) and touch (1), even if you use the same two times, if the order is different, each different touch It is a password.

Depending on the user's convenience, it is possible to use the combination using only sliding or touch (FIG. 7F, G), but in this case, the convenience may be improved but the security may be deteriorated.

In particular, among the various gestures used in the terminal device, gestures having the highest usability, symbolism, and utility are touch and sliding. As described above, the touch password is made of a combination of the number and order of the touch input and the sliding input. When this combination of touch and sliding is made, there is a temporal order in each of the touch and sliding, so that it naturally has a rhythm. Intuitive, natural and fast. Investigations have shown that the longer the password entry time, the more vulnerable to exposure hacking will be.

In addition, the conventional authentication methods determine the number or letter keys on the virtual keyboard, the point of the pattern, the point of interest of the graphic password and the like on the basis of the touch input coordinates, and determine whether they match the preset values. Since the input coordinate value is not an absolute criterion for determining password authentication, it is possible to input a password using a familiar operation as if tapping the screen of the terminal without looking at the screen when the field of view or the input point is difficult to read.

As such, since the visual information is not used at the source, there is no need to worry about hacking due to the surrounding exposure, unlike conventional technologies.

In addition, unlike the conventional technology, the user authentication is not determined by the coordinate value of the input point, and the user authentication is performed by the combination of the number and the number of touch passwords, and the start and end points of the sliding operation are determined by the size of the vector. Because it is used only to distinguish between them, the user can make sliding input in the horizontal direction, the vertical direction, the diagonal direction or the parabola drawing method.

Since the size of the vector is obtained using only the coordinates of the start point and the end point even when the input is made, the number and combination of the touches and the slidings determined as the size from the start point to the end point correspond to the touch password on the stored user authentication information. Is determined to be success.

In this way, the user only needs to remember the number and combination of touch and sliding, regardless of the touch input position or touch point, and inputs the touch password appropriately. In the case of sliding input, the length or direction may vary. Also, various inputs such as curves, zigzags, and the like, may be performed. Accordingly, the motion of the user's sliding input for user authentication may change every time.

In addition, the touch position may be different each time since a touch input is performed a number of times set at an appropriate position, instead of touch inputting an exact position to recognize the coordinates.

This approach greatly contributes to enhanced security. In addition, according to the user, the sliding is not a straight line but has a gentle parabolic curve shape, and the difference in sliding length and direction is large, so that the input error and the determination error of sliding are eliminated when the above determination method is applied. Convenience is greatly improved.

8 and 9 illustrate screens for setting a touch password using an image according to an embodiment of the present invention.

The user selects a password input screen for setting a password by loading and returning a plurality of images. In the example of FIG. 8, one image 80 is selected as the password input screen so that a password is set and four images 81, 82, 83, and 84 are images without password setting.

If a user browses the images for password input later and inputs the touch password (a) into the password input area (A) of the image 80 having the password setting, the user inputs the preset password by analyzing the password input image, the input area and the touch password. After confirming that it is the same as, perform the following operation (85), but touch the image (81, 82, 83) without a password setting and input the touch password to call up the next image (84) without performing a separate password confirmation procedure. And will show.

In the example of FIG. 8, since the user touches the A area twice in the image 80 selected as the password input screen and inputs the sliding once (a), the information about the image 80 and the A area of the image and 2 The touch password of one touch and one sliding will be stored as user authentication information.

Referring to FIG. 9, when browsing images and selecting one as a password input screen (a), a layer obtained by dividing the selected image into a plurality of areas is displayed on the image. In the example, the password input area divided into three blocks can be checked. In this case, a setting completion icon (eg, an E or an Enter icon) may be displayed together (b).

After inputting the touch password by touching and / or sliding the desired number of times in the desired input area (b), touching the setting complete icon (c), the touch password setting is completed. After setting the password, the layer information and the setting complete icon disappear and only the original image remains (d).

When the user enters a password, the user browses the photo and then enters the touch password in the preset password input area as shown on the screen (d). The touch and sliding inputs are different from those of general mobile phone users. It is difficult to distinguish from the swiping action of photo browsing, which makes it look natural to third parties.

 In the example of FIG. 9, the "white circle" indicates that the touch is input once, and the "icon with the arrow" indicates that the touch password is set by sliding once.

In the example of FIG. 9B, it can be seen that the middle region of the photo is set as the password input region, and the corresponding photo information and the region are stored as user authentication information. In addition, touches and / or slidings made within this area are stored in the authentication information as a touch password.

In the example of FIG. 9E, the password is set on the entire screen without region division by one touch and one sliding in the same manner as described above. Since the input area information is not used at this time, only the picture information and the touch password are stored as the user authentication information. If no password input screen image is used, this information is also excluded from the user authentication information.

10 is a flowchart illustrating a method of inputting a touch password by a user authentication method according to an embodiment of the present invention.

In the image checking step S100, it is determined whether an image selected by the user is an image set as a password input screen among a plurality of images displayed on the user terminal. When the password input is for opening the locked terminal, a user interface for browsing a plurality of images on the lock screen is provided. The user rotates the images here and enters the touch password in the input area when the password input screen appears.

In the password input area determination step S102, when the selected image is a password input screen and the user inputs a touch password in the selected image, it is determined whether the input touch password is within an area set as the password input area. At this time, if the password input area is not set (when the entire image is used as the password input area), since touch password input is possible anywhere on the input screen, step S102 is omitted and the process proceeds to the next step.

In the touch password confirmation step S104, when the touch password is input in the preset password input area, it is determined whether the password is the same as the touch password preset for the password input screen. At this time, it is determined whether the input touch password is a touch input or a sliding input, and the combination of the number of inputs, the input order of the touch and the sliding is compared, and the comparison is made with the preset touch password.

In the authentication processing step S106, when the input touch password is the same as the preset touch password, it is determined that the user authentication is successful.

11 illustrates a screen for inputting a touch password in a terminal device according to an embodiment of the present invention.

11 illustrates an example of releasing a lock by inputting a touch password into a user terminal. After selecting an image corresponding to a password input screen set by a user on a lock screen and displaying the image on the screen of the terminal, the password is entered in the password input area. When the touch password is input by two touch inputs and one sliding to the right (a), the authentication processing module of the terminal compares the number of touch and / or sliding inputs, order, input area, password input screen, etc. with user authentication information. To determine whether the authentication succeeded. If the authentication is successful, the user terminal is unlocked and the user terminal is opened as shown in (b).

In FIG. 11, the entire screen is used as a password input area, and a touch password of “1 touch-> 1 sliding (right direction)-> 1 touch” is inputted. Although an icon (number is input order) is displayed, nothing is displayed on the screen of the actual terminal and only a picture image is shown. The user will enter a touch password anywhere on this image.

In the conventional password input screen, a user interface such as a button for inputting a password or a pattern is displayed or an input screen is displayed. That is, since the password input key and the input screen are always exposed and the same screen is provided to everyone, it is vulnerable to a third party's guessing attack or exposure such as guessing a password using only fingerprint marks or finger positions.

On the other hand, the user input method according to the present invention does not display a user interface for password input except when setting a password. In other words, the password is input on the screen where nothing is displayed, which is the same as the general image browsing screen. In particular, the input screen image and input area can be selectively used by the user. Because it does not use as the user authentication information, it prevents the exposure attack.

That is, the position coordinate value at the time of touch input is used only as a judgment data for distinguishing touch from sliding and is not stored as user authentication information.

12 illustrates a screen when a user authentication using a touch password fails.

While browsing the image on the lock screen, if the touch password 120 is input to an area B other than the preset password input area A on the image set as the password input screen, it is determined that the password is inconsistent, and the screen moves to the next image. . In the next image, if the sliding 121 is input at an arbitrary position, the display moves to the next image.

When the password input area or the touch password is not entered correctly in the image set as the password input screen as described above, normal image browsing continues. At this time, after viewing all the browseable images, the password lock state is automatically determined as the password input failure. do.

In this locked state, the specific password is not displayed and the input of the touch password is prohibited, but the picture viewing can be continued. Therefore, the third party cannot recognize that the terminal has been locked, and even if the user attempts to input the password again, only the arranged pictures are continuously viewed.

The lock release screen, the lock release position, and the lock release method that can release the lock when the password is locked may be set by the user when the password is set. When a specific method is input at a specific location of a specific picture, the password lock state is released and the touch password can be set again.

For example, the password lock state may be set to be canceled when the upper right portion of a specific picture or a specific location of a specific picture is touched three times or a long touch of a specific location. Once the password is unlocked, the user can resume entering the touch password.

On the other hand, you can enter a password before the end of one rotation of all the images. That is, when the user fails to input the touch password on the password input screen and moves back in the reverse order to return to the password input screen, the touch password may be input again in the password input area.

The password lock setting may be simply set to '1 rotation' or 'after 2 rotations', but the user may enable the lock setting after N pictures or after a specific picture by the user.

13 is a view for explaining a dummy image according to an embodiment of the present invention.

According to an embodiment of the present invention, a dummy image may be set in addition to one password input screen. Dummy image is a kind of camouflage image, the number of touch camouflage images (hereinafter referred to as dummy images) requiring a random touch at a random position after inputting a touch password from the image set as the password input screen is set, Information about the number may also be included in the user authentication information.

When setting a password, the user may select how many images to make a dummy image, or N images may be automatically set as dummy images.

In addition, although the dummy image is used after authentication is successful in the password input screen, it can be used to disguise the input screen even before the input screen, and the number and type of the dummy images are changed dynamically each time they are used by a third party. Can not be.

When a plurality of dummy images are set on the password input screen, the user browses the image to find the password input screen, and inputs the touch password by touching and / or sliding in the password input area of the input screen. Thereafter, N dummy images are displayed regardless of the success or failure of authentication. At this time, a random touch or sliding is performed at a random position. Thereafter, when it is determined that the correct touch password is input in the correct password input area on the password input screen set by the user, the user terminal performs subsequent processing when the user authentication succeeds. Subsequent processing means unlocking the user terminal or allowing the use of a particular service for the purpose of user authentication.

Referring to FIG. 13, even if user authentication is successful after inputting a touch password on a password input screen, the user terminal can be used by sliding an arbitrary position on the N dummy images shown later, rather than being opened immediately. It becomes a state. That is, after a successful touch password input, an unrelated image is displayed and a touch is induced again so that a third party can see which image, which location, and which touch password has been used even while watching the input scene. none.

By using the camouflage image and the camouflage touch, it is harder for a third party to know which image is the password input screen and where the password input area is.

The dummy image may be set to be used or unused according to a user's selection, and the dummy image may be used as a promotion or advertisement using a product image, a character, a celebrity photograph, etc., thereby securing the first screen of the terminal as a lock device. It can also serve as a promotional media.

13 (d) is an example in which a touch password is applied to a wearable product such as a smart watch, and a wearable terminal such as a smart watch is difficult to apply a lock device because the appearance itself is small and light. You can't have as many as 10 digits on this tiny screen, nor can you type your passwords or attach a fingerprint reader. Even if you use the rotating basel currently used, it is inconvenient, and it is impossible to input another touch position accurately in a small screen. Like this, even though the display is small, “knockknock” touch input or sliding input is possible, so it is possible to use the touch password made up of a combination of gestures. It can be used together as a device, or it can use the image of the clock keyboard displayed as a digital image.

On the other hand, in the example of FIG. 13, the partition area is displayed on the password input screen, but this is for the sake of understanding. In the actual password input process, only the image is shown without the division state. Not known.

That is, when the password setting is completed, only the images are displayed on the lock screen, and no buttons or any display or interface related to the password setting are displayed at all.

In addition, even if a third party attempts to enter a password, if the user turns the image once and finds the password input screen set by the user until the user returns to the original position, if the correct touch password is not entered in the correct input area, the password lock is prohibited. Lock) setting. With the password lock set, there are no warnings or notices such as “error” or “input failure”, and only the picture can be viewed on the screen, preventing password guessing attempts perfectly.

Method according to an embodiment of the present invention can be implemented in the form of program instructions that can be executed by various computer means may be recorded on a computer readable medium. The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the media may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks such as floppy disks. Hardware devices specially configured to store and execute optical instructions and program instructions such as ROM, RAM, flash memory and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements of those skilled in the art using the basic concepts of the present invention defined in the following claims are also provided. It belongs to the scope of rights.

Claims (14)

An image setting step of setting an image selected by the user as a password input screen;
An input area setting step of setting an area selected by the user as a password input area on an image set as a password input screen;
A touch password setting step of setting a type, a number of times, and a touch order of touches and / or slidings inputted from the user in the password input area;
And an authentication information generating step of generating authentication information for the user by combining the password input screen, the password input area and the input touch password. The method of claim 1,
The input area setting step,
And setting an area selected by the user as a password input area among areas in which the image set as the password input screen is divided into a predetermined number. 2. The method of claim 2,
The setting of the password input area may include:
And providing N password input areas divided into quadrangular, polygonal, circular, elliptical and irregular shapes on the image set as the input screen. The method of claim 1,
The touch password setting step,
Recognizing the touch or sliding input by the user and distinguishing and determining the touch and the sliding by the size of the vector obtained by the coordinate values of the touch start and end points, gesture user authentication method using touch and sliding . The method of claim 4, wherein
In the step of discriminating and determining the touch and the sliding by the size of the vector,
Obtaining a magnitude vector of a line connecting a start point and an end point of the touch or sliding input,
If the size of the vector is greater than or equal to the first threshold value, the gesture user authentication method using the touch and sliding, characterized in that it is determined as a sliding input. The method of claim 1,
The touch password setting step,
And combining the input order of the touch and / or sliding input by the user and the number of times of each input. The method of claim 1,
The authentication information generation step,
And configuring authentication information using a combination of one or more sliding inputs and one or more touch inputs, or one or more touch inputs and / or a combination of one or more sliding inputs. Gesture user authentication using sliding. The method of claim 1,
The image setting step,
And gesture-using and sliding the image setting by the user. The method of claim 1,
Setting a number of camouflage images (dummy images) requiring a random touch after inputting a touch password in the image set as the password input screen, and including information on the dummy image in the user authentication information; Gesture user authentication method using a touch and sliding. A computer-readable recording medium for executing a gesture user authentication method using touch and sliding in a user terminal as claimed in claim 1. An image checking step of determining whether an image selected by the user among the plurality of images displayed on the user terminal is an image set as a password input screen;
A password input area checking step of determining whether the input touch password is input in a password input area preset for the password input screen when the selected image is a password input screen and the user inputs a touch password on the selected image; ;
When the touch password is input in the preset password input area, a touch password confirmation step of determining whether the combination of the type, the number of times, and the order of the input touch and / or sliding is the same as the touch password preset for the password input screen. Wow;
And an authentication processing step of determining that the user authentication is successful when the touch password is the same as the preset touch password. The method of claim 11,
If the touch password input is not completed in the password input area of the password input screen set in the user authentication information while all of the plurality of images displayed on the user terminal are selected, the password lock screen for which the input of the touch password is prohibited and only for image browsing is prohibited. Gesture user authentication method using the touch and sliding further comprising the step of providing. The method of claim 11,
If an image corresponding to the preset password unlocking screen is selected and a password unlocking method is input at a preset input position on the image, unlocking the password so that the password input is resumed. Gesture User Authentication Method. A computer-readable recording medium for executing a gesture user authentication method using a gesture user authentication method using touch and sliding in the user terminal of claim 11.

Images