KR20200003339A - Photograph Swiping User Authentication - Google Patents

Abstract

Disclosed is a method for using a photograph image to set and input a password to perform user authentication processing. According to the present invention, a photograph swiping user authentication method comprises: a step of setting a photograph image selected by a user as a password input screen; a step of generating one or more point-of-interest candidates on the photograph image, and setting a point of interest selected by the user among the generated point-of-interest candidates; a step of generating a grid including a horizontal line and a vertical line passing the point-of-interest candidates; a step of displaying the set point of interest on the photograph image, and randomly arranging and displaying a password candidate at each point on the grid; a step of setting a password candidate moved to the point of interest by an input of the user among the randomly arranged password candidates as a password; and a step of combining information about the point of interest and the password to generate authentication information of the user.

Description

Photo Swiping User Authentication

The present invention relates to a user authentication method, and more particularly, to a method and a computer program for performing a user authentication process by setting and inputting a password using an image such as a picture or a picture.

Entering letters, numbers, and patterns as a password is not only difficult for users to remember their passwords, but also vulnerable to hacking and cannot reflect their interests, tastes, or emotions. Graphic User Authentication (GUA) systems are being studied. However, it is not activated because of the high security and easy-to-use technology.

In order to use it as a password, you must set a certain mutually agreed value on the photographic image, compare the newly entered value with the set value, and verify the authenticity with the same value. You should be able to select or specify a value at any time, but you can't use a password for a photo image that has so many choices (pixels) that you can't specify a specific part.

As an alternative to this, a new grid method and a drag & drop method, which is strong against exposure and hacking, have been newly developed and used for unlocking a mobile phone or authenticating a user of Fintech.

1A illustrates an example of a technique of processing user authentication using a graphic image in the related art. However, since a specific graphic image listed in the grid as shown in Fig. 1 (a) must be selected and then dragged and dragged to a specific position, it is cumbersome and difficult to use, especially in a small screen such as a smart watch or a moving place such as a vehicle. Because it is inconvenient to use immediately, it is being ignored by the user.

In addition, since the uniform images provided must be used as they are, users cannot use different images such as pictures taken by themselves or pictures they have drawn, and as a result, it is possible to decorate the password input screen (interface) of the device by using the user's taste or personality. There is no fun and interest, half interest and can be applied to the design of the product, UI (User Interface), or can not be used for advertising or publicity, and can only be used as a functional aspect of the 'lock device'.

In addition, this technique is a part of the grid password system (FIG. 1b) which is a modification of the grid password system (Fig. 1 b) because it is a method of selecting one of several different graphic images rather than specifying a password in one image. It does not mean that a specific part of a picture is designated as a password on a single picture. Therefore, there is a problem in that it is not possible to change the graphic image freely as the user intends, such as graphic authentication, and to effectively prevent surrounding exposure and speculative attack.

The present invention is to solve the above problems of the prior art, by occupying an important position on the mobile and by presenting a new method of graphic user authentication (GUA) using a picture that has not been realized yet despite the most used content Providing a photo swipe user authentication method that satisfies both user convenience and password security, and that utilizes emotional elements such as user's memory, feeling and interest in photographic images. The purpose.

In addition, an object of the present invention is to provide a new user authentication method of the GUA that has been neglected due to security vulnerabilities by making it difficult to guess a point of interest that is easy to guess, which is the biggest vulnerability of user authentication using a photograph.

In addition, the present invention can not only prevent the environmental exposure inevitably generated when authenticating a user using a photo, but also effectively prevents keylogging, thereby providing new security for user authentication using photo swiping. It is an object to provide a method.

In order to achieve the above object, a photo swiping user authentication method according to an embodiment of the present invention comprises the steps of: setting a photo image selected by a user as a password input screen; Generating one or more interest point candidates on the photographic image, and setting the interest points selected by the user among the generated interest point candidates; Generating a grid comprising horizontal and vertical lines passing through the point of interest candidates; Displaying the set point of interest on the photographic image, and randomly arranging and displaying a password candidate at each point on the generated grid; Setting a password, which is moved to the point of interest according to the user's input, among the randomly arranged password candidates; And combining the information about the point of interest and the password to generate authentication information of the user.

The grid generation step may include: dividing the photographic image into a plurality of areas by placing a reference line passing through the one or more points of interest candidates; And dividing at least a portion of the divided areas into a plurality of squares to generate a grid of squares having a similar size.

The random disposition step may include: randomly generating a single digit corresponding to each grid point except for the point of interest; And displaying the generated number at a position corresponding to the grid point on the photographic image.

In the photo swiping user authentication method, when a swiping input is received after the random disposition step, the entire randomly arranged password candidates are moved by one column of the grid in a direction corresponding to the type of swiping input. Making a step; The method may further include randomly generating and displaying a password candidate corresponding to the grid point where the password candidate is not arranged as a result of the movement.

The password setting step may include determining a password candidate located at the point of interest as a password when a user input requesting completion of the password setting is received.

The password setting step may include setting a plurality of passwords corresponding to the point of interest.

The setting of the point of interest may include selecting and setting a plurality of points of interest, and the setting of the password may include setting one or more passwords corresponding to each point of interest.

A photo swiping user authentication method according to another embodiment of the present invention includes: randomly arranging password candidates at each grid point on the password input screen by using grid information preset on a password input screen; When the user's swiping input is received on the password input screen, moving and displaying all of the randomly assigned password candidates according to the received swiping input type; The method may include determining whether the user authentication is successful by determining whether the preset password is moved to the preset point of interest as a result of the swiping input.

According to the present invention, although one of the most used contents in a mobile device occupies an important position on the mobile device, it is possible to use a terminal unlocking or user authentication (GUA) for a picture or a graphic image that can only be used for viewing and recording. By doing so, it is possible to effectively utilize the advantages and functional aspects of photography to mobile devices.

In addition, according to the present invention, although the user's enjoyment elements such as fun, entertainment and appreciation are excluded from the normal user authentication system and are developed solely on the basis of functions, emotional elements such as the user's memory, experience, and feeling on the photographic image are utilized. It is possible to provide a user authentication method that is easy for users to remember and fun to use.

In addition, according to the present invention, since the authentication is successful when the point of interest is set on the picture, the password is found, and the user's password matches the point of interest, the three-step security is set on one screen, thereby increasing the security.

In addition, according to the present invention, since it is easier to use and easier to judge than the conventional authentication method (for example, image drag-and-drop), even a device having a small screen such as a smart watch can be quickly and accurately executed by simple and simple operation. The advantage is that you can type.

In addition, according to the present invention, since a number set as a password or a point of interest is not directly touched and selected, hacking by screen capture or keylogging of a terminal which cannot be prevented by the conventional technology can be prevented.

In addition, according to the present invention, a guessing attack and shoulder surfing due to easy prediction of a point of interest, which is a fundamental problem of the gesture path system of Windows 10, which sets a password by selecting a point of interest in a photo image, Blocking greatly increases security, making it impossible for third parties to predict passwords and preventing ambient exposure.

In addition, according to the present invention, since the photographic image can be used as a specific character image, a celebrity photograph, a favorite work, etc. according to the user's preference, it can be used as a promotion or an advertisement medium in favor of creating an intimacy.

In addition, according to the present invention, the user can configure a password screen with a picture taken by himself or his work, a picture of children, etc., so that the user can decorate his or her own device uniquely and personally.

In addition, according to the present invention, the owner of the terminal can immediately and intuitively determine the point of interest of the photo selected by him, and can remember it for a long time without any particular effort, but even if the other person finds out or enters the password by the side Because it's hard to figure out the password, it can provide a GUA that defends against ambient exposure and shoulder surfing, and effectively prevents guessing attacks, which are the biggest weakness of the GUA.

In addition, according to the present invention, since the number (or letters) used as the password is one digit, there is no error or forgetting, and it is very convenient to use authentication by swiping, which is one of the easiest operations, not typing. . When using a password, a simple password is convenient, but the safety is inferior, and the safety is high, the convenience is inferior. The present invention can solve the problems of convenience and security, which is a characteristic of a password and a dilemma.

1 illustrates an example of a technique for processing user authentication using an image in the related art.
2 is a block diagram illustrating a configuration of a photo swiping user authentication system according to an embodiment of the present invention.
3 is a flowchart illustrating a user authentication method of setting a password using a photo image according to an embodiment of the present invention.
4 illustrates a screen for selecting a photo image to be used as a password input screen according to an embodiment of the present invention.
5 is a diagram for describing a process of setting a point of interest in a selected photo image according to an embodiment of the present invention.
6 is a diagram for describing a process of generating a grid on a selected photographic image according to an embodiment of the present invention.
7 illustrates a screen in which random numbers are arranged at each point of the generated grid according to an embodiment of the present invention.
8 is a diagram illustrating a process of setting a password according to an embodiment of the present invention.
9 is a flowchart illustrating a user authentication method of processing user authentication by inputting a password using a photo image according to an embodiment of the present invention.
10 illustrates an example of unlocking a user device according to an embodiment of the present invention.
11 illustrates a screen for inputting a password using a photo image according to an embodiment of the present invention.
FIG. 12 illustrates a process of shifting the number arrangement of screens during swiping input according to an embodiment of the present invention.
13 is a view for explaining the structure of the password input screen according to an embodiment of the present invention.

Terms used herein will be briefly described and the present invention will be described in detail.

The terms used in the present invention have been selected as widely used general terms as possible in consideration of the functions in the present invention, but this may vary according to the intention or precedent of the person skilled in the art, the emergence of new technologies and the like. In addition, in certain cases, there is also a term arbitrarily selected by the applicant, in which case the meaning will be described in detail in the description of the invention. Therefore, the terms used in the present invention should be defined based on the meanings of the terms and the contents throughout the present invention, rather than the names of the simple terms.

When any part of the specification is to "include" any component, this means that it may further include other components, except to exclude other components unless otherwise stated. In addition, the terms "... means", "... unit", "module", etc. described in the specification mean a unit for processing at least one function or operation, which may be implemented in hardware or software, or hardware and software. It can be implemented as a combination of.

DETAILED DESCRIPTION Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. As those skilled in the art would realize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. In the drawings, parts irrelevant to the description are omitted in order to clearly describe the present invention, and like reference numerals designate like parts throughout the specification.

2 is a block diagram illustrating a configuration of a photo swiping user authentication system according to an embodiment of the present invention.

The photo swiping user authentication method according to the present invention may be performed by a computing system having a processor, a memory, and an input / output device, and the user authentication system 20 of FIG. 2 is a computing system performing the user authentication method of the present invention. Is shown in the form of a functional block diagram.

Referring to FIG. 2, the user authentication system 20 includes storage units 22 and 23 including a memory, and the storage unit functionally stores the authentication information storage unit 22 and the user for storing the authentication information of the user. It may include an image storage unit 23 for storing a photographic image held. In addition, although not shown, the user authentication system 20 may include an input unit for receiving a user input.

The user authentication system 20 generates and stores authentication information in response to a request for setting authentication information of the user, and determines whether the authentication is successful by determining whether the authentication information is correctly input in response to the user's authentication request. It includes a control unit for performing post-processing, such as unlocking, the control unit may be implemented in the form of software performed by a processor.

Specifically, the control unit sets the photo image selected by the user among the photo images stored in the image storage unit 23 as a password input screen, and authentication information including information on the point of interest and the password set by the user on the password input screen. A randomly generated password candidate at each grid point on the photographic image set as the password input screen at the time of authentication request, and the swiping information generation unit 21 for generating and storing in the authentication information storage unit 22, and swiping When an input is received, an authentication processor 24 may be configured to move and display a randomly arranged password candidate group, and determine that the authentication succeeds when the preset password is moved to the point of interest set by the user.

In the embodiment of FIG. 2, the authentication information storage unit 22, the image storage unit 23, the authentication information generation unit 21, and the authentication processing unit 24 are included in one system 20. According to this embodiment, the user authentication system 20 is required to log in or unlock the lock screen to use a user terminal such as a smartphone, a tablet PC, a desktop, a smart watch, that is, a password setting and a password input. The present invention can be applied to the authentication process accordingly.

However, the present invention is not limited to the above embodiment, and the present invention can be applied to a user authentication procedure for accessing a server through a user terminal in a system in which a user terminal and a server interoperate through a network. In this embodiment, at least some or some functions of each component will be implemented on the server side.

In this case, the network may be a wired or wireless communication network of various types such as an internet network, an intranet, a mobile communication network, and the like.

In particular, a user terminal connected via a network communicates with a user authentication system and enters a password. A smartphone, a tablet PC, a notebook computer, a personal computer, a smart TV, a game machine, and a wired / wireless communication are physically separated from the user authentication system. This may be an automated device such as a digital door lock of a possible front door, an ATM connected to a network, an unmanned financial teller machine and a kiosk, and a civil document issuing machine.

In addition, the user terminal may be an IoT (Internet of Things) product such as a home appliance, a gas boiler, a power switch, or a speaker such as a smart refrigerator capable of wired or wireless communication.

Alternatively, the user terminal is connected to a wireless communication network and is an IoT controller that controls various IoT products by a short range wireless communication method such as Bluetooth or Zigbee, or a smart home, a connected car system, or a robot. Or a wearable product such as a smart watch or a smart band. In addition, the present invention may be in the form of a mobile device such as a smartphone or a tablet computer interoperating with various IoT products.

In addition, if the above definition is satisfied, there is no restriction on the type of hardware.

Looking at the user authentication procedure for accessing the server through the user terminal in detail, the authentication information generation unit 21 provided in the user terminal generates the authentication information including information on the point of interest and password set by the user to the server If you pass it, the server stores it. At this time, the photo image set as the password input screen does not need to be transmitted to the server.

Subsequently, upon authentication request, the user terminal randomly generates and displays a password candidate at each grid point on the photo image displayed on the screen, and when a swiping input is received, moves and displays a randomly arranged password candidate group and swipes input Pass the start and end coordinates of the password, swipe input to the server. In this case, as another method, the point of interest location information (or area information) and the swiping input password may be transmitted to the server.

The server may determine that the authentication succeeds when the preset password is moved to the preset point of interest, and may return whether the authentication succeeds to the user terminal.

That is, the server may process the authentication process regardless of which picture image is set as the password input screen, and there is no need to exchange the picture image set as the password input screen between the server and the user terminal. This eliminates unnecessary traffic and enables efficient operation by eliminating unnecessary problems in server-to-server communication, facility capacity and availability issues, information processing and storage issues, and whether or not authentication succeeds.

3 is a flowchart illustrating a user authentication method of setting a password using a photo image according to an embodiment of the present invention.

In step S30, when the user selects one of the photo images stored in the image storage unit 23, it is set as the password input screen.

In the present invention, the photographic image used as the password input screen is not limited to the photographic image taken by the camera, and image data such as pictures, characters, cartoons, drawings, maps, renderings, advertisements, stereoscopic images, holograms, etc. may be used instead. .

In addition, the picture image that can be used as the password input screen can be retrieved from the picture storage folder in the user terminal, such as a smartphone, and may be downloaded from an external server, scanned, taken by yourself or a picture drawn by yourself. .

A screen in which a user browses a photographic image for setting a password or inputting a password may be implemented in various forms, and is not limited thereto. For example, you can arrange photo icons in the shape of a tile, scroll left and right or up and down to move the page and select the desired picture, place the picture images in a circle or cylinder shape, rotate them with a swipe input, and view the pictures. It can be implemented to display one photo image on the screen and view the next or previous photo by swiping input.

The user may retrieve the photo images from the photo library of the terminal device and display them on the screen and use one or more of the photo images as a password input screen.

In this case, it is natural that the image may be trimmed by pinching in and pinching out by touching the imported photo image. This is a measure to compose a picture image according to the aspect ratio of the picture and the terminal screen or the user's intention, but in some cases, if the point of interest in the picture is concentrated within a small range, the point of interest is enlarged. It is to be able to set.

Since the user directly selects the password input screen as a favorite picture among the picture images he owns and sets a point of interest therein, the result of using the cognitive information and knowledge information, which is one of the characteristics of the picture image, is difficult to remember. It's easy and secure.

4 illustrates a screen for selecting a photo image to be used as a password input screen according to an embodiment of the present invention. When the user selects a photo image 40 to set a password, a user interface that sets the photo image as a password input screen and sequentially supports a point of interest setting, a password candidate arrangement, and a password setting on the photo image will be provided.

In step S31, one or more interest point candidates are generated on the photographic image set as the password input screen, and among the generated interest point candidates, the interest points selected by the user are set.

FIG. 5 is a diagram for describing a process of setting a point of interest (partial point of interest of a user in a photo image) in a selected photo image according to an embodiment of the present invention.

The authentication information generator 21 selects a predetermined position on the photographic image 40 as a candidate point of interest. The interested point candidate does not represent any one pixel of the photographic image but represents a predetermined area including a plurality of pixels, and a selected interested point among the interested point candidates may be set as the interested point to be used for password input.

Referring to FIG. 5, six interest point candidates indicated by circles have been generated and displayed by the authentication information generator 21, and one of them has been selected as an interest point for actually setting a password.

According to an exemplary embodiment, the authentication information generator 21 may determine a point on the image that is meaningful to the user by analyzing the image 40 by using a predetermined algorithm, and then set an interest point candidate for each determined point. have.

For example, an image analysis may determine whether a face of a person is displayed on the image, and if there is a face of a person, the position of eyes, nose, mouth, ear, etc. may be found from an area corresponding to the face. Alternatively, if an object or an animal is displayed in the picture, the object or animal may be recognized to set an interest point candidate at a specific corresponding position. This is to allow the user to easily set the point of interest. In the case of photographing a person as shown in FIG. 5, locations that are easy for the user to identify, such as eyes, nose, and mouth, will be set as interest point candidates.

If the point of interest desired by the user exists at a position other than the point of interest candidate, the neighboring point of interest candidate may be touched and dragged to be moved to a desired point of interest position.

If the points of interest are concentrated in one place as described above, the point of interest can be set in more parts by scaling the photo image to the desired size.

Of these candidate points of interest, the points of interest 50 to be used for password input may be automatically selected by the authentication information generation unit 22 or manually according to a user's selection.

When the user selects a specific photographic image or selects a specific part of the photographic image as a point of interest, the user selects a location that includes information that he / she has already experienced or learned, and the user's memory (memory, experience, association, feeling, emotion) Consciously choose what is latent. Therefore, the owner of the terminal can immediately and intuitively judge the photos and points of interest that they have selected and can remember them for a long time without any effort, but it is difficult for a third party to find or remember them.

When the password is used, the password is simple, but the security is inferior and the safety is higher, the convenience is inferior. According to the present invention, it is possible to simultaneously solve the problems of convenience and security, which is a characteristic of the password and a dilemma.

In step S32, a grid is generated based on the interest point candidates.

6 is a diagram for describing a process of generating a grid on a selected photographic image according to an embodiment of the present invention. The vertical lines and the horizontal lines constituting the grid may be generated based on the positions of the interest point candidates, and the grid may include the horizontal lines and the vertical lines passing through the interest point candidates.

Specifically, the photographic image is divided into a plurality of areas by arranging a reference line passing through the interest point candidates in FIG. 6A and at least a part of the divided areas as shown in FIG. 6B again. By dividing into a plurality of grids to create a grid consisting of squares of equal or similar size, each of the lines constituting the grid includes an intersection point.

The grid configuration can be set up simply or intricately by the user's choice. If the grid configuration is simpler, the number of intersection points is reduced, so that the fewer password candidates (numbers) placed there are fewer grid points. Since it is arranged, the configuration of the password input screen is simpler and the password is easier to use.

In step S33, password candidates are randomly placed on the grid.

Specifically, password candidates are randomly generated and displayed by the number of points excluding points of interest among points of the grid generated in step S32. At this time, only the points of interest will be displayed at the corresponding positions on the photographic image, and the points of interest candidates will be removed from the screen. This is because the candidate point of interest is not used in a later process.

The password candidates disposed at each grid point may be numbers, but in some embodiments, letters, special characters, symbols, icons, pictures, pictures, and the like may be used instead.

7 illustrates a screen in which random numbers are arranged at each point of the generated grid according to an embodiment of the present invention.

Referring to FIG. 7, it can be seen that a single digit between 0 and 9 is randomly generated and disposed at each point, and the number is not disposed at the grid point set as the point of interest. The numbers scattered on the photographic image are randomly regenerated every time the password input screen is selected, and are changed every time the password is set. Likewise, numbers are arranged differently than when the password is set because the numbers are randomly generated later.

The grid generation screen of FIG. 6 is for convenience of understanding and is a screen which does not need to be shown to a user when the actual implementation is performed. After the user sets an interest point in the interest point setting screen of FIG. 5, a random number is shown as shown in FIG. 7. A screen disposed on the photographic image will be provided to the user.

In step S34, the randomly arranged password candidates are moved to the point of interest according to the user's input as a password.

8 is a diagram illustrating a process of setting a password according to an embodiment of the present invention.

Referring to FIG. 8, when the user wants to set '8' as a password among randomly arranged numbers, the user swipes the grid points 81 and 82 arranged with '8' to move to the point of interest 50. Just do the input. Swiping means an input of dragging the touch screen in one direction.

For example, when the user performs the left swiping input once or the user swipes the input upward twice, '8' is moved to the point of interest 50, and thus the authentication information generator 21 8 'will be determined by the user's chosen password.

When the swiping input is received after the random arrangement step S33, the entire password candidates randomly arranged in the direction corresponding to the type of the swiping input are shifted and displayed by one column of the grid, and as a result of the shift, the password candidates. Password candidates corresponding to grid points not arranged may be randomly generated and displayed.

When a user input requesting completion of password setting is received, the password candidate entering the point of interest at this point will be determined as the password. To this end, an interface for user input such as a confirmation button or a confirmation icon for completing a password setting may be provided. For user convenience, the user may swipe the screen to move the password to the point of interest and then touch an unspecified location on the screen to complete the password input.

The user input for moving a candidate to be set as a password to a point of interest is not limited to swiping, but may be performed by other input methods such as using a button key, using an icon on an interface, or voice input. For example, it is possible to use a volume control button or a moving icon disposed on the interface, or a voice input such as “move left” or “left” to replace swiping in the left direction. In this case, the input voice may be recognized and replaced with text, and then an input signal may be generated using the input voice.

As such, when driving or when the use of the hand is not free, the user can input a swiping voice to help the user's safety and increase the user's convenience.

In step S35, user authentication information is generated and stored in the authentication information storage unit 22. Since the user authentication information is important information requiring security, the user authentication information is preferably stored through a security process such as being encrypted by a predetermined method.

The user authentication information will be generated by combining information about the point of interest and information about the password.

9 is a flowchart illustrating a user authentication method of processing user authentication by inputting a password using a photo image according to an embodiment of the present invention.

When the present invention is used to lock and unlock the user terminal, the authentication waiting screen will be the lock screen of the terminal. The user may set the number of photo images to be included in the lock screen or select the photo images to set the configuration of the lock screen as desired. That is, by configuring a lock screen by selecting a favorite picture in addition to the picture image corresponding to the password input screen, it can also function as a photo album that can be enjoyed even in the locked state. The user selects a password input screen for inputting a password while retrieving and returning a plurality of designated photo images.

In step S90, the authentication processing unit 24 randomly arranges password candidates at each grid point on the password input screen by using the grid information previously stored in the user authentication information.

10 illustrates an example of unlocking a user device according to an embodiment of the present invention, in which one digit of 0 to 9 numbers is used as a password candidate.

Referring to (a) of FIG. 10, randomly generate a single digit corresponding to each grid point on the photographic image corresponding to the password input screen, and display the generated number at a position corresponding to the grid point on the photographic image. do.

As illustrated in FIG. 8, when the user sets a password, the user may display a point of interest on the screen for convenient password setting. However, as shown in FIG. 10, the point of interest is displayed on a password input screen for processing authentication by inputting a preset password. It doesn't work. This is to prevent the third party from knowing the location of the point of interest even if the third party sees the password input. The legitimate user knows that a portion of the password input screen is a point of interest, and will manipulate the password set by him to move to this point of interest.

In addition, since the starting and ending positions of the swiping input are not related to the point of interest or the password, it is more difficult for others to recognize the password.

In step S91, when a user's swiping input is received on the password input screen, all of the password candidates randomly arranged according to the type of the swiping input received are moved and displayed. In addition, as a result of the movement, a password candidate corresponding to a grid point where no password candidate is placed will be randomly generated and displayed.

For example, when swiping to the left once, a password candidate is randomly generated and displayed at a right edge position. In the case of upper swiping, a password candidate is generated and displayed at the bottom and swiping the bottom.

Then, in step S92, when a user input requesting completion of the password input is received, the password candidate entering the point of interest at the present time will be determined as the password. In order to complete the password input, the user may swipe the screen to move the password to the point of interest and then touch an unspecified location on the screen or provide an interface for user input such as an input completion confirmation button or a confirmation icon.

In step S93, it is determined whether the user authentication is successful by determining whether the preset password is moved to the preset point of interest as a result of the swiping input.

In the example of FIG. 10, since the preset password is '8' and the point of interest is the nose part of the person in the picture, when the user swipes to the left once, as shown in (b), all the numbers placed on the screen are left. The grid is moved one space, resulting in '8' entering the point of interest. Thereafter, the user inputs the password of the point of interest by touching an arbitrary position on the screen.

At this time, since different passwords (numbers) are placed at the same point of interest (candidates) located in various places on the picture, the other person cannot know which point is the point of interest and which number in which point of interest is the authentication information. .

While blocking the Guessing Attack based on the prediction of the point of interest, it also completely blocks the security of the surrounding exposure such as shoulder surfing by a third party, thereby completely solving the security problem of the existing GUA. In addition, keylogging can be effectively defended by not touching the point of interest or password directly when entering the password.

In step S94, the authentication success process is performed because the preset password is matched with the point of interest, and as a result, the terminal will be unlocked as shown in FIG.

If it is determined that the preset password has not been moved to the point of interest even after the completion of the swiping input (S92), it is determined that the authentication has failed (S95). If the input completion (S92) is not received, the process proceeds to step S90 to perform an additional swipe input. Wait When the preset password is correctly moved to the point of interest by the additional swiping input and the input completion (S92), authentication is successful (S94).

11 illustrates a screen for inputting a password using a photo image according to an embodiment of the present invention.

Referring to FIG. 11, when a password input screen is displayed, a new number is randomly generated and arranged at each grid point, and the preset point of interest 110 is a grid point at which the number '7' is arranged. Since the preset password is '8', authentication is successful by moving one of the two grid points 111 and 112 where the '8' is located to the point of interest 110 and touching an arbitrary position.

If you want to use the '8' located in the first grid point 111, enter the right swipe one time '8' enters the point of interest 110, the user authentication will be successfully completed. If you want to use the '8' located in the second grid point 112, enter the upper swipe twice, '8' enters the point of interest 110 and user authentication will be successfully completed.

This is for user convenience and security.In a safe place such as a room, the password closest to the point of interest can be authenticated with just one swipe and touch.However, if there are people around or are insecure, Authenticating with single swipes can be more effective in preventing ambient exposure of passwords.

That is, by swiping, all the numbers (password candidates) arranged in the swiping direction are moved together, and when numbers are continuously moved several times in a short time, even if you are facing them, you cannot instantly judge or remember them. You can certainly stop.

FIG. 12 illustrates a process of shifting the number arrangement of screens during swiping input according to an embodiment of the present invention.

Referring to FIG. 12A, random numbers of 4 rows and 5 columns are arranged on the password input screen 120 displayed on the screen of the terminal, and a location indicated by a dotted circle is a preset point of interest 121.

When the user inputs a left swiping to input the password '8', randomly arranged numbers are shifted one space to the left as shown in FIG. 12 (b), so that '8' enters the point of interest 121. '3', '7', '0' and '9' placed in the column disappear out of the screen, and in the fifth column on the right, the newly created random number set '4', '3', '2', ' 6 'is displayed.

Since all numbers placed on the screen are moved simultaneously by the user's swiping input, others cannot find out which of these many numbers is the password.

13 is a view for explaining the structure of the password input screen according to an embodiment of the present invention.

Referring to FIG. 13, a circle icon corresponding to a plurality of interest point candidates is displayed on a screen 132, and one of the circle icons may be touched to allow a user to select a desired point of interest. According to this, since a large number of points of interest candidates can be set on the photographic image, security can be further enhanced by providing convenience of password selection and increasing the number of cases.

Further, numbers are placed on the generated grid based on these points of interest candidates (131). Information about how the picture image is divided, that is, information about the grid, will also be stored in the user authentication information.

In addition, although the swiping input completion may be confirmed by touching an unspecified position of the screen, the password input icon 130 may be disposed at a predetermined position of the password input screen to assist the user in setting swiping and completing the swiping input.

In addition, after the user selects the point of interest, the user may touch the password input icon 130 and drag in the desired direction to move the numbers on the screen in the corresponding direction.

According to an embodiment of the present invention, two or more passwords may be set in one point of interest. In this case, if the set password is sequentially moved to the point of interest, user authentication will be successful and security will be further strengthened.

In the password setting screen of FIG. 8, when the user wants to set '8' and '3' as a password, the user moves the point of interest 50 by one left swipe 50 times and then presses a predetermined setting confirmation button. Touch and move the '3' to the point of interest 50 by one swipe again, and then touch the predetermined setting completion button, and the '8' and '3' will be set as the password.

In the password input screen as shown in FIG. 11, the user recognizes the point of interest 110, inputs a right swipe once to put '8' in the point of interest, and then touches the screen to complete the swipe upward. Enter two times to move the '3' to the point of interest and confirm the entry complete, user authentication will be completed successfully.

According to an embodiment of the present invention, a plurality of points of interest and a plurality of passwords may be set. In this case, password setting may be performed by selecting and setting a plurality of points of interest from the user, setting one or more passwords corresponding to each point of interest, and including the information in the user authentication information.

If there is a user authentication request in the future, it is determined that the authentication is successful when the number of inputs that correctly move the password to the point of interest on the password input screen is correctly performed.

According to an embodiment of the present invention, at least one touch camouflage photograph image may be set in addition to the password input screen. Touch camouflage image is a kind of dummy image. In addition to moving the password to the point of interest in the password input screen, the user authentication is required by inputting a random swipe on the random image that is randomly extracted and displayed on the screen. To do that.

When the dummy image is used, even if the user enters the password, it is impossible to know which picture image corresponds to the password input screen, thereby increasing security.

In the case of using the dummy image, security may be enhanced, but it may cause inconvenience to the user during authentication. Therefore, the dummy image may be used or not used by the user's selection.

Method according to an embodiment of the present invention can be implemented in the form of program instructions that can be executed by various computer means may be recorded on a computer readable medium. The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the media may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer readable recording media include magnetic media such as hard disks, floppy disks and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks such as floppy disks. Hardware devices specially configured to store and execute program instructions such as magneto-optical media and ROM, RAM, flash memory and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.

Although the embodiments of the present invention have been described in detail above, the scope of the present invention is not limited thereto, and various modifications and improvements of those skilled in the art using the basic concepts of the present invention defined in the following claims are also provided. It belongs to the scope of rights.

Claims (17)

Setting a photo image selected by the user as a password input screen;
Generating one or more interest point candidates on the photographic image, and setting the interest points selected by the user among the generated interest point candidates;
Generating a grid comprising horizontal and vertical lines passing through the point of interest candidates;
Displaying the set point of interest on the photographic image, and randomly arranging and displaying a password candidate at each point on the generated grid;
Setting a password, which is moved to the point of interest according to the user's input, among the randomly arranged password candidates;
And combining the information about the point of interest and the password to generate authentication information of the user. The method of claim 1,
The grid generation step,
Dividing the photographic image into a plurality of regions by placing a reference line passing through the one or more points of interest candidates;
And dividing at least a portion of the divided areas into a plurality of squares to generate a grid of squares having a similar size. The method of claim 1,
The random placement step,
Randomly generating a single digit corresponding to each grid point excluding the point of interest;
And displaying the generated number at a position corresponding to a corresponding grid point on the photographic image. The method of claim 3,
Randomly generating a one-digit number
And displaying a character, a special character, a symbol, an icon, a picture, or a photo in a position corresponding to the grid point in addition to a single digit. The method of claim 1,
If a swiping input is received after the random placement step, displaying all the randomly placed password candidates by one space of the grid in a direction corresponding to the type of swiping input;
And randomly generating and displaying a password candidate corresponding to the grid point where the password candidate is not assigned as a result of the movement. The method of claim 1,
The password setting step,
And determining a password candidate located at the point of interest as a password when a user input requesting completion of a password setting is received. The method of claim 1,
The password setting step,
And setting a plurality of passwords corresponding to the points of interest. The method of claim 1,
The point of interest setting step,
And selecting and setting a plurality of points of interest,
The password setting step,
And setting one or more passwords corresponding to each point of interest. A computer program recorded on a recording medium for executing the photo swiping user authentication method of any one of claims 1 to 8. Randomly arranging password candidates at each grid point on the password input screen by using grid information preset on a password input screen on which a photographic image selected by a user is set;
When the user's swiping input is received on the password input screen, moving and displaying all of the randomly assigned password candidates according to the received swiping input type;
And determining whether the user authentication is successful by determining whether the predetermined password is moved to a predetermined point of interest as a result of the swiping input. The method of claim 10,
The random placement step,
Randomly generating a single digit corresponding to each grid point;
And displaying the generated number at a position corresponding to a corresponding grid point on the photographic image. The method of claim 10,
Moving and displaying the entire password candidate,
Photo swiping user authentication comprising moving and displaying all of the randomly assigned password candidates according to the type of input when an input using a button key or an icon instead of a user's swipe input is received. Way. The method of claim 10,
If a swiping input is received after the random placement step, displaying all the randomly placed password candidates by one space of the grid in a direction corresponding to the type of swiping input;
And randomly generating and displaying a password candidate corresponding to the grid point where the password candidate is not assigned as a result of the movement. The method of claim 10,
The determining whether the authentication is successful,
And when a plurality of passwords are set in the point of interest, determining the success of the authentication when the set passwords are successively moved to the point of interest. The method of claim 10,
The determining whether the authentication is successful,
And when a plurality of points of interest are set, determining that the authentication is successful when one or more passwords corresponding to each point of interest are successfully moved. A computer program recorded on a recording medium for executing the photo swiping user authentication method according to any one of claims 10 to 15. An input unit for receiving a user input;
A storage unit for storing user authentication information and at least one photo image;
The storage unit may be configured to set a photo image selected by the user among the photo images stored in the storage unit as a password input screen, and generate authentication information including information about an interest point and a password set by the user on the password input screen. At the authentication information generation unit and the authentication request to be stored in the password input screen, the password candidates are randomly generated and displayed at each grid point on the photo image set as the password input screen, and when a swiping input is received, the randomly arranged password candidate group is moved. And a control unit including an authentication processing unit to determine that the authentication succeeds when the password set by the user is moved to the point of interest set by the user.

Images