JP2008171329A - Authentication apparatus and program - Google Patents

Abstract

An input operation of a personal identification character string is easy, leakage of the personal identification character string is more reliably prevented, and spoofing by a third party is also eliminated.
When a login screen is requested from a terminal, as shown in (B) to (F), the display position of an image portion corresponding to each character usable for a password changes with time. Clicking on the moving image to display the moving image to be played on the display of the terminal and clicking the circle display position in the moving image corresponding to the specific character in the password Each time a click operation is performed by the user, click information indicating the operation time and the click position is received from the terminal. The input password is recognized based on the click information reception time and the click position, and the input password is recognized based on the operation time and the click position. If both passwords match the regular password, the authentication is successful.
[Selection] Figure 4

Description

  The present invention relates to an authentication device and a program, and more particularly to an authentication device that performs authentication based on a password character string connected via a terminal device, and an authentication program that causes a computer to function as the authentication device.

  In recent years, crimes that illegally obtain and misuse important personal information such as personal identification numbers of bank accounts have become a social problem. As a means for illegally obtaining a PIN code, software such as a key logger that records characters entered via the keyboard as a log is known, and as a key logger measure, a keyboard for input is entered when entering the PIN code. There is known a technique for inputting a personal identification number by clicking a key of a keyboard (soft keyboard) displayed on the display with a mouse or the like instead of being displayed on the display of the apparatus and operating the keyboard of the terminal. However, although this technology can prevent unauthorized acquisition of a personal identification number using a key logger, the terminal device uses a personal identification number entered by replacing the position information of each key clicked by the mouse with a character corresponding to the key. Since the detected personal identification number is transmitted to the server after the processing for detecting the number is performed, there is a problem that the personal identification number may be leaked because the information transmitted from the terminal device to the server is stolen.

In relation to the above, Patent Document 1 discloses that a moving image is displayed on a display of a terminal device, and the operating time of a contact device such as a mouse is changed (rhythm) with respect to a change in the content of the displayed moving image. A password input method for determining whether or not a regular password has been input is disclosed.
JP-T-2004-537116

  However, in the technique described in Patent Document 1, since it is necessary to operate the contact device at a constant rhythm while watching a moving image, the operation is difficult, and there is a possibility that an operation timing may be shifted. Further, the rhythm of operation of the contact device may be stolen by recording the operation sound by a microphone or the like, for example, and is insufficient from the viewpoint of preventing leakage of the password character string.

  Further, using the technique described in Patent Document 1, instead of the configuration in which the password character string itself is transmitted from the terminal device to the authentication computer, information that can be restored to the password character string by the authentication computer is transmitted. If the configuration is adopted, even if information is stolen in the middle of the communication path from the terminal device to the authentication computer when the password is entered, it is possible to avoid leakage of the password, but the terminal device and the authentication computer After an application-level session has been established with the host, the established session may be intercepted by a malicious third-party computer based on the information stolen. There is a problem that a third party can impersonate a legitimate user and perform unauthorized access.

  The present invention has been made in consideration of the above facts, and it is easy to input a password character string, can more reliably prevent the leakage of the password character string, and can eliminate spoofing by a third party and The purpose is to obtain an authentication program.

  In order to achieve the above object, an authentication apparatus according to claim 1 is an authentication apparatus realized by a computer connected via a communication line to a terminal device provided with display means and input means, Each of the image portions corresponding to individual characters that can be used in the password character string input via the terminal device is included, and the display positions of the individual image portions corresponding to the individual characters change with time. Storage means for storing moving image information representing a moving image to be displayed, display position information representing a transition of a display position of each individual image portion in the moving image, and moving image information stored in the storage means. By distributing to the terminal device, a moving image distribution unit that reproduces and displays the moving image on the display unit of the terminal device, and the terminal device reproduces and displays on the display unit via the input unit. In response to a position designation operation for designating an arbitrary position on the moving image at an arbitrary timing, information on at least a designated position representing the position designated by the position designation operation is received from the terminal device. Each time, the timing at which the position designation operation is performed in the terminal device is estimated based on the reception time of the designated position information, and based on the estimated timing and the display position information stored in the storage unit, By determining which character portion corresponds to the image portion that existed at the estimated timing at the position represented by the specified position information on the moving image reproduced and displayed on the display means of the terminal device , A first recognition unit for recognizing a password character string input by performing the position specifying operation a plurality of times on the terminal device, and the first recognition unit Testimony string is configured to include an authentication means for performing authentication based on whether they match a predetermined character string.

  The authentication device according to the first aspect of the present invention is realized by a computer connected via a communication line to a terminal device provided with display means and input means (for example, a pointing device such as a mouse or a touch panel). The terminal device may be a computer such as a personal computer (PC) or an ATM (Automatic Teller Machine). According to the first aspect of the present invention, each of the image portions corresponding to the individual characters that can be used in the password character string input via the terminal device is included, and the display of the individual image portions corresponding to the individual characters is displayed. Moving image information representing moving images whose positions change with time, and display position information representing transitions of display positions of individual image portions in the moving images are stored in the storage means, and moving image distribution The means distributes the moving image information stored in the storage means to the terminal device, thereby reproducing and displaying the moving image on the display means of the terminal device.

  The first recognizing means according to the first aspect of the present invention is the terminal recognition apparatus, wherein the terminal device performs a position designation operation for designating an arbitrary position on the moving image reproduced and displayed on the display means at an arbitrary timing via the input means. As a result, every time the specified position information indicating the position specified by the position specifying operation is received from the terminal device, the position specifying operation is performed on the terminal device based on the reception time of the specified position information. Based on the estimated timing and the display position information stored in the storage means, the timing is estimated and is present at the estimated timing at the position indicated by the specified position information on the moving image reproduced and displayed on the display means of the terminal device. By recognizing which character portion the image portion corresponds to is the image portion corresponding to the character portion, the input character string is recognized by performing the position specifying operation on the terminal device a plurality of times.Then, the authentication means performs authentication based on whether or not the password character string recognized by the first recognition means matches a predetermined character string.

  Thus, in the first aspect of the invention, the user who inputs the password character string via the terminal device can display the display position of the image portion corresponding to the specific character constituting the password character string to be input via the input means. Is specified on the moving image reproduced and displayed on the display means by repeating the operation in order from the first character of the input target password character string, thereby inputting the password character string. In this input operation, it is necessary to perform a position designation operation for designating the display position of the image portion corresponding to the specific character and the display position changing with the passage of time when inputting the specific character constituting the password character string. Since the timing for performing the position specifying operation can be arbitrarily determined by the user, the input operation of the personal identification character string becomes easier as compared with the technique described in Patent Document 1.

  Further, the information transmitted from the terminal device is designated position information indicating the position designated by each position designation operation (in the invention according to claim 5 described later, in addition to the designated position information described above, (Elapsed time information indicating the elapsed time from the start of reproduction display until the position specifying operation is performed is also transmitted from the terminal device), and even if this information (these information) is leaked, the input character string is determined. Even when the same password string is repeatedly input based on the same moving image, the content of the information transmitted from the terminal device differs depending on the timing when the user performs the position specifying operation. Therefore, it is possible to prevent the leakage of the password string more reliably.

  The first recognizing means according to the first aspect of the invention estimates the timing at which the position specifying operation is performed at the terminal device based on the reception time of the specified position information, and stores the estimated timing and the storage means. For the purpose of impersonation by a malicious third party computer existing on the communication path from the terminal device to the authentication device according to the present invention. When the process of stealing information transmitted from the terminal device to the authentication device is performed, the time required for the information to be received by the authentication device according to the present invention after the information is transmitted from the terminal device (the information (Transmission time) becomes longer than usual, and accordingly, the timing estimated by the first recognition means deviates from the timing at which the position specifying operation is actually performed in the terminal device. Personal identification character string recognized by the first recognition means is determined not to match the predetermined character string. As a result, when a process of stealing information transmitted from the terminal device to the authentication device is performed by a malicious third party computer, the personal identification character string recognized by the first recognition means and the predetermined character It can be detected as a mismatch with the column, and in this case, spoofing by a third party can be eliminated by blocking communication (session).

  Therefore, according to the first aspect of the present invention, it is easy to input the password character string, the leakage of the password character string can be more reliably prevented, and spoofing by a third party can be eliminated.

  Note that in the first aspect of the invention, estimating the timing at which the position specifying operation is performed on the terminal device based on the reception time of the specified position information is specifically as described in, for example, the second aspect. And holding means for holding the time required to transmit information to and from the terminal device, and the first recognizing means displays the moving image on the display means of the terminal device based on the time held by the holding means. Estimate the time at which the position designation operation was performed on the terminal device by subtracting the time held in the holding means from the reception time of the designated position information, and estimate the position designation Realized by subtracting the estimated playback display start time from the time when the operation was performed to estimate the elapsed time from the start of the playback display of the moving image as the timing of the position designation operation Kill.

  According to the second aspect of the present invention, the estimation of the time when the moving image reproduction display is started based on the time held in the holding unit is held in the holding unit at the time when the moving image information is distributed to the terminal device, for example. It may be performed by obtaining a time obtained by adding the current time, or when the terminal device is notified of the start of playback and display of moving images, it is held in the holding means from the time when this notification is received. It may be performed by obtaining a time obtained by subtracting the current time.

  Further, the time required for transmitting information between the terminal device is approximately constant, but considering that the time varies slightly depending on the traffic fluctuation in the communication path between the terminal device and the authentication device, In the second aspect of the invention, for example, as described in claim 3, information is transmitted to and received from the terminal device, and the time required for the transmission and reception of the information is measured, whereby the information is transmitted to the terminal device. It is preferable to provide detection means for detecting the time required for transmission and holding the detected time in the holding means. Accordingly, it is possible to improve the estimation accuracy of the time when the position specifying operation is performed on the terminal device and the reproduction start time of the moving image. It should be noted that the time detection by the detection means may be performed every time the input of the password character string is started at the terminal device, or may be performed periodically at regular intervals.

Further, in the first aspect of the present invention, as described in the fourth aspect, for example, the first recognition means is a period from a predetermined time before the timing estimated based on the designated position information to a predetermined time after the estimated timing. In addition, it is determined whether any image portion exists at the position designated by the position designation operation by determining whether any image portion exists at the position represented by the designated position information on the moving image. If it is determined whether or not any image portion is present, it may be configured to determine which character portion corresponds to the image portion determined to be present.
As a result, a communication path between the terminal device and the authentication device, even though a legitimate password character string is input at the terminal device and a process of stealing information by a malicious third party computer is not performed. Prevents the password character string recognized by the first recognition means from being inconsistent with a predetermined password character string due to the fluctuation of the time required to transmit information to and from the terminal device due to traffic fluctuations, etc. can do.

  However, if the predetermined time in the invention of claim 4 is excessive, even if a process of stealing information is performed by a malicious third party computer, the password is recognized as the personal identification character string recognized by the first recognition means. Therefore, when a process of stealing information is performed by a malicious third party computer, the personal identification character string recognized by the first recognition means is a predetermined character string. It is necessary to adjust the value so that it does not match the password.

  Furthermore, in the invention described in claim 1, for example, as described in claim 5, each time a password character string is input by the terminal device, the display position of each image portion and the change in the display position with the lapse of time are changed. In addition to generating moving image information representing a moving image different from the generated moving image, display position information corresponding to the moving image represented by the generated moving image information is generated, and the generated moving image information and display position information are stored in the storage unit. It is preferable to provide generation means for storing. As a result, even if the user performs the position specifying operation at the same timing and repeatedly inputs the same password character string, the contents of the information transmitted from the terminal device will be different each time. Leakage can be prevented more reliably.

  In addition, in the first aspect of the invention, for example, as described in the sixth aspect, when a position specifying operation is performed on the terminal device, a moving image is reproduced from the terminal device in addition to the specified position information. Every time the designated position information and the elapsed time information are received from the terminal device, the received designated position information, the elapsed time information and the storage means are also received. Is present at the position indicated by the designated position information on the moving image reproduced and displayed on the display means of the terminal device based on the display position information stored in the terminal device at a timing corresponding to the elapsed time indicated by the elapsed time information. A second recognizing unit for recognizing a character string inputted by performing a position specifying operation on the terminal device a plurality of times by determining which character corresponds to the image portion; The authentication means is configured to perform authentication based on whether or not the password character string recognized by the first recognition means and the password character string recognized by the second recognition means respectively match a predetermined character string. It is preferable.

  In the invention described in claim 6, in addition to the first recognition means for recognizing the password character string by estimating the timing at which the position designation operation is performed based on the reception time of the designated position information, a system different from the first recognition means The second recognition means for recognizing the password character string (recognizing the password character string based on the elapsed time represented by the elapsed time information received from the terminal device) is provided, and the password character recognized by the first recognition means Authentication is performed based on whether or not the character string recognized by the string and the second recognizing means respectively matches a predetermined character string, so that the security of authentication based on the character string can be further improved. .

  Further, in the invention according to claim 1 or claim 6, an image corresponding to each character that can be used for a personal identification character string in order to easily perform a position specifying operation for specifying a position of a desired image portion. It is desirable that the area has a certain area or more on the moving image. Here, in particular, when at least one of the size and shape of the image portion corresponding to each character is not constant, for example, as described in claim 7, the display position information is represented by the moving image information represented by the moving image information. Together with information indicating the display position of each image portion at each time from the start of playback to the end of playback, information indicating the display range of each image portion, and at least one of the first recognition means and the second recognition means is designated position Determining whether the position represented by the specified position information on the moving image is within the display range of any image portion at a timing estimated based on the information or at a timing corresponding to the elapsed time represented by the elapsed time information Then, it is determined whether any image portion exists at the position specified by the position specifying operation, and when it is determined that any image portion exists, the image portion determined to exist Anyway It is preferably configured to determine whether the image portion corresponding to the character.

  In the invention described in claim 7, as information representing the display range of each image portion, information representing the shape and size of each image portion can be used, but the shape of each image portion is assumed to be constant. In this case, information indicating the size of each image portion can be used, and information indicating the shape of each image portion can be used when the size of each image portion is constant. Thereby, even when at least one of the size and shape of each image part is not constant, it is accurately determined whether or not the position designated by the position designation operation is within the display range of each image part. Can do.

  The authentication program according to the invention described in claim 8 is connected to a terminal device provided with display means and input means via a communication line, and can be used for each password character string input via the terminal device. Image information corresponding to characters, and moving image information representing moving images in which display positions of the individual image portions corresponding to the individual characters change with time, and the individual images in the moving images The computer having storage means for storing display position information representing the transition of the display position of the image portion distributes the moving image information stored in the storage means to the terminal device, whereby the display means of the terminal device In the moving image distribution means for reproducing and displaying the moving image on the terminal device, an arbitrary position on the moving image reproduced and displayed on the display means via the input means at an arbitrary timing. Every time the designated position information representing the position designated by the position designation operation is received from the terminal device, the position designation operation to be determined is performed based on the reception time of the designated position information. Based on the estimated timing and the display position information stored in the storage unit, the timing at which the position specifying operation is performed on the terminal device is estimated. On the moving image reproduced and displayed on the display unit of the terminal device The position specifying operation is performed a plurality of times in the terminal device by determining which image part corresponds to an image part existing at the estimated timing at the position represented by the specified position information. The first recognition means for recognizing the password character string input by the first and the second password, and whether the password character string recognized by the first recognition means matches a predetermined character string. To function as an authentication means for performing authentication Zui.

  An authentication program according to an invention of claim 8 is a computer connected to a terminal device provided with display means and input means via a communication line, and comprising a storage means for storing moving image information and display position information. Since it is a program for functioning as the moving image distribution means, the first recognition means, and the authentication means, the computer executes the authentication program according to the invention according to claim 8, and the computer claims As in the invention described in claim 1, it is easy to input a password character string, and can more reliably prevent the leakage of the password character string. Spoofing can also be eliminated.

  As described above, the present invention includes image portions corresponding to individual characters that can be used in the password character string input via the terminal device, and the display positions of the individual image portions corresponding to the individual characters are Triggered by a position designation operation in which a moving image that changes over time is reproduced and displayed on the display unit of the terminal device, and an arbitrary position on the reproduced moving image is designated at an arbitrary timing. Every time information is received from the terminal device indicating the position designated by the position designation operation, the timing at which the position designation operation is performed is estimated based on the reception time of the designated position information. Based on the character string, the input character string is recognized and recognized by determining which character portion corresponds to the image portion existing at the estimated position on the moving image. Since the authentication is performed based on whether or not the character string matches the predetermined character string, the input operation of the password character string is easy, and the leakage of the password character string can be prevented more reliably. It has an excellent effect that spoofing by a third party can be eliminated.

  Hereinafter, an example of an embodiment of the present invention will be described in detail with reference to the drawings. FIG. 1 shows a computer system 10 according to the present embodiment. The computer system 10 includes a large number of client terminals 12 serving as terminal devices and a web server 20 that performs a process for operating a specific website and functions as an authentication device according to the present invention. It is configured.

  The client terminal 12 includes a personal computer (PC) and the like, and includes a CPU 12A, a memory 12B including a RAM, a hard disk drive (HDD) 12C in which programs such as an OS (Operating System) and a browser are installed, and a network interface (I / F). ) Part 12D, and is connected to the Internet 22 via the network I / F part 12D. The client terminal 12 is connected to a display 14 as display means, a mouse 16 as input means, and a keyboard 18.

  On the other hand, the web server 20 includes a CPU 20A, a memory 20B including a RAM, an HDD 20C, and a network interface (I / F) unit 20D, and is connected to the Internet 22 via the network I / F unit 20D. The HDD 20C of the web server 20 stores an authentication information DB and a moving image parameter registration table in which user IDs and passwords (password character strings) of individual users of specific websites operated by the web server 20 are registered in advance. A login processing program is also installed. The login processing program includes a login screen distribution request time program for the CPU 20A to perform a login screen distribution request processing described later, and a login request time program for the CPU 20A to perform a login request processing. And corresponds to the authentication program according to claim 8.

  Next, as an operation of the present embodiment, first, a login screen delivery request processing performed by the web server 20 by executing a login screen delivery request program by the CPU 20A will be described with reference to the flowchart of FIG. . The login screen distribution request processing is performed on the login screen of the specific website operated by the web server 20 by the user operating the client terminal 12 while the browser is activated on the client terminal 12. When access is instructed, information requesting distribution of the login screen is transmitted from the client terminal 12, and is executed each time the information is received by the web server 20 via the Internet 22.

  In the login screen distribution request processing, first, in step 30 to step 40, processing for generating a moving image for password input is performed. That is, in step 30, the variable t is initialized by substituting 0 for the variable t representing the elapsed time from the start of the moving image. As shown in FIGS. 4A to 4F, the password input moving image according to the present embodiment includes n characters T1 to Tn that can be used for a password (password character string) (for example, FIG. 4). Here, an example in which ten numbers “0” to “9” are applied as the characters T1 to Tn is shown, but a circular image portion corresponding to other characters such as English characters (hereinafter referred to as “characters”) Each of the corresponding characters is displayed on each circle, and the display position of each circle changes with time.

  In the next step 32, the center positions (xy coordinates) and radii r of n circles corresponding to the respective characters T1 to Tn in the password input moving image at the time t after the start of the moving image are set as individual values. The circle circumferences are determined independently of each other so that they do not overlap each other. For example, the center positions of the individual circles are obtained independently from each other by random numbers, and the circles of the individual circles are obtained independently from each other using random numbers so that the radius r of each circle varies within a certain numerical range. This can be realized by checking whether or not the circumference (display range) overlaps, and performing a process of adjusting the center position so that the overlap is eliminated with respect to a circle that overlaps another circle. As a result, as shown in FIG. 3 as an example, parameters (x1, y1, r1,...,) Representing the center positions and radii of individual circles in the password input moving image after the time t has elapsed since the start of the moving image. xn, yn, rn) is obtained.

  In the next step 34, the individual circle parameters (x1, y1, r1,..., Xn, yn, rn) determined in step 32 are associated with the characters T1 to Tn, and the moving image is used as the moving image parameter at time t. Register in the parameter registration table. The moving image parameter is registered in the moving image parameter registration table in association with information (for example, a transmission source IP address and a transmission source TCP port number) identifying the login terminal distribution request source client terminal 12. In step 36, it is determined whether or not the variable t has reached a predetermined password input moving image reproduction time tmax. If the determination is negative, a predetermined value Δt is added to the variable t in step 38, and then the process returns to step 32. Thereby, in step 32, the center position of each circle after the lapse of Δt with respect to the timing (elapsed time t from the start of the moving image) corresponding to the center position and radius r of each circle determined in the previous process. And the radii r are determined independently of each other so as not to overlap each other.

  As will be described later, in this embodiment, the password input operation is performed by clicking each circle in the password input moving image. Therefore, when step 32 is executed again, each circle of the previous circle by Δt is executed. It is desirable to determine the center position and the radius r of each circle so that continuity with the center position and the radius r (the previously determined center position and radius r of each circle) is maintained. For example, the center position and radius r of each circle determined last time are used as reference values, and the center position and radius r of each circle are determined using random numbers so that the difference from the reference value is within a predetermined value. Can be realized. In addition, when the step 32 is executed for the first time, the movement direction or movement trajectory of each circle is determined, and the step is performed so that the movement direction or movement trajectory of each circle approximately follows the movement direction or movement trajectory determined first. At the second and subsequent executions of 32, the center position and radius r of each circle may be determined so that the circumferences of the circles do not overlap each other based on the movement direction or movement locus determined first. .

  Steps 32 to 38 are repeatedly executed until the determination in step 36 is affirmed. Therefore, individual password input moving images within the period from the start of the moving image (t = 0) until the reproduction time tmax is reached. The transition of the center position and radius of the circle is determined in increments of Δt, and moving image parameters (x1, y1, r1,..., Xn, yn, rn) representing the center position and radius of each circle are moving image parameters in increments of Δt. It will be registered in the registration table. If the determination in step 36 is affirmative, the process proceeds to step 40, and the moving image parameter corresponding to each timing of the elapsed time t = 0, Δt, 2Δt,... From the start of the moving image registered in the moving image parameter registration table is set. Based on this, a password input moving image file is generated by rendering, and the generated password input moving image file is temporarily stored in the HDD 20C. The password input moving image file is preferably in the gif format, but a moving image file in another format may be generated.

  Steps 30 to 40 described above correspond to the generating means described in claim 5, and the HDD 20C that temporarily stores the password input moving image file and also stores the moving image parameter registration table is the storage according to the present invention. Corresponds to the means.

  In the next step 42, a command for requesting that the predetermined information for measuring the communication time and the received predetermined information be immediately returned to the web server 20 when the predetermined information is received is sent to the client terminal 12 that is the login screen distribution request source. Send to. As a result, when the client terminal 12 as the login screen distribution request source receives the predetermined information and command, the client terminal 12 returns the received predetermined information to the web server 20 according to the received command (see also FIG. 8). In step 42, measurement of the elapsed time is started simultaneously with transmission of the predetermined information and command to the client terminal 12, and when the predetermined information is received from the client terminal 12, the measurement of the elapsed time is stopped. And the elapsed time (communication time: also refer FIG. 8) after transmitting a command until receiving predetermined information from the client terminal 12 is measured.

  When predetermined information is received from the client terminal 12 in step 42, the received predetermined information is compared with the predetermined information before transmission to check for falsification, and the measured communication time is set as a predetermined threshold value. In comparison, when the received information is falsified or when the measured communication time is much longer than the normal communication time, a third party in the middle of the communication path between the client terminal 12 and the web server 20 It may be determined that there is a high possibility that the information has been stolen or tampered with, and error information notifying these situations is delivered to the client terminal 12 to perform a process of rejecting login.

  In the next step 44, a time obtained by dividing the communication time measured in step 42 by 2 is calculated as the information transmission time tm between the client terminal 12 and the web server 20, and the calculated information transmission time tm is calculated in the memory 20B. Alternatively, it is stored in the HDD 20C. The steps 42 and 44 correspond to the detection means described in claim 3, and the memory 20B or the HDD 20C storing the information transmission time tm corresponds to the holding means described in claim 2.

  In step 46, the login screen HTML file including the password input moving image file generated in steps 30 to 40 and the login screen HTML file including a script for causing the client terminal 12 to execute a login screen distribution process described later is requested. Transmission to the original client terminal 12 is completed, and the login screen distribution request processing ends. As described above, in the login screen delivery request processing, a password input moving image is generated using a random number every time a login screen delivery is requested from the client terminal 12, so that each time a login screen delivery is requested. In addition, as the password input moving image file, a moving image file representing moving images having different image contents (the center position and radius r of each circle at each time are different from each other) is distributed to the client terminal 12. . Step 46 corresponds to the moving image distribution means according to the present invention.

  Next, the login screen distribution process executed by the client terminal 12 will be described with reference to the flowchart of FIG. In this login screen distribution process, the client terminal 12 that has transmitted the information requesting the login screen distribution receives the password input moving image file and the login screen HTML file from the web server 20, and the received HTML file. Is realized by the CPU 12A executing the script included in the.

  In the login screen distribution process, first, 1 is assigned to the variable i in step 50, and in the next step 52, based on the HTML file of the login screen received from the web server 20, a login screen as shown in FIG. It is displayed on the display 14. As shown in FIG. 5, the login screen according to the present embodiment includes an input field 26 </ b> A for inputting a user ID, and a password represented by the password input moving image file received from the web server 20 together with the HTML file of the login screen. An area 26B for reproducing and displaying a moving image for input is provided, and the user is provided with a procedure for reproducing and displaying a moving image after inputting a user ID and inputting a password using the reproduced and displayed moving image. A teaching message 26C is also displayed.

  In the next step 54, it is determined whether or not a user ID has been input, and step 54 is repeated until the determination is affirmed. After the login screen as shown in FIG. 5 is displayed on the display 14, the user who refers to the message 26 </ b> C displayed in the login screen logs in to a specific website operated by the web server 20. First, the user operates the keyboard 18 and inputs his / her user ID in the input field 26A of the login screen. As a result, the determination in step 54 is affirmed, the process proceeds to step 56, and the input user ID is stored in the memory 12B. In the next step 58, the password input moving image represented by the password input moving image file is reproduced and displayed in the reproduction display area 26B, and at the same time, a timer is started. In step 60, information notifying that the playback and display of the password input moving image has started and the user ID previously input and stored in the memory 12B are transmitted to the web server 20 (the playback shown in FIG. 8). (See also display start notification information).

  In the next step 62, it is determined whether or not an arbitrary position in the moving image being reproduced and displayed (an arbitrary position in the reproduction display area 26B) has been clicked. If the determination is negative, the process proceeds to step 64, where the reproduction of the password input moving image has been completed (the elapsed time since the start of the password input moving image reproduction display (the timer started in step 58) It is determined whether the timer value) has reached the playback time tmax). If this determination is also negative, the process returns to step 62, and steps 62 and 64 are repeated until either determination is positive.

  A user who understands the input procedure of a password using a moving image to be reproduced and displayed with reference to the message 26C displayed in the login screen, displays the content in the reproduction display area 26B of the login screen in FIGS. When the password input moving image as shown in F) is reproduced and displayed, the mouse 16 specifies the password constituting the input target password among the circles corresponding to the characters in the reproduced password input moving image. A password input operation is performed in which a click operation (position specifying operation) for clicking on the display position of the circle corresponding to the character on the reproduced password input moving image is repeated in order from the first character of the password to be input. Although the display position of each circle in the password input moving image changes independently with the passage of time, in the above password input operation, the timing for clicking the display position of the circle corresponding to the desired character is set. Since the user can arbitrarily decide, the above-described password input operation can be easily performed.

  When an arbitrary position in the moving image being reproduced and displayed (an arbitrary position in the reproduction display area 26B) is clicked, the determination in step 62 is affirmed and the routine proceeds to step 66 and the timer started in step 58 Timer value t (i) (elapsed time since the start of playback and display of the password input moving image) is acquired and stored in the memory 12B as click time information. In step 68, x (i) and y (i) which are XY coordinate values of the click position are acquired and stored in the memory 12B as click position information. In step 70, click information (click time information and click position information) x (i), y (i), t (i) corresponding to the current click operation is transmitted to the web server 20. In the next step 72, it is determined whether or not the variable i has reached a predetermined value imax (a predetermined number of password digits). If the determination is negative, the routine proceeds to step 74 where the variable i is incremented by 1 and the routine returns to step 62.

  As a result, each time a click operation for clicking an arbitrary position in the moving image is performed, the click time information t (i) and the click position information x (i), y (i) corresponding to the performed click operation are obtained. It is transmitted to the web server 20. As an example, in FIG. 4, the password to be input is “6824”, and the circle corresponding to “6” is clicked when time t2 has elapsed from the start of playback and display of the password input moving image (FIG. 4 ( C)), and when the time t3 has elapsed since the start of the password input moving image, the circle corresponding to “8” is clicked (see FIG. 4D). The circle corresponding to “2” is clicked when time t4 has elapsed (see FIG. 4E), and the circle corresponding to “4” is clicked when time t5 has elapsed since the start of the password input moving image playback display. (See FIG. 4F).

  If an arbitrary position in the moving image is clicked imax times (the same number of digits as the password) before the reproduction of the password input moving image is completed, the determination in step 72 is affirmed and the process proceeds to step 78. The password input moving image reproduced and displayed in the reproduction display area 26B of the login screen is deleted, and the login screen distribution process is terminated.

  On the other hand, when the reproduction of the password input moving image is completed before the arbitrary position in the moving image is clicked imax times, the determination in step 64 is affirmed and the process proceeds to step 76, and the password input fails. After displaying an error message on the login screen to notify the user of the fact that it has been done, the process proceeds to step 78, and the password input moving image reproduced and displayed in the reproduction display area 26B of the login screen is deleted and the login screen is distributed. The process ends. In this case, the user performs an operation for instructing access to the login screen of the specific website again, and the login screen distribution request processing (FIG. 2) is executed again by the web server 20, thereby causing the display 14 to display. In the reproduction display area 26B of the login screen displayed again, a moving image having a different image content (center position and radius r of each circle at each time) from the previous time is displayed as a moving image for password input. Become.

  Next, referring to the flowchart of FIG. 7, the login request processing performed by the web server 20 by executing the login request program by the CPU 20 </ b> A after performing the login screen distribution request processing described above. explain.

  In the login request process, first, in step 80, it is determined whether or not the start of moving image reproduction display is notified from the login request source client terminal 12, and step 80 is repeated until the determination is affirmed. When the reproduction display start notification information (see FIG. 8) is received from the login request source client terminal 12, the determination in step 80 is affirmed and the process proceeds to step 82, where the information transmission time tm is read from the memory 20B or HDD 20C and reproduced. By subtracting the information transmission time tm from the reception time of the start notification information, the estimated display start time ts ′ (the time at which the client terminal 12 as the login request source is estimated to start playing and displaying a moving image, see also FIG. 8) And the calculated estimated display start time ts ′ is stored in the memory 12B together with the user ID received from the client terminal 12 together with the reproduction display start notification information.

  In step 84, 1 is substituted into the variable i. In the next step 86, it is determined whether or not click information has been received from the client terminal 12 via the Internet 22, and step 86 is repeated until the determination is affirmed. When the click information is received from the client terminal 12, the determination in step 86 is affirmed and the process proceeds to step 88, and the estimated operation time to ′ (login request source) is obtained by subtracting the information transmission time tm from the click information reception time tr ′. (See also FIG. 8). Further, in step 90, the estimated operation start time ts 'calculated in step 82 is subtracted from the estimated operation time to' calculated in step 88 to reproduce the estimated display time to (the moving image reproduction display on the client terminal 12 that is the login request source). (Estimated value of elapsed time from the start to the click operation) is calculated.

  In step 92, the identification information of the client terminal 12 that is the login request source is collated with the identification information of the client terminal 12 that is the login screen distribution request source that is registered in the moving image parameter registration table in association with the moving image parameter. Thus, after recognizing the moving image parameter corresponding to the password input moving image previously distributed to the client terminal 12 that is the login request source, the recognized moving image parameter (individual circles within the period of time t = 0 to tmax). Video parameters (x1, y1, r1) representing the center positions and radii of individual circles at the timing closest to the estimated operation time to calculated in step 90. ,..., Xn, yn, rn) are extracted.

  In the next step 94, out of the n circles whose center position and radius are represented by the moving image parameters extracted in step 92, click position information x included in the click information received this time from the client terminal 12 that is the login request source. A circle including the click position represented by (i), y (i) (a circle where the click position is located inside the circumference) is searched. In the next step 96, it is determined whether or not the corresponding circle has been found by the search in step 94.

  When the determination is negative, the process proceeds to step 116, where the moving image parameter corresponding to the password input moving image previously distributed to the login request source client terminal 12 is deleted from the moving image parameter registration table, and the login request source The process at the time of login failure such as sending error screen information on which an error message notifying the user that password input has failed is performed on the client terminal 12, but the determination in step 96 is affirmed. If YES in step 98, the flow shifts to step 98, and the character corresponding to the circle found by the search in step 94 is stored in the memory 20B as the i-th character of the first password estimated to be input by the user via the client terminal 12. Remember.

  Further, in the next step 100, among the moving image parameters recognized in the previous step 92 (moving image parameters corresponding to the password input moving image previously distributed to the login request source client terminal 12), the login request source A moving image representing the center position and radius of each circle at the timing closest to the elapsed time from the start of playback and display of the password input moving image represented by the click time information t (i) included in the click information received this time from the client terminal 12 Image parameters (x1, y1, r1,..., Xn, yn, rn) are extracted.

  In step 102, out of the n circles whose center position and radius are represented by the moving image parameters extracted in step 100, the click position information x (i included in the click information received this time from the client terminal 12 that is the login request source. ), y (i) is searched for a circle including the click position (a circle where the click position is located inside the circumference). In the next step 104, it is determined whether or not the corresponding circle has been found by the search in step 102. If the determination is negative, the process proceeds to step 116 to perform the above-described login failure processing. If the determination in step 104 is affirmative, the process proceeds to step 106 and corresponds to the circle found by the search in step 102. The character to be stored is stored in the memory 20B as the i-th character of the second password input by the user via the client terminal 12.

  In the next step 108, it is determined whether or not the variable i has reached a predetermined value imax (number of digits in the password). If the determination is negative, the process proceeds to step 110, the variable i is incremented by 1, and the process returns to step 86. Each time the click information is received from the client terminal 12 that is the login request source, the determination in step 86 is affirmed, and the processing in steps 88 to 110 described above is performed. Thereby, in the process of steps 88-98 among steps 88-110, the character corresponding to the circle clicked by each click operation in the password input operation performed by the user via the client terminal 12 is the click information. Are sequentially determined based on the reception time tr ′, and the password input by the password input operation is determined as the first password. Further, in the processing of Steps 100 to 106 among Steps 88 to 110, the character corresponding to the circle clicked by each click operation in the password input operation by the user is click time information t ( The time indicated by i) is determined in order, and the password input by the password input operation is determined as the second password. Steps 88 to 98 described above correspond to the first recognizing means according to the present invention, and steps 100 to 106 described above correspond to the second recognizing means according to claim 6.

  When the determination in step 108 is affirmed, the process proceeds to step 112, the user ID received from the client terminal 12 and stored in the memory 20B is read, and the authentication information DB is searched and extracted using the read user ID as a key. The password registered in the authentication information DB in association with the user ID is read. In the next step 114, whether or not the first password determined in the processing of steps 88 to 98 and the second password determined in the processing of steps 100 to 106 respectively match the password read from the authentication information DB in step 112. To determine. If the determination in step 114 is affirmed, the process proceeds to step 118, and the moving image parameter corresponding to the password input moving image previously distributed to the login request source client terminal 12 is deleted from the moving image parameter registration table. The identification information of the client terminal 12 that is the login request source is registered in the table for identifying the client terminal 12 that is logging in. Further, the login request source is the homepage information for the login user that is first presented to the logged-in user. The login success process such as transmission to the client terminal 12 is performed, and the login request process ends.

  On the other hand, if at least one of the first password and the second password does not match the password read from the authentication information DB, the determination in step 114 is denied and the process proceeds to step 116, and the above-described login failure processing is performed. Here, the password input by the user operating the client terminal 12 performing a password input operation including a plurality of click operations is different from the regular password (password registered in the authentication information DB). In the case where the second password (and the first password) does not match the password read from the authentication information DB, the determination in step 114 is denied, and the login failure process is performed. This prevents a third party who does not know the legitimate password from operating the client terminal 12 and impersonating the legitimate user to log in to the specific website.

  In addition, click information transmitted from the client terminal 12 to the web server 20 every time a user who operates the client terminal 12 performs a click operation exists on the communication path between the client terminal 12 and the web server 20. If a legitimate password is input by a password input operation by a legitimate user operating the client terminal 12 when being stolen by another computer operated by a malicious third party, The second password that is discriminated (recognized) based on the time indicated by the click time information t (i) included in the click information matches the regular password.

  On the other hand, as is clear from the communication sequence of “when there is a snooping” shown together with “when there is no snooping” in FIG. 8, the click information transmitted from the client terminal 12 to the web server 20 is communicated. If the computer is sniffed by another computer on the route, the click information is transmitted from the client terminal 12 to the web server 20 after the client terminal 12 has transmitted the click information. The time until reception is clearly longer than the information transmission time tm. As a result, the estimated operation time to ′ calculated based on the click information reception time tr ′ in step 88 of the login request processing is clearly different from the time when the client terminal 12 actually performed the click operation. Thus, even if a legitimate password is entered by a legitimate user operating the client terminal 12, the first password that is discriminated (recognized) based on the click information reception time tr ′ is Since the password does not match the regular password, the determination in step 114 is denied and the login failure process is performed.

  As a result, a malicious third party steals click information transmitted from the client terminal 12 to the web server 20, and a legitimate user operating the client terminal 12 logs in to the specific website (client terminal 12 and the web server 20 are confirmed to have established an application-level session), and the established session is pretending to be a legitimate user to prevent unauthorized access to a specific website. be able to.

  Further, since the information transmitted from the client terminal 12 to the web server 20 at the time of login is click information indicating the click time and click position in the click operation, the input password is calculated even if this click information is leaked due to snooping. This is impossible, and the leakage of the password can be surely prevented. Furthermore, since the password input moving image used at the time of login is also different every time, it is assumed that a third party who illegally acquired the click information transmits the same click information from the client terminal 12 to the web server 20. Login is rejected, and impersonation by this method can also be prevented.

  In addition, although the example which applied the circular image part as the "image part corresponding to each character which can be used for a personal identification character string" concerning this invention was demonstrated above, the shape of the said image part is restricted to a circle In addition, the image portions corresponding to the individual characters do not need to have the same shape as each other, and any shape can be applied as the image portion corresponding to the individual characters. However, considering the reduction of the processing load in the process of searching for the image portion where the click position is located inside (steps 94 and 102 in FIG. 7) and the reduction of the size of the moving image parameter, a circle or an n-gon (n A simple shape such as ≧ 3) is preferable.

  In the above description, an example of generating and displaying a moving image in which a circle corresponding to each character that can be used in a password (password character string) is constantly displayed as a moving image for password input has been described. However, as the moving image according to the present invention, a moving image in which a part of the image portions corresponding to each character usable in the password character string is not temporarily displayed is applied. May be.

  Moreover, although the aspect which produces | generates the moving image for password input every time the delivery of a login screen is requested | required from the client terminal 12 was demonstrated above, it is not limited to this, The moving image for password input is previously stored. Multiple types may be generated and stored, and each time a login screen distribution is requested from the client terminal 12, a plurality of types of moving images may be randomly selected and distributed. A distribution order is set in advance and a previously distributed moving image is stored for each client terminal 12 so that a moving image reproduced and displayed at each client terminal 12 is switched in a certain order at each login. A plurality of moving images may be selected / distributed.

  Furthermore, in the above description, the mode in which the communication time is measured and the information transmission time tm is calculated (detected) every time the log-in screen distribution is requested from the client terminal 12 is described. However, the present invention is not limited to this. The value of the information transmission time tm may be fixed in advance based on the fact that the information transmission time normally falls within a certain time range, or the actual information transmission time is precisely a network such as the Internet 22 The information transmission time tm is detected at a constant period independent of the login screen distribution request timing from the client terminal 12 and stored in the memory 20B or the HDD 20C based on the fluctuation in accordance with the fluctuation of the load (traffic) of the client. You may make it update the information transmission time tm made to update suitably.

  Further, in the above description, when at least one of the first password and the second password does not match the regular password, the mode in which login failure processing is uniformly performed in step 116 has been described. However, the present invention is not limited to this. If the second password matches the regular password, it can be determined that the regular password has been input by the password input operation. Therefore, whether or not the second password does not match the regular password in the login failure process in step 116. Accordingly, the error message to be displayed on the display 14 of the client terminal 12 is switched (for example, if only the first password does not match the regular password, “the login may be canceled because there is a possibility that a third party has been seen. Display an error message such as Good.

  In the above description, the web server 20 is described as an example of a computer functioning as an authentication device according to the present invention, and the client terminal 12 connected to the web server 20 via the Internet 22 as a terminal device according to the present invention. The host computer connected to the ATM via a dedicated communication line can also be applied as the computer functioning as the authentication device according to the present invention.

It is a block diagram which shows schematic structure of the computer system which concerns on this embodiment. It is a flowchart which shows the content of the login screen delivery request | requirement process performed with a web server. It is a conceptual diagram for demonstrating an example of a moving image parameter. It is an image figure which shows an example of the moving image for password input. It is an image figure which shows an example of a login screen. It is a flowchart which shows the content of the process at the time of the login screen delivery performed with a client terminal. It is a flowchart which shows the content of the process at the time of the login request | requirement performed with a web server. It is a sequence diagram which shows the communication sequence (part) of the web server and client terminal at the time of login.

Explanation of symbols

10 Computer System 12 Client Terminal 14 Display 16 Mouse 20 Web Server 20C HDD
26B Playback display area

Claims (8)

An authentication device realized by a computer connected via a communication line to a terminal device provided with display means and input means,
Each of the image portions corresponding to individual characters that can be used in the password character string input via the terminal device is included, and the display positions of the individual image portions corresponding to the individual characters change with time. Storage means for storing moving image information representing a moving image to be displayed, and display position information representing a transition of a display position of the individual image portion in the moving image;
Moving image distribution means for reproducing and displaying the moving image on the display means of the terminal device by distributing the moving image information stored in the storage means to the terminal device;
In the terminal device, from the terminal device triggered by a position designation operation for designating an arbitrary position on the moving image reproduced and displayed on the display unit at an arbitrary timing via the input unit. Every time receiving the designated position information representing the position designated by at least the position designation operation, the timing at which the position designation operation is performed in the terminal device is estimated based on the reception time of the designated position information, and the estimated timing And on the position represented by the designated position information on the moving image reproduced and displayed on the display means of the terminal device based on the display position information stored in the storage means at the estimated timing. A password inputted by performing the position specifying operation a plurality of times on the terminal device by determining which character the image part corresponds to. A first recognizing means for recognizing a train,
Authentication means for performing authentication based on whether or not the password character string recognized by the first recognition means matches a predetermined character string;
Authentication device including Further comprising holding means for holding time required for transmission of information to and from the terminal device;
The first recognizing unit estimates a time at which the playback display of the moving image is started on the display unit of the terminal device based on the time held in the holding unit, and receives the specified position information. By subtracting the time held in the holding means from the time, the time when the position specifying operation was performed in the terminal device was estimated, and the reproduction display start time estimated from the time when the estimated position specifying operation was performed is calculated. The authentication apparatus according to claim 1, wherein an elapsed time from the start of reproduction display of the moving image is estimated as a timing at which the position designation operation is performed by subtraction.   The time required to transmit information to and from the terminal device is detected by sending and receiving information to and from the terminal device and measuring the time required for sending and receiving the information, and the detected time is retained. The authentication apparatus according to claim 2, further comprising detection means to be held by the means.   The first recognizing unit may select a position represented by the designated position information on the moving image during a period from a predetermined time before the estimated timing based on the designated position information to a predetermined time after the estimated timing. It is determined whether any image portion exists at the position specified by the position specifying operation by determining whether the image portion exists. The authentication apparatus according to claim 1, wherein when it is determined that the image portion is determined to be present, it is determined which character portion corresponds to the image portion determined to be present.   Each time a password character string is input on the terminal device, the display position of the individual image portions and the change of the display position with the passage of time generate moving image information representing a moving image different from the previously generated moving image. 2. The apparatus according to claim 1, further comprising: generating means for generating display position information corresponding to a moving image represented by the generated moving image information, and storing the generated moving image information and display position information in the storage means. The authentication device described. In response to the position designation operation being performed at the terminal device, in addition to the designated position information, an elapsed time from the start of reproduction display of the moving image to the position designation operation being performed from the terminal device. Receiving elapsed time information that represents
Each time the designated position information and the elapsed time information are received from the terminal apparatus, the terminal apparatus is configured based on the received designated position information, the elapsed time information, and the display position information stored in the storage unit. Which character portion corresponds to the image portion that existed at the timing corresponding to the elapsed time indicated by the elapsed time information at the position indicated by the designated position information on the moving image reproduced and displayed on the display means A second recognizing means for recognizing a password character string input by the position specifying operation being performed a plurality of times on the terminal device,
The authentication means performs authentication based on whether or not the password character string recognized by the first recognition means and the password character string recognized by the second recognition means each match a predetermined character string. The authentication device according to claim 1. The display position information is information indicating the display range of the individual image portion together with information indicating the display position of the individual image portion at each time from the start of reproduction of the moving image represented by the moving image information to the end of reproduction. Yes,
At least one of the first recognizing unit and the second recognizing unit is configured to specify the designation on the moving image at a timing estimated based on the designated position information or a timing corresponding to an elapsed time represented by the elapsed time information. By determining whether the position represented by the position information is within the display range of any image portion, it is determined whether any image portion exists at the position specified by the position specifying operation, 7. When it is determined that any one of the image portions exists, it is determined which character portion corresponds to which image portion is determined to be present. Authentication device. Each of which includes an image portion corresponding to an individual character that can be used in a password character string that is connected to a terminal device provided with display means and input means via a communication line, and that is input via the terminal device. Moving image information representing a moving image in which the display position of each image portion corresponding to the character of the character changes with time, and display position information representing a transition of the display position of the individual image portion in the moving image A computer having storage means for storing
Moving image distribution means for reproducing and displaying the moving image on the display means of the terminal device by distributing the moving image information stored in the storage means to the terminal device;
In the terminal device, from the terminal device triggered by a position designation operation for designating an arbitrary position on the moving image reproduced and displayed on the display unit at an arbitrary timing via the input unit. Every time receiving the designated position information representing the position designated by at least the position designation operation, the timing at which the position designation operation is performed in the terminal device is estimated based on the reception time of the designated position information, and the estimated timing And the position indicated by the designated position information on the moving image reproduced and displayed on the display means of the terminal device based on the display position information stored in the storage means at the estimated timing. A password inputted by performing the position specifying operation a plurality of times on the terminal device by determining which character the image part corresponds to. First recognition means for recognizing a string,
And an authentication program for functioning as authentication means for performing authentication based on whether or not the password character string recognized by the first recognition means matches a predetermined character string.

Images