JP2009211533A - Access authentication system - Google Patents

Abstract

An access authentication system having higher security without significantly increasing the cost of an information processing apparatus is provided.
A pointing device 11 that accepts an operation by a user, an operation direction detection unit 12 that detects an operation content of the pointing device 11 and generates operation history information, an operation amount detection unit 13, and a user who can use the information processing apparatus The ID table 16 in which authentication information corresponding to the ID is stored in advance, the operation history information generated by the operation direction detection unit 12 and the operation amount detection unit 13 and the authentication information stored in the ID table 16 are collated and accessed. And a determination unit 15 that determines the success or failure of the authentication.
[Selection] Figure 2

Description

  The present invention relates to an access authentication system for improving security in an information processing apparatus such as a personal computer (hereinafter referred to as a personal computer).

  2. Description of the Related Art Conventionally, authentication using a user ID and a password is widely used for access authentication for restricting the use of an information processing apparatus when a computer is started or an application is started.

  FIG. 5 shows an example of a password input screen displayed on the display panel mounted on the personal computer when the personal computer which is an example of the information processing apparatus is activated. In FIG. 5, an ID area 101 is an area for displaying a user ID input by the user. The password area 102 is an area for displaying a password input by the user. In general, character strings corresponding to user IDs and passwords are only letters and numbers, and user IDs and passwords can be formed by combining alphanumeric characters arbitrarily or randomly. In addition, when the password is input, the actually input character string is not displayed in the password input area 102, and other irrelevant characters (for example, an asterisk (*)) are displayed to conceal the character string. This prevents passwords from being revealed to a third party when the password is entered.

  When a user inputs a user ID and password, a keyboard generally mounted on a personal computer is operated. The user operates the keyboard to input a predetermined user ID character string and password character string, and operates the mouse or touch pad to click the OK button to input the user ID and password. Is completed. The personal computer verifies the entered user ID and password, and if the combination of both is correct, the authentication is completed and the personal computer is made usable.

As an access authentication method of the information processing apparatus, there is a method using fingerprint authentication as disclosed in Patent Document 1 in addition to the password input as described above.
JP 2007-58540 A

  However, since the password is a combination of alphanumeric characters, it can be easily guessed by a third party, and it cannot be said that the security is high.

  Further, in the method using fingerprint authentication, there is a problem that a device for reading a fingerprint has to be mounted on the information processing device, resulting in a significant cost increase.

  An object of the present invention is to provide an access authentication system with higher security without significantly increasing the cost of an information processing apparatus.

  An access authentication system according to the present invention is an access authentication system that authenticates access to an information processing apparatus, detects a pointing device that accepts an operation by a user, operation contents of the pointing device, and generates operation history information. An operation content detection unit, an authentication information storage unit in which authentication information corresponding to a user who can use the information processing apparatus is stored in advance, the operation history information generated by the operation content detection unit, and the authentication information storage unit And a determination unit for verifying the success or failure of access authentication by comparing the authentication information stored in the authentication information.

  According to the present invention, an access authentication system with higher security can be realized without significantly increasing the cost of the information processing apparatus.

  An access authentication system according to the present invention is an access authentication system that authenticates access to an information processing apparatus, detects a pointing device that accepts an operation by a user, operation contents of the pointing device, and generates operation history information. An operation content detection unit, an authentication information storage unit in which authentication information corresponding to a user who can use the information processing apparatus is stored in advance, the operation history information generated by the operation content detection unit, and the authentication information storage unit And a determination unit for verifying the success or failure of access authentication by comparing the authentication information stored in the authentication information. According to such a configuration, it is possible to set a password by operating a pointing device, and in addition to a combination of numbers as in a dial-type safe lock, it is possible to add the operation contents when specifying them to the password information. Even if a password character string is guessed by a third party, unauthorized authentication cannot be performed unless the operation content is known. Therefore, it has high security against unauthorized access software that mechanically sequentially generates combinations of expected alphanumeric characters and automatically inputs all combinations of alphanumeric characters as passwords.

  The access authentication system of the present invention can take the following aspects based on the above configuration.

  In the access authentication system of the present invention, the operation content detection unit includes an operation direction detection unit that detects an operation direction of the pointing device and an operation amount detection unit that detects an operation amount of the pointing device. be able to. With such a configuration, a password can be input based on the operation direction and operation amount of the pointing device, so that the possibility of a password being guessed by a third party can be extremely low, and security can be improved. Can be improved.

  In the access authentication system of the present invention, the pointing device may be configured by a touch pad. With such a structure, the pointing device can be thinned, and the information processing apparatus can be thinned.

  In the access authentication system of the present invention, the pointing device may be configured by a touch panel. With such a structure, the pointing device can be thinned, and the information processing apparatus can be thinned.

  In the access authentication system of the present invention, the pointing device can be configured by a digitizer. With such a structure, the pointing device can be thinned, and the information processing apparatus can be thinned.

  The access authentication system of the present invention further includes a display unit capable of displaying various types of information, and when performing access authentication, the display unit displays an image whose display is switched in conjunction with the operation of the pointing device. Can do. With such a configuration, the user can input the password while visually recognizing it, so that the operability at the time of input can be improved.

(Embodiment)
FIG. 1 shows the appearance of a personal computer, which is an example of an information processing apparatus equipped with the access authentication system of the present embodiment.

  As shown in FIG. 1, a personal computer 1 includes a display unit 2 capable of displaying various types of information, a keyboard 3 that accepts a character input operation by a user, a pointing device 4 that accepts a cursor movement operation by a user, and a pressing operation by a user. And a button 5 for accepting. The personal computer 1 is a so-called laptop personal computer, and is configured such that a first housing having a display unit 2 and the like and a second housing having a keyboard 3 and the like are supported by a hinge so as to be freely opened and closed. ing.

  The display unit 2 is composed of, for example, a liquid crystal display, and can display image information of the application software when various application software is started, a password input screen when the personal computer 1 is started, and the like. FIG. 1 shows a state in which a password input screen is displayed on the display unit 2.

  The keyboard 3 is configured by arranging a plurality of keys capable of inputting at least alphabetic characters and numerals in a predetermined arrangement. The user can input arbitrary characters by pressing a predetermined key on the keyboard 3.

  The pointing device 4 is composed of a touch pad in the present embodiment. The touch pad includes an operation surface having a substantially flat surface, and a sensor unit including a pressure sensor disposed below the operation surface, and the surface of the operation surface is pressed by a user's finger or the like. Thus, the sensor unit is configured to detect a pressure change at the time of pressing by the user and thereby perform various operations. By operating the pointing device 4, for example, an operation of moving the cursor 2e displayed on the display unit 2 to an arbitrary position can be performed. Note that “touch pad” is an example of a name, and a pointing device having the same function as described above is included in the scope of the present embodiment even if the name is different.

  The button 5 is used, for example, when performing an input confirmation operation when inputting a user ID and a password.

  Hereinafter, the access authentication method of this embodiment will be described.

  FIG. 2 shows a block diagram of the access authentication system of the present embodiment. In FIG. 2, a pointing device 11 corresponds to the pointing device 4 in FIG. The display unit 20 corresponds to the display unit 2 in FIG. The keyboard 18 corresponds to the keyboard 3 in FIG. The button 19 corresponds to the button 5 in FIG.

  The access authentication unit 10 includes an operation direction detection unit 12 that detects the operation direction of the pointing device 11, an operation amount detection unit 13 that detects the operation amount of the pointing device 11, and the operation direction detection unit 12 and the operation amount detection unit 13. A memory 14 for storing the detection results, a determination unit 15 for determining whether or not to access the personal computer based on the detection information stored in the memory 14, a user ID that can use the personal computer, and a password corresponding to the user ID An ID table 16 including information and a control unit 17 that controls each unit are provided.

  First, an outline of the operation of the personal computer 1 will be described with reference to FIGS. 1 and 2.

  When the power button or the like of the personal computer 1 is operated to turn on the power, power is supplied to each part in the personal computer 1 and the starting operation starts. Usually, a basic input-output system (BIOS) that is a basic program of the personal computer 1 is started, and then an OS (operation system) is started.

  The personal computer 1 according to the present embodiment performs access authentication immediately before starting the OS so that only a predetermined user can start the OS. Specifically, if the user inputs a user ID and a password, and the combination thereof is correct, it is determined that the authentication is successful, and the OS is started to shift to a state where desired application software can be started. be able to. However, if the combination of the user ID and the password is incorrect or a user ID that is not permitted to be used in the personal computer 1 is input, it is determined that the authentication has failed and the OS is not started.

  Hereinafter, the authentication method will be described in more detail with reference to FIGS. FIG. 3 is a flowchart showing the flow of the access authentication method.

  In the personal computer 1 of the present embodiment, when the OS is activated, an access authentication screen is displayed on the display unit 2 as shown in FIG. On the access authentication screen, a user ID input area 2a in which the user ID input by the user is displayed, a password input area 2b in which the password input by the user is displayed, and an operating means simulating the external shape of the pointing device 4 An image 2c and a marker 2d are displayed. In the operation means image 2c, alphanumeric characters are written along the arc-shaped edge.

  First, the user performs a predetermined operation so that the user ID can be input, and operates the keyboard 18 to input the user ID. Information on the user ID input on the keyboard 18 is stored in the memory 14 and sent to the control unit 17. The control unit 17 outputs the input user ID information to the display unit 20 and controls it to be displayed on the display unit 2 in FIG. Specifically, a character string made up of, for example, alphanumeric characters input from the keyboard 18 is displayed in the user ID input area 2a in FIG. When the input of the user ID is completed, the user operates the button 19 to input an input completion command. When an input completion command is sent from the button 19, the control unit 17 shifts to a state in which a password can be input (the password input area 2b in FIG. 1 is activated) (S31).

  Next, the user operates the pointing device 11 to input a password. As shown in FIG. 1, a specific password input method is to lightly press the vicinity of the arc-shaped edge of the operation surface of the substantially circular pointing device 4 with a finger or the like, and follow the edge of the pointing device 4 from the pressed state. Then slide your finger or the like in the direction indicated by arrow A or B. As a result, the pressure sensor in the pointing device 4 detects a pressure change on the operation surface, and the control unit 17 displays the substantially circular operation means image 2c (see FIG. 1) displayed on the display unit 20 as an arrow C or D. Control to rotate in the direction shown. The user operates as described above, rotates the operation means image 2c in the direction indicated by the arrow C or D, and sets the desired alphanumeric character (the first digit of the character string constituting the password) to the marker 2d. Match (S32). Next, the button 19 is operated to perform the input confirmation operation for the first digit (S33). At this time, the operation direction detection unit 12 detects the operation direction of the pointing device 11. The “operation direction” is the direction in which the user's fingertip has moved along the edge on the operation surface of the pointing device 4 shown in FIG. In addition, the operation amount detection unit 13 detects an operation amount in the pointing device 11. The “operation amount” is the amount that the user's fingertip has moved along the edge on the operation surface of the pointing device 4 shown in FIG. Information on the operation direction detected by the operation direction detection unit 12 and information on the operation amount detected by the operation amount detection unit 13 are sent to the memory 14 and stored therein. In the following description, the operation direction information and the operation amount information are collectively referred to as “operation history information”.

  When the input confirmation operation for the first digit character is performed, the control unit 17 controls the display unit 20 to display the confirmed character. Thereby, one asterisk (*) is displayed in the password input area 2b in the display unit 2 shown in FIG.

  Next, when inputting the second digit of the character string constituting the password (NO determination in S34), the user operates the pointing device 4 in the same manner as described above to set a desired alphanumeric character to the marker 2d. At the same time (S32), the button 5 is operated to perform a confirmation operation (S33). Also at this time, the information on the operation direction of the pointing device 11 detected by the operation direction detection unit 12 and the information on the operation amount of the pointing device 11 detected by the operation amount detection unit 13 are sent to the memory 14 and accumulated. Is done.

  Thereafter, all character strings constituting the password are input in the same procedure as described above. At this time, the same number of asterisks (*) as the number of input characters are displayed in the password input area 2b.

  If the password input is completed (YES determination in S34), an input completion operation is performed (S35). The input completion operation is an operation of operating the pointing device 4 to move the cursor 2e displayed on the display unit 2 onto the OK button 2f and pressing the button 5, for example.

  Next, an authentication operation is performed. The authentication operation is executed by the determination unit 15. The determination unit 15 reads the user ID information stored in the memory 14 and the operation history information of the pointing device 11 until the password input completion operation (S35) is performed. The determination unit 15 associates the user ID information read from the memory 14, the operation history information, the authentication information recorded in the ID table 16 (the user ID permitted to use the personal computer 1 and the user ID). The operation direction and the operation amount information) are collated.

  The operation direction information included in the operation history information and the authentication information is, for example, “right direction” (direction indicated by arrow A) or “left direction” (direction indicated by arrow B). The operation amount information included in the operation history information and the authentication information is, for example, “3 scale”, “5 scale”, and the like. The “scale” here corresponds to the number of alphanumeric characters written in the operation means image 2c displayed on the display unit 2 as shown in FIG. For example, when the pointing device 4 is operated so as to rotate the operation means image 2c by one alphanumeric character, “1 scale” is obtained. Thus, for example, “6” currently displayed on the operation means image 2c is in a position corresponding to the marker 2d, and when inputting a three-digit number “379” as a password from this state, “3 in the left direction” The operation history is “scale, 4 scales to the right, and 2 scales to the right”. The memory 14 holds the operation history information as described above. The ID table 16 stores authentication information such as “3 scales in the left direction, 4 scales in the right direction, and 2 scales in the right direction” associated with the user ID in advance.

  The determination unit 15 compares the operation history information with the authentication information, and determines that the authentication is successful if they match, and determines that the authentication fails if they do not match (S36). The determination result is sent to the control unit 17. The control unit 17 controls the display unit 20 to display the determination result sent from the determination unit 15. The control unit 17 controls to start the OS if the determination result in the determination unit 15 is “authentication successful”, and displays the message on the display unit 20 if “authentication failure”. Thus, the OS startup process is not performed. The message displayed on the display unit 20 is, for example, “authentication failed”.

  As described above, according to the present embodiment, since the password is input by operating the pointing device 4 and the authentication operation is performed based on the operation history of the pointing device 4, the password is a combination of alphanumeric characters. In addition, the operation history of the pointing device 4 when designating the alphanumeric characters is also included. Therefore, even if the password character string is estimated by a third party, if the operation history is not known, the authentication cannot be succeeded illegally, and unauthorized access by a third party can be eliminated. .

  In particular, it has high security with respect to unauthorized access software that mechanically sequentially generates combinations of expected alphanumeric characters and automatically inputs all combinations of alphanumeric characters as a password. For example, if the password is composed of 4 digits, the unauthorized access software as described above automatically and sequentially inputs 10,000 combinations of numbers from “0000” to “9999” by software processing. Software.

  In the present embodiment, the operation means image 2c that rotates is displayed on the display unit 2 as shown in FIG. 1 in order to facilitate the operation. However, the display form is not limited to this. For example, an image imitating a dial with only scales instead of alphanumeric characters may be used, and the relative rotation angles on the left and right may be used. Further, instead of the rotation angle, a gesture operation in a form of counting an operation amount or drawing a figure may be used. Further, the operation means image 2c may not be operated, and the marker 2d may be displayed so as to move along the outer periphery of the operation means image 2c.

  In the present embodiment, the pointing device 4 (or 11) is configured with a touch pad that allows a user to perform various operations by pressing or sliding the operation surface with a finger or the like. However, the pointing device 4 (or 11) is a touch panel or a digitizer. Can be configured. A touch panel (touch screen) is a combination of a display monitor and a matrix switch. The digitizer is an input device that combines a pen-type device that can indicate the position on the screen of the display unit 2 and a plate-like device for detecting the position of the input device. This is an input device that can designate an absolute position on the screen of the display unit 2 by pressing a desired position on the screen with a pen-type device.

  In this embodiment, a personal computer is taken as an example. However, the present invention is not limited to a personal computer as long as it is an apparatus that requires at least a password to be input. For example, the present invention can also be applied to a mobile phone terminal, a personal digital assistance (PDA), an automatic teller machine (ATM), and the like.

  In this embodiment, the password is input by the pointing device. However, the user ID may be input by the pointing device in the same procedure as in this embodiment.

  In this embodiment, as shown in FIG. 1, the alphanumeric characters shown in the operation means image 8 are regularly arranged (ascending order clockwise), but the alphanumeric characters are randomly arranged. Also good. When displaying randomly, it is preferable to change the arrangement of alphanumeric characters each time the password input screen shown in FIG. 1 is displayed. FIG. 4 shows a password input flow relating to random arrangement of alphanumeric characters, and steps S41 and S42 are added to the flow shown in FIG. In step S41, the operation means image 8 in which alphanumeric characters are randomly arranged is generated and displayed on the display unit 2. The user designates a predetermined alphanumeric character (password) in the same manner as the alphanumeric character designation method in the present embodiment while viewing the operation means image 8 as described above.

  At this time, the operation history information output from the operation direction detection unit 12 and the operation amount detection unit 13 and accumulated in the memory 14 is operation history information based on randomly arranged alphanumeric characters. For example, when the password “ABC” is selected from the state where “PAZDCFB” is displayed on the operation means image 8 and “D” is in the position corresponding to the marker 9, the user operates the touch pad to select the left The operation means image 8 is rotated in the order of 2 scales (ie, “A” is selected), 5 scales (ie, “B” is selected) on the right, and 2 scales (ie, “C” is selected) on the left. The operation history information stored in the memory 14 at this time includes the above-mentioned information of “2 scales on the left”, “5 scales on the right”, and “2 scales on the left”.

  Further, the determination unit 15 changes the authentication information stored in advance in the ID table 16 in accordance with the random arrangement of the alphanumeric characters described in the operation means image 8. For example, in the case of “PAZDCFB” written in the operation means image 8, the authentication information stored in the ID table 16 is the operation information for selecting the password “ABC” (“2 on the left "Scale", "5 scale on the right", "2 scale on the left").

  In step S42, the determination unit 15 collates the operation history information read from the memory 14 and the authentication information (operation information based on the alphanumeric character sequence generated in S41) read from the ID table 16. The subsequent steps are the same as the flow of the present embodiment shown in FIG.

  The operation direction detection unit 12 and the operation amount detection unit 13 in the present embodiment are examples of the operation content detection unit of the present invention. The ID table 16 is an example of an authentication information storage unit. The user ID stored in the ID table 16 is an example of an authentication user ID. The password stored in the ID table 16 is an example of an authentication password. The user ID input by the user using the keyboard 3 (18) or the like is an example of the input user ID. The password input by the user using the pointing device 4 (11) is an example of the input password.

  The access authentication system according to the present invention is useful as a password input device because it enables safer security protection by using the operation content of the pointing device instead of a character string.

The perspective view which shows the external appearance of the information processing apparatus in this Embodiment The block diagram which shows the structure of the access authentication system in this Embodiment Flow chart showing password input method of access authentication system Flow chart showing password input method of access authentication system Schematic diagram showing a conventional password entry screen

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 PC 2 Display part 3 Keyboard 4 Pointing device 5 Button 10 Access authentication part 11 Pointing device 12 Operation direction detection part 13 Operation amount detection part 14 Memory 15 Judgment part 16 ID table 17 Control part 18 Keyboard 19 Button 20 Display part

Claims (6)

An access authentication system for authenticating access to an information processing apparatus,
A pointing device that accepts user operations,
An operation content detection unit for detecting operation content of the pointing device and generating operation history information;
An authentication information storage unit in which authentication information corresponding to a user who can use the information processing apparatus is stored in advance;
An access authentication system comprising: a determination unit that collates operation history information generated by the operation content detection unit with authentication information stored in the authentication information storage unit and determines success or failure of access authentication. The operation content detection unit
An operation direction detector for detecting an operation direction of the pointing device;
The access authentication system according to claim 1, further comprising: an operation amount detection unit that detects an operation amount of the pointing device. The pointing device is
The access authentication system according to claim 1, wherein the access authentication system is configured by a touch pad. The pointing device is
The access authentication system according to claim 1, comprising an touch panel. The pointing device is
The access authentication system according to claim 1, comprising an digitizer. It further includes a display unit that can display various information,
The access authentication system according to claim 1, wherein when performing access authentication, an image whose display is switched in conjunction with an operation of the pointing device is displayed on the display unit.

Images