JP2022076031A - Password input system in which no illegal input can be performed - Google Patents

Abstract

To solve a problem such that a large number of people cannot learn a large number of passwords in a net society, resulting in a burden, and a fraudulent act is frequently generated while a country and a company that perform service neglect countermeasures, thus no solution is obtained.SOLUTION: By using an input system only for individuals, a password of another person cannot be input and no fraudulent act can be performed even if the password is stolen by a third party. As a result, one individual can use a single set of personal identification numbers in all financial institutions and countries and no periodic password change is required, so that all people are released from a password problem.SELECTED DRAWING: Figure 2

Description

The present invention relates to a password input system for the purpose of solving a problem when using a password used in the Internet society.

Until around 2010, the password used in daily life was about the 4-digit password used for bank cards, but with the worldwide spread of the Internet and smartphones, login, payment and banking of various online services from children to the elderly It is indispensable to enter the password for the transfer etc.

In order to use various types of net services, you should think and register different passwords for each service, but it is difficult for humans to remember everything, and if the password is 10 digits, it is difficult to remember even several sets. For this reason, many people use several passwords by reusing them or making notes, but they often forget them and are always struggling with password problems.

Nowadays, no matter how much password measures are taken, fraudulent use is constantly being considered, and new fraudulent methods are constantly being considered. The latest fraud is different from the conventional one, and the password can be fixed and can be changed as many times as you like. If you change the ID and enter it, you will be able to log in eventually.

Patent 6721225

In Internet services that use PCs and smartphones, if a third party sends a virus to steal IDs and passwords, or steals personal information by "spoofing mail" and includes companies, damage of billions of yen will occur every year. doing. The password fraud problem should be solved by the program designer on the service provider side, but it can be said that many countermeasures have not yet been solved because the burden is still imposed on the user without finding a fundamental solution. ..

Since software developers cannot take effective measures, they are demanding a lot of burden on users like a method of creating a new password every time and having the user enter it like a one-time password as shown in Patent Document 1. increase.

Due to the Internet society, personal burdens have increased, damages have occurred due to unauthorized use by third parties, and confidential information has been leaked to companies all over the world. If quantum computers are put into practical use in the future, the passwords currently in use will be decrypted in an instant, so there is an urgent need to develop new defense measures.

We are trying to prevent fraud by shortening the valid time like a one-time password, but it is also denied that unauthorized users may be analyzed in a short time if they perform high-speed processing by setting a virus. Can not.

The first reason why your current password is stolen and misused is that you can always reach 100% correct answer by entering numbers from 0000 to 9999 in order, for example, a 4-digit number in a bank. The reason you can reach it is that if the server determines that the entered value is incorrect, it will immediately answer it as an error. In other words, the defending company is helping unauthorized users, so they can always reach the correct answer. Using this, a malicious third party can finally hack into a corporate or government system by changing the values little by little and entering them at high speed.

The second reason is that the service provider makes the user decide the password, so the user guesses using SNS to create a set of passwords by specifying familiar numbers and symbols that are hard to forget. Because it is easy.

The third reason is that the password entry system of the current service is designed for convenience so that anyone can use it from anywhere, so that the ID and password are known to a malicious third party. Because you can enter the value from anywhere in the world, you can cheat.

The fourth reason is that the current password input method is the same as the value entered and the value stored on the server. For example, "3" is "3" on both the keyboard and the server side. In other words, because the user and the company use it as it is, if the value is known to a malicious third party, it will be misused as it is without thinking. The current countermeasure is not an effective countermeasure at all because it simply requires the user to enter the password as a complicated operation.

In other words, the current password is not only easy to guess for individuals to decide, but it is also a convenient system that allows you to enter passwords from anywhere at any time, but it is also convenient for malicious third parties. A system with correct fraud prevention measures is a system that cannot be used illegally and can be used semi-permanently without changing the password. The bank password system that was first developed is based on the innate goodness theory, so fraud prevention measures cannot be taken forever.

(Claim 1) The basic technique leading to the present invention is completely different from measures that cannot be stolen or prevented by complicated operations, and even if a password is known to another person, the value cannot be entered by another person, so that fraud cannot be performed. The purpose is permanent measures.

The basic countermeasure is to prohibit normal keyboard and screen input, and distribute "individual input numeric keypad screen" to each user to input.

As shown in FIG. 1, the "numeric keypad screen for personal input" is composed of nine numbers from 1 to 9 excluding 0 and three numbers other than numbers such as alphabets, symbols, and native language. There are about 360,000 ways of arranging 9 numbers, 22,000 ways of arranging 3 letters if the minimum number of letters is 62, and about 8 billion ways of arranging numbers and letters by multiplying them. Almost everyone will be different. Therefore, even if a third party maliciously creates and sends the numeric keypad screen by himself, the purpose is to easily detect that it is illegal because it is different from his own arrangement if he sees the arrangement.

The numeric keypad screen for personal input is not just a sort of numbers, but when the user presses a key button as shown in Fig. 2, a pre-registered temporary password corresponding to it, for example, a password entered by the user In the example where the value = 123F is pressed, the registered value is converted to a different digit value such as 1 → A1, 2 → B $ 2, 3 → M + Tb8, F → F and sent to the server. As a result, the key only indicates the location, and by setting the temporary password to a different number of digits and a different value for each individual, even if all users have the same password, only their own temporary password can be sent to the server, which is illegal. The purpose is to make the act permanently impossible.

The more digits a password has, the more secure it is, but it is impossible for many people to remember more than one password, even though the user cannot remember even one set of 20-digit or 30-digit passwords. However, by using the numeric keypad screen for personal input, it is possible to send 20 digits, 30 digits, or even 100 digits to the server without remembering the password just by memorizing 3 numbers and 1 character symbol. With the goal. Since you do not know your temporary password, it will not be known to others.

The new password will be distributed by the company, etc., and the registered "numeric keypad screen for personal input" will be distributed. The numbers are common to all, but the combinations of characters and symbols are different for each individual, so by using the characters and symbols to be displayed as they are as a temporary password, a malicious third party can enter them on their own personal input ten-key screen. However, the purpose is to make it impossible to enter because the characters of another person's password are not displayed. In addition, it is unknown whether or not to use the same character symbol and the order.

(Claim 2) The basic technique leading to the present invention is the personal input without collating the correct value registered in the server with the correct value registered in the server when the incorrect password value is input on the numeric keypad screen for personal input. It is possible to make a judgment on the numeric keypad screen side, and the purpose is to further understand the degree of fraud.

As shown in Fig. 2, the value of the temporary password for the remaining numbers, character symbols, and other keys that are not used in the password among the numbers, characters, and symbol keys entered on the numeric keypad for personal input is set to "0" for all, for example. By registering, when a third party presses the wrong value on the numeric keypad for personal input, the temporary password value becomes 0, so if you monitor the 0 value, you can judge that it is not the correct value, so the server The purpose is to be able to determine that an unauthorized operation is being performed on the numeric keypad screen side without collating with the correct value stored in. In order to register 0 or a temporary password value in the key, the password is determined in advance by the company or the like and distributed to the user.

When an incorrect value is entered, the number of 0s increases according to the incorrect number, so many unauthorized users make mistakes, so the purpose is to easily find the unauthorized user.

(Claim 3) The basic technique leading to the present invention is that even if fraud is confirmed in the flow of FIG. 3, the input is continued on the information collection screen without telling the mistake as in C7, and finally the mistake is made. The purpose is to prevent guessing and collect information on unauthorized users such as transfer destinations by not identifying the wrong place by teaching.

(Claim 4) The basic technique leading to the present invention is that when a password is input, it is converted into a plurality of sets of temporary passwords having different numbers of digits as shown in FIG. 4, a hidden secret password 1 is added, and they are 1 before transmission. The purpose is to make it impossible to guess multiple sets of temporary passwords even if the transmitted data is intercepted by transmitting the data together with the division pattern number for synthesizing it into a line and restoring it on the server side. On the server side, as shown in Fig. 5, the temporary password synthesized in one line is decomposed into the original password by the division pattern number, and the secret password 2 is added to create the final temporary password. The purpose is to rearrange them according to the purpose as shown in Fig. 6 and combine them into one line as shown in Fig. 7 to convert them into a true password so that the true password cannot be guessed from the outside. do.

For example, four sets of temporary passwords are sent to the server on the numeric keypad screen for personal input, but one set of registered passwords is added to a different location for each individual as shown in Fig. 4 so that it cannot be guessed even if the communication is intercepted. Then, make 5 sets, combine them into one line, and send it to the server side. The user inputs one division pattern number to return to the 5 sets of temporary passwords on the server side. The purpose of the division pattern number is to make it impossible to guess by changing the number for each individual even if the combination is the same.

In the present invention, since the user has already determined whether the temporary password is invalid, the work is performed with the value sent to the server, and when an error occurs, the person who sent the value uses the numeric keypad screen for personal input. The purpose is to be able to find out that the user is an unauthorized user.

As shown in FIG. 5, the temporary password E3 synthesized in one line sent from the user to the server side is decomposed into the original temporary password like E5 by the division pattern numbers E2 and E4. In order to perform the division work on the server side, the purpose is to make it impossible to guess from the outside because it cannot be restored without the correct division pattern E2.

With 6 sets of temporary passwords, 720 combinations can be made by changing the arrangement as shown in Fig. 6, so create new temporary passwords for various purposes such as initial connection, bank transfer, payment, suspension of use, model change, etc. The purpose is.

After sorting the temporary passwords according to the purpose, they are combined into one line as shown in FIG. 7 and then converted into a true password and used as the new true password.

As shown in Fig. 4 and Fig. 6, the number of digits is unknown. Because the number of digits and values of the two sets of secret passwords, division pattern numbers, etc. cannot be estimated, the purpose is to prevent a malicious third party from directly sending the password value to the server side and committing fraudulent activities. do.

(Claim 5) The basic technique leading to the present invention is that a company such as a country or a bank that requires a password introduces this input system so that one individual only needs to remember one set of passwords for all services. The purpose is to be able to use the service.

The screen of the ten-key screen for personal input is different for each individual, and by setting the temporary password, main password, and division pattern number to different values for each company, even if it is used by many companies, the temporary password value etc. will be used by other companies. Because they are different, one individual aims to be able to use a common password in all businesses.

(Claim 6) The basic technique leading to the present invention aims at a method of creating a password that is difficult to guess.

Personally created passwords tend to use familiar numbers such as date of birth, telephone number, and street address so that users can easily remember them. Since such familiar numbers can often be collected by SNS etc., malicious third parties can easily collect personal information from SNS etc. and use the values to prevent fraudulent acts by impersonating others. The purpose.

Instead of using random numbers, the password is created by arranging a large number of numbers, letters, symbols, native languages, etc. to be used vertically as shown in Fig. 8, and preparing columns in which the order is changed to 1 million rows. To make. Prepare columns with different arrangements and arrange them horizontally for the required number of digits. The purpose is to create one password by adding all the lines.

In this method, the number of rows is the same, so in order to change the number of digits, it is possible to create values with different numbers of digits by erasing some values irregularly as shown in FIGS. 8 and G5. The purpose.

The purpose of password data is to create at least 1 million lines and loop it into a data group so that it cannot be guessed from the outside.

As for the method of creating a temporary password for an individual from this password group, as shown in FIG. 9, a line (n lines) that serves as a different standard for each individual is determined, and a plurality of temporary passwords that differ for each individual are n lines with a maximum of 900,000 lines. The purpose is to be able to create an irregular temporary password that cannot be guessed by using the values of + ○○○ line and n line ― ○○○ line.

As shown in Fig. 10, shift the reference position of the determined temporary password by ± N and create a true password value with the same amount of deviation. By adopting this method, even if the password values of a plurality of people are known, the amount of deviation of all users is different, so that it is possible to infer a specific individual or password data group.

In order to convert a temporary password to a true password, the purpose is that it cannot be inferred unless the original password data group, the amount of password deviation that differs for each individual, and the amount of deviation that is converted to a true password are all known.

(Claim 7) The basic technique leading to the present invention is aimed at a method for maintaining the security of a new password.

No matter how high the security password system is designed, if the underlying basic data is stolen by hacking, all the security will be destroyed, so design and create it with an offline computer as shown in Fig. 11. The purpose is to prevent the theft of basic data by distributing it to each company by physical transportation.

While countries and companies carry out various tasks on computers, hackers continue to leak information on important national ministries and computers related to US defense. In other words, at present, hackers can easily break through no matter how sophisticated the security is.

Hackers can break through high security because their protected computers are connected to the Internet and because defense systems can tell you what's wrong, so you can hack from anywhere in the world. In other words, blocking the computer of the security issuing facility that designs, builds, and stores the data from the Internet is the only purpose to prevent contact from hackers.

If the security issuing facility is blocked from the Internet, a malicious third party may acquire facility employees and steal data, so the computer should be isolated in an unmanned room to completely block the entry and exit of people. The purpose is to make it impossible to steal data.

The method of passing the created data to a company aims to prevent leakage to the outside by storing it on a hard disk and transporting it to the company.

The data copy room has only a monitor, keyboard, ten-key screen system for personal input, and output terminal for one hard disk so that data cannot be taken out. By limiting the security company employees and the receiving company to the receiving manager, the receiving company security company, etc., the parties concerned cannot cheat, and the police, the staff of the issuing facility, and the security guards are also on the company side during transportation. The purpose is to prevent fraud by accompany you until you enter the data, and then initialize the hard disk and take it home.

The purpose is to prevent unauthorized use by creating personal number data instead of using personal names so that individuals cannot be obtained even if the data of the issuing facility leaks to the outside.

If the numeric keypad screen for personal input, which is a feature of the present invention, cannot be used to input the password value of another person, unauthorized use cannot be performed fundamentally. It is a method that can collect information on unauthorized users while preventing identification.

By adopting a numeric keypad screen system for personal input by countries and companies, one individual can use one set (4) passwords and one set of division pattern numbers with one set password of the country and all companies. No need to change.

The present invention is a system that can only be used by the person himself / herself by fundamentally reviewing the problem of a simple password input system that was developed before the Internet society and is easy for anyone to use. Replacing it solves the problem by making it impossible to guess the true password from the outside.

Companies that adopt the numeric keypad screen system for personal input can significantly reduce the number of personnel for measures to improve security, the cost of examination, the cost of creating it, and the cost of dissemination.

This invention is freed from the problem of forgetting the user's password and the trouble of making the password, and it can be said that the user who forgets the password many times is a dementia person.

When using a bank card, even if the card is stolen, it cannot be used by a third party by calling the "tenkey screen for personal input" with biometric authentication that can only be used by the person at present.

The method of fixing the password, which is a new unauthorized use as of 2020, and changing the ID value to steal the password cannot be performed because the system cannot predict four sets of temporary passwords with different numbers of digits.

The figure which showed the input method which cannot enter the password of another person. A diagram showing how to check a password without going through the server. The figure which showed the flow of the password input of this invention. The figure which showed the method of synthesizing the user's temporary password into one line. The figure which showed the method of disassembling the temporary password synthesized in one line. The figure which showed the rearrangement of the temporary password which was restored. The figure which showed the method of converting a temporary password to a true password. The figure which showed the method of creating a password group. The figure which showed the method of deciding 5 temporary passwords from a data group. The figure which showed the method of making a true password from a temporary password. The figure which showed the security of the password issuing facility.

The password input system that cannot be used by a third party according to the present invention can be implemented by one company, but it is a problem in the industry, for example, if it is used uniformly in the smartphone industry or the banking industry or used by the country. If you solve the problem and even use it uniformly in the country, you can solve various problems related to national passwords at once.

The essence of this invention is that passwords are required for both young people and elderly people regardless of age due to the internet society, but users feel inconvenienced because they cannot remember all passwords. , Companies also need a lot of labor and countermeasure costs every year. However, even if measures are taken, it is a wasteful effort because it is abused. We believe that this invention has high utility value because it solves the password problem.

This password system will continue semi-permanently as a business because it is necessary to update the password system when making a new smartphone model and to create a new password when the population increases every year.

A1 Numeric keypad screen for personal input A2 Number fields (9)
A3 character symbol field (3 pieces)
Enter the first B1 password (example: 1)
Enter the second B2 password (example: 2)
Enter the third B3 password (example: 3)
Enter the 4th B4 password (example: F)
B5 1st converted temporary password (example: A1)
B6 Second converted temporary password (example: B $ 2)
B7 Third converted temporary password (example: M + Tb8)
B8 4th converted temporary password (example: F)
C1 Start C2 ID input C3 4 password input C4 Judgment of the number of input errors 0 C5 Judge the number of mistakes in n = 1 If C6 n> 2, move to the information collection screen determined to be unauthorized use C7 Unauthorized use information collection C8 Input of division pattern number C9 Add hidden secret 1 C10 Combine 5 temporary passwords into 1 line C11 Send data to server C12 Confirm correct data, move to incorrect C7 C13 5 pieces of data in 1 line C14 Add secret password 2 to the data of C15 Sort 6 data according to the purpose C16 Combine 6 data into 1 line C17 Convert 1 line of data to a true password. If it is illegal, move to C18. C18 Judge that it is illegally used and stop the work. If the data is correct, perform the desired work. D1 4 passwords to be entered D2 4 temporary passwords corresponding to the password D3 Registered hidden secret password (Example: Xy48V)
D4 Temporary password combined in one line D5 Separation pattern number when dividing E1 Separation pattern number E2 Divisional pattern number E3 Temporary password in one line before division E4 Divisional pattern E5 Temporary password after division F1 Sorting pattern number F2 Sorting pattern F3 Sorted temporary password F4 Temporary password combined into one line after sorting G1 Temporary password value after division G2 Secret password 2
G3 True temporary password synthesized in one line G4 Convert to true password if the true temporary password is correct G5 6 true passwords H1 line number (up to about 1 million lines)
H2 non-conversion character symbol H3 5 character strings (any number of columns)
H4 Synthetic password H5 Character erasure position for changing the number of digits H6 Standard ± n lines of temporary password I1 Temporary password data group (up to about 1 million lines)
I2 Location ± n lines shifted from the reference value 1 I3 Shift amount from the reference location 1 I4 0 line position of the temporary password data group J1 Temporary password data group (0 to about 1 million lines at maximum)
J2 New password data group ± n lines shifted from the temporary password group J3 Read the same position and convert it to the true password value J4 ± n line shift amount K1 Password issuing facility isolated from the Internet K2 Country or company K3 Internet line K4 Hard disk, etc. Data transfer by

Claims (7)

The present invention relates to a password input method characterized in that even if a password used in various Internet services such as a bank or a smartphone is known to a third party, it cannot be used by anyone other than the person himself / herself. The present invention relates to a password input method capable of determining whether the password is correct or not and determining whether the password is correct or not without collating it with the data stored in the server. It is related to prevention of identification of wrong parts and collection of fraudulent person information by making the final mistake without pointing out the mistake when a malicious third party enters an illegal password. By converting the password entered by the user into multiple sets of temporary passwords with different numbers of digits, combining them into one line and transmitting them to the server side, it is not possible to guess multiple sets of temporary passwords, and the server It relates to a conversion method that makes it impossible to guess the true password value from the outside by rearranging the temporary passwords according to the purpose of use and converting them into true passwords. It relates to a method that enables an individual to handle all passwords used in the national and private sectors for identity verification and fraud prevention with only one set of passwords. Regarding password creation and operation methods that are difficult to guess. Regarding security construction for using this system in the country and all companies.

Images